• DevOps


    1 - 配置管理工具

    配置管理工具(SCM,Software Configuration Management)可以将代码、软件方式实现的基础设施配置信息保存,也可以根据需求变化反复进行变更。
    相关工具包括Ansible、Chef、Puppet、SaltStack等,版本管理工具有Git、Subversion等。
    配置管理工具的特征

    • 声明式:通过配置信息对当前配置对象的具体状态进行明确描述,并管理这个状态;形式简单、易于理解;
    • 抽象化:配置信息能涵盖细微的环境差异,不需要根据配置对象所在环境的细微差别而分开编写配置信息,消除代码执行时的特殊性;
    • 收敛性:不管对象的状态如何,最终都会变为指定的期望状态
    • 幂等性:无论执行多少次都能得到相同的结果
    • 省时省力:配置信息轻量,易于传输,可以提高审查速度,能够快速回滚到上一个版本;开源;可通过自动化进行快速设置;

    2 - Ansible简介

    Ansible是基于python语言开发的一种开源的自动化运维工具和平台,集合了众多运维工具的优点,实现了批量配置管理、批量应用部署和运行命令执行特定任务等功能。
    Ansible基于SSH来和远程主机通讯,不需要在远程主机上安装client/agents。
    配置信息语法规则简单,命令简洁,容易入门。
    Ansible只是提供一种框架,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块。主要包括:

    • 连接插件connection plugins:负责和被监控端实现通信
    • host inventory:指定操作的主机,是一个配置文件里面定义监控的主机
    • 各种模块核心模块、command模块、自定义模块
    • 借助于插件完成记录日志邮件等功能
    • playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务
    • 具备管理Docker容器的功能

    Ansible官网与教程

    3 - Ansible安装

    操作简单,例如在CentOS7中安装Ansible只需执行yum -y install epel-releaseyum -y install ansible就可以。

    3.1 Ansible命令参数

    [root@localhost ~]# ansible
    usage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD]
                   [--become-user BECOME_USER] [-K] [-i INVENTORY] [--list-hosts]
                   [-l SUBSET] [-P POLL_INTERVAL] [-B SECONDS] [-o] [-t TREE] [-k]
                   [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
                   [-c CONNECTION] [-T TIMEOUT]
                   [--ssh-common-args SSH_COMMON_ARGS]
                   [--sftp-extra-args SFTP_EXTRA_ARGS]
                   [--scp-extra-args SCP_EXTRA_ARGS]
                   [--ssh-extra-args SSH_EXTRA_ARGS] [-C] [--syntax-check] [-D]
                   [-e EXTRA_VARS] [--vault-id VAULT_IDS]
                   [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
                   [-f FORKS] [-M MODULE_PATH] [--playbook-dir BASEDIR]
                   [-a MODULE_ARGS] [-m MODULE_NAME]
                   pattern
    ansible: error: too few arguments
    [root@localhost ~]# 
    [root@localhost ~]# ansible --version
    ansible 2.9.0
      config file = /etc/ansible/ansible.cfg
      configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/lib/python2.7/site-packages/ansible
      executable location = /bin/ansible
      python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
    [root@localhost ~]# 
    [root@localhost ~]# ll /etc/ansible/
    total 24
    -rw-r--r-- 1 root root 19985 Nov  9 05:11 ansible.cfg
    -rw-r--r-- 1 root root  1016 Nov  9 05:11 hosts
    drwxr-xr-x 2 root root     6 Nov  9 05:11 roles
    [root@localhost ~]# 
    

    3.2 Inventory文件

    默认是“/etc/ansible/hosts文件,定义了Ansible进行远程控制的对象服务器列表。
    也可以在运行时使用-i参数指定其他文件作为Inventory文件。

    [root@localhost ~]# sh -c "echo "localhost" >> /etc/ansible/hosts"
    

    4 Ansible示例

    4.1 安装并启动Nginx

     # yum -y install epel-release
     # yum -y install nginx
     # echo "hello, Nginx" > /usr/share/nginx/html/index.html
     # systemctl start nginx
    
    [root@localhost ~]# systemctl status nginx.service
    ● nginx.service - The nginx HTTP and reverse proxy server
       Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
       Active: active (running) since Tue 2019-11-19 16:54:56 CST; 7min ago
      Process: 6752 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
      Process: 6749 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
      Process: 6747 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
     Main PID: 6754 (nginx)
        Tasks: 3
       CGroup: /system.slice/nginx.service
               ├─6754 nginx: master process /usr/sbin/nginx
               ├─6755 nginx: worker process
               └─6756 nginx: worker process
    
