热门标签 | HotTags
当前位置:  开发笔记 > 编程语言 > 正文

自动化运维工具ansible的基本应用

在很多场景中我们都需要在多个主机上执行相同的命令或者是做相同的配置工作,此时,为了简化操作,我们可以借助一些自动化的工具来完成我们的需求,这种工具我们称之为自动化运维工具。ansi

    在很多场景中我们都需要在多个主机上执行相同的命令或者是做相同的配置工作,此时,为了简化操作,我们可以借助一些自动化的工具来完成我们的需求,这种工具我们称之为自动化运维工具。ansible就是其中之一,下面我们就来用ansible来实现一些简单操作。

    下面是ansible可以实现很多工具的功能,框架图如下所示:ansible不能实现操作系统的安装

技术分享

    ansible作者就是早期puppet和func的维护者之一,因为ansible充分吸取了puppet和func的优势,又力图避免他们的劣势。

     OS Provisioning
       PXE,cobbler
       
    OS config
       cfengine,puppet,saltstack, chef
       
    Deployment
       func(ssl)
       fabric(ssh)
       ansible(既具有OS config的功能又具有Deployment功能)

    如何指挥一台主机上实现控制多台主机运行相同的命令?要指挥其他系统工作不仅仅是非特权的操作,比如创建一个账号,这通常都是和系统安全密切相关的。所以这种远程指挥工具,必须使用一种非常安全的方式进行。如何实现呢?

    1.基于ssl加密远程连接;

    2.基于ssh远程发送控制指令,让对方接收指令并运行;  


    基于ssl来如何实现?都会事先要求被管理端安装上一个应用程序,应用程序本身以特权方式运行,能够接收控制端二者能够对接的应用程序所发来的指令,并接收到指令在本地运行,并把运行的结果反馈给指令发送端,需要一种专门的程序在被控制端上能够接收控制端所发来的各种指令并且将指令运行后的结果反馈给控制端的程序称为控制程序的agent。agent之间的通信就是通过ssl加密,工作机制就是https协议,虽然使用https协议但其并不是一个http服务器。

    如果不期望也不需要依赖于被控制安装一个agent的话,可以基于ssh来实现,意味着被控制端都运行着ssh服务,而这里所谓的远程控制端则以ssh客户端的方式向服务器端发起请求。服务器接收到请求后并运行。ssh连接每次都需要认证,ssh支持密钥认证,也可以都使用基于密钥认证,就不用输入密码了。

    运维工具
       基于agent:通常基于ssl实现,例如puppet, funct等
       基于agentless:通常基于ssh实现,例如fabric, ansible等

    这些工具都具有
     幂等性:(同一个操作执行多半得到的结果是相同的)
     期望状态:(只提供条件给ansible,至于实现过程由执行条件来自动完成,)

    Several Tools In One
     Conguration (cfengine, Chef, Puppet)
     
     Deployment (Capistrano, Fabric)

     Ad-Hoc Tasks (Func)

           Multi-tier Orchestration (Juju, sort of)

    ansible 特性        
      Minimal learning curve, auditability (学习曲线低)
      No bootstrapping
      No DAG ordering, Fails Fast
      No agents (other than sshd) – 0 resource consumptionwhen not in use
      No server
      No additional PKI
      Modules in any language
      YAML, not code
      SSH by default
      Strong multi-tier solution

    ansible是基于模块工作的,他的每一种功能都依赖于模块,ansible自身只是一个框架,它能够指挥着远程主机做某些操作,但是每一个特定操作都需要模块来实现,比如依赖yum模块,可以让远程工具用yum源的方式安装应用程序或者卸载应用程序,可以基于command模块让远程主机执行命令等。

