ansible简介
Ansible 是一款开源的自动化运维工具,能够帮助你配置管理、应用部署、任务执行等。它基于 Python 开发,无需在远程主机上安装客户端,通过 SSH 协议进行通信。
配置
ansible在epel-release中,所以需要先安装epel-release包,再安装ansilbe:
1
| yum install epel-release -y && yum install ansible -y
|
编辑 /etc/ansible/hosts
文件,添加被控节点信息,例如(一般配置密钥免密登录,所以下面的用户名和密码不设置),可以使用-i
参数指定hosts
文件位置:
1
2
3
4
5
6
7
8
9
10
| [root@rocky ~]# cat /etc/ansible/hosts
[group1]
node1
node2
[group2]
node3
node4
[webserver:children]
group1
group2
|
使用
shell模块
1
2
| # 远程host执行命令
ansible webserver -m shell -a "yum install lrzsz -y"
|
COPY模块
1
2
| # 复制文件
ansible webserver -m copy -a 'src=/root/111.py dest=/tmp/222.py owner=root group=root mode=777 backup=yes'
|
user模块
1
2
3
4
5
6
7
8
9
10
| # 创建用户
ansible webserver -m user -a "name=nginx state=present"
# 修改密码
[root@rocky ~]# echo "your_password" | openssl passwd -1 -stdin
$1$u8Mg9HqN$oyy724CCQ5ccctaus47wc1
ansible webserver -m user -a 'name=nginx password="$1$u8Mg9HqN$oyy724CCQ5ccctaus47wc1"'
# 更改登录shell
ansible webserver -m user -a 'name=nginx shell=/sbin/nologin append=yes'
# 删除
ansible webserver -m user -a "name=nginx state=absent"
|
group模块
1
2
3
4
| # 创建用户组
ansible webserver -m group -a 'name=g1 gid=1010 state=present'
# 删除用户组
ansible webserver -m group -a 'name=g1 gid=1010 state=absent'
|
软件包模块
1
2
3
4
| # 安装nginx
ansible webserver -m yum -a 'name="nginx" state=latest'
# 卸载nginx
ansible webserver -m yum -a 'name="nginx" state=absent'
|
服务管理模块
1
2
| # 启动nginx
ansible webserver -m service -a 'name=nginx state=started enabled=yes'
|
文件模块
1
2
3
4
5
6
| # 创建文件
ansible webserver -m file -a 'path=/tmp/file.txt state=touch mode=777'
# 创建目录
ansible webserver -m file -a 'path=/tmp/testdic state=directory mode=777'
# 删除文件
ansible webserver -m file -a 'path=/tmp/testdic state=absent'
|
收集模块
1
2
| # 收集host节点服务器的信息
ansible webserver -m setup -a 'filter=ansible_processor'
|
fetch模块
1
2
| # 从远程主机获取文件
ansible node1 -m fetch -a 'src=/root/fetchtest.txt dest=/tmp'
|
cron模块
1
2
| # 同步时间服务器
ansible webserver -m cron -a 'name="同步时间" minute="*/10" job="/sbin/ntpdate 192.168.146.138 &> /dev/null"'
|
脚本模块
1
2
| # 在host运行脚本文件
ansible webserver -m script -a '/root/test.sh'
|
解压模块
1
2
| # 解压压缩包 remote_src[no|yes]代表是否为远程主机的压缩包文件
ansible webserver -m unarchive -a "src=/root/jdk-8u431-linux-x64.tar.gz dest=/usr/share remote_src=no"
|
剧本
1
2
3
4
5
6
7
8
9
10
11
12
13
| - hosts: node1
tasks:
- name: install webserver
yum: name=httpd state=present
- name: copy conf
copy: src=./httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd service
- name: check status is ok
service: name=httpd state=started enabled=yes
handlers:
- name: restart httpd service
service: name=httpd state=restarted
|
handlers可以实现触发功能。
角色
结构目录
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
| [root@rocky ~]# tree roles/
roles/
├── docker
│ ├── files
│ │ └── index.html
│ ├── hadnlers
│ │ └── main.yaml
│ ├── tasks
│ │ └── main.yaml
│ ├── templates
│ │ └── nginx.conf.j2
│ └── vars
│ └── main.yaml
├── mysql
│ ├── files
│ │ └── index.html
│ ├── hadnlers
│ │ └── main.yaml
│ ├── tasks
│ │ └── main.yaml
│ ├── templates
│ │ └── nginx.conf.j2
│ └── vars
│ └── main.yaml
├── nginx
│ ├── files
│ │ └── index.html
│ ├── hadnlers
│ │ └── main.yaml
│ ├── tasks
│ │ └── main.yaml
│ ├── templates
│ │ └── nginx.conf.j2
│ └── vars
│ └── main.yaml
└── site.yaml
18 directories, 16 filess
|
/files/
存放一些普通的文件,比如网页服务器所需要的HTML文件。
1
2
| [root@rocky ~]# cat roles/nginx/files/index.html
Hello Masterke!!!
|
/hadnlers/
存放触发器程序,用于在指定条件下才执行的任务。
1
2
3
4
| [root@rocky ~]# cat roles/nginx/hadnlers/main.yaml
---
- name: "restart nginx"
service: name=nginx state=restarted
|
/tasks/
存放任务清单。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| [root@rocky ~]# cat roles/nginx/tasks/main.yaml
---
- name: "install epel-release"
yum: name=epel-release state=latest
- name: "install nginx packge"
yum: name=nginx state=latest
- name: "copy index.html"
copy: src=index.html dest=/usr/share/nginx/html/index.html
- name: "copy nginx.conf template"
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: "restart nginx"
- name: "make sure nginx running"
service: name=nginx state=started enabled=yes
|
/templates/
存放模板程序,在任务清单中调用复制或其他操作。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
| [root@rocky ~]# cat roles/nginx/templates/nginx.conf.j2
user nginx;
worker_processes ;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
# 调用变量使用,可以调用内置变量或子啊vars目录中定义的自定义变量
worker_connections ;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
|
/vars/
存放金甲文件中所使用的变量。
1
2
| [root@rocky nginx]# cat vars/main.yaml
worker_connections: 10240
|
site.yaml
主导文件,从这里开始调用。
1
2
3
4
| [root@rocky ~]# cat roles/site.yaml
- hosts: webserver
roles:
- nginx
|