本文详细介绍了自动化运维工具Ansible的使用,包括其工作原理、模块、playbooks剧本的创建和执行,以及如何通过SSH进行免密钥认证。此外,还提供了使用Ansible进行批量系统管理和软件部署的实例,涉及卸载、安装软件,配置服务,以及文件分发和计划任务管理。
自动化运维工具:ansible
ansible:
-
是一个简单的自动化运维工具
-
借用底层通道使用OpenSSH服务***(Linux机器)***
-
python编写的
-
批量系统监控,批量程序部署,批量运行命令
-
只需要建立单向信任
saltstack:
- 由服务器端和客户端
- 脚本 — 》 自动做事情
1.给100台汲取安装mysql—编译安装
2.给100台机器上传一个监控脚本 monitor.sh
3.如何重启100台机器的mysql的进程
如何来做?
openssh认证方式:
- 1.密码
- 2.密钥 —》 更加安全、自动化运维需要配置免密码认证
主机清单host inventory(/etc/ansible/hosts)
- 定义客户机
剧本playbooks
- 定义客户机是做什么的
- 写入配置文档
模块modules
- 每个模块实现相应的功能。
插件plugins
- 依附于ansible的一个小软件,实现某个小功能。
没有代理端agentless
- 无客户端程序
ssh
- 密钥认证,免密码登录
- 双向、单向信任关系
节点node
索引节点inode
1.在ansible上生成密钥
-
[root@ansible ~]# ssh-keygen -t ecdsa Generating public/private ecdsa key pair. Enter file in which to save the key (/root/.ssh/id_ecdsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_ecdsa. Your public key has been saved in /root/.ssh/id_ecdsa.pub. The key fingerprint is: SHA256:2pBEboziThor1KXnJIlmwGtg9UynE4nKwIpaTkEJFxM root@bianyianzhuang The key's randomart image is: +---[ECDSA 256]---+ |ooE=.oo. | |oo+o+*+ | |Boo..*= | |*+*.+o.. | |o@o= oo S | |**. = + | |+ . .. . | |. | | | +----[SHA256]-----+ -
[root@ansible~]# cd /root/.ssh [root@ansible.ssh]# ls id_ecdsa id_ecdsa.pub
2.上传公钥到node1和node2
-
ssh-copy-id -i id_ecdsa.pub root@192.168…
-
ssh root@192.168… ==>验证是否实现免密钥认证
-
退出:exit
-
[root@ansible .ssh]# ssh root@192.168.200.130 Last login: Mon Mar 2 07:20:12 2020 from 192.168.200.1 [root@node1 ~]# mkdir tanzikun [root@node1 ~]# ls anaconda-ks.cfg tanzikun [root@node1 ~]# exit 注销 Connection to 192.168.200.130 closed.
3.安装ansible在管理节点上
-
yum install epel-release
-
yum install ansible -y
-
上一次登录:一 3月 2 07:19:58 EST 2020从 192.168.200.1pts/0 上 [root@ansible ~]# ansible --version ansible 2.9.5 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Nov 21 2019, 19:31:34) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]
-
-
配置文件:/etc/ansible/ansible.cfg /etc/ansible/hosts
-
vim /etc/ansible/hosts
-
[webservers] 192.168.200.130 192.168.200.131
-
-
添加node1、node2…的ip到webservers组里
-
三个重要的可执行文件:
- ansible:主执行程序,一般用于命令行下执行
- ansible-playbook:执行playbook中的任务
- ansible-doc (-l):获取各模块的帮助信息
4.开始管理:
ansible
HOST-PATTERN #匹配主机模式,如all表示所有主机
-m MOD_NAME #模块名 如:ping、shell
-a MOD_ARGS #模块执行的参数
-f FORKS #生成几个子进行程执行
-C #(不执行,模拟跑)
-u Username #某主机的用户名
-c CONNection #连接方式(default smart)
-
ansible all -m shell -a “ip add”
-
[root@ansible ansible]# ansible webservers -m shell -a "ip add" 192.168.200.130 | CHANGED | rc=0 >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:10:77:b1 brd ff:ff:ff:ff:ff:ff inet 192.168.200.130/24 brd 192.168.200.255 scope global dynamic noprefixroute ens33 valid_lft 1395sec preferred_lft 1395sec inet6 fe80::ad90:9a0b:50ee:71f7/64 scope link noprefixroute valid_lft forever preferred_lft forever 192.168.200.131 | CHANGED | rc=0 >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:d5:de:dc brd ff:ff:ff:ff:ff:ff inet 192.168.200.131/24 brd 192.168.200.255 scope global dynamic noprefixroute ens33 valid_lft 1378sec preferred_lft 1378sec inet6 fe80::1968:f055:d469:a3f8/64 scope link noprefixroute valid_lft forever preferred_lft forever
-
模块
-
命令执行,返回黄色的==》CHANGED,返回绿色==》SUCCESS,返回红色==》FAILED
