运维自动化之ANSIBLE(中级)
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了运维自动化之ANSIBLE(中级)相关的知识,希望对你有一定的参考价值。
上一篇简单介绍ansible的一些基础知识,这篇咱们来讨论下ansible的基本使用,高级阶段放到下一篇来说
Ansbile
ansible通过ssh实现配置管理、应用部署、任务执行等功能,建议配置ansible端能基于密钥认证的方式联系各被管理节点
ansible <host-pattern> [-m module_name] [-a args]
--version 显示版本
-m module 指定模块,默认为command
-v 详细过程 –vv -vvv更详细
--list-hosts 显示主机列表,可简写 --list
-k, --ask-pass 提示输入ssh连接密码,默认Key验证
-K, --ask-become-pass 提示输入sudo时的口令
-C, --check 检查,并不执行
-T, --timeout=TIMEOUT 执行命令的超时时间,默认10s
-u, --user=REMOTE_USER 执行远程执行的用户
-b, --become 代替旧版的sudo 切换
ansible的Host-pattern
ansible的Host-pattern
匹配的主机的列表:
All :表示所有Inventory中的所有主机
[[email protected] ~]#ansible all -m ping
172.20.7.50 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.52 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.56 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.54 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.57 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.55 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.53 | SUCCESS => {
"changed": false,
"ping": "pong"
} * : 通配符
[[email protected] ~]#ansible "*" -a ‘echo $HOSTNAME‘
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com
172.20.7.54 | SUCCESS | rc=0 >>
node4.dklwj.com
.....
[[email protected] ~]#ansible 172.20.7.* -a ‘echo $HOSTNAME‘
172.20.7.53 | SUCCESS | rc=0 >>
node3.dklwj.com
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com
....
[[email protected] ~]#ansible *srvs -a ‘echo $HOSTNAME‘
172.20.7.52 | SUCCESS | rc=0 >>
node2.dklwj.com
172.20.7.50 | SUCCESS | rc=0 >>
ansible
....
或关系
[[email protected] ~]#ansible "websrvs:dbsrvs" -a ‘echo $HOSTNAME‘
172.20.7.54 | SUCCESS | rc=0 >>
node4.dklwj.com
172.20.7.52 | SUCCESS | rc=0 >>
node2.dklwj.com
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com
172.20.7.53 | SUCCESS | rc=0 >>
node3.dklwj.com
172.20.7.57 | SUCCESS | rc=0 >>
node7.dklwj.com
[[email protected] ~]#ansible "172.20.7.50:172.20.7.56" -a ‘echo $HOSTNAME‘
172.20.7.50 | SUCCESS | rc=0 >>
ansible
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com逻辑与
ansible “websrvs:&dbsrvs” –a ‘echo $HOSTNAME‘
在websrvs组并且在dbsrvs组中的主机
cat /etc/ansible/hosts
[websrvs]
172.20.7.52
172.20.7.56
172.20.7.57
[dbsrvs]
172.20.7.53
172.20.7.54
172.20.7.52
[appsrvs]
172.20.7.50
172.20.7.55
"/etc/ansible/hosts" 54L, 1143C written
[[email protected] ~]#ansible "websrvs:&dbsrvs" -a ‘echo $HOSTNAME‘
172.20.7.52 | SUCCESS | rc=0 >>
node2.dklwj.com逻辑非
ansible ‘websrvs:!dbsrvs’ –a ‘echo $HOSTNAME‘
在websrvs组,但不在dbsrvs组中的主机
注意:此处为单引号
[[email protected] ~]#ansible ‘websrvs:!dbsrvs‘ -a ‘echo $HOSTNAME‘
172.20.7.57 | SUCCESS | rc=0 >>
