一、Ansible简介
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
二、Ansible组成
ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。
三、安装部署Ansible
ansible部署简单,只需在主控端部署 Ansible 环境,被控端无需做任何操作。默认使用 SSH(Secure Shell)协议对设备进行管理。
在安装ansible之前首先把ssh免密登录配置好。
#第一步,在管理端创建密钥对
[root@m01 ~]# ssh-keygen #一路回车
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JBRBF8tbfJGujsei5aUgpkAMjGXELP9tBlMv2b3B+nQ root@web02
The key's randomart image is:
+---[RSA 2048]----+
| ++ .=oo. .. |
|+oo ..o o .. |
|o+ ..++oo.. |
|o . o oooo+.. |
| o . + .S. + |
|. . + . + E |
|. oo. .*.. |
| . o . +oo= |
| . ..oo |
+----[SHA256]-----+
#第二步,将管理端的公钥下发到各个被管理端
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no 172.16.1.7
#第三步,测试连接
[root@m01 ~]# ssh 172.16.1.7
Last login: Wed Jan 23 12:15:00 2019 from 172.16.1.61
[root@web01 ~]# logout
Connection to 172.16.1.7 closed.
[root@m01 ~]# 安装ansible
[root@m01 ~]# yum install -y ansible修改主机列表文件/etc/ansible/hosts
[servers] #相当于一个组
web01 ansible_ssh_host=172.16.1.7
nfs01 ansible_ssh_host=172.16.1.31
backup ansible_ssh_host=172.16.1.41四、测试Ansible
(1)查询管理的各个服务器的磁盘使用情况。
#批量查询磁盘使用情况
[root@m01 ~]# ansible servers -m shell -a "df -hT"
backup | CHANGED | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 17G 1.3G 16G 8% /
devtmpfs devtmpfs 476M 0 476M 0% /dev
tmpfs tmpfs 488M 0 488M 0% /dev/shm
tmpfs tmpfs 488M 7.6M 480M 2% /run
tmpfs tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 130M 885M 13% /boot
tmpfs tmpfs 98M 0 98M 0% /run/user/0
nfs01 | CHANGED | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 17G 1.3G 16G 8% /
devtmpfs devtmpfs 476M 0 476M 0% /dev
tmpfs tmpfs 488M 0 488M 0% /dev/shm
tmpfs tmpfs 488M 7.7M 480M 2% /run
tmpfs tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 130M 885M 13% /boot
tmpfs tmpfs 98M 0 98M 0% /run/user/0
web01 | CHANGED | rc=0 >>
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 17G 1.3G 16G 8% /
devtmpfs devtmpfs 476M 0 476M 0% /dev
tmpfs tmpfs 488M 0 488M 0% /dev/shm
tmpfs tmpfs 488M 7.7M 480M 2% /run
tmpfs tmpfs 488M 0 488M 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 130M 885M 13% /boot
172.16.1.31:/data nfs4 17G 1.3G 16G 8% /data
tmpfs tmpfs 98M 0 98M 0% /run/user/0
(2)查询各个服务器的主机名
#批量查询主机名信息
[root@m01 ~]# ansible servers -a "hostname"
backup | CHANGED | rc=0 >>
backup
nfs01 | CHANGED | rc=0 >>
nfs01
web01 | CHANGED | rc=0 >>
web01
五、Ansible常用模块
1、command
command 作为 Ansible 的默认模块,可以运行远程权限范围所有的 shell 命令,不支持一些特殊符号。
#批量查询主机名信息
[root@m01 ~]# ansible servers -m command -a "hostname"
backup | CHANGED | rc=0 >>
backup
web01 | CHANGED | rc=0 >>
web01
nfs01 | CHANGED | rc=0 >>
nfs01
#批量查询当前用户是谁
[root@m01 ~]# ansible servers -m command -a "whoami"
web01 | CHANGED | rc=0 >>
root
backup | CHANGED | rc=0 >>
root
nfs01 | CHANGED | rc=0 >>
root
2、shell
shell模块相当于command的升级版,他不仅可以拥有command的功能之外,还支持一些特殊符号。
#批量查询用户oldboy的信息
[root@m01 ~]# ansible servers -m shell -a "tail /etc/passwd |grep oldboy"
backup | CHANGED | rc=0 >>
oldboy:x:2000:2000::/home/oldboy:/bin/bash
web01 | CHANGED | rc=0 >>
oldboy:x:2000:2000::/home/oldboy:/bin/bash
nfs01 | CHANGED | rc=0 >>
oldboy:x:2000:2000::/home/oldboy:/bin/bash
3、copy
copy模块实现主控端向目标主机拷贝文件,类似于scp命令。
#批量传输文件,并设置权限
[root@m01 ~]# ansible servers -m copy -a "src=/root/df.txt dest=/root/df.txt mode=0755"
web01 | CHANGED => {
"changed": true,
"checksum": "d9c181adb96ccb196f0abb76c1cff121d1d075ca",
"dest": "/root/df.txt",
"gid": 0,
"group": "root",
"md5sum": "bc0a5a5a164d9e9e92c66b2fb729f524",
"mode": "0755",
"owner": "root",
"size": 1696,
"src": "/root/.ansible/tmp/ansible-tmp-1548248763.87-58667235803331/source",
"state": "file",
"uid": 0
}
nfs01 | CHANGED => {
"changed": true,
"checksum": "d9c181adb96ccb196f0abb76c1cff121d1d075ca",
"dest": "/root/df.txt",
"gid": 0,
"group": "root",
"md5sum": "bc0a5a5a164d9e9e92c66b2fb729f524",
"mode": "0755",
