共计 18006 个字符,预计需要花费 46 分钟才能阅读完成。
ansible 介绍:
ansible 是一个基于 Python 开发的轻量级自动化运维管理工具,可以用来批量执行命令,安装程序,支持 playbook 编排。它通过 ssh 协议来连接主机,省去了在每一台主机安装客户端的麻烦,相对比 puppet 和 saltstack,显得更为简单和轻量。
ansible 命令参数:
Usage: ansible <host-pattern> [options]
Options:
-a MODULE_ARGS, –args=MODULE_ARGS 模块的参数
module arguments
–ask-vault-pass ask for vault password
-B SECONDS, –background=SECONDS 异步运行,在 X 秒后失效
run asynchronously, failing after X seconds
(default=N/A)
-C, –check don’t make any changes; instead, try to predict some 测试运行后改变的内容,不会执行
of the changes that may occur
-D, –diff when changing (small) files and templates, show the 在更改文件时,可以显示文件的不同
differences in those files; works great with –check
-e EXTRA_VARS, –extra-vars=EXTRA_VARS
set additional variables as key=value or YAML/JSON
-f FORKS, –forks=FORKS
specify number of parallel processes to use
(default=5)
-h, –help show this help message and exit
-i INVENTORY, –inventory-file=INVENTORY 指定 hosts 文件路径,默认为 /etc/ansible/hosts
specify inventory host path
(default=/etc/ansible/hosts) or comma separated host
list.
-l SUBSET, –limit=SUBSET 指定 pattern,对已经匹配的主机再过滤一次
further limit selected hosts to an additional pattern
–list-hosts outputs a list of matching hosts; does not execute 打印匹配的主机,不执行命令
anything else
-m MODULE_NAME, –module-name=MODULE_NAME 要执行的模块名字,默认模块为 command
module name to execute (default=command)
-M MODULE_PATH, –module-path=MODULE_PATH 要执行的模块路径,默认为 /usr/share/ansible
specify path(s) to module library (default=None)
–new-vault-password-file=NEW_VAULT_PASSWORD_FILE
new vault password file for rekey
-o, –one-line condense output 压缩输出
–output=OUTPUT_FILE output file name for encrypt or decrypt; use – for
stdout
-P POLL_INTERVAL, –poll=POLL_INTERVAL
set the poll interval if using -B (default=15)
–syntax-check perform a syntax check on the playbook, but do not 对 playbook 进行语法检测,不执行该 playbook
execute it
-t TREE, –tree=TREE log output to this directory 把日志输出到该目录
–vault-password-file=VAULT_PASSWORD_FILE
vault password file
-v, –verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
–version show program’s version number and exit
Connection Options:
control as whom and how to connect to hosts
-k, –ask-pass ask for connection password 当使用密码验证登录的时候,提示输入 ssh 登录密码
–private-key=PRIVATE_KEY_FILE, –key-file=PRIVATE_KEY_FILE 私钥路径
use this file to authenticate the connection
-u REMOTE_USER, –user=REMOTE_USER ssh 连接的用户名,默认 root
connect as this user (default=None)
-c CONNECTION, –connection=CONNECTION
connection type to use (default=smart)
-T TIMEOUT, –timeout=TIMEOUT ssh 连接超时时间,默认 10 秒
override the connection timeout in seconds
(default=10)
–ssh-common-args=SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
–sftp-extra-args=SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f,
-l)
–scp-extra-args=SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
–ssh-extra-args=SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
Privilege Escalation Options:
control how and which user you become as on target hosts
-s, –sudo run operations with sudo (nopasswd) (deprecated, use sudo 运行
