本文共 13193 字,大约阅读时间需要 43 分钟。
Ansible
Ansible 基于 Python 语言实现
默认使用 SSH(Secure Shell)协议对设备进行管理。也就是说被控制端必须安装SSH和Python,其它设置与操作都在Ansible主机操作Ansible主要有3种模块:
Command(默认模块,尽量使用这个): does not use shell(Bash/SH), can not use pipes or redirectsShell: supports pipes and redirects, can get messed up by user settingsRaw: just sends commands over ssh, does not need python安装 Ansible
[root@linux-node2 ~ ]# yum -y install ansible[root@linux-node2 ~ ]# vi /etc/hosts
192.168.1.48 linux-node0192.168.1.201 linux-node1192.168.1.32 linux-node2| Ansible 管理机与被管理机做秘钥认证[root@linux-node2 ~ ]# ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:fc:d6:ae:c2:f0:6b:e3:97:e7:8c:e0:90:dc:cf:d6:55 root@linux-node2The key's randomart image is:+--[ RSA 2048]----+ | |
|---|---|
| . E | |
| S . | |
| ..o . . . | |
| ++o oo.. | |
| o*=++o | |
| o+*=++ |
+-----------------+
[root@linux-node2~]# ls /root/.ssh
id_rsa id_rsa.pub[root@linux-node2~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@linux-node0
The authenticity of host 'linux-node0 (192.168.1.48)' can't be established.ECDSA key fingerprint is 3d:c8:02:ba:60:56:ea:a8:8b:0e:7c:88:f0:2d:07:8b.Are you sure you want to continue connecting (yes/no)?yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@linux-node0's password:Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@linux-node0'"
and check to make sure that only the key(s) you wanted were added.[root@linux-node2~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@linux-node1
The authenticity of host 'linux-node1 (192.168.1.201)' can't be established.ECDSA key fingerprint is 4b:40:f1:c3:7e:da:a3:1b:81:ec:68:de:5c:33:c1:9f.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@linux-node1's password:Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@linux-node1'"
and check to make sure that only the key(s) you wanted were added.hosts 文件添加被管理机
[root@linux-node2 ~]# vi /etc/ansible/hostslinux-node0linux-node1测试 Ansible
[root@linux-node2 ~]# ansible -m ping alllinux-node0 | SUCCESS => { "changed": false, "ping": "pong"}linux-node1 | SUCCESS => { "changed": false, "ping": "pong"}[root@linux-node2 ~]# ansible -m shell -a 'python -V' all
linux-node0 | SUCCESS | rc=0 >>Python 2.7.5linux-node1 | SUCCESS | rc=0 >>Python 2.7.5[root@linux-node2 ~]# ansible all -a 'uptime'
linux-node0 | SUCCESS | rc=0 >>13:26:38 up 20:25, 2 users, load average: 0.00, 0.01, 0.05linux-node1 | SUCCESS | rc=0 >>13:26:38 up 21:30, 1 user, load average: 0.25, 0.17, 0.15[root@linux-node2 ~]# ansible all -a 'whoami'
linux-node0 | SUCCESS | rc=0 >>rootlinux-node1 | SUCCESS | rc=0 >>root[root@linux-node2 ~]# ansible all -b -a 'whoami' (如果上面的whoami不是root,这里可以用-b,使别的用户变成root再运行whoami)
linux-node0 | SUCCESS | rc=0 >>rootlinux-node1 | SUCCESS | rc=0 >>root[root@linux-node2 ~]# ansible all -b -m yum -a 'name=httpd state=latest' (在所有主机上安装最新版apache)
[root@linux-node2 ~]# ansible all -b -m command -a 'echo "hello" >/root/hello.txt' (-m command可以省,这个执行后,被控端并没有生成hello.txt,因为command does not use shell)
linux-node0 | SUCCESS | rc=0 >>hello >/root/hello.txtlinux-node1 | SUCCESS | rc=0 >>hello >/root/hello.txt[root@linux-node2 ~]# ansible all -b -m shell -a 'echo "hello" >/root/hello.txt'
