• ansible笔记


     

    不检查know_hosts

    /etc/ansible/ansible.cfg       
    host_key_checking = False   #不检查know_hosts

     

    列出所有的模块

    ansible-doc -l   

    查看指定模块的文档

    ansible-doc cron  

    ansible特性

    (1)、no agents:不需要在被管控主机上安装任何客户端;
    (2)、no server:无服务器端,使用时直接运行命令即可;
    (3)、modules in any languages:基于模块工作,可使用任意语言开发模块;
    (4)、yaml,not code:使用yaml语言定制剧本playbook;
    (5)、ssh by default:基于SSH工作;
    (6)、strong multi-tier solution:可实现多级指挥。
     
    优点
    (1)、轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可;
    (2)、批量任务执行可以写成脚本,而且不用分发到远程就可以执行;
    (3)、使用python编写,维护更简单,ruby语法过于复杂;
    (4)、支持sudo。
     

    1. 安装

    yum install -y epel-release
    yum install -y ansible
     

    2.  免密配置

    (1) ssh密钥配置
    首先生成密钥对
    ssh-keygen -t rsa  直接回车即可,不用设置密钥密码
    这样会在root家目录下生成.ssh目录,这里面也会生成两个文件 id_rsa 和  id_rsa.pub 
    然后把公钥(id_rsa.pub)内容放到对方机器的/root/.ssh/authorized_keys里面,包括本机
    cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
    对方机器上要配置好 authorized_keys文件的权限
    chmod 600 /root/.ssh/authorized_keys
    还需要关闭selinux
    
    (2)推送ssh公钥到服务器(配置的ansible_ssh_*的顺序无所谓)
    vim /etc/ansible/hosts
    [host]
    e75dc51cec53        ansible_ssh_host=172.17.0.16        ansible_ssh_user=root            ansible_ssh_pass='123456'
    03ee9b1fc20f        ansible_ssh_host=172.17.0.17        ansible_ssh_user=root        ansible_ssh_pass='123456'  ansible_ssh_port=22
    #(1)hostname【没有实际意义,标识作用。】    (2)ip    (3)用户        (4)密码 (5)端口
    
    ansible host -m copy -a "src=/root/.ssh/id_rsa.pub  dest=/root/.ssh/  owner=root group=root"
    
    ansible host -m shell -a "cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys"
    ansible host -m shell -a "chmod 400 /root/.ssh/
    authorized_keys"
     
     
     

    (2) ansible host配置

    vi  /etc/ansible/hosts  //增加
    例子1.
    [testhost]
    127.0.0.1
    172.7.15.111
     
    例子2.

    [port]

    192.168.3.102

    [port:vars]

    ansible_ssh_user="user"

    ansible_ssh_port=65535

     
    例子3.
    vim /etc/ansible/hosts
    [host]
    e75dc51cec53 ansible_ssh_host=172.17.0.16 ansible_ssh_user=root        ansible_ssh_pass='123456'   #第一段为服务器hosts
    03ee9b1fc20f ansible_ssh_host=172.17.0.17 ansible_ssh_user=root        ansible_ssh_pass='123456'  ansible_ssh_port=22
    说明: testhost为主机组名字,自定义的。 下面两个ip为组内的机器ip。
     
     

    3. 远程执行命令

    ansible  testhost -m command -a 'w' 
    这样就可以批量执行命令了。这里的testhost 为主机组名,当然我们也可以直接写一个ip,针对某一台机器来执行命令
     
    错误: "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"
    解决: yum install -y libselinux-python
     

    4. 拷贝文件或者目录

    ansible testhost  -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=0644"
    注意:源目录会放到目标目录下面去。
     

    5. 远程执行一个shell脚本

    首先创建一个shell脚本
    vim  /tmp/test.sh  //加入内容
    #!/bin/bash
    echo `date` > /tmp/ansible_test.txt
     
    然后把该脚本分发到各个机器上
    ansible testhost -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"
     