    如果需要让远程主机同时运行多个任务,此时就需要多项配置,这多项配置可以定义在一个文本文件中,让ansible通过读取这个文件一次性把任务都执行完,而此文件就叫playbook(剧本),playbook是yaml格式的,但是yaml只是所谓的文档格式。   

    ansible的架构

技术分享

    ansible是通过指挥着多个远程主机来完成运维工作,hostX是远程主机(被指挥段),ansible连接每一个被指挥端让其能够工作时,是使用连接插件(Connection Plugins)向每一个被控制端发起连接请求,这个连接请求是ssh的,ansible需要读取配置文件,在配置文件中事先定义好有主机组,这些主机组都是分别做不同的功用的,就要依赖于(Host Inventory),这个文件可以静态的(手动编写好)也可以动态生成,这个文件中把主机事先分好组,而后使用ansible指挥操作时,ansible会自动读取那个配置文件,去获取指定组名下都有哪些主机而后仅去连接所指定的组名下的主机,在默认情况ansible只控制5台节点,5个完成后就接着去执行下面的5个,一批一批去执行,要改变其值可以自己设定,ansible模块有两类:核心模块、自定义模块(可以使用多种语言开发属于自己的模块),【工作过程:用户指定主机,ansible读取Inventory获取主机,然后去连接主机,并且借助模块,通过Connection Plugins向主机发送指令,每一个节点运行指令,并返回结果】,要使用其他什么功能都可以通过加载对应的插件来实现。

    ansible是基于Python研发的,官方站点:www.ansible.com/home,Linux下centos 6.6在epel源上提供了其rpm包,查看一下

    ansible.noarch                                      1.9.0.1-2.el6                    epel

    此处yum源为阿里云的配置如下:

[epel]
nama=epel package
baseurl=http://mirrors.aliyun.com/epel/6/x86_64/
gpgcheck=1
enabled=1
gpgkey=http://mirrors.aliyun.com/epel/RPM-GPG-KEY-EPEL-6

    使用ansible实现的简单架构:

技术分享

    这里的实验中nodeX和hostname是对应的

    在node1上安装ansible

[root@node1 ~]# yum install ansible -y

Installed:  安装的包
  ansible.noarch 0:1.9.0.1-2.el6                                                                     

Dependency Installed: 安装依赖的包
  PyYAML.x86_64 0:3.10-3.1.el6                     libyaml.x86_64 0:0.1.3-4.el6_6                   
  python-babel.noarch 0:0.9.4-5.1.el6              python-crypto.x86_64 0:2.0.1-22.el6              
  python-crypto2.6.x86_64 0:2.6.1-2.el6            python-httplib2.noarch 0:0.7.7-1.el6             
  python-jinja2.x86_64 0:2.2.1-2.el6_5             python-keyczar.noarch 0:0.71c-1.el6              
  python-paramiko.noarch 0:1.7.5-2.1.el6           python-pyasn1.noarch 0:0.0.12a-1.el6             
  python-setuptools.noarch 0:0.6.10-3.el6          python-simplejson.x86_64 0:2.0.9-3.1.el6

    查看安装ansible生成了哪些文件

[root@node1 ~]# rpm -ql ansible | less
/etc/ansible
/etc/ansible/ansible.cfg  主配置文件
/etc/ansible/hosts  主机分组定义的文件
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-doc
/usr/bin/ansible-galaxy
/usr/bin/ansible-playbook  运行定义好的playbook程序
/usr/bin/ansible-pull   工作在推送模式
/usr/bin/ansible-vault  把playbook文件解密存放的

。。。。。

    查看ansible命令的使用

[root@node1 ~]# ansible -h
Usage: ansible [options]

主机模式
host-pattern
   A name of a group in the inventory file, a shell-like glob selecting hosts in inventory file, or any combination of the two separated by semicolons.
-k, --ask-pass        ask for SSH password 提示用户输入密码
-a ‘ARGUMENTS‘, --args=‘ARGUMENTS‘           The ARGUMENTS to pass to the module.

常用模块:
              command  这里不能执行管道
              user
              copy
              cron
              file
              filesystem
              group
              hostname
              ping
              yum
              service
              shell
              script

/etc/ansible/hosts 文件的说明一定要注意此文件的属性

[root@node1 ~]# ls -l /etc/ansible/hosts
-rw-r--r-- 1 root root 965 Mar 26 10:25 /etc/ansible/hosts
# This is the default ansible ‘hosts‘ file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments be=ginwith the ‘#‘ character
#   - Blank linesare ignored
#   - Groups of hosts are delimited by [header] elements
#   - You canenter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers. 没有分组的定义
# Ex 2: A collection of hosts belonging to the‘webservers‘ group这里是通过分组定义的
[webservers]
# If you have multiple hosts following a pattern you can specify  分组定义中的模式匹配
# them like this:
www[001:006].example.com  表示www.001.example.com到www.006.example.com是指定范文匹配的