    Nov 19 16:54:56 localhost.localdomain systemd[1]: Starting The nginx HTTP and reverse proxy server...
    Nov 19 16:54:56 localhost.localdomain nginx[6749]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    Nov 19 16:54:56 localhost.localdomain nginx[6749]: nginx: configuration file /etc/nginx/nginx.conf test is su...sful
    Nov 19 16:54:56 localhost.localdomain systemd[1]: Started The nginx HTTP and reverse proxy server.
    Hint: Some lines were ellipsized, use -l to show in full.
    [root@localhost ~]# 
    [root@localhost ~]# curl http://192.168.16.101
    hello, Nginx
    

    4.2示例 - 启动已经运行的Nginx服务

    [root@localhost ~]# ansible localhost -b -c local -m service -a "name=nginx state=started"
    localhost | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false, 
        "name": "nginx", 
        "state": "started", 
        "status": {
            "ActiveEnterTimestamp": "Tue 2019-11-19 17:08:33 CST", 
            "ActiveEnterTimestampMonotonic": "8773946590", 
            "ActiveExitTimestampMonotonic": "0", 
            "ActiveState": "active", 
            ......
            ......
            ......
            "WatchdogTimestamp": "Tue 2019-11-19 16:54:56 CST", 
            "WatchdogTimestampMonotonic": "7957241107", 
            "WatchdogUSec": "0"
        }
    }
    [root@localhost ~]# 
    

    4.3示例 - 启动并未运行的Nginx服务

    [root@localhost ~]# systemctl stop nginx.service
    [root@localhost ~]# 
    [root@localhost ~]# ansible localhost -b -c local -m service -a "name=nginx state=started"
    localhost | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "name": "nginx", 
        "state": "started", 
        "status": {
            "ActiveEnterTimestampMonotonic": "0", 
            "ActiveExitTimestampMonotonic": "0", 
            "ActiveState": "inactive", 
            ......
            ......
            ......
            "WatchdogTimestampMonotonic": "0", 
            "WatchdogUSec": "0"
        }
    }
    [root@localhost ~]# 
    

    5 - ansible-playbook

    5.1 ansible-playbook简介

    使用ansible-playbook命令能够以分组的方式处理或者操作对象,执行从安装、配置到启动等一系列操作。
    这一系列操作(构建信息)必须提前定义在playbook文件中,然后通过指定playbook文件自动开始执行构建。

    • playbook文件(YAML格式,后缀名为.yml)指定角色(roles)
    • roles目录中的tasks具体定义一系列操作
    • group_vars目录和roles下中templates目录为不同的环境设置变量值

    ansible-playbook命令参数

    [root@localhost ~]# ansible-playbook -h
    usage: ansible-playbook [-h] [--version] [-v] [-k]
                            [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
                            [-c CONNECTION] [-T TIMEOUT]
                            [--ssh-common-args SSH_COMMON_ARGS]
                            [--sftp-extra-args SFTP_EXTRA_ARGS]
                            [--scp-extra-args SCP_EXTRA_ARGS]
                            [--ssh-extra-args SSH_EXTRA_ARGS] [--force-handlers]
                            [--flush-cache] [-b] [--become-method BECOME_METHOD]
                            [--become-user BECOME_USER] [-K] [-t TAGS]
                            [--skip-tags SKIP_TAGS] [-C] [--syntax-check] [-D]
                            [-i INVENTORY] [--list-hosts] [-l SUBSET]
                            [-e EXTRA_VARS] [--vault-id VAULT_IDS]
                            [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
                            [-f FORKS] [-M MODULE_PATH] [--list-tasks]
                            [--list-tags] [--step] [--start-at-task START_AT_TASK]
                            playbook [playbook ...]
    
    Runs Ansible playbooks, executing the defined tasks on the targeted hosts.
    
    positional arguments:
      playbook              Playbook(s)
    
