Transfer: https://www.cnblogs.com/yanjieli/p/10969089.html
Ansible-- Quick Start
Ansible Quick Start
Introduction
AnsibleIs a simple operation and maintenance of automated tools, only need to use sshprotocol since you can connect the system management, automated order execution, deployment, and other tasks.
Ansible features
1, ansible do not need to install a separate client does not need to start any services
2, ansible is a python in a complete automation tasks modules
3, ansible playbook using yaml configuration for automation tasks performed at a glance
Ansible composition structure
- Ansible
isAnsiblea tool command, execution core tool; one-time or temporary operation is performed by executing the command. - Ansible Playbook
task script (also known set of tasks), choreography definedAnsibletask set profile byAnsibleperforming the order,yamlformat. - Inventory
Ansibleinventory management host, the default is/etc/ansible/hostsfile. - Modules
Ansibleexecuting the command function modulesAnsible2.3in version, there are1039modules. It may also be custom module. - Plugins
add-on module, the module function, often plug type connector, plug-loop, variable plug filter insert, the insert with fewer features. - API
provides application programming interfaces to third-party program called.
Preparing the Environment
| IP | system | CPU name | description |
|---|---|---|---|
| 192.168.1.30 | CentOS7 | ansible | ansible management node |
| 192.168.1.31 | CentOS7 | linux.node01.com | Managed nodes 1 |
| 192.168.1.32 | CentOS7 | linux.node02.com | Managed Node 2 |
| 192.168.1.33 | CentOS7 | linux.node03.com | Managed node 3 |
| 192.168.1.36 | CentOS6 | linux.node06.com | Managed node 6 |
Ansible installation
1) Configuration epelsource
[root@ansible ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo [root@ansible ~]# yum clean all [root@ansible ~]# yum makecache
2) Installationansible
[root@ansible ~]# yum -y install ansible # 查看ansible版本 [root@ansible ~]# ansible --version ansible 2.8.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
Ansible Inventory File
InventoryFiles are typically used to define the authentication information to be managed host, such as sshlogin user name, password and keyrelated information. Simultaneous operation of a group of multiple hosts, the relationship between the group and the group is through a host inventoryfile configuration. Configuration file path:/etc/ansible/hosts
Based password to connect
[ansible the root @ ~] # Vim / etc / ansible / the hosts # Method a host port + Password + [the webserver] 192.168.1.31 ansible_ssh_port ansible_ssh_user = = 22 is the root ansible_ssh_pass = "123456" 192.168.1.32 ansible_ssh_port 22 is ansible_ssh_user = = = the root ansible_ssh_pass "123456" 192.168.1.33 ansible_ssh_port ansible_ssh_user = = 22 is the root ansible_ssh_pass = "123456" 192.168.1.36 ansible_ssh_port ansible_ssh_user = = 22 is the root ansible_ssh_pass = "123456" # method two host ports + password + [the webserver] 192.168.1.3 [. 1:. 3] = = the root ansible_ssh_pass ansible_ssh_user "123456" # method two host ports + password + [the webserver] 192.168.1.3 [. 1:. 3] [the webserver: VARS] ansible_ssh_pass = "123456"
Based on secret key connection
Secret key to the managed appliance connection need to create public and private keys, based on concurrent
1) generates a public and private key
[root@ansible ~]# ssh-keygen
[root@ansible ~]# for i in {1,2,3,6}; do ssh-copy-id -i 192.168.1.3$i ; done
2) configure the connection
[ansible the root @ ~] # Vim / etc / ansible / the hosts # Method a host port + + key [the webserver] 192.168.1.31:22 192.168.1.32 192.168.1.33 192.168.1.36 # Aliases method host port + + Key [the webserver] node1 ansible_ssh_host = 22 is 192.168.1.31 ansible_ssh_port = node2 ansible_ssh_host = 192.168.1.32 ansible_ssh_port = 22 is node3 ansible_ssh_host = 192.168.1.33 ansible_ssh_port = 22 is Node6 ansible_ssh_host = 192.168.1.36 = 22 is ansible_ssh_port
Use the host group
# Host group, host variable name Password [Apache] 192.168.1.36 192.168.1.33 [apache.vars] ansible_ssh_pass = '123456' # host group variable name, host key [Nginx] 192.168.1.3 [. 1: 2] # defining a plurality of groups, a group when the other group members [webserver: children] #webserver group comprises two subgroups: Apache Nginx Apache Nginx
Temporary specified inventory
1) First edit a master list of definitions
[root@ansible ~]# vim /etc/dockers [dockers] 192.168.1.31 ansible_ssh_pass='123456' 192.168.1.32 192.168.1.33
2) the execution order is specifiedinventory
[root@ansible ~]# ansible dockers -m ping -i /etc/dockers -o
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.31 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
Inventory built-in parameter
Ansible Ad-Hoc
ad-hoc - temporary, in ansiblethe need to quickly perform refers to, and does not require a saved command. It means to perform simple command - a command. For complex command was playbooksimilar to saltstackthe state slsstate of the file.
