1. ansible batch operation and configuration management:
In this post, mainly on the following several points knowledge and practical experience, for your reference:
1. ansible profile:
2. ansible commonly used modules:
3. ansible playbook of use:
1. ansible profile:
1.1 Ansible Description:
ansible is a python-based development of lightweight automated operation and maintenance management tool that can be used to batch execute commands, setup, support playbook choreography. It is connected to the host via ssh protocol, to the center, as opposed to customers without having to install puppet and saltstack can achieve file transfer, command execution, application deployment, configuration management, task scheduling, etc., it is much more simple and lightweight. ansible only provides a framework, based on the work of the module itself is no volume deployment.
1.2 Ansible core components:
1. Connect plug connection plugins: responsible for communication and a monitoring terminal;
2. Inventory Host: host designation operation, which is a host defined monitoring configuration file;
3. various modules core module, command module custom modules;
4 by means of a plug-in to complete the mail logging functions;
5. The PlayBook: when the script to perform multiple tasks, allowing non-essential node running a plurality of one-time tasks.
1.3 Ansible characteristics:
1. Agents NO: no need to install any client on the host control;
2. Server NO: no server, run command to directly use;
3. modules in the any languages: based on the module, may any language module development;
4. yaml, Not code: using script language customization yaml PlayBook;
5. The SSH by default: working on the SSH;
6. The strong multi-Tier Solution: multi-level command may be implemented;
1.4 Ansible installation:
Ansible server installation conditions, the first is LInux system, the second is the need to install more than python2.7 version Installation epel warehouse source
yum install epel-release -y
yum install ansible -y
[root@rainbondmanager yum.repos.d]# ansible --version
ansible 2.8.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
[root@rainbondmanager yum.repos.d]#
# 查看ansible的版本
# 在ansible server和 ansible client上面执行:
ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa
# 然后再在ansible server上面执行拷贝公钥文件到ansible client机器的/root/.ssh/authorized_keys文件
ssh-copy-id -i /root/.ssh/id_rsa 10.93.32.130
ssh-copy-id -i /root/.ssh/id_rsa 10.93.32.131
#ansible主要的配置文件和执行文件如下:
/etc/ansible/ansible.cfg
# ansible的主配置文件 这个文件主要定义了roles_path路径,主机清单路径,连接清单中的主机方式等配置,这些大部的默认配置已经足够我们平时使用,如需要特别配置可以自行去修改;
/etc/ansible/hosts
# 这个配置文件就是默认主机清单配置文件,可通过ansible.cfg重新定义的;
ansible #主执行程序,一般用于命令行下执行
ansible-playbook #执行playbook中的任务
ansible-doc #获取各模块的帮助信息
# 配置的/etc/ansible/hosts文件内容如下:
[websrvs]
10.83.32.130
10.83.32.131
2. ansible commonly used commands module:
ansible have a lot of modules can be used, we only introduce some commonly used modules, first look at the ansible command line format:
ansible
HOST-PATTERN #匹配主机模式,如all表示所有主机
-m MOD_NAME #模块名 如:ping
-a MOD_ARGS #模块执行的参数
-f FORKS #生成几个子进行程执行
-C #(不执行,模拟跑)
-u Username #某主机的用户名
-c CONNection #连接方式(default smart)