    修改文件自定义,先备份文件,后删除全部内容,添加如下
[constrol]
192.168.21.234
192.168.21.230

    同一个主机可以在多个组中定义的

[root@node1 ~]# cp /etc/ansible/hosts /etc/ansible/hosts.bak   

[root@node1 ~]# vim /etc/ansible/hosts

# This is the default ansible ‘hosts‘ file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the ‘#‘ character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234
192.168.21.230


#ansible [-m MODULE] -a ‘MODULE_ARGS‘

    连接执行date命令

[root@node1 ~]# ansible constrol -m command -a ‘date‘
The authenticity of host ‘192.168.21.230 (192.168.21.230)‘ can‘t be established.
RSA key fingerprint is 4f:33:a8:ce:34:20:2f:04:3b:ad:c9:26:f4:bd:d0:f5.
Are you sure you want to continue connecting (yes/no)? yes
192.168.21.230 | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
    while connecting to 192.168.21.230:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
The authenticity of host ‘192.168.21.234 (192.168.21.234)‘ can‘t be established.
RSA key fingerprint is 30:43:cb:45:98:67:51:e5:36:82:e6:62:03:5e:98:fc.
Are you sure you want to continue connecting (yes/no)? yes
192.168.21.234 | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
    while connecting to 192.168.21.234:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.

    SSH连接期间遇到了一个未知错误。我们建议您使用-vvvv重新运行命令,这将使SSH调试输出来帮助诊断问题
使用ansible constrol -m command -a ‘date‘ –vvvv可以查看详细的帮助信息
    默认需要基于密钥方式来认证,-k指定需要基于口令来进行认证

[root@node1 ~]# ansible constrol -m command -a ‘date‘ -k
SSH password:
192.168.21.234 | FAILED => to use the ‘ssh‘ connection type with passwords, you must install the sshpass program
192.168.21.230 | FAILED => to use the ‘ssh‘ connection type with passwords, you must install the sshpass program

提示需要安装sshpass,安装sshpass,sshpass也是epel源提供的

[root@node1 ~]# yum install -y sshpass

[root@node1 ~]# ansible constrol -m command -a ‘date‘ -k
SSH password:    注意因为此处两端的口令一样,所以只提示一次,不一样的话会提示两次
192.168.21.230 | success | rc=0 >>
Tue Apr  7 01:11:47 CST 2015

192.168.21.234 | success | rc=0 >>
Mon Apr 13 03:12:42 CST 2015

被控制节点ip  执行成功   成功码显示

    

    在主控节点上显示被控制节点上磁盘使用情况

[root@node1 ~]# ansible constrol -m command -a ‘df -lhP‘ -k
SSH password:
192.168.21.234 | success | rc=0 >>
Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/vg_lvm-lv1   20G  1.8G   17G  10% /
tmpfs                   491M     0  491M   0% /dev/shm
/dev/sda1               190M   27M  153M  16% /boot
/dev/mapper/vg_lvm-lv2  9.8G  112M  9.2G   2% /var

192.168.21.230 | success | rc=0 >>
Filesystem              Size  Used Avail Use% Mounted on
/dev/mapper/vg_lvm-lv1   20G  814M   18G   5% /
tmpfs                   491M     0  491M   0% /dev/shm
/dev/sda1               190M   27M  153M  15% /boot
/dev/mapper/vg_lvm-lv2  9.8G  110M  9.2G   2% /var

    现在每次发送到被控节点上执行的指令都会提示说输入口令,我们把口令在配置文件中指定就不用每次都输入了,修改/etc/ansible/hosts文件指定密码选项  ansible_ssh_pass=password

我们的密码为123456,所以修改后如下:

[root@node1 ~]# cat /etc/ansible/hosts
# This is the default ansible ‘hosts‘ file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the ‘#‘ character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234 ansible_ssh_pass=123456
192.168.21.230 ansible_ssh_pass=123456

 此时不需要-k选项,不用输入密码了,使用指定用户登录可以用选项ansible_ssh_user=xxx,使用指定非标准端口ansible_ssh_port=xxx,显示各节点的date

