上一篇簡單介紹ansible的一些基礎知識,這篇咱們來讨論下ansible的基本使用,進階階段放到下一篇來說
Ansbile
ansible通過ssh實作配置管理、應用部署、任務執行等功能,建議配置ansible端能基于密鑰認證的方式聯系各被管理節點
ansible <host-pattern> [-m module_name] [-a args]
--version 顯示版本
-m module 指定子產品,預設為command
-v 詳細過程 –vv -vvv更詳細
--list-hosts 顯示主機清單,可簡寫 --list
-k, --ask-pass 提示輸入ssh連接配接密碼,預設Key驗證
-K, --ask-become-pass 提示輸入sudo時的密碼
-C, --check 檢查,并不執行
-T, --timeout=TIMEOUT 執行指令的逾時時間,預設10s
-u, --user=REMOTE_USER 執行遠端執行的使用者
-b, --become 代替舊版的sudo 切換
ansible的Host-pattern
ansible的Host-pattern
比對的主機的清單:
All :表示所有Inventory中的所有主機
[root@ansible ~]#ansible all -m ping
172.20.7.50 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.52 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.56 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.54 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.57 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.55 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.20.7.53 | SUCCESS => {
"changed": false,
"ping": "pong"
} * : 通配符
[root@ansible ~]#ansible "*" -a 'echo $HOSTNAME'
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com
172.20.7.54 | SUCCESS | rc=0 >>
node4.dklwj.com
.....
[root@ansible ~]#ansible 172.20.7.* -a 'echo $HOSTNAME'
172.20.7.53 | SUCCESS | rc=0 >>
node3.dklwj.com
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com
....
[root@ansible ~]#ansible *srvs -a 'echo $HOSTNAME'
172.20.7.52 | SUCCESS | rc=0 >>
node2.dklwj.com
172.20.7.50 | SUCCESS | rc=0 >>
ansible
....
或關系
[root@ansible ~]#ansible "websrvs:dbsrvs" -a 'echo $HOSTNAME'
172.20.7.54 | SUCCESS | rc=0 >>
node4.dklwj.com
172.20.7.52 | SUCCESS | rc=0 >>
node2.dklwj.com
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com
172.20.7.53 | SUCCESS | rc=0 >>
node3.dklwj.com
172.20.7.57 | SUCCESS | rc=0 >>
node7.dklwj.com
[root@ansible ~]#ansible "172.20.7.50:172.20.7.56" -a 'echo $HOSTNAME'
172.20.7.50 | SUCCESS | rc=0 >>
ansible
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com 邏輯與
ansible “websrvs:&dbsrvs” –a 'echo $HOSTNAME'
在websrvs組并且在dbsrvs組中的主機
cat /etc/ansible/hosts
[websrvs]
172.20.7.52
172.20.7.56
172.20.7.57
[dbsrvs]
172.20.7.53
172.20.7.54
172.20.7.52
[appsrvs]
172.20.7.50
172.20.7.55
"/etc/ansible/hosts" 54L, 1143C written
[root@ansible ~]#ansible "websrvs:&dbsrvs" -a 'echo $HOSTNAME'
172.20.7.52 | SUCCESS | rc=0 >>
node2.dklwj.com 邏輯非
ansible ‘websrvs:!dbsrvs’ –a 'echo $HOSTNAME'
在websrvs組,但不在dbsrvs組中的主機
注意:此處為單引号
[root@ansible ~]#ansible 'websrvs:!dbsrvs' -a 'echo $HOSTNAME'
172.20.7.57 | SUCCESS | rc=0 >>
node7.dklwj.com
172.20.7.56 | SUCCESS | rc=0 >>
node6.dklwj.com 綜合邏輯