"owner": "root",
"size": 1696,
"src": "/root/.ansible/tmp/ansible-tmp-1548248763.89-241302509973587/source",
"state": "file",
"uid": 0
}
backup | CHANGED => {
"changed": true,
"checksum": "d9c181adb96ccb196f0abb76c1cff121d1d075ca",
"dest": "/root/df.txt",
"gid": 0,
"group": "root",
"md5sum": "bc0a5a5a164d9e9e92c66b2fb729f524",
"mode": "0755",
"owner": "root",
"size": 1696,
"src": "/root/.ansible/tmp/ansible-tmp-1548248763.92-58586798710352/source",
"state": "file",
"uid": 0
}
#批量查询
[root@m01 ~]# ansible servers -a "ls -l /root/df.txt"
backup | CHANGED | rc=0 >>
-rwxr-xr-x 1 root root 1696 Jan 23 21:06 /root/df.txt
web01 | CHANGED | rc=0 >>
-rwxr-xr-x 1 root root 1696 Jan 23 21:06 /root/df.txt
nfs01 | CHANGED | rc=0 >>
-rwxr-xr-x 1 root root 1696 Jan 23 21:06 /root/df.txt
4、file
file模块实现创建/删除文件或目录信息,对数据权限进行修改
参数:
dest(required) : 将数据复制到远程节点的路径信息
可以使用path替代
group : 文件数据复制到远程主机,设置文件属组用户信息
mode : 文件数据复制到远程主机,设置数据的权限 eg 0644 0755
owner : 文件数据复制到远程主机,设置文件属主用户信息
src : 指定将本地管理主机的什么数据信息进行远程复制
state : absent 将数据进行删除
directory 创建一个空目录信息
file 查看指定目录信息是否存在
touch 创建一个空文件信息
hard/link 创建链接文件
#批量创建文件,并设置文件的权限
[root@m01 ~]# ansible servers -m file -a "path=/tmp/oldboy12.txt state=touch mode=0777"
backup | CHANGED => {
"changed": true,
"dest": "/tmp/oldboy12.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
web01 | CHANGED => {
"changed": true,
"dest": "/tmp/oldboy12.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
nfs01 | CHANGED => {
"changed": true,
"dest": "/tmp/oldboy12.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
#批量创建目录,并设置目录权限
[root@m01 ~]# ansible servers -m file -a "path=/tmp/oldboy_dir state=directory mode=0755"
web01 | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/oldboy_dir",
"size": 6,
"state": "directory",
"uid": 0
}
backup | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/oldboy_dir",
"size": 6,
"state": "directory",
"uid": 0
}
nfs01 | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/oldboy_dir",
"size": 6,
"state": "directory",
"uid": 0
}
5、yum
yum 模块实现批量安装软件。
参数:
name 指定软件名称信息
state absent/removed 将软件进行卸载(慎用)
present/installed 将软件进行安装
latest 安装最新的软件 yum update
#批量安装软件
[root@m01 ~]# ansible servers -m yum -a "name=sl state=installed"
web01 | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package sl.x86_64 0:5.02-1.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n sl x86_64 5.02-1.el7 epel 14 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 14 k\nInstalled size: 17 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : sl-5.02-1.el7.x86_64 1/1 \n Verifying : sl-5.02-1.el7.x86_64 1/1 \n\nInstalled:\n sl.x86_64 0:5.02-1.el7 \n\nComplete!\n"
]
}
backup | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package sl.x86_64 0:5.02-1.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n sl x86_64 5.02-1.el7 epel 14 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 14 k\nInstalled size: 17 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : sl-5.02-1.el7.x86_64 1/1 \n Verifying : sl-5.02-1.el7.x86_64 1/1 \n\nInstalled:\n sl.x86_64 0:5.02-1.el7 \n\nComplete!\n"
]
}
nfs01 | CHANGED => {
"ansible_facts": {
"pkg_mgr": "yum"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package sl.x86_64 0:5.02-1.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n sl x86_64 5.02-1.el7 epel 14 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 14 k\nInstalled size: 17 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : sl-5.02-1.el7.x86_64 1/1 \n Verifying : sl-5.02-1.el7.x86_64 1/1 \n\nInstalled:\n sl.x86_64 0:5.02-1.el7 \n\nComplete!\n"
]
}
6、service
service模块用于管理服务运行状态
参数:
enabled(no yes) 设置服务是否开机自启动 如果参数不指定,原有服务开机自启动状态进行保留
name(required) 设置要启动/停止服务名称
state reloaded 平滑重启
restarted 重启
started 启动
stopped 停止#批量执行重启网卡操作
[root@m01 ~]# ansible servers -m service -a "name=network state=restarted"
