当前位置 : 主页 > 网络安全 > 测试自动化 >

ansible简述

来源:互联网 收集:自由互联 发布时间:2021-06-19
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。 ansibl
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。

ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。

ansible架构图:

1.安装ansible
//配置yum源
[[email protected] ~]# cd /etc/yum.repos.d/
[[email protected] yum.repos.d]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1572 100 1572 0 0 10783 0 --:--:-- --:--:-- --:--:-- 10841
[[email protected] yum.repos.d]# sed -i ‘s/\$releasever/7/g‘ /etc/yum.repos.d/CentOS7-Base-163.repo
[[email protected] yum.repos.d]# sed -i ‘s/^enabled=.*/enabled=1/g‘ /etc/yum.repos.d/CentOS7-Base-163.repo
[[email protected] ~]# yum -y install epel-release
[[email protected] ~]# yum -y install ansible ansible-doc
[[email protected] ~]# ansible --version
ansible 2.6.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

2.ansible配置
/etc/ansible/ansible.cfg ansible主配置文件
/etc/ansible/hosts 受控主机清单

受控主机清单配置方式:
1)分组配置
2)ip配置
3)域名配置
4)通配符配置
ansible通过ssh来控制远程主机,所以要配置ssh互信,否则将会提示你输入密码。

3.ansible如何获取帮助
ansible通过ansible-doc命令来获取帮助信息,可以使用此命令的-s选项来获取指定模块的的帮助信息。
//查询ping模块的帮助文档
[[email protected] ~]# ansible-doc -s ping

  • name: Try to connect to host, verify a usable python and return pong‘ on success<br/>ping:<br/>data: # Data to return for theping‘ return value. If this
    parameter is set to `crash‘,
    the module will cause an
    exception.

4.ansible常用模块详解
ansiblechang用模块有:
1)ping
2)yum
3)template
4)copy
5)user
6)group
7)service
8)raw
9)command
10)shell
11)script
ansible常用模块raw,command,shell的区别:
shell模块调用的是/bin/sh指令执行
command模块不是调用的shell指令,所以没有bash的环境变量
raw很多地方和shell相似,更多地方建议使用shell和command模块。但是如果使用老版本的python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了

//ansible常用模块之ping
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong。

先将客户机加入到受控主机清单中
[[email protected] ~]# vi /etc/ansible/hosts //添加受控主机组loveran,并加入ip。
[loveran]
192.168.56.12
//配置ssh互信
[[email protected] ~]# ssh-keygen -t rsa
[[email protected] ~]# ssh-copy-id 192.168.56.12
[[email protected] ~]# ansible all -m ping
192.168.56.12 | SUCCESS => {
"changed": false,
"ping": "pong"
}

//ansible常用模块之command
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
command模块有一个缺陷就是不能使用管道符和重定向功能。
//查看受控主机的/tmp目录内容
[[email protected] ~]# ansible 192.168.56.12 -a ‘ls /tmp‘
192.168.56.12 | SUCCESS | rc=0 >>
ansible_bs1IKZ
systemd-private-76b20d25809c4faf803a4af9563853d1-vgauthd.service-eJNR6R
systemd-private-76b20d25809c4faf803a4af9563853d1-vmtoolsd.service-FyuJ1s
//在受控主机的/tmp目录下新建一个文件ran
//由于之前在受控主机清单中创建了受控主机组loveran,所以这里可以用组名代替ip。
[[email protected] ~]# ansible loveran -a ‘touch /tmp/ran‘
[WARNING]: Consider using the file module with state=touch rather than running touch. If
you need to use command because file is insufficient you can add warn=False to this
command task or set command_warnings=False in ansible.cfg to get rid of this message.

192.168.56.12 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible loveran -a ‘ls /tmp‘
192.168.56.12 | SUCCESS | rc=0 >>
ansible_ls11Da
ran
systemd-private-76b20d25809c4faf803a4af9563853d1-vgauthd.service-eJNR6R
systemd-private-76b20d25809c4faf803a4af9563853d1-vmtoolsd.service-FyuJ1s

//command模块不支持管道符,不支持重定向
[[email protected] ~]# ansible loveran -a ‘echo "hello world">/tmp/ran‘
192.168.56.12 | SUCCESS | rc=0 >>
hello world>/tmp/ran
[[email protected] ~]# ansible loveran -a ‘cat /tmp/ran‘
192.168.56.12 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible loveran -a ‘ps -ef|grep ssh‘
192.168.56.12 | FAILED | rc=1 >>
error: unsupported SysV option

Usage:
ps [options]

Try ‘ps --help <simple|list|output|threads|misc|all>‘
or ‘ps --help <s|l|o|t|m|a>‘
for additional help text.