    最后是批量执行该shell脚本
    ansible testhost -m shell -a "/tmp/test.sh"
     
    shell模块,还支持远程执行命令并且带管道
    ansible testhost -m shell -a "cat /etc/passwd|wc -l "
     

    6. cron

    ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/1212.txt'  weekday=6"
    若要删除该cron 只需要加一个字段 state=absent
    ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/1212.txt'  weekday=6 state=absent"
     

    7. yum和service

    ansible testhost -m yum -a "name=httpd"
    ansible testhost -m service -a "name=httpd state=started enabled=yes"   #开户httpd服务 enabled=yes加入到开启启动 
     
    文档使用:
    ansible-doc -l   列出所有的模块
    ansible-doc cron  查看指定模块的文档
     

    8.playbook

    相当于把模块写入到配置文件里面
    例:
    cat  /etc/ansible/test.yml
    ---
    - hosts: testhost
      remote_user: root
      tasks:
        - name: test_playbook
          shell: touch /tmp/lishiming.txt
     
    说明: 
    hosts参数指定了对哪些主机进行参作;
    user参数指定了使用什么用户登录远程主机操作;
    tasks指定了一个任务,其下面的name参数同样是对任务的描述,在执行过程中会打印出来。
     
    执行:
    ansible-playbook test.yml
     
    再来一个例子:
    vim  /etc/ansible/create_user.yml
    ---
    - name: create_user
      hosts: testhost
      user: root
      gather_facts: false
      vars:
        - user: "test"
      tasks:
        - name: create user
          user: name="{{ user }}"
     
    说明: 
    name参数对该playbook实现的功能做一个概述,后面执行过程中,会打印 name变量的值 ,可以省略;
    gather_facts参数指定了在以下任务部分执行前,是否先执行setup模块获取主机相关信息,这在后面的task会使用到setup获取的信息时用到;
    vars参数,指定了变量,这里指字一个user变量,其值为test ,需要注意的是,变量值一定要用引号引住;
    user提定了调用user模块,name是user模块里的一个参数,而增加的用户名字调用了上面user变量的值。
     
     
     
    循环with_items:
     
    ---
    - hosts: testhost
      user: root
      tasks:
        - name: change mod for file
          file: path=/tmp/{{ item }} mode=600 owner=root group=root
          with_items:
            - 1.txt
            - 2.txt
    ==
    [root@master ansible]# cat for.yml
    ---
    - name: for test
      hosts: testhost
      user: root
      tasks:
       - name: for test
         copy: src={{item}}  dest=/tmp/
         with_items:
          - /etc/passwd
          - /etc/shadow
     
    说明: with_items 就是循环的关键
     
     
    条件when:
    ---
    - hosts: testhost
      remote_user: root
      gather_facts: True
      tasks:
        - name: use when
          shell: touch /tmp/when.txt
          when: facter_ipaddress == "172.7.15.106"
    ==
    ansible 192.168.1.8 -m setup
     
    模块handlers:
     
    执行task之后,服务器发生变化之后要执行的一些操作,比如我们修改了配置文件后,需要重启一下服务,具体示例
     
    ---
    - hosts: testhost
      remote_user: root
      tasks:
        - name: test copy
        copy: src=/tmp/1.txt dest=/tmp/2.txt
        notify: test handlers
      handlers:##命令成功之后才会执行
        - name: test handlers
          shell: echo "121212" >> /tmp/2.txt
     
    说明,只有copy模块真正执行后,才会去调用下面的handlers相关的操作。也就是说如果1.txt和2.txt内容是一样的,并不会去执行handlers里面的shell相关命令。 这种比较适合配置文件发生更改后,重启服务的操作。
     
     
     

    9. 实际应用- 安装nginx

     
    cd  /etc/ansible
    mkdir nginx_install
    mkdir  -p nginx_install/roles/{common,delete,install}/{handlers,files,meta,tasks,templates,vars}
     
