ansible 学习笔记
一、基础知识:
1. 简介
ansible基于python开发,集合了众多运维工具的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。
真正具有批量部署的是ansible运行的模块,ansible只是一个框架
(1) 连接插件connection plugins: 负责和被监控端实现通信;
(2) host inventory: 指定操作的主机,是一个配置文件里面定义监控的主机
(3) 各种模块核心模块、command模块、自定义模块;
(4) 借助于插件完成记录日志邮件等功能;
(5) playbook: 剧本执行多个任务时,非必须可以让节点一次性运行多个任务。
2、特性:
(1) no agents: 不需要在被管理主机上安装任务agent
(2) no server: 无服务器端,使用时,直接运行命令即可
(3) modules in any languages: 基于模块工作,可使用任意语言开发模块
(4) yaml not code:使用yaml语言定制剧本playbook
(5) ssh by default:基于SSH工作
(6) strong multi-tier solution: 可实现多级指挥
3、优点:
(1) 轻量级,无需在客户端安装agent,更新时,只需要在操作机上进行一次更新即可;
(2) 批量任务可以写成脚本,而且不用分发到远程就可以执行
(3) 使用python编写,维护简单
(4) 支持sudo
二、ansible安装
1.1 rpm包安装
epel源:
[epel]name=Extra Packages for Enterprise Linux 6 - $basearchbaseurl=http://download.fedoraproject.org/pub/epel/6/$basearch#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearchfailovermethod=priorityenabled=1gpgcheck=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo]name=Extra Packages for Enterprise Linux 6 - $basearch - Debugbaseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearchfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6gpgcheck=0[epel-source]name=Extra Packages for Enterprise Linux 6 - $basearch - Sourcebaseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearchfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6gpgcheck=0[root@localhost ~]# yum install ansible -y
三、常用模块介绍
copy模块
目的:把主控本地文件拷贝到远程节点上
[root@localhost ~]# ansible 192.168.118.14 -m copy -a "src=/root/bigfile dest=/tmp"192.168.118.14 | SUCCESS => {"changed": true, "checksum": "8c206a1a87599f532ce68675536f0b1546900d7a", "dest": "/tmp/bigfile", "gid": 0, "group": "root", "md5sum": "f1c9645dbc14efddc7d8a322685f26eb", "mode": "0644", "owner": "root", "size": 10485760, "src": "/root/.ansible/tmp/ansible-tmp-1467946691.02-193284383894106/source", "state": "file", "uid": 0}
file模块
目的:更改指定节点上文件的权限、属主和属组
[root@localhost ~]# ansible 192.168.118.14 -m file -a "dest=/tmp/bigfile mode=777 owner=root group=root"192.168.118.14 | SUCCESS => {"changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/bigfile", "size": 10485760, "state": "file", "uid": 0}
cron模块
目的:在指定节点上定义一个计划任务,每三分钟执行一次。
[root@localhost ~]# ansible all -m cron -a 'name="Cron job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/bin/ntpdate tiger.sina.com.cn"'192.168.118.14 | SUCCESS => {"changed": true, "envs": [], "jobs": ["Cron job"]}192.168.118.13 | SUCCESS => {"changed": true, "envs": [], "jobs": ["Cron job"]}
group模块
目的:在远程节点上创建一个组名为ansible,gid为2016的组
[root@localhost ~]# ansible 192.168.118.14 -m group -a "name=ansible gid=2016"192.168.118.14 | SUCCESS => {"changed": true, "gid": 2016, "name": "ansible", "state": "present", "system": false}
user模块
目的:在指定节点上创建一个用户名为ansible,组为ansible的用户
[root@localhost ~]# ansible 192.168.118.14 -m user -a "name=ansible uid=2016 group=ansible state=present"192.168.118.14 | SUCCESS => {"changed": true, "comment": "", "createhome": true, "group": 2016, "home": "/home/ansible", "name": "ansible", "shell": "/bin/bash", "state": "present", "system": false, "uid": 2016}
删除远端节点用户,注意:删除远程用户,但是不会删除该用户的家目录
[root@localhost ~]# ansible 192.168.118.14 -m user -a "name=ansible state=absent"192.168.118.14 | SUCCESS => {"changed": true, "force": false, "name": "ansible", "remove": false, "state": "absent"}
yum 模块
目的:在远程节点安装vsftpd
