Ansible
ansible不需要任何agent,除了sshd,在ansible不执行时不占用管控端任何资源(默认支持ssh,也支持其他)ansible也没有服务端,只有在需要时执行命令即可ansible基于模块工作,执行命令,脚本,计划任务等都需要一个模块来实现,ansible有近百个模块,模块可以由任意编程语言开发ansible支持yaml语言任务列表,来做多主机多任务
ansible由python研发
YAML语法和其他语法类似,可以简单表达清单,散列,标量等数据结构。其结构(structure)通过空格来展示,序列(sequence)里的项用“-”来代表,map里的键值对用“:"分割。如下实例:
- hosts: 主机名或组名,可以是多个
vars:
http_prot:80
max_clients:256
remote_user:root
tashs: 任务
- name:任务名称
yum: name=httpd state=latest 安装httpd
- name:
service: name=httpd state=started 确保安装后能够启动下载ansible:
https://pypi.python.org/pypi/ansible
http://pkgs.org/download/ansible
https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz
一,编译安装ansible1,安装依赖包:
yum install python-jinja2 PyYAML python-paramiko python-babel python-crypto pip* gcc python-devel
wget -P /usr/local/ https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz && cd /usr/local
tar xf ansible-2.0.1.0.tar.gz
ln -sv ansible-2.0.1.0 ansible
cd ansible
python setup.py build
python setup.py install
mkdir /etc/ansible
cp -r examples/* /etc/ansible
[root@yum-down bin]# ls /etc/ansible/
ansible.cfg 配置文件
hosts 主机文件
yum remove python-jinja2 PyYAML python-paramiko python-babel python-crypto gcc python-devel
在hosts文件中,定义主机可以单独写主机名或者ip,也可以使用[主机组],或者通配符www.[1*].com
1,添加主机:
[db-server]
192.168.1.7
192.168.1.8
[web-server]
192.168.1.4
2,添加ssh-key
[root@yum-down ansible]# ssh-keygen -t rsa -P ''
[root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.4
[root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.7
[root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.8
3,查看时间
[root@yum-down bin]# ./ansible all -a 'date'
192.168.1.7 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:16 PDT 2016
192.168.1.8 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:16 PDT 2016
192.168.1.4 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:16 PDT 2016
[root@yum-down bin]# ./ansible all -m command -a 'date'
192.168.1.4 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:36 PDT 2016
192.168.1.7 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:36 PDT 2016
192.168.1.8 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:36 PDT 2016
[root@yum-down bin]# ./ansible all -m command -a 'service httpd status'
192.168.1.7 | FAILED | rc=3 >>
httpd is stopped
192.168.1.8 | FAILED | rc=3 >>
httpd is stopped
192.168.1.4 | FAILED | rc=3 >>
httpd is stopped
4,列出所有模块的支持[root@yum-down bin]# ./ansible-doc -l查看模块的参数帮助[root@yum-down bin]# ./ansible-doc -s copy
二,yum安装 yum -y install ansible即可1,文件推送copy将root下epel-release-6-8.noarch.rpm推送到db-server组中机器的opt目录下
[root@node ansible]# ansible db-server -m copy -a "src=/root/epel-release-6-8.noarch.rpm dest=/opt/"
192.168.1.8 | success >> {
"changed": true,
"checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a",
"dest": "/opt/epel-release-6-8.noarch.rpm",
"gid": 0,
"group": "root",
"md5sum": "2cd0ae668a585a14e07c2ea4f264d79b",
"mode": "0644",
"owner": "root",
"size": 14540,
"src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-117005813385704/source",
"state": "file",
"uid": 0
}
192.168.1.7 | success >> {
"changed": true,
"checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a",
"dest": "/opt/epel-release-6-8.noarch.rpm",
"gid": 0,
"group": "root",
"md5sum": "2cd0ae668a585a14e07c2ea4f264d79b",
"mode": "0644",
"owner": "root",
"size": 14540,
"src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-59861356394345/source",
"state": "file",
"uid": 0
}
[root@node ansible]#
2,验证
[root@node ansible]# ansible db-server -a "ls /opt"
192.168.1.8 | success | rc=0 >>
epel-release-6-8.noarch.rpm
logstash
rh
192.168.1.7 | success | rc=0 >>
epel-release-6-8.noarch.rpm
rh
[root@node ansible]#
定义cron任务
[root@node ansible]# ansible all -m cron -a'name="custom job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 192.168.1.6"'
192.168.1.7 | success >> {
"changed": true,
"jobs": [
"custom job",
"linuxea job"
]
}
192.168.1.4 | success >> {
"changed": true,
"jobs": [
"custom job",
"linuxea job"
]
}
192.168.1.8 | success >> {
"changed": true,
"jobs": [
"custom job",
"linuxea job"
]
}
查看:
[root@node ansible]# ansible all -a "crontab -l"
192.168.1.7 | success | rc=0 >>
#Ansible: custom job
*/3 * * * * /usr/sbin/ntpdate 192.168.1.6
192.168.1.8 | success | rc=0 >>
#Ansible: custom job
*/3 * * * * /usr/sbin/ntpdate 192.168.1.6
192.168.1.4 | success | rc=0 >>
#Ansible: custom job
*/3 * * * * /usr/sbin/ntpdate 192.168.1.6
[root@node ansible]#
创建组:
[root@node ansible]# ansible-doc -s group
action: group
gid # Optional `GID' to set for the group.
name= # Name of the group to manage.
state # Whether the group should be present or not on the remote host.
system # If `yes', indicates that the group created is a system group.
