Ansible简单安装和批量配置
Ansible
ansible不需要任何agent,除了sshd,在ansible不执行时不占用管控端任何资源(默认支持ssh,也支持其他)ansible也没有服务端,只有在需要时执行命令即可ansible基于模块工作,执行命令,脚本,计划任务等都需要一个模块来实现,ansible有近百个模块,模块可以由任意编程语言开发ansible支持yaml语言任务列表,来做多主机多任务
ansible由python研发
YAML语法和其他语法类似,可以简单表达清单,散列,标量等数据结构。其结构(structure)通过空格来展示,序列(sequence)里的项用“-”来代表,map里的键值对用“:"分割。如下实例:
- hosts: 主机名或组名,可以是多个 vars: http_prot:80 max_clients:256 remote_user:root tashs: 任务 - name:任务名称 yum: name=httpd state=latest 安装httpd - name: service: name=httpd state=started 确保安装后能够启动
下载ansible:
https://pypi.python.org/pypi/ansible http://pkgs.org/download/ansible https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz
一,编译安装ansible1,安装依赖包:
yum install python-jinja2 PyYAML python-paramiko python-babel python-crypto pip* gcc python-devel wget -P /usr/local/ https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz && cd /usr/local tar xf ansible-2.0.1.0.tar.gz ln -sv ansible-2.0.1.0 ansible cd ansible python setup.py build python setup.py install mkdir /etc/ansible cp -r examples/* /etc/ansible [root@yum-down bin]# ls /etc/ansible/ ansible.cfg 配置文件 hosts 主机文件 yum remove python-jinja2 PyYAML python-paramiko python-babel python-crypto gcc python-devel
在hosts文件中,定义主机可以单独写主机名或者ip,也可以使用[主机组],或者通配符www.[1*].com
1,添加主机:
[db-server] 192.168.1.7 192.168.1.8 [web-server] 192.168.1.4
2,添加ssh-key
[root@yum-down ansible]# ssh-keygen -t rsa -P '' [root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.4 [root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.7 [root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.8
3,查看时间
[root@yum-down bin]# ./ansible all -a 'date' 192.168.1.7 | SUCCESS | rc=0 >> Sat Apr 9 05:58:16 PDT 2016 192.168.1.8 | SUCCESS | rc=0 >> Sat Apr 9 05:58:16 PDT 2016 192.168.1.4 | SUCCESS | rc=0 >> Sat Apr 9 05:58:16 PDT 2016 [root@yum-down bin]# ./ansible all -m command -a 'date' 192.168.1.4 | SUCCESS | rc=0 >> Sat Apr 9 05:58:36 PDT 2016 192.168.1.7 | SUCCESS | rc=0 >> Sat Apr 9 05:58:36 PDT 2016 192.168.1.8 | SUCCESS | rc=0 >> Sat Apr 9 05:58:36 PDT 2016 [root@yum-down bin]# ./ansible all -m command -a 'service httpd status' 192.168.1.7 | FAILED | rc=3 >> httpd is stopped 192.168.1.8 | FAILED | rc=3 >> httpd is stopped 192.168.1.4 | FAILED | rc=3 >> httpd is stopped
4,列出所有模块的支持[root@yum-down bin]# ./ansible-doc -l查看模块的参数帮助[root@yum-down bin]# ./ansible-doc -s copy
二,yum安装 yum -y install ansible即可1,文件推送copy将root下epel-release-6-8.noarch.rpm推送到db-server组中机器的opt目录下
[root@node ansible]# ansible db-server -m copy -a "src=/root/epel-release-6-8.noarch.rpm dest=/opt/" 192.168.1.8 | success >> { "changed": true, "checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a", "dest": "/opt/epel-release-6-8.noarch.rpm", "gid": 0, "group": "root", "md5sum": "2cd0ae668a585a14e07c2ea4f264d79b", "mode": "0644", "owner": "root", "size": 14540, "src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-117005813385704/source", "state": "file", "uid": 0 } 192.168.1.7 | success >> { "changed": true, "checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a", "dest": "/opt/epel-release-6-8.noarch.rpm", "gid": 0, "group": "root", "md5sum": "2cd0ae668a585a14e07c2ea4f264d79b", "mode": "0644", "owner": "root", "size": 14540, "src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-59861356394345/source", "state": "file", "uid": 0 } [root@node ansible]#
2,验证
[root@node ansible]# ansible db-server -a "ls /opt" 192.168.1.8 | success | rc=0 >> epel-release-6-8.noarch.rpm logstash rh 192.168.1.7 | success | rc=0 >> epel-release-6-8.noarch.rpm rh [root@node ansible]#
定义cron任务
[root@node ansible]# ansible all -m cron -a'name="custom job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 192.168.1.6"' 192.168.1.7 | success >> { "changed": true, "jobs": [ "custom job", "linuxea job" ] } 192.168.1.4 | success >> { "changed": true, "jobs": [ "custom job", "linuxea job" ] } 192.168.1.8 | success >> { "changed": true, "jobs": [ "custom job", "linuxea job" ] }
查看:
[root@node ansible]# ansible all -a "crontab -l" 192.168.1.7 | success | rc=0 >> #Ansible: custom job */3 * * * * /usr/sbin/ntpdate 192.168.1.6 192.168.1.8 | success | rc=0 >> #Ansible: custom job */3 * * * * /usr/sbin/ntpdate 192.168.1.6 192.168.1.4 | success | rc=0 >> #Ansible: custom job */3 * * * * /usr/sbin/ntpdate 192.168.1.6 [root@node ansible]#
创建组:
[root@node ansible]# ansible-doc -s group action: group gid # Optional `GID' to set for the group. name= # Name of the group to manage. state # Whether the group should be present or not on the remote host. system # If `yes', indicates that the group created is a system group. [root@node ansible]# ansible all -m group -a "gid=300 system=yes name=mysql" 192.168.1.8 | success >> { "changed": true, "gid": 300, "name": "mysql", "state": "present", "system": true } 192.168.1.7 | success >> { "changed": true, "gid": 300, "name": "mysql", "state": "present", "system": true } 192.168.1.4 | success >> { "changed": true, "gid": 300, "name": "mysql", "state": "present", "system": true } [root@node ansible]# ansible all -a "tail -1 /etc/group" 192.168.1.4 | success | rc=0 >> mysql:x:300: 192.168.1.7 | success | rc=0 >> mysql:x:300: 192.168.1.8 | success | rc=0 >> mysql:x:300: [root@node ansible]#
