±à¼ÍƼö: |
±¾ÎÄÖ÷Òª½éÉÜÁËansibleµÄ¼òµ¥Ó¦Ó㬰üÀ¨»ù±¾¼Ü¹¹£¬¶ÔansibleµÄ°²×°ÅäÖÃÒÔ¼°²¿Êð£¬Ï£Íû¶ÔÄúµÄѧϰÓÐËù°ïÖú¡£
±¾ÎÄÀ´×ÔÓÚ¼òÊ飬ÓÉ»ðÁú¹ûÈí¼þAlice±à¼¡¢ÍƼö¡£ |
|
Ò»¡¢³õʶansible
1¡¢ansibleÊÇгöÏÖµÄ×Ô¶¯»¯ÔËά¹¤¾ß
ansibleÊÇÒ»¸öÅäÖùÜÀíºÍÓ¦Óò¿Ê𹤾ß,»ùÓÚPython¿ª·¢£¬¼¯ºÏÁËÖÚ¶àÔËά¹¤¾ß£¨puppet¡¢cfengine¡¢chef¡¢func¡¢fabric¡¢SaltStack
£©µÄÓŵ㣬ʵÏÖÁËÅúÁ¿ÏµÍ³ÅäÖá¢ÅúÁ¿³ÌÐò²¿Êð¡¢ÅúÁ¿ÔËÐÐÃüÁîµÈ¹¦ÄÜ¡£ansibleÊÇ»ùÓÚÄ£¿é¹¤×÷µÄ£¬±¾ÉíûÓÐÅúÁ¿²¿ÊðµÄÄÜÁ¦¡£ÕæÕý¾ßÓÐÅúÁ¿²¿ÊðµÄÊÇansibleËùÔËÐеÄÄ£¿é£¬ansibleÖ»ÊÇÌṩһÖÖ¿ò¼Ü¡£
2¡¢ansibleÔÚÉú²ú»·¾³µ±ÖеÄÓ¦ÓÃ
×Ô¶¯»¯²¿ÊðÓ¦ÓÃ
×Ô¶¯»¯¹ÜÀíÅäÖÃ
×Ô¶¯»¯³ÖÐø½»¸¶
×Ô¶¯»¯(aws)ÔÆ·þÎñÆ÷¹ÜÀí
3¡¢ansibleµÄÓŵã
(1).ansibleôÛºÏÁËÖÚ¶àÀÏÅÆÔËά¹¤¾ßµÄÓŵ㣬»ù±¾ÉÏpubbetºÍsaltstackÄÜʵÏֵŦÄÜÈ«²¿ÄÜʵÏÖ£»
(2).ÇáÁ¿¼¶£¬ÎÞÐèÔÚ¿Í»§¶Ë°²×°agent£¬¸üÐÂʱ£¬Ö»ÐèÔÚ²Ù×÷»úÉϽøÐÐÒ»´Î¸üм´¿É£»
(3).ansibleÊÇÒ»¸ö¹¤¾ß£¬ansible²»ÐèÒªÆô¶¯·þÎñ£¬½ö½öÖ»ÊÇÒ»¸ö¹¤¾ß£¬¿ÉÒÔÇáËɵÄʵÏÖ·Ö²¼Ê½À©Õ¹£»
(4).ÅúÁ¿ÈÎÎñÖ´ÐпÉÒÔд³É½Å±¾£¬¶øÇÒ²»Ó÷ַ¢µ½Ô¶³Ì¾Í¿ÉÒÔÖ´ÐУ»
(5).ansibleÊÇÒ»ÖÂÐÔ£¬¸ß¿É¿¿ÐÔ£¬°²È«ÐÔÉè¼ÆµÄÇáÁ¿¼¶×Ô¶¯»¯¹¤¾ß£»
(6).ʹÓÃpython±àд£¬Î¬»¤¸ü¼òµ¥£¬rubyÓï·¨¹ýÓÚ¸´ÔÓ£»
4¡¢ansibleÌØÐÔ
(1)¡¢no agents£º²»ÐèÒªÔÚ±»¹Ü¿ØÖ÷»úÉϰ²×°Èκοͻ§¶Ë£»
(2)¡¢no server£ºÎÞ·þÎñÆ÷¶Ë£¬Ê¹ÓÃʱֱ½ÓÔËÐÐÃüÁî¼´¿É£»
(3)¡¢modules in any languages£º»ùÓÚÄ£¿é¹¤×÷£¬¿ÉʹÓÃÈÎÒâÓïÑÔ¿ª·¢Ä£¿é£»
(4)¡¢yaml£¬not code£ºÊ¹ÓÃyamlÓïÑÔ¶¨Öƾ籾playbook£»
(5)¡¢ssh by default£º»ùÓÚSSH¹¤×÷£»
(6)¡¢strong multi-tier solution£º¿ÉʵÏֶ༶ָ»Ó
5¡¢ansibleµÄ»ù±¾¼Ü¹¹ (ansibleÊÇÄ£¿é»¯µÄ ËüËùÓеIJÙ×÷¶¼ÒÀÀµÓÚÄ£¿é)
1.connectior plugins (Á¬½Ó²å¼þ):ÓÃÓÚÁ¬½ÓÖ÷»ú,ÓÃÀ´Á¬½Ó±»¹ÜÀí¶Ë
2.core modules (ºËÐÄÄ£¿é):Á¬½ÓÖ÷»úʵÏÖ²Ù×÷,ËüÒÀÀµÓÚ¾ßÌåµÄÄ£¿éÀ´×ö¾ßÌåµÄÊÂÇé
