Ansible
ansible不需要任何agent,除了sshd,在ansible不執行時不佔用管控端任何資源(預設支援ssh,也支援其他)
ansible也沒有服務端,只有在需要時執行命令即可
ansible基於模組工作,執行命令,指令碼,計劃任務等都需要一個模組來實現,ansible有近百個模組,模組可以由任意程式設計語言開發
ansible支援yaml語言工作清單,來做多主機多任務
ansible由python研發
YAML文法和其他文法類似,可以簡單表達清單,散列,標量等資料結構。其結構(structure)通過空格來展示,序列(sequence)裡的項用“-”來代表,map裡的索引值對用“:"分割。如下執行個體:
- hosts: 主機名稱或組名,可以是多個
vars:
http_prot:80
max_clients:256
remote_user:root
tashs: 任務
- name:任務名稱
yum: name=httpd state=latest 安裝httpd
- name:
service: name=httpd state=started 確保安裝後能夠啟動
下載ansible:
https://pypi.python.org/pypi/ansible
http://pkgs.org/download/ansible
https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz
一,編譯安裝ansible
1,安裝依賴包:
yum install python-jinja2 PyYAML python-paramiko python-babel python-crypto pip* gcc python-devel
wget -P /usr/local/ https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz && cd /usr/local
tar xf ansible-2.0.1.0.tar.gz
ln -sv ansible-2.0.1.0 ansible
cd ansible
python setup.py build
python setup.py install
mkdir /etc/ansible
cp -r examples/* /etc/ansible
[root@yum-down bin]# ls /etc/ansible/
ansible.cfg 設定檔
hosts 主機檔案
yum remove python-jinja2 PyYAML python-paramiko python-babel python-crypto gcc python-devel
在hosts檔案中,定義主機可以單獨寫主機名稱或者ip,也可以使用[主機群組],或者萬用字元www.[1*].com
1,添加主機:
[db-server]
192.168.1.7
192.168.1.8
[web-server]
192.168.1.4
2,添加ssh-key
[root@yum-down ansible]# ssh-keygen -t rsa -P ''
[root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.4
[root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.7
[root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.8
3,查看時間
[root@yum-down bin]# ./ansible all -a 'date'
192.168.1.7 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:16 PDT 2016
192.168.1.8 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:16 PDT 2016
192.168.1.4 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:16 PDT 2016
[root@yum-down bin]# ./ansible all -m command -a 'date'
192.168.1.4 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:36 PDT 2016
192.168.1.7 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:36 PDT 2016
192.168.1.8 | SUCCESS | rc=0 >>
Sat Apr 9 05:58:36 PDT 2016
[root@yum-down bin]# ./ansible all -m command -a 'service httpd status'
192.168.1.7 | FAILED | rc=3 >>
httpd is stopped
192.168.1.8 | FAILED | rc=3 >>
httpd is stopped
192.168.1.4 | FAILED | rc=3 >>
httpd is stopped
4,列出所有模組的支援
[root@yum-down bin]# ./ansible-doc -l
查看模組的參數協助
[root@yum-down bin]# ./ansible-doc -s copy
二,yum安裝 yum -y install ansible即可
1,檔案推送copy
將root下epel-release-6-8.noarch.rpm推送到db-server組中機器的opt目錄下
[root@node ansible]# ansible db-server -m copy -a "src=/root/epel-release-6-8.noarch.rpm dest=/opt/"
192.168.1.8 | success >> {
"changed": true,
"checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a",
"dest": "/opt/epel-release-6-8.noarch.rpm",
"gid": 0,
"group": "root",
"md5sum": "2cd0ae668a585a14e07c2ea4f264d79b",
"mode": "0644",
"owner": "root",
"size": 14540,
"src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-117005813385704/source",
"state": "file",
"uid": 0
}
192.168.1.7 | success >> {
"changed": true,
"checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a",