become)
-U SUDO_USER, –sudo-user=SUDO_USER sudo 到哪个用户,默认为 root
desired sudo user (default=root) (deprecated, use
become)
-S, –su run operations with su (deprecated, use become)
-R SU_USER, –su-user=SU_USER
run operations with su as this user (default=root)
(deprecated, use become)
-b, –become run operations with become (does not imply password
prompting)
–become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
valid choices: [sudo | su | pbrun | pfexec | doas |
dzdo | ksu ]
–become-user=BECOME_USER
run operations as this user (default=root)
–ask-sudo-pass ask for sudo password (deprecated, use become)
–ask-su-pass ask for su password (deprecated, use become)
-K, –ask-become-pass
部署:
ansible 环境:
控制端:192.168.52.128
节点: 192.168.52.128
192.168.52.135
ansible 安装:
# yum -y install ansible
ansible 管理端 ssh 免认证登陆主机:
# ssh-keygen
# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.52.135
# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.52.135
配置 Inventory 主机清单:
# vim /etc/ansible/hosts
[testservers]
192.168.52.128
192.168.52.135
尝试 ping 模块,测试客户端连通性:
# ansible all -m ping
192.168.52.135 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
192.168.52.128 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
ansible 常用模块:
执行命令:
shell 和 command:这两个模块都是运行命令的模块,区别是 command 模块不支持 shell 变量和管道。
# ansible all -m command -a “free -m”
192.168.52.135 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1481 388 1 190 572
-/+ buffers/cache: 718 1150
Swap: 4047 5 4042
192.168.52.128 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1771 98 0 153 472
-/+ buffers/cache: 1145 723
Swap: 4047 216 3831
# ansible all -m shell -a “free -m”
192.168.52.135 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1481 388 1 190 572
-/+ buffers/cache: 718 1151
Swap: 4047 5 4042
192.168.52.128 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1779 90 0 153 472
-/+ buffers/cache: 1153 716
Swap: 4047 216 3831
# ansible all -m command -a “free -m | grep Swap”
192.168.52.135 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1481 388 1 190 572
-/+ buffers/cache: 718 1151
Swap: 4047 5 4042
192.168.52.128 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1771 98 0 153 472
-/+ buffers/cache: 1145 724
Swap: 4047 216 3831
# ansible all -m shell -a “free -m | grep Swap”
192.168.52.135 | SUCCESS | rc=0 >>
Swap: 4047 5 4042
192.168.52.128 | SUCCESS | rc=0 >>
Swap: 4047 216 3831
可以看到在不使用管道的时候 shell 和 command 两个模块是没有分别的,但是使用了管道,可以看到 command 的管道是不生效的。
文件与目录操作:
copy:拷贝文件。
把 /root/test.txt 文件拷贝到各服务器的 /tmp/test.txt:
# ansible all -m copy -a “src=/root/test.txt dest=/tmp/test.txt”
192.168.52.135 | SUCCESS => {
“changed”: true,
“checksum”: “da39a3ee5e6b4b0d3255bfef95601890afd80709”,
“dest”: “/tmp/test.txt”,
“gid”: 0,
“group”: “root”,
“md5sum”: “d41d8cd98f00b204e9800998ecf8427e”,
“mode”: “0644”,
“owner”: “root”,
“size”: 0,
“src”: “/root/.ansible/tmp/ansible-tmp-1480249794.2678375-25305071473517/source”,
“state”: “file”,
“uid”: 0
}
192.168.52.128 | SUCCESS => {
“changed”: true,
