初識Ansible

Ansible

Ansible 基於 Python 語言實現
默認使用 SSH（Secure Shell）協議對設備進行管理。
也就是說被控制端必須安裝SSH和Python，其它設置與操做都在Ansible主機操做

Ansible主要有3種模塊：
Command(默認模塊，儘可能使用這個): does not use shell(Bash/SH), can not use pipes or redirects
Shell: supports pipes and redirects, can get messed up by user settings
Raw: just sends commands over ssh, does not need python

安裝 Ansible
[root@linux-node2 ~ ]# yum -y install ansible

[root@linux-node2 ~ ]# vi /etc/hosts
192.168.1.48 linux-node0
192.168.1.201 linux-node1
192.168.1.32 linux-node2

Ansible 管理機與被管理機作祕鑰認證 [root@linux-node2 ~ ]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: fc:d6:ae:c2:f0:6b:e3:97:e7:8c:e0:90:dc:cf:d6:55 root@linux-node2 The key's randomart image is: +--[ RSA 2048]----+
. E
S .
..o . . .
++o oo..
o*=++o
o+*=++

+-----------------+

[root@linux-node2~]# ls /root/.ssh
id_rsa id_rsa.pub

[root@linux-node2~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@linux-node0
The authenticity of host 'linux-node0 (192.168.1.48)' can't be established.
ECDSA key fingerprint is 3d:c8:02:ba:60:56:ea:a8:8b:0e:7c:88:f0:2d:07:8b.
Are you sure you want to continue connecting (yes/no)?yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@linux-node0's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@linux-node0'"
and check to make sure that only the key(s) you wanted were added.

[root@linux-node2~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@linux-node1
The authenticity of host 'linux-node1 (192.168.1.201)' can't be established.
ECDSA key fingerprint is 4b:40:f1:c3:7e:da:a3:1b:81:ec:68:de:5c:33:c1:9f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@linux-node1's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@linux-node1'"
and check to make sure that only the key(s) you wanted were added.

hosts 文件添加被管理機
[root@linux-node2 ~]# vi /etc/ansible/hosts
linux-node0
linux-node1

測試 Ansible
[root@linux-node2 ~]# ansible -m ping all
linux-node0 | SUCCESS => {
"changed": false,
"ping": "pong"
}
linux-node1 | SUCCESS => {
"changed": false,
"ping": "pong"
}

[root@linux-node2 ~]# ansible -m shell -a 'python -V' all
linux-node0 | SUCCESS | rc=0 >>
Python 2.7.5
linux-node1 | SUCCESS | rc=0 >>
Python 2.7.5

[root@linux-node2 ~]# ansible all -a 'uptime'
linux-node0 | SUCCESS | rc=0 >>
13:26:38 up 20:25, 2 users, load average: 0.00, 0.01, 0.05
linux-node1 | SUCCESS | rc=0 >>
13:26:38 up 21:30, 1 user, load average: 0.25, 0.17, 0.15

[root@linux-node2 ~]# ansible all -a 'whoami'
linux-node0 | SUCCESS | rc=0 >>
root
linux-node1 | SUCCESS | rc=0 >>
root

[root@linux-node2 ~]# ansible all -b -a 'whoami' （若是上面的whoami不是root，這裏能夠用-b，使別的用戶變成root再運行whoami）
linux-node0 | SUCCESS | rc=0 >>
root
linux-node1 | SUCCESS | rc=0 >>
root

[root@linux-node2 ~]# ansible all -b -m yum -a 'name=httpd state=latest' （在全部主機上安裝最新版apache）

[root@linux-node2 ~]# ansible all -b -m command -a 'echo "hello" >/root/hello.txt' （-m command能夠省，這個執行後，被控端並無生成hello.txt，由於command does not use shell）
linux-node0 | SUCCESS | rc=0 >>
hello >/root/hello.txt
linux-node1 | SUCCESS | rc=0 >>
hello >/root/hello.txt

