ansible 自动化运维

时间:2022-08-11 04:59:51

Ansible 自动化运维

一、ansible安装

安装epel-release

#yum  -y  install  epel-release
#yum list all *ansible*
#yum install *ansible*
#yum info ansible
#rpm -ql ansible

pip3 install ansible

二,配置文件

配置文件: /etc/ansible/ansible.cfg
Invertory: /etc/ansible/hosts

cd /etc/ansible/
cp hosts{,.bak}
#vim hosts
192.168.1.100

Ansible中文教程 网址: https://www.ansible.com.cn/

三、登录配置

1,密码登陆:

(1),安装sshpass

(2) /etc/ansible/hosts文件中添加用户密码,认证ssh连接;

[testhost]

192.168.1.112 ansible_ssh_user=root ansible_ssh_port=22 ansible_ssh_pass=123456

(3) ssh第一次连接的时候一般会提示输入yes 进行确认为将key字符串加入到 ~/.ssh/known_hosts 文件中。而本机的~/.ssh/known_hosts文件中并有fingerprint key串
解决方法:在ansible.cfg文件中更改下面的参数:
#host_key_checking = False 将#号去掉即可;

2,秘钥登陆:

生成秘钥:ssh-keygen
新钥匙就在您的用户可用~/.ssh目录。 公钥(一个可以共享)被称为id_rsa.pub 。 私钥(您保持安全的)被称为id_rsa
测试#ssh root@192.168.1.100 'date'
cp秘钥#ssh-copy-id -i /root/.id_rsa.pub root@192.168.1.100 ;再次测试

四、介绍ansible

1,查看模块帮助

#man ansible-doc
#ansile-doc -l ansible 查看支持的所有模块
#ansible-doc -s MODULE_NAME

ansible命令应用基础:
语法: ansible <host-pattern> [-m module_name] [-a args] [options]
-f forks:启动的并发线程数;
-m module_name: 要使用的模块
-a args:模块特有的参数;

2,常见模块:

ansible 192.168.1.100 -m command -a 'date'
ansible openstack -m command -a 'date'
ansible all -m command -a 'tail -2 /etc/passwd'

command :命令模块, 默认模块,用于远程执行命令;
#ansible all -a 'date'

cron: #ansible-doc -s cron
state: 状态
present:安装
absent:移除
*/10 * * * * /bin/echo hello
#ansible websrvs -m cron -a 'minute="*/10" job="/bin/echo hello" name="test"'
#ansible websrvs -a 'crontab -l'
#ansible websrvs -m cron -a 'minute="*/10" job="/bin/echo hello" name="test" state=absent'      #移除cron命令;

user :#ansible-doc -s user
#ansible openstack -m user -a 'name="user1"' #创建user1用户
#tail /etc/passwd
#tail /etc/group
name= ;用于指明user用户名字

group: #ansible-doc -s group
#ansible openstack -m group -a 'name=mysql gid=306 system=yes'
#ansible openstack -m user -a 'name=mysql uid=306 system=yes group=mysql'

copy: #ansible-doc -s copy 复制文件
src=: 定义本地源文件路径;
dest=:定义远程目标文件路径;
#ansible all -m copy -a 'src=/etc/fstab dest=/tmp/fstab.ansible owner=root mode=640'
还可以用content
#ansible all -m copy -a 'content="Hello Ansible\nHi TOM" dest=/tmp/test.ansible'

file : #ansible-doc -s file 设定文件属性
path: 指定文件路径,可以使用name或dest来替代
#ansible openstack -m file -a 'owner=mysql group=mysql mode=644 path=/tmp/fstab.ansible'
创建文件符号链接:
src=:指明源文件
path=:指明返回链接文件路径;
#ansible openstack -m file -a 'path=/tmp/fstab.link src=/tmp/fstab.ansible state=link'

ping :ansible-doc -s ping 测试指定主机是否能连接
#ansible all -m ping

service : ansible-doc -s service 控制服务的启动状态
enabled=:是否开机自动启动,取值true或false
name=: 服务名
state=: 状态,取值有started, stoped, restarted;
#ss -tnl 只显示监听套接字; 和netstat类似
#ansible all -a 'service httpd status'
#ansible openstack -a 'chkconfig --list httpd'
#ansible openstack -m service -a 'enabled=true name=httpd state=started'

shell : ansible-doc -s shell 与command模块类似
尤其是用到管道等功能命令时使用shell
#ansible all -m user -a 'name=user1'
#ansible all -m shell -a 'echo mageedu | passwd --stdin user1'

script :#ansible-doc -s script
将本地脚本复制到远程主机运行(要使用相对路径指定脚本)
vim test.sh #echo "hello ansible script" > /tmp/script.ansible
#ansible all -m script -a 'test.sh'

yum:
安装软件包
name=:指明要安装的程序包,可以带上版本号;
state=: present,latest表示安装, absent 表示卸载
#ansible openstack -m yum -a "name=zsh"
#ansible openstack -m yum -a "name=zsh state=absent" 卸载软件包zsh

setup:
收集远程主机的facts
每个被管理节点在接收并运行管理命令之前,会将资金主机相关信息,如操作系统版本,ip地址等报告给远程的ansible主机;

五、YAML介绍

list 列表的所有元素均使用‘-’打头:
#A listof tasty fruits
- Apple
- Orange
- Mango

dictionary 字典通过key与value进行标识,
例如:name:tom
job:doctor
也可以将key:value放置于{} 中进行表示;
如{name: tom, job: doctor}