node7.dklwj.com
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com综合逻辑
ansible ‘websrvs:dbsrvs:&appsrvs:!ftpsrvs’ –a ‘echo $HOSTNAME‘
cat /etc/ansible/hosts
[websrvs]
172.20.7.52
172.20.7.56
172.20.7.57
[dbsrvs]
172.20.7.53
172.20.7.54
172.20.7.52
[appsrvs]
172.20.7.50
172.20.7.52
172.20.7.55
[ftpsrvs]
172.20.7.50
172.20.7.55
"/etc/ansible/hosts" 58L, 1189C written
[[email protected] ~]#ansible ‘websrvs:dbsrvs:&appsrvs:!ftpsrvs‘ -a ‘echo $HOSTNAME‘172.20.7.52 | SUCCESS | rc=0 >>
node2.dklwj.comansible命令执行过程
ansible命令执行过程
1. 加载自己的配置文件 默认/etc/ansible/ansible.cfg
2. 加载自己对应的模块文件,如command
3. 通过ansible将模块或命令生成对应的临时py文件,并将该 文件传输至远程服务器的对应执行用户$HOME/.ansible/tmp/ansible-tmp-数字/XXX.PY文件
4. 给文件+x执行
5. 执行并返回结果
6. 删除临时py文件,sleep 0退出
执行状态:
×××:执行成功并且对目标主机做变更
绿色:执行成功并且不需要做改变的操作
红色:执行失败
Ansible使用示例
基于一台主机管理
[[email protected] ~]#ansible 172.20.7.52 -m command -a ‘ls /root‘
172.20.7.52 | SUCCESS | rc=0 >>
anaconda-ks.cfg
Desktop
Documents
Downloads
initial-setup-ks.cfg
Music
Pictures
Public
Templates
Videos
基于组的自动管理
[[email protected] ~]#ansible websrvs -m command -a ‘ls /root‘
172.20.7.53 | SUCCESS | rc=0 >>
anaconda-ks.cfg
Desktop
Documents
Downloads
install.log
install.log.syslog
Music
Pictures
Public
Templates
Videos
172.20.7.52 | SUCCESS | rc=0 >>
anaconda-ks.cfg
Desktop
Documents
Downloads
initial-setup-ks.cfg
Music
Pictures
Public
Templates
VideosAnsible常用模块
Command:
在远程主机执行命令,默认模块,可忽略-m选项
ansible websrvs -m command -a ‘systemctl start httpd‘
[[email protected] ~]#ansible websrvs -m command -a ‘systemctl start httpd‘
172.20.7.57 | SUCCESS | rc=0 >>
172.20.7.56 | SUCCESS | rc=0 >>
172.20.7.52 | SUCCESS | rc=0 >>ansible 172.20.7.52 -m command -a ‘echo 123456 |passwd --stdin cobbler‘不成功
[[email protected] ~]#ansible 172.20.7.52 -m command -a ‘echo 123456|passwd --stdin cobbler‘
172.20.7.52 | SUCCESS | rc=0 >>
123456|passwd --stdin cobbler此命令不支持 $VARNAME < > | ; & 等,用shell模块实现
Shell:和command相似,用shell执行命令
ansible 172.20.7.52 -m command -a ‘echo 123456 |passwd --stdin cobbler‘
[[email protected] ~]#ansible 172.20.7.52 -m shell -a ‘echo 123456|passwd --stdin cobbler‘
172.20.7.52 | SUCCESS | rc=0 >>
Changing password for user cobbler.
passwd: all authentication tokens updated successfully.调用bash执行命令 类似 cat /tmp/stanley.md | awk -F‘|’ ‘{print $1,$2}’ &> /tmp/example.txt 这些复杂命令,即使使用shell也可能会失败,解决办法:写到脚本时,copy到远程,执行,再把需要的结果拉回执行命令的机器
Script:运行脚本
-a "/PATH/TO/SCRIPT_FILE"
ansible websrvs -m script -a f1.sh
[[email protected] ~]#ansible websrvs -m script -a f1.sh
172.20.7.52 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.20.7.52 closed.
",
"stderr_lines": [
"Shared connection to 172.20.7.52 closed."
