I. INTRODUCTION
1. operation and maintenance of automation tools comparison
1.Puppet: Ruby-based development using C / S architecture, scalability, perform relatively weak based on SSL, remote command
2.SaltStack: Python-based development using C / S structure, relatively puppet more lightweight, configuration syntax use YAML, makes the configuration script simpler. need to configure the client and server side. Each control node is required to install Agent
3.Ansible: Python-based development, distributed, no client, lightweight configuration syntax to use YAML language, more remote command execution operation
2.ansible Profile
ansible automated operation and maintenance tools emerging, based on Python development, distributed, no client, lightweight, to achieve a bulk system configuration, batch deployment, run the batch command functions, ansible is based on the work of the module itself is not volume deployment capabilities. Volume deployment is truly module ansible running, ansible only provides a framework.
Ansible characteristic
1), no agents: no need to install any client on the host control, updating, only once to update (not installed on the client machine operating distributed).
2), NO Server: None server, using the command can be run directly when
3), modules in any languages: based on the module, you can use any language development module
4), yaml, not code: using customized script language yaml PlayBook
5), SSH by default: based SSH work
6), strong multi-tier solution : to achieve multi-level conductor
connection plugins: connect plug-in charge and monitored end for communication, default SSH connection
host inventory: the host list is a configuration hosts file which defines monitoring
modules : module, core module, command module, custom modules and other
plugins: modules to add functionality, including plug-in connection, e-mail plug-ins
playbook: choreography, defined Ansible multitasking profile, non-essential
Two, ansible installation
1, ready to close the protective wall and the environment ---- selinux
环境:
主机:4台 一个控制节点 3个被控制节点
解析:本地互相解析(所有机器)
# vim /etc/hosts
192.168.1.10 ansible-web1
192.168.1.11 ansible-web2
192.168.1.12 ansible-web3
192.168.1.9 ansible-server (控制节点服务器端)
配置ssh公钥认证:控制节点需要发送ssh公钥给所有被控制节点
[root@ansible-server ~]# ssh-keygen (生成秘钥队)
[root@ansible-server ~]# ssh-copy-id -i 192.168.1.10 #所有机器
然后ssh 192.168.1.10 可以免密登录了
所有机器:
systemctl stop firewalld && setenforce 0
2, installation
安装:控制节点
1. 配置EPEL网络yum源
[root@ansible-server ~]# yum install -y epel-release (安装源不安装也行)
2. 安装ansible
[root@ansible-server ~]# yum install -y ansible
3.查看版本
[root@ansiable-server ~]# ansible --version
4.看帮助
[root@ansible-server ~]# ansible --help
3, ansible base ---- inventory host list
inventory files are often used to define the authentication information management host, such as ssh login user name, password, and key related information.
查看配置文件:
[root@ansible-server ~]# rpm -qc ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts
-q:---query查询
1.主配置文件:
/etc/ansible/ansible.cfg #主要设置一些ansible初始化的信息,比如日志存放路径、模块、等配置信息
2.主机清单文件:
默认位置/etc/ansible/hosts
语法:
1.添加主机或者主机组:
[root@ansible-server ~]# vim /etc/ansible/hosts #在最后追加被管理端的机器
ansible-web1 #单独指定主机,可以使用主机名称或IP地址
2.添加主机组:
[webservers] #使用[]标签指定主机组 ----标签自定义
192.168.10.11 #如果未解析添加ip
ansible-web2 #解析添加主机名
3.组可以包含其他组:
[webservers1] #组一
ansible-web1
[webservers2] #组二
ansible-web2
[weball:children] #children-照写 #weball包括两个子组
webservers1 #组一
webservers2 #组二
4.为一个组指定变量,组内每个主机都可以使用该变量:
[weball:vars] #设置变量,vars--照写
ansible_ssh_port=22
ansible_ssh_user=root
ansible_ssh_private_key_file=/root/.ssh/id_rsa
#ansible_ssh_pass=1 #也可以定义密码,如果没有互传秘钥可以使用密码。
Ansible Inventory common built-in parameters:
查看组内主机列表:
语法:ansible 组名 --list-hosts
[root@ansible-server ~]# ansible weball --list-hosts
hosts (2):
ansible-web1
ansible-web2
====================================
扩展:自定义主机列表使用密码登录:(了解)
[root@ansible-server ~]# vim /opt/hostlist
[all:vars]
ansible_ssh_port=22
ansible_ssh_user=root
#ansible_ssh_private_key_file=/root/.ssh/id_rsa
ansible_ssh_pass=test
[all]
ansible-web1
ansible-web2
使用:
[root@ansible-server ~]# ansible -i /opt/hostlist all -m ping -o
小注释:如果不通,手动连接第一次,第一次需要手动输入密码。"第一次"
-i:指定清单文件
注意:这里的ping并不是真正意义上的ping而是探测远程主机ssh是否可以连接!判断ssh端口是否存活
4, the test
语法:
# ansible <pattern> -m <module_name> -a <arguments>
pattern--主机清单里定义的主机组名,主机名,IP,别名等,all表示所有的主机,支持通配符,正则
-m module_name: 模块名称,默认为command
-a arguments: 传递给模块的参数
-o 横着显示(单行显示)
Use Cases:
使用ping模块检查ansible节点的连通性:
1.指定单台机器:
[root@ansible-server ~]# ansible ansible-web1 -m ping -o
ansible-web1 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
2.同时指定多台机器:
[root@ansible-server ~]# ansible ansible-web1,ansible-web2 -m ping -o
ansible-web1 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
ansible-web2 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
3.指定组名:
[root@ansible-server ~]# ansible webservers1 -m ping -o
ansible-web1 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
执行shell命令:
[root@ansible-server ~]# ansible webservers1 -m shell -a 'uptime'
ansible-web1 | CHANGED | rc=0 >>
23:32:47 up 5:24, 3 users, load average: 0.00, 0.01, 0.05
不加 -m 默认是 command 模块
[root@ansible-server ~]# ansible webservers1 -a 'uptime'
ansible-web1 | CHANGED | rc=0 >>
23:34:01 up 5:25, 3 users, load average: 0.16, 0.05, 0.06
执行shell命令:
[root@ansible-server ~]# ansible webservers1 -m shell -a 'uptime'
ansible-web1 | CHANGED | rc=0 >>
23:32:47 up 5:24, 3 users, load average: 0.00, 0.01, 0.05
不加 -m 默认是 command 模块
[root@ansible-server ~]# ansible webservers1 -a 'uptime'
ansible-web1 | CHANGED | rc=0 >>
23:34:01 up 5:25, 3 users, load average: 0.16, 0.05, 0.06
