• Ansible


    一、Ansible简介

      Ansible是一个简单的自动化运维管理工具,基于Python语言实现,由Paramiko和PyYAML两个关键模块构建,可用于自动化部署应用、配置、编排task(持续交付、无宕机更新等)。主版本大概每2个月发布一次。

      Ansible官网:https://www.ansible.com/ 

      github地址:https://github.com/Ansible

      Ansible具有如下特点:

    • 部署简单,只需在主控端部署Ansible环境,被控端无需做任何操作;
    • 默认使用SSH协议对设备进行管理;
    • 主从集中化管理;
    • 配置简单、功能强大、扩展性强;
    • 支持API及自定义模块,可通过Python轻松扩展;
    • 通过Playbooks来定制强大的配置、状态管理;
    • 对云计算平台、大数据都有很好的支持;
    • 提供一个功能强大、操作性强的Web管理界面和REST API接口——AWX平台。

      Ansible与Saltstack最大的区别是Ansible无需在被控主机部署任何客户端代理,默认直接通过SSH通道进行远程命令执行或下发配置:相同点是都具备功能强大、灵活的系统管理、状态配置,两者都提供丰富的模板及API,对云计算平台、大数据都有很好的支持。

      Ansible工作机制

      Ansible在管理节点将Ansible模块通过SSH协议推送到管理端执行,执行完之后自动删除,可以使用SVN等来管理自定义模块及编排。

      

    二、Ansible安装 

      实验环境采用Ubuntu16.04 LTS

      Control Machine:192.168.65.110 (Ubuntu16.04)

      Managed Nodes:192.168.65.245 (CentOS6.6)

               192.168.65.246   (CentOS6.6)

      源码安装ansible

        git clone git://github.com/ansible/ansible.git --recursive

        cd ./ansible

        source ./hacking/env-setup

        apt-get install python-pip

        pip install paramiko PyYAML Jinja2 httplib2

      问题1:

     

      解决办法:

      apt-get install libcff-dev

      问题2:

      解决办法:

      apt-get install libssl-dev   

      

      查看ansible版本:

      ./bin/ansible --version

      

      注意: ansible暂不支持Python3,只能安装Python2.4或以上版本,Ubuntu16.04默认自带的Python版本为Python3.5.1,不过也不用担心,

          执行pip install paramiko PyYAML Jinja2 httplib2命令会自动安装并切换Python版本为2.7.11。

          另外,ansible默认使用ssh协议管理节点。

      

    三、基本操作

      在ansible的安装目录下有两个比较重要的目录,bin目录和examples目录,bin目录下存放着所有的可执行命令,examples目录是配置文件的样板文件。

     

      1、编辑或创建/etc/ansible/hosts文件,添加可管理主机

        [ansibleserver]

        192.168.65.110

        [testservers]
        192.168.65.245
        192.168.65.246

      2、配置无密码登录

        root@ubuntu:~/ansible# ssh-keygen

        root@ubuntu:~/ansible# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.65.110

        root@ubuntu:~/ansible# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.65.245

        root@ubuntu:~/ansible# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.65.246

      3、命令操作

        ansible all -m ping  # ping所有的节点

         

        ansible all -a "/bin/echo hello"

        

        192.168.65.245提示Module failure,  原因是安装的Python版本为3.5.1。ansible不支持Python3,这是一大缺陷!替换为python2.7.11之后执行成功。

        

        ansible testservers -a "/bin/echo hello"

        

        Ansible命令参数(用ansible -h获得):  

    Usage: ansible <host-pattern> [options]
    
    Options:
      -a MODULE_ARGS, --args=MODULE_ARGS               
                            module arguments
      --ask-vault-pass      ask for vault password
      -B SECONDS, --background=SECONDS
                            run asynchronously, failing after X seconds
                            (default=N/A)
      -C, --check           don't make any changes; instead, try to predict some
                            of the changes that may occur
      -D, --diff            when changing (small) files and templates, show the
                            differences in those files; works great with --check
      -e EXTRA_VARS, --extra-vars=EXTRA_VARS
                            set additional variables as key=value or YAML/JSON
      -f FORKS, --forks=FORKS
                            specify number of parallel processes to use
                            (default=5)
      -h, --help            show this help message and exit
      -i INVENTORY, --inventory-file=INVENTORY
                            specify inventory host path
                            (default=/etc/ansible/hosts) or comma separated host
                            list.
      -l SUBSET, --limit=SUBSET
                            further limit selected hosts to an additional pattern
      --list-hosts          outputs a list of matching hosts; does not execute
                            anything else
      -m MODULE_NAME, --module-name=MODULE_NAME
                            module name to execute (default=command)
      -M MODULE_PATH, --module-path=MODULE_PATH
                            specify path(s) to module library (default=None)
      --new-vault-password-file=NEW_VAULT_PASSWORD_FILE
                            new vault password file for rekey
      -o, --one-line        condense output
      --output=OUTPUT_FILE  output file name for encrypt or decrypt; use - for
                            stdout
      -P POLL_INTERVAL, --poll=POLL_INTERVAL
                            set the poll interval if using -B (default=15)
      --syntax-check        perform a syntax check on the playbook, but do not
                            execute it
      -t TREE, --tree=TREE  log output to this directory
      --vault-password-file=VAULT_PASSWORD_FILE
                            vault password file
      -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                            connection debugging)
      --version             show program's version number and exit
    