],
"stdout": "node2.dklwj.com
",
"stdout_lines": [
"node2.dklwj.com"
]
}
172.20.7.56 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.20.7.56 closed.
",
"stderr_lines": [
"Shared connection to 172.20.7.56 closed."
],
"stdout": "node6.dklwj.com
",
"stdout_lines": [
"node6.dklwj.com"
]
}
172.20.7.57 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.20.7.57 closed.
",
"stderr_lines": [
"Shared connection to 172.20.7.57 closed."
],
"stdout": "node7.dklwj.com
",
"stdout_lines": [
"node7.dklwj.com"
]
}Copy:从服务器复制文件到客户端
ansible 172.20.7.52 -m copy -a ‘src=/root/f1.sh dest=/tmp/f2.sh owner=cobbler mode=600 backup=yes‘
如目标存在,默认覆盖,此处指定先备份
[[email protected] ~]#ansible 172.20.7.52 -m copy -a ‘src=/root/f1.sh dest=/tmp/f2.sh owner=cobbler mode=600 backup=yes‘
172.20.7.52 | SUCCESS => {
"changed": true,
"checksum": "186e23e2c374f961aae6e4a876791f8ea3fa132a",
"dest": "/tmp/f2.sh",
"gid": 0,
"group": "root",
"mode": "0600",
"owner": "cobbler",
"path": "/tmp/f2.sh",
"size": 29,
"state": "file",
"uid": 1002
}ansible websrv -m copy -a “content=‘test content ’ dest=/tmp/f1.txt”
利用内容,直接生成目标文件
[[email protected] ~]#ansible websrvs -m copy -a ‘content="line1
line2" dest=/tmp/f1.txt‘
172.20.7.52 | SUCCESS => {
"changed": true,
"checksum": "05eed6236c8bda5ecf7af09bae911f9d5f90998b",
"dest": "/tmp/f1.txt",
"gid": 0,
"group": "root",
"md5sum": "ee5a58024a155466b43bc559d953e018",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1537759297.03-108086848060144/source",
"state": "file",
"uid": 0
}
172.20.7.57 | SUCCESS => {
"changed": true,
"checksum": "05eed6236c8bda5ecf7af09bae911f9d5f90998b",
"dest": "/tmp/f1.txt",
"gid": 0,
"group": "root",
"md5sum": "ee5a58024a155466b43bc559d953e018",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1537759297.06-272258279616668/source",
"state": "file",
"uid": 0
}
172.20.7.56 | SUCCESS => {
"changed": true,
"checksum": "05eed6236c8bda5ecf7af09bae911f9d5f90998b",
"dest": "/tmp/f1.txt",
"gid": 0,
"group": "root",
"md5sum": "ee5a58024a155466b43bc559d953e018",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1537759297.04-113306386739819/source",
"state": "file",
"uid": 0
}
#查看远程主机是否成功
[[email protected] ~]#ansible websrvs -a ‘cat /tmp/f1.txt‘
172.20.7.57 | SUCCESS | rc=0 >>
line1
line2
172.20.7.56 | SUCCESS | rc=0 >>
line1
line2
172.20.7.52 | SUCCESS | rc=0 >>
line1
line2Fetch:从客户端取文件至服务器端,copy相反,目录可先tar
[[email protected] ~]#ansible websrvs -m fetch -a ‘src=/data/f1 dest=/data/‘
172.20.7.52 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/data/172.20.7.52/data/f1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
172.20.7.56 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/data/172.20.7.56/data/f1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
172.20.7.57 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/data/172.20.7.57/data/f1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
# 查看server端,在这里ansible做的还是可以的 怕传过来的混淆,用客户端的IP作为文件夹以示区分。
[[email protected] ~]#ls /data/
172.20.7.52 172.20.7.56 172.20.7.57File:设置文件属性
ansible 172.20.7.52 -m file -a "path=/root/f1.sh owner=cobbler mode=755"
[[email protected] ~]#ansible 172.20.7.52 -m file -a "path=/root/f1.sh owner=cobbler mode=755"