ansible模块比较多,可以通过ansible-doc --help 显示帮助信息
ansible doc -l 获取所有当前版本下的可用模块及简要信息
ansible-doc -s 模块名 获取指定模块帮助信息说明``2.1 COPY modules: distribution from a local copy files to the directory path to the host
参数说明:
src= 源文件路径
dest= 目标路径
注意src= 路径后面带/ 表示带里面的所有内容复制到目标目录下,不带/是目录递归复制过去
content= 自行填充的文件内容
owner 属主
group 属组
mode权限
ansible all -m copy -a "src=/data/ncp/pom.xml dest=/tmp/pom.xml mode=600"
ansible all -m copy -a "content='hello ansible\n' dest=/tmp/hello.txt" #通过输入文件的内容来生成文件
ansible all -m shell -a "cat /tmp/hello.txt" #查看远程主机上的文件2.2 fetch module: pull the file from the remote host to the local
[root@rainbondmanager ncp]# ansible all -m fetch -a "src=/tmp/hello.txt dest=/tmp"
10.83.32.131 | CHANGED => {
"changed": true,
"checksum": "df800445bb74b4abb144b3f9bf03f90aa9618f4c",
"dest": "/tmp/10.83.32.131/tmp/hello.txt",
"md5sum": "f61d358bbdd6a9bd2e93322023a4e29d",
"remote_checksum": "df800445bb74b4abb144b3f9bf03f90aa9618f4c",
"remote_md5sum": null
}
10.83.32.130 | CHANGED => {
"changed": true,
"checksum": "df800445bb74b4abb144b3f9bf03f90aa9618f4c",
"dest": "/tmp/10.83.32.130/tmp/hello.txt",
"md5sum": "f61d358bbdd6a9bd2e93322023a4e29d",
"remote_checksum": "df800445bb74b4abb144b3f9bf03f90aa9618f4c",
"remote_md5sum": null
}
[root@rainbondmanager ncp]# ls /tmp/10.83.32.131/tmp/hello.txt
/tmp/10.83.32.131/tmp/hello.txt
[root@rainbondmanager ncp]#
#说明:fetch使用很简单,src和dest,dest只要指定一个接收目录,默认会在后面加上远程主机及src的路径Module 2.3 command: command executed on a remote host, are bare performed, the non-key display; shell not resolved;
[root@rainbondmanager ncp]# ansible all -m command -a "ifconfig"
10.83.32.131 | CHANGED | rc=0 >>
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.83.32.131 netmask 255.255.255.0 broadcast 10.83.32.255
inet6 fe80::e40:453c:4d1:d859 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:62:5a:6a txqueuelen 1000 (Ethernet)
RX packets 4703751 bytes 322962815 (308.0 MiB)
RX errors 0 dropped 7 overruns 0 frame 0
TX packets 22169 bytes 1642865 (1.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
10.83.32.130 | CHANGED | rc=0 >>
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.83.32.130 netmask 255.255.255.0 broadcast 10.83.32.255
inet6 fe80::ae8b:7313:3f36:ca25 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:0e:2f:ab txqueuelen 1000 (Ethernet)
RX packets 4703839 bytes 322848456 (307.8 MiB)
RX errors 0 dropped 17 overruns 0 frame 0
TX packets 22942 bytes 1621244 (1.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@rainbondmanager ncp]# ansible all -m command -a "ifconfig|grep ens192"
10.83.32.130 | FAILED | rc=2 >>
[Errno 2] No such file or directory
10.83.32.131 | FAILED | rc=2 >>
[Errno 2] No such file or directory
# 由于commnad只能执行裸命令(即系统环境中有支持的命令),至于管道之类的功能不支持,
shell模块可以做到2.4 shell module: command may use complex piping
[root@rainbondmanager ncp]# ansible all -m shell -a "ifconfig|grep ens192"
10.83.32.130 | CHANGED | rc=0 >>
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
10.83.32.131 | CHANGED | rc=0 >>
ens192: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
[root@rainbondmanager ncp]#2.5 file module: set file attributes, create directories, etc.