      Connection Options:
        control as whom and how to connect to hosts
    
        -k, --ask-pass      ask for connection password
        --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
                            use this file to authenticate the connection
        -u REMOTE_USER, --user=REMOTE_USER
                            connect as this user (default=None)
        -c CONNECTION, --connection=CONNECTION
                            connection type to use (default=smart)
        -T TIMEOUT, --timeout=TIMEOUT
                            override the connection timeout in seconds
                            (default=10)
        --ssh-common-args=SSH_COMMON_ARGS
                            specify common arguments to pass to sftp/scp/ssh (e.g.
                            ProxyCommand)
        --sftp-extra-args=SFTP_EXTRA_ARGS
                            specify extra arguments to pass to sftp only (e.g. -f,
                            -l)
        --scp-extra-args=SCP_EXTRA_ARGS
                            specify extra arguments to pass to scp only (e.g. -l)
        --ssh-extra-args=SSH_EXTRA_ARGS
                            specify extra arguments to pass to ssh only (e.g. -R)
    
      Privilege Escalation Options:
        control how and which user you become as on target hosts
    
        -s, --sudo          run operations with sudo (nopasswd) (deprecated, use
                            become)
        -U SUDO_USER, --sudo-user=SUDO_USER
                            desired sudo user (default=root) (deprecated, use
                            become)
        -S, --su            run operations with su (deprecated, use become)
        -R SU_USER, --su-user=SU_USER
                            run operations with su as this user (default=root)
                            (deprecated, use become)
        -b, --become        run operations with become (does not imply password
                            prompting)
        --become-method=BECOME_METHOD
                            privilege escalation method to use (default=sudo),
                            valid choices: [ sudo | su | pbrun | pfexec | runas |
                            doas | dzdo ]
        --become-user=BECOME_USER
                            run operations as this user (default=root)
        --ask-sudo-pass     ask for sudo password (deprecated, use become)
        --ask-su-pass       ask for su password (deprecated, use become)
        -K, --ask-become-pass
                            ask for privilege escalation password
    

      

     

    四、主机清单Inventory

      Ansible通过读取默认的主机清单配置文件/etc/ansible/hosts,可以同时连接到多个远程主机上执行任务,默认路径可以通过修改ansible.cfg的hostfile参数指定。

      /etc/ansible/hosts文件默认配置格式如下

    # This is the default ansible 'hosts' file.
    #
    # It should live in /etc/ansible/hosts
    #
    #   - Comments begin with the '#' character
    #   - Blank lines are ignored
    #   - Groups of hosts are delimited by [header] elements
    #   - You can enter hostnames or ip addresses
    #   - A hostname/ip can be a member of multiple groups
    
    # Ex 1: Ungrouped hosts, specify before any group headers.
    
    ## green.example.com  
    ## blue.example.com
    ## 192.168.100.1
    ## 192.168.100.10
    
    # Ex 2: A collection of hosts belonging to the 'webservers' group
    
    ## [webservers]
    ## alpha.example.org
    ## beta.example.org    
    ## 192.168.1.100
    ## 192.168.1.110  
    
    # If you have multiple hosts following a pattern you can specify
    # them like this:
    
    ## www[001:006].example.com    # 支持通配符匹配 001至006
    
    # Ex 3: A collection of database servers in the 'dbservers' group
    
    ## [dbservers]
    ## 
    ## db01.intranet.mydomain.net
    ## db02.intranet.mydomain.net
    ## 10.25.1.56
    ## 10.25.1.57
    
    # Here's another example of host ranges, this time there are no
    # leading 0s:
    
    ## db-[99:101]-node.example.com    
    

      

    五、Ansible常用模块的操作

       1、并行性和shell命令

        以root用户在testservers组的所有主机运行Python命令(也可以其他用户身份sudo执行命令)

          

        默认情况下,ansible使用的module是command,这个模块并不支持shell变量和管道等,若使用shell来执行模块,需要用-m参数指定shell模块

        使用shell模块在远程主机执行命令

        

      

      2、传输文件

        拷贝本地的/etc/hosts文件到192.168.65.245的/tmp目录

        

        file模块允许更改文件的用户及权限

        

        

        使用file模块创建目录,相当于 mkdir -p

        ansible ansibleserver -m file -a "dest=/data/src mode=755 owner=rambo group=rambo state=directory" 

        使用file模块删除文件或目录

        ansible 192.168.65.246 -m file -a "dest=/tmp/hosts state=absent"

    未完待续...

    学习视频:http://edu.51cto.com/course/course_id-2220.html

      

          

    运维因自动化而有趣!
  • 相关阅读:
    浅谈REST[转]
    linuxyum
    XAMPPAccess denied for user 'root'@'localhost' (using password:YES)....& can't connect to localhost...
    ps aux详细解释【转】
    TOP 10:值得关注的十家云计算公司【转】
    isnull在数据库查询中的应用
    正则匹配代码
    推荐一款生成SQL插入语句的软件
    网页自动刷新
    执行SQL脚本语句判断是否已经存在
  • 原文地址:https://www.cnblogs.com/Rambotien/p/5570541.html
Copyright © 2020-2023  润新知