文章

ansible使用

ansible使用

ansible简介

Ansible 是一款开源的自动化运维工具,能够帮助你配置管理、应用部署、任务执行等。它基于 Python 开发,无需在远程主机上安装客户端,通过 SSH 协议进行通信。

配置

ansible在epel-release中,所以需要先安装epel-release包,再安装ansilbe:

1
yum install epel-release -y && yum install ansible -y

编辑 /etc/ansible/hosts 文件,添加被控节点信息,例如(一般配置密钥免密登录,所以下面的用户名和密码不设置),可以使用-i参数指定hosts文件位置:

1
2
3
4
5
6
7
8
9
10
[root@rocky ~]# cat /etc/ansible/hosts 
[group1]
node1
node2
[group2]
node3
node4
[webserver:children]
group1
group2

使用

shell模块

1
2
# 远程host执行命令
ansible webserver -m shell -a "yum install lrzsz -y"

COPY模块

1
2
# 复制文件
ansible webserver -m copy -a 'src=/root/111.py dest=/tmp/222.py owner=root group=root mode=777 backup=yes'

user模块

1
2
3
4
5
6
7
8
9
10
# 创建用户
ansible webserver -m user -a "name=nginx state=present"
# 修改密码
[root@rocky ~]# echo "your_password" | openssl passwd -1 -stdin
$1$u8Mg9HqN$oyy724CCQ5ccctaus47wc1
ansible webserver -m user -a 'name=nginx password="$1$u8Mg9HqN$oyy724CCQ5ccctaus47wc1"'
# 更改登录shell
ansible webserver -m user -a 'name=nginx shell=/sbin/nologin append=yes'
# 删除
ansible webserver -m user -a "name=nginx state=absent"

group模块

1
2
3
4
# 创建用户组
ansible webserver -m group -a 'name=g1 gid=1010 state=present'
# 删除用户组
ansible webserver -m group -a 'name=g1 gid=1010 state=absent'

软件包模块

1
2
3
4
# 安装nginx
ansible webserver -m yum -a 'name="nginx" state=latest'
# 卸载nginx
ansible webserver -m yum -a 'name="nginx" state=absent'

服务管理模块

1
2
# 启动nginx
ansible webserver -m service -a 'name=nginx state=started enabled=yes'

文件模块

1
2
3
4
5
6
# 创建文件
ansible webserver -m file -a 'path=/tmp/file.txt state=touch mode=777'
# 创建目录
ansible webserver -m file -a 'path=/tmp/testdic state=directory mode=777'
# 删除文件
ansible webserver -m file -a 'path=/tmp/testdic state=absent'

收集模块

1
2
# 收集host节点服务器的信息
ansible webserver -m setup -a 'filter=ansible_processor'

fetch模块

1
2
# 从远程主机获取文件
ansible node1 -m fetch -a 'src=/root/fetchtest.txt dest=/tmp'

cron模块

1
2
# 同步时间服务器
ansible webserver -m cron -a 'name="同步时间" minute="*/10" job="/sbin/ntpdate 192.168.146.138 &> /dev/null"' 

脚本模块

1
2
# 在host运行脚本文件
ansible webserver -m script -a '/root/test.sh'

解压模块

1
2
# 解压压缩包 remote_src[no|yes]代表是否为远程主机的压缩包文件
ansible webserver -m unarchive -a "src=/root/jdk-8u431-linux-x64.tar.gz dest=/usr/share remote_src=no"

剧本

1
2
3
4
5
6
7
8
9
10
11
12
13
- hosts: node1
  tasks:
  - name: install webserver
    yum: name=httpd state=present
  - name: copy conf
    copy: src=./httpd.conf dest=/etc/httpd/conf/httpd.conf
    notify: restart httpd service
  - name: check status is ok
    service: name=httpd state=started enabled=yes

  handlers:
  - name: restart httpd service
    service: name=httpd state=restarted

handlers可以实现触发功能。

角色

结构目录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
[root@rocky ~]# tree roles/
roles/
├── docker
│   ├── files
│   │   └── index.html
│   ├── hadnlers
│   │   └── main.yaml
│   ├── tasks
│   │   └── main.yaml
│   ├── templates
│   │   └── nginx.conf.j2
│   └── vars
│       └── main.yaml
├── mysql
│   ├── files
│   │   └── index.html
│   ├── hadnlers
│   │   └── main.yaml
│   ├── tasks
│   │   └── main.yaml
│   ├── templates
│   │   └── nginx.conf.j2
│   └── vars
│       └── main.yaml
├── nginx
│   ├── files
│   │   └── index.html
│   ├── hadnlers
│   │   └── main.yaml
│   ├── tasks
│   │   └── main.yaml
│   ├── templates
│   │   └── nginx.conf.j2
│   └── vars
│       └── main.yaml
└── site.yaml

18 directories, 16 filess

/files/

存放一些普通的文件,比如网页服务器所需要的HTML文件。

1
2
[root@rocky ~]# cat roles/nginx/files/index.html 
Hello Masterke!!!

/hadnlers/

存放触发器程序,用于在指定条件下才执行的任务。

1
2
3
4
[root@rocky ~]# cat roles/nginx/hadnlers/main.yaml 
---
- name: "restart nginx"
  service: name=nginx state=restarted

/tasks/

存放任务清单。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@rocky ~]# cat roles/nginx/tasks/main.yaml 
---
- name: "install epel-release"
  yum: name=epel-release state=latest

- name: "install nginx packge"
  yum: name=nginx state=latest

- name: "copy index.html"
  copy: src=index.html dest=/usr/share/nginx/html/index.html

- name: "copy nginx.conf template"
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
  notify: "restart nginx"

- name: "make sure nginx running"
  service: name=nginx state=started enabled=yes

/templates/

存放模板程序,在任务清单中调用复制或其他操作。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
[root@rocky ~]# cat roles/nginx/templates/nginx.conf.j2 

user nginx;
worker_processes ;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
# 调用变量使用,可以调用内置变量或子啊vars目录中定义的自定义变量
    worker_connections ;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }


}

/vars/

存放金甲文件中所使用的变量。

1
2
[root@rocky nginx]# cat vars/main.yaml 
worker_connections: 10240

site.yaml

主导文件,从这里开始调用。

1
2
3
4
[root@rocky ~]# cat roles/site.yaml 
- hosts: webserver
  roles:
  - nginx
本文由作者按照 CC BY 4.0 进行授权