yum安装
[root@yum-down ~]# ansible-doc -s yum action: yum conf_file 指定配置文件 disable_gpg_check disablerepo enablerepo list . name= state update_cache 安装corosync [root@yum-down ~]# ansible all -m yum -a "state=present name=corosync" [root@yum-down ~]# ansible all -a "rpm -qa corosync" 192.168.1.4 | success | rc=0 >> corosync-1.4.7-2.el6.x86_64 192.168.1.8 | success | rc=0 >> corosync-1.4.7-2.el6.x86_64 192.168.1.7 | success | rc=0 >> corosync-1.4.7-2.el6.x86_64 [root@yum-down ~]#
启动服务:
[root@yum-down ~]# ansible all -m service -a "state=started name=httpd enabled=yes" 192.168.1.7 | success >> { "changed": false, "enabled": true, "name": "httpd", "state": "started" } 192.168.1.8 | success >> { "changed": false, "enabled": true, "name": "httpd", "state": "started" } 192.168.1.4 | success >> { "changed": true, "enabled": true, "name": "httpd", "state": "started" }
查看
[root@yum-down ~]# ansible all -a "service httpd status" 192.168.1.4 | success | rc=0 >> httpd (pid 3702) is running... 192.168.1.7 | success | rc=0 >> httpd (pid 4046) is running... 192.168.1.8 | success | rc=0 >> httpd (pid 4097) is running... [root@yum-down ~]#
执行多个命令
[root@yum-down ~]# cat linuxea.yaml - hosts: all 所有主机 remote_user: root 执行用户 tasks: - name: add group 添加用户 group: gid=1000 name=linuxea system=no - name: excute a command 执行时间 command: /bin/date [root@yum-down ~]#
执行
[root@yum-down ~]# ansible-playbook linuxea.yaml PLAY [all] ******************************************************************** GATHERING FACTS *************************************************************** ok: [192.168.1.7] ok: [192.168.1.8] ok: [192.168.1.4] TASK: [add group] ************************************************************* changed: [192.168.1.4] changed: [192.168.1.8] changed: [192.168.1.7] TASK: [excute a command] ****************************************************** changed: [192.168.1.4] changed: [192.168.1.7] changed: [192.168.1.8] PLAY RECAP ******************************************************************** 192.168.1.4 : ok=3 changed=2 unreachable=0 failed=0 192.168.1.7 : ok=3 changed=2 unreachable=0 failed=0 192.168.1.8 : ok=3 changed=2 unreachable=0 failed=0 [root@yum-down ~]#
批量替换文件修改httpd端口为801,而后将文件推送并且重启服务
[root@yum-down ~]# cat web.yaml - hosts: all remote_user: root tasks: - name: ensure apache latest version 确保apache是最新版本 yum: state=latest name=httpd 确保httpd安装 - name: copy configure file 复制文件 copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf force=yes 复制文件 notify: 复制完成执行的任务 - restart httpd handlers: 重启,这里如果文件被修改则被激活,并且重启 - name: restart httpd service: name=httpd state=restarted [root@yum-down ~]#
执行
[root@yum-down ~]# ansible-playbook web.yaml PLAY [all] ******************************************************************** GATHERING FACTS *************************************************************** ok: [192.168.1.4] ok: [192.168.1.7] ok: [192.168.1.8] TASK: [ensure apache latest version] ****************************************** ok: [192.168.1.4] ok: [192.168.1.7] ok: [192.168.1.8] TASK: [copy configure file] *************************************************** changed: [192.168.1.4] changed: [192.168.1.7] changed: [192.168.1.8] NOTIFIED: [restart httpd] ***************************************************** changed: [192.168.1.4] changed: [192.168.1.7] changed: [192.168.1.8] PLAY RECAP ******************************************************************** 192.168.1.4 : ok=4 changed=2 unreachable=0 failed=0 192.168.1.7 : ok=4 changed=2 unreachable=0 failed=0 192.168.1.8 : ok=4 changed=2 unreachable=0 failed=0
查看
[root@yum-down ~]# ansible all -a "ss -tlnp" 192.168.1.4 | success | rc=0 >> State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::801 :::* users:(("httpd",4973,6),("httpd",4976,6),("httpd",4977,6),("httpd",4978,6),("httpd",4979,6),("httpd",4980,6),("httpd",4981,6),("httpd",4982,6),("httpd",4983,6)) 192.168.1.7 | success | rc=0 >> State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::801 :::* users:(("httpd",5302,6),("httpd",5305,6),("httpd",5306,6),("httpd",5307,6),("httpd",5308,6),("httpd",5309,6),("httpd",5310,6),("httpd",5311,6),("httpd",5312,6)) 192.168.1.8 | success | rc=0 >> State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::801 :::* users:(("httpd",5382,6),("httpd",5385,6),("httpd",5386,6),("httpd",5387,6),("httpd",5388,6),("httpd",5389,6),("httpd",5390,6),("httpd",5391,6),("httpd",5392,6)) [root@yum-down ~]#