[root@node ansible]# ansible all -m group -a "gid=300 system=yes name=mysql"
192.168.1.8 | success >> {
"changed": true,
"gid": 300,
"name": "mysql",
"state": "present",
"system": true
}
192.168.1.7 | success >> {
"changed": true,
"gid": 300,
"name": "mysql",
"state": "present",
"system": true
}
192.168.1.4 | success >> {
"changed": true,
"gid": 300,
"name": "mysql",
"state": "present",
"system": true
}
[root@node ansible]# ansible all -a "tail -1 /etc/group"
192.168.1.4 | success | rc=0 >>
mysql:x:300:
192.168.1.7 | success | rc=0 >>
mysql:x:300:
192.168.1.8 | success | rc=0 >>
mysql:x:300:
[root@node ansible]# yum安装
[root@yum-down ~]# ansible-doc -s yum
action: yum
conf_file 指定配置文件
disable_gpg_check
disablerepo
enablerepo
list .
name=
state
update_cache
安装corosync
[root@yum-down ~]# ansible all -m yum -a "state=present name=corosync"
[root@yum-down ~]# ansible all -a "rpm -qa corosync"
192.168.1.4 | success | rc=0 >>
corosync-1.4.7-2.el6.x86_64
192.168.1.8 | success | rc=0 >>
corosync-1.4.7-2.el6.x86_64
192.168.1.7 | success | rc=0 >>
corosync-1.4.7-2.el6.x86_64
[root@yum-down ~]#
启动服务:
[root@yum-down ~]# ansible all -m service -a "state=started name=httpd enabled=yes"
192.168.1.7 | success >> {
"changed": false,
"enabled": true,
"name": "httpd",
"state": "started"
}
192.168.1.8 | success >> {
"changed": false,
"enabled": true,
"name": "httpd",
"state": "started"
}
192.168.1.4 | success >> {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
} 查看
[root@yum-down ~]# ansible all -a "service httpd status"
192.168.1.4 | success | rc=0 >>
httpd (pid 3702) is running...
192.168.1.7 | success | rc=0 >>
httpd (pid 4046) is running...
192.168.1.8 | success | rc=0 >>
httpd (pid 4097) is running...
[root@yum-down ~]#
执行多个命令
[root@yum-down ~]# cat linuxea.yaml
- hosts: all 所有主机
remote_user: root 执行用户
tasks:
- name: add group 添加用户
group: gid=1000 name=linuxea system=no
- name: excute a command 执行时间
command: /bin/date
[root@yum-down ~]#
执行
[root@yum-down ~]# ansible-playbook linuxea.yaml
PLAY [all] ********************************************************************
GATHERING FACTS ***************************************************************
ok: [192.168.1.7]
ok: [192.168.1.8]
ok: [192.168.1.4]
TASK: [add group] *************************************************************
changed: [192.168.1.4]
changed: [192.168.1.8]
changed: [192.168.1.7]
TASK: [excute a command] ******************************************************
changed: [192.168.1.4]
changed: [192.168.1.7]
changed: [192.168.1.8]
PLAY RECAP ********************************************************************
192.168.1.4 : ok=3 changed=2 unreachable=0 failed=0
192.168.1.7 : ok=3 changed=2 unreachable=0 failed=0
192.168.1.8 : ok=3 changed=2 unreachable=0 failed=0
[root@yum-down ~]#
批量替换文件修改httpd端口为801,而后将文件推送并且重启服务
[root@yum-down ~]# cat web.yaml
- hosts: all
remote_user: root
tasks:
- name: ensure apache latest version 确保apache是最新版本
yum: state=latest name=httpd 确保httpd安装
- name: copy configure file 复制文件
copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf force=yes 复制文件
notify: 复制完成执行的任务
- restart httpd
handlers: 重启,这里如果文件被修改则被激活,并且重启
- name: restart httpd
service: name=httpd state=restarted
[root@yum-down ~]#
执行
[root@yum-down ~]# ansible-playbook web.yaml
PLAY [all] ********************************************************************
GATHERING FACTS ***************************************************************
ok: [192.168.1.4]
ok: [192.168.1.7]
ok: [192.168.1.8]
TASK: [ensure apache latest version] ******************************************
ok: [192.168.1.4]
ok: [192.168.1.7]
ok: [192.168.1.8]
TASK: [copy configure file] ***************************************************
changed: [192.168.1.4]
changed: [192.168.1.7]
changed: [192.168.1.8]
NOTIFIED: [restart httpd] *****************************************************
changed: [192.168.1.4]
changed: [192.168.1.7]
changed: [192.168.1.8]
PLAY RECAP ********************************************************************
192.168.1.4 : ok=4 changed=2 unreachable=0 failed=0
192.168.1.7 : ok=4 changed=2 unreachable=0 failed=0
192.168.1.8 : ok=4 changed=2 unreachable=0 failed=0
查看
[root@yum-down ~]# ansible all -a "ss -tlnp"
192.168.1.4 | success | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::801 :::* users:(("httpd",4973,6),("httpd",4976,6),("httpd",4977,6),("httpd",4978,6),("httpd",4979,6),("httpd",4980,6),("httpd",4981,6),("httpd",4982,6),("httpd",4983,6))
192.168.1.7 | success | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::801 :::* users:(("httpd",5302,6),("httpd",5305,6),("httpd",5306,6),("httpd",5307,6),("httpd",5308,6),("httpd",5309,6),("httpd",5310,6),("httpd",5311,6),("httpd",5312,6))
192.168.1.8 | success | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::801 :::* users:(("httpd",5382,6),("httpd",5385,6),("httpd",5386,6),("httpd",5387,6),("httpd",5388,6),("httpd",5389,6),("httpd",5390,6),("httpd",5391,6),("httpd",5392,6))
[root@yum-down ~]#