    说明:roles目录下有三个角色,common为一些准备操作,delete为删除nginx的操作,install为安装nginx的操作
     
    每个角色下面又有几个目录,handlers下面是当发生改变时要执行的操作,通常用在配置文件发生改变,重启服务。files为安装时用到的一些文件,meta为说明信息,说明角色依赖等信息,tasks里面是核心的配置文件,templates通常存一些配置文件,启动脚本等模板文件,vars下为定义的变量
     
    cd  nginx_install/roles
    ==安装
    vim  ./common/tasks/main.yml //内容如下
    - name: Install initializtion require software
      yum: name={{ item }} state=installed
      with_items:
        - gcc
        - zlib-devel
        - pcre-devel
     
    vim  ./install/vars/main.yml
    nginx_user: www
    nginx_port: 80
    nginx_web_dir: /data/www
    nginx_version: 1.4.3
     
    ls ./install/files/
    nginx-1.4.3.tar.gz
     
    说明: 我们需要把源码包放到 files目录里面
     
    ls ./install/templates
    index.html index.php install_nginx.sh nginx nginx.conf vhost.conf
     
    说明: 需要再templates下面准备好 默认页、安装nginx的shell脚本、nginx启动脚本、nginx配置文件以及虚拟主机配置文件
     
    vim ./install/tasks/copy.yml
      - name: Copy Nginx Software To Redhat Client  #复制文件,文件在files下
        copy: src=nginx-{{ nginx_version }}.tar.gz dest=/tmp/nginx-{{ nginx_version }}.tar.gz owner=root group=root
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Uncompression Nginx Software To Redhat Client
        shell: tar zxf /tmp/nginx-{{ nginx_version }}.tar.gz -C /usr/local/
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Copy Nginx Start Script To Redhat Client #复制文件,文件在template下
        template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Copy Nginx Config To Redhat Client  #复制文件
        template: src=nginx.conf dest=/usr/local/nginx-{{ nginx_version }}/conf/ owner=root group=root mode=0644
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Copy Nginx Vhost Config to RedHat Client
        template: src=vhost.conf dest=/usr/local/nginx-{{ nginx_version }}/conf/vhost/ owner=root group=root mode=0644
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
     
     
    说明: 首先把压缩包拷贝到/tmp/目录下,然后解压到/usr/local/下,再拷贝启动脚本到/etc/init.d/下,再拷贝nginx.conf以及vhost.conf
     
    vim ./install/ /install.yml
      - name: Create Nginx User In Redhat Client  #创建用户
        user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Create Nginx Dir   #创建目录
        file: dest={{ nginx_web_dir }}/{{ item }} state=directory
        with_items:
          - vhost
          - logs
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Modify Nginx Dir Permission In Redhat Client   #修改权限
        file: path={{ item }} owner={{ nginx_user }} group={{ nginx_user }} mode=0755
        with_items:
          - "{{ nginx_web_dir }}"
          - /usr/local/nginx-{{ nginx_version }}
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Create Index Html To Redhat Client
        template: src=index.html dest={{ nginx_web_dir }}/vhost/index.html owner={{ nginx_user }} group={{ nginx_user }} mode=0644
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Install Check Script In Redhat Client
        template: src=index.php dest={{ nginx_web_dir }}/vhost/ owner={{ nginx_user }} group={{ nginx_user }} mode=0644
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Start Nginx Service In Redhat Client
        service: name=nginx state=restarted
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Add Boot Start Nginx Service In Redhat Client
        shell: chkconfig --level 345 nginx on
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
     
    vim ./install/tasks/delete.yml
      - name: Delete Nginx compression Software In Redhat Client
        shell: rm -rf /tmp/nginx-{{ nginx_version }}.tar.gz
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
     