-
ansible-doc:查看模块源码
-
file
- state:absent–删除,directory–新建文件夹,touch–新建文件,link–新建软链接,hard–新建硬链接,
-
copy --> 将ansible中控机的文件,分发到节点主机上。
-
[root@ansible ~]# ansible webservers -m copy -a "src=/etc/passwd dest=/tmp mode=777" -
[root@ansible ~]# ansible webservers -m copy -a "content='hello,world\n' dest=/tmp/sc.txt mode=644"
-
-
fetch
-
说明:fetch使用很简单,src和dest,dest只要指定一个接收目录,默认会在后面加上远程主机及src的路径,不支持拉取文件夹
-
[root@ansible ~]# ansible webservers -m fetch -a 'src=/etc/passwd dest=/test mode=644' 192.168.200.131 | CHANGED => { "changed": true, "checksum": "75c60ad9b0fbbfe48293bc19aae9f929e089d39d", "dest": "/test/192.168.200.131/etc/passwd", "md5sum": "c4f5d6e463f16a1712616ec856ab19ff", "remote_checksum": "75c60ad9b0fbbfe48293bc19aae9f929e089d39d", "remote_md5sum": null } 192.168.200.130 | CHANGED => { "changed": true, "checksum": "75c60ad9b0fbbfe48293bc19aae9f929e089d39d", "dest": "/test/192.168.200.130/etc/passwd", "md5sum": "c4f5d6e463f16a1712616ec856ab19ff", "remote_checksum": "75c60ad9b0fbbfe48293bc19aae9f929e089d39d", "remote_md5sum": null } [root@ansible ~]# cd /test [root@ansible test]# ls 192.168.200.130 192.168.200.131 -
[root@ansible test]# tree . ├── 192.168.200.130 │?? └── etc │?? └── passwd └── 192.168.200.131 └── etc └── passwd 4 directories, 2 files
-
-
shell
-
[root@ansible test]# ansible webservers -m shell -a 'ip add|grep lo' 192.168.200.131 | CHANGED | rc=0 >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet 192.168.200.131/24 brd 192.168.200.255 scope global dynamic noprefixroute ens33 192.168.200.130 | CHANGED | rc=0 >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet 192.168.200.130/24 brd 192.168.200.255 scope global dynamic noprefixroute ens33
-
-
cron
-
通过cron模块对目标主机生成***计划任务***,常用参数:
-
name:本次任务名称
-
state:present 生成(默认)| absent:删除(基于name)
-
[root@ansibleserver ~]# ansible all -m cron -a "minute=*/3 job='bash /root/echo.sh' name=helloworld" 192.168.200.139 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "envs": [], "jobs": [ "helloworld" ] } 192.168.200.144 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "envs": [], "jobs": [ "helloworld" ] }
-
- ##### 题目:编写一个脚本,实现2个node节点服务器备份/var/log目录到/backup目录下,文件名格式2020-3-3-log.tar.gz,每天2:30备份
需求分析:
1.在ansible机器上写好脚本
2.把脚本推倒node服务器上
3.创建计划任务
[root@ansible test]# vim backup_log.sh
[root@ansible test]# cat backup_log.sh
#!/bin/bash
ctime=$(date +%F%H%M%S)
mkdir -p /backup
tar czf /backup/${ctime}-log.tar.gz /var/log
[root@ansible test]#
推过去
[root@ansible test]# ansible all -m copy -a 'src=/test/backup_log.sh dest=/root/'
创建计划任务
[root@ansible test]# ansible all -m cron -a "minute=30 hour=2 job='bash /root/backup_log.sh' name=create_backup_log"
-
-
yum
- name–安装包名 , state–(present,installed)安装|(absent,removed)删除
- 可以一次装多个软件使用‘,’隔开
-
service
-
name–服务名,state(reloaded, restarted, started, stopped),enabled
-
[root@ansibleserver ansible]# ansible nginxserver2 -m service -a "name=sshd state=restarted enabled=True" 192.168.200.144 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "enabled": true, "name": "sshd", "state": "started",
-
-
script
playbooks剧本
-
hosts 执行的远程主机列表
-
tasks 任务集
-
vars 变量
-
templates 模板,即使用模板语法的文件,比如配置文件等
- 可以使用playbook中的vars中的变量,还有ansible自带的变量!