3.custom modules (×Ô¶¨ÒåÄ£¿é):¸ù¾Ý×Ô¼ºµÄÐèÇó±àд¾ßÌåµÄÄ£¿é
4.plugins (²å¼þ):Íê³ÉÄ£¿é¹¦ÄܵIJ¹³ä
5.playbooks(¾ç±¾):ansibleµÄÅäÖÃÎļþ,½«¶à¸öÈÎÎñ¶¨ÒåÔھ籾ÖÐ,ÓÉansible×Ô¶¯Ö´ÐÐ
6.host inventory (Ö÷»úÇåµ¥):¶¨ÒåansibleÐèÒª²Ù×÷Ö÷»úµÄ·¶Î§
7.¼Ü¹¹Í¼¡ý£º
8.Ö´ÐÐÁ÷³Ì¡ý£º
¶þ¡¢°²×°ansible
1¡¢°²×°ÐëÖª
ansibleÖ»ÊÇÒ»¸ö½ø³Ì£º²»ÐèÒªÌí¼ÓÊý¾Ý¿âÒ²²»ÐèÒªÆô¶¯ºÍÔËÐÐÊØ»¤½ø³ÌËüÖ»ÊÇÒ»¸ö½ø³ÌÄã¿ÉÒÔÇáËÉʹÓÃËü°²×°ÔÚÈκÎÒ»µãÖ÷»úÉÏÃæ£¨³ýÁËwindows£©ansible¹ÜÀí»ú²»Äܰ²×°µ½windowsÉÏÃæ£¬windowsÖ»Äܱ»¹ÜÀí¡£ÕâºÍsaltstackÊÇÒ»ÑùµÄ¡£
°æ±¾µÄÑ¡Ôñ£ºÒòΪ2.0Óзdz£´óµÄ¸Ä½ø Ò»°ã¶¼»áʹÓÃ2.0ÒÔÉϵİ汾
¿ØÖÆ»úµÄÒªÇó£ºÒòΪansibleÊÇpythonдµÄ ËùÒÔÐèÒªÔÚ°²×°ÁËpython2.6»òÕß2.7ÒÔÉϵÄpython°æ±¾²Å¿ÉÒÔ°²×°
¹ÜÀí½ÚµãµÄÒªÇó£ºÐèÒª°²×°ssh python°æ±¾ÔÚ2.5ÒÔÉÏ
2¡¢ÈýÖÖ°²×°·½Ê½ [¹ÙÍø°²×°·½Ê½]
yum -y install ansible wget -O /etc/yum.repos.d
/ epel.repo µãÎÒÏÂÔØyumÔ´
pip install ansible
´ÓgithubÏÂÔØ
$ git clone git£º//github.com/ansible/ansible.git
--recursive
$ cd ./ansible
$ make rpm
$ sudo rpm -Uvh ./rpm-build/ansible-*.noarch.rpm |
3¡¢²é¿´°æ±¾£¬Ö¤Ã÷ÒѾ°²×°³É¹¦
[root@master ~
19:14:06]# ansible --version
ansible 2.7.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Jul 13 2018,
13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
|
»¹¿É²é¿´³öÅäÖÃÎļþËùÔÚλÖãºconfig file = /etc/ansible
/ ansible.cfg
Èý¡¢ansibleÓ¦ÓÃ
1¡¢ÐèҪעÒ⼸¸öÎļþ£º
¢Ù¡¢Ò»¸öÊÇÅäÖÃÎļþ£¨ËùÔÚλÖãº/etc/ansible/ansible.cfg£©ÅäÖÃÎļþÏê½â
AnsibleÖеÄijЩÉèÖÿÉͨ¹ýÅäÖÃÎļþ£¨ansible.cfg£©½øÐе÷Õû¡£¶ÔÓÚ´ó¶àÊýÓû§À´Ëµ£¬¿â´æÅäÖÃÓ¦¸Ã×ã¹»ÁË£¬µ«¿ÉÄÜÓÐÆäËûÔÒòÒª¸ü¸ÄËüÃÇ¡£
¢Ú¡¢ÁíÒ»¸öÊÇÖ÷»úÇåµ¥inventory£¨ËùÔÚλÖãº/etc/ansible/hosts£©¡£
