ansible
作者:互联网
仅对于操作网络设备ansible与netconf的对比
netconf使用YANG建模,XML进行数据填充,使用netconf协议进行传输,主要用于控制器南向接口使用,各主流厂商有自定义的YANG模型,可在官网进行下载,不过一些国内厂商对YANG的支持性并不好,公共YANG模型的RFC文档,很有阅读必要,https://datatracker.ietf.org/doc/html/rfc6020,python中主要使用ncclient模块,可以参考之前的一篇文章https://www.cnblogs.com/darkchen/p/15248377.html
ansible底层使用python的paramiko模块通过ssh协议进行数据传输,适配性较好,(当然也可以自定义netconf协议模块调用ansible提供的api进行批量操作)对于不同的网络设备系统可以适配不同的模块用于提交、查询配置,一些国产设备没有对应的模块,需要自己编写,主要是一些正则的使用,匹配不同的提示符做不同的交互,可以参考华为或思科的进行编写
ansible安装
- 使用apt/yum 安装
yum install epel-release -y
yum install ansible –y
- 使用pip安装
pip3 install ansible
两者的区别
使用apt/yum安装后只有一些基础的模块,如command、shell、copy、file、cron等操作linux系统的模块,其他设备厂商模块需要手动下载安装,华为的ansible 模块提供的下载链接更新在n年前,一堆bug不能使用
使用pip安装会有很多各家厂商自定义的模块,如AWS的EC2、S3,cisco的nxos、ios,juniper的junos等,但是没有ansible的配置文件,主机清单等配置,需要自定义
所以为了节省时间,我们可以两者都进行安装-_-
配置文件
/etc/ansible/
├── ansible.cfg
├── hosts
└── roles
配置文件常见参数如下,默认全部注释掉,调用相应模块是会依次查找环境变量
inventory = /etc/ansible/hosts #这个参数表示资源清单inventory文件的位置 library = /usr/share/ansible #指向存放Ansible模块的目录,支持多个目录方式,只要用冒号(:)隔开就可以 forks = 5 #并发连接数 sudo_user = root #设置默认执行命令的用户 remote_port = 22 #指定连接被管节点的管理端口,默认为22端口,建议修改,能够更加安全 host_key_checking = False #设置是否检查SSH主机的密钥,值为True/False。关闭后第一次连接不会提示配置实例 timeout = 60 #设置SSH连接的超时时间,单位为秒 log_path = /var/log/ansible.log #指定一个存储ansible日志的文件(默认不记录日志)
主机清单,可以定义单个主机也可以定义主机组,两者都可以分别定义变量供playbook使用,示例:
[rs] 10.0.3.105 [rs:vars] ansible_connection=network_cli ansible_network_os=ce ansible_user=test ansible_ssh_pass = 123456789!@a [server] 12.5.21.8 ansible_ssh_user=ubuntu ansible_ssh_port=22 12.6.12.3 4.51.15.1 3.20.9.2 13.0.3.1 ansible_ssh_user=test [server:vars] ansible_ssh_user = root ansible_ssh_port = 233 host_name = 1.1.1.1
apt/yum安装方式,模块目录,只有以下模块
pip安装方式,截取一小部分
可以使用ansible-doc -l 查看所有模块
如,查看华为相关模块,其中左侧一列是模块路径右侧一列是描述
ansible-doc -l | grep HUAWEI
查看模块使用帮助
ansible常用模块示例
- 主机联通性测试
使用ping模块来测试主机连通性
dark@dark:~$ ansible zb -m ping 49.23.3.9 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 1.15.9.2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
- apt
使用apt-doc -s apt来查看模块参数
dark@dark:~$ ansible-doc -s apt - name: Manages apt-packages apt: allow_unauthenticated: # Ignore if packages cannot be authenticated. This is useful for bootstrapping environments that manage their ow apt-key setup. `allow_unauthenticated' is only supported with state: `install'/`present' autoclean: # If `yes', cleans the local repository of retrieved package files that can no longer be downloaded. autoremove: # If `yes', remove unused dependency packages for all module states except `build-dep'. It can also be used as the only option. Previous to version 2.4, autoclean was also an alias for autoremove, now it is its own separate command. See documentation for further information. cache_valid_time: # Update the apt cache if it is older than the `cache_valid_time'. This option is set in seconds. As of Ansible 2.4, if explicitly set, this sets `update_cache=yes'. deb: # Path to a .deb package on the remote machine. If :// in the path, ansible will attempt to download deb before installing. (Version added 2.1) Requires the `xz-utils' package to extract the control file of the deb package to install. default_release: # Corresponds to the `-t' option for `apt' and sets pin priorities dpkg_options: # Add dpkg options to apt command. Defaults to '-o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force- confold"' Options should be supplied as comma separated list fail_on_autoremove: # Corresponds to the `--no-remove' option for `apt'. If `yes', it is ensured that no packages will be removed or the task will fail. `fail_on_autoremove' is only supported with state except `absent' force: # Corresponds to the `--force-yes' to `apt-get' and implies `allow_unauthenticated: yes' This option will disable checking both the packages' signatures and the certificates of the web servers they are downloaded from. This option *is not* the equivalent of passing the `-f' flag to `apt-get' on the command line **This is a destructive operation with the potential to destroy your system, and it should almost never be used.