For more details see ps(1).non-zero return code

//ansible常用模块之raw
raw模块用于在远程主机上执行命令,支持管道符与重定向
//重定向
[[email protected] ~]# ansible loveran -m raw -a ‘echo "you are my rose,ran">/tmp/ran‘
192.168.56.12 | SUCCESS | rc=0 >>
Shared connection to 192.168.56.12 closed.
[[email protected] ~]# ansible loveran -m raw -a ‘cat /tmp/ran‘
192.168.56.12 | SUCCESS | rc=0 >>
you are my rose,ran
Shared connection to 192.168.56.12 closed.
//管道
[[email protected] ~]# ansible loveran -m raw -a ‘ps -ef|grep ssh‘
192.168.56.12 | SUCCESS | rc=0 >>
root 985 1 0 14:37 ? 00:00:00 /usr/sbin/sshd -D
root 1096 985 0 14:38 ? 00:00:00 sshd: [email protected]/0
root 1664 985 0 15:39 ? 00:00:00 sshd: [email protected]/1
root 1667 1664 0 15:39 pts/1 00:00:00 bash -c ps -ef|grep ssh
root 1677 1667 0 15:39 pts/1 00:00:00 grep ssh
Shared connection to 192.168.56.12 closed.

//ansible常用模块之shell
shell模块用于在受控机上执行受控机上的脚本,亦可以直接在受控机上执行命令。
shell模块同时支持管道和重定向
//在受控机上创建脚本存放目录,并手动编写一个脚本。
[[email protected] ~]# mkdir /scripts
[[email protected] ~]# vi /scripts/test.sh
#!/bin/bash
for i in $(seq 10);do
echo $i
done
//在服务器端执行
[[email protected] ~]# ansible loveran -m shell -a ‘sh /scripts/test.sh &> /tmp/test‘
192.168.56.12 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible loveran -m shell -a ‘cat /tmp/test‘
192.168.56.12 | SUCCESS | rc=0 >>
1
2
3
4
5
6
7
8
9
10

//ansible模块之scripts
scripts模块用于在受控机上执行主控机上脚本
[[email protected] ~]# mkdir /scripts
[[email protected] ~]# vi /scripts/test1.sh
for i in $(cat /etc/passwd);do
echo $i
echo ‘--------------------‘
done
//执行脚本
[[email protected] ~]# ansible loveran -m script -a ‘/scripts/test1.sh &> /tmp/test1‘
192.168.56.12 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.56.12 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.56.12 closed."
],
"stdout": "",
"stdout_lines": []
}
//查看受控主机上的/tmp/test1的内容
[[email protected] ~]# ansible loveran -a ‘cat /tmp/test1‘
192.168.56.12 | SUCCESS | rc=0 >>
root:x:0:0:root:/root:/bin/bash

中间省略......
SSH:/var/empty/sshd:/sbin/nologin

//由此可见确是在受控机上执行了主控机上的脚本,且输出记录到了受控机上

//ansible常用模块之template
template模块用于生成一个模板,并可将其传输至远程主机上
//例如将之前下载好的163源传到受控主机
[[email protected] ~]# ansible loveran -m template -a ‘src=/etc/yum.repos.d/CentOS7-Base-163.repo dest=/etc/yum.repos.d/163.repo‘
192.168.56.12 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:system_conf_t:s0",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536567908.24-251842099276509/source",
"state": "file",
"uid": 0
}

//在受控主机上查看是否有163源
[[email protected] ~]# ls /etc/yum.repos.d/
163.repo CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo

//ansible常用模块之yum
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
1)name:要管理的包名
2)state:要进行的操作
state常用的值:
1)latest:安装软件
2)installed:安装软件
3)present:安装软件
4)removed:卸载软件
5)absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常
在受控主机上查看vsftpd软件是否安装
[[email protected] ~]# rpm -qa|grep vsftpd
//在ansible主机上使用yum模块在受控机上安装vsftpd
[[email protected] ~]# ansible loveran -m yum -a ‘name=vsftpd state=present‘
192.168.56.12 | SUCCESS => {
"changed": true,
"msg": "Repository base is listed more than once in the configuration\nRepository updates is listed more than once in the configuration\nRepository extras is listed more than once in the configuration\nRepository centosplus is listed more than once in the configuration\nwarning: /var/cache/yum/x86_64/7/base/packages/vsftpd-3.0.2-22.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY\nImporting GPG key 0xF4A80EB5:\n Userid : \"CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>\"\n Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5\n From : http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7\n",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:3.0.2-22.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n vsftpd x86_64 3.0.2-22.el7 base 169 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 169 k\nInstalled size: 348 k\nDownloading packages:\nPublic key for vsftpd-3.0.2-22.el7.x86_64.rpm is not installed\nRetrieving key from http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : vsftpd-3.0.2-22.el7.x86_64 1/1 \n Verifying : vsftpd-3.0.2-22.el7.x86_64 1/1 \n\nInstalled:\n vsftpd.x86_64 0:3.0.2-22.el7 \n\nComplete!\n"
]
}

