集群运维自动化工具ansible的安装与使用(包括模

来源: 电脑维修教程 阅读:     发表时间:

我使用过puppet与salt,但这2个软件都需要安装客户端,并且更新很快,每次更新都是令人蛋疼的事,尤其是salt,喜欢他的命令功能,但bug太多,不敢在公司

我使用过puppet与salt,但这2个软件都需要安装客户端,并且更新很快,每次更新都是令人蛋疼的事,尤其是salt,喜欢他的命令功能,但bug太多,不敢在公司线上使用,puppet虽然稳定,但弄命令执行的时候,需要mco配置,非常麻烦,我公司由于跟多家公司合作,很多业务没办法安装客户端,所以没办法使用puppet与salt(虽然salt有ssh,但不太好使),最后找到了ansible,他既有命令执行也有配置管理,关键开发它的语言是python,paramiko进行ssh连接,跟我之前开发的自动管理软件都是使用paramiko进行操作,不需要安装客户端,满足我的需求,下面给大家介绍一下我是如何使用的。

一、安装

1、安装第三方epel源

centos 5的epel

rpm -ivh http://mirrors.sohu.com/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpm

centos 6的epel

rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm

查看系统版本

17:01:30 # cat /etc/issue

centos release 6.5 (final)

kernel r on an m

由于是6版本所以安装6的epel

2、安装ansible

yum install ansible

如果需要自定义module或者想阅读源码、使用最新版本,可以去github里下载源码

git clone https://github.com/ansible/ansible.git

3、添加主机

17:22:08 # cd /etc/ansible/

root@ip-10-10-10-10:/etc/ansible

17:23:27 # ll

total 12

-rw-r--r-- 1 root root 5113 dec 29 03:00 ansible.cfg

-rw-r--r-- 1 root root 965 dec 29 03:00 hosts

其中ansible.cfg是配置文件,hosts是管理主机信息

17:24:44 # cat hosts

172.17.0.2:49154

172.17.0.4:49155

[zabbix]

172.17.0.2:49154

172.17.0.4:49155

[vpn]

172.17.0.10

4、使用密码登陆

ansible支持正则测试

16:20:57 # ansible 127* -m ping

ssh password:

127.0.0.1 | success >> {

"changed": false,

"ping": "pong"

}

root@ip-10-10-10-10:/etc/ansible

16:21:05 # ansible 172* -m ping

ssh password:

172.17.0.5 | success >> {

"changed": false,

"ping": "pong"

}

172.17.0.4 | success >> {

"changed": false,

"ping": "pong"

}

172.17.0.2 | success >> {

"changed": false,

"ping": "pong"

}

如果你有多台服务器的话,想并发运行,可以使用-f参数,默认是并发5

5、使用密钥登陆测试

11:30:35 # ansible vpn -m shell -a "echo $term" -u test --private-key=denglei -k

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success | rc=0 >>

xterm

二、模块应用

6、文件传输

11:30:44 # ansible vpn -m copy -a "src=/tmp/server dest=/tmp/server" -u test --private-key=denglei -k

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success >> {

"changed": true,

"dest": "/tmp/server",

"gid": 505,

"group": "test",

"md5sum": "e8b32bc4d7b564ac6075a1418ad8841e",

"mode": "0664",

"owner": "test",

"size": 7,

"src": "/home/test/.ansible/tmp/ansible-1402630447.45-253524136818424/source",

"state": "file",

"uid": 503

}

去客户端查看文件是否传输过来

11:34:57 # ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=denglei -k

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success | rc=0 >>

total 76

-rw-r--r-- 1 root root 41692 may 21 13:02 config

-rw-r--r-- 1 root root 1228 jun 12 18:24 install_pptpd_vpn.sh

-rw-rw-r-- 1 test test 7 jun 13 19:33 server

-rw-r--r-- 1 root root 82 jun 12 18:21 test.log

-rw-r--r-- 1 root root 290 jun 12 18:21 test.sh

-rw-r--r-- 1 root root 2444 apr 28 2012 vpn_centos6.sh

-rw------- 1 root root 727 jun 10 18:21 yum_save_tx-2014-06-10-18-21urqdap.yumtx

-rw-rw-r-- 1 zabbix zabbix 3124 jun 12 21:32 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix 5 jun 12 21:32 zabbix_agentd.pid

可以看到已经传过来了

看看文件内容

11:35:09 # ansible vpn -m shell -a "cat /tmp/server" -u test --private-key=denglei -k

