当前位置 : 主页 > 网络安全 > 测试自动化 >

ansible工作原理以及使用详解

来源:互联网 收集:自由互联 发布时间:2021-06-19
内容: 1、ansible的作用以及工作结构 2、ansible的安装以及使用 3、ansible的playbook使用 一、ansible的作用以及工作结构 1、ansible简介: ansible是新出现的自动化运维工具,基于Python开发,集

内容:
1、ansible的作用以及工作结构
2、ansible的安装以及使用
3、ansible的playbook使用

一、ansible的作用以及工作结构
        1、ansible简介:
        ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
        (1)、连接插件connection plugins:负责和被监控端实现通信;
        (2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
        (3)、各种模块核心模块、command模块、自定义模块;
        (4)、借助于插件完成记录日志邮件等功能;
        (5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
        2、ansible的架构:连接其他主机默认使用ssh协议


二、ansible的安装以及常用模块使用
        1、ansible无服务器端,使用时直接运行命令即可,同时不需要在被管控主机上安装任何客户端,因此ansible是一个十分轻量级的工具,可以在epel源进行安装,ansible已经被红帽收购,相信不久会被收入base源
        配置好epel源后直接yum安装ansible

  •   1 
      2 [[email protected] ~]# yum info ansible
      3 Loaded plugins: fastestmirror, refresh-packagekit, security
      4 Loading mirror speeds from cached hostfile
      5 base                             | 4.0 kB     00:00 ...
      6 epel                             | 4.3 kB     00:00
      7 epel/primary_db                  | 5.7 MB     00:00
      8 Available Packages
      9 Name        : ansible
     10 Arch        : noarch
     11 Version     : 1.9.2
     12 Release     : 1.el6
     13 Size        : 1.7 M
     14 Repo        : epel
     15 Summary     : SSH-based configuration management, deployment, and task execution system
     16 URL         : http://ansible.com
     17 License     : GPLv3
     18 Description :
     19             : Ansible is a radically simple model-driven configuration management,
     20             : multi-node deployment, and remote task execution system. Ansible works
     21             : over SSH and does not require any software or daemons to be installed
     22             : on remote nodes. Extension modules can be written in any language and
     23             : are transferred to managed machines automatically.
     24 [[email protected] ~]# yum install ansible

 

查看生成的主要文件:

  1 /etc/ansible
  2 /etc/ansible/ansible.cfg   #配置文件
  3 /etc/ansible/hosts   #主机库(host inventory)
  4 /usr/bin/ansible   #主程序
  5 /usr/bin/ansible-doc   #文档
  6 /usr/bin/ansible-playbook   #剧本


ansible命令的使用方法也比较简单:
        语法:
        ansible <host-pattern> [-f forks] [-m module_name] [-a args]
        host-pattern:host inventory文件的一个组名,可以为all
            -f forks:并行处理的个数,默认为5
            -m module_name:模块名,默认为command
            -a args:参数
        ansible-doc:
            -l:查看模块列表
            -s:查看相关模块参数
        我们可以看到ansible支持非常多的模块:

  1 [21:20 [email protected]/var/ftp/pub/files]# ansible-doc -l
  2 less 436
  3 Copyright (C) 1984-2009 Mark Nudelman
  4 less comes with NO WARRANTY, to the extent permitted by law.
  5 For information about the terms of redistribution,
  6 see the file named README in the less distribution.
  7 Homepage: http://www.greenwoodsoftware.com/less
  8 a10_server                    Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
  9 a10_service_group             Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
 10 a10_virtual_server            Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
 11 acl                           Sets and retrieves file ACL information.
 12 add_host                      add a host (and alternatively a group) to the ansible-playbook in-memory inventory
 13 airbrake_deployment           Notify airbrake about app deployments
 14 alternatives                  Manages alternative programs for common commands
 15 apache2_module                enables/disables a module of the Apache2 webserver
 16 apt                           Manages apt-packages
 17 apt_key                       Add or remove an apt key
 18 apt_repository                Add and remove APT repositories
 19 apt_rpm                       apt_rpm package manager
 20 assemble                      Assembles a configuration file from fragments
 21 assert                        Fail with custom message
 22 at                            Schedule the execution of a command or script file via the at command.
 23 authorized_key                Adds or removes an SSH authorized key
 24 azure                         create or terminate a virtual machine in azure
 25 bigip_facts                   Collect facts from F5 BIG-IP devices
 26 bigip_monitor_http            Manages F5 BIG-IP LTM http monitors
 27 bigip_monitor_tcp             Manages F5 BIG-IP LTM tcp monitors
 28 bigip_node                    Manages F5 BIG-IP LTM nodes
 29 bigip_pool                    Manages F5 BIG-IP LTM pools
 30 bigip_pool_member             Manages F5 BIG-IP LTM pool members
 31 bigpanda                      Notify BigPanda about deployments
 32 boundary_meter                Manage boundary meters
 33 


注意:使用ansible-doc -s查看帮助是,一般有=号的参数都是必要的参数
        Ansible默认安装好后有一个配置文件/etc/ansible/ansible.cfg,该配置文件中定义了ansible的主机的默认配置部分,如默认是否需要输入密码、是否开启sudo认证、action_plugins插件的位置、hosts主机组的位置、是否开启log功能、默认端口、key文件位置等等。
        具体如下:

  1 [defaults]
  2     # some basic default values...
  3     hostfile       = /etc/ansible/hosts   \\指定默认hosts配置的位置
  4     # library_path = /usr/share/my_modules/
  5     remote_tmp     = $HOME/.ansible/tmp
  6     pattern        = *
  7     forks          = 5
  8     poll_interval  = 15
  9     sudo_user      = root  \\远程sudo用户
 10     #ask_sudo_pass = True  \\每次执行ansible命令是否询问ssh密码
 11     #ask_pass      = True  \\每次执行ansible命令时是否询问sudo密码
 12     transport      = smart
 13     remote_port    = 22
 14     module_lang    = C
 15     gathering = implicit
 16     host_key_checking = False    \\关闭第一次使用ansible连接客户端是输入命令提示
 17     log_path    = /var/log/ansible.log \\需要时可以自行添加。chown -R root:root ansible.log
 18     system_warnings = False    \\关闭运行ansible时系统的提示信息,一般为提示升级
 19     # set plugin path directories here, separate with colons
 20     action_plugins     = /usr/share/ansible_plugins/action_plugins
 21     callback_plugins   = /usr/share/ansible_plugins/callback_plugins
 22     connection_plugins = /usr/share/ansible_plugins/connection_plugins
 23     lookup_plugins     = /usr/share/ansible_plugins/lookup_plugins
 24     vars_plugins       = /usr/share/ansible_plugins/vars_plugins
 25     filter_plugins     = /usr/share/ansible_plugins/filter_plugins
 26     fact_caching = memory
 27     [accelerate]
 28     accelerate_port = 5099
 29     accelerate_timeout = 30
 30     accelerate_connect_timeout = 5.0
 31     # The daemon timeout is measured in minutes. This time is measured
 32     # from the last activity to the accelerate daemon.
 33     accelerate_daemon_timeout = 30


免密登陆

因为ansible是基于ssh工作,所以在使用ansible之前要先给各个服务器制作ssh免密登陆

ssh免密登陆教程

用法

  1 ansible users1 -m command -a ‘ls /etc/rc.local‘
  2 # |        |    |    |     |          |
  3 # |        |    |    |     |          |_________________要执行的命令
  4 # |        |    |    |     |
  5 # |        |    |    |     |____________________________接命令
  6 # |        |    |    |
  7 # |        |    |    |__________________________________模块
  8 # |        |    |
  9 # |        |    |_______________________________________接模块
 10 # |        |
 11 # |        |____________________________________________组/IP
 12 # |
 13 # |_____________________________________________________ansible


远程执行命令模块

shell模块

  1 # 在/tmp/1.txt写入hello
  2 ansible users1 -m shell -a ‘echo "hello" > /tmp/1.txt‘
  1 # 查看/tmp/1.txt文件内容
  2 ansible users1 -m shell -a ‘cat /tmp/1.txt‘


command模块

  1 ansible users1 -m command -a ‘ls /etc/rc.local‘


其他模块

copy模块(将本地文件拷贝到服务器)

  1 ansible users1 -m copy -a ‘src=/root/passwd dest=/tmp/passwd mode=0777 ownes=user group=youboy‘

备注:src本地文件;dest客户端目录;修改权限mode=0777 ;用户ownes=user ;用户组group=youboy

// 指定内容写入到文件

  1 ansible users1 -m copy -a ‘content="hello word" dest=/tmp/test.txt mode=0777‘


fetch模块(将服务器上的文件拷贝到本地)

  1 ansible users1 -m fetch -a ‘src=/etc/passwd dest=/tmp/passwd‘

file模块

  1 //删除文件
  2 ansible users1 -m file -a ‘past=/tmp/passwd state=adsent‘
  3 //创建软连接
  4 ansible users1 -m file -a ‘src=/etc/passwd path=/tmp/passwd.link state=link‘
  5 //修改用户权限
  6 ansible users1 -m file -a ‘path=/tmp/passwd mode=0777 ownes=user group=youboy‘

疑问?
///服务器上的文件拷贝到其他目录

  1 ansible users1 -m copy -a ‘path=/etc/passwd dest=/tmp/passwd‘

cron模块(计划任务)

  1 ansible users1 -m cron -a ‘minute=10 hour=02 day=15 moneth=12 weekday=7 name="test" job="date > /tmp/date.txt"‘
  2 //使用shell模块验证计划任务
  3 ansible users1 -m shell -a ‘crontab -l‘
  4 //清除计划任务(使用ansible users1 -m cron -a name="test" state=absent‘‘可能无效,使用全命令清除即可)
  5 ansible users1 -m cron -a ‘minute=10 hour=02 day=15 moneth=12 weekday=7 name="test" job="date > /tmp/date.txt" state=absent‘
  6 //使用shell模块验证清除的计划任务

hostname模块(临时修改主机名)

  1 ansible 192.168.1.2 -m hostname -a ‘name=jiahui.com‘

yum模块

  1 ansible users1 -m yum -a ‘name=httpd state=installed‘

present 查看安装
installed 安装
latest 升级安装
absent 卸载

service模块(操作服务)

  1 //启动服务
  2 ansible users1 -m service -a ‘name=httpd state=started‘

started 启动服务
stopped 关闭服务

  1 /开机自启
  2 ansible users1 -m service -a ‘name=httpd enabled=yes runlevel=2345‘

备注:runlevel 运行级别(0123456 7个级别,如下)

  1 chkconfig --list | grep httpd
  2 httpd           0:关闭  1:关闭  2:关闭  3:关闭  4:关闭  5:关闭  6:关闭
网友评论