    optional arguments:
      --ask-vault-pass      ask for vault password
      --flush-cache         clear the fact cache for every host in inventory
      --force-handlers      run handlers even if a task fails
      --list-hosts          outputs a list of matching hosts; does not execute
                            anything else
      --list-tags           list all available tags
      --list-tasks          list all tasks that would be executed
      --skip-tags SKIP_TAGS
                            only run plays and tasks whose tags do not match these
                            values
      --start-at-task START_AT_TASK
                            start the playbook at the task matching this name
      --step                one-step-at-a-time: confirm each task before running
      --syntax-check        perform a syntax check on the playbook, but do not
                            execute it
      --vault-id VAULT_IDS  the vault identity to use
      --vault-password-file VAULT_PASSWORD_FILES
                            vault password file
      --version             show program's version number, config file location,
                            configured module search path, module location,
                            executable location and exit
      -C, --check           don't make any changes; instead, try to predict some
                            of the changes that may occur
      -D, --diff            when changing (small) files and templates, show the
                            differences in those files; works great with --check
      -M MODULE_PATH, --module-path MODULE_PATH
                            prepend colon-separated path(s) to module library (def
                            ault=~/.ansible/plugins/modules:/usr/share/ansible/plu
                            gins/modules)
      -e EXTRA_VARS, --extra-vars EXTRA_VARS
                            set additional variables as key=value or YAML/JSON, if
                            filename prepend with @
      -f FORKS, --forks FORKS
                            specify number of parallel processes to use
                            (default=5)
      -h, --help            show this help message and exit
      -i INVENTORY, --inventory INVENTORY, --inventory-file INVENTORY
                            specify inventory host path or comma separated host
                            list. --inventory-file is deprecated
      -l SUBSET, --limit SUBSET
                            further limit selected hosts to an additional pattern
      -t TAGS, --tags TAGS  only run plays and tasks tagged with these values
      -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                            connection debugging)
    
    Connection Options:
      control as whom and how to connect to hosts
    
      --private-key PRIVATE_KEY_FILE, --key-file PRIVATE_KEY_FILE
                            use this file to authenticate the connection
      --scp-extra-args SCP_EXTRA_ARGS
                            specify extra arguments to pass to scp only (e.g. -l)
      --sftp-extra-args SFTP_EXTRA_ARGS
                            specify extra arguments to pass to sftp only (e.g. -f,
                            -l)
      --ssh-common-args SSH_COMMON_ARGS
                            specify common arguments to pass to sftp/scp/ssh (e.g.
                            ProxyCommand)
      --ssh-extra-args SSH_EXTRA_ARGS
                            specify extra arguments to pass to ssh only (e.g. -R)
      -T TIMEOUT, --timeout TIMEOUT
                            override the connection timeout in seconds
                            (default=10)
      -c CONNECTION, --connection CONNECTION
                            connection type to use (default=smart)
      -k, --ask-pass        ask for connection password
      -u REMOTE_USER, --user REMOTE_USER
                            connect as this user (default=None)
    
    Privilege Escalation Options:
      control how and which user you become as on target hosts
    
      --become-method BECOME_METHOD
                            privilege escalation method to use (default=sudo), use
                            `ansible-doc -t become -l` to list valid choices.
      --become-user BECOME_USER
                            run operations as this user (default=root)
      -K, --ask-become-pass
                            ask for privilege escalation password
      -b, --become          run operations with become (does not imply password
                            prompting)
    
    [root@localhost ~]# 
    

    dry-run模式

    用于预先验证要做的更改操作是否和预期一致。
    在此模式下,Ansible不会真正在实际环境中执行更改操作,而是事先显示在实际执行时那些内容会被更改。
    具体使用方法就是同时使用“--check”和“--diff”选项,表示以dry-run模式运行并显示详细的变更内容。

    5.2 示例文件

    下载地址:https://github.com/devops-book/ansible-playbook-sample

    [root@localhost ansible-playbook-sample]# ll
    total 12
    -rw-r--r-- 1 root root  81 Nov 19 17:25 development
    drwxr-xr-x 2 root root  73 Nov 19 17:25 group_vars
    -rw-r--r-- 1 root root  79 Nov 19 17:25 production
    drwxr-xr-x 7 root root  91 Nov 19 17:25 roles
    -rw-r--r-- 1 root root 150 Nov 19 17:25 site.yml
    [root@localhost ansible-playbook-sample]# 
    [root@localhost ansible-playbook-sample]# cat site.yml 
    ---
    - hosts: webservers
      become: yes
      connection: local
      roles:
        - common
        - nginx
    #    - serverspec
    #    - serverspec_sample
    #    - jenkins
    [root@localhost ansible-playbook-sample]# 
    [root@localhost ansible-playbook-sample]# tree
    .
    ├── development
    ├── group_vars
    │   ├── development-webservers.yml
    │   └── production-webservers.yml
    ├── production
    ├── roles
    │   ├── common
    │   │   ├── meta
    │   │   │   └── main.yml
    │   │   └── tasks
    │   │       └── main.yml
    │   ├── jenkins
    │   │   ├── defaults
    │   │   │   └── main.yml
    │   │   ├── handlers
    │   │   │   └── main.yml
    │   │   ├── meta
    │   │   │   └── main.yml
    │   │   ├── README.md
    │   │   ├── tasks
    │   │   │   └── main.yml
    │   │   ├── tests
    │   │   │   ├── inventory
    │   │   │   └── test.yml
    │   │   └── vars
    │   │       └── main.yml
    │   ├── nginx
    │   │   ├── meta
    │   │   │   └── main.yml
    │   │   ├── tasks
    │   │   │   └── main.yml
    │   │   └── templates
    │   │       └── index.html.j2
    │   ├── serverspec
    │   │   ├── meta
    │   │   │   └── main.yml
    │   │   └── tasks
    │   │       └── main.yml
    │   └── serverspec_sample
    │       ├── files
    │       │   └── serverspec_sample
    │       │       ├── Rakefile
    │       │       └── spec
    │       │           ├── localhost
    │       │           └── spec_helper.rb
    │       ├── meta
    │       │   └── main.yml
    │       ├── tasks
    │       │   └── main.yml
    │       ├── templates
    │       │   ├── nginx_spec.rb.j2
    │       │   └── web_spec.rb.j2
    │       └── vars
    │           └── main.yml
    └── site.yml
    
