Ansible
概念
https://blog.51cto.com/u_15048360/3202204
ansible是由python开发的自动化运维工具,是极限了了批量部署、命令执行等功能,ansible是基于模块工作的,本身只提供一个框架
核心组件:
ansible:核心程序
modules:核心模块及自定义模块
plugins:补充插件,如邮箱插件
playbooks:剧本,定义多任务配置文件,由ansible自动执行
inventory:定义管理的主机清单
connection plugins:负责和被监控端实现通信
特点:
无需再被监控端上安装agent
无服务器端
基于模块工作
使用yaml
基于ssh
执行过程:
加载配置文件,默认为/etc/ansible/ansible.cfg
加载模块文件
通过ansible将模块或命令生成对应的临时python文件并将文件传输至远程服务器
执行用户家目录的.ansible/tmp/.py文件
给文件+x
执行并返回结果,删除临时python文件,退出
使用
基础
安装
yum install epel-release.noarch -y
yum install ansible -y配置免密
ssh-keygen
cat ~/.ssh/id_rsa.pub
在被操作机上
vi /root/.ssh/authorized_keys配置文件
ls /etc/ansible/
ansible.cfg hosts roles
cat ansible.cfg
[defaults]
# some basic default values...
#主机清单
#inventory = /etc/ansible/hosts
#文件存放位置
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#临时生成的文件在远程主机上的目录
#remote_tmp = ~/.ansible/tmp
#临时生成的文件在本地主机的目录
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#默认并发数
#forks = 5
#默认线程数
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
#module_set_locale = False
vi hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com常用参数
-a :指定模块的参数
-m :指定模块
-C :坚持执行结果
-e :指明变量名
-f :指定并发进程数
-i :指定主机清单文件
--syntax-check:检查执行命令是否存在语法错误
ansible-doc -l 列出所有模块
ansible-doc [-s] xx 查看指定模块的用法,-s为列出简单信息
ansible <host-pattern> [-m module_name] [-a args] 执行
ansible-playbook 执行剧本
ansible-console 交互执行
ansible localhost -m 本地执行playbook
playbook使用yaml编写
https://ansible-tran.readthedocs.io/en/latest/docs/playbooks_intro.html
每一个play包含一个task列表,task会根据你配置的hosts\remote_user等使用指定的模块去运行设定的命名,运行时是自上向下的,每个task必须有一个名称以用于区分
比如这样的,使用shell模块运行命令
tasks:
- name: run this command and ignore the result
shell: /usr/bin/somecommand || /bin/true我们用个完整点的例子来演示下
安装nginx并配置文件
第一步,准备文件存放目录
[root@master ~]# mkdir -p /root/ansible/{conf,bin}
第二步,书写YAML文件
[root@master bin]# cat nginx.yaml
- hosts: server2 #目标主机
remote_user: root #在目标机上使用的账户
vars: #变量
hello: Ansible
tasks: #第一个任务
- name: Install epel #任务名
yum: #yum模块
name: epel-release.noarch
state: latest
- name: Install nginx
yum:
name: nginx
state: present
- name: Copy nginx configure file
copy: #copy模块
src: /root/ansible/conf/site.conf
dest: /etc/nginx/conf.d/site.conf
- name: Start nginx
service: #设置开机启动
name: nginx
state: restarted
- name: Create index.html
shell: echo "nginx1" > /usr/share/nginx/html/index.html
第三步,书写conf文件
[root@master bin]# cat site.conf
server {
listen 8080;
server_name 192.168.80.50:8080;
location / {
index index.html;
}
}
第四步,检查语法错误,没有错误则继续执行
[root@master bin]# ansible-playbook nginx.yaml --syntax-check
[root@master bin]# ansible-playbook nginx.yaml当然,比起这种key: value,你也可以写成key=value的形式,不过注意并不是所有的模块都支持这种写法,比如说shell
---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: pkg=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running
service: name=httpd state=started
handlers:
- name: restart apache
service: name=httpd state=restarted常用模块
ping:测试连通
[root@master ~]# vi /etc/ansible/hosts
[root@master ~]# ansible -m ping test
172.17.120.142 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
shell:远程执行指令
https://bingostack.com/2021/03/ansible-shell-command/
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html
ansible-doc -s shell
- name: Execute shell commands on targets
shell:
chdir: # Change into this directory before running the command.
cmd: # The command to run followed by optional arguments.
creates: # A filename, when it already exists, this step will *not* be run.
executable: # Change the shell used to execute the command. This expects an absolute path to the executable.
free_form: # The shell module takes a free form command to run, as a string. There is no actual parameter named 'free form'. See the
examples on how to use this module.
removes: # A filename, when it does not exist, this step will *not* be run.
stdin: # Set the stdin of the command directly to the specified value.
stdin_add_newline: # Whether to append a newline to stdin data.
warn: # Whether to enable task warnings.[root@master ~]# cat test-pwd.yaml
- hosts: test
tasks:
- name: ls tmp
shell: cd /tmp && pwd && ls -l > ./log
[root@master ~]# ansible-playbook test-pwd.yaml --syntax-check
playbook: test-pwd.yaml
[root@master ~]# ansible-playbook test-pwd.yaml
[root@node01 ~]# cat /tmp/log
total 8
srwxr-xr-x 1 root root 0 Feb 9 23:06 aliyun_assist_service.sock
drwx------ 2 root root 4096 Feb 23 17:01 ansible_command_payload_geujPy
-rw-r--r-- 1 root root 0 Feb 23 17:01 log
drwx------ 3 root root 4096 Feb 7 10:06 systemd-private-7cbd598af444427b8714fcd64c669e47-chronyd.service-Z4rJtWservice:配置开机自启
service:
arguments: # Additional arguments provided on the command line.
enabled: # Whether the service should start on boot. *At least one of state and enabled are required.*
name: # (required) Name of the service.
pattern: # If the service does not respond to the status command, name a substring to look for as would be found in the output of the
`ps' command as a stand-in for a status result. If the string is found, the service will be
assumed to be started.
runlevel: # For OpenRC init scripts (e.g. Gentoo) only. The runlevel that this service belongs to.
sleep: # If the service is being `restarted' then sleep this many seconds between the stop and start command. This helps to work
around badly-behaving init scripts that exit immediately after signaling a process to stop.
Not all service managers support sleep, i.e when using systemd this setting will be
ignored.
state: # `started'/`stopped' are idempotent actions that will not run commands unless necessary. `restarted' will always bounce the
service. `reloaded' will always reload. *At least one of state and enabled are required.*
Note that reloaded will start the service if it is not already started, even if your chosen
init system wouldn't normally.
use: # The service module actually uses system specific modules, normally through auto detection, this setting can force a
specific module. Normally it uses the value of the 'ansible_service_mgr' fact and fallscopy
copy:
backup: 覆盖文件前先备份
content: src
dest: 目的目录