“checksum”: “da39a3ee5e6b4b0d3255bfef95601890afd80709”,
“dest”: “/tmp/test.txt”,
“gid”: 0,
“group”: “root”,
“md5sum”: “d41d8cd98f00b204e9800998ecf8427e”,
“mode”: “0644”,
“owner”: “root”,
“size”: 0,
“src”: “/root/.ansible/tmp/ansible-tmp-1480249794.341813-178065622105186/source”,
“state”: “file”,
“uid”: 0
}
[root@192_168_52_128 ~ 20:29]# ll /tmp/test.txt
-rw-r–r– 1 root root 0 Nov 27 20:29 /tmp/test.txt、
[root@192_168_52_135 ~/.ssh 17:09]# ll /tmp/test.txt
-rw-r–r– 1 root root 0 Nov 8 18:14 /tmp/test.txt
file: 更改文件的用户及权限,创建或删除文件和目录。
修改所有服务器的 /tmp/test.txt 文件的权限为 755:
# ansible all -m file -a “dest=/tmp/test.txt mode=755”
192.168.52.135 | SUCCESS => {
“changed”: true,
“gid”: 0,
“group”: “root”,
“mode”: “0755”,
“owner”: “root”,
“path”: “/tmp/test.txt”,
“size”: 0,
“state”: “file”,
“uid”: 0
}
192.168.52.128 | SUCCESS => {
“changed”: true,
“gid”: 0,
“group”: “root”,
“mode”: “0755”,
“owner”: “root”,
“path”: “/tmp/test.txt”,
“size”: 0,
“state”: “file”,
“uid”: 0
}
[root@192_168_52_128 ~ 20:33]# ll /tmp/test.txt
-rwxr-xr-x 1 root root 0 Nov 27 20:29 /tmp/test.txt
[root@192_168_52_135 /tmp 18:15]# ll test.txt
-rwxr-xr-x 1 root root 0 Nov 8 18:14 test.txt
创建 /tmp/test 目录:
# ansible testservers -m file -a “dest=/tmp/test mode=755 owner=root group=root state=directory”
192.168.52.135 | SUCCESS => {
“changed”: true,
“gid”: 0,
“group”: “root”,
“mode”: “0755”,
“owner”: “root”,
“path”: “/tmp/test”,
“size”: 4096,
“state”: “directory”,
“uid”: 0
}
192.168.52.128 | SUCCESS => {
“changed”: true,
“gid”: 0,
“group”: “root”,
“mode”: “0755”,
“owner”: “root”,
“path”: “/tmp/test”,
“size”: 4096,
“state”: “directory”,
“uid”: 0
}
删除 /tmp/test 目录:
# ansible testservers -m file -a “dest=/tmp/test state=absent”
192.168.52.135 | SUCCESS => {
“changed”: true,
“path”: “/tmp/test”,
“state”: “absent”
}
192.168.52.128 | SUCCESS => {
“changed”: true,
“path”: “/tmp/test”,
“state”: “absent”
}
删除 /tmp/test.txt 文件
# ansible testservers -m file -a “dest=/tmp/test.txt state=absent”
192.168.52.135 | SUCCESS => {
“changed”: true,
“path”: “/tmp/test.txt”,
“state”: “absent”
}
192.168.52.128 | SUCCESS => {
“changed”: true,
“path”: “/tmp/test.txt”,
“state”: “absent”
}
软件包管理:
atp(Ubuntu),yum(RedHat):
安装一个软件包(links):
# ansible testservers -m yum -a “name=links state=present”
192.168.52.135 | SUCCESS => {
“changed”: true,
“msg”: “”,
“rc”: 0,
“results”: [
“Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: ftp.sjtu.edu.cn\n * epel: mirrors.tuna.tsinghua.edu.cn\n * extras: ftp.sjtu.edu.cn\n * rpmforge: mirrors.tuna.tsinghua.edu.cn\n * updates: ftp.sjtu.edu.cn\nResolving Dependencies\n–> Running transaction check\n—> Package links.x86_64 1:2.13-1.el6 will be installed\n–> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n links x86_64 1:2.13-1.el6 epel 2.8 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 1:links-2.13-1.el6.x86_64 1/1 \n\r Verifying : 1:links-2.13-1.el6.x86_64 1/1 \n\nInstalled:\n links.x86_64 1:2.13-1.el6 \n\nComplete!\n”
]
}
192.168.52.128 | SUCCESS => {
“changed”: true,
“msg”: “”,
“rc”: 0,
“results”: [
“Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.zju.edu.cn\n * epel: mirror.pregi.net\n * extras: mirror.bit.edu.cn\n * rpmforge: miroir.univ-paris13.fr\n * updates: mirrors.zju.edu.cn\nResolving Dependencies\n–> Running transaction check\n—> Package links.x86_64 1:2.13-1.el6 will be installed\n–> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n links x86_64 1:2.13-1.el6 epel 2.8 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 1:links-2.13-1.el6.x86_64 1/1 \n\r Verifying : 1:links-2.13-1.el6.x86_64 1/1 \n\nInstalled:\n links.x86_64 1:2.13-1.el6 \n\nComplete!\n”
]
}
# ansible testservers -m yum -a “name=links state=present”
192.168.52.128 | SUCCESS => {
“changed”: false,
“msg”: “”,
“rc”: 0,
“results”: [
“links-1:2.13-1.el6.x86_64 providing links is already installed”
]
}
192.168.52.135 | SUCCESS => {
“changed”: false,
“msg”: “”,
“rc”: 0,
“results”: [
“links-1:2.13-1.el6.x86_64 providing links is already installed”
]
}
安装软件到最新版本
# ansible testservers -m yum -a “name=links state=latest”
192.168.52.135 | SUCCESS => {
“changed”: false,
“msg”: “”,
“rc”: 0,
“results”: [
“All packages providing links are up to date”,
“”
]
}
192.168.52.128 | SUCCESS => {
“changed”: false,
“msg”: “”,
“rc”: 0,
“results”: [
“All packages providing links are up to date”,
“”
]
}
删除一个软件包:
# ansible testservers -m yum -a “name=links state=absent”
192.168.52.135 | SUCCESS => {
“changed”: true,
“msg”: “”,
“rc”: 0,
“results”: [
“Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n–> Running transaction check\n—> Package links.x86_64 1:2.13-1.el6 will be erased\n–> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n links x86_64 1:2.13-1.el6 @epel 4.5 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : 1:links-2.13-1.el6.x86_64 1/1 \n\r Verifying : 1:links-2.13-1.el6.x86_64 1/1 \n\nRemoved:\n links.x86_64 1:2.13-1.el6 \n\nComplete!\n”
]
}
192.168.52.128 | SUCCESS => {
“changed”: true,
“msg”: “”,
“rc”: 0,
“results”: [
“Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n–> Running transaction check\n—> Package links.x86_64 1:2.13-1.el6 will be erased\n–> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n links x86_64 1:2.13-1.el6 @epel 4.5 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : 1:links-2.13-1.el6.x86_64 1/1 \n\r Verifying : 1:links-2.13-1.el6.x86_64 1/1 \n\nRemoved:\n links.x86_64 1:2.13-1.el6 \n\nComplete!\n”
]
}
# ansible testservers -m yum -a “name=links state=absent”
192.168.52.128 | SUCCESS => {
“changed”: false,
“msg”: “”,
“rc”: 0,
“results”: [
“links is not installed”
]
}
192.168.52.135 | SUCCESS => {
“changed”: false,
“msg”: “”,
“rc”: 0,
“results”: [
“links is not installed”
]
}
用户和用户组:
user:创建,修改,删除用户。
创建 cmh 用户:
# ansible all -m user -a “name=cmh password=123456”
192.168.52.128 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 501,
“home”: “/home/cmh”,
“move_home”: false,
“name”: “cmh”,
“password”: “NOT_LOGGING_PASSWORD”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 501
}
192.168.52.135 | SUCCESS => {
“append”: false,
“changed”: true,