//查看受控机上是否安装了vsftpd
[[email protected] ~]# rpm -qa|grep vsftpd
vsftpd-3.0.2-22.el7.x86_64

//ansible常用模块之copy
copy模块用于复制文件至远程受控机。
[[email protected] ~]# ls /scripts/
test1.sh
[[email protected] ~]# ansible loveran -m copy -a ‘src=/scripts/test1.sh dest=/scripts/‘
192.168.56.12 | SUCCESS => {
"changed": true,
"checksum": "eb97897fd2d5e4fbcd4a52e22375f4cbfb1eccf1",
"dest": "/scripts/test1.sh",
"gid": 0,
"group": "root",
"md5sum": "7bfa938368f4bbf2fb2f0e6b4e0f4f40",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:default_t:s0",
"size": 92,
"src": "/root/.ansible/tmp/ansible-tmp-1536569473.16-220537992503363/source",
"state": "file",
"uid": 0
}
[[email protected] ~]# ansible loveran -a ‘ls /scripts‘
192.168.56.12 | SUCCESS | rc=0 >>
test1.sh
test.sh

//ansible常用模块之group
group模块用于在受控主机上添加或删除组
//在受控主机上添加一个系统组,gid为306,组名为mysql

[[email protected] ~]# ansible loveran -m group -a ‘name=mysql gid=306 state=present‘
192.168.56.12 | SUCCESS => {
"changed": true,
"gid": 306,
"name": "mysql",
"state": "present",
"system": false
}

[[email protected] ~]# ansible loveran -m shell -a ‘grep mysql /etc/group‘
192.168.56.12 | SUCCESS | rc=0 >>
mysql:x:306:
//删除受控机上的组
[[email protected] ~]# ansible loveran -m group -a ‘name=mysql state=absent‘
192.168.56.12 | SUCCESS => {
"changed": true,
"name": "mysql",
"state": "absent"
}
[[email protected] ~]# ansible loveran -m shell -a ‘grep mysql /etc/group‘
192.168.56.12 | FAILED | rc=1 >>
non-zero return code

//ansible常用模块之user
user模块用于管理受控机的用户账号
//在受控机上添加一个系统用户,用户名为mysql,uid为306,设置其shell为/sbin/nologin,无家目录
[[email protected] ~]# ansible loveran -m user -a ‘name=mysql uid=306 system=yes create_home=no shell=/sbin/nologin state=present‘
192.168.56.12 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
[[email protected] ~]# ansible loveran -m shell -a ‘grep mysql /etc/passwd‘
192.168.56.12 | SUCCESS | rc=0 >>
mysql:x:306:306::/home/mysql:/sbin/nologin
//修改mysql用户uid为366
[[email protected] ~]# ansible loveran -m user -a ‘name=mysql uid=366‘
192.168.56.12 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 366
}
[[email protected] ~]# ansible loveran -m shell -a ‘grep mysql /etc/passwd‘
192.168.56.12 | SUCCESS | rc=0 >>
mysql:x:366:306::/home/mysql:/sbin/nologin

//删除受控机上的mysql用户
[[email protected] ~]# ansible loveran -m user -a ‘name=mysql state=absent‘
192.168.56.12 | SUCCESS => {
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
[[email protected] ~]# ansible loveran -m shell -a ‘grep mysql /etc/passwd‘
192.168.56.12 | FAILED | rc=1 >>
non-zero return code

//ansible常用模块之service
service模块用于管理受控机上的服务。
//查看受控机上的vsftpd服务是否启动
[[email protected] ~]# ansible loveran -a ‘systemctl is-active vsftpd‘
192.168.56.12 | FAILED | rc=3 >>
unknownnon-zero return code
//启动受控机上的vsftpd服务
[[email protected] ~]# ansible loveran -m service -a ‘name=vsftpd state=started‘
192.168.56.12 | SUCCESS => {
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
此处省略n行......
}
[[email protected] ~]# ansible loveran -a ‘systemctl is-active vsftpd‘
192.168.56.12 | SUCCESS | rc=0 >>
active

//设置受控机上的vsftpd服务开机自启动
[[email protected] ~]# ansible loveran -m service -a ‘name=vsftpd enabled=yes‘
192.168.56.12 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "Mon 2018-09-10 17:11:43 CST",
此处省略n行......
}
//查看受控机上vsftpd是否开机自启
[[email protected] ~]# ansible loveran -a ‘systemctl is-enabled vsftpd‘
192.168.56.12 | SUCCESS | rc=0 >>
enabled
//停止受控机上的vsftpd服务
[[email protected] ~]# ansible loveran -m service -a ‘name=vsftpd state=stopped‘
[[email protected] ~]# ansible loveran -a ‘systemctl is-active vsftpd‘192.168.56.12 | FAILED | rc=3 >>inactivenon-zero return code

网友评论