[root@node1 ~]# ansible constrol -m command -a ‘date‘
192.168.21.234 | success | rc=0 >>
Mon Apr 13 03:21:15 CST 2015

192.168.21.230 | success | rc=0 >>
Tue Apr  7 01:20:20 CST 2015

     在理时间不同步,使用ntpdate同步一下时间,时间服务器可以选择网络上的时间服务器,这里我们用的是time.windows.com

    node3、node4节点都使用# crontab -e  添加如下内容
1 * * * * /usr/sbin/ntpdate time.windows.com > /dev/null  每小时同步一下时间,并把输出重定向到/dev/null上。


    在远程主机上创建用户

[root@node1 ~]# ansible control -m command -a ‘useradd openstack‘
No hosts matched  这里如果hosts文件中不匹配也会提示的
[root@node1 ~]# ansible constrol -m command -a ‘useradd openstack‘
192.168.21.234 | success | rc=0 >>


192.168.21.230 | success | rc=0 >>   

    查看用户是否创建成功

[root@node1 ~]# ansible constrol -m command -a ‘tail -3 /etc/passwd‘
192.168.21.230 | success | rc=0 >>
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
openstack:x:500:500::/home/openstack:/bin/bash

192.168.21.234 | success | rc=0 >>
tcpdump:x:72:72::/:/sbin/nologin
mysql:x:498:498::/home/mysql:/sbin/nologin
openstack:x:500:500::/home/openstack:/bin/bash  发现用户已经成创建了

    给用户指定密码

[root@node1 ~]# ansible constrol -m command -a ‘echo "puppet" | passwd --stdin openstack‘
192.168.21.234 | success | rc=0 >>
puppet | passwd --stdin openstack

192.168.21.230 | success | rc=0 >>
puppet | passwd --stdin openstack

[root@node1 ~]# ansible constrol -m command -a ‘tail -3 /etc/shadow‘
192.168.21.230 | success | rc=0 >>
sshd:!!:16519::::::
tcpdump:!!:16519::::::
openstack:!!:16531:0:99999:7:::  发现此时远程主机上没有设置好密码,上面命令只是显示而已,其实创建用户和密码有专门的模块实现的

192.168.21.234 | success | rc=0 >>
tcpdump:!!:16525::::::
mysql:!!:16525::::::
openstack:!!:16537:0:99999:7:::    


    获取模块帮助:

man ansible-doc -l

NAME
       ansible-doc - show documentation on Ansible modules

SYNOPSIS
       ansible-doc [-M module_path] [-l] [-s] [module...]

-l, --list=
           Produce a terse listing of modules and a short description of each.

-s, --snippet         Show playbook snippet for specified module(s)

[root@node1 ~]# ansible-doc -l

a10_server                    Manage A10 Networks AX/SoftAX/Thunder/vThunder devices             
a10_service_group             Manage A10 Networks AX/SoftAX/Thunder/vThunder devices             
a10_virtual_server            Manage A10 Networks AX/SoftAX/Thunder/vThunder devices             
acl                           Sets and retrieves file ACL information.                           
add_host                      add a host (and alternatively a group) to the ansible-playbook in-m...
airbrake_deployment           Notify airbrake about app deployments     

....................

ansible-doc MODULE_NAME回车后就会显示对应模块的使用帮助

[root@node1 ~]# ansible-doc command
less 436
Copyright (C) 1984-2009 Mark Nudelman

less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
> COMMAND

  The [command] module takes the command name followed by a list of
  space-delimited arguments. The given command will be executed on all
  selected nodes. It will not be processed through the shell, so
  variables like `$HOME‘ and operations like `"<"‘, `">"‘, `"|"‘, and
  `"&"‘ will not work (use the [shell] module if you need these
  features).

Options (= is mandatory):

- chdir
        cd into this directory before running the command [Default:
        None]

- creates
        a filename, when it already exists, this step will *not* be
        run. [Default: None]

。。。。。。。。。。

user模块查看帮助

[root@node1 ~]# ansible-doc user
less 436
Copyright (C) 1984-2009 Mark Nudelman

less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
> USER

  Manage user accounts and user attributes.

Options (= is mandatory):

- append
        If `yes‘, will only add groups, not set them to just the list
        in `groups‘. (Choices: yes, no) [Default: no]

- comment
        Optionally sets the description (aka `GECOS‘) of user account.