    28 directories, 27 files
    [root@localhost ansible-playbook-sample]# 
    

    5.3 示例 - 构建development环境

    [root@localhost ansible-playbook-sample]# cat development 
    [development-webservers]
    localhost
    
    [webservers:children]
    development-webservers
    [root@localhost ansible-playbook-sample]# 
    [root@localhost ansible-playbook-sample]# ansible-playbook -i development site.yml 
    
    PLAY [webservers] **************************************************************************************************
    
    TASK [Gathering Facts] *********************************************************************************************
    ok: [localhost]
    
    TASK [common : install epel] ***************************************************************************************
    ok: [localhost]
    
    TASK [nginx : install nginx] ***************************************************************************************
    ok: [localhost]
    
    TASK [nginx : replace index.html] **********************************************************************************
    changed: [localhost]
    
    TASK [nginx : nginx start] *****************************************************************************************
    changed: [localhost]
    
    PLAY RECAP *********************************************************************************************************
    localhost                  : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    
    [root@localhost ansible-playbook-sample]# 
    [root@localhost ansible-playbook-sample]# curl localhost
    hello, development ansible
    [root@localhost ansible-playbook-sample]# curl 192.168.16.101
    hello, development ansible
    [root@localhost ansible-playbook-sample]# 
    

    5.4示例 - 构建product环境

    [root@localhost ansible-playbook-sample]# cat production 
    [production-webservers]
    localhost
    
    [webservers:children]
    production-webservers
    [root@localhost ansible-playbook-sample]# 
    [root@localhost ansible-playbook-sample]# ansible-playbook -i production site.yml 
    
    PLAY [webservers] *****************************************************************************************
    
    TASK [Gathering Facts] ************************************************************************************
    ok: [localhost]
    
    TASK [common : install epel] ******************************************************************************
    ok: [localhost]
    
    TASK [nginx : install nginx] ******************************************************************************
    ok: [localhost]
    
    TASK [nginx : replace index.html] *************************************************************************
    changed: [localhost]
    
    TASK [nginx : nginx start] ********************************************************************************
    ok: [localhost]
    
    PLAY RECAP *********************************************************************************************************************************************************************************************************************************
    localhost                  : ok=5    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
    
    [root@localhost ansible-playbook-sample]# 
    root@localhost ansible-playbook-sample]# curl 192.168.16.101
    hello, production ansible
    [root@localhost ansible-playbook-sample]# 
    

    6 - Ansible进阶

    • 常用模块:Ansible功能的实现依赖于具体的模块
    • Tag:只执行指定的任务
    • Dynamic Inventory:从外部动态获取Inventory(主机列表)
    • Ansible Galaxy:从网络获取使用roles并使用
    • Ansible Tower:基于web的仪表板以及通过REST API对Ansible操作

    7 - References

  • 相关阅读:
    201571030321 马玉婷 实验二 小学四则运算
    构建之法浅思
    个人学期总结
    201571030320/201571030335《小学四则运算练习软件软件需求说明》结对项目报告
    201571030320/201571030335《小学四则运算练习软件》结对项目报告
    201571030320+小学四则运算练习软件项目报告
    初读《构建之法》所思所问
    个人学期总结
    201571030318/201574010343《小学四则运算练习软件软件需求说明》结对项目报告
    201571030318/201574010343《小学四则混合运算》结队报告 马麒
  • 原文地址:https://www.cnblogs.com/anliven/p/11823891.html
Copyright © 2020-2023  润新知