Ansible Introduction
ansible is an automated tool operation and maintenance, based paramiko development, and work based on modular, Ansible configuration management is an integrated IT system, application deployment, open source platform to perform specific tasks, it is based on python language, and by the Paramiko Construction of PyYAML two key modules. Collection of many advantages of the operation and maintenance of tools, implements batch system configuration, batch deployment, run the batch command functions .ansible module is based on the work, does not have the ability to batch deployment. The deployment is truly batch module ansible running , ansible only provides a framework .ansible need to install client / agents on a remote host, because they are based and to the remote host ssh communication.
Ansible basic price architecture
Ansible download:
Can download and install from source, you can also use yum install, I use here is quite easy to install yum.
yum -y install ansible
After the download is complete, and we need to host phases and charged with echoes, which uses ssh without password, my blog there. And after that we'll need to add the ip address of the accused in the host in the host list.
vim / etc / ansible / hosts 10.6 . 12.71 # Add the host IP address in the last line
Once this is done we will be able to control the other hosts by ansible!
ansible 10.6 . 12.71 -m # View the ping other hosts on the network status
Ansible the more important documents
/ect/ansible/ansible.cfg---- main configuration file
/ Ect / ansible / hosts -------- host list
/ Etc / ansible / roles / -------- store role directory. The role is a collection of a lot of playbook
/ Usr / bin / ansible ------ main program, interim executive command tool
/ Usr / bin / ansible-doc ------ view configuration module, module function viewer
/ Usr / bin / ansible- galaxy ------- download / upload good code or modules Roles official website platform
/ Usr / bin / ansible-playbook ----- develop automation tasks, scheduling script
/ Usr / bin / absible-pull ------ Remote command execution tool
/ Usr / bin / ansible-vault ---- file encryption tool
/ Usr / bin / nsible-console ------based console interface and user interaction enforcement tools
Ansible call basic module
You can be viewed by Ansible --help how to use this command.
ansible 10.6 . 12.71 -m the ping # -k -m specify what module is invoked, -k interactive input password, it is recommended to do ssh without password.
Documents Anaible the / etc / hosts, NOTE *** in ssh port when it is time to change the ssh port to specify ***
1 may be added to a single host IP address
2. You can add a host group, then added a host ip host the group can host batch control
3. Test Command
Ansible main configuration file /etc/ansible/ansilnble.cng (generally keep the default)
[defaults] # some basic default values... #inventory = / etc / ansible / hosts host list configuration file # #library = / usr / report this content share / my_modules / # library file storage directory #module_utils = /usr/share/my_module_utils/#模块路径 #remote_tmp = ~/.ansible/tmp#临时py命令文件存放在远程主机目录 #local_tmp = ~/.ansible/tmp#本机的临时命令执行目录 #forks = 5#默认并发数 #poll_interval = 15 #sudo_user = root#默认sudo用户 #ask_sudo_pass = True#每次执行ansible敏玲是否询问ssh密码 #ask_pass = True #transport = smart #remote_port = 22 #module_lang = C #module_set_locale = False
#host_key_cheking=False#建议取消注释,检查对应服务器的host_key
#log_path=/var/log/ansible.log#日志文件建议启用
Ansible系列命令
ansible ansible-doc ansible- playbook ansible-vault
ansible-console ansible-galaxy ansible-pull
ansible-doc:显示模块帮助
ansible-doc [options] [modul..]
