| ±à¼ÍƼö: |
| ±¾ÎÄÀ´Ô´weixin£¬ÎÄÕÂÖ÷Òª½éÉÜÁËansible¸ÅÊöºÍÔËÐлúÖÆ£¬ansible³£¼ûÄ£¿é¸ß¼¶Ê¹Ó÷½·¨ÒÔ¼°°²×°²¢ÅäÖÃAnsible¹ÜÀíÁ½¸ö½ÚµãµÈ¡£ |
|
1ansible¸ÅÊöºÍÔËÐлúÖÆ
1.1 ansible¸ÅÊö
AnsibleÊÇÒ»¿îΪÀàUnixϵͳ¿ª·¢µÄ×ÔÓÉ¿ªÔ´µÄÅäÖúÍ×Ô¶¯»¯¹¤¾ß¡£ËüÓÃPythonд³É£¬ÀàËÆÓÚsaltstackºÍPuppet£¬µ«ÊÇÓÐÒ»¸ö²»Í¬ºÍÓŵãÊÇÎÒÃDz»ÐèÒªÔÚ½ÚµãÖа²×°Èκοͻ§¶Ë¡£ËüʹÓÃSSHÀ´ºÍ½Úµã½øÐÐͨÐÅ¡£Ansible»ùÓÚ
Python paramiko ¿ª·¢£¬·Ö²¼Ê½£¬ÎÞÐè¿Í»§¶Ë£¬ÇáÁ¿¼¶£¬ÅäÖÃÓ﷨ʹÓà YMAL ¼° Jinja2Ä£°åÓïÑÔ£¬¸üÇ¿µÄÔ¶³ÌÃüÁîÖ´ÐвÙ×÷¡£
¹Ù·½ÍøÕ¾£ºhttps://www.ansible.com/
ITÒµ½çÀø־ʼþ£º
2015Äê10Ô£¬ºìñ£¨Red Hat£©Ðû²¼ÊÕ¹ºÈí¼þ¿ª·¢¹«Ë¾ Ansible£¬ÏûÏ¢³Æ´Ë´ÎÊÕ¹ººÄ×ÊÓâ 1ÒÚÃÀÔª£¬Ò²ÓÐÏûÏ¢³Æ½Ó½ü
1.5ÒÚÃÀÔª¡£
Ansible ³ÉÁ¢ÓÚ 2013Ä꣬×ܲ¿ÉèÔÚ±±¿¨ÂÞÀ´ÄÉÖÝ´ïÀÕÄ·£¬ÁªºÏ´´Ê¼ÈË a?d Ziouani ºÍ¸ß¼¶¸±×ܲÃ
Todd Barr ¶¼ÊǺìñµÄÀÏÔ±¹¤¡£Ansible ÆìϵĿªÔ´Èí¼þ Ansible Ê®·ÖÁ÷ÐС£Õâ¼Ò¹«Ë¾»¹Ìṩ
Tower Èí¼þºÍ×Éѯ·þÎñ£¬Õâ¿îÈí¼þÄÜʹ¿ª·¢ÕßÇáËɵؽ¨Á¢ºÍ¹ÜÀí¹æÄ£»¯Ó¦ÓóÌÐòµÄ IT »ù´¡¼Ü¹¹¡£
ËùÒÔ£¬Ï£Íû´ó¼Ò¿ÉÒÔ½øÒ»¸öºÃ¹«Ë¾£¬°Ñ¼¼ÊõÌáÉýºÃÁË,×öÒ»¸öºÃ²úÆ·¡£
ansiblle¾ßÓÐÈçÏÂÌص㣺
1¡¢²¿Êð¼òµ¥£¬Ö»ÐèÔÚÖ÷¿Ø¶Ë²¿ÊðAnsible»·¾³£¬±»¿Ø¶ËÎÞÐè×öÈκβÙ×÷£»
2¡¢Ä¬ÈÏʹÓÃSSHÐÒé¶ÔÉ豸½øÐйÜÀí£»
3¡¢Ö÷´Ó¼¯Öл¯¹ÜÀí£»
4¡¢ÅäÖüòµ¥¡¢¹¦ÄÜÇ¿´ó¡¢À©Õ¹ÐÔÇ¿£»
5¡¢Ö§³ÖAPI¼°×Ô¶¨ÒåÄ£¿é£¬¿Éͨ¹ýPythonÇáËÉÀ©Õ¹£»
6¡¢Í¨¹ýPlaybooksÀ´¶¨ÖÆÇ¿´óµÄÅäÖá¢×´Ì¬¹ÜÀí
7¡¢¶ÔÔƼÆËãƽ̨¡¢´óÊý¾Ý¶¼ÓкܺõÄÖ§³Ö£»
1.2 Ansible ¹¤×÷»úÖÆ
Ansible ÔÚ¹ÜÀí½Úµã½« Ansible Ä£¿éͨ¹ý SSH ÐÒéÍÆË͵½±»¹ÜÀí¶ËÖ´ÐУ¬Ö´ÐÐÍêÖ®ºó×Ô¶¯É¾³ý£¬¿ÉÒÔʹÓÃ
SVN µÈÀ´¹ÜÀí×Ô¶¨ÒåÄ£¿é¼°±àÅÅ¡£
ÓÉÉÏÃæµÄͼ¿ÉÒÔ¿´µ½ Ansible µÄ×é³ÉÓÉ 5 ¸ö²¿·Ö×é³É£º
Ansible £ºansibleºËÐÄ
Modules £º°üÀ¨Ansible×Ô´øµÄºËÐÄÄ£¿é¼°×Ô¶¨ÒåÄ£¿é
Plugins £ºÍê³ÉÄ£¿é¹¦ÄܵIJ¹³ä£¬°üÀ¨Á¬½Ó²å¼þ¡¢Óʼþ²å¼þµÈ
Playbooks £º¾ç±¾£»¶¨ÒåAnsible¶àÈÎÎñÅäÖÃÎļþ£¬ÓÉAnsible×Ô¶¯Ö´ÐÐ
Inventory £º¶¨ÒåAnsible¹ÜÀíÖ÷»úµÄÇåµ¥[??nv?ntri] Çåµ¥
2
ʵս-°²×°²¢ÅäÖÃAnsible¹ÜÀíÁ½¸ö½Úµã
2.1 °²×°ansible·þÎñ
ʵÑé»·¾³£º
ansible ·þÎñ¶Ë xuegod63 192.168.1.63
ansible½Úµã1:xuegod63 192.168.1.63
ansible½Úµã2:xuegod63 192.168.1.63
ÔÚxuegod63ÉÏ°²×°ansible
1¡¢ÉèÖÃEPEL²Ö¿â
Ansible²Ö¿âĬÈϲ»ÔÚyum²Ö¿âÖУ¬Òò´ËÎÒÃÇÐèҪʹÓÃÏÂÃæµÄÃüÁîÆôÓÃepel²Ö¿â¡£
