ansible介绍
背景:
传统的运维基本工作:
- 系统安装(物理机、虚拟机)
- 程序包安装、配置、服务启动
- 对主机执行批量操作
- 程序发布、上线
- 系统监控、服务监控等
以上是一位运维工程师要做的一些工作,当我们的主机数量非常少时,我们可以手动登陆机器,手动敲命令来完成工作,但是当我们的主机数量有几百台、上千台之后我们再去每一台去处理就显得不现实了,所以这时我们需要学习ansible或者saltstack等来完成我们日常的工作
ansible是一个批量部署的自动化工具,通过ssh协议实现远程节点和管理节点之间的通信,理论上说,只要能通过ssh登陆到远程主机上所做的操作,ansible都可以做到。
好处:
- 无agent端,不用时便不占用主机资源
- 模块化,支持任何语言来开发自己所需的模块
- 安全,基于ssh连接,因为ssh本身便是安全的
- 学习曲线平滑、简单(但需要Linux基础)
- 支持yaml格式,一种模板语言,可以用来编写playbook
- 支持主从模式、支持自定义模块,支持playbook
安装
yum方式安装
1 2 | yum -y install epel-release yum -y install ansible |
---|
生成密钥
1 | ssh-keygen |
---|
将密钥copy到客户端上
1 | ssh-copy-id -i ~/.ssh/id_rsa.pub -p 9777 "ansible@192.168.111.27" |
---|
添加主机
1 2 3 4 | vim /etc/ansible/hosts 添加内容 [test] 192.168.111.27 ansible_ssh_user=ansible ansible_ssh_port=9777 |
---|
测试
1 2 3 4 5 6 7 8 | #ansible test -m command -a "w" 192.168.111.27 | SUCCESS | rc=0 >> 17:17:49 up 117 days, 1:47, 3 users, load average: 0.00, 0.01, 0.22 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 242月18 104days 0.55s 0.55s -bash xs pts/0 192.168.30.201 09:59 21:41 2.31s 0.08s sshd: xs [priv] ansible pts/1 192.168.111.28 17:17 1.00s 0.23s 0.01s w |
---|
常用模块介绍
1、ansible-doc
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | 用来介绍模块的使用方法: # ansible-doc -s yum - name: Manages packages with the `yum' package manager yum: allow_downgrade: # Specify if the named package and version is allowed to downgrade a maybe already installed higher version of that package. Note that setting allow_downgrade=True can make this module behave in a non-idempotent way. The task could end up with a set of packages that does not match the complete list of specified packages to install (because dependencies between the downgraded package and others can cause changes to the packages which were in the earlier transaction). conf_file: # The remote yum configuration file to use for the transaction. disable_gpg_check: # Whether to disable the GPG checking of signatures of packages being installed. Has an effect only if state is `present' or `latest'. disable_plugin: # `Plugin' name to disable for the install/update operation. The disabled plugins will not persist beyond the transaction. disablerepo: # `Repoid' of repositories to disable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a ",". enable_plugin: # `Plugin' name to enable for the install/update operation. The enabled plugin will not persist beyond the transaction. enablerepo: # `Repoid' of repositories to enable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a ",". exclude: # Package name(s) to exclude when state=present, or latest installroot: # Specifies an alternative installroot, relative to which all packages will be installed. list: # Package name to run the equivalent of yum list <package> against. In addition to listing packages, use can also list the following: `installed', `updates', `available' and `repos'. name: # (required) A package name , or package specifier with version, like `name-1.0'. If a previous version is specified, the task also needs to turn `allow_downgrade' on. See the `allow_downgrade' documentation for caveats with downgrading packages. When using state=latest, this can be '*' which means run `yum -y update'. You can also pass a url or a local path to a rpm file (using state=present). To operate on several packages this can accept a comma separated list of packages or (as of 2.0) a list of packages. |
---|
2、user 用户管理模块
1 | ansible test-server -m user -a 'name=ansible state={present|absent} system=yes' |
---|
3、group 组管理模块
1 | ansible test-server -m group -a 'name=ansible gid=10001 state={present|absent} system=yes' |
---|
4、cron 计划任务模块
1 2 | ansible test-server -m cron -a 'name="this is a test" minute="*/10" job="/sbin/ntpdate 192.168.111.28 &>/dev/null" state={prement|absent} user=root' |
---|
5、copy 复制模块
1 | ansible test-server -m copy -a 'src=/etc/fstab dst=/tmp/fstab.bak mode=600 owner=ansible' |
---|
6、service 服务管理模块
1 | ansible test-server -m service -a 'name=nginx state={started|stopped|restarted enabled={yes|no}' |
---|
7、yum rpm包管理模块
1 | ansible test-server -m yum -a 'name=nginx state={present|latest|absent' |
---|
8、file 文件属性模块
1 2 3 | ansible test-server -m file -a 'path=/tmp/testdir state=directory' 创建目录 -a 'path=/tmp/test.sh state=link src=/usr/local/bin/test force=yes' 创建软链接,force是说如果没有文件,会强制创建 -a 'path= mode= owner= group= state={directory|link|present|absent} src=' |
---|
9、shell
1 2 | shell模块会指定一个模块会运行命令,而不会在当前shell中运行 ansible all -m shell -a 'echo 123456 | passwd ansible --stdin' |
---|
10、script
1 2 | script模块会把本地的一个脚本在远程服务器上执行,这个模块会先把脚本发送到目标机器上,执行完之后脚本在目标机器就会被删除 ansible all -m script -a '/devilf/script/test.sh' |
---|
11、setup 从远程主机去收集一些系统信息
1 | ansible all -m setup |
---|