一、基礎(chǔ)知識(shí)：

??? 1. 簡(jiǎn)介

?? ???? ansible基于python開(kāi)發(fā)，集合了眾多運(yùn)維工具的優(yōu)點(diǎn)，實(shí)現(xiàn)了批量系統(tǒng)配置、批量程序部署、批量運(yùn)行命令等功能。ansible是基于模塊工作的，本身沒(méi)有批量部署的能力。
?? ??? ?真正具有批量部署的是ansible運(yùn)行的模塊，ansible只是一個(gè)框架

?? ??? ?(1) 連接插件connection plugins: 負(fù)責(zé)和被監(jiān)控端實(shí)現(xiàn)通信；
?? ??? ?(2) host inventory: 指定操作的主機(jī)，是一個(gè)配置文件里面定義監(jiān)控的主機(jī)
?? ??? ?(3) 各種模塊核心模塊、command模塊、自定義模塊；
?? ??? ?(4) 借助于插件完成記錄日志郵件等功能；
?? ??? ?(5) playbook: 劇本執(zhí)行多個(gè)任務(wù)時(shí)，非必須可以讓節(jié)點(diǎn)一次性運(yùn)行多個(gè)任務(wù)。

?? ?2、特性：

?? ??? ?(1) no agents: 不需要在被管理主機(jī)上安裝任務(wù)agent
?? ??? ?(2) no server: 無(wú)服務(wù)器端，使用時(shí)，直接運(yùn)行命令即可
?? ??? ?(3) modules in any languages: 基于模塊工作，可使用任意語(yǔ)言開(kāi)發(fā)模塊
?? ??? ?(4) yaml not code：使用yaml語(yǔ)言定制劇本playbook
?? ??? ?(5) ssh by default：基于SSH工作
?? ??? ?(6) strong multi-tier solution: 可實(shí)現(xiàn)多級(jí)指揮

?? ?3、優(yōu)點(diǎn)：

?? ??? ?(1) 輕量級(jí)，無(wú)需在客戶(hù)端安裝agent，更新時(shí)，只需要在操作機(jī)上進(jìn)行一次更新即可；
?? ??? ?(2) 批量任務(wù)可以寫(xiě)成腳本，而且不用分發(fā)到遠(yuǎn)程就可以執(zhí)行
?? ??? ?(3) 使用python編寫(xiě)，維護(hù)簡(jiǎn)單
?? ??? ?(4) 支持sudo

?

二、ansible安裝

??? 1.1 rpm包安裝
?? ??? ?epel源：

[epel]name=Extra Packages for Enterprise Linux 6 - $basearchbaseurl=http://download.fedoraproject.org/pub/epel/6/$basearch#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearchfailovermethod=priorityenabled=1gpgcheck=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo]name=Extra Packages for Enterprise Linux 6 - $basearch - Debugbaseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearchfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6gpgcheck=0[epel-source]name=Extra Packages for Enterprise Linux 6 - $basearch - Sourcebaseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearchfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6gpgcheck=0[root@localhost ~]# yum install ansible -y

三、常用模塊介紹

??? copy模塊
?? ??? ?目的：把主控本地文件拷貝到遠(yuǎn)程節(jié)點(diǎn)上

[root@localhost ~]# ansible 192.168.118.14 -m copy -a "src=/root/bigfile dest=/tmp"192.168.118.14 | SUCCESS => {"changed": true, "checksum": "8c206a1a87599f532ce68675536f0b1546900d7a", "dest": "/tmp/bigfile", "gid": 0, "group": "root", "md5sum": "f1c9645dbc14efddc7d8a322685f26eb", "mode": "0644", "owner": "root", "size": 10485760, "src": "/root/.ansible/tmp/ansible-tmp-1467946691.02-193284383894106/source", "state": "file", "uid": 0}

??? file模塊
?? ??? ?目的：更改指定節(jié)點(diǎn)上文件的權(quán)限、屬主和屬組

[root@localhost ~]# ansible 192.168.118.14 -m file -a "dest=/tmp/bigfile mode=777 owner=root group=root"192.168.118.14 | SUCCESS => {"changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/bigfile", "size": 10485760, "state": "file", "uid": 0}

??? cron模塊
?? ??? ?目的：在指定節(jié)點(diǎn)上定義一個(gè)計(jì)劃任務(wù)，每三分鐘執(zhí)行一次。

[root@localhost ~]# ansible all -m cron -a 'name="Cron job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/bin/ntpdate tiger.sina.com.cn"'192.168.118.14 | SUCCESS => {"changed": true, "envs": [], "jobs": ["Cron job"]}192.168.118.13 | SUCCESS => {"changed": true, "envs": [], "jobs": ["Cron job"]}

??? group模塊
?? ??? ?目的：在遠(yuǎn)程節(jié)點(diǎn)上創(chuàng)建一個(gè)組名為ansible，gid為2016的組

[root@localhost ~]# ansible 192.168.118.14 -m group -a "name=ansible gid=2016"192.168.118.14 | SUCCESS => {"changed": true, "gid": 2016, "name": "ansible", "state": "present", "system": false}

