ansible
测试环境配置
注意:192.168.100.201这台机器是主控机,剩下的192.168.100.202、192.168.100.203、192.168.100.210均为测试主机。
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
82:68:12:6c:a7:62:24:15:7c:e4:6f:92:42:3a:64:66 root@node1
The key's randomart image is:
+--[ RSA 2048]----+
| .oo. |
|..... |
|oE.o. |
|O+o. + |
|=o+ + + S |
|o+ . o . |
| |
| |
| |
+-----------------+
# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.100.202
The authenticity of host '192.168.100.202 (192.168.100.202)' can't be established.
RSA key fingerprint is c4:4c:b0:22:d2:20:46:98:43:8c:19:fc:98:88:eb:9b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.202' (RSA) to the list of known hosts.
root@192.168.100.202's password:
Now try logging into the machine, with "ssh 'root@192.168.100.202'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.100.203
# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.100.210
主控机配置
# tail -5 /etc/ansible/hosts
[web]
192.168.100.202
192.168.100.203
[db]
192.168.100.210
测试
# ansible all -m ping
192.168.100.202 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.100.203 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.100.210 | SUCCESS => {
"changed": false,
"ping": "pong"
}
命令参数
- -a MODULE_ARGS, --args=MODULE_ARGS:模块参数
- --ask-vault-pass:加密playbook文件时提示输入密码
- -B SECONDS, --background=SECONDS:后台执行命令,超过SECONDS秒后终止正在执行的命令
- -D, --diff:当更新的文件数及内容较少时,该选项可显示这些文件不同的地方
- -e EXTRA_VARS, --extra-vars=EXTRA_VARS:在playbook中引入外部变量
- -f FORKS, --forks=FORKS:并发线程数,默认是5个
- -i INVENTORY, --inventory-file=INVENTORY:指定要读取的inventory文件
- -l SUBSET, --limit=SUBSET:指定运行的主机(正则)
- --list-hosts:列出符合条件的主机列表,不执行任何命令
- -m MODULE_NAME, --module-name=MODULE_NAME:指定执行使用的模块
- -M MODULE_PATH, --module-path=MODULE_PATH:指定模块存放路径,默认/usr/share/ansible,也可以通过ANSIBLE_LIBRARY设定默认路径
- -P POLL_INTERVAL, --poll=POLL_INTERVAL:定期返回后台认任务进度
- --syntax-check:检测playbook中的语法书写
- -t TREE, --tree=TREE:输出信息至TREE目录中,结果文件以远程主机名命名
- -v, --verbose:输出更详细的执行过程信息,-vvv可得到执行过程所有信息
- -k, --ask-pass:认证密码
- --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE:指定密钥文件
- -u REMOTE_USER, --user=REMOTE_USER:指定远程主机以REMOTE_USER运行命令
- -c CONNECTION, --connection=CONNECTION:指定连接方式
- -T TIMEOUT, --timeout=TIMEOUT:指定连接远程主机的最大超时,单位是秒
- -s, --sudo:相当于Linux下的sudo命令
- -U SUDO_USER, --sudo-user=SUDO_USER:使用sudo相当于Linux下的sudo命令
常用模块
shell
默认情况下,ansible使用的module 是 command,这个模块并不支持 shell 变量和管道等,若想使用shell 来执行模块,请使用-m 参数指定 shell 模块,但是值得注意的是普通的命令执行模块是通过python的ssh执行。
举例
# ansible all -m shell -a 'ps aux |grep nginx'
192.168.100.202 | SUCCESS | rc=0 >>
root 1896 0.0 0.1 44728 1096 ? Ss 12:06 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf
nginx 1899 0.0 0.1 45172 1672 ? S 12:06 0:00 nginx: worker process
root 3311 0.0 0.1 106092 1120 pts/1 S+ 16:56 0:00 /bin/sh -c ps aux |grep nginx
root 3313 0.0 0.0 103324 864 pts/1 S+ 16:56 0:00 grep nginx
192.168.100.203 | SUCCESS | rc=0 >>
root 3585 0.0 0.1 106092 1120 pts/1 S+ 20:24 0:00 /bin/sh -c ps aux |grep nginx
root 3587 0.0 0.0 103324 860 pts/1 S+ 20:24 0:00 grep nginx
192.168.100.210 | SUCCESS | rc=0 >>