| [root@xuegod63
~]#yum install epel-release -y |
2¡¢Ê¹ÓÃyum°²×°Ansible
| [root@xuegod63
~]#yum installansible -y |
°²×°Íê³Éºó£¬¼ì²éansible°æ±¾£º
| [root@xuegod63
~]#ansible --version |
2.2 ansibleÃüÁî²ÎÊý
anisbleÃüÁîÓï·¨£ºansible [-i Ö÷»úÎļþ] [-f Åú´Î] [×éÃû] [-m Ä£¿éÃû³Æ]
[-aÄ£¿é²ÎÊý]
ansibleÏêϸ²ÎÊý£º
-v,¨Cverbose # Ïêϸģʽ£¬Èç¹ûÃüÁîÖ´Ðгɹ¦£¬Êä³öÏêϸµÄ½á¹û (-vv ¨Cvvv -vvvv)
-i PATH, -inventory=PATH # Ö¸¶¨ host ÎļþµÄ·¾¶£¬Ä¬ÈÏÊÇÔÚ /etc/ansible/hosts
inventory [??nv?ntri] ¿â´æ
-f NUM,-forks=NUM # NUM ÊÇÖ¸¶¨Ò»¸öÕûÊý£¬Ä¬ÈÏÊÇ 5 £¬Ö¸¶¨ fork ¿ªÆôͬ²½½ø³ÌµÄ¸öÊý¡£
-m NAME,-module-name=NAME # Ö¸¶¨Ê¹ÓÃµÄ module Ãû³Æ£¬Ä¬ÈÏʹÓà commandÄ£¿é
-a,MODULE_ARGS #Ö¸¶¨ module Ä£¿éµÄ²ÎÊý
-k,-ask-pass #ÌáʾÊäÈë ssh µÄÃÜÂ룬¶ø²»ÊÇʹÓûùÓÚ ssh µÄÃÜÔ¿ÈÏÖ¤
-sudo # Ö¸¶¨Ê¹Óà sudo »ñµÃ root ȨÏÞ
-K,-ask-sudo-pass #ÌáʾÊäÈë sudo ÃÜÂ룬Óë -sudo Ò»ÆðʹÓÃ
-u USERNAME,-user=USERNAME # Ö¸¶¨Òƶ¯¶ËµÄÖ´ÐÐÓû§
-C,¨Ccheck #²âÊÔ´ËÃüÁîÖ´Ðлá¸Ä±äʲôÄÚÈÝ£¬²»»áÕæÕýµÄÈ¥Ö´ÐÐ
ansible-docÏêϸ²ÎÊý£º
ansible-doc -l #ÁгöËùÓеÄÄ£¿éÁбí
ansible-doc -s Ä£¿éÃû #²é¿´Ö¸¶¨Ä£¿éµÄ²ÎÊý -s, --snippet # [?sn?p?t]
Ƭ¶Ï
Àý£º[root@xuegod63~]# ansible-doc -s service
2.3 ¶¨ÒåÖ÷»úÇåµ¥
1¡¢»ùÓڶ˿ڣ¬Óû§£¬ÃÜÂ붨ÒåÖ÷»úÇåµ¥
ansible»ùÓÚsshÁ¬½Ó-i £¨inventory£©²ÎÊýºóÖ¸¶¨µÄÔ¶³ÌÖ÷»úʱ£¬Ò²¿ÉÒÔд¶Ë¿Ú£¬Óû§£¬ÃÜÂë¡£
¸ñʽ£ºansible_ssh_port:Ö¸¶¨ssh¶Ë¿Ú ansible_ssh_user:Ö¸¶¨ ssh
Óû§ ansible_ssh_pass:Ö¸¶¨ ssh Óû§µÇ¼ÊÇÈÏÖ¤ÃÜÂ루Ã÷ÎÄÃÜÂë²»°²È«£© ansible_sudo_pass:Ö¸Ã÷
sudo ʱºòµÄÃÜÂë
Àý£º[root@xuegod63~]# vim /etc/ansible/hosts #Îļþ /etc/ansible/hosts
ά»¤×ÅAnsibleÖзþÎñÆ÷µÄÇåµ¥¡£ÔÚÎļþ×îºó×·¼ÓÒÔÏÂÄÚÈÝ
[web-servers] #Ö÷»ú×éÃû
192.168.1.64 ansible_ssh_port=22 ansible_ssh_user=root
ansible_ssh_pass=123456
¼òµ¥²âÊÔÏÂÖ÷»úµÄÁ¬Í¨ÐÔ
[root@xuegod63~]# ansible -i /etc/ansible/hosts web-servers-m
ping
-i # Ö¸¶¨ host ÎļþµÄ·¾¶£¬Ä¬ÈÏÊÇÔÚ /etc/ansible/hosts
-m # Ö¸¶¨Ê¹ÓõÄpingÄ£¿é
±¨´í£º
| 92.168.1.63
|FAILED! => {
"msg": "Using a SSH passwordinstead
of a key is not possible because Host Key checking
is enabled andsshpass does not support this.