ansible命令格式
1)常用命令参数
[root@ansible ~]# ansible -h Usage: ansible <host-pattern> [options] -a MODULE_ARGS #模块参数 -C, --check #检查语法 -f FORKS #并发 --list-hosts #列出主机列表 -m MODULE_NAME #模块名字 -o 使用精简的输出
2)示例
[root@ansible ~]# ansible webserver -m shell -a 'uptime' -o 192.168.1.36 | CHANGED | rc=0 | (stdout) 13:46:14 up 1 day, 9:20, 4 users, load average: 0.00, 0.00, 0.00 192.168.1.33 | CHANGED | rc=0 | (stdout) 21:26:33 up 1 day, 8:51, 3 users, load average: 0.00, 0.01, 0.05 192.168.1.31 | CHANGED | rc=0 | (stdout) 21:26:33 up 1 day, 8:50, 3 users, load average: 0.00, 0.01, 0.05 192.168.1.32 | CHANGED | rc=0 | (stdout) 21:26:33 up 1 day, 8:59, 3 users, load average: 0.00, 0.01, 0.05
3)命令说明
host-pattern格式
目标target主机,主机组匹配方式
主机的匹配
# 一台目标主机 [root@ansible ~]# ansible 192.168.1.31 -m ping # 多台目标主机 [root@ansible ~]# ansible 192.168.1.31,192.168.1.32 -m ping # 所有目标主机 [root@ansible ~]# ansible all -m ping
组的匹配
# 组的配置信息如下:这里定义了一个nginx组和一个apache组
[root@ansible ~]# ansible nginx --list
hosts (2):
192.168.1.31
192.168.1.32
[root@ansible ~]# ansible apache --list
hosts (3):
192.168.1.36
192.168.1.33
192.168.1.32
# 一个组的所有主机匹配
[root@ansible ~]# ansible apache -m ping
# 匹配apache组中有,但是nginx组中没有的所有主机
[root@ansible ~]# ansible 'apache:!nginx' -m ping -o
192.168.1.36 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
# 匹配apache组和nginx组中都有的机器(并集)
[root@ansible ~]# ansible 'apache:&nginx' -m ping -o
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
# 匹配apache组nginx组两个组所有的机器(并集);等于ansible apache,nginx -m ping
[root@ansible ~]# ansible 'apache:nginx' -m ping -o
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.31 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.36 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
Ansible快速入门
介绍
Ansible是一款简单的运维自动化工具,只需要使用ssh协议连接就可以来进行系统管理,自动化执行命令,部署等任务。
Ansible的特点
1、ansible不需要单独安装客户端,也不需要启动任何服务
2、ansible是python中的一套完整的自动化执行任务模块
3、ansible playbook 采用yaml配置,对于自动化任务执行过一目了然
Ansible组成结构
- Ansible
是Ansible的命令工具,核心执行工具;一次性或临时执行的操作都是通过该命令执行。 - Ansible Playbook
任务剧本(又称任务集),编排定义Ansible任务集的配置文件,由Ansible顺序依次执行,yaml格式。 - Inventory
Ansible管理主机的清单,默认是/etc/ansible/hosts文件。 - Modules
Ansible执行命令的功能模块,Ansible2.3版本为止,共有1039个模块。还可以自定义模块。 - Plugins
插件,模块功能的补充,常有连接类型插件,循环插件,变量插件,过滤插件,插件功能用的较少。 - API
提供给第三方程序调用的应用程序编程接口。
环境准备
| IP | 系统 | 主机名 | 描述 |
|---|---|---|---|
| 192.168.1.30 | CentOS7 | ansible | ansible管理节点 |
| 192.168.1.31 | CentOS7 | linux.node01.com | 被管理节点1 |
| 192.168.1.32 | CentOS7 | linux.node02.com | 被管理节点2 |
| 192.168.1.33 | CentOS7 | linux.node03.com | 被管理节点3 |
| 192.168.1.36 | CentOS6 | linux.node06.com | 被管理节点6 |
Ansible安装
1)配置epel源
[root@ansible ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo [root@ansible ~]# yum clean all [root@ansible ~]# yum makecache
2)安装ansible
[root@ansible ~]# yum -y install ansible # 查看ansible版本 [root@ansible ~]# ansible --version ansible 2.8.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
Ansible Inventory文件
Inventory文件通常用于定义要管理的主机的认证信息,例如ssh登录用户名、密码以及key相关信息。可以同时操作一个组的多台主机,组与主机组之间的关系都是通过inventory文件配置。配置文件路径为:/etc/ansible/hosts
基于密码连接