常用参数:
path目标路径
state directory为目录,link为软件链接
group 目录属组
owner 属主等,其他参数通过ansible-doc -s file 获取
# 创建目录
[root@rainbondmanager ncp]# ansible all -m file -a "path=/var/tmp/hello.dir state=directory"
10.83.32.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/var/tmp/hello.dir",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
10.83.32.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/var/tmp/hello.dir",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
[root@rainbondmanager ncp]# ansible all -m shell -a "ls -l /var/tmp/hello.dir"
10.83.32.131 | CHANGED | rc=0 >>
total 0
10.83.32.130 | CHANGED | rc=0 >>
total 0
[root@rainbondmanager ncp]#
# 配置软链接
[root@rainbondmanager ncp]# ansible all -m file -a "src=/etc/fstab path=/var/tmp/fstab.link state=link"
10.83.32.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/var/tmp/fstab.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 10,
"src": "/etc/fstab",
"state": "link",
"uid": 0
}
10.83.32.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/var/tmp/fstab.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:user_tmp_t:s0",
"size": 10,
"src": "/etc/fstab",
"state": "link",
"uid": 0
}
[root@rainbondmanager ncp]# ansible all -m shell -a "ls -l /var/tmp/fstab.link"
10.83.32.131 | CHANGED | rc=0 >>
lrwxrwxrwx. 1 root root 10 Jul 23 04:29 /var/tmp/fstab.link -> /etc/fstab
10.83.32.130 | CHANGED | rc=0 >>
lrwxrwxrwx. 1 root root 10 Jul 23 04:29 /var/tmp/fstab.link -> /etc/fstab2.6 cron module: set the timer task
通过cron模块对目标主机生成计划任务
常用参数:
除了分(minute)时(hour)日(day)月(month)周(week)外
name: 本次计划任务的名称
state: present 生成(默认) |absent 删除 (基于name)
示例:对各主机添加每隔3分钟从time.windows.com同步时间
[root@rainbondmanager ~]# ansible all -m cron -a "minute=*/3 job='/usr/sbin/update time.windows.com &>/dev/null' name=update_time" #增加crontab任务,指定每3分钟同步时间
10.83.32.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"update_time"
]
}
10.83.32.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"update_time"
]
}
[root@rainbondmanager ~]# ansible all -m shell -a "crontab -l"
10.83.32.131 | CHANGED | rc=0 >>
#Ansible: update_time
*/3 * * * * /usr/sbin/update time.windows.com &>/dev/null
10.83.32.130 | CHANGED | rc=0 >>
#Ansible: update_time
*/3 * * * * /usr/sbin/update time.windows.com &>/dev/null
示例2:删除计划任务
[root@rainbondmanager ~]# ansible all -m cron -a "name=update_time state=absent" #删除crontab任务
10.83.32.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
10.83.32.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
[root@rainbondmanager ~]# ansible all -m shell -a "crontab -l"
10.83.32.131 | CHANGED | rc=0 >>
10.83.32.130 | CHANGED | rc=0 >>
Module 2.7 yum: yum install module package
常用参数说明:
enablerepo,disablerepo表示启用与禁用某repo库
name 安装包名
state (present' orinstalled', latest')表示安装, (absent' or `removed') 表示删除
示例:通过安装epel扩展源并安装nginx
ansible all -m yum -a "name=epel-release state=installed"
ansible all -m yum -a "name=nginx state=installed"2.8 service modules: Service Management Module
服务管理模块
常用参数:
name:服务名
state:服务状态
enabled: 是否开机启动 true|false
runlevel: 启动级别 (systemed方式忽略)
ansible all -m service -a "name=nginx state=started enabled=true"
#把刚才安装的nginx软件设置成开机启动,并且启动此服务
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
#由于目标机器有安装防火墙软件,需要增加防火墙开放策略2.9 script module: the local script spread to remote execution
# 在ansible服务器上面创建一个test.sh的脚本
[root@rainbondmanager ~]# cat test.sh
#!/bin/bash
ipaddr=$(ip addr|grep ens192|grep inet|awk '{print $2}'|awk -F "/" '{print $1}')
echo "This host ip address is ${ipaddr}" >> /tmp/ip.txt
ansible all -m script -a "/root/test.sh"On the first write to you today, for the use of ansible I would go out of several blog posts, including the definition of subsequent ansible-playbook, the hierarchical directory management roles, etc., we can continue to focus;