[root@linux-node2 ~]# ansible all -b -m shell -a 'echo "hello" >/root/hello.txt'
（被控端生成hello.txt）
linux-node0 | SUCCESS | rc=0 >>
linux-node1 | SUCCESS | rc=0 >>

被控端
[root@linux-node0 ~]# cat /root/hello.txt
Hello

刪除文件（用了-m file模塊）
[root@linux-node2 ~]# ansible all -b -m file -a 'path=/root/hello.txt state=absent'
linux-node0 | SUCCESS => {
"changed": true,
"path": "/root/hello.txt",
"state": "absent"
}
linux-node1 | SUCCESS => {
"changed": true,
"path": "/root/hello.txt",
"state": "absent"
}

被控端
[root@linux-node0 ~]# cat /root/hello.txt
cat: /root/hello.txt: No such file or directory

複製文件（用了-m copy模塊）
[root@linux-node2 ~]# ansible all -b -m copy -a 'src=/etc/hosts dest=/etc/hosts'
linux-node0 | SUCCESS => {
"changed": true,
"checksum": "f8a18de2bf1528cc840179039ab991e0a94068fe",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "3c20904bc44d3669c1a18429aea169b5",
"mode": "0644",
"owner": "root",
"size": 261,
"src": "/root/.ansible/tmp/ansible-tmp-1532501917.65-225783863411073/source",
"state": "file",
"uid": 0
}
linux-node1 | SUCCESS => {
"changed": true,
"checksum": "f8a18de2bf1528cc840179039ab991e0a94068fe",
"dest": "/etc/hosts",
"gid": 0,
"group": "root",
"md5sum": "3c20904bc44d3669c1a18429aea169b5",
"mode": "0644",
"owner": "root",
"size": 261,
"src": "/root/.ansible/tmp/ansible-tmp-1532501917.66-73905370255186/source",
"state": "file",
"uid": 0
}

Playbook 實戰
[root@linux-node2 ~]# vi test.yaml

• hosts: all
  tasks:

  • name: do a uname
    shell: uname -a > /root/results.txt

  • name: whoami
    shell: whoami >> /root/results.txt

[root@linux-node2 ~]# ansible-playbook test.yaml

PLAY [all] *****

TASK [Gathering Facts] *****
ok: [linux-node0]
ok: [linux-node1]

TASK [do a uname] **
changed: [linux-node0]
changed: [linux-node1]

TASK [whoami] **
changed: [linux-node0]
changed: [linux-node1]

PLAY RECAP *****
linux-node0 : ok=3 changed=2 unreachable=0 failed=0
linux-node1 : ok=3 changed=2 unreachable=0 failed=0

被控端
[root@linux-node0 ~]# cat /root/results.txt
Linux linux-node0 3.10.0-693.11.1.el7.x86_64 #1 SMP Mon Dec 4 23:52:40 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
root

[root@linux-node2 ~]# vi test.yaml （指定使用root執行）

• hosts: all
  become: yes #或者true
  tasks:

  • name: do a uname
    shell: uname -a > /root/results.txt

  • name: whoami
    shell: whoami >> /root/results.txt

Handlers實戰
[root@linux-node2 ~]# vi test1.yaml

• hosts: all
  become: yes
  tasks:

  • name: install vsftpd on Ubuntu （由於我沒有裝Ubuntu，因此紅色部分省）
    apt: name=vsftpd update_cache=yes state=latest
    ignore_errors: yes
    notify:start vsftpd

  • name: install vsftpd on centos
    yum: name=vsftpd state=latest
    ignore_errors: yes
    notify: start vsftpd

  handlers:

  • name: start vsftpd
    service: name=vsftpd enabled=yes state=started

[root@linux-node2 ~]# ansible-playbook test1.yaml

PLAY [all] ****

TASK [Gathering Facts] ****
ok: [linux-node0]
ok: [linux-node1]

TASK [install vsftpd on centos] ***
changed: [linux-node0]
changed: [linux-node1]