** Please also see `man apt-get' for more information. force_apt_get: # Force usage of apt-get instead of aptitude install_recommends: # Corresponds to the `--no-install-recommends' option for `apt'. `yes' installs recommended packages. `no' does not install recommended packages. By default, Ansible will use the same defaults as the operating system. Suggested packages are never installed. name: # A list of package names, like `foo', or package specifier with version, like `foo=1.0'. Name wildcards (fnmatch) like `apt*' and version wildcards like `foo=1.0*' are also supported. only_upgrade: # Only upgrade a package if it is already installed. policy_rc_d: # Force the exit code of /usr/sbin/policy-rc.d. For example, if `policy_rc_d=101' the installed package will not trigger a service start. If /usr/sbin/policy-rc.d already exists, it is backed up and restored after the package installation. If `null', the /usr/sbin/policy- rc.d isn't created/changed. purge: # Will force purging of configuration files if the module state is set to `absent'. state: # Indicates the desired package state. `latest' ensures that the latest version is installed. `build-dep' ensures the package build dependencies are installed. `fixed' attempt to correct a system with broken dependencies in place. update_cache: # Run the equivalent of `apt-get update' before the operation. Can be run as part of the package installation or as a separate step. Default is not to update the cache. update_cache_retries: # Amount of retries if the cache update fails. Also see `update_cache_retry_max_delay'. update_cache_retry_max_delay: # Use an exponential backoff delay for each retry (see `update_cache_retries') up to this max delay in se upgrade: # If yes or safe, performs an aptitude safe-upgrade. If full, performs an aptitude full-upgrade. If dist, performs an apt-get dist-upgrade. Note: This does not upgrade a specific package, use state=latest for that. Note: Since 2.4, apt-get is used as a fall- back if aptitude is not present.
这里只有所有的参数作用描述,并没有参数对应的选项,我们可以去官网查看模块的详解
parameter | required | default | choices | comments |
---|---|---|---|---|
allow_unauthenticated (added in 2.1) |
no | no |
|
Ignore if packages cannot be authenticated. This is useful for bootstrapping environments that manage their own apt-key setup. |
autoclean (added in 2.4) |
no |
|
If yes , cleans the local repository of retrieved package files that can no longer be downloaded.
|
|
autoremove (added in 2.1) |
no |
|
If yes , remove unused dependency packages for all module states except build-dep. It can also be used as the only option.
Previous to version 2.4, autoclean was also an alias for autoremove, now it is its own separate command. See documentation for further information.
|
|
cache_valid_time |
no | Update the apt cache if its older than the cache_valid_time. This option is set in seconds. As of Ansible 2.4, this implicitly sets update_cache if set. | ||
deb (added in 1.6) |
no | Path to a .deb package on the remote machine. If :// in the path, ansible will attempt to download deb before installing. (Version added 2.1) | ||
default_release |
no |
Corresponds to the -t option for apt and sets pin priorities
|
||
dpkg_options |
no | force-confdef,force-confold | Add dpkg options to apt command. Defaults to '-o "Dpkg::Options::=--force-confdef" -o "Dpkg::Options::=--force-confold"' Options should be supplied as comma separated list | |
force |
no | no |
|
If yes , force installs/removes.
|
force_apt_get (added in 2.4) |
no | Force usage of apt-get instead of aptitude | ||
install_recommends |
no |
|
Corresponds to the --no-install-recommends option for apt. yes installs recommended packages. no does not install recommended packages. By default, Ansible will use the same defaults as the operating system. Suggested packages are never installed.
|
|
name |
no |
A package name, like foo , or package specifier with version, like foo=1.0 . Name wildcards (fnmatch) like apt* and version wildcards like foo=1.0* are also supported. Note that the apt-get commandline supports implicit regex matches here but we do not because it can let typos through easier (If you typo foo as fo apt-get would install packages that have "fo" in their name with a warning and a prompt for the user. Since we don't have warnings and prompts before installing we disallow this. Use an explicit fnmatch pattern if you want wildcarding)
aliases: pkg, package |
||
only_upgrade (added in 2.1) |
no | Only upgrade a package if it is already installed. | ||
purge |
no |
|
Will force purging of configuration files if the module state is set to absent. | |
state |
no | present |
|
Indicates the desired package state. latest ensures that the latest version is installed. build-dep ensures the package build dependencies are installed.
|
update_cache |
no |
|
Run the equivalent of apt-get update before the operation. Can be run as part of the package installation or as a separate step.