¼ÈÈ»ÊÇÅúÁ¿¹ÜÀíÖ÷»ú£¬ÄÇô¾ÍÐèÒªÓйÜÀí¶ÔÏó£¬Ö÷»úÇåµ¥ÀïдµÄ¶¼ÊDZ»¹ÜÀíµÄÖ÷»ú£¬¶øÇÒ¿ÉÒÔ·Ö×飬ÿ×é¶¼¿ÉÒÔ´«µÝÖ¸¶¨²ÎÊý¡£
¢Û¡¢ÔÙÒ»¸ö¾ÍÊÇ×Ô¼ºÐ´µÄµÄ.ymlÎļþ£¨playbook¾ç±¾Îļþ£¬Ö®ºóÏê½â£©¡£
2¡¢Ö÷»úÇåµ¥ inventory
ÒÔÎļþÐÎʽÅäÖÃÖ÷»úÇåµ¥£¬²¢Ö´ÐÐ
[root@master /
22:48:58]#cat /etc/ansible/hosts
[ceshi] -->¡¾·Ö×飬×éÃû¡¿
10.0.0.11
10.0.0.13
10.0.0.14
[ceshi2] -->¡¾·Ö×飬×éÃû¡¿
10.0.0.15
10.0.0.16
10.0.0.17
[ceshi2:vars] -->¡¾¿É´«Ò»Ð©±äÁ¿£¬ÓÐһЩϵͳ±äÁ¿£¬ Ò²¿ÉÒÔ×Ô¶¨Òå±äÁ¿¡¿
ansible_ssh_pass='ÃÜÂë' --> ¡¾¼ÓÉÏÕâ¸ö¾Í²»ÓÃÊäÈëÃÜÂ룬Ҳ²»ÓÃÃÜÔ¿¡¿
ansible_ssh_port=22
ansible_ssh_user='liyonghui'¿ÉÉèÖõǼÓû§
[ceshi3] -->¡¾·Ö×飬×éÃû¡¿
10.0.0.18 ansible_ssh_pass='ÃÜÂë' ansible_ssh_port=22
10.0.0.19 ansible_ssh_pass='ÃÜÂë' ansible_ssh_port=22
10.0.0.20 ansible_ssh_pass='ÃÜÂë' ansible_ssh_port=22 |
ÁоÙinventoryÄÚÖòÎÊý£º
ansible_ssh_host
# ÒªÁ¬½ÓµÄÖ÷»úÃû
ansible_ssh_port # ¶Ë¿ÚºÅĬÈÏÊÇ22
ansible_ssh_user # sshÁ¬½ÓʱĬÈÏʹÓõÄÓû§Ãû
ansible_ssh_pass # sshÁ¬½ÓʱµÄÃÜÂë
ansible_sudo_pass # ʹÓÃsudoÁ¬½ÓÓû§ÊǵÄÃÜÂë
ansible_ssh_private_key_file # ÃØÔ¿ÎļþÈç¹û²»ÏëʹÓà ssh-agent¹ÜÀíʱ¿ÉÒÔʹÓôËÑ¡Ïî
ansible_shell_type # shellµÄÀàÐÍĬÈÏsh
ansible_python _ interpreter #ÓÃÀ´Ö¸¶¨ python <br>½âÊÍÆ÷µÄ·¾¶£¬Í¬Ñù¿ÉÒÔÖ¸¶¨ruby
¡¢perl µÄ·¾¶ |
2£¬ÒÔĿ¼ÐÎʽÅäÖÃÖ÷»úÇåµ¥£¬²¢Ö´ÐÐ
[root@master ~/inventory
20:27:29]#ls
ceshi1 ceshi2
[root@master ~/inventory 20:31:23]#cat /root/inventory/ceshi1
10.0.0.11 ansible_ssh_pass='root1234'
[root@master ~/inventory 20:31:29]#cat /root/inventory/ceshi2
10.0.0.129 ansible_ssh_pass='1234'
[root@master ~/inventory 20:31:45]#cd -
/root
[root@master ~ 20:32:06]#ansible -i inventory
all -a 'uptime'
10.0.0.129 | CHANGED | rc=0 >>