[root@localhost ~]# ansible 192.168.118.14 -m yum -a 'name=vsftpd state=present'192.168.118.14 | SUCCESS => {"changed": true, "msg": "", "rc": 0, "results": ["Loaded plugins: fastestmirror\nSetting up Install Process\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:2.2.2-14.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n vsftpd x86_64 2.2.2-14.el6 yum 152 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 152 k\nInstalled size: 332 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\r Verifying : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\nInstalled:\n vsftpd.x86_64 0:2.2.2-14.el6 \n\nComplete!\n"]}
卸载写法:
[root@localhost ~]# ansible 192.168.118.14 -m yum -a 'name=vsftpd state=removed'192.168.118.14 | SUCCESS => {"changed": true, "msg": "", "rc": 0, "results": ["Loaded plugins: fastestmirror\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:2.2.2-14.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n vsftpd x86_64 2.2.2-14.el6 @yum 332 k\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 332 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\r Verifying : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\nRemoved:\n vsftpd.x86_64 0:2.2.2-14.el6 \n\nComplete!\n"]}
service模块
启动[root@localhost ~]# ansible 192.168.118.14 -m service -a 'name=vsftpd state=started enabled=yes'192.168.118.14 | SUCCESS => {"changed": true, "enabled": true, "name": "vsftpd", "state": "started"} 停止[root@localhost ~]# ansible 192.168.118.14 -m service -a 'name=vsftpd state=stopped enabled=yes'192.168.118.14 | SUCCESS => {"changed": true, "enabled": true, "name": "vsftpd", "state": "stopped"}
ping模块
[root@localhost ~]# ansible 192.168.118.14 -m ping192.168.118.14 | SUCCESS => {"changed": false, "ping": "pong"}
command模块
[root@localhost ~]# ansible 192.168.118.14 [-m command] -a 'w' # -m command可以省略就表示使用命名模块192.168.118.14 | SUCCESS | rc=0 >>14:00:32 up 3:51, 2 users, load average: 0.00, 0.00, 0.00USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATroot pts/0 192.168.118.69 18:09 3:29 0.12s 0.12s -bashroot pts/1 192.168.118.13 14:00 0.00s 0.04s 0.00s /bin/sh -c LANG
raw模块
主要的用途是在command中添加管道符号
[root@localhost ~]# ansible 192.168.118.14 -m raw -a 'hostname | tee'192.168.118.14 | SUCCESS | rc=0 >>localhost.localdomain
get_url模块
目的:将http://192.168.118.14/1.png 下载到本地
[root@localhost ~]# ansible 192.168.118.14 -m get_url -a 'url=http://192.168.118.14/1.png dest=/tmp'192.168.118.14 | SUCCESS => {"changed": true, "checksum_dest": null, "checksum_src": "ba5cb18463ecfa13cdc0b611c9c10875275d883e", "dest": "/tmp/1.png", "gid": 0, "group": "root", "md5sum": "8c0df0b008eb5735dc955171d6d9dd73", "mode": "0644", "msg": "OK (14987 bytes)", "owner": "root", "size": 14987, "src": "/tmp/tmpY2lqHF", "state": "file", "uid": 0, "url": "http://192.168.118.14/1.png"}
synchronize模块
目的:将主空方目录推送到指定节点/tmp目录下
[root@localhost ~]# ansible 192.168.118.14 -m synchronize -a 'src=/root/test dest=/tmp/ compress=yes'192.168.118.14 | SUCCESS => {"changed": true, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no' --out-format='<<CHANGED>>%i %n%L' \"/root/test\" \"192.168.118.14:/tmp/\"", "msg": ".d..t...... test/\n<f+++++++++ test/abc\n", "rc": 0, "stdout_lines": [".d..t...... test/", "<f+++++++++ test/abc"]}
四、ansible playbooks
4.1 http安装:
- hosts: webvars:http_port: 80max_clients: 256remote_user: roottasks:- name: ensure apache is at the latest versionyum: name=httpd state=latest- name: ensure apache is runningservice: name=httpd state=started
4.2 mysql安装
- hosts: 192.168.118.14vars:remote_user: rootmax_clients: 256mysql_name: "mysql-server"tasks:- name: ensure install mysqlyum: name="{{mysql_name}}" state=present- name: ensure apache is runningservice: name=mysqld state=started
1. handlers
用于当关注的资源发生变化时采取一定的操作.