(被控端生成hello.txt)linux-node0 | SUCCESS | rc=0 >>linux-node1 | SUCCESS | rc=0 >>被控端
[root@linux-node0 ~]# cat /root/hello.txtHello删除文件(用了-m file模块)
[root@linux-node2 ~]# ansible all -b -m file -a 'path=/root/hello.txt state=absent' linux-node0 | SUCCESS => { "changed": true, "path": "/root/hello.txt", "state": "absent"}linux-node1 | SUCCESS => { "changed": true, "path": "/root/hello.txt", "state": "absent"}被控端
[root@linux-node0 ~]# cat /root/hello.txtcat: /root/hello.txt: No such file or directory复制文件(用了-m copy模块)
[root@linux-node2 ~]# ansible all -b -m copy -a 'src=/etc/hosts dest=/etc/hosts' linux-node0 | SUCCESS => { "changed": true, "checksum": "f8a18de2bf1528cc840179039ab991e0a94068fe", "dest": "/etc/hosts", "gid": 0, "group": "root", "md5sum": "3c20904bc44d3669c1a18429aea169b5", "mode": "0644", "owner": "root", "size": 261, "src": "/root/.ansible/tmp/ansible-tmp-1532501917.65-225783863411073/source", "state": "file", "uid": 0}linux-node1 | SUCCESS => { "changed": true, "checksum": "f8a18de2bf1528cc840179039ab991e0a94068fe", "dest": "/etc/hosts", "gid": 0, "group": "root", "md5sum": "3c20904bc44d3669c1a18429aea169b5", "mode": "0644", "owner": "root", "size": 261, "src": "/root/.ansible/tmp/ansible-tmp-1532501917.66-73905370255186/source", "state": "file", "uid": 0}hosts: all
tasks:name: do a uname
shell: uname -a > /root/results.txt[root@linux-node2 ~]# ansible-playbook test.yaml
PLAY [all] *****
TASK [Gathering Facts] *****
ok: [linux-node0]ok: [linux-node1]TASK [do a uname] **
changed: [linux-node0]changed: [linux-node1]TASK [whoami] **
changed: [linux-node0]changed: [linux-node1]PLAY RECAP *****
linux-node0 : ok=3 changed=2 unreachable=0 failed=0 linux-node1 : ok=3 changed=2 unreachable=0 failed=0被控端
[root@linux-node0 ~]# cat /root/results.txtLinux linux-node0 3.10.0-693.11.1.el7.x86_64 #1 SMP Mon Dec 4 23:52:40 UTC 2017 x86_64 x86_64 x86_64 GNU/Linuxroothosts: all
become: yes #或者truetasks:name: do a uname
shell: uname -a > /root/results.txthosts: all
become: yestasks:name: install vsftpd on Ubuntu (因为我没有装Ubuntu,所以红色部分省)
apt: name=vsftpd update_cache=yes state=latestignore_errors: yesnotify:start vsftpdhandlers:
[root@linux-node2 ~]# ansible-playbook test1.yaml
PLAY [all] ****
TASK [Gathering Facts] ****
ok: [linux-node0]ok: [linux-node1]TASK [install vsftpd on centos] ***
changed: [linux-node0]changed: [linux-node1]RUNNING HANDLER [start vsftpd] ****
changed: [linux-node0]changed: [linux-node1]PLAY RECAP ****
linux-node0 : ok=3 changed=2 unreachable=0 failed=0 linux-node1 : ok=3 changed=2 unreachable=0 failed=0被控端
[root@linux-node0 ~]# service vsftpd statusRedirecting to /bin/systemctl status vsftpd.service?vsftpd.service - Vsftpd ftp daemonLoaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)Active: active (running) since Wed 2018-07-25 17:49:03 CST; 20h agoProcess: 8091 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)Main PID: 8092 (vsftpd)CGroup: /system.slice/vsftpd.service忖8092 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.confJul 25 17:49:03 linux-node0 systemd[1]: Starting Vsftpd ftp daemon...