Please add this host's fingerprint to your known_hosts
file to manage this host."
} |
½â¾ö£º[root@xuegod63~]# ssh root@192.168.1.63
#ÊÖ¶¯Á¬½ÓÒ»ÏÂ/etc/ansible/hostsÖ÷»úÇåµ¥ÖеÄÖ÷»ú£¬ÕâÑù¾Í¿ÉÒÔÔÚansible·þÎñÆ÷Éϱ£´æÄ¿±êÖ÷»úµÄfingerprintÖ¸ÎÆ¡£ºóÆÚ¿ÉÒÔÕý³£Á¬½ÓÁË
| [root@xuegod63
~]#ansible -i hosts web-servers -m ping #²âÊԳɹ¦
192.168.1.64 | SUCCESS => { #±íʾ³É²âÊÔ¡£Í¨Ðųɹ¦¡£
"changed": false, #ÒòΪpingÃüÁî²»»á¸Ä±ä±»¹ÜÀíµÄ·þÎñÆ÷µÄ״̬¡£ËùÒÔÊÇfalseÕý³£
"ping": "pong"
} |
2¡¢»ùÓÚsshÃÜÔ¿À´·ÃÎʶ¨ÒåÖ÷»úÇåµ¥
Ò»°ãÀ´Ëµ£¬Ê¹ÓÃÃ÷ÎÄÃÜÂë²»°²È«£¬ËùÒÔÔö¼ÓÖ÷»úÎÞÃÜÂë·ÃÎÊ¡£
ÔÚAnsible·þÎñ¶ËÉú³ÉÃÜÔ¿£¬²¢ÇÒ¸´Öƹ«Ô¿µ½½ÚµãÖС£
| root@xuegod63
~]#ssh-keygen #һ·»Ø³µ |
ʹÓÃssh-copy-idÃüÁîÀ´¸´ÖÆAnsible¹«Ô¿µ½½Úµã£ºxuegod63ºÍxuegod63
[root@xuegod63
~]#ssh-copy-id root@192.168.1.63
[root@xuegod63 ~]#ssh-copy-id root@192.168.1.64
[root@xuegod63 ~]#ssh 192.168.1.64
[root@xuegod64 ~]#exit
[root@xuegod63 ~]# vim /etc/ansible/hosts #ÔÚÎļþµÄ×îºóÌí¼ÓÒÔÏÂÄÚÈÝ |
ɾ³ý֮ǰÔÚ×îºóÌí¼ÓµÄÁ½ÐÐÖ÷»úÇåµ¥£º
[web-servers]
192.168.1.64 ansible_ssh_port=22 ansible_ssh_user=root
ansible_ssh_pass=123456 |
Ôö¼Ó£º
[web-servers]
192.168.1.63
192.168.1.64 |
2.3 ÔÚAnsible·þÎñ¶ËÔËÐÐÃüÁî
pingÄ£¿é¼ì²éÍøÂçÁ¬Í¨ÐÔ
commandÄ£¿éÖ´ÐÐshellÃüÁcommand:×÷ΪansibleµÄĬÈÏÄ£¿é£¬¿ÉÒÔÔËÐÐÔ¶³ÌȨÏÞ·¶Î§ÄÚµÄËùÓÐshellÃüÁî
Àý1£ºÊ¹ÓÃping¼ì²é¡®web-servers¡¯»òÕßansible½ÚµãµÄÁ¬Í¨ÐÔ¡£
| [root@xuegod63
~]#ansible -i /etc/ansible/hosts 'web-servers'
-m ping |
»ò£º
[root@xuegod63
~]#ansible 'web-servers' -m ping #²»Ö¸¶¨£¬Ä¬ÈÏʹÓÃ/etc/ansible/hostsÎļþ
192.168.1.63 |SUCCESS => {
"changed":
false,
"ping": "pong"
}
192.168.1.64 |SUCCESS => {
"changed":
false,
"ping": "pong"
} |
Àý2£º¼ì²éAnsible½ÚµãµÄÔËÐÐʱ¼ä£¨uptime£©
[root@xuegod63
~]#ansible -m command -a "uptime" 'web-servers'
#Ò²¿ÉÒÔ°ÑÖ÷»úÇåµ¥×éÃûдµ½×îºó£¬ÕâÑù·½±ãÔĶÁÃüÁî
192.168.1.63 |SUCCESS | rc=0 >>
12:45:23 up 32min, 5 users, load average: 0.17,
0.11, 0.27
192.168.1.64 |SUCCESS | rc=0 >>
12:45:23 up 26 min, 2 users, load average: 0.03,
0.03, 0.10 |
Àý3£º¼ì²é½ÚµãµÄÄں˰汾
| [root@xuegod63
~]#ansible -m command -a "uname -r"
'web-servers' |
Àý4£º¸ø½ÚµãÔö¼ÓÓû§
[root@xuegod63
~]#ansible -m command -a "useradd mk123"
'web-servers'
192.168.1.64 |SUCCESS | rc=0 >>
192.168.1.63 |SUCCESS | rc=0 >>
[root@xuegod63 ~]#ansible -m command -a "grep
mk123 /etc/passwd" 'web-servers' |
Àý5£º½«dfÃüÁîÔÚËùÓнڵãÖ´Ðкó£¬Öض¨ÏòÊä³öµ½±¾»úµÄ/tmp/command-output.txtÎļþÖÐ
[root@xuegod63
~]# ansible-m command -a "df -Th" 'web-servers'