20:32:37 up 2:47, 2 users, load average: 0.00,
0.00, 0.00
10.0.0.11 | CHANGED | rc=0 >>
23:32:37 up 2:47, 2 users, load average: 0.00,
0.01, 0.05 |
3£¬ÒÔÎļþÐÎʽÅäÖÃÖ÷»úÇåµ¥£¬¿ÉÓÃchildrenµÄÐÎʽ¼Ì³Ð±äÁ¿
[ceshi]
10.0.0.11
[ceshi:vars]
ansible_ssh_user='liyonghui'
[ceshi2]
10.0.0.17
10.0.0.18 [ceshi:children] --> ÄÇôͨ¹ý¼Ì³Ð£¬ceshi2 ×éµÄ ansible_ssh_userºÍ
ceshi ×éÏàͬ
ceshi2 |
4£¬¶¯Ì¬ inventory£¨ÒÔpython½Å±¾µÄÐÎʽִÐУ©
¶¯Ì¬inventoryµÄÒâ˼ÊÇËùÓеıäÁ¿¿ÉÒÔ´ÓÍⲿ»ñÈ¡,Ò²¾ÍÊÇ˵ÎÒÃÇ¿ÉÒÔ´ÓCMDBÒÔ¼°zabbixϵͳÀÈ¡ËùÓеÄÖ÷»úÐÅϢȻºóʹÓÃansible½øÐйÜÀí¡£ÒýÓÃinventoryÖ»ÐèÒª°Ñansible.cfgÎļþÖеÄ
inventory¶¨ÒåÖµ¸Ä³ÉÒ»¸öÖ´Ðнű¾¼´¿É¡£
3¡¢Á¬½ÓÖ÷»úµÄ²»Í¬·½Ê½
ÎÒÃÇÒª²Ù×÷Ö÷»ú£¬Ê×ÏȵÃÁ¬½ÓÖ÷»ú¡£Èç¹ûÊÇÅúÁ¿¹ÜÀíµÄ»°£¬ÎÒÃǿ϶¨²»Ï£Íûÿ̨Ö÷»ú¶¼ÊäÈëÃÜÂë¡£ËùÒÔ£¬ÓÐÈýÖÖÁ¬½Ó·½Ê½£¬¿ÉÒÔÁ¬½ÓÉÏÖ÷»ú²¢Ö´ÐвÙ×÷£º
1£¬-kÖ¸¶¨ÊäÈëÃÜÂë¡£
Ö´ÐÐʱ£ºansible -i /etc/ansible/hosts ceshi -a 'uptime'
-k¡¾-k²ÎÊýÖ¸¶¨ÊäÈëÃÜÂë¡¿
2£¬Ê¹ÓÃÃÜÔ¿¡£
ÃÜÔ¿ÈÏÖ¤·½Ê½Á¬½Ó£º
Éú³ÉÃÜÔ¿£ºssh-keygen -t rsa£¨¹ÜÀí»ú£©
·¢ËÍÃÜÔ¿£ºssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.129
£¨·¢ËÍÖÁ±»¹ÜÀí»ú£©
Ö´ÐÐÃüÁansible ceshi2 -a 'date' £¨²»ÐèÒªÃÜÂ룩
3£¬ÔÚÖ÷»úÇåµ¥ÀïÅäÖÃansible_ssh_pass='ÃÜÂë'¡£
4¡¢ÈÎÎñÖ´ÐÐģʽ
ansibleϵͳÓÉ¿ØÖÆÖ÷»ú¶Ô±»¹Ü½ÚµãµÄ²Ù×÷·½Ê½ÓÐÁ½ÖÖ£ºAd-HocºÍplaybook
(1)¡¢Ad-Hoc£ºµ¥ÃüÁîģʽ£¬¿ÉÒÔ¶Ô¶ą̀Ö÷»úÖ´Ðе¥¸öÃüÁî¡£
ansible all -a "/bin/echo hello"
(2)¡¢playbook£ºÍ¨¹ý¶à¸ötasksµÄ¼¯ºÏÍê³ÉÒ»À๦ÄÜ£¬ÈçwebµÄ°²×°²¿Êð£¬Êý¾Ý¿â·þÎñÆ÷µÄÅúÁ¿±¸·ÝµÈ¡£
5¡¢ansibleÃüÁî £¨ansible³£ÓÃÄ£¿é¼ò½é£©
°²×°Íêansibleºó£¬ansibleΪÎÒÃÇÌṩÁ˶à¸öÖ¸Áî¡£
¿Éͨ¹ýls /usr/bin/ | grep ansible | grep -v [0-9]²é¿´¡£
Ö¸Áansible¡¢ansible-doc¡¢ansible-galaxy¡¢ansible-inventory¡¢ansible