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success | rc=0 >>

server

内容正常

还有另外一个模块file,可以修改用户与权限

下面是当前文件状态

13:50:07 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -k

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success | rc=0 >>

-rw-rw-r-- 1 test test 7 jun 13 19:33 /tmp/server

server文件是664权限,用户与组都是test

修改一下

13:51:17 # ansible vpn -m file -a "dest=/tmp/server mode=755 owner=root group=root" -u test --private-key=denglei -k

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success >> {

"changed": true,

"gid": 0,

"group": "root",

"mode": "0755",

"owner": "root",

"path": "/tmp/server",

"size": 7,

"state": "file",

"uid": 0

}

root@ip-10-10-10-10:/etc/ansible

13:51:31 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -k

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success | rc=0 >>

-rwxr-xr-x 1 root root 7 jun 13 19:33 /tmp/server

7、安装软件

14:20:30 # ansible vpn -m yum -a "name=nmap state=installed" -u test --private-key=denglei -k

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success >> {

"changed": true,

"msg": "",

"rc": 0,

"results": [

"loaded plugins: fastestmirror, securitynloading mirror speeds from cached hostfilen * epel: mirrors.hust.edu.cnnsetting up install processnresolving dependenciesn--> running transaction checkn---> package nmap.x86_64 2:5.51-3.el6 will be installedn--> finished dependency resolutionnndependencies resolvednn================================================================================n package arch version repository sizen================================================================================ninstalling:n nmap x86_64 2:5.51-3.el6 base 2.7 mnntransaction summaryn================================================================================ninstall 1 package(s)nntotal download size: 2.7 mninstalled size: 9.7 mndownloading packages:nrunning rpm_check_debugnrunning transaction testntransaction test succeedednrunning transactionnr installing : 2:nmap-5.51-3.el6.x86_64 1/1 nr verifying : 2:nmap-5.51-3.el6.x86_64 1/1 nninstalled:n nmap.x86_64 2:5.51-3.el6 nncomplete!n"

]

}

三、playbook配置管理

8、playbook

a.进行一下shell模块操作,测试删除文件

先查看一下客户端的server-test是否存在

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success | rc=0 >>

-rw-rw-r-- 1 test test 7 jun 14 00:37 /tmp/server-test

可以看到是存在的

然后写一个删除的playbook

[root@puppet ansible]# cat test.yml

---

- hosts: vpn

remote_user: test

tasks:

- name: delete /tmp/server-test

shell: rm -rf /tmp/server-test

运行

[root@puppet ansible]# ansible-playbook test.yml --private-key=/root/denglei -k

[warning]: the version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. if possible, you should update

it (ie. yum update gmp).

ssh password:

play [vpn] ********************************************************************

gathering facts ***************************************************************

ok: [172.17.0.10]

task: [delete /tmp/server-test] ***********************************************

changed: [172.17.0.10]

play recap ********************************************************************

172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0

在查看

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | failed | rc=2 >>

ls: cannot access /tmp/server-test: no such file or directory

文件已经删除

b.进行一下template模块操作,测试文件传输

[root@puppet ansible]# cat copy.yml

---

- hosts: vpn

remote_user: test

tasks:

- name: copy local server to client /tmp/server-test

template: src=/tmp/server dest=/tmp/server-test

[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k

[warning]: the version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. if possible, you should update

it (ie. yum update gmp).

ssh password:

play [vpn] ********************************************************************

gathering facts ***************************************************************

ok: [172.17.0.10]

task: [copy local server to client /tmp/server-test] **************************

changed: [172.17.0.10]

play recap ********************************************************************

172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success | rc=0 >>

-rw-rw-r-- 1 test test 7 jun 14 17:07 /tmp/server-test

c.使用service模块,测试一下服务重启

[root@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -k -s

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success | rc=0 >>

shutting down pptpd: [ ok ]

[root@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -k -s

ssh password:

sudo password [defaults to ssh password]:

172.17.0.10 | success | rc=0 >>

shutting down pptpd: [ ok ]

d.多项目同时更新

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success | rc=0 >>

total 84

-rw-r--r-- 1 root root 41692 may 21 13:02 config

-rw-r--r-- 1 root root 1228 jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root root 7 jun 13 19:33 server

-rw-rw-r-- 1 test test 7 jun 14 17:07 server-test

-rw-r--r-- 1 root root 82 jun 12 18:21 test.log

-rw-r--r-- 1 root root 290 jun 12 18:21 test.sh

-rw-r--r-- 1 root root 2444 apr 28 2012 vpn_centos6.sh

-rw------- 1 root root 727 jun 10 18:21 yum_save_tx-2014-06-10-18-21urqdap.yumtx

-rw-rw-r-- 1 zabbix zabbix 4664 jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix 5 jun 14 00:30 zabbix_agentd.pid