> /tmp/command-output.txt
[root@xuegod63 ~]#cat /tmp/command-output.txt |
3
ansible³£¼ûÄ£¿é¸ß¼¶Ê¹Ó÷½·¨
3.1 ansible³£ÓÃÄ£¿é
1¡¢3¸öÔ¶³ÌÃüÁîÄ£¿éµÄÇø±ð
£¨1£©commandÄ£¿éΪansibleĬÈÏÄ£¿é£¬²»Ö¸¶¨-m²ÎÊýʱ£¬Ê¹ÓõľÍÊÇcommandÄ£¿é£»comandÄ£¿é±È½Ï¼òµ¥£¬³£¼ûµÄÃüÁ¿ÉÒÔʹÓ㬵«ÆäÃüÁîµÄÖ´Ðв»ÊÇͨ¹ýshellÖ´Ðеģ¬ËùÒÔ£¬ÏñÕâЩ
"<", ">", "|", and"&"²Ù×÷¶¼²»¿ÉÒÔ£¬µ±È»£¬Ò²¾Í²»Ö§³Ö¹ÜµÀ£»È±µã£º²»Ö§³Ö¹ÜµÀ£¬Ã»·¨ÅúÁ¿Ö´ÐÐÃüÁ
£¨2£©shellÄ£¿é£ºÊ¹ÓÃshellÄ£¿é£¬ÔÚÔ¶³ÌÃüÁîͨ¹ý/bin/shÀ´Ö´ÐУ»ËùÒÔ£¬ÎÒÃÇÔÚÖÕ¶ËÊäÈëµÄ¸÷ÖÖÃüÁʽ£¬¶¼¿ÉÒÔʹÓá£
Àý1£ºÔËÐÐfree -m ÃüÁî
| [root@xuegod63
~]#ansible -i /etc/ansible/hosts web-servers -m
shell -a "free -m" |
×¢£ºµ«ÊÇÎÒÃÇ×Ô¼º¶¨ÒåÔÚ~/.bashrc»ò~/.bash_profileÖеĻ·¾³±äÁ¿shellÄ£¿éÓÉÓÚûÓмÓÔØ£¬ËùÒÔÎÞ·¨Ê¶±ð£»Èç¹ûÐèҪʹÓÃ×Ô¶¨ÒåµÄ»·¾³±äÁ¿£¬¾ÍÐèÒªÔÚ×ʼ£¬Ö´ÐмÓÔØ×Ô¶¨Òå½Å±¾µÄÓï¾ä£»
¶ÔshellÄ£¿éµÄʹÓÿÉÒÔ·Ö³ÉÁ½¿é£º
1) Èç¹û´ýÖ´ÐеÄÓï¾äÉÙ£¬¿ÉÒÔÖ±½ÓдÔÚÒ»¾ä»°ÖУº
| [root@xuegod63
~]# ansible -i /etc/ansible/hosts web-servers
-m shell -a "source ~/.bash_profile &&
df -h | grep sda3" |
2) Èç¹ûÔÚÔ¶³Ì´ýÖ´ÐеÄÓï¾ä±È½Ï¶à£¬¿Éд³ÉÒ»¸ö½Å±¾£¬Í¨¹ýcopyÄ£¿é´«µ½Ô¶¶Ë£¬È»ºóÔÙÖ´ÐУ»µ«ÕâÑù¾ÍÓÖÉæ¼°µ½Á½´Îansibleµ÷Ó㻶ÔÓÚÕâÖÖÐèÇó£¬ansibleÒѾΪÎÒÃÇ¿¼Âǵ½ÁË£¬scriptÄ£¿é¾ÍÊǸÉÕâʵģ»
£¨3£©scriptsÄ£¿é
ʹÓÃscriptsÄ£¿é¿ÉÒÔÔÚ±¾µØдһ¸ö½Å±¾£¬ÔÚÔ¶³Ì·þÎñÆ÷ÉÏÖ´ÐУº
[root@xuegod63
~]# vim /etc/ansible/net.sh
#!/bin/bash
date
hostname
[root@xuegod63~]# ansible -i /etc/ansible/hosts
web-servers -m script -a "/etc/ansible/net.sh" |
2¡¢copyÄ£¿é:ʵÏÖÖ÷¿Ø¶ËÏòÄ¿±êÖ÷»ú¿½±´Îļþ£¬ÀàËÆscp¹¦ÄÜ
Àý1£º°ÑansibleÖ÷»úÉϵÄ/etc/hostsÎļþ¸´ÖƵ½Ö÷»ú×éÖлúÆ÷µÄ/tmpĿ¼ÏÂ
| [root@xuegod63
~]#ansible -i /etc/ansible/hosts web-servers -m
copy -a "src=/etc/hostsdest=/tmp/ owner=root
group=root mode=0755" |
ÔÚxuegod64Éϲ鿴
[root@xuegod64
~]# ll/tmp/hosts
-rwxr-xr-x 1 rootroot 240 8ÔÂ 24 16:09 /tmp/hosts |
3¡¢fileÄ£¿éÉèÖÃÎļþÊôÐÔ¡£
ÀýÈ磺
| root@xuegod63
~]#ansible -i /etc/ansible/hosts web-servers -m
file -a "path=/tmp/hostsmode=0777" |
ÑéÖ¤:
[root@xuegod63
~]# ll/tmp/hosts
-rwxrwxrwx 1 rootroot 112 Aug 31 04:38 /tmp/hosts |
4¡¢statÄ£¿é»ñÈ¡Ô¶³ÌÎļþÐÅÏ¢
| [root@xuegod63
~]#ansible -i /etc/ansible/hosts web-servers -m
stat -a"path=/tmp/hosts" |
5¡¢get_urlÄ£¿éʵÏÖÔ¶³ÌÖ÷»úÏÂÔØÖ¸¶¨urlµ½±¾µØ£¬Ö§³Ösha256sumÎļþУÑé¡£
ÀýÈ磺ÏÂÔØepel-release-latest-7.noarch.rpmµ½Ö÷»úÇåµ¥ÖеÄ/tmp/Ŀ¼ÏÂ
| [root@xuegod63
~]# ansible -i /etc/ansible/hosts web-servers-m
get_url -a "url=https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
dest=/tmp/ mode=0440 force=yes" |
×¢£ºurl=https://xxx µÄµÈºÅ=Ç°ºó²»ÄÜÓпոñ