。。。。。。。。。。。。。。

后面还有实例

EXAMPLES:
# Add the user ‘johnd‘ with a specific uid and a primary group of ‘admin‘
- user: name=johnd comment="John Doe" uid=1040 group=admin

# Add the user ‘james‘ with a bash shell, appending the group ‘admins‘ and ‘developers‘ to the user‘s
- user: name=james shell=/bin/bash groups=admins,developers append=yes

# Remove the user ‘johnd‘
- user: name=johnd state=absent remove=yes

# Create a 2048-bit SSH key for user jsmith in ~jsmith/.ssh/id_rsa
- user: name=jsmith generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa

    用openssl生成随机的salt

[root@node1 ~]# openssl rand -hex 4
98a4afbe

    生成加密后的密码

[root@node1 ~]# openssl passwd -1 -salt `openssl rand -hex 4`
Password:
$1$653fbb05$asLazeKl3u0SNit6lZWOe.

    以密码为参数通过user模块来传递过去

[root@node1 ~]# ansible constrol -m user -a ‘name=openstack password=$1$653fbb05$asLazeKl3u0SNit6lZWOe.‘
192.168.21.230 | success >> {
    "append": false,
    "changed": true,
    "comment": "",
    "group": 500,
    "home": "/home/openstack",
    "move_home": false,
    "name": "openstack",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 500
}

192.168.21.234 | success >> {
    "append": false,
    "changed": true,
    "comment": "",
    "group": 500,
    "home": "/home/openstack",
    "move_home": false,
    "name": "openstack",
    "password": "NOT_LOGGING_PASSWORD",
    "shell": "/bin/bash",
    "state": "present",
    "uid": 500
}
    查看发现密码已经生成了
[root@node1 ~]# ansible constrol -m command -a ‘tail -3 /etc/shadow‘
192.168.21.234 | success | rc=0 >>
tcpdump:!!:16525::::::
mysql:!!:16525::::::
openstack:$1$653fbb05$asLazeKl3u0SNit6lZWOe.:16538:0:99999:7:::

192.168.21.230 | success | rc=0 >>
sshd:!!:16519::::::
tcpdump:!!:16519::::::
openstack:$1$653fbb05$asLazeKl3u0SNit6lZWOe.:16538:0:99999:7:::

    官网下ansible的所有模块列表

http://docs.ansible.com/list_of_all_modules.html

    在hosts文件中指定用户和密码,修改后如下所示

[root@node1 ~]# cat /etc/ansible/hosts
# This is the default ansible ‘hosts‘ file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the ‘#‘ character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234 ansible_ssh_user=openstack ansible_ssh_pass=zabbix
192.168.21.230 ansible_ssh_pass=123456

    查看系统上当前运行的用户是谁whoami
[root@node1 ~]# ansible constrol -m command -a ‘whoami‘
192.168.21.230 | success | rc=0 >>
root

192.168.21.234 | success | rc=0 >>
openstack

    各常用模块
              command  默认
                 #ansible constrol –m command –a ‘date’

              user
                   Manage user accounts and userattributes. 管理用户账号和用户属性
                 #ansible constrol –m user –a ‘name=fedora password=xxxx’

              copy             Copiesfiles to remote locations.
                   The [copy] module copies a fileon the local box to remote locations. Use the [fetch]module to copy files from remote locations to the local box.
                 #ansibleconstrol –m copy –a ‘src=how.txt dest=/tmp’

              cron              定义管理任务计划 Manage cron.d andcrontab entries.
                     #ansible constrol -m cron -a ‘name="print info" minute="*/3"job="echo How are you. >> /tmp/echo.txt‘

              file                       Sets attributes offiles
                     file:src=/file/to/link/to dest=/path/to/symlink owner=foo group=foo state=link 创建符号链接的
                                        state 如果是If `absent‘,directorieswill be recursively deleted, and files or symlinkswill be unlinked.
                     #ansiblecontrol –m file –a ‘dest=/tmp/you state=absent’ 会删除文件

              filesystem            Makes file system on block device
                     #Create a ext2 filesystem on /dev/sdb1.
                                        - filesystem:fstype=ext2 dev=/dev/sdb1