[root@ansible ~]# vim /etc/ansible/hosts # 方法一 主机+端口+密码 [webserver] 192.168.1.31 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456" 192.168.1.32 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456" 192.168.1.33 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456" 192.168.1.36 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123456" # 方法二 主机+端口+密码 [webserver] 192.168.1.3[1:3] ansible_ssh_user=root ansible_ssh_pass="123456" # 方法二 主机+端口+密码 [webserver] 192.168.1.3[1:3] [webserver:vars] ansible_ssh_pass="123456"
基于秘钥连接
基于秘钥连接需要先创建公钥和私钥,并发送给被管理机器
1)生成公私钥
[root@ansible ~]# ssh-keygen
[root@ansible ~]# for i in {1,2,3,6}; do ssh-copy-id -i 192.168.1.3$i ; done
2)配置连接
[root@ansible ~]# vim /etc/ansible/hosts # 方法一 主机+端口+密钥 [webserver] 192.168.1.31:22 192.168.1.32 192.168.1.33 192.168.1.36 # 方法一 别名主机+端口+密钥 [webserver] node1 ansible_ssh_host=192.168.1.31 ansible_ssh_port=22 node2 ansible_ssh_host=192.168.1.32 ansible_ssh_port=22 node3 ansible_ssh_host=192.168.1.33 ansible_ssh_port=22 node6 ansible_ssh_host=192.168.1.36 ansible_ssh_port=22
主机组的使用
# 主机组变量名+主机+密码 [apache] 192.168.1.36 192.168.1.33 [apache.vars] ansible_ssh_pass='123456' # 主机组变量名+主机+密钥 [nginx] 192.168.1.3[1:2] # 定义多个组,把一个组当另外一个组的组员 [webserver:children] #webserver组包括两个子组:apache nginx apache nginx
临时指定inventory
1)先编辑一个主机定义清单
[root@ansible ~]# vim /etc/dockers [dockers] 192.168.1.31 ansible_ssh_pass='123456' 192.168.1.32 192.168.1.33
2)在执行命令是指定inventory
[root@ansible ~]# ansible dockers -m ping -i /etc/dockers -o
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.31 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
Inventory内置参数
Ansible Ad-Hoc
ad-hoc —— 临时的,在ansible中是指需要快速执行,并且不需要保存的命令。说白了就是执行简单的命令——一条命令。对于复杂的命令则为playbook,类似于saltstack的state sls状态文件。
ansible命令格式
1)常用命令参数
[root@ansible ~]# ansible -h Usage: ansible <host-pattern> [options] -a MODULE_ARGS #模块参数 -C, --check #检查语法 -f FORKS #并发 --list-hosts #列出主机列表 -m MODULE_NAME #模块名字 -o 使用精简的输出
2)示例
[root@ansible ~]# ansible webserver -m shell -a 'uptime' -o 192.168.1.36 | CHANGED | rc=0 | (stdout) 13:46:14 up 1 day, 9:20, 4 users, load average: 0.00, 0.00, 0.00 192.168.1.33 | CHANGED | rc=0 | (stdout) 21:26:33 up 1 day, 8:51, 3 users, load average: 0.00, 0.01, 0.05 192.168.1.31 | CHANGED | rc=0 | (stdout) 21:26:33 up 1 day, 8:50, 3 users, load average: 0.00, 0.01, 0.05 192.168.1.32 | CHANGED | rc=0 | (stdout) 21:26:33 up 1 day, 8:59, 3 users, load average: 0.00, 0.01, 0.05
3)命令说明
host-pattern格式
目标target主机,主机组匹配方式
主机的匹配
# 一台目标主机 [root@ansible ~]# ansible 192.168.1.31 -m ping # 多台目标主机 [root@ansible ~]# ansible 192.168.1.31,192.168.1.32 -m ping # 所有目标主机 [root@ansible ~]# ansible all -m ping
组的匹配
# 组的配置信息如下:这里定义了一个nginx组和一个apache组
[root@ansible ~]# ansible nginx --list
hosts (2):
192.168.1.31
192.168.1.32
[root@ansible ~]# ansible apache --list
hosts (3):
192.168.1.36
192.168.1.33
192.168.1.32
# 一个组的所有主机匹配
[root@ansible ~]# ansible apache -m ping
# 匹配apache组中有,但是nginx组中没有的所有主机
[root@ansible ~]# ansible 'apache:!nginx' -m ping -o
192.168.1.36 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
# 匹配apache组和nginx组中都有的机器(并集)
[root@ansible ~]# ansible 'apache:&nginx' -m ping -o
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
# 匹配apache组nginx组两个组所有的机器(并集);等于ansible apache,nginx -m ping
[root@ansible ~]# ansible 'apache:nginx' -m ping -o
192.168.1.32 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.31 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.33 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.1.36 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}