关于ansible介绍
ansible 是一个轻量级自动化运维工具,基于Python开发,可以实现命令批量执行,程序批量部署和配置,批量系统配置等 ;集合了puppet,saltstack,chef,fabric 等运维工具的功能特点,所以强大好用。
ansible 基本架构
* 该图来源于网络*
1)ansible 本身并不实现管理任务,而是通过模块来进行;
2)模块类型:标准模块(也叫核心模块),自定义模块;
3)playbooks :当有多个任务需要同时去执行,就需要将任务写入到以.yml结尾的文件中,通过 playbooks 调用执行;
4)Connectior Plugins :是 ansible 和被管控主机之间的连接插件,大部分场景使用的是SSH来连接;
5)Host Inventory :主机清单;
ansible 环境部署
这里我们采用3台主机,1台管控主机,2台WEB主机,用来被管理使用。
IP:192.168.231.132
IP:192.168.231.135 (web)
IP:192.168.231.136 (web)
IP:192.168.231.132 上面安装ansible:
1) 查看ansible描述信息:
[root@master ~]# yum info ansible
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* extras: mirrors.sohu.com
* updates: mirrors.sohu.com
Available Packages
Name : ansible
Arch : noarch
Version : 2.4.2.0
Release : 2.el7
Size : 7.6 M
Repo : extras/7/x86_64
Summary : SSH-based configuration management, deployment, and task execution system
URL : http://ansible.com
License : GPLv3+
Description :
: Ansible is a radically simple model-driven configuration management,
: multi-node deployment, and remote task execution system. Ansible works
: over SSH and does not require any software or daemons to be installed
: on remote nodes. Extension modules can be written in any language and
: are transferred to managed machines automatically.
2)yum 安装ansible:
[root@master ~]# yum install -y ansible
[root@master ~]# rpm -qi ansible #查看是否安装成功
[root@master ~]# rpm -ql ansible |less
/etc/ansible
/etc/ansible/ansible.cfg #ansible主配置文件
/etc/ansible/hosts #主机清单
/etc/ansible/roles #角色存放目录
/usr/bin/ansible #主程序
/usr/bin/ansible-doc #存放剧本文件
3)查看所支持的模块:
[root@master ~]# ansible-doc -l
4)在ansible主机上添加被管控主机:
[root@master ~]# cd /etc/ansible/
[root@master ansible]# cp hosts{,.bak} #备份
[root@master ansible]# vim hosts
添加:
[websrvs]
192.168.231.135
192.168.231.136
[root@master ansible]# cd
[root@master ~]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hPCCZDNwDrpgOtstpYdargZUTbpEYQvj/r8Uca50hjQ root@master
The key's randomart image is:
+---[RSA 2048]----+
|o+*+=. |
|o*==o+ . |
|oo++.Eo.. |
|=o. o.*. |
|=. ..+ +S |
|.+.=. = |
|o *.oo |
| = oo |
|+.. o. |
+----[SHA256]-----+
[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.231.135
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '192.168.231.135 (192.168.231.135)' can't be established.
ECDSA key fingerprint is SHA256:y6l//XlPDQXSeJZwVG4ursI6hLXe2YkuNFSSPuOkT5Y.
ECDSA key fingerprint is MD5:4f:60:57:a4:2b:5c:75:09:b4:96:a6:32:ed:8c:1d:36.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.231.135's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.231.135'"
and check to make sure that only the key(s) you wanted were added.
[root@master ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.231.136
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '192.168.231.136 (192.168.231.136)' can't be established.
ECDSA key fingerprint is SHA256:y6l//XlPDQXSeJZwVG4ursI6hLXe2YkuNFSSPuOkT5Y.
ECDSA key fingerprint is MD5:4f:60:57:a4:2b:5c:75:09:b4:96:a6:32:ed:8c:1d:36.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.231.136's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.231.136'"
and check to make sure that only the key(s) you wanted were added.
[root@master ~]# ansible all -m ping #ping模块探测被管理主机是否存活,显示pong,则是正常
192.168.231.135 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.231.136 | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible 常用模块
ansible -h
ansible -s 模块 #模块的一些简单用法和说明
常用的模块有:
ping
yum
copy
cron
file
...