"dest": "/opt/epel-release-6-8.noarch.rpm",
"gid": 0,
"group": "root",
"md5sum": "2cd0ae668a585a14e07c2ea4f264d79b",
"mode": "0644",
"owner": "root",
"size": 14540,
"src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-59861356394345/source",
"state": "file",
"uid": 0
}
[root@node ansible]#
2,驗證
[root@node ansible]# ansible db-server -a "ls /opt"
192.168.1.8 | success | rc=0 >>
epel-release-6-8.noarch.rpm
logstash
rh
192.168.1.7 | success | rc=0 >>
epel-release-6-8.noarch.rpm
rh
[root@node ansible]#
定義cron任務
[root@node ansible]# ansible all -m cron -a'name="custom job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 192.168.1.6"'
192.168.1.7 | success >> {
"changed": true,
"jobs": [
"custom job",
"linuxea job"
]
}
192.168.1.4 | success >> {
"changed": true,
"jobs": [
"custom job",
"linuxea job"
]
}
192.168.1.8 | success >> {
"changed": true,
"jobs": [
"custom job",
"linuxea job"
]
}
查看:
[root@node ansible]# ansible all -a "crontab -l"
192.168.1.7 | success | rc=0 >>
#Ansible: custom job
*/3 * * * * /usr/sbin/ntpdate 192.168.1.6
192.168.1.8 | success | rc=0 >>
#Ansible: custom job
*/3 * * * * /usr/sbin/ntpdate 192.168.1.6
192.168.1.4 | success | rc=0 >>
#Ansible: custom job
*/3 * * * * /usr/sbin/ntpdate 192.168.1.6
[root@node ansible]#
建立組:
[root@node ansible]# ansible-doc -s group
action: group
gid # Optional `GID' to set for the group.
name= # Name of the group to manage.
state # Whether the group should be present or not on the remote host.
system # If `yes', indicates that the group created is a system group.
[root@node ansible]# ansible all -m group -a "gid=300 system=yes name=mysql"
192.168.1.8 | success >> {
"changed": true,
"gid": 300,
"name": "mysql",
"state": "present",
"system": true
}
192.168.1.7 | success >> {
"changed": true,
"gid": 300,
"name": "mysql",
"state": "present",
"system": true
}
192.168.1.4 | success >> {
"changed": true,
"gid": 300,
"name": "mysql",
"state": "present",
"system": true
}
[root@node ansible]# ansible all -a "tail -1 /etc/group"
192.168.1.4 | success | rc=0 >>
mysql:x:300:
192.168.1.7 | success | rc=0 >>
mysql:x:300:
192.168.1.8 | success | rc=0 >>
mysql:x:300:
[root@node ansible]#
yum安裝
[root@yum-down ~]# ansible-doc -s yum
action: yum
conf_file 指定設定檔
disable_gpg_check
disablerepo
enablerepo
list .
name=
state
update_cache
安裝corosync
[root@yum-down ~]# ansible all -m yum -a "state=present name=corosync"
[root@yum-down ~]# ansible all -a "rpm -qa corosync"
192.168.1.4 | success | rc=0 >>
corosync-1.4.7-2.el6.x86_64
192.168.1.8 | success | rc=0 >>
corosync-1.4.7-2.el6.x86_64
192.168.1.7 | success | rc=0 >>
corosync-1.4.7-2.el6.x86_64
[root@yum-down ~]#
啟動服務:
[root@yum-down ~]# ansible all -m service -a "state=started name=httpd enabled=yes"
192.168.1.7 | success >> {
"changed": false,
"enabled": true,
"name": "httpd",
"state": "started"
}
192.168.1.8 | success >> {
"changed": false,
"enabled": true,
"name": "httpd",
"state": "started"
}
192.168.1.4 | success >> {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
查看
[root@yum-down ~]# ansible all -a "service httpd status"
192.168.1.4 | success | rc=0 >>
httpd (pid 3702) is running...