-
tags 标签,指定某条任务执行,用于选择运行playbook中的部分代码
-
handlers和notify结合使用,有特定条件触发的操作,满足条件方才执行。
-
[root@ansibleserver playbooks]# cat redis_v1.yaml - hosts: nginxserver2 #所有远程主机 remote_user: root #以远程主机上root用户执行 vars: - redis_port: 6379 #IP: {{ ansible_facts["ens33"]["ipv4"]["address"] }} tasks: #任务 - name: install redis #任务之安装 yum: name=redis state=latest #动作调用yum模块安装 - name: config file #任务之复制同步配置文件到远程目标主机 template: src=/root/playbooks/redis.conf dest=/etc/redis.conf #动作copy模块执行 notify: restart redis #触发的动作的名字,发通知给handlers tags: configfile #任务标记名configfile - name: start redis #任务之启动redis service: name=redis state=started #动作调用sevice模块 handlers: #特定情况下,接收到其他任务的通知时被触发 - name: restart redis service: name=redis state=restarte
终极练习:练习:
1.你使用的ansible什么版本?
ansible 2.9.6
准备3台全新的虚拟机
2.任务:使用playbook完成
0.卸载nginx、redis、mariadb、tree
1.yum安装nginx、redis、mariadb、vsftpd
2.修改nginx的配置的端口号9900 -->template模板实现
3.修改redis的端口为63790,redis里bind配置项需要使用各个节点服务器ens33接口的ip地址 -->template模板实现
4.将nginx和redis的配置文件下发到所有的node节点服务器(服务器的数量自己定义,至少2台以上)
5.启动nginx、redis、mariadb、vsftpd,设置开机启动
6.在所有的node节点服务器上新建/backup目录
7.在所有的节点服务器上新建一个用户sanchuang,设置密码为Sc123456#
8.将所有节点服务器的/etc/passwd文件拷贝到ansible主机的/backup目录下
9.编写一个脚本实现备份/etc/passwd和/etc/shadow文件到各个节点服务器的/backup下,文件名里包含当天的日期,例如2019-7-10-passwd_shadow.tar.gz 添加一个计划任务,每天的3:30去执行,在所有的node节点服务器上实施。
[root@ansibleserver playbooks]# cat test.yaml
- hosts: test
vars:
- nginx_port: 9900
redis_port: 63790
tasks:
- name: uninstall
yum: name=nginx,redis,mariadb state=removed
- name: install
yum: name=nginx,redis,mariadb,mariadb-server state=latest
- name: config file nginx
template: src=/root/playbooks/nginx.conf dest=/etc/nginx/nginx.conf
notify: restart nginx
tags: confignginx
- name: config file redis
template: src=/root/playbooks/redis.conf dest=/etc/redis.conf
notify: restart redis
tags: configredis
- name: start nginx
service: name=nginx state=started enabled=yes
- name: start redis
service: name=redis state=started enabled=yes
- name: start mariadb
service: name=mariadb state=started enabled=yes
- name: mkdir /backup
file: path=/backup state=directory
- name: create user
user: name=sanchuang password=Sc123456#
- name: copy password file
fetch: src=/etc/passwd dest=/backup
handlers:
- name: restart nginx
service: name=nginx state=restarted
- name: restart redis
service: name=redis state
扫一扫
919
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