root 7344 0.0 0.1 106092 1128 pts/1 S+ 20:24 0:00 /bin/sh -c ps aux |grep nginx
root 7346 0.0 0.0 103320 856 pts/1 S+ 20:24 0:00 grep nginx
copy
实现主控端向目标主机拷贝文件,类似于scp的功能。
举例
# ansible web -m copy -a "src=/etc/fstab dest=/tmp mode=0600"
# ansible web -m command -a 'ls -l /tmp/fstab'
192.168.100.203 | SUCCESS | rc=0 >>
-rw------- 1 root root 871 3月 12 20:31 /tmp/fstab
192.168.100.202 | SUCCESS | rc=0 >>
-rw------- 1 root root 871 3月 12 17:03 /tmp/fstab
file
file模块称之为文件属性模块,可以做的操作如下:
使用 file 模块创建目录:
# ansible db -m file -a "dest=/tmp/study mode=700 owner=root group=ftp state=directory"
192.168.100.210 | SUCCESS => {
"changed": true,
"gid": 50,
"group": "ftp",
"mode": "0700",
"owner": "root",
"path": "/tmp/study",
"size": 4096,
"state": "directory",
"uid": 0
}
# ansible db -m command -a 'ls -dl /tmp/study'
192.168.100.210 | SUCCESS | rc=0 >>
drwx------ 2 root ftp 4096 3月 12 20:44 /tmp/study
创建文件:
# ansible db -m file -a 'dest=/tmp/study/1.txt state=touch mode=600'
192.168.100.210 | SUCCESS => {
"changed": true,
"dest": "/tmp/study/1.txt",
"gid": 0,
"group": "root",
"mode": "0600",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
# ansible db -m command -a 'ls -l /tmp/study/1.txt'
192.168.100.210 | SUCCESS | rc=0 >>
-rw------- 1 root root 0 3月 12 21:00 /tmp/study/1.txt
删除文件
# ansible db -m file -a 'dest=/tmp/study/1.txt state=absent'
192.168.100.210 | SUCCESS => {
"changed": true,
"path": "/tmp/study/1.txt",
"state": "absent"
}
stat
获取远程文件状态信息,包含atime、ctime、mtime、md5、uid、gid等:
# ansible db -m stat -a 'path=/tmp/study'
yum
- name: install the latest version of Apache
yum: name=httpd state=latest
- name: remove the Apache package
yum: name=httpd state=absent
- name: install the latest version of Apache from the testing repo
yum: name=httpd enablerepo=testing state=present
- name: install one specific version of Apache
yum: name=httpd-2.2.29-1.4.amzn1 state=present
- name: upgrade all packages
yum: name=* state=latest
- name: install the nginx rpm from a remote repo
yum: name=http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present
- name: install nginx rpm from a local file
yum: name=/usr/local/src/nginx-release-centos-6-0.el6.ngx.noarch.rpm state=present
- name: install the 'Development tools' package group
yum: name="@Development tools" state=present
- name: install the 'Gnome desktop' environment group
yum: name="@^gnome-desktop-environment" state=present
cron
在指定节点上定义一个计划任务,每隔3分钟到主控端更新一次时间:
ansible all -m cron -a 'name="ntp date" minute=*/5 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 1.asia.pool.ntp.org"'
192.168.100.210 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"ntp date"
]
}
192.168.100.203 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"ntp date"
]
}
192.168.100.202 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"ntp date"
]
}
# ansible all -m command -a 'crontab -l'
192.168.100.203 | SUCCESS | rc=0 >>
#Ansible: ntp date
*/5 * * * * /usr/sbin/ntpdate 1.asia.pool.ntp.org
192.168.100.202 | SUCCESS | rc=0 >>
