Ansible
1、Ansible簡介html
Ansible是一個簡單的自動化運維管理工具,基於Python語言實現,由Paramiko和PyYAML兩個關鍵模塊構建,可用於自動化部署應用、配置、編排task(持續交付、無宕機更新等)。主版本大概每2個月發佈一次。node
Ansible官網:https://www.ansible.com/ python
github地址:https://github.com/Ansiblegit
Ansible具備以下特色:github
- 部署簡單,只需在主控端部署Ansible環境,被控端無需作任何操做;
- 默認使用SSH協議對設備進行管理;
- 主從集中化管理;
- 配置簡單、功能強大、擴展性強;
- 支持API及自定義模塊,可經過Python輕鬆擴展;
- 經過Playbooks來定製強大的配置、狀態管理;
- 對雲計算平臺、大數據都有很好的支持;
- 提供一個功能強大、操做性強的Web管理界面和REST API接口——AWX平臺。
Ansible與Saltstack最大的區別是Ansible無需在被控主機部署任何客戶端代理,默認直接經過SSH通道進行遠程命令執行或下發配置:相同點是都具有功能強大、靈活的系統管理、狀態配置,二者都提供豐富的模板及API,對雲計算平臺、大數據都有很好的支持。web
Ansible工做機制shell
Ansible在管理節點將Ansible模塊經過SSH協議推送到管理端執行,執行完以後自動刪除,可使用SVN等來管理自定義模塊及編排。ubuntu
2、Ansible安裝 運維
實驗環境採用Ubuntu16.04 LTSdom
Control Machine:192.168.65.110 (Ubuntu16.04)
Managed Nodes:192.168.65.245 (CentOS6.6)
192.168.65.246 (CentOS6.6)
源碼安裝ansible
git clone git://github.com/ansible/ansible.git --recursive
cd ./ansible
source ./hacking/env-setup
apt-get install python-pip
pip install paramiko PyYAML Jinja2 httplib2
問題1:
解決辦法:
apt-get install libcff-dev
問題2:
解決辦法:
apt-get install libssl-dev
查看ansible版本:
./bin/ansible --version
注意: ansible暫不支持Python3,只能安裝Python2.4或以上版本,Ubuntu16.04默認自帶的Python版本爲Python3.5.1,不過也不用擔憂,
執行pip install paramiko PyYAML Jinja2 httplib2命令會自動安裝並切換Python版本爲2.7.11。
另外,ansible默認使用ssh協議管理節點。
3、基本操做
在ansible的安裝目錄下有兩個比較重要的目錄,bin目錄和examples目錄,bin目錄下存放着全部的可執行命令,examples目錄是配置文件的樣板文件。
一、編輯或建立/etc/ansible/hosts文件,添加可管理主機
[ansibleserver]
192.168.65.110
[testservers]
192.168.65.245
192.168.65.246
二、配置無密碼登陸
root@ubuntu:~/ansible# ssh-keygen
root@ubuntu:~/ansible# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.65.110
root@ubuntu:~/ansible# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.65.245
root@ubuntu:~/ansible# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.65.246
三、命令操做
ansible all -m ping # ping全部的節點
ansible all -a "/bin/echo hello"
192.168.65.245提示Module failure, 緣由是安裝的Python版本爲3.5.1。ansible不支持Python3,這是一大缺陷!替換爲python2.7.11以後執行成功。
ansible testservers -a "/bin/echo hello"
Ansible命令參數(用ansible -h得到):
Usage: ansible <host-pattern> [options]
Options:
-a MODULE_ARGS, --args=MODULE_ARGS
module arguments
--ask-vault-pass ask for vault password
-B SECONDS, --background=SECONDS
run asynchronously, failing after X seconds
(default=N/A)
-C, --check don't make any changes; instead, try to predict some
of the changes that may occur
-D, --diff when changing (small) files and templates, show the
differences in those files; works great with --check
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set additional variables as key=value or YAML/JSON
-f FORKS, --forks=FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory-file=INVENTORY
specify inventory host path
(default=/etc/ansible/hosts) or comma separated host
list.