|
|
upgrade |
no | no |
|
If yes or safe, performs an aptitude safe-upgrade. If full, performs an aptitude full-upgrade. If dist, performs an apt-get dist-upgrade. Note: This does not upgrade a specific package, use state=latest for that. Note: Since 2.4, apt-get is used as a fall-back if aptitude is not present. |
dark@dark:~$ ansible zb -m apt -a 'name=hping3 state=present' 49.23.3.9 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "cache_update_time": 1651712595, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following packages were automatically installed and are no longer required:\n apache2-bin apache2-data apache2-utils fontconfig hicolor-icon-theme libapr1\n libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libatk1.0-0\n libatk1.0-data libavahi-client3 libavahi-common-data libavahi-common3\n libcairo2 libcups2 libdatrie1 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common\n libgraphite2-3 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libharfbuzz0b\n libjbig0 libjpeg-turbo8 libjpeg8 liblua5.1-0 libpango-1.0-0\n libpangocairo-1.0-0 libpangoft2-1.0-0 libpixman-1-0 libthai-data libthai0\n libtiff5 libxcb-render0 libxcb-shm0 libxcursor1 ssl-cert\nUse 'apt autoremove' to remove them.\nThe following NEW packages will be installed:\n hping3\n0 upgraded, 1 newly installed, 0 to remove and 223 not upgraded.\nNeed to get 107 kB of archives.\nAfter this operation, 284 kB of additional disk space will be used.\nGet:1 http://cn.archive.ubuntu.com/ubuntu xenial/universe amd64 hping3 amd64 3.a2.ds2-7 [107 kB]\nFetched 107 kB in 3s (33.0 kB/s)\nSelecting previously unselected package hping3.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 109472 files and directories currently installed.)\r\nPreparing to unpack .../hping3_3.a2.ds2-7_amd64.deb ...\r\nUnpacking hping3 (3.a2.ds2-7) ...\r\nProcessing triggers for man-db (2.7.5-1) ...\r\nSetting up hping3 (3.a2.ds2-7) ...\r\n", "stdout_lines": [ "Reading package lists...", "Building dependency tree...", "Reading state information...", "The following packages were automatically installed and are no longer required:", " apache2-bin apache2-data apache2-utils fontconfig hicolor-icon-theme libapr1", " libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libatk1.0-0", " libatk1.0-data libavahi-client3 libavahi-common-data libavahi-common3", " libcairo2 libcups2 libdatrie1 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common", " libgraphite2-3 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libharfbuzz0b", " libjbig0 libjpeg-turbo8 libjpeg8 liblua5.1-0 libpango-1.0-0", " libpangocairo-1.0-0 libpangoft2-1.0-0 libpixman-1-0 libthai-data libthai0", " libtiff5 libxcb-render0 libxcb-shm0 libxcursor1 ssl-cert", "Use 'apt autoremove' to remove them.", "The following NEW packages will be installed:", " hping3", "0 upgraded, 1 newly installed, 0 to remove and 223 not upgraded.", "Need to get 107 kB of archives.", "After this operation, 284 kB of additional disk space will be used.", "Get:1 http://cn.archive.ubuntu.com/ubuntu xenial/universe amd64 hping3 amd64 3.a2.ds2-7 [107 kB]", "Fetched 107 kB in 3s (33.0 kB/s)", "Selecting previously unselected package hping3.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 109472 files and directories currently installed.)", "Preparing to unpack .../hping3_3.a2.ds2-7_amd64.deb ...", "Unpacking hping3 (3.a2.ds2-7) ...", "Processing triggers for man-db (2.7.5-1) ...", "Setting up hping3 (3.a2.ds2-7) ..." ] } 1.15.9.2 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "cache_update_time": 1651695647, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following NEW packages will be installed:\n hping3\n0 upgraded, 1 newly installed, 0 to remove and 234 not upgraded.\nNeed to get 107 kB of archives.\nAfter this operation, 284 kB of additional disk space will be used.\nGet:1 http://mirrors.tencentyun.com/ubuntu xenial/universe amd64 hping3 amd64 3.a2.ds2-7 [107 kB]\nFetched 107 kB in 0s (3207 kB/s)\nSelecting previously unselected package hping3.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 108213 files and directories currently installed.)\r\nPreparing to unpack .../hping3_3.a2.ds2-7_amd64.deb ...\r\nUnpacking hping3 (3.a2.ds2-7) ...\r\nProcessing triggers for man-db (2.7.5-1) ...\r\nSetting up hping3 (3.a2.ds2-7) ...\r\n", "stdout_lines": [ "Reading package lists...", "Building dependency tree...", "Reading state information...", "The following NEW packages will be installed:", " hping3", "0 upgraded, 1 newly installed, 0 to remove and 234 not upgraded.", "Need to get 107 kB of archives.", "After this operation, 284 kB of additional disk space will be used.", "Get:1 http://mirrors.tencentyun.com/ubuntu xenial/universe amd64 hping3 amd64 3.a2.ds2-7 [107 kB]", "Fetched 107 kB in 0s (3207 kB/s)", "Selecting previously unselected package hping3.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 108213 files and directories currently installed.)", "Preparing to unpack .../hping3_3.a2.ds2-7_amd64.deb ...", "Unpacking hping3 (3.a2.ds2-7) ...", "Processing triggers for man-db (2.7.5-1) ...", "Setting up hping3 (3.a2.ds2-7) ..." ] }
- command
- shell
- service
- copy
- template
- cli_command
- setup
标签:...,no,database,apt,ansible,Reading 来源: https://www.cnblogs.com/darkchen/p/16225853.html