??? user模塊
?? ??? ?目的：在指定節(jié)點(diǎn)上創(chuàng)建一個(gè)用戶(hù)名為ansible，組為ansible的用戶(hù)

[root@localhost ~]# ansible 192.168.118.14 -m user -a "name=ansible uid=2016 group=ansible state=present"192.168.118.14 | SUCCESS => {"changed": true, "comment": "", "createhome": true, "group": 2016, "home": "/home/ansible", "name": "ansible", "shell": "/bin/bash", "state": "present", "system": false, "uid": 2016}

?? ???? 刪除遠(yuǎn)端節(jié)點(diǎn)用戶(hù)，注意：刪除遠(yuǎn)程用戶(hù)，但是不會(huì)刪除該用戶(hù)的家目錄

[root@localhost ~]# ansible 192.168.118.14 -m user -a "name=ansible state=absent"192.168.118.14 | SUCCESS => {"changed": true, "force": false, "name": "ansible", "remove": false, "state": "absent"}

??? yum 模塊
?? ??? ?目的：在遠(yuǎn)程節(jié)點(diǎn)安裝vsftpd

[root@localhost ~]# ansible 192.168.118.14 -m yum -a 'name=vsftpd state=present'192.168.118.14 | SUCCESS => {"changed": true, "msg": "", "rc": 0, "results": ["Loaded plugins: fastestmirror\nSetting up Install Process\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:2.2.2-14.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n vsftpd x86_64 2.2.2-14.el6 yum 152 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 152 k\nInstalled size: 332 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\r Verifying : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\nInstalled:\n vsftpd.x86_64 0:2.2.2-14.el6 \n\nComplete!\n"]}

?? ???? 卸載寫(xiě)法：

[root@localhost ~]# ansible 192.168.118.14 -m yum -a 'name=vsftpd state=removed'192.168.118.14 | SUCCESS => {"changed": true, "msg": "", "rc": 0, "results": ["Loaded plugins: fastestmirror\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:2.2.2-14.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n vsftpd x86_64 2.2.2-14.el6 @yum 332 k\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 332 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\r Verifying : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\nRemoved:\n vsftpd.x86_64 0:2.2.2-14.el6 \n\nComplete!\n"]}

??? service模塊

啟動(dòng)[root@localhost ~]# ansible 192.168.118.14 -m service -a 'name=vsftpd state=started enabled=yes'192.168.118.14 | SUCCESS => {"changed": true, "enabled": true, "name": "vsftpd", "state": "started"} 停止[root@localhost ~]# ansible 192.168.118.14 -m service -a 'name=vsftpd state=stopped enabled=yes'192.168.118.14 | SUCCESS => {"changed": true, "enabled": true, "name": "vsftpd", "state": "stopped"}

??? ping模塊

[root@localhost ~]# ansible 192.168.118.14 -m ping192.168.118.14 | SUCCESS => {"changed": false, "ping": "pong"}

??? command模塊

[root@localhost ~]# ansible 192.168.118.14 [-m command] -a 'w' # -m command可以省略就表示使用命名模塊192.168.118.14 | SUCCESS | rc=0 >>14:00:32 up 3:51, 2 users, load average: 0.00, 0.00, 0.00USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATroot pts/0 192.168.118.69 18:09 3:29 0.12s 0.12s -bashroot pts/1 192.168.118.13 14:00 0.00s 0.04s 0.00s /bin/sh -c LANG

??? raw模塊

?? ??? ?主要的用途是在command中添加管道符號(hào)

[root@localhost ~]# ansible 192.168.118.14 -m raw -a 'hostname | tee'192.168.118.14 | SUCCESS | rc=0 >>localhost.localdomain

??? get_url模塊

?? ??? ?目的：將http://192.168.118.14/1.png 下載到本地

[root@localhost ~]# ansible 192.168.118.14 -m get_url -a 'url=http://192.168.118.14/1.png dest=/tmp'192.168.118.14 | SUCCESS => {"changed": true, "checksum_dest": null, "checksum_src": "ba5cb18463ecfa13cdc0b611c9c10875275d883e", "dest": "/tmp/1.png", "gid": 0, "group": "root", "md5sum": "8c0df0b008eb5735dc955171d6d9dd73", "mode": "0644", "msg": "OK (14987 bytes)", "owner": "root", "size": 14987, "src": "/tmp/tmpY2lqHF", "state": "file", "uid": 0, "url": "http://192.168.118.14/1.png"}

??? synchronize模塊

?? ??? ?目的：將主空方目錄推送到指定節(jié)點(diǎn)/tmp目錄下

[root@localhost ~]# ansible 192.168.118.14 -m synchronize -a 'src=/root/test dest=/tmp/ compress=yes'192.168.118.14 | SUCCESS => {"changed": true, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no' --out-format='<<CHANGED>>%i %n%L' \"/root/test\" \"192.168.118.14:/tmp/\"", "msg": ".d..t...... test/\n<f+++++++++ test/abc\n", "rc": 0, "stdout_lines": [".d..t...... test/", "<f+++++++++ test/abc"]}

四、ansible playbooks

??? 4.1 http安裝：

- hosts: webvars:http_port: 80max_clients: 256remote_user: roottasks:- name: ensure apache is at the latest versionyum: name=httpd state=latest- name: ensure apache is runningservice: name=httpd state=started

??? 4.2 mysql安裝

- hosts: 192.168.118.14vars:remote_user: rootmax_clients: 256mysql_name: "mysql-server"tasks:- name: ensure install mysqlyum: name="{{mysql_name}}" state=present- name: ensure apache is runningservice: name=mysqld state=started

1. handlers
?? ?用于當(dāng)關(guān)注的資源發(fā)生變化時(shí)采取一定的操作.