“notify”这个action可用于在每个play的最后被触发,这样可以避免多次有改变发生时每次都执行指定的操作,取而代之,仅在所有的变化发生完成后一次性地执行指定操作。在notify中列出的操作称为handler,也即notify中调用handler中定义的操作。
1 - hosts: web2 remote_user: root3 tasks:4 - name: install apache5 yum: name=httpd6 - name: install config7 copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf8 notify:9 - restart httpd # 这触发 restart httpd 动作10 - name: start httpd11 service: name=httpd state=started12 handlers:13 - name: restart httpd14 service: name=httpd state=restarted
注意:测试使用ansible2.1版本,每执行一次如上脚本,- name: start httpd都会执行一次,因此可以不用使用handlers
2. 调用setup模块中的变量
1 - hosts: web2 remote_user: root3 tasks:4 - name: copy file5 copy: content="{{ansible_all_ipv4_addresses}}" dest=/tmp/a.txt
3. when 条件判断
1 - hosts: all2 remote_user: root3 vars:4 - username: test5 tasks:6 - name: create {{ username }} user.7 user: name={{ username }}8 when: ansible_fqdn == "localhost.localdomain" # 当条件匹配到,才会创建test用户
4. 使用with_items进行迭代
1 - hosts: web2 remote_user: root3 tasks:4 - name: yum install packages5 yum: name={{ item.name }} state=present6 with_items:7 - { name: 'mysql-server' }8 - { name: 'vsftpd' }
5. template 使用
使用场景: 当多个服务修改的参数不一致时。
拷贝/etc/httpd/conf/httpd.conf到指定目录,修改Listen使用变量
Listen {{ http_port }}
在ansible hosts中定义变量
14 [web]
15 192.168.2.12 http_port=8000
剧本写法:
8 - name: install config
9 template: src=/root/temp/{{http_name}}.j2 dest=/etc/httpd/conf/httpd.conf # 使用template模块
[root@ansible ~]# cat httpd.yml - hosts: allremote_user: roottasks:- name: install httpyum: name=httpd state=present- name: copy filetemplate: src=/root/httpd.j2 dest=/etc/httpd/conf/httpd.conf notify:- restart httpd- name: restart httpdservice: name=httpd state=startedhandlers:- name: restart httpdservice: name=httpd state=restarted
[web] 192.168.118.14 ansible_ssh_user=root ansible_ssh_pass=123456 ansible_ssh_port=22 http_port=8888 maxClients=50 [myhost] 192.168.118.49 ansible_ssh_user=root ansible_ssh_pass=123456 ansible_ssh_port=22 http_port=9999 maxClients=100
6. tag的使用
使用场景:当一个playbook只需要执行某一个步骤的时候定义
剧本写法
9 template: src=/root/temp/{{http_name}}.j2 dest=/etc/httpd/conf/httpd.conf10 tags:11 - conf
7. roles的用法:
mkdir -pv ansible_playbooks/roles/web/{templates,files,vars,tasks,meta,handlers}cp -a /etc/httpd/conf/httpd.conf files/vim tasks/main.yml1 - name: install httpd2 yum: name=httpd3 - name: install configuration file4 copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf5 tags:6 - conf7 notify:8 - restart httpd9 - name: start httpd10 service: name=httpd state=startedvim handlers/main.yml1 - name: restart httpd2 service: name=httpd state=restarted[root@server1 ansible_playbooks]# lsroles site.yml[root@server1 ansible_playbooks]# vim site.yml1 - hosts: web2 remote_user: root3 roles:4 - web[root@server1 ansible_playbooks]ansible-playbook site.yml
转载于:https://www.cnblogs.com/hukey/p/5660538.html
ansible 学习笔记相关推荐
- Linux红帽认证工程师(RHCE)考试笔记(Ansible学习笔记)
写在前面: 笔记是因为考红帽所以整理的,大都是老师的笔记,主要是常用模块整理,后面有些类似考试的实战题目,不是教程,教程建议大家到下面的学习网站,这篇博客适合温习用,层次有些乱,嘻嘻,生活加油,天天开 ...