              group                          Add or remove groups

              hostname

              ping
                      Try to connect to host and return `pong‘ onsuccess.,探测主机是否在线
                     #ansibleconstrol –m ping

              yum
                   Installs, upgrade, removes, andlists packages and groups with the
                   `yum‘ package manager.
                     #ansibleconstrol –m yum –a ‘name=tree state=present’

              service           Controls services on remote hosts.
                     #Example action to enable service httpd, and not touch the running state
                                        - service:name=httpd enabled=yes(enabled开机是否自动启动)
                                        #ansible constrol–m service –a ‘name=httpd state=restart’

              shell
                     #ansible constrol -m shell -a ‘name=fedora password=fedora‘

              script
                     #ansibleconstrol –m script –a ‘/root/xxx.sh’


    copy模块使用
[root@node1 ~]# ansible-doc copy
> COPY
  The [copy]module copies a file on the local box to remote locations. Usethe [fetch] module to copy files from remote locations tothe local box.

Options (= is mandatory):  (”=”号开头的是必须的)
目标
= dest
      Remoteabsolute path where the file should be copied to. If src is adirectory, this must be a directory too. [Default:None]  远程节点的位置(绝对路径)

- src
        Localpath to a file to copy to the remote server; can be absoluteor relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contentsof that directory are copied to destination.
       Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavioris similar to Rsync.[Default: None](可相对可绝对位置)

实例:
Notes:  The"copy" module recursively copy facility does not scale to lots
       (>hundreds) of files. For alternative, see synchronize module,which is a wrapper around rsync.

# Example from Ansible Playbooks
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.cOnfowner=foo group=foo mode=0644
# The same example as above, but using a symbolic modeequivalent to 0644
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.cOnfowner=foo group=foo mode="u=rw,g=r,o=r"
# Another symbolic mode example, adding somepermissions and removing others
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.cOnfowner=foo group=foo mode="u+rw,g-wx,o-rwx"
# Copy a new "ntp.conf file into place, backing upthe original if it differs from the copied version
- copy: src=/mine/ntp.conf dest=/etc/ntp.cOnfowner=root group=root mode=644 backup=yes
# Copy a new "sudoers" file into place, afterpassing validation with visudo
- copy: src=/mine/sudoers dest=/etc/sudoersvalidate=‘visudo -cf %s‘


新增一个复制的文件   
root@node1 ~]# echo "The is new start." > start.txt

[root@node1 ~]# ansible constrol -m copy -a ‘src=/root/start.txt dest=/tmp/‘复制到/tmp目录下
192.168.21.230 | success >> {
    "changed": true,
    "checksum": "22be61e943af70c7ff8ae394428f195aaa72d10a",
    "dest": "/tmp/start.txt",
    "gid": 0,
    "group": "root",
    "md5sum": "589e84da9cb01000f0fccba722b6f4c2",
    "mode": "0644",
    "owner": "root",
    "size": 18,
    "src": "/root/.ansible/tmp/ansible-tmp-1427606759.7-78904826422288/source",
    "state": "file",
    "uid": 0
}

192.168.21.234 | success >> {
    "changed": true,
    "checksum": "22be61e943af70c7ff8ae394428f195aaa72d10a",
    "dest": "/tmp/start.txt",
    "gid": 500,
    "group": "openstack",
    "md5sum": "589e84da9cb01000f0fccba722b6f4c2",
    "mode": "0664",
    "owner": "openstack",
    "size": 18,
    "src": "/home/openstack/.ansible/tmp/ansible-tmp-1427606759.7-97947262909113/source",
    "state": "file",
    "uid": 500
}

[root@node1 ~]# ansible constrol -m command -a ‘cat /tmp/start.txt‘  查看复制成功了
192.168.21.230 | success | rc=0 >>
The is new start.

192.168.21.234 | success | rc=0 >>
The is new start.