?? ?“notify”這個(gè)action可用于在每個(gè)play的最后被觸發(fā)，這樣可以避免多次有改變發(fā)生時(shí)每次都執(zhí)行指定的操作，取而代之，僅在所有的變化發(fā)生完成后一次性地執(zhí)行指定操作。在notify中列出的操作稱(chēng)為handler，也即notify中調(diào)用handler中定義的操作。

1 - hosts: web2 remote_user: root3 tasks:4 - name: install apache5 yum: name=httpd6 - name: install config7 copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf8 notify:9 - restart httpd # 這觸發(fā) restart httpd 動(dòng)作10 - name: start httpd11 service: name=httpd state=started12 handlers:13 - name: restart httpd14 service: name=httpd state=restarted

??? 注意：測(cè)試使用ansible2.1版本，每執(zhí)行一次如上腳本，- name: start httpd都會(huì)執(zhí)行一次，因此可以不用使用handlers

2. 調(diào)用setup模塊中的變量

1 - hosts: web2 remote_user: root3 tasks:4 - name: copy file5 copy: content="{{ansible_all_ipv4_addresses}}" dest=/tmp/a.txt

3. when 條件判斷

1 - hosts: all2 remote_user: root3 vars:4 - username: test5 tasks:6 - name: create {{ username }} user.7 user: name={{ username }}8 when: ansible_fqdn == "localhost.localdomain" # 當(dāng)條件匹配到，才會(huì)創(chuàng)建test用戶(hù)

4. 使用with_items進(jìn)行迭代

1 - hosts: web2 remote_user: root3 tasks:4 - name: yum install packages5 yum: name={{ item.name }} state=present6 with_items:7 - { name: 'mysql-server' }8 - { name: 'vsftpd' }

5. template 使用

??? 使用場(chǎng)景： 當(dāng)多個(gè)服務(wù)修改的參數(shù)不一致時(shí)。

拷貝/etc/httpd/conf/httpd.conf到指定目錄，修改Listen使用變量
?? ??? ?Listen {{ http_port }}

在ansible hosts中定義變量
?? ??? ? 14 [web]
?? ??? ? 15 192.168.2.12 http_port=8000


劇本寫(xiě)法：
?? ??? ?? 8?? - name: install config
?? ??? ?? 9???? template: src=/root/temp/{{http_name}}.j2 dest=/etc/httpd/conf/httpd.conf ?? ?# 使用template模塊

[root@ansible ~]# cat httpd.yml - hosts: allremote_user: roottasks:- name: install httpyum: name=httpd state=present- name: copy filetemplate: src=/root/httpd.j2 dest=/etc/httpd/conf/httpd.conf notify:- restart httpd- name: restart httpdservice: name=httpd state=startedhandlers:- name: restart httpdservice: name=httpd state=restarted [web] 192.168.118.14 ansible_ssh_user=root ansible_ssh_pass=123456 ansible_ssh_port=22 http_port=8888 maxClients=50 [myhost] 192.168.118.49 ansible_ssh_user=root ansible_ssh_pass=123456 ansible_ssh_port=22 http_port=9999 maxClients=100

6. tag的使用
?? ?
?? ?使用場(chǎng)景：當(dāng)一個(gè)playbook只需要執(zhí)行某一個(gè)步驟的時(shí)候定義

劇本寫(xiě)法

9 template: src=/root/temp/{{http_name}}.j2 dest=/etc/httpd/conf/httpd.conf10 tags:11 - conf

7. roles的用法：

mkdir -pv ansible_playbooks/roles/web/{templates,files,vars,tasks,meta,handlers}cp -a /etc/httpd/conf/httpd.conf files/vim tasks/main.yml1 - name: install httpd2 yum: name=httpd3 - name: install configuration file4 copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf5 tags:6 - conf7 notify:8 - restart httpd9 - name: start httpd10 service: name=httpd state=startedvim handlers/main.yml1 - name: restart httpd2 service: name=httpd state=restarted[root@server1 ansible_playbooks]# lsroles site.yml[root@server1 ansible_playbooks]# vim site.yml1 - hosts: web2 remote_user: root3 roles:4 - web[root@server1 ansible_playbooks]ansible-playbook site.yml

轉(zhuǎn)載于:https://www.cnblogs.com/hukey/p/5660538.html

總結(jié)

以上是生活随笔為你收集整理的ansible 学习笔记的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。