À©Õ¹:²é¿´force=yesµÄ×÷ÓÃ
[root@xuegod63 ~]#ansible-doc -s get_url #ÔÚµ¯³öµÄÐÅÏ¢ÖÐÕÒµ½force
Èç¹ûforce=yes£¬µ±ÏÂÔØÎļþʱ£¬Èç¹ûËùϵÄÄÚÈݺÍÔĿ¼ÏµÄÎļþÄÚÈݲ»Ò»Ñù£¬ÔòÌæ»»ÔÎļþ£¬Èç¹ûÒ»Ñù£¬¾Í²»ÏÂÔØÁË¡£
Èç¹ûΪ¡°·ñ¡±£¬Ôò½öÔÚÄ¿±ê²»´æÔÚʱ²ÅÏÂÔØÎļþ¡£Ò»°ãÀ´Ëµ£¬Ö»ÓÐСÐͱ¾µØÎļþ²ÅÓ¦¸ÃΪ¡°ÊÇ¡±¡£ÔÚ0.6֮ǰ£¬¸ÃÄ£¿é±íÏÖΪĬÈÏΪ¡°ÊÇ¡±¡£
²é¿´ÏÂÔصÄÎļþ£º
[root@xuegod63
~]# ll/tmp/epel-release-latest-7.noarch.rpm
-r--r----- 1 rootroot 15080 8ÔÂ 24 16:20/tmp/epel-release-latest-7.noarch.rpm
|
²âÊÔ£ºÏÂÔØÎļþʱ£¬µ±Îļþ²»Ò»Ñùʱ£¬»áÌæ»»ÔÀ´µÄÎļþ
[root@xuegod64
~]# cp/etc/passwd /tmp/epel-release-latest-7.noarch.rpm
[root@xuegod63 ~]# ansible -i /etc/ansible/hosts
web-servers -m get_url -a"url=https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
dest=/tmp/ mode=0440 force=yes"
192.168.1.63 |SUCCESS => {
"changed":false,
#xuegod63ÉÏÔÀ´µÄÎļþºÍµ±Ç°µÄÎļþÒ»Ñù£¬¾ÍûÓиı䡣ִÐгɹ¦£¬µ«Ã»Óз¢Éú¸Ä±ä£¬ÄÇôÏÔʾÂÌÉ«
¡£¡£¡£
}
192.168.1.64 |SUCCESS => {
"changed":
true, #xuegod64ÉϵÄÎļþÃû×ÖÒ»Ñù£¬µ«ÊÇÄÚÈݱ䣬¾Í»áÖØÐÂÏÂÔØ¡£Ö´Ðгɹ¦£¬ÇÒ·¢Éú¸Ä±ä£¬ÄÇôÏÔʾ»ÆÉ« |
6¡¢yumÄ£¿élinuxƽ̨Èí¼þ°ü¹ÜÀí¡£
yumÄ£¿é¿ÉÒÔÌṩµÄstatus״̬£ºlatest £¬present£¬installed #Õâ3¸ö´ú±í°²×°£»removed,
absent #ºóÃæ2¸öÊÇжÔØ
Àý×Ó£º°²×°httpdÈí¼þ
| [root@xuegod63
~]#ansible -i /etc/ansible/hosts web-servers -m
yum -a "name=httpd state=latest" |
7¡¢cronÄ£¿éÔ¶³ÌÖ÷»úcrontabÅäÖá£
ÀýÈ磺Ôö¼Óÿ30·ÖÖÓÖ´ÐÐls /tmp
| [root@xuegod63
~]#ansible -i /etc/ansible/hosts web-servers -m
cron -a "name='list dir'minute='*/30' job='ls
/tmp'" |
ÔÚxuegod63Éϲ鿴
[root@xuegod63
~]#crontab -l
#Ansible: list dir
*/30 * * * * ls /tmp |
8¡¢serviceÄ£¿éÔ¶³ÌÖ÷»úϵͳ·þÎñ¹ÜÀí¡£
serviceÄ£¿é³£ÓòÎÊý£º
£¨1£©name²ÎÊý£º´Ë²ÎÊýÓÃÓÚÖ¸¶¨ÐèÒª²Ù×÷µÄ·þÎñÃû³Æ£¬±ÈÈç nginx£¬httpd¡£
£¨2£©state²ÎÊý£º´Ë²ÎÊýÓÃÓÚÖ¸¶¨·þÎñµÄ״̬£¬±ÈÈ磬ÎÒÃÇÏëÒªÆô¶¯Ô¶³ÌÖ÷»úÖеÄhttpd£¬Ôò¿ÉÒÔ½« state
µÄÖµÉèÖÃΪ started£»Èç¹ûÏëҪֹͣԶ³ÌÖ÷»úÖеķþÎñ£¬Ôò¿ÉÒÔ½« state µÄÖµÉèÖÃΪ stopped¡£´Ë²ÎÊýµÄ¿ÉÓÃÖµÓÐ
started¡¢stopped¡¢restarted£¨ÖØÆô£©¡¢reloaded¡£
enabled²ÎÊý£º´Ë²ÎÊýÓÃÓÚÖ¸¶¨ÊÇ·ñ½«·þÎñÉèÖÃΪ¿ª»úÆô¶¯ÏÉèÖÃΪ yes ±íʾ½«¶ÔÓ¦·þÎñÉèÖÃΪ¿ª»úÆô¶¯£¬ÉèÖÃΪ
no ±íʾ²»»á¿ª»úÆô¶¯¡£
×¢£ºÏëʹÓÃserviceÄ£¿éÆô¶¯·þÎñ£¬±»Æô¶¯µÄ·þÎñ£¬±ØÐë¿ÉÒÔʹÓÃservice ÃüÁîÆô¶¯»ò¹Ø±Õ
ÀýÈ磺Զ³ÌÆô¶¯apache·þÎñ
| [root@xuegod63
~]#ansible -i /etc/ansible/hosts web-servers -m
service -a "name=httpdstate=restarted" |
9¡¢sysctlÄ£¿éÔ¶³ÌÖ÷»úsysctlÅäÖá£
Àý£º¿ªÆô·ÓÉת·¢¹¦ÄÜ
| [root@xuegod63
~]#ansible -i /etc/ansible/hosts web-servers -m
sysctl -a"name=net.ipv4.ip_forward value=1
reload=yes" |
ÑéÖ¤£º
