Ansible 运维自动化 ( 配置管理工具 )

一、关于Ansible
Ansible是一个自动化部署工具;Ansible通过SSH协议实现远程节点和管理节点之间的通信。理论上说，只要管理员通过ssh登录到一台远程主机上能做的操作，Ansible都可以做到。Ansible是python开发的,故依赖一些python库和组件,如:paramiko，PyYaml和jinja三个关键组件。

1、安装epel源

RHEL/CentOS 6:# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpmRHEL/CentOS 7:# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

2、安装Ansible

[root@n1 ~]# yum install ansible -y

3、目录结构

[root@n1 ~]# tree /etc/ansible/
/etc/ansible/
|-- ansible.cfg
|-- hosts
`-- roles1 directory, 2 files

#Ansible 定义主机、组规则的配置文件

 vim /etc/ansible/hostswww.abc.com     # 定义域名192.168.1.100   # 定义 IP192.168.1.150:37268   # 指定端口号[WebServer]           # 定义分组192.168.1.10
192.168.1.20
192.168.1.30[DBServer]            # 定义多个分组192.168.1.50
192.168.1.60Monitor ansible_ssh_port=12378 ansible_ssh_host=192.168.1.200   # 定义别名# ansible_ssh_host 连接目标主机的地址# ansible_ssh_port 连接目标主机的端口，默认 22 时无需指定# ansible_ssh_user 连接目标主机默认用户# ansible_ssh_pass 连接目标主机默认用户密码# ansible_ssh_connection 目标主机连接类型，可以是 local 、ssh 或 paramiko# ansible_ssh_private_key_file 连接目标主机的 ssh 私钥# ansible_*_interpreter 指定采用非 Python 的其他脚本语言，如 Ruby 、Perl 或其他类似 ansible_python_interpreter 解释器[webservers]         # 主机名支持正则描述www[01:50].example.com[dbservers]db-[a:f].example.com

#ansible-doc 获取帮助信息

 

ansible模块比较多,可以通过ansible-doc --help 显示帮助信息[root@n1 ~]# ansible-doc --help
Usage: ansible-doc [-l|-F|-s] [options] [-t <plugin type> ] [plugin]plugin documentation toolOptions:
-a, --all **For internal testing only** Show documentation for
all plugins.
-h, --help show this help message and exit
-j, --json **For internal testing only** Dump json metadata for
all plugins.
-l, --list List available plugins
-F, --list_files Show plugin names and their source files without
summaries (implies --list)
-M MODULE_PATH, --module-path=MODULE_PATH
prepend colon-separated path(s) to module library
(default=[u'/root/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules'])
-s, --snippet Show playbook snippet for specified plugin(s)
-t TYPE, --type=TYPE Choose which plugin type (defaults to "module")
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exitSee man pages for Ansible CLI options or website for tutorials
https://docs.ansible.com

4、查看ansible版本

[root@n1 ~]# ansible --version
ansible 2.6.4config file = /etc/ansible/ansible.cfgconfigured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location = /usr/lib/python2.6/site-packages/ansibleexecutable location = /usr/bin/ansiblepython version = 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)]

5、hosts 文件添加被管理机

[root@n1 ~]# vi /etc/ansible/hosts# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110[webservers]
m1.gree.com
m2.gree.com

6、配置/etc/hosts

192.168.1.8 n1.gree.com
192.168.1.4 m1.gree.com
192.168.1.6 m2.gree.com

7、ssh-keygen认证

[root@n1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f4:53:3b:17:15:4b:30:39:c5:1d:7e:bf:75:d7:cb:5d root@n1.gree.com
The key's randomart image is:
+--[ RSA 2048]----+
| o===|
| o+oo|
| . . oo.|
| . . . . .+|
| S o o . E|
| . o. O|
| +.|
| |
| |
+-----------------+[root@n1 ~]# ssh-copy-id -i ~/.ssh/id_rsa 192.168.1.4
The authenticity of host '192.168.1.4 (192.168.1.4)' can't be established.
RSA key fingerprint is ac:e2:3b:c8:eb:4c:af:a2:83:ac:7c:51:13:22:95:5d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.4' (RSA) to the list of known hosts.
root@192.168.1.4's password: 
Now try logging into the machine, with "ssh '192.168.1.4'", and check in:.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.#测试登录[root@n1 ~]# ssh m1.gree.com
The authenticity of host 'm1.gree.com (192.168.1.4)' can't be established.
RSA key fingerprint is ac:e2:3b:c8:eb:4c:af:a2:83:ac:7c:51:13:22:95:5d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'm1.gree.com' (RSA) to the list of known hosts.
Last login: Fri Nov 9 14:52:03 2018 from 120.236.245.14
[root@m1 ~]# exit

二、ansible常用模块

2.1、ansible 使用格式

HOST-PATTERN        #匹配主机模式,如all表示所有主机
-m MOD_NAME         #模块名   如:ping
-a MOD_ARGS         #模块执行的参数
-f FORKS            #生成几个子进行程执行 -C #(不执行，模拟跑) -u Username #某主机的用户名 -c CONNection #连接方式（default smart） 