    vim ./install/tasks/main.yml
    - include: copy.yml
    - include: install.yml
    - include: delete.yml
    ====
    cd ../
    vim install.yml
    ---
    - hosts: testhost
      remote_user: root
      gather_facts: True
      roles:
        - common
        - install
    ==删除
    cd roles
    vim  ./delete/vars/main.yml
    nginx_user: www
    nginx_port: 80
    nginx_web_dir: /data/webroot/nginx
    nginx_version: 1.4.3
     
    vim ./delete/tasks/main.yml
    - include: delete.yml
     
    vim ./delete/tasks/delete.yml
      - name: stop nginx service
        shell: ps -ef|grep nginx|grep -v grep|awk '{print $2}'|xargs kill -9 >>/dev/null 2>&1
        ignore_errors: yes
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Delete Nginx Boot Start Script
        shell: chkconfig --del nginx
        ignore_errors: yes
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Delete Nginx Dir
        shell: rm -rf /usr/local/nginx-{{ nginx_version }}
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Delete Nginx User
        shell: userdel {{ nginx_user }}
        ignore_errors: yes
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
      - name: Delete Nginx Service Start Script
        shell: rm -rf /etc/init.d/nginx
        when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
     
     
    cd ../
    vim delete.yml
    ---
    - hosts: testhost
      remote_user: root
      gather_facts: True
      roles:
        - delete
    ===
    管理配置文件
    生产环境中大多时候是需要管理配置文件的,安装软件包只是在初始化环境的时候用一下。下面我们来写个管理nginx配置文件的playbook
    mkdir  -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks}
    其中new为更新时用到的,old为回滚时用到的,files下面为nginx.conf和vhosts目录,handlers为重启nginx服务的命令
    关于回滚,需要在执行playbook之前先备份一下旧的配置,所以对于老配置文件的管理一定要严格,千万不能随便去修改线上机器的配置,并且要保证new/files下面的配置和线上的配置一致
    先把nginx.conf和vhosts目录放到files目录下面
    cd /usr/local/nginx/conf/
    cp -r nginx.conf vhosts  /etc/ansible/nginx_conf/roles/new/files/
     
    vim /etc/ansible/nginx_config/roles/new/vars/main.yml //定义变量
    nginx_basedir: /usr/local/nginx
     
    vim /etc/ansible/nginx_config/roles/new/handlers/main.yml  //定义重新加载nginx服务
    - name: restart nginx
      shell: /etc/init.d/nginx reload
     
    vim /etc/ansible/nginx_config/roles/new/tasks/main.yml //这是核心的任务
    - name: copy conf file
      copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644
    with_items:
        - { src: nginx.conf, dest: conf/nginx.conf }
        - { src: vhosts, dest: conf/ }
      notify: restart nginx
     
    vim /etc/ansible/nginx_config/update.yml // 最后是定义总入口配置
    ---
    - hosts: testhost
      user: root
    roles:
      - new
     
    执行: ansible-playbook /etc/ansible/nginx_config/update.yml
    l而回滚的backup.yml对应的roles为old
    lrsync -av  /etc/ansible/nginx_config/roles/new/ /etc/ansible/nginx_config/roles/old/
    l回滚操作就是把旧的配置覆盖,然后重新加载nginx服务
    安装nginx:  ansible-playbook  install.yml
    删除nginx: ansible-playbook  delete.yml
     
     
    下载整个样例库   
    git clone git://github.com/dl528888/ansible-examples.git
    git命令,需要yum先安装一下: yum install -y git
  • 相关阅读:
    springboot + druid
    springboot + lombok
    springboot + swagger2
    Timer / TimerTask 源码解析
    Nginx(三) upstream目前支持的5种分配方式
    Nginx(一) 配置负载均衡
    Intellij IDEA 2018.02 激活方法
    Class常量池、String常量池、运行时常量池
    IntelliJ 结合 javap 实现class文件分析(反编译)
    关于登录注册的简单实现方式
  • 原文地址:https://www.cnblogs.com/hanxiaohui/p/8746358.html
Copyright © 2020-2023  润新知