[root@puppet ansible]# vim multi_copy.yml

[root@puppet ansible]# cat multi_copy.yml

---

- hosts: vpn

remote_user: test

gather_facts: false

tasks:

- name: copy local server to client /tmp/server-test

template: src=/tmp/server dest=/tmp/test-{{item}}

with_items:

- server-1

- server-2

- server-3

[root@puppet ansible]# ansible-playbook multi_copy.yml --private-key=/root/denglei -k

[warning]: the version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. if possible, you should update

it (ie. yum update gmp).

ssh password:

play [vpn] ********************************************************************

task: [copy local server to client /tmp/server-test] **************************

changed: [172.17.0.10] => (item=server-1)

changed: [172.17.0.10] => (item=server-2)

changed: [172.17.0.10] => (item=server-3)

play recap ********************************************************************

172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success | rc=0 >>

total 96

-rw-r--r-- 1 root root 41692 may 21 13:02 config

-rw-r--r-- 1 root root 1228 jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root root 7 jun 13 19:33 server

-rw-rw-r-- 1 test test 7 jun 14 17:07 server-test

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-1

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-2

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-3

-rw-r--r-- 1 root root 82 jun 12 18:21 test.log

-rw-r--r-- 1 root root 290 jun 12 18:21 test.sh

-rw-r--r-- 1 root root 2444 apr 28 2012 vpn_centos6.sh

-rw------- 1 root root 727 jun 10 18:21 yum_save_tx-2014-06-10-18-21urqdap.yumtx

-rw-rw-r-- 1 zabbix zabbix 4664 jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix 5 jun 14 00:30 zabbix_agentd.pid

e.根据条件进行删除

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success | rc=0 >>

total 96

-rw-r--r-- 1 root root 41692 may 21 13:02 config

-rw-r--r-- 1 root root 1228 jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root root 7 jun 13 19:33 server

-rw-rw-r-- 1 test test 7 jun 14 17:07 server-test

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-1

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-2

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-3

-rw-r--r-- 1 root root 82 jun 12 18:21 test.log

-rw-r--r-- 1 root root 290 jun 12 18:21 test.sh

-rw-r--r-- 1 root root 2444 apr 28 2012 vpn_centos6.sh

-rw------- 1 root root 727 jun 10 18:21 yum_save_tx-2014-06-10-18-21urqdap.yumtx

-rw-rw-r-- 1 zabbix zabbix 4664 jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix 5 jun 14 00:30 zabbix_agentd.pid

[root@puppet ansible]# cat delete.yml

---

- hosts: vpn

remote_user: test

gather_facts: true

tasks:

- name: if system is centos,then rm /tmp/test-server-1

shell: rm -rf /tmp/test-server-1

when: ansible_os_family == "redhat"

[root@puppet ansible]# ansible-playbook delete.yml --private-key=/root/denglei -k

[warning]: the version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. if possible, you should update

it (ie. yum update gmp).

ssh password:

play [vpn] ********************************************************************

gathering facts ***************************************************************

ok: [172.17.0.10]

task: [if system is centos,then rm /tmp/test-server-1] ************************

changed: [172.17.0.10]

play recap ********************************************************************

172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success | rc=0 >>

total 92

-rw-r--r-- 1 root root 41692 may 21 13:02 config

-rw-r--r-- 1 root root 1228 jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root root 7 jun 13 19:33 server

-rw-rw-r-- 1 test test 7 jun 14 17:07 server-test

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-2

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-3

-rw-r--r-- 1 root root 82 jun 12 18:21 test.log

-rw-r--r-- 1 root root 290 jun 12 18:21 test.sh

-rw-r--r-- 1 root root 2444 apr 28 2012 vpn_centos6.sh

-rw------- 1 root root 727 jun 10 18:21 yum_save_tx-2014-06-10-18-21urqdap.yumtx

-rw-rw-r-- 1 zabbix zabbix 4664 jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix 5 jun 14 00:30 zabbix_agentd.pid

f.debug输出

[root@puppet ansible]# cat debug.yml

---

- hosts: vpn

remote_user: test

gather_facts: true

tasks:

- name: debug to print interface

debug: msg="{{item}}"

with_items: ansible_default_ipv4.address

[root@puppet ansible]# ansible-playbook debug.yml --private-key=/root/denglei -k

[warning]: the version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. if possible, you should update

it (ie. yum update gmp).

ssh password:

play [vpn] ********************************************************************

gathering facts ***************************************************************

ok: [172.17.0.10]

task: [debug to print interface] **********************************************

ok: [172.17.0.10] => (item=10.10.32.34) => {

"item": "10.10.32.34",

"msg": "10.10.32.34"