RUNNING HANDLER [start vsftpd] ****
changed: [linux-node0]
changed: [linux-node1]

PLAY RECAP ****
linux-node0 : ok=3 changed=2 unreachable=0 failed=0
linux-node1 : ok=3 changed=2 unreachable=0 failed=0

被控端
[root@linux-node0 ~]# service vsftpd status
Redirecting to /bin/systemctl status vsftpd.service
?vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-07-25 17:49:03 CST; 20h ago
Process: 8091 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
Main PID: 8092 (vsftpd)
CGroup: /system.slice/vsftpd.service
忖8092 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

Jul 25 17:49:03 linux-node0 systemd[1]: Starting Vsftpd ftp daemon...
Jul 25 17:49:03 linux-node0 systemd[1]: Started Vsftpd ftp daemon.

Variables and Facts實戰
[root@linux-node2 ~]# ansible linux-node0 -m setup -a "filter=family"
(ansible linux-node0 -m setup能獲得 CPU type, RAM, IP address, CPU cores, etc)
linux-node0 | SUCCESS => {
"ansible_facts": {
"ansible_os_family": "RedHat"
},
"changed": false
}

[root@linux-node2 ~]# vi test2.yaml

• hosts: linux-node0
  vars:

  • var1: cool stuff here
  • var2: cool stuff there

  tasks:

  • name: echo stuff
    shell: echo " {{var1}} is var1, but var2 is {{var2}}" > /root/{{ansible_os_family}}.txt

[root@linux-node2 ~]# ansible-playbook test2.yaml

PLAY [linux-node0] ****

TASK [Gathering Facts] ****
ok: [linux-node0]

TASK [echo stuff] *****
changed: [linux-node0]

PLAY RECAP ****
linux-node0 : ok=2 changed=1 unreachable=0 failed=0

被控端
[root@linux-node0 ~]# cat /root/RedHat.txt
cool stuff here is var1, but var2 is cool stuff there

Debug Module實戰(不會對被控端進行修改)
[root@linux-node2 ~]# vi test3.yaml

• hosts: linux-node0
  vars:

  • var_thing: "never gonna"

  tasks:

  • name: echo stuff
    command: echo -e "{{var_thing}} give you up,\n {{var_thing}} let you down,\n{{var_thing}} run around and dessert you"
    register: results

  • name: show results
    debug: msg={{results.stdout_lines}}

[root@linux-node2 ~]# ansible-playbook test3.yaml

PLAY [linux-node0] ****

TASK [Gathering Facts] ****
ok: [linux-node0]

TASK [echo stuff] *****
changed: [linux-node0]

TASK [show results] ***
ok: [linux-node0] => {
"msg": [
"never gonna give you up,",
" never gonna let you down,",
"never gonna run around and dessert you"
]
}

PLAY RECAP ****
linux-node0 : ok=3 changed=1 unreachable=0 failed=0

Conditionals實戰
[root@linux-node2 ~]# vi test4.yaml

• hosts: linux-node0
  become: yes

  tasks:

  • name: install apache2
    apt: name=apache2 state=latest
    when: ansible_os_family == "Debian"

  • name: install httpd
    yum: name=httpd state=latest
    when: ansible_os_family == "RedHat"

[root@linux-node2 ~]# ansible-playbook test4.yaml

PLAY [linux-node0] *****

TASK [Gathering Facts] *****
ok: [linux-node0]

TASK [install apache2] *****
skipping: [linux-node0]

TASK [install httpd] ***
changed: [linux-node0]

PLAY RECAP *****
linux-node0 : ok=2 changed=1 unreachable=0 failed=0

被控端
[root@linux-node0 ~]# service httpd status
Redirecting to /bin/systemctl status httpd.service
?httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)

Loops實戰
with_items:
[root@linux-node2 ~]# vi test5.yaml (在被控端安裝vim, nano, httpd)

• hosts: linux-node0
  become: yes

  tasks:

  • name: install stuff
    yum: name={{item}} state=latest
    with_items:
    • vim
    • nano
    • httpd