-l SUBSET, --limit=SUBSET
further limit selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts; does not execute
anything else
-m MODULE_NAME, --module-name=MODULE_NAME
module name to execute (default=command)
-M MODULE_PATH, --module-path=MODULE_PATH
specify path(s) to module library (default=None)
--new-vault-password-file=NEW_VAULT_PASSWORD_FILE
new vault password file for rekey
-o, --one-line condense output
--output=OUTPUT_FILE output file name for encrypt or decrypt; use - for
stdout
-P POLL_INTERVAL, --poll=POLL_INTERVAL
set the poll interval if using -B (default=15)
--syntax-check perform a syntax check on the playbook, but do not
execute it
-t TREE, --tree=TREE log output to this directory
--vault-password-file=VAULT_PASSWORD_FILE
vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exit
Connection Options:
control as whom and how to connect to hosts
-k, --ask-pass ask for connection password
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
use this file to authenticate the connection
-u REMOTE_USER, --user=REMOTE_USER
connect as this user (default=None)
-c CONNECTION, --connection=CONNECTION
connection type to use (default=smart)
-T TIMEOUT, --timeout=TIMEOUT
override the connection timeout in seconds
(default=10)
--ssh-common-args=SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
--sftp-extra-args=SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f,
-l)
--scp-extra-args=SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--ssh-extra-args=SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
Privilege Escalation Options:
control how and which user you become as on target hosts
-s, --sudo run operations with sudo (nopasswd) (deprecated, use
become)
-U SUDO_USER, --sudo-user=SUDO_USER
desired sudo user (default=root) (deprecated, use
become)
-S, --su run operations with su (deprecated, use become)
-R SU_USER, --su-user=SU_USER
run operations with su as this user (default=root)
(deprecated, use become)
-b, --become run operations with become (does not imply password
prompting)
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | runas |
doas | dzdo ]
--become-user=BECOME_USER
run operations as this user (default=root)
--ask-sudo-pass ask for sudo password (deprecated, use become)
--ask-su-pass ask for su password (deprecated, use become)
-K, --ask-become-pass
ask for privilege escalation password
4、主機清單Inventory
Ansible經過讀取默認的主機清單配置文件/etc/ansible/hosts,能夠同時鏈接到多個遠程主機上執行任務,默認路徑能夠經過修改ansible.cfg的hostfile參數指定。
/etc/ansible/hosts文件默認配置格式以下
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com # 支持通配符匹配 001至006
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com
5、Ansible經常使用模塊的操做
一、並行性和shell命令
以root用戶在testservers組的全部主機運行Python命令(也能夠其餘用戶身份sudo執行命令)
默認狀況下,ansible使用的module是command,這個模塊並不支持shell變量和管道等,若使用shell來執行模塊,須要用-m參數指定shell模塊
使用shell模塊在遠程主機執行命令
二、傳輸文件
拷貝本地的/etc/hosts文件到192.168.65.245的/tmp目錄
file模塊容許更改文件的用戶及權限
使用file模塊建立目錄,至關於 mkdir -p
ansible ansibleserver -m file -a "dest=/data/src mode=755 owner=rambo group=rambo state=directory"
使用file模塊刪除文件或目錄
ansible 192.168.65.246 -m file -a "dest=/tmp/hosts state=absent"
未完待續...
- 1. Ansible--初始ansible
- 2. Ansible--Ansible之Playbook
- 3. Ansible--Ansible之Roles
- 4. [ansible] Ansible Inventory Manager
- 5. Ansible之ansible-playbook roles
- 6. Ansible 一: 配置ansible
- 7. ansible
- 8. Ansible
- 更多相關文章...
- • NewSQL-TiDB相關
-
每一个你不满意的现在,都有一个你没有努力的曾经。