-a 显示所有模块的文档
-I, --list 列出可用模块
-s, --snippet显示指定模块的playbook片段
示例:
ansible-doc -|列出所有模块
ansible-doc ping查看指定模块帮助用法
ansible-doc -s ping 查看指定模块帮助用法
Ansible命令用法
例子:以下面这条命令为例,需要做ssh无密码登陆,然后需要给zr用户sudo的权限,这样才可以访问被控制端的目录文件等等
授权可以在visudo修改,将zr用户加入到%whell组中,免密登陆的时候就修改visudo,然后增加这个%wheel ALL=(ALL) NOPASSWD: ALL
ansible 10.612.56 -a 'la /root' -u zr -k -b -K
当有多个主机组需要执行操作时:
Ansible命令执行过程
1.加载自己的配置文件 默认/etc/ansible/ansible.cfg
2.加载自己对应的模块文件,如command
3.通过ansible将模块或命令生成对应的临时py文件,并将该文件传送至远程服务器的对应执行用户$HOME/.ansible/tmp/ansible-tmp-数字/xxx.py文件
4.给文件+x执行
5.执行并返回结果
6.删除临时py文件,sleep 0退出
Ansible的相关模块:-m 指定模块默认是command
以command为例子:
- chdir#到一个目录下执行命令时需要这个ansible all -a 'chdir=/etc/fs cat /etc/fstab' Change into this directory before running the command. [Default: (null)] version_added: 0.6 - creates#将一个文件存在将不进行下面的操作ansible all -a 'createst=/etc/fs cat /etc/fstab' A filename or (since 2.0) glob pattern, when it already exists, this step will *not* be run. [Default: (null)] = free_form The command module takes a free form command to run. There is no parameter actually named 'free form'. See the examples! - removes#如果不存在将不执行后续命令ansible all -a 'removes=/etc/fs cat /etc/fstab' A filename or (since 2.0) glob pattern, when it does not exist, this step will *not* = free_form The command module takes a free form command to run. There is no parameter actually named 'free form'. See the examples! - removes A filename or (since 2.0) glob pattern, when it does not exist, this step will *not* be run. [Default: (null)] version_added: 0.8 - stdin Set the stdin of the command directly to the specified value. [Default: None] version_added: 2.4 - warn If command_warnings are on in ansible.cfg, do not warn about this particular line if set to `no'. [Default: yes] type: bool version_added: 1.8
但是commdel这个模块的缺点就是命令里不能有管道、重定向等符号无法处理,所以在需要的时候需要-m指定所需要的模块。
Shell模块:和command相似,用shell执行命令
Script:运行脚本
只需要在控制端写好要运行的脚本,Script就会自动给其他被控主机推送脚本。
ansible all -m script -a '/root/ansible/host.sh'
COPY模块:ansible-doc -s copy查看选项参数
例子:修改selinux的状态
[root@localhost ~]# ansible all -m copy -a 'src=/root/ansible/selinux dest=/etc/selinux/config backup=yes'
src是指定源 dest是指定目的 backup做复制的时候会备份
例子:在被控主机上直接生成文件
ansible all -m copy -a 'content="hello\nthanks\n" dest=/data/fs'#直接在被控主机生成内容为
hello\nthanks\n的文件/data/fs1
Fetch模块:从客户端取文件至服务器端和cp是相反的
ansible src -m fetch -a “src=/root/a.sh dast=/data/scripts”
file模块:设置文件属性
重要的参数state:可以创建文件,目录,和软连接,具体和state的状态有关
ansible srv -m file -a "pas=/root/a.sh owner=wang mode=755" ansible web -m file -a 'src=/app/testfile dest=/app/testfile-like state=link'#创建软连接
ansible all -m file -a 'name=/data/g3 state=touch'#创建一个文件,对象是/data/g3
ansible all -m file -a 'name=/data/g3 state=absent'#删除一个文件也能删除文件夹,对象是/data/g3
ansible all -m file -a 'name=/data/g3 state=dirrectory'#创建一个文件夹,对象是/data/g3
unarchive模块:打包模块
archive模块:解包模块
hostname模块:修改主机名
ansible 192.168.157.131 -m hostname -a 'name=node'#把主机名改为node
cron模块:计划任务#和crontab -e 差不多
ansible all -m crom -a 'minute=* week=1,3,5 job="/usr/bin/wall FBIwaring" name=warningcron'#在这里name=的内容会写入定时任务的注释部分
ansible all -m crom -a 'disabled=ture job="/usr/bin/wall FBIwaring" name=warningcron'#关闭定时任务
删除任务
ansible all -m crom -a 'state=absent name=warningcron'
yum模块:
ansible all -m yum -a 'name=vsftpd'#list可以查看所有安装的包,如果是安装多个包的话可以用逗号隔开
ansible all -m yum -a 'name=vsftpd state=absent'#删除包
services模块:开机自启动设置,也可以启动服务
ansible all -m service -a 'name=vsftpd enabled=yes'#启动服务是state=start
user模块:管理用户
ansible srv -m user -a 'name=user1 comment="test user”uid= 2048 home=/app/user1 group=root'#comment是对用户的描述 ansible srv -m user -a 'name=sysuser1 system=yes home=/app/sysuser1’#system系统信息 ansible srv -m user -a 'name=user1 state=absent remove=yes'#删除用户及家目录等数据
geoup模块:管理组
ansible srv -m group -a"name=testgroup system=yes' ansible srv -m group -a "name=testgroup state=absent"