Jul 25 17:49:03 linux-node0 systemd[1]: Started Vsftpd ftp daemon.Variables and Facts实战
[root@linux-node2 ~]# ansible linux-node0 -m setup -a "filter=family" (ansible linux-node0 -m setup能得到 CPU type, RAM, IP address, CPU cores, etc)linux-node0 | SUCCESS => { "ansible_facts": { "ansible_os_family": "RedHat"}, "changed": false}hosts: linux-node0
vars:tasks:
[root@linux-node2 ~]# ansible-playbook test2.yaml
PLAY [linux-node0] ****
TASK [Gathering Facts] ****
ok: [linux-node0]TASK [echo stuff] *****
changed: [linux-node0]PLAY RECAP ****
linux-node0 : ok=2 changed=1 unreachable=0 failed=0被控端
[root@linux-node0 ~]# cat /root/RedHat.txtcool stuff here is var1, but var2 is cool stuff therehosts: linux-node0
vars:tasks:
name: echo stuff
command: echo -e "{ {var_thing}} give you up,\n { {var_thing}} let you down,\n{ {var_thing}} run around and dessert you"register: results[root@linux-node2 ~]# ansible-playbook test3.yaml
PLAY [linux-node0] ****
TASK [Gathering Facts] ****
ok: [linux-node0]TASK [echo stuff] *****
changed: [linux-node0]TASK [show results] ***
ok: [linux-node0] => { "msg": ["never gonna give you up,", " never gonna let you down,", "never gonna run around and dessert you"]}PLAY RECAP ****
linux-node0 : ok=3 changed=1 unreachable=0 failed=0hosts: linux-node0
become: yestasks:
name: install apache2
apt: name=apache2 state=latestwhen: ansible_os_family == "Debian"[root@linux-node2 ~]# ansible-playbook test4.yaml
PLAY [linux-node0] *****
TASK [Gathering Facts] *****
ok: [linux-node0]TASK [install apache2] *****
skipping: [linux-node0]TASK [install httpd] ***
changed: [linux-node0]PLAY RECAP *****
linux-node0 : ok=2 changed=1 unreachable=0 failed=0被控端
[root@linux-node0 ~]# service httpd statusRedirecting to /bin/systemctl status httpd.service?httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: inactive (dead)Docs: man:httpd(8)man:apachectl(8)hosts: linux-node0
become: yestasks:
[root@linux-node2 ~]# ansible-playbook test5.yaml
PLAY [linux-node0] ****
TASK [Gathering Facts] ****
ok: [linux-node0]TASK [install stuff] **
changed: [linux-node0] => (item=[u'vim', u'nano', u'httpd'])PLAY RECAP ****
linux-node0 : ok=2 changed=1 unreachable=0 failed=0hosts: linux-node0
become: yestasks:
[root@linux-node2 ~]# vi file1.txt
This is file number 1[root@linux-node2 ~]# vi file2.txt
This is filenumber 2[root@linux-node2 ~]# ansible-playbook test6.yaml
PLAY [linux-node0] ****
TASK [Gathering Facts] ****
ok: [linux-node0]TASK [show file contents] *****
ok: [linux-node0] => (item=This is file number 1) => { "msg": "This is file number 1"}ok: [linux-node0] => (item=This is filenumber 2) => { "msg": "This is file\nnumber 2"}PLAY RECAP ****
linux-node0 : ok=2 changed=0 unreachable=0 failed=0hosts: linux-node0
become: yestasks:
[root@linux-node2 ~]# ansible-playbook test7.yaml
PLAY [linux-node0] ****
TASK [Gathering Facts] ****
ok: [linux-node0]TASK [show file contents] *****
ok: [linux-node0] => (item=1) => { "msg": "this is loop 1"}ok: [linux-node0] => (item=2) => { "msg": "this is loop 2"}ok: [linux-node0] => (item=3) => { "msg": "this is loop 3"}ok: [linux-node0] => (item=4) => { "msg": "this is loop 4"}ok: [linux-node0] => (item=5) => { "msg": "this is loop 5"}ok: [linux-node0] => (item=6) => { "msg": "this is loop 6"}ok: [linux-node0] => (item=7) => { "msg": "this is loop 7"}ok: [linux-node0] => (item=8) => { "msg": "this is loop 8"}ok: [linux-node0] => (item=9) => { "msg": "this is loop 9"}ok: [linux-node0] => (item=10) => { "msg": "this is loop 10"}PLAY RECAP ****
linux-node0 : ok=2 changed=0 unreachable=0 failed=0hosts: all
become: yesvars:file_version: 1.0tasks:[root@linux-node2 ~]# vi index.html.j2
<html><center><h1>This computer's hostname is { {ansible_hostname}}</hl><h3>It is running the{ {ansible_os_family}} family of operating system</h3><small>This file is version{ {file_version}}</small>{#this will not end up in the final output file on the remote server#}</center></html>[root@linux-node2 ~]# ansible-playbook test8.yaml
PLAY [all] ****
TASK [Gathering Facts] ****
ok: [linux-node0]ok: [linux-node1]TASK [install index] **
changed: [linux-node0]changed: [linux-node1]PLAY RECAP ****
linux-node0 : ok=2 changed=1 unreachable=0 failed=0 linux-node1 : ok=2 changed=1 unreachable=0 failed=0被控端
[root@linux-node0 ~]# cat /var/www/html/index.html<html><center><h1>This computer's hostname is linux-node0</hl><h3>It is running theRedHat family of operating system</h3><small>This file is version1.0</small></center></html>转载于:https://blog.51cto.com/2290153/2150930