192.168.1.7 | success | rc=0 >>
httpd (pid 4046) is running...
192.168.1.8 | success | rc=0 >>
httpd (pid 4097) is running...
[root@yum-down ~]#
執行多個命令
[root@yum-down ~]# cat linuxea.yaml
- hosts: all 所有主機
remote_user: root 執行使用者
tasks:
- name: add group 添加使用者
group: gid=1000 name=linuxea system=no
- name: excute a command 執行時間
command: /bin/date
[root@yum-down ~]#
執行
[root@yum-down ~]# ansible-playbook linuxea.yaml
PLAY [all] ********************************************************************
GATHERING FACTS ***************************************************************
ok: [192.168.1.7]
ok: [192.168.1.8]
ok: [192.168.1.4]
TASK: [add group] *************************************************************
changed: [192.168.1.4]
changed: [192.168.1.8]
changed: [192.168.1.7]
TASK: [excute a command] ******************************************************
changed: [192.168.1.4]
changed: [192.168.1.7]
changed: [192.168.1.8]
PLAY RECAP ********************************************************************
192.168.1.4 : ok=3 changed=2 unreachable=0 failed=0
192.168.1.7 : ok=3 changed=2 unreachable=0 failed=0
192.168.1.8 : ok=3 changed=2 unreachable=0 failed=0
[root@yum-down ~]#
批量替換檔案
修改httpd連接埠為801,而後將檔案推送並且重啟服務
[root@yum-down ~]# cat web.yaml
- hosts: all
remote_user: root
tasks:
- name: ensure apache latest version 確保apache是最新版本
yum: state=latest name=httpd 確保httpd安裝
- name: copy configure file 複製檔案
copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf force=yes 複製檔案
notify: 複製完成執行的任務
- restart httpd
handlers: 重啟,這裡如果檔案被修改則被啟用,並且重啟
- name: restart httpd
service: name=httpd state=restarted
[root@yum-down ~]#
執行
[root@yum-down ~]# ansible-playbook web.yaml
PLAY [all] ********************************************************************
GATHERING FACTS ***************************************************************
ok: [192.168.1.4]
ok: [192.168.1.7]
ok: [192.168.1.8]
TASK: [ensure apache latest version] ******************************************
ok: [192.168.1.4]
ok: [192.168.1.7]
ok: [192.168.1.8]
TASK: [copy configure file] ***************************************************
changed: [192.168.1.4]
changed: [192.168.1.7]
changed: [192.168.1.8]
NOTIFIED: [restart httpd] *****************************************************
changed: [192.168.1.4]
changed: [192.168.1.7]
changed: [192.168.1.8]
PLAY RECAP ********************************************************************
192.168.1.4 : ok=4 changed=2 unreachable=0 failed=0
192.168.1.7 : ok=4 changed=2 unreachable=0 failed=0
192.168.1.8 : ok=4 changed=2 unreachable=0 failed=0
查看
[root@yum-down ~]# ansible all -a "ss -tlnp"
192.168.1.4 | success | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::801 :::* users:(("httpd",4973,6),("httpd",4976,6),("httpd",4977,6),("httpd",4978,6),("httpd",4979,6),("httpd",4980,6),("httpd",4981,6),("httpd",4982,6),("httpd",4983,6))
192.168.1.7 | success | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::801 :::* users:(("httpd",5302,6),("httpd",5305,6),("httpd",5306,6),("httpd",5307,6),("httpd",5308,6),("httpd",5309,6),("httpd",5310,6),("httpd",5311,6),("httpd",5312,6))
192.168.1.8 | success | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::801 :::* users:(("httpd",5382,6),("httpd",5385,6),("httpd",5386,6),("httpd",5387,6),("httpd",5388,6),("httpd",5389,6),("httpd",5390,6),("httpd",5391,6),("httpd",5392,6))
[root@yum-down ~]#
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