- playbook ¡¢ansible - pull ¡¢ansible-vault¡¢ansible-config¡¢ansible-connection¡¢ansible-console
¡£
ͨ¹ý ¡°Ö¸Áî -h¡± µÄ·½Ê½¿É»ñÈ¡Ó÷¨£¨Usage£©¡£
(1)¡¢ansible£¨µ¥ÃüÁ³£Óã©
[root@localhost
~]# ansible -h
Usage: ansible <host-pattern> [options]
Ó÷¨£º ansible Ö÷»ú Ñ¡Ï²ÎÊý£© |
ansibleÊÇÖ¸ÁîºËÐIJ¿·Ö£¬ÆäÖ÷ÒªÓÃÓÚÖ´ÐÐAd-HocÃüÁ¼´µ¥ÌõÃüÁĬÈϺóÃæÐèÒª¸úÖ÷»úºÍÑ¡Ï·Ö£¬Ä¬Èϲ»Ö¸¶¨Ä£¿éʱ£¬Ê¹ÓõÄÊÇcommandÄ£¿é¡£È磺
[root@master ~
18:57:10]# ansible 10.0.0.11 -a 'date'
10.0.0.11 | CHANGED | rc=0 >>
Mon Jan 21 21:59:50 EST 2019 |
ĬÈÏʹÓõÄÄ£¿éÊÇ¿ÉÒÔÔÚansible.cfgÖнøÐÐÐ޸ĵġ£ansibleÃüÁîϵIJÎÊý²¿·Ö½âÊÍÈçÏ¡ýÁ´½Ó??£¬Í¨¹ý
ansible -h Ò²¿É²é¿´£º
ansible²ÎÊý˵Ã÷
(2)¡¢ansible-doc (²é¿´°ïÖúÎĵµ£¬³£ÓÃ)
[root@master /log.txt
19:11:24]#ansible-doc -h
Usage: ansible-doc [-l|-F|-s] [options] [-t <plugin
type> ] [plugin] |
ansible-doc -l (²é¿´¿ÉÓÃÄ£¿é) ÌØ±ð¶à£¬¿ÉÓÃgrep¹ýÂËÒ»ÏÂ
ansible-doc -l|grep copy (²é¿´¿ÉÓõÄÓÐ¹Ø copy µÄÄ£¿é)
ansible-doc -s Ä£¿éÃû (²é¿´Ä³¸öÄ£¿éµÄ¾ßÌåÓ÷¨)
(3)¡¢ansible-playbook (¶àÈÎÎñ£¬³£Óã¬Ö®ºóÏê½â)
[root@master /usr/bin
19:21:28]#ansible-playbook -h
Usage: ansible-playbook [options] playbook.yml
[playbook2 ...] |
(4)¡¢ansible-pull£¨´ÓÍøÉÏÀÏÂplaybook£¬ÒÔ¹©ansible-playbookÔËÐУ©
[root@master /usr/bin
19:22:23]#ansible-pull -h
Usage: ansible-pull -U <repository> [options]
[<playbook.yml>] |
(5)¡¢ansible-galaxy (Ö´Ðи÷ÖÖÓërolesÏà¹ØµÄ²Ù×÷£¬ÊÇÒ»¸öÃâ·ÑÍøÕ¾£¬ÓÃÓÚ²éÕÒ£¬ÏÂÔØ£¬ÆÀ¼¶ºÍÉó²é¸÷ÖÖÉçÇø¿ª·¢µÄAnsible
roles)
[root@master /log.txt
19:15:18]#ansible-galaxy -h
Usage: ansible-galaxy [delete|import|info|init|install|list|login|<br> remove|search|setup]
