ansible
作者:互联网
概述
Ansible是一个开源配置管理工具,可以使用它来自动化任务,部署应用程序实现IT基础架构。Ansible可以用来自动化日常任务,比如,服务器的初始化配置、安全基线配置、更新和打补丁系统,安装软件包等。Ansible架构相对比较简单,仅需通过SSH连接客户机执行任务即可:
概念术语介绍
Ansible的与节点有关的重要术语包括控制节点,受管节点,清单和主机文件:
-
控制节点(Control node):指安装了Ansible的主机,也叫Ansible服务器端,管理机。 Ansible控制节点主要用于发布运行任务,执行控制命令。Ansible的程序都安装在控制节点上,控制节点需要安装Python和Ansible所需的各种依赖库。
-
受控节点(Managed nodes):也叫客户机,就是想用Ansible执行任务的客户服务器。
-
清单(Inventory):受控节点的列表,就是所有要管理的主机列表。
-
host文件:清单列表通常保存在一个名为host文件中。在host文件中,可以使用IP地址或者主机名来表示具体的管理主机和认证信息,并可以根据主机的用户进行分组。缺省文件:/etc/ansible/hosts,可以通过-i指定自定义的host文件。
-
模块(Modules):模块是Ansible执行特定任务的代码块。比如:添加用户,上传文件和对客户机执行ping操作等。Ansible现在默认自带450多个模块,,Ansible Galaxy公共存储库则包含大约1600个模块。
-
任务(Task):是Ansible客户机上执行的操作。可以使用ad-hoc单行命令执行一个任务。
-
剧本(Playbook):是利用YAML标记语言编写的可重复执行的任务的列表,playbook实现任务的更便捷的读写和贡献。比如,在Github上有大量的Ansible playbooks共享,你要你有一双善于发现的眼睛你就能找到大量的宝藏。
-
角色(roles):角色是Ansible 1.2版本引入的新特性,用于层次性、结构化地组织playbook。roles能够根据层次型结构自动装载变量文件、tasks以及handlers等。
安装ansible
[root@yaoguang ~]# yum install -y epel-release
[root@yaoguang ~]# yum install -y ansible
设置ssh免密登录
[root@yaoguang ~]# ssh-keygen #在本地主机生成密钥对,一直回车
[root@yaoguang ~]# ls -a
. .. .ansible .bash_history .bash_logout .bash_profile .bashrc .cshrc .history .pki .ssh .tcshrc .viminfo
[root@yaoguang ~]# ls .ssh
authorized_keys id_rsa id_rsa.pub
[root@yaoguang ~]# cd .ssh
[root@yaoguang .ssh]# ssh-copy-id -i id_rsa.pub root@119.3.70.78 #将公钥复制到需要控制的主机上(这个地方的ip写的是主机清单里面的IP,因为我只有一台虚拟机,所以就写的本机的IP)
Now try logging into the machine, with: "ssh 'root@119.3.70.78'"
and check to make sure that only the key(s) you wanted were added.
[root@yaoguang .ssh]# ssh 119.3.70.78 #免密登录
Last login: Sun May 29 09:48:46 2022 from 1.80.145.182
Welcome to Huawei Cloud Service
命令管理主机
ansible命令格式
ansible [hosts] [options]
检查ansible安装环境
ansible all -m ping -u root
#-m:指定要使用的模块,-u:指定用什么身份去运行,-a:给模块传递参数
[root@yaoguang ~]# ansible text -m ping
q | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known",
"unreachable": true
}
119.3.70.78 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@yaoguang ~]# ansible all -a "echo hello world"
q | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known",
"unreachable": true
}
119.3.70.78 | CHANGED | rc=0 >>
hello world
复制文件
[root@yaoguang ~]# ansible text -m copy -a "src=/etc/passwd dest=/opt/passwd"
q | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q:
Name or service not known", "unreachable": true
}
119.3.70.78 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "e5a17ba2ff6cbc8b98fe92c3b47c1d4fec506cfe",
"dest": "/opt/passwd",
"gid": 0,
"group": "root",
"md5sum": "7a768a8eaf7804135d2152f23fb643bd",
"mode": "0644",
"owner": "root",
"size": 879,
"src": "/root/.ansible/tmp/ansible-tmp-1653831974.08-14463-52461083675877/source",
"state": "file",
"uid": 0
}
安装软件
[root@yaoguang ~]# ansible text -m yum -a "name=lrzsz"
q | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q:
Name or service not known", "unreachable": true
}
119.3.70.78 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"lrzsz"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\nRe
solving Dependencies\n--> Running transaction check\n---> Package lrzsz.x86_64 0:0.12.20-36.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n lrzsz x86_64 0.12.20-36.el7 base 78 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 78 k\nInstalled size: 181 k\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : lrzsz-0.12.20-36.el7.x86_64 1/1 \n Verifying : lrzsz-0.12.20-36.el7.x86_64 1/1 \n\nInstalled:\n lrzsz.x86_64 0:0.12.20-36.el7 \n\nComplete!\n" ]
}
[root@yaoguang ~]# rpm -qa | grep lrzsz
lrzsz-0.12.20-36.el7.x86_64
添加用户
[root@yaoguang ~]# ansible text -m user -a "name=zhangsan password=123456"
q | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known",
"unreachable": true
}
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work
properly.
119.3.70.78 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/zhangsan",
"name": "zhangsan",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
启动服务
[root@yaoguang ~]# ansible text -m service -a "name=sshd state=started"
q | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known",
"unreachable": true
}
119.3.70.78 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"name": "sshd",
"state": "started",
并行执行
[root@yaoguang ~]# ansible text -a "echo hello world" -f 10 #-f:指定并行的数量
q | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname q: Name or service not known",
"unreachable": true
}
119.3.70.78 | CHANGED | rc=0 >>
hello world
获取系统信息
[root@yaoguang ~]# ansible text -m setup
标签:changed,ansible,yaoguang,Ansible,ssh,root 来源: https://www.cnblogs.com/yaoguang0618/p/16323814.html