ansible ‘websrvs:dbsrvs:&appsrvs:!ftpsrvs’ –a 'echo $HOSTNAME'
cat /etc/ansible/hosts
[websrvs]
172.20.7.52
172.20.7.56
172.20.7.57
[dbsrvs]
172.20.7.53
172.20.7.54
172.20.7.52
[appsrvs]
172.20.7.50
172.20.7.52
172.20.7.55
[ftpsrvs]
172.20.7.50
172.20.7.55
"/etc/ansible/hosts" 58L, 1189C written
[root@ansible ~]#ansible 'websrvs:dbsrvs:&appsrvs:!ftpsrvs' -a 'echo $HOSTNAME'172.20.7.52 | SUCCESS | rc=0 >>
node2.dklwj.com ansible指令執行過程
ansible指令執行過程
1. 加載自己的配置檔案 預設/etc/ansible/ansible.cfg
2. 加載自己對應的子產品檔案,如command
3. 通過ansible将子產品或指令生成對應的臨時py檔案,并将該 檔案傳輸至遠端伺服器的對應執行使用者$HOME/.ansible/tmp/ansible-tmp-數字/XXX.PY檔案
4. 給檔案+x執行
5. 執行并傳回結果
6. 删除臨時py檔案,sleep 0退出
執行狀态:
×××:執行成功并且對目标主機做變更
綠色:執行成功并且不需要做改變的操作
運維自動化之ANSIBLE(中級) 紅色:執行失敗
運維自動化之ANSIBLE(中級) 運維自動化之ANSIBLE(中級)
Ansible使用示例
基于一台主機管理
[root@ansible ~]#ansible 172.20.7.52 -m command -a 'ls /root'
172.20.7.52 | SUCCESS | rc=0 >>
anaconda-ks.cfg
Desktop
Documents
Downloads
initial-setup-ks.cfg
Music
Pictures
Public
Templates
Videos
基于組的自動管理
[root@ansible ~]#ansible websrvs -m command -a 'ls /root'
172.20.7.53 | SUCCESS | rc=0 >>
anaconda-ks.cfg
Desktop
Documents
Downloads
install.log
install.log.syslog
Music
Pictures
Public
Templates
Videos
172.20.7.52 | SUCCESS | rc=0 >>
anaconda-ks.cfg
Desktop
Documents
Downloads
initial-setup-ks.cfg
Music
Pictures
Public
Templates
Videos Ansible常用子產品
Command:
在遠端主機執行指令,預設子產品,可忽略-m選項
ansible websrvs -m command -a 'systemctl start httpd'
[root@ansible ~]#ansible websrvs -m command -a 'systemctl start httpd'
172.20.7.57 | SUCCESS | rc=0 >>
172.20.7.56 | SUCCESS | rc=0 >>
172.20.7.52 | SUCCESS | rc=0 >> ansible 172.20.7.52 -m command -a 'echo 123456 |passwd --stdin cobbler'不成功
[root@ansible ~]#ansible 172.20.7.52 -m command -a 'echo 123456|passwd --stdin cobbler'
172.20.7.52 | SUCCESS | rc=0 >>
123456|passwd --stdin cobbler 此指令不支援 $VARNAME < > | ; & 等,用shell子產品實作
Shell:和command相似,用shell執行指令
ansible 172.20.7.52 -m command -a 'echo 123456 |passwd --stdin cobbler'
[root@ansible ~]#ansible 172.20.7.52 -m shell -a 'echo 123456|passwd --stdin cobbler'
172.20.7.52 | SUCCESS | rc=0 >>
Changing password for user cobbler.
passwd: all authentication tokens updated successfully. 調用bash執行指令 類似 cat /tmp/stanley.md | awk -F‘|’ ‘{print $1,$2}’ &> /tmp/example.txt 這些複雜指令,即使使用shell也可能會失敗,解決辦法:寫到腳本時,copy到遠端,執行,再把需要的結果拉回執行指令的機器
Script:運作腳本
-a "/PATH/TO/SCRIPT_FILE"
ansible websrvs -m script -a f1.sh
[root@ansible ~]#ansible websrvs -m script -a f1.sh
172.20.7.52 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.20.7.52 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.20.7.52 closed."