    使用基于密钥的方式认证登录

[root@node1 ~]# ssh-keygen -t rsa -P ‘‘
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
11:b5:f7:85:ec:64:b1:b4:95:0b:e6:1c:48:0f:04:32 root@node1
The key‘s randomart image is:
+--[ RSA 2048]----+
|       E.o=+. o o|
|        o. oo* B |
|        . . =.X o|
|         . . B o |
|        S     o  |
|                 |
|                 |
|                 |
|                 |
+-----------------+

    修改配置文件hosts

[root@node1 ~]# cat /etc/ansible/hosts
# This is the default ansible ‘hosts‘ file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the ‘#‘ character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234 ansible_ssh_pass=123456
192.168.21.230 ansible_ssh_pass=123456

[root@node1 ~]# ansible constrol -m copy -a ‘src=/root/.ssh/id_rsa.pub dest=/root/.ssh/authorized_keys owner=root group=root mode=0600‘
192.168.21.234 | success >> {
    "changed": true,
    "checksum": "062161f3b71748dfd975c8c4c4fce4fd4f935734",
    "dest": "/root/.ssh/authorized_keys",
    "gid": 0,
    "group": "root",
    "md5sum": "ad2489d1b76241e939c92001ac2a54c1",
    "mode": "0600",
    "owner": "root",
    "size": 392,
    "src": "/root/.ansible/tmp/ansible-tmp-1427607180.58-136701398329016/source",
    "state": "file",
    "uid": 0
}

192.168.21.230 | FAILED >> {
    "checksum": "062161f3b71748dfd975c8c4c4fce4fd4f935734",
    "failed": true,
    "msg": "Destination directory /root/.ssh does not exist"  目录不存在
}    

[root@node1 ~]# ansible constrol -m command -a ‘mkdir /root/.ssh‘
192.168.21.230 | success | rc=0 >>


192.168.21.234 | FAILED | rc=1 >>
mkdir: cannot create directory `/root/.ssh‘: File exists

[root@node1 ~]# ansible constrol -m copy -a ‘src=/root/.ssh/id_rsa.pub dest=/root/.ssh/authorized_keys owner=root group=root mode=0600‘

    此时ok了,既然是部署好了基于密钥方式认证,那么把hosts文件中的ansible_ssh_pass删除,如下

[root@node1 ~]# ansible all -a ‘date‘all是所有主机)执行过程的详细信息可通过加-vvvv选项

192.168.21.230 | success | rc=0 >>
Mon Apr 13 18:32:55 CST 2015

192.168.21.234 | success | rc=0 >>
Mon Apr 13 18:32:55 CST 2015

[root@node1 ~]# vim /etc/ansible/hosts
[root@node1 ~]# cat /etc/ansible/hosts
# This is the default ansible ‘hosts‘ file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the ‘#‘ character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234
192.168.21.230
[root@node1 ~]# ansible all -a ‘date‘  发现ok了
192.168.21.230 | success | rc=0 >>
Mon Apr 13 18:33:26 CST 2015

192.168.21.234 | success | rc=0 >>
Mon Apr 13 18:33:31 CST 2015   

    配置文件部分内容

[root@node1 ~]# cat /etc/ansible/ansible.cfg
# config file for ansible -- http://ansible.com/
# ==============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]

# some basic default values...

inventory      = /etc/ansible/hosts
#library        = /usr/share/my_modules/
remote_tmp     = $HOME/.ansible/tmp
pattern        = *
forks          = 5  每次可以处理的批量主机个数
poll_interval  = 15
sudo_user      = root
#ask_sudo_pass = True
#ask_pass      = True
transport      = smart
#remote_port    = 22  远程端口

。。。。。。。。。。

    ping模块,查看远程主机是否在线

[root@node1 ~]# ansible-doc ping
less 436
Copyright (C) 1984-2009 Mark Nudelman

less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
> PING

  A trivial test module, this module always returns `pong‘ on
  successful contact. It does not make sense in playbooks, but it is
  useful from `/usr/bin/ansible‘

EXAMPLES:
# Test ‘webservers‘ status
ansible webservers -m ping

[root@node1 ~]# ansible constrol -m ping
192.168.21.230 | success >> {
    "changed": false,
    "ping": "pong"
}

192.168.21.234 | success >> {
    "changed": false,
    "ping": "pong"
}  ok了,都在线