[root@linux-node2 ~]# ansible-playbook test5.yaml

PLAY [linux-node0] ****

TASK [Gathering Facts] ****
ok: [linux-node0]

TASK [install stuff] **
changed: [linux-node0] => (item=[u'vim', u'nano', u'httpd'])

PLAY RECAP ****
linux-node0 : ok=2 changed=1 unreachable=0 failed=0

with_file:
[root@linux-node2 ~]# vi test6.yaml

• hosts: linux-node0
  become: yes

  tasks:

  • name: show file contents
    debug: msg={{item}}
    with_file:
    • file1.txt
    • file2.txt

[root@linux-node2 ~]# vi file1.txt
This is file number 1

[root@linux-node2 ~]# vi file2.txt
This is file
number 2

[root@linux-node2 ~]# ansible-playbook test6.yaml

PLAY [linux-node0] ****

TASK [Gathering Facts] ****
ok: [linux-node0]

TASK [show file contents] *****
ok: [linux-node0] => (item=This is file number 1) => {
"msg": "This is file number 1"
}
ok: [linux-node0] => (item=This is file
number 2) => {
"msg": "This is file\nnumber 2"
}

PLAY RECAP ****
linux-node0 : ok=2 changed=0 unreachable=0 failed=0

with_sequence:
[root@linux-node2 ~]# vi test7.yaml

• hosts: linux-node0
  become: yes

  tasks:

  • name: show file contents
    debug: msg="this is loop {{item}}"
    with_sequence: start=1 end=10

[root@linux-node2 ~]# ansible-playbook test7.yaml

PLAY [linux-node0] ****

TASK [Gathering Facts] ****
ok: [linux-node0]

TASK [show file contents] *****
ok: [linux-node0] => (item=1) => {
"msg": "this is loop 1"
}
ok: [linux-node0] => (item=2) => {
"msg": "this is loop 2"
}
ok: [linux-node0] => (item=3) => {
"msg": "this is loop 3"
}
ok: [linux-node0] => (item=4) => {
"msg": "this is loop 4"
}
ok: [linux-node0] => (item=5) => {
"msg": "this is loop 5"
}
ok: [linux-node0] => (item=6) => {
"msg": "this is loop 6"
}
ok: [linux-node0] => (item=7) => {
"msg": "this is loop 7"
}
ok: [linux-node0] => (item=8) => {
"msg": "this is loop 8"
}
ok: [linux-node0] => (item=9) => {
"msg": "this is loop 9"
}
ok: [linux-node0] => (item=10) => {
"msg": "this is loop 10"
}

PLAY RECAP ****
linux-node0 : ok=2 changed=0 unreachable=0 failed=0

Ansible Templates實戰
[root@linux-node2 ~]# vi test8.yaml

• hosts: all
  become: yes
  vars:
  file_version: 1.0
  tasks:

  • name: install index
    template:
    src: index.html.j2
    dest: /var/www/html/index.html
    mode: 0777

[root@linux-node2 ~]# vi index.html.j2
<html>
<center>
<h1>This computer's hostname is {{ansible_hostname}}</hl>
<h3>It is running the{{ansible_os_family}} family of operating system</h3>
<small>This file is version{{file_version}}</small>
{#this will not end up in the final output file on the remote server#}
</center>
</html>

[root@linux-node2 ~]# ansible-playbook test8.yaml

PLAY [all] ****

TASK [Gathering Facts] ****
ok: [linux-node0]
ok: [linux-node1]

TASK [install index] **
changed: [linux-node0]
changed: [linux-node1]

PLAY RECAP ****
linux-node0 : ok=2 changed=1 unreachable=0 failed=0
linux-node1 : ok=2 changed=1 unreachable=0 failed=0

被控端[root@linux-node0 ~]# cat /var/www/html/index.html<html><center><h1>This computer's hostname is linux-node0</hl><h3>It is running theRedHat family of operating system</h3><small>This file is version1.0</small></center></html>