[root@xuegod63
~]#cat /proc/sys/net/ipv4/ip_forward
1 |
10¡¢userÄ£¿éÔ¶³ÌÖ÷»úÓû§¹ÜÀí
ÀýÈ磺
[root@xuegod63
~]#ansible -i /etc/ansible/hosts web-servers -m
user -a "name=xuegod6state=present"
# present [?preznt] Ä¿Ç° |
ÑéÖ¤£º
[root@xuegod63
~]# idxuegod6
uid=1001(xuegod6)gid=1001(xuegod6) ×é=1001(xuegod6) |
4
ʵս-ʹÓÃPlaybookÅúÁ¿²¿Êð¶ą̀LAMP»·¾³
4.1 PlaybookÊÇÒ»¸ö²»Í¬ÓÚʹÓÃansibleÃüÁîÐÐÖ´Ðз½Ê½µÄģʽ£¬¹¦ÄܸüÇ¿´ó¸üÁé»î¡£
playbooksʹÓò½Ö裺
1¡¢ÔÚplaybooks Öж¨ÒåÈÎÎñ£º
- name£ºtask description #ÈÎÎñÃèÊöÐÅÏ¢
module_name: module_args #ÐèҪʹÓõÄÄ£¿éÃû×Ö£ºÄ£¿é²ÎÊý
2¡¢ansible-playbook Ö´ÐÐ ÃüÁ
| [root@xuegod63
~]#ansible-playbook site.yml |
playbookÊÇÓÉÒ»¸ö»ò¶à¸ö"play"×é³ÉµÄÁÐ±í¡£playµÄÖ÷Òª¹¦ÄÜÔÚÓÚ½«ÊÂÏȹéΪһ×éµÄÖ÷»ú×°°ç³ÉÊÂÏÈͨ¹ýansibleÖеÄtask¶¨ÒåºÃµÄ½ÇÉ«¡£
githubÉÏÌṩÁË´óÁ¿µÄʵÀý¹©´ó¼Ò²Î¿¼ https://github.com/ansible/ansible-examples
4.1 ʵս-ʹÓÃPlaybookÅúÁ¿²¿Êð¶ą̀LAMP»·¾³
Playbook³£ÓÃÎļþ¼Ð×÷Óãº
files£º´æ·ÅÐèҪͬ²½µ½ÒìµØ·þÎñÆ÷µÄÔ´ÂëÎļþ¼°ÅäÖÃÎļþ£»
handlers£ºµ±·þÎñµÄÅäÖÃÎļþ·¢Éú±ä»¯Ê±ÐèÒª½øÐеIJÙ×÷£¬±ÈÈ磺ÖØÆô·þÎñ£¬ÖØмÓÔØÅäÖÃÎļþ£»['h?ndl?z]
´¦Àí³ÌÐò
meta£º½ÇÉ«¶¨Ò壬¿ÉÁô¿Õ£» ['met?] Ôª
tasks£ºÐèÒª½øÐеÄÖ´ÐеÄÈÎÎñ£»#ÈÎÎñ
templates£ºÓÃÓÚÖ´ÐÐlamp°²×°µÄÄ£°åÎļþ£¬Ò»°ãΪ½Å±¾£» ['templ?ts] Ä£°å
vars£º±¾´Î°²×°¶¨ÒåµÄ±äÁ¿
4.2 ʵս-ʹÓÃPlaybookÅúÁ¿²¿Êð¶ą̀LAMP»·¾³
Ê×ÏÈ£¬ÎÒÃÇ¿ÉÒÔÔÚansible·þÎñÆ÷ÉÏ°²×°LAMP»·¾³£¬È»ºó£¬ÔÙ½«ÅäÖÃÎļþͨ¹ýansible¿½±´µ½Ô¶³ÌÖ÷»úÉÏ
µÚÒ»²½£º°²×°httpdÈí¼þ
| [root@xuegod63
~]#yum install httpd -y |
µÚ¶þ²¿£º°²×°MySQL
root@xuegod63
~]# yuminstall mariadb-server mariadb -y
[root@xuegod63 ~]#mkdir -p /mydata/data #´´½¨Ä¿Â¼×÷ΪÊý¾Ý´æ·ÅµÄλÖÃ
[root@xuegod63 ~]#chown -R mysql:mysql /mydata/
[root@xuegod63 ~]#vim /etc/my.cnf #¸Ä±äÊý¾Ý´æ·ÅĿ¼
¸Ä£º2datadir=/var/lib/mysql
Ϊ£º2datadir=/mydata/data
[root@xuegod63 ~]#systemctl start mariadb |
µÚÈý²½£º°²×°PHPºÍphp-mysqlÄ£¿é
| [root@xuegod63
~]#yum install php php-mysql -y |
µÚËIJ½£ºÌṩphpµÄ²âÊÔÒ³
[root@xuegod63
~]#vim /var/www/html/index.php
<?php
phpinfo();
?> |
Æô¶¯httpd·þÎñ£¬ÔÚä¯ÀÀÆ÷ÖзÃÎÊ
[root@xuegod63
~]#systemctl restart httpd
[root@xuegod63 ~]#iptables -F |
²âÊÔ£ºhttp://192.168.1.63/index.php
È·±£ÒѾ³öÏÖÉÏÃæµÄ²âÊÔÒ³£¬¶øÇÒ£¬Òª¿´µ½MySQLÒѾ±»ÕûºÏ½øÀ´ÁË£¬²ÅÄܽøÐÐÏÂÒ»²½²Ù×÷
¶¨Òå×éÃû£º
[root@xuegod63
~]#vim /etc/ansible/hosts #»¹Ê¹ÓÃ֮ǰ¶¨ÒåºÃµÄ£¬ÕâÀï²»ÓÃÐÞ¸Ä
[web-servers]
192.168.1.63
192.168.1.64 |
È»ºó£¬½«¹«Ô¿ÐÅÏ¢¸´ÖƵ½±»¿ØÖƽڵ㣬ansibleºÍÁ½¸ö½Úµã¼äͨ¹ýssh½øÐÐÁ¬½Ó¡£ÏÂÃæ3¸öÃüÁî֮ǰÒѾ×ö¹ý£¬²»ÓÃÖ´ÐÐÁË¡£
[root@xuegod63
~]#ssh-keygen
[root@xuegod63 ~]#ssh-copy-id root@192.168.1.63
