ansible软件介绍
python语言是运维人员必会的语言!
ansible是一个基于Python开发的自动化运维工具!(saltstack)
其功能实现基于SSH远程连接服务!
ansible可以实现批量系统配置、批量软件部署、批量文件拷贝、批量运行命令等功能
05 ansible软件特点
不需要单独安装客户端(no agents),基于系统自带的sshd服务,sshd就相当于ansible的客户端。
不需要服务端(no servers)。
需要依靠大量的模块实现批量管理。
配置文件/etc/ansible/ansible.cfg,不用配置
ansible软件部署条件
基于ssh秘钥进行ansible软件部署
ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.31
01. 无法批量执行,因为需要进行交互
a 需要问你是否yes
ssh -o StrictHostKeyChecking=no --- 表示不管询问我什么信息,我都随便都可以
ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.31"
7 不加双引号
Warning: Permanently added '172.16.1.31' (RSA) to the list of known hosts.
root@172.16.1.31's password:
b 需要问你密码信息
yum install sshpass -y
sshpass - noninteractive ssh password provider
采用非交互方式提供ssh密码信息
[root@m01 scripts]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.31
Now try logging into the machine, with "ssh '172.16.1.31'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.31" 可以加 -f
02. 被管理主机如果修改了默认端口,无法进行分发公钥
vim /usr/bin/ssh-copy-id
ssh $1 172.16.1.31 "exec sh -c 'cd; umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys >/dev/null 2>&1
cd 切换到当前用户家目录下面
umask 077 666-077=6-1-1=600
test -d .ssh || mkdir .ssh 进行目录创建
ssh-copy-id -i /root/.ssh/id_dsa.pub "-p52113 172.16.1.41"
ssh-copy-id $1 $2 $3
shift 一旦脚本中执行了shift,就会将传参的参数向前推送一位
shift 1 2 3 4 5
shift 2 3 4 5
shift 3 4 5
shift 4 5
shift 5
vim shift_test.sh <-- 测试shift命令脚本
#!/bin/bash
until [ $# -eq 0 ]
do
echo $*
shift
done
a 自动设定秘钥保存路径
-f filename
Specifies the filename of the key file.
b 自动设定私钥密码信息
-P passphrase
Provides the (old) passphrase.
-N new_passphrase
Provides the new passphrase.
### 最终批量分发公钥脚本
[root@m01 scripts]# cat fenfa.sh fenfa_check.sh
#!/bin/bash
# create keys pair
m -f /root/.ssh/id_dsa*
ssh-keygen -t dsa -f /root/.ssh/id_dsa -N "" –q 优化创建密钥
Pass_info=123456
#Port_info=52113
# fenfa keys_pub
for ip in 31 41 7
do
sshpass -p${Pass_info} ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.$ip" 优化推送密钥
done
#!/bin/bash
cmd=$1
#Pass_info=123456
#Port_info=52113
if [ $# -ne 1 ];
then
echo "pls input one cmd"
exit 1
fi
# fenfa keys_pub
for ip in 31 41 7
do
echo === 172.16.1.$ip info ===
ssh 172.16.1.$ip $cmd
echo === end ===
echo ""
done
ansible软件部署流程
服务端m01 a ansible软件安装在管理主机端
yum install -y ansible
说明:ansible软件需要依赖epel源
客户端 其他 b ansible受控主机端进行安装
yum install libselinux-python -y
c ansible配置管理文件配置
# tail -5 /etc/ansible/hosts
[oldboy]
172.16.1.31
172.16.1.41
172.16.1.7
ansible命令语法说明
ansible oldboy -m command -a "uptime" <-- 实现批量管理
# ansible软件需要掌握的两个部分
a ansible软件模块
全部模块信息查看
ansible-doc -l|wc -l
ansible模块知识总结
command模块
ansible oldboy -m command -a "uptime"
chdir Change into this directory before running the command.
在执行命令前,进行切换目录
creates A filename or (since 2.0) glob pattern, when it already exists, this step will not be run.
判断一个文件是否存在,如果存在就跳过后面命令执行的操作
removes A filename or (since 2.0) glob pattern, when it does not exist, this step will not be run.