    本次ansible到此处结束,后面将介绍ansible的高级功能,使用playbook。欢迎关注

本文出自 “快乐就好” 博客,请务必保留此出处http://wdllife.blog.51cto.com/6615958/1631964

自动化运维工具ansible的基本应用


推荐阅读
  • 笔记说明重学前端是程劭非(winter)【前手机淘宝前端负责人】在极客时间开的一个专栏,每天10分钟,重构你的前端知识体系& ... [详细]
  • 本报告记录了嵌入式软件设计课程中的第二次实验,主要探讨了使用KEIL V5开发环境和ST固件库进行GPIO控制及按键响应编程的方法。通过实际操作,加深了对嵌入式系统硬件接口编程的理解。 ... [详细]
  • Python3爬虫入门:pyspider的基本使用[python爬虫入门]
    Python学习网有大量免费的Python入门教程,欢迎大家来学习。本文主要通过爬取去哪儿网的旅游攻略来给大家介绍pyspid ... [详细]
  • 为何Compose与Swarm之后仍有Kubernetes的诞生?
    探讨在已有Compose和Swarm的情况下,Kubernetes是如何以其独特的设计理念和技术优势脱颖而出,成为容器编排领域的领航者。 ... [详细]
  • 二维码的实现与应用
    本文介绍了二维码的基本概念、分类及其优缺点,并详细描述了如何使用Java编程语言结合第三方库(如ZXing和qrcode.jar)来实现二维码的生成与解析。 ... [详细]
  • egg实现登录鉴权(七):权限管理
    权限管理包含三部分:访问页面的权限,操作功能的权限和获取数据权限。页面权限:登录用户所属角色的可访问页面的权限功能权限:登录用户所属角色的可访问页面的操作权限数据权限:登录用户所属 ... [详细]
  • 本文由chszs撰写,详细介绍了Apache Mina框架的核心开发流程及自定义协议处理方法。文章涵盖从创建IoService实例到协议编解码的具体步骤,适合希望深入了解Mina框架应用的开发者。 ... [详细]
  • 本文提供了一个关于AC自动机(Aho-Corasick Algorithm)的详细解析与实现方法,特别针对P3796题目进行了深入探讨。文章不仅涵盖了AC自动机的基本概念,还重点讲解了如何通过构建失败指针(fail pointer)来提高字符串匹配效率。 ... [详细]
  • LeetCode 102 - 二叉树层次遍历详解
    本文详细解析了LeetCode第102题——二叉树的层次遍历问题,提供了C++语言的实现代码,并对算法的核心思想和具体步骤进行了深入讲解。 ... [详细]
  • 深入解析Unity3D游戏开发中的音频播放技术
    在游戏开发中,音频播放是提升玩家沉浸感的关键因素之一。本文将探讨如何在Unity3D中高效地管理和播放不同类型的游戏音频,包括背景音乐和效果音效,并介绍实现这些功能的具体步骤。 ... [详细]
  • 探讨了在HTML表单中使用元素代替进行表单提交的方法。 ... [详细]
  • 网络流24题——试题库问题
    题目描述:假设一个试题库中有n道试题。每道试题都标明了所属类别。同一道题可能有多个类别属性。现要从题库中抽取m道题组成试卷。并要求试卷包含指定类型的试题。试设计一个满足要求的组卷算 ... [详细]
  • 在1995年,Simon Plouffe 发现了一种特殊的求和方法来表示某些常数。两年后,Bailey 和 Borwein 在他们的论文中发表了这一发现,这种方法被命名为 Bailey-Borwein-Plouffe (BBP) 公式。该问题要求计算圆周率 π 的第 n 个十六进制数字。 ... [详细]
  • 本文介绍了SIP(Session Initiation Protocol,会话发起协议)的基本概念、功能、消息格式及其实现机制。SIP是一种在IP网络上用于建立、管理和终止多媒体通信会话的应用层协议。 ... [详细]
  • 本文探讨了线性表中元素的删除方法,包括顺序表和链表的不同实现策略,以及这些策略在实际应用中的性能分析。 ... [详细]
author-avatar
RealMadrid
这个家伙很懒,什么也没留下!
PHP1.CN | 中国最专业的PHP中文社区 | DevBox开发工具箱 | json解析格式化 |PHP资讯 | PHP教程 | 数据库技术 | 服务器技术 | 前端开发技术 | PHP框架 | 开发工具 | 在线工具
Copyright © 1998 - 2020 PHP1.CN. All Rights Reserved | 京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有