[root@xuegod63 ~]#ssh-copy-id root@192.168.1.64 |
4.2 ʹÓÃplaybook´´½¨Ò»¸öLAMP¹¹½¨µÄÈÎÎñ
1¡¢´´½¨Ïà¹ØÎļþ
[root@xuegod63
~]# mkdir -pv/etc/ansible/lamp/roles/ {prepare,httpd,mysql,php
}/{tasks,files,templates,vars,meta,default,handlers}
ÎÒÃǽ«ÉÏÃæ´î½¨³É¹¦µÄLAMP»·¾³µÄhttpdºÍMySQLµÄÅäÖÃÎļþ¿½±´µ½¶ÔӦĿ¼ÏÂ
[root@xuegod63 ~]# cd/etc/ansible/
[root@xuegod63 ~]# cp/etc/httpd/conf/httpd.conf
lamp/roles/httpd/files/
[root@xuegod63 ~]# cp/etc/my.cnf lamp/roles/mysql/files/ |
дprepare£¨Ç°ÆÚ×¼±¸£©½ÇÉ«µÄplaybooks
[root@xuegod63ansible]#
vim lamp/roles/prepare/tasks/main.yml #¸´ÖÆÒÔϺìÉ«ÄÚÈݵ½ÎļþÖУ¬ÅäÖúÃyumÔ´
- name: delete yumconfig
shell: rm -rf /etc/yum.repos.d/* #ɾ³ýÔÓеÄyumÅäÖÃÎļþ
- name: provide yumrepofile
shell: wget -O /etc/yum.repos.d/CentOS-Base.repohttp://mirrors.aliyun.com/repo/Centos-7.repo
#ÏÂÔØеÄyumÅäÖÃÎļþ
- name: clean the yumrepo
shell: yum cleanall #Çå³ýÔÓеÄyum»º´æÐÅÏ¢
- name: clean theiptables
shell: iptables -F #Çå³ýÔÓзÀ»ðǽ¹æÔò£¬²»È»ºó¿ÉÄÜÉϲ»ÁËÍø |
2¡¢¹¹½¨httpdµÄÈÎÎñ
root@xuegod63roles]#
cd /etc/ansible/lamp/roles
[root@xuegod63roles]# mv /var/www/html/index.php
httpd/files/
[root@xuegod63roles]# vim httpd/tasks/main.yml
#½«ÒÔÏÂÄÚÈݸ´ÖƵ½ÎļþÖÐ
- name: web serverinstall
yum:name=httpd state=present #°²×°httpd·þÎñ
- name: provide testpage
copy:src=index.php dest=/var/www/html #Ìṩ²âÊÔÒ³
- name: delete apacheconfig
shell: rm -rf /etc/httpd/conf/httpd.conf #ɾ³ýÔÓеÄapacheÅäÖÃÎļþ£¬Èç¹û²»É¾³ý£¬ÏÂÃæµÄcopyÈÎÎñÊDz»»áÖ´Ðеģ¬ÒòΪµ±Ô´Îļþhttpd.confºÍÄ¿±êÎļþÒ»Ñùʱ£¬copyÃüÁîÊDz»Ö´Ðеġ£Èç¹ûcopyÃüÁî²»Ö´ÐУ¬ÄÇônotify½«²»µ÷ÓÃhandler¡£
- name: provideconfiguration file
copy: src=httpd.confdest=/etc/httpd/conf/httpd.conf
#ÌṩhttpdµÄÅäÖÃÎļþ
notify: restart httpd #µ±Ç°ÃæµÄcopy¸´ÖƳɹ¦ºó£¬Í¨¹ýnotify֪ͨÃû×ÖΪrestart
httpdµÄhandlersÔËÐС£ |
À©Õ¹£ºnotifyºÍhandlers notify ֪ͨ
notify£ºÕâ¸öaction¿ÉÓÃÓÚÔÚÿ¸öplayµÄ×îºó±»´¥·¢£¬ÕâÑù¿ÉÒÔ±ÜÃâ¶à´ÎÓиı䷢Éúʱ£¬Ã¿´Î¶¼Ö´ÐÐÖ¸¶¨µÄ²Ù×÷£¬È¡¶ø´úÖ®£¬½öÔÚËùÓеı仯·¢ÉúÍê³ÉºóÒ»´ÎÐÔµØÖ´ÐÐÖ¸¶¨²Ù×÷¡£
ÔÚnotifyÖÐÁгöµÄ²Ù×÷³ÆΪhandler£¬Ò²¼´notifyÖе÷ÓÃhandlerÖж¨ÒåµÄ²Ù×÷¡£
---- name: test.ymljust
for test
hosts: testserver
vars:
region: ap-southeast-1
tasks:
- name: template configuration
file template: src=template.j2dest=/etc/foo.conf
notify:
- restart memcached
- restart apache
handlers:
- name: restart memcached
service: name=memcachedstate=restarted
- name: restart apache
service: name=apachestate=restarted |
handlers¸ÅÊö£º