判断一个文件是否存在,如果不存在就跳过后面命令执行的操作
总结:command模块是一个ansible的基本命令模块,但有些特殊字符无法进行输入识别
这个模块是一个默认模块
ping模块(注意利用python脚本,实现远程主机连接测试)
ansible oldboy -m ping
172.16.1.7 | SUCCESS => {
"changed": false,
"ping": "pong"
}
## 在不基于秘钥进行远程管理时,ansible软件可以进行如下配置
vim /etc/ansible/hosts
[oldboy]
172.16.1.31 ansible_ssh_user=root ansible_ssh_pass=123456
172.16.1.41 ansible_ssh_user=root ansible_ssh_pass=123456
172.16.1.7 ansible_ssh_user=root ansible_ssh_pass=123456
command模块
chdir
creates
removes
ping模块 测试受控主机连通性
copy 需要利用ansible批量分发文件
src --- 指定要进行批量复制的源文件或目录信息
dest --- 指定要进行批量复制的目标文件或目录信息
ansible oldboy -m copy -a "src=/etc/hosts dest=/tmp/" <-- 批量复制文件
ansible oldboy -m copy -a "src=/etc dest=/tmp/" <-- 批量复制目录
ansible oldboy -m copy -a "src=/etc/ dest=/tmp/"
ansible oldboy -m copy -a "src=/oldboy_dir/1.txt dest=/tmp/lidao.txt"
mode --- 指定文件批量分发到远程主机上权限信息
owner --- 指定文件批量分发到远程主机上属主信息
group --- 指定文件批量分发到远程主机上属属组信息
ansible oldboy -m copy -a "src=/etc/rsync.password dest=/etc/ mode=600 owner=oldboy group=oldboy"
backup --- 在文件批量分发复制之前,对已存在的文件进行按照时间信息备份
ansible oldboy -m copy -a "src=/etc/rsync.password dest=/etc/ mode=600 owner=oldboy group=oldboy backup=yes"
remote_src=true --- 如果为true,src信息表示的是远程主机中数据信息,
如果为false,src信息表示的是本地管理主机中数据信息
content --- 将指定字符串信息,重定向到远程主机文件中
ansible oldboy -m copy -a "content='oldboy666' dest=/etc/rsync.password"
file模块
可以修改文件属性信息,创建目录 创建文件 创建链接
mode --- 指定文件批量分发到远程主机上权限信息
owner --- 指定文件批量分发到远程主机上属主信息
group --- 指定文件批量分发到远程主机上属属组信息
ansible oldboy -m file -a "dest=/tmp/opt/ mode=755"
ansible oldboy -m file -a "dest=/tmp/oldboy/ state=directory" 创建空目录命令
ansible oldboy -m file -a "dest=/tmp/oldboy/01/02/03/04/ state=directory" 创建多级目录
ansible oldboy -m file -a "dest=/tmp/oldboy/01.txt state=touch" 创建空文件
ansible oldboy -m file -a "dest=/tmp/oldboy/ state=absent" 删除文件或目录操作
shell --- 属于ansible万能模块
实现批量执行脚本功能
1)在管理主机上创建脚本
vim /server/scripts/yum.sh
#!/bin/bash
yum install -y keepalived
2) 将脚本批量分发给多台受控主机
ansible oldboy -m copy -a "src=/server/scripts/yum.sh dest=/server/scripts/ mode=655"
3) 批量执行脚本
ansible oldboy -m shell -a "/server/scripts/yum.sh"
说明:shell模块相当于在本地主机上运行一个脚本
script --- 用于批量执行脚本模块
1)在管理主机上创建脚本
vim /server/scripts/yum.sh
#!/bin/bash
yum install -y keepalived
2) 利用脚本模块在远程主机上批量执行脚本
ansible oldboy -m script -a "/server/scripts/yum.sh"
说明:scripts模块相当于将本地脚本的信息,在每一个远程主机上进行执行
yum模块 批量安装软件模块
ansible oldboy -m yum -a "name=nmap state=installed"
service 批量管理主机服务状态
ansible oldboy -m service -a "name=crond state=stopped enabled=no"
cron 定时任务配置模块
* * * * * job=/bin/sh /server/scripts/yum.sh &>/dev/null/
分 时 日 月 周 定时任务干的事
minute: # Minute when the job should run ( 0-59, *, */2, etc )
hour: # Hour when the job should run ( 0-23, *, */2, etc )
day: # Day of the month the job should run ( 1-31, *, */2, etc )
month: # Month of the year the job should run ( 1-12, *, */2, etc )
weekday: # Day of the week that the job should run ( 0-6 for Sunday-Saturday, *, etc )
job: # The command to execute or, if env is set, the value of environment variable. The
command should not contain line breaks. Required
if state=present.
name: # Description of a crontab entry or, if env is set, the name of environment
variable. Required if state=absent. Note that if
name is not set and state=present, then a new
crontab entry will always be created, regardless
of existing ones.
disabled: # If the job should be disabled (commented out) in the crontab. Only has effect if
state=present
eg01. 每天 0点,自动运行/server/scripts/yum.sh
ansible oldboy -m cron -a "minute=0 hour=0 day=* month=* weekday=* job='/bin/sh /server/scripts/yum.sh &>/dev/null/'"
ansible oldboy -m cron -a "minute=0 hour=0 job='/bin/sh /server/scripts/yum.sh &>/dev/null/'"
创建定时任务:
ansible oldboy -m cron -a "name=cron01 minute=0 hour=0 job='/bin/sh /server/scripts/yum.sh &>/dev/null/'"
删除定时任务:
ansible oldboy -m cron -a "name=cron01 minute=0 hour=0 job='/bin/sh /server/scripts/yum.sh &>/dev/null/' state=absent"
ansible oldboy -m cron -a "name=cron02 state=absent"
注释定时任务:
ansible oldboy -m cron -a "name=cron03 minute=0 hour=0 job='/bin/sh /server/scripts/yum.sh &>/dev/null/' disabled=yes“
ansible oldboy -m cron -a "name=cron04 job='/bin/sh /server/scripts/yum.sh &>/dev/null/' disabled=yes"
取消注释信息:
ansible oldboy -m cron -a "name=cron03 job='/bin/sh /server/scripts/yum.sh &>/dev/null/' disabled=no"
ansible软件帮助信息查看方法
ansible-doc -l --- 利用-l参数显示出ansible所有模块信息
ansible-doc -s cron --- 利用-s参数指定查看某一个模块的详细说明
ansible输出信息颜色说明
深绿色: 执行正确结果信息,但不会对远程主机有任何修改
翔黄色: 执行正确结果信息,将会对远程主机数据进行修改
深粉色: 表示软件警告信息或者是建议信息
深红色: 表示软件命令执行错误(命令出错了,管理主机与被管理主机连接失效)