Ansible
ansible的基本安装与使用
- 基本环境准备: centos7, 安装epel-release
- 节点数量: 3
安装与配置
- 只需要一台主控节点
$ yum -y install epel-release ansible
- 配置ansible的主机清单
$ vim /etc/ansible/hosts
[webservers]
192.168.56.12 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.13 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.14 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
- 配置免交互ssh认证和日志记录
$ vim /etc/ansible/ansible.cfg
host_key_checking = False
log_path = /var/log/ansible.log
- 基本测试
$ ansible webservers -m ping
$ ansible webservers -a "free -m"
$ ansible --version #查看版本
ansible 2.9.10
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
配置文件
/etc/ansible/ansible.cfg
: 默认位置
重要参数:
- inventory: 指定主机清单位置
- forks:并行任务数量
- sudo_user: 是否提权
- remote_port: 远控ssh端口
- host_key_checking: 关闭sshkey交互认证
- log_path: 日志
- private_key_file: 私钥认证文件
主机清单(inventory)
- 普通分组
- 正则分组
- 官方文档:https://docs.ansible.com/
变量定义
- 主机变量和主机组变量的定义: 单独的主机变量的优先级高于组变量的优先级
$ vim /etc/ansible/hosts
[webservers]
192.168.56.11 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s http_port=80
192.168.56.12 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.13 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.14 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
[webservers:vars]
http_port=8080
server_name=www.baidu.com
$ ansible webservers -a "echo {{ http_port }}" #获取定义变量
192.168.56.14 | CHANGED | rc=0 >>
8080
192.168.56.13 | CHANGED | rc=0 >>
8080
192.168.56.12 | CHANGED | rc=0 >>
8080
192.168.56.11 | CHANGED | rc=0 >>
80
- 抽离出的组变量: 方便引用
$ mkdir /etc/ansible/group_vars
$ vim /etc/ansible/group_vars/webservers.yml
http_port: 8080
server_name: 222.baidu.com
$ vim /etc/ansible/hosts #去掉此处定义的vars
[webservers]
192.168.56.11 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s http_port=80
192.168.56.12 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.13 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.14 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
$ ansible webservers -a "echo {{ http_port }}"
$ ansible webservers -a "echo {{ server_name }}"
ad-hoc
常用的选项
-a
: 指定命令参数-C
: 检查-e
: 指定参数-f
: 指定并发个数-i
:指定inventory-m
: 指定模块-u
:指定用户-k
: 指定密码,交互式连接--private-key
- --become-method: 指定sudo,或者切换用户执行
--become-user
: 提权用户,比如提权成root
$ ansible webservers -m shell -a "echo 123 >> /tmp/123"
$ ansible webservers -m shell -a "cat /tmp/123"
ssh 密码认证
代码语言:javascript复制$ vim /etc/ansible/hosts #去掉此处定义的vars
[webservers]
192.168.56.11 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.12 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
ssh 密钥认证 (免密)
代码语言:javascript复制$ ssh-keygen
$ ssh-copy-id root@192.168.56.12
$ ssh-copy-id root@192.168.56.13
$ vim /etc/ansible/hosts
[others]
192.168.56.12
192.168.56.13
ansible常用的模块
- 执行shell命令(command,shell)
- shell 支持管道,推荐使用shell模块
- 文件传输(file,copy)
- state: absent, directory, file, hard, link, touch
$ ansible all -m file -a "dest=/tmp/aaa mode=600 state=directory"
$ ansible all -m shell -a "ls -l /tmp/aaa"
$ ansible all -m file -a "dest=/tmp/aaa state=absent" #删除目录或者文件,会递归删除
- 管理软件包(yum)
- install (
present' or
installed',latest'), or remove (
absent' or `removed') a package
- install (
$ ansible all -m yum -a "name=epel-release state=latest"
$ ansible all -m yum -a "name=jq state=latest"
$ ansible 192.168.56.11 -m yum -a "name=memcached state=latest"
$ ansible 192.168.56.11 -m yum -a "name=memcached state=removed"
- 用户和组(user)
- state: absent(删除), present (创建)
提权执行命令
代码语言:javascript复制$ ansible all -m user -a "name=ops password=123456" #创建ops用户
$ ansible all -m shell -a "echo 'ops ALL=(ALL) ALL' >> /etc/sudoers" #给予sudo权限
$ ansible all -m shell -a "tail /etc/sudoers" #确认是否添加成功
$ ansible all -m shell -a "ls /root/" -u ops --become-user=root -k #使用ops查看/root
- 从源代码管理系统部署(git)
$ ansible all -m yum -a "name=git state=latest"
$ mkdir /opt/ansible
$ ansible 192.168.56.11 -m git -a "repo=https://github.com/ansible/ansible.git dest=/opt/ansible/"
- 服务管理(service)
- state: reloaded, restarted, started, stopped
- enable=true : 设置开机自启动
$ ansible 192.168.56.11 -m yum -a "name=memcached state=latest"
$ ansible 192.168.56.11 -m service -a "name=memcached state=restarted"
- 收集主机信息(setup)
$ ansible 192.168.56.11 -m setup
$ ansible 192.168.56.11 -m setup -a "filter=ansible_processor" #信息过滤