[--help] [options] ... |
[root@master /log.txt
19:15:18]#ansible-galaxy -h
Usage: ansible-galaxy [delete|import|info|init|install|list|login|remove| search|setup]
[--help] [options] ... |
(6)¡¢ansible-inventory
[root@master /usr/bin
19:18:53]#ansible-inventory -h
Usage: ansible-inventory [options] [host|group] |
(7)¡¢ansible-vault
[root@master /usr/bin
19:23:14]#ansible-vault -h
Usage: ansible-vault [create|decrypt|edit|encrypt|encrypt_string|rekey |view]
[options] [vaultfile.yml] |
ËÄ¡¢playbookÏê½â
Ïê¼ûÁ´½Ó£ºplaybookÏê½â
ansibleÓ¦ÓÃʵÀý£ºansibleÓ¦ÓÃʵÀý
Îå¡¢±¨´í½â¾ö
ÔÚÖ´Ðйý³ÌÖУ¬Èç¹û±¨ÒÔÏ´íÎó£º
10.0.0.129 | UNREACHABLE!
=> { "changed": false,
"msg": "Failed to connect to the
host via ssh:
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING
NASTY!
Someone could be eavesdropping on you right now
(man-in-the-middle attack)!
It is also possible that a host key has just been
changed.
The fingerprint for the ECDSA key sent by the
remote host is
SHA256:GvppMUVZGPWsH+J4AC9bbHbOyCbCV0ZQMr0QbmHLtmc.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts
to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:2
Challenge/response authentication is disabled
to avoid man-in-the-middle attacks.
Permission denied (publickey,password). ",
"unreachable": true
} |
ÔÒò£ºÁ¬½ÓÖ÷»úµÄ¹«Ë½Ô¿·¢Éú±ä»¯£¬Óë±¾»ú¼Ç¼µÄ²»Ò»Ö£¬»á±¨´í¡£
½â¾ö£ºssh-keygen -R 10.0.0.129 #Ìæ»»ÎªÄãµÄip»òÓòÃû
[root@master /etc/ssh
01:00:30]#ssh-keygen -R 10.0.0.129
# Host 10.0.0.129 found: line 2
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old |
|