}

g.check模式,仅检测,但不实行

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success | rc=0 >>

total 92

-rw-r--r-- 1 root root 41692 may 21 13:02 config

-rw-r--r-- 1 root root 1228 jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root root 7 jun 13 19:33 server

-rw-rw-r-- 1 test test 7 jun 14 17:07 server-test

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-2

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-3

-rw-r--r-- 1 root root 82 jun 12 18:21 test.log

-rw-r--r-- 1 root root 290 jun 12 18:21 test.sh

-rw-r--r-- 1 root root 2444 apr 28 2012 vpn_centos6.sh

-rw------- 1 root root 727 jun 10 18:21 yum_save_tx-2014-06-10-18-21urqdap.yumtx

-rw-rw-r-- 1 zabbix zabbix 4664 jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix 5 jun 14 00:30 zabbix_agentd.pid

[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --check

[warning]: the version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. if possible, you should update

it (ie. yum update gmp).

ssh password:

play [vpn] ********************************************************************

gathering facts ***************************************************************

ok: [172.17.0.10]

task: [copy local server to client /tmp/server-test] **************************

changed: [172.17.0.10] => (item=server-1)

ok: [172.17.0.10] => (item=server-2)

ok: [172.17.0.10] => (item=server-3)

play recap ********************************************************************

172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0

play recap ********************************************************************

172.17.0.10 : ok=2 changed=0 unreachable=0 failed=0

h.diff

使用diff与不使用作对比

[root@puppet ansible]# ansible vpn -m shell -a "rm -rf /tmp/test-server-1" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success | rc=0 >>

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success | rc=0 >>

total 92

-rw-r--r-- 1 root root 41692 may 21 13:02 config

-rw-r--r-- 1 root root 1228 jun 12 18:24 install_pptpd_vpn.sh

-rwxr-xr-x 1 root root 7 jun 13 19:33 server

-rw-rw-r-- 1 test test 7 jun 14 17:07 server-test

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-2

-rw-rw-r-- 1 test test 7 jun 18 00:50 test-server-3

-rw-r--r-- 1 root root 82 jun 12 18:21 test.log

-rw-r--r-- 1 root root 290 jun 12 18:21 test.sh

-rw-r--r-- 1 root root 2444 apr 28 2012 vpn_centos6.sh

-rw------- 1 root root 727 jun 10 18:21 yum_save_tx-2014-06-10-18-21urqdap.yumtx

-rw-rw-r-- 1 zabbix zabbix 4664 jun 14 00:30 zabbix_agentd.log

-rw-rw-r-- 1 zabbix zabbix 5 jun 14 00:30 zabbix_agentd.pid

[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --diff

[warning]: the version of gmp you have installed has a known issue regarding

timing vulnerabilities when used with pycrypto. if possible, you should update

it (ie. yum update gmp).

ssh password:

play [vpn] ********************************************************************

gathering facts ***************************************************************

ok: [172.17.0.10]

task: [copy local server to client /tmp/server-test] **************************

--- before

+++ after

@@ -1,0 +1,1 @@

+server

changed: [172.17.0.10] => (item=server-1)

ok: [172.17.0.10] => (item=server-2)

ok: [172.17.0.10] => (item=server-3)

play recap ********************************************************************

172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0

9、主机信息查看

类似puppet的fact、salt的grains

[root@puppet ansible]# ansible vpn -m setup -u test --private-key=/root/denglei -k

ssh password:

172.17.0.10 | success >> {

"ansible_facts": {

"ansible_all_ipv4_addresses": [

"10.10.32.34",

"10.10.32.34"

],

"ansible_all_ipv6_addresses": [

"fe80::f816:3eff:fe3e:1667"

],

"ansible_architecture": "x86_64",

"ansible_bios_date": "01/01/2007",

"ansible_bios_version": "bochs",

"ansible_cmdline": {

"keyboardtype": "pc",

"keytable": "us",

"lang": "zh_cn.utf-8",

"quiet": true,

"rd_no_dm": true,

"rd_no_luks": true,

"rd_no_lvm": true,

"rd_no_md": true,

"rhgb": true,

"ro": true,

"root": "uuid=c6042d42-8edb-4bb4-a31b-2197b043500c"

},

数据太多,我就展示部分。

当前1/2页 1 2 下一页

您可能感兴趣的文章:

集群运维自动化工具ansible之使用playbook安装zabbix客户端

以上是:解决集群运维自动化工具ansible的安装与使用(包括模问题的详细资料教程