7、mount
mount模块用于批量管理主机进行挂载
参数:
fstype 指定挂载的文件系统类型
opts 指定挂载的参数信息
path 定义一个挂载点信息
src 定义设备文件信息
state absent 会进行卸载,也会修改fatab文件信息
unmounted 会进行卸载,不会修改fstab文件
present 不会挂载,只会修改fstab文件
mounted 会进行挂载,会修改fstab文件
结论:
在进行挂载的时候,使用state=mounted
在进行卸载的时候,使用state=absent
#批量挂载
[root@m01 ~]# ansible web01 -m mount -a "src=172.16.1.31:/data path=/data fstype=ftp state=present"
web01 | CHANGED => {
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "ftp",
"name": "/data",
"opts": "defaults",
"passno": "0",
"src": "172.16.1.31:/data"
}
8、cron
cron模块用于创建/删除/修改定时任务
参数:
minute/hour/day/month/weekday 和设置时间信息相关参数
job 和设置定时任务先关参数
name 设置定时任务注释信息
state absent 删除指定定时任务
disabled yes 将指定定时任务进行注释
no 取消注释
#定时任务如何设置:
#crontab -e
* * * * * 定时任务
分 时 日 月 周
minute hour day month weekday job=‘/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null’
#批量创建定时任务
[root@m01 ~]# ansible servers -m cron -a "name=cron_id01 minute=*/5 job='/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null'"
backup | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"cron_id01"
]
}
web01 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"cron_id01"
]
}
nfs01 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"cron_id01"
]
}
#批量注释定时任务
[root@m01 ~]# ansible servers -m cron -a "name=cron_id01 minute=*/5 job='/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null' disabled=yes"
web01 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"cron_id01"
]
}
backup | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"cron_id01"
]
}
nfs01 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"cron_id01"
]
}
#批量删除定时任务
[root@m01 ~]# ansible servers -m cron -a "name=cron_id01 minute=*/5 job='/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null' disabled=yes state=absent"
web01 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
backup | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
nfs01 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
9、user
user模块用于创建/修改/删除用户
参数:
name 指定用户名信息
uid 指定用户uid信息
group 指定用户主要属于哪个组
groups 指定用户属于哪个附加组信息
shell 指定是否能够登录
create_home 是否创建家目录信息
home 指定家目录创建在什么路径 默认/home
password *设置密码时不能使用明文方式,只能使用密文方式
可以给用户设置密码 还可以给用户修改密码
#批量创建一个虚拟用户user_ansible_01
[root@m01 ~]# ansible servers -m user -a "name=user_ansible_01 uid=5000 shell=/sbin/nologin create_home=no"
nfs01 | CHANGED => {
"changed": true,
"comment": "",
"create_home": false,
"group": 5000,
"home": "/home/user_ansible_01",
"name": "user_ansible_01",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 5000
}
web01 | CHANGED => {
"changed": true,
"comment": "",
"create_home": false,
"group": 5000,
"home": "/home/user_ansible_01",
"name": "user_ansible_01",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 5000
}
backup | CHANGED => {
"changed": true,
"comment": "",
"create_home": false,
"group": 5000,
"home": "/home/user_ansible_01",
"name": "user_ansible_01",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 5000
}
10、group
group模块用于创建/修改/删除用户组
参数:
gid 指定创建的组ID信息
name 指定创建组名称信息
state absent 删除指定的用户组
present 创建指定的用户组
#批量创建一个用户组group_dog
[root@m01 ~]# ansible servers -m group -a "name=group_dog gid=2788"
backup | CHANGED => {
"changed": true,
"gid": 2788,
"name": "group_dog",
"state": "present",
"system": false
}
nfs01 | CHANGED => {
"changed": true,
"gid": 2788,
"name": "group_dog",
"state": "present",
"system": false
}
web01 | CHANGED => {
"changed": true,
"gid": 2788,
"name": "group_dog",
"state": "present",
"system": false
}
#批量删除用户组group_dog
[root@m01 ~]# ansible servers -m group -a "name=group_dog gid=2788 state=absent"
web01 | CHANGED => {
"changed": true,
"name": "group_dog",
"state": "absent"
}
backup | CHANGED => {
"changed": true,
"name": "group_dog",
"state": "absent"
}
nfs01 | CHANGED => {
"changed": true,
"name": "group_dog",
"state": "absent"
}