#Ansible: ntp date
*/5 * * * * /usr/sbin/ntpdate 1.asia.pool.ntp.org
192.168.100.210 | SUCCESS | rc=0 >>
#Ansible: ntp date
*/5 * * * * /usr/sbin/ntpdate 1.asia.pool.ntp.org
service
启动指定节点上的 httpd 服务,并让其开机自启动:
# ansible web -a 'rpm -qa httpd'
192.168.100.203 | SUCCESS | rc=0 >>
httpd-2.2.15-55.el6.centos.2.x86_64
192.168.100.202 | SUCCESS | rc=0 >>
httpd-2.2.15-56.el6.centos.3.x86_64
# ansible web -a 'chkconfig --list httpd'
192.168.100.202 | SUCCESS | rc=0 >>
httpd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
192.168.100.203 | SUCCESS | rc=0 >>
httpd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
# ansible web -a '/etc/init.d/httpd status'
192.168.100.202 | FAILED | rc=3 >>
httpd 已停
192.168.100.203 | FAILED | rc=3 >>
httpd 已停
# ansible web -m service -a 'name=httpd state=started enabled=yes'
192.168.100.202 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
192.168.100.203 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
# ansible web -a '/etc/init.d/httpd status'
192.168.100.203 | SUCCESS | rc=0 >>
httpd (pid 4901) 正在运行...
192.168.100.202 | SUCCESS | rc=0 >>
httpd (pid 4688) 正在运行...
# ansible web -a 'chkconfig --list httpd'
192.168.100.202 | SUCCESS | rc=0 >>
httpd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
192.168.100.203 | SUCCESS | rc=0 >>
httpd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
script
在指定节点上执行/root/test.sh脚本(该脚本是在ansible控制节点上的):
# cat test.sh
#!/bin/bash
uptime
echo "Hello world!"
# ansible db -m script -a '/root/test.sh'
192.168.100.210 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.100.210 closed.
",
"stdout": " 21:43:11 up 4:35, 2 users, load average: 0.16, 0.03, 0.01
Hello world!
",
"stdout_lines": [
" 21:43:11 up 4:35, 2 users, load average: 0.16, 0.03, 0.01",
"Hello world!"
]
}
get_url
下载lrzsz到web组机器的/tmp目录中:
# ansible web -m get_url -a 'url=https://mirrors.aliyun.com/centos/6.8/os/x86_64/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm dest=/tmp/'
192.168.100.203 | SUCCESS => {
"changed": false,
"checksum_dest": "5fa0cc444e4474cab0198af83e405224b6130c7b",
"checksum_src": "5fa0cc444e4474cab0198af83e405224b6130c7b",
"dest": "/tmp/lrzsz-0.12.20-27.1.el6.x86_64.rpm",
"gid": 0,
"group": "root",
"md5sum": "2cc2edecc0e4f553a4ec0e5db49c1ec6",
"mode": "0644",
"msg": "OK (72436 bytes)",
"owner": "root",
"size": 72436,
"src": "/tmp/tmp1WXVKL",
"state": "file",
"uid": 0,
"url": "https://mirrors.aliyun.com/centos/6.8/os/x86_64/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm"
}
192.168.100.202 | SUCCESS => {
"changed": false,
"checksum_dest": "5fa0cc444e4474cab0198af83e405224b6130c7b",
"checksum_src": "5fa0cc444e4474cab0198af83e405224b6130c7b",
"dest": "/tmp/lrzsz-0.12.20-27.1.el6.x86_64.rpm",
"gid": 0,
"group": "root",
"md5sum": "2cc2edecc0e4f553a4ec0e5db49c1ec6",
"mode": "0644",
"msg": "OK (72436 bytes)",
"owner": "root",
"size": 72436,
"src": "/tmp/tmpMxIP4A",
"state": "file",
"uid": 0,
"url": "https://mirrors.aliyun.com/centos/6.8/os/x86_64/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm"
}