172.20.7.52 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "cobbler",
"path": "/root/f1.sh",
"size": 30,
"state": "file",
"uid": 1002
}
[[email protected] ~]#ansible 172.20.7.52 -a ‘ls -l /root/f1.sh‘
172.20.7.52 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 cobbler root 30 Sep 23 19:24 /root/f1.shansible websrvs -m file -a ‘src=/app/testfile dest=/app/testfile-link state=link’
# 在websrvs组中所有机器上创建软连接
[[email protected] ~]#ansible websrvs -m file -a ‘src=/data/f1 dest=/data/f1-link state=link‘
172.20.7.52 | SUCCESS => {
"changed": true,
"dest": "/data/f1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/data/f1",
"state": "link",
"uid": 0
}
172.20.7.56 | SUCCESS => {
"changed": true,
"dest": "/data/f1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/data/f1",
"state": "link",
"uid": 0
}
172.20.7.57 | SUCCESS => {
"changed": true,
"dest": "/data/f1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/data/f1",
"state": "link",
"uid": 0
}
# 查看结果
[[email protected] ~]#ansible websrvs -a ‘ls -l /data‘
172.20.7.57 | SUCCESS | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Sep 22 16:45 f1
lrwxrwxrwx 1 root root 8 Sep 24 12:57 f1-link -> /data/f1
172.20.7.56 | SUCCESS | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Sep 22 16:45 f1
lrwxrwxrwx 1 root root 8 Sep 24 12:57 f1-link -> /data/f1
172.20.7.52 | SUCCESS | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Sep 25 11:27 f1
lrwxrwxrwx 1 root root 8 Sep 25 12:57 f1-link -> /data/f1Hostname:管理主机名
ansible node1 -m hostname -a “name=websrv”
#把单独一台远程主机修改主机名,这种修改是直接生效的如果是6系统的话连/etc/sysconfig/network里面的都修改了
[[email protected] ~]#ansible 172.20.7.52 -m hostname -a ‘name=ansible2‘
172.20.7.52 | SUCCESS => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "ansible2",
"ansible_hostname": "ansible2",
"ansible_nodename": "ansible2"
},
"changed": true,
"name": "ansible2"
}
[[email protected] ~]#ansible 172.20.7.52 -a ‘hostname‘
172.20.7.52 | SUCCESS | rc=0 >>
ansible2Cron:计划任务
支持时间:minute,hour,day,month,weekday
ansible srv -m cron -a “minute=*/5 job=‘/usr/sbin/ntpdate 172.16.0.1 &>/dev/null’ name=Synctime” 创建任务
# 给websrvs组中所有主机创建一个时间同步计划,时间为每5钟同步一次
[[email protected] ~]#ansible websrvs -m cron -a ‘name="sync time from ntpserver" minute="*/5" job="ntpdate 172.20.0.1 &> /dev/null"‘
172.20.7.56 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"sync time from ntpserver"
]
}
172.20.7.52 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"sync time from ntpserver"
]
}
172.20.7.57 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"sync time from ntpserver"
]
}
# 查看websrvs是否创建成功
[[email protected] ~]#ansible websrvs -a ‘crontab -l‘
172.20.7.57 | SUCCESS | rc=0 >>
#Ansible: sync time from ntpserver
*/5 * * * * ntpdate 172.20.0.1 &> /dev/null
172.20.7.56 | SUCCESS | rc=0 >>
#Ansible: sync time from ntpserver
*/5 * * * * ntpdate 172.20.0.1 &> /dev/null
172.20.7.52 | SUCCESS | rc=0 >>
#Ansible: sync time from ntpserver
*/5 * * * * ntpdate 172.20.0.1 &> /dev/nullansible srv -m cron -a ‘state=absent name=Synctime’ 删除任务
后续持续更新中ing.......
以上是关于运维自动化之ANSIBLE(中级)的主要内容,如果未能解决你的问题,请参考以下文章