Handlers Ò²ÊÇһЩ task µÄÁбí,ͨ¹ýÃû×ÖÀ´ÒýÓÃ,ËüÃǺÍÒ»°ãµÄ task ²¢Ã»ÓÐʲôÇø±ð¡£
Handlers ÊÇÓÉ֪ͨÕß½øÐÐnotify, Èç¹ûûÓб» notify£¬handlers ²»»áÖ´ÐС£
²»¹ÜÓжàÉÙ¸ö֪ͨÕß½øÐÐÁËnotify£¬µÈµ½ play ÖеÄËùÓÐtask Ö´ÐÐÍê³ÉÖ®ºó,handlers
Ò²Ö»»á±»Ö´ÐÐÒ»´Î¡£
Handlers ×î¼ÑµÄÓ¦Óó¡¾°ÊÇÓÃÀ´ÖØÆô·þÎñ,»òÕß´¥·¢ÏµÍ³ÖØÆô²Ù×÷.³ý´ËÒÔÍâºÜÉÙÓõ½ÁË¡£
3¡¢¹¹½¨httpdµÄhandlers
[root@xuegod63roles]#
vim httpd/handlers/main.yml
- name: restart httpd
service:name=httpd enabled=yes state=restarted |
4¡¢²¿ÊðÎÒÃǵÄmariadbÊý¾Ý¿â
´´½¨MySQL·þÎñµÄÈÎÎñ£¬ÐèÒª°²×°MySQL·þÎñ£¬¸Ä±äÊôÖ÷ÐÅÏ¢£¬Æô¶¯MySQL
[root@xuegod63roles]#
cd /etc/ansible/lamp/roles
[root@xuegod63roles]# vim mysql/tasks/main.yml
- name: install themysql
yum: name=mariadb-server state=present #°²×°mysql·þÎñ
- name: mkdir date directory
shell: mkdir -p /mydata/data #´´½¨¹ÒÔصãĿ¼
- name: provideconfigration file
copy: src=my.cnf dest=/etc/my.cnf #ÌṩmysqlµÄÅäÖÃÎļþ
- name: chage theowner
shell: chown -R mysql:mysql /mydata/* #¸ü¸ÄÊôÖ÷ºÍÊô×é
- name: start mariadb
service: name=mariadb enabled=yesstate=started
#Æô¶¯mysql·þÎñ |
5¡¢¹¹½¨PHPµÄÈÎÎñ
[root@xuegod63roles]#
vim php/tasks/main.yml
- name: install php
yum: name=phpstate=present #°²×°php
- name: installphp-mysql
yum:name=php-mysql state=present #°²×°phpÓëmysql½»»¥µÄ²å¼þ |
6¡¢¶¨ÒåÕû¸öµÄÈÎÎñ
[root@xuegod63roles]#
cd /etc/ansible/lamp/roles
[root@xuegod63roles]# vim site.yml #дÈëÒÔÏÂÄÚÈÝ
- name: LAMP build
remote_user: root
hosts: web-servers
roles:
- prepare
- mysql
- php
- httpd |
×¢£ºËùÓÐymlµÄÅäÖÃÎļþÖУ¬¿Õ¸ñ±ØÐëÑϸñ¶ÔÆë
¿ªÊ¼²¿Êð£º
| [root@xuegod63roles]#
ansible-playbook -i /etc/ansible/hosts /etc/ansible/lamp/roles/site.yml |
È»ºó£¬ÔÚä¯ÀÀÆ÷ÖзÃÎÊÕâÁ½Ì¨½ÚµãÖ÷»ú£¬¿ÉÒÔÖ±½Ó·ÃÎʳɹ¦¡£
http://192.168.1.63/index.php
http://192.168.1.64/index.php
×¢:
1¡¢Ä¬ÈÏÇé¿öÏ£¬Ê״εǽһ̨·þÎñÆ÷£¬ÏµÍ³»áÌáʾÊÇ·ñÒª¼Çס¶Ô¶ËµÄÖ¸ÎÆ£¬ÓÃansibleÒ²»áÕâÑù£¬ÕâÑù»áµ¼ÖÂÐèÒªÊÖ¹¤ÊäÈëyes»òno£¬ansible
²Å¿ÉÒÔÍùÏÂÖ´ÐС£ÈçÐè±ÜÃâÕâÖÖÇé¿ö£¬ÐèÒªÔÚ /etc/ansible/ansible.cfg ÎļþÖÐÉèÖÃ
host_key_checking= False
Àý1£º
[root@xuegod63roles]#
rm -rf /root/.ssh/known_hosts
[root@xuegod63roles]# ansible-playbook -i /etc/ansible/hosts
./site.yml #·¢ÏÖÐèÒªÊäÈëyes£¬À´±£´æ¶Ô¶ËµÄÖ¸ÎÆ |
½â¾ö£º
[root@xuegod63roles]#
vim /etc/ansible/ansible.cfg
¸Ä£º62 #host_key_checking =False #¾ÍÊÇ°ÑÇ°ÃæµÄ#ºÅÈ¥ÁË
Ϊ£ºhost_key_checking = False
[root@xuegod63roles]# rm -rf /root/.ssh/known_hosts
[root@xuegod63roles]# ansible-playbook -i /etc/ansible/hosts
./site.yml #·¢ÏÖ²»ÐèÒªÊäÈëyes£¬¿ÉÒÔ×Ô¶¯°²×°ÁË |
|