“comment”: “”,
“group”: 501,
“home”: “/home/cmh”,
“move_home”: false,
“name”: “cmh”,
“password”: “NOT_LOGGING_PASSWORD”,
“shell”: “/bin/bash”,
“state”: “present”,
“uid”: 501
}
查看用户:
[root@192_168_52_128 ~ 23:03]# id cmh
uid=501(cmh) gid=501(cmh) groups=501(cmh)
删除 cmh 用户:
# ansible all -m user -a “name=cmh state=absent”
192.168.52.128 | SUCCESS => {
“changed”: true,
“force”: false,
“name”: “cmh”,
“remove”: false,
“state”: “absent”
}
192.168.52.135 | SUCCESS => {
“changed”: true,
“force”: false,
“name”: “cmh”,
“remove”: false,
“state”: “absent”
}
[root@192_168_52_128 ~ 23:03]# id cmh
id: cmh: No such user
服务管理:
service:启动,重启,关闭系统服务。
关闭服务:
# ansible testservers -m service -a “name=nfs state=stopped”
192.168.52.135 | SUCCESS => {
“changed”: true,
“name”: “nfs”,
“state”: “stopped”
}
192.168.52.128 | SUCCESS => {
“changed”: true,
“name”: “nfs”,
“state”: “stopped”
}
开启服务:
# ansible testservers -m service -a “name=nfs state=started”
192.168.52.135 | SUCCESS => {
“changed”: true,
“name”: “nfs”,
“state”: “started”
}
192.168.52.128 | SUCCESS => {
“changed”: true,
“name”: “nfs”,
“state”: “started”
}
重启或者重新加载服务:
# ansible testservers -m service -a “name=nfs state=restarted”
# ansible testservers -m service -a “name=nfs state=reloaded”
收集系统信息:
收集匹配主机的所有信息:
# ansible all -m setup
收集信息并以主机名为文件保存在指定目录中:
# ansible all -m setup –tree /tmp/facts
# tree /tmp/facts/
/tmp/facts/
├── 192.168.52.128
└── 192.168.52.135
0 directories, 2 files
过滤信息:(收集内存相关)
# ansible all -m setup -a ‘filter=ansible_*_mb’
192.168.52.135 | SUCCESS => {
“ansible_facts”: {
“ansible_memfree_mb”: 355,
“ansible_memory_mb”: {
“nocache”: {
“free”: 1140,
“used”: 729
},
“real”: {
“free”: 355,
“total”: 1869,
“used”: 1514
},
“swap”: {
“cached”: 2,
“free”: 4035,
“total”: 4047,
“used”: 12
}
},
“ansible_memtotal_mb”: 1869,
“ansible_swapfree_mb”: 4035,
“ansible_swaptotal_mb”: 4047
},
“changed”: false
}
192.168.52.128 | SUCCESS => {
“ansible_facts”: {
“ansible_memfree_mb”: 219,
“ansible_memory_mb”: {
“nocache”: {
“free”: 727,
“used”: 1142
},
“real”: {
“free”: 219,
“total”: 1869,
“used”: 1650
},
“swap”: {
“cached”: 13,
“free”: 3829,
“total”: 4047,
“used”: 218
}
},
“ansible_memtotal_mb”: 1869,
“ansible_swapfree_mb”: 3829,
“ansible_swaptotal_mb”: 4047
},
“changed”: false
}
后记:
这里只是列举了一些 ansible 最基础的用法,就是入个门,之后会研究一下 playbooks 的使用,以及怎么利用 playbooks 的 role 功能安装一整套服务。
使用 Ansible 批量管理远程服务器 http://www.linuxidc.com/Linux/2015-05/118080.htm
Ansible 安装配置与简单使用 http://www.linuxidc.com/Linux/2015-07/120399.htm
在 CentOS 7 中安装并使用自动化工具 Ansible http://www.linuxidc.com/Linux/2015-10/123801.htm
Ansible 和 Docker 的作用和用法 http://www.linuxidc.com/Linux/2014-11/109783.htm
CentOS 7 上搭建 Jenkins+Ansible 服务 http://www.linuxidc.com/Linux/2016-12/138737.htm
Ansible 批量搭建 LAMP 环境 http://www.linuxidc.com/Linux/2014-10/108264.htm
Ansible:一个配置管理和 IT 自动化工具 http://www.linuxidc.com/Linux/2014-11/109365.htm
自动化运维工具之 Ansible 介绍及安装使用 http://www.linuxidc.com/Linux/2016-12/138104.htm
Ansible 的详细介绍:请点这里
Ansible 的下载地址:请点这里
本文永久更新链接地址:http://www.linuxidc.com/Linux/2017-02/140216.htm