],
"stdout": "node2.dklwj.com\r\n",
"stdout_lines": [
"node2.dklwj.com"
]
}
172.20.7.56 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.20.7.56 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.20.7.56 closed."
],
"stdout": "node6.dklwj.com\r\n",
"stdout_lines": [
"node6.dklwj.com"
]
}
172.20.7.57 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 172.20.7.57 closed.\r\n",
"stderr_lines": [
"Shared connection to 172.20.7.57 closed."
],
"stdout": "node7.dklwj.com\r\n",
"stdout_lines": [
"node7.dklwj.com"
]
} Copy:從伺服器複制檔案到用戶端
ansible 172.20.7.52 -m copy -a 'src=/root/f1.sh dest=/tmp/f2.sh owner=cobbler mode=600 backup=yes'
如目标存在,預設覆寫,此處指定先備份
[root@ansible ~]#ansible 172.20.7.52 -m copy -a 'src=/root/f1.sh dest=/tmp/f2.sh owner=cobbler mode=600 backup=yes'
172.20.7.52 | SUCCESS => {
"changed": true,
"checksum": "186e23e2c374f961aae6e4a876791f8ea3fa132a",
"dest": "/tmp/f2.sh",
"gid": 0,
"group": "root",
"mode": "0600",
"owner": "cobbler",
"path": "/tmp/f2.sh",
"size": 29,
"state": "file",
"uid": 1002
} ansible websrv -m copy -a “content=‘test content\n’ dest=/tmp/f1.txt”
利用内容,直接生成目标檔案
[root@ansible ~]#ansible websrvs -m copy -a 'content="line1\nline2" dest=/tmp/f1.txt'
172.20.7.52 | SUCCESS => {
"changed": true,
"checksum": "05eed6236c8bda5ecf7af09bae911f9d5f90998b",
"dest": "/tmp/f1.txt",
"gid": 0,
"group": "root",
"md5sum": "ee5a58024a155466b43bc559d953e018",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1537759297.03-108086848060144/source",
"state": "file",
"uid": 0
}
172.20.7.57 | SUCCESS => {
"changed": true,
"checksum": "05eed6236c8bda5ecf7af09bae911f9d5f90998b",
"dest": "/tmp/f1.txt",
"gid": 0,
"group": "root",
"md5sum": "ee5a58024a155466b43bc559d953e018",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1537759297.06-272258279616668/source",
"state": "file",
"uid": 0
}
172.20.7.56 | SUCCESS => {
"changed": true,
"checksum": "05eed6236c8bda5ecf7af09bae911f9d5f90998b",
"dest": "/tmp/f1.txt",
"gid": 0,
"group": "root",
"md5sum": "ee5a58024a155466b43bc559d953e018",
"mode": "0644",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1537759297.04-113306386739819/source",
"state": "file",
"uid": 0
}
#檢視遠端主機是否成功
[root@ansible ~]#ansible websrvs -a 'cat /tmp/f1.txt'
172.20.7.57 | SUCCESS | rc=0 >>
line1
line2
172.20.7.56 | SUCCESS | rc=0 >>
line1
line2
172.20.7.52 | SUCCESS | rc=0 >>
line1
line2 Fetch:從用戶端取檔案至伺服器端,copy相反,目錄可先tar
[root@ansible ~]#ansible websrvs -m fetch -a 'src=/data/f1 dest=/data/'
172.20.7.52 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/data/172.20.7.52/data/f1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
172.20.7.56 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/data/172.20.7.56/data/f1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
172.20.7.57 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/data/172.20.7.57/data/f1",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
# 檢視server端,在這裡ansible做的還是可以的 怕傳過來的混淆,用用戶端的IP作為檔案夾以示區分。
[root@ansible ~]#ls /data/