Ansible中使用YAML基础元素
变量
Inventory
条件测试
迭代

playbook的组成结构:
Inventory 主机信息清单
Modules 调用的模块
Ad Hoc Commands 使用的命令
Playbooks:
Tasks: 任务,即调用模块完成的某操作;
Variables: 变量
Templates:模板
Handler:处理器,由某件事触发执行的操作
Roles : 角色
基本结构:
- host : websrvs
remote_user:
tasks:
- task1
module_name: module_args
- task2

- host : openstack

ansible-playbook: #man ansible-playbook
#ansible-playbook <filename.yml>

1,例1

vim nginx.yml
- hosts: websrvs
remote_user: root
tasks:
- name: create nginx group
group: name=nginx system=yes gid=208
- name: create nginx user
user: name=nginx uid=208 group=nginx system=yes

- hosts: dbsrvs
remote_user: root
tasks:
- name: copy file to dbsrvs
copy: src=/etc/inittab dest=/tmp/inittab.ansible

handlers:
#用于当关注的资源发生变化时采取一定的操作;

2,例2

vim apache.yml
- hosts: websrvs
remote_user: root
tasks:
- name: install httpd package
yum: name=httpd state=latest
- name: install configuration file for httpd
copy: src=/root/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify:
- restart httpd
- name: start httpd service
service: enabled=true name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
#ansible-playbook apache.yml

rpm -q httpd
grep "Listen" /etc/httpd/conf/httpd.conf
service httpd status
ss -tnlp

变量vars

3,例3

vim apache.yml
- hosts: websrvs
remote_user: root
vars:
- package: httpd
- service: httpd
tasks:
- name: install httpd package
yum: name={{ package }} state=latest
- name: install configuration file for httpd
copy: src=/root/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify:
- restart httpd
- name: start httpd service
service: enabled=true name={{ service }} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted

4,例4

vim test.yml
- hosts: websrvs
remote_user: root
tasks:
- name: copy file
copy: content="{{ ansible_all_ipv4_addresses }}" dest=/tmp/vars.ansible
在hosts中使用变量
vim hosts
192.168.1.112 testvar="1.112"
192.168.1.113 ansible_ssh_user=root ansible_ssh_pass=openstack

vim test.yml
- hosts: websrvs
remote_user: root
tasks:
- name: copy file
copy: content="{{ ansible_all_ipv4_addresses }} , {{testvar}} , {{ ansible_ssh_user}} , {{ ansible_ssh_pass }}" dest=/tmp/vars.ansible

条件测试when:

5,例5

vim cond.yml
- hosts: all
remote_user: root
vars:
- username: user10
tasks:
- name: create {{ username }} user
user: name={{ username }}
when: ansible_fqdn == "node2.xxx.com"

迭代:重复执行同类task时使用 的任务
调用item
定义循环列表: with_items
- apache
- php
- mysql-server
注: with_items中的列表值也可以是字典,但引用时要使用item.KEY
- {name: apache, conf: conffiles/httpd.conf }
- {name: php, conf:conffiles/php.ini}
- {name: mysql-server, conf: conffiles/my.cnf}

模板
vim template/httpd.conf
Listen {{ http_port }}
ServerName {{ ansible_fqdn }}
vim /etc/ansible/hosts
192.168.1.112 http_port=80
vim apache.yml
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf

tags: 只运行其中某部分的命令:
在playbook 可以为某个或某些任务定义一个“标签”,在执行playbook时,通过为 ansible-playbook 命令使用 --tags 选项能实现仅运行指定的tasks而非所有
ansible-playbook apache.yml --tags="conf"
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags:
- conf

6,例6

vim apache.yml
- hosts: websrvs
remote_user: root
vars:
- package: httpd
- service: httpd
tasks:
- name: install httpd package
yum: name={{ package }} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags:
- conf
notify:
- restart httpd
- name: start httpd service
service: enabled=true name={{ service }} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted

特殊tags
tags:
- always 总是不运行

Roles :
(1) 目录名同角色名
(2) 目录结构有固定格式;
files: 静态文件;
templates: jinjia2 模板文件;
tasks: 至少有main.yml 文件,定义各tasks;
handlers: 至少有一个main.yml 文件, 定义各 handlers ;
meta: 定义依赖关系等信息;
(3) roles同级别中有site.yml文件;
site.yml 中定义playbook,额外也可以有其他的yml文件;
创建目录
#mkdir -pv ansible_playbooks/roles/{websrvs,dbsrvs}/{tasks,files,templates,meta,handlers,vars}
#tree ansible_playbooks
vim site.yml
- hosts: 192.168.1.100
remote_user: root
roles:
- websrvs

- hosts: 192.168.1.101
remote_user: root
roles:
- dbsrvs

- hosts: 192.168.1.100
remote_user: root
roles:
- websrvs
- dbsrvs
#cd roles/dbsrvs/
#vim tasks/main.yml
- name: install mysql-server package
yum: name=mysql-server state=latest
- name: install configuration file
copy: src=my.cnf dest=/etc/my.cnf
tags:
- conf
notify:
- restart mysqld
- name: start mysqld service
service: name=mysqld enabled=true state=started
#vim handlers/main.yml
- name: restart mysqld
service: name=mysqld state=restarted

相关博文:

https://www.cnblogs.com/keerya/p/7987886.html