示例：

#查看IP地址

[root@n1 ~]# ansible all -m shell -a "ifconfig"
m2.gree.com | SUCCESS | rc=0 >>
eth0      Link encap:Ethernet  HWaddr 52:54:00:2F:CA:4A  inet addr:192.168.1.6  Bcast:192.168.1.255  Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1RX packets:60690 errors:0 dropped:0 overruns:0 frame:0TX packets:53579 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:15046135 (14.3 MiB)  TX bytes:6350897 (6.0 MiB)lo        Link encap:Local Loopback  inet addr:127.0.0.1  Mask:255.0.0.0UP LOOPBACK RUNNING  MTU:65536  Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)m1.gree.com | SUCCESS | rc=0 >>
eth0      Link encap:Ethernet  HWaddr 52:54:00:98:4B:1D  inet addr:192.168.1.4  Bcast:192.168.1.255  Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1RX packets:42579 errors:0 dropped:0 overruns:0 frame:0TX packets:32927 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:27319373 (26.0 MiB)  TX bytes:5283478 (5.0 MiB)lo        Link encap:Local Loopback  inet addr:127.0.0.1  Mask:255.0.0.0UP LOOPBACK RUNNING  MTU:65536  Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

2.2、copy模块
从本地copy文件分发到目录主机路径 
参数说明:
src= 源文件路径
dest= 目标路径 
注意src= 路径后面带/ 表示带里面的所有内容复制到目标目录下，不带/是目录递归复制过去
content= 自行填充的文件内容
owner 属主
group 属组
mode权限

[root@n1 tmp]# ansible all -m copy -a "src=/tmp/1.txt dest=/tmp/1.txt mode=644"
m2.gree.com | SUCCESS => {"changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/tmp/1.txt", "gid": 0, "group": "root", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "mode": "0644", "owner": "root", "size": 0, "src": "/root/.ansible/tmp/ansible-tmp-1541754612.03-46738208597425/source", "state": "file", "uid": 0
}
m1.gree.com | SUCCESS => {"changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/tmp/1.txt", "gid": 0, "group": "root", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "mode": "0644", "owner": "root", "size": 0, "src": "/root/.ansible/tmp/ansible-tmp-1541754612.03-181393664674709/source", "state": "file", "uid": 0
}

2.3 fetch模块
从远程主机拉取文件到本地
示例

[root@n1 tmp]# ansible all -m fetch -a "src=/tmp/2.txt dest=/tmp"
m1.gree.com | SUCCESS => {"changed": false, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/tmp/m1.gree.com/tmp/2.txt", "file": "/tmp/2.txt", "md5sum": "d41d8cd98f00b204e9800998ecf8427e"
}
m2.gree.com | SUCCESS => {"changed": true, "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "dest": "/tmp/m2.gree.com/tmp/2.txt", "md5sum": "d41d8cd98f00b204e9800998ecf8427e", "remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "remote_md5sum": null
}
[root@n1 tmp]# ll
total 24
-rw-r--r-- 1 root root    0 Nov  9 17:09 1.txt
-rw-r--r-- 1 root root 3018 Nov  9 14:48 cvm_init.log
drwxr-xr-x 3 root root 4096 Nov  9 17:19 m1.gree.com
drwxr-xr-x 3 root root 4096 Nov  9 17:20 m2.gree.com
-rw-r--r-- 1 root root  797 Nov  9 14:48 net_affinity.log
-rw-r--r-- 1 root root   26 Nov  9 14:48 nv_gpu_conf.log
-rw-r--r-- 1 root root  192 Nov  9 14:48 setRps.log
[root@n1 tmp]# cd m2.gree.com/
[root@n1 m2.gree.com]# ll
total 4
drwxr-xr-x 2 root root 4096 Nov  9 17:20 tmp
[root@n1 m2.gree.com]# cd tmp/
[root@n1 tmp]# ll
total 0
-rw-r--r-- 1 root root 0 Nov  9 17:20 2.txt

2.3、command模块
在远程主机上执行命令,属于裸执行,非键值对显示;不进行shell解析;

[root@n1 tmp]# ansible all -m command -a "ifconfig"
m2.gree.com | SUCCESS | rc=0 >>
eth0      Link encap:Ethernet  HWaddr 52:54:00:2F:CA:4A  inet addr:192.168.1.6  Bcast:192.168.1.255  Mask:255.255.255.0UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1RX packets:85804 errors:0 dropped:0 overruns:0 frame:0TX packets:78728 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:17782454 (16.9 MiB)  TX bytes:9652720 (9.2 MiB)lo        Link encap:Local Loopback  inet addr:127.0.0.1  Mask:255.0.0.0UP LOOPBACK RUNNING  MTU:65536  Metric:1RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:0 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

2.4、shell模块
由于commnad只能执行裸命令(即系统环境中有支持的命令),至于管道之类的功能不支持,
shell模块可以做到

[root@n1 tmp]# ansible all -m shell -a "ifconfig|grep lo"
m1.gree.com | SUCCESS | rc=0 >>
lo        Link encap:Local Loopback  m2.gree.com | SUCCESS | rc=0 >>
lo        Link encap:Local Loopback  

2.5、file模块
设置文件属性(创建文件)
常用参数:
path目标路径
state directory为目录,link为软件链接
group 目录属组
owner 属主
等,其他参数通过ansible-doc -s file 获取
示例1:创建目录

[root@n1 tmp]# ansible all -m file -a "path=/tmp/hello state=directory"
m1.gree.com | SUCCESS => {"changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/hello", "size": 4096, "state": "directory", "uid": 0
}

2.6、

 

参考：

http://blog.51cto.com/dyc2005/2070729

 https://www.cnblogs.com/wangxiaoqiangs/p/5685239.html