172.20.7.52 172.20.7.56 172.20.7.57 File:設定檔案屬性
ansible 172.20.7.52 -m file -a "path=/root/f1.sh owner=cobbler mode=755"
[root@ansible ~]#ansible 172.20.7.52 -m file -a "path=/root/f1.sh owner=cobbler mode=755"
172.20.7.52 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "cobbler",
"path": "/root/f1.sh",
"size": 30,
"state": "file",
"uid": 1002
}
[root@ansible ~]#ansible 172.20.7.52 -a 'ls -l /root/f1.sh'
172.20.7.52 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 cobbler root 30 Sep 23 19:24 /root/f1.sh ansible websrvs -m file -a ‘src=/app/testfile dest=/app/testfile-link state=link’
# 在websrvs組中所有機器上建立軟連接配接
[root@ansible ~]#ansible websrvs -m file -a 'src=/data/f1 dest=/data/f1-link state=link'
172.20.7.52 | SUCCESS => {
"changed": true,
"dest": "/data/f1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/data/f1",
"state": "link",
"uid": 0
}
172.20.7.56 | SUCCESS => {
"changed": true,
"dest": "/data/f1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/data/f1",
"state": "link",
"uid": 0
}
172.20.7.57 | SUCCESS => {
"changed": true,
"dest": "/data/f1-link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 8,
"src": "/data/f1",
"state": "link",
"uid": 0
}
# 檢視結果
[root@ansible ~]#ansible websrvs -a 'ls -l /data'
172.20.7.57 | SUCCESS | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Sep 22 16:45 f1
lrwxrwxrwx 1 root root 8 Sep 24 12:57 f1-link -> /data/f1
172.20.7.56 | SUCCESS | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Sep 22 16:45 f1
lrwxrwxrwx 1 root root 8 Sep 24 12:57 f1-link -> /data/f1
172.20.7.52 | SUCCESS | rc=0 >>
total 0
-rw-r--r-- 1 root root 0 Sep 25 11:27 f1
lrwxrwxrwx 1 root root 8 Sep 25 12:57 f1-link -> /data/f1 #把單獨一台遠端主機修改主機名,這種修改是直接生效的如果是6系統的話連/etc/sysconfig/network裡面的都修改了
[root@ansible ~]#ansible 172.20.7.52 -m hostname -a 'name=ansible2'
172.20.7.52 | SUCCESS => {
"ansible_facts": {
"ansible_domain": "",
"ansible_fqdn": "ansible2",
"ansible_hostname": "ansible2",
"ansible_nodename": "ansible2"
},
"changed": true,
"name": "ansible2"
}
[root@ansible ~]#ansible 172.20.7.52 -a 'hostname'
172.20.7.52 | SUCCESS | rc=0 >>
ansible2 # 給websrvs組中所有主機建立一個時間同步計劃,時間為每5鐘同步一次
[root@ansible ~]#ansible websrvs -m cron -a 'name="sync time from ntpserver" minute="*/5" job="ntpdate 172.20.0.1 &> /dev/null"'
172.20.7.56 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"sync time from ntpserver"
]
}
172.20.7.52 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"sync time from ntpserver"
]
}
172.20.7.57 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"sync time from ntpserver"
]
}
# 檢視websrvs是否建立成功
[root@ansible ~]#ansible websrvs -a 'crontab -l'
172.20.7.57 | SUCCESS | rc=0 >>
#Ansible: sync time from ntpserver
*/5 * * * * ntpdate 172.20.0.1 &> /dev/null
172.20.7.56 | SUCCESS | rc=0 >>
#Ansible: sync time from ntpserver
*/5 * * * * ntpdate 172.20.0.1 &> /dev/null
172.20.7.52 | SUCCESS | rc=0 >>
#Ansible: sync time from ntpserver
*/5 * * * * ntpdate 172.20.0.1 &> /dev/null 後續持續更新中ing.......