- ansible学习笔记
ansible是基于模块化的,通过调用特定的模块,完成特定的任务 基于Python语言实现,由Paramiko.PyYAML和Jinja2三个关键模块实现 部署简单,agentless(无需部署客户端 ...
- Ansible 学习笔记(一)
1.ansible的基本命令格式 ansible <host-pattern> [options] #host 必选项,表示Inventory文件中指定的主机或者主机组,可 ...
- Ansible学习笔记——vault加密
这里写自定义目录标题 语法及常用操作 使用加密文件中的变量来创建用户 语法及常用操作 1. 创建文件:需要输入文件的密码 [student@workstation ~]$ ansible-vault ...
- ansible2.7学习笔记系列
写在前面:ansible的资料网上很多,本人也是参考网上资料,做总结,如有错误,麻烦指出,谢谢. 所谓学习笔记,就是不断成长的过程,也许一段时间后有更深入理解了,就会继续更新笔记. 笔记定位:目前写的 ...
- CCNP学习笔记(6)
一.交换机 1.二层交换 特性: ①基于MAC地址转发数据帧 ②硬件工作 ③处理数据效率高,数据传输延时低 ④转发广播 2.三层交换 特性: ①提供路由功能 ②提高安全性 ③流量管理 3.网络方案中交 ...
- Docker学习笔记 之 Docker安装配置使用
简介 Docker是一个开源的引擎,可以轻松的为任何应用创建一个轻量级的.可移植的.自给自足的容器.开发者在笔记本上编译测试通过的容器可以批量地在生产环境中部署,包括VMs(虚拟机).bare met ...
- Linux入门怎么学?262页linux学习笔记,零基础也能轻松入门
#种一棵树最好的时间是十年前,其次是现在 很多程序员一开始在学习上找不到方向,但我想在渡过了一段时间的新手期之后这类问题大多都会变得不再那么明显,工作的方向也会逐渐变得清晰起来. 但是没过多久,能了解 ...
- Reliable Cloud Infrastructure: Design and Process学习笔记
最后更新2022/03/16 忘记更新对应的学习笔记,补上.这一科有9节,加上0章简介 简介 google cloud的好多功能有点相似,这科内容是介绍应该选什么产品,怎么选择,怎么规划,怎么设计等等 ...
最新文章
- android5多窗口,教程 开启 Nexus5 Android M 的多窗口模式。
- C++中extern的使用
- 前端学习(751):Javascript作用域
- Centos7 安装docker和docker-compose
- UVALive - 6864 Strange Antennas 扫描线
- GPU Gems 1: Chapter 22. Color Controls
- Python新手学习基础之运算符——位运算
- Unity3D调用android方法(非插件方式)
- 多维度积分管理系统java_Java毕业设计——超市积分管理系统项目设计
- 代码回滚:Reset、Checkout、Revert的选择(转)
- 【“新智认知”杯上海大学联赛】D-CSL的字符串(贪心)
- refresh是什么?Spring refresh的12个步骤
- Python批量重命名图像
- QT quick中的登录界面(Rectangle,TextField文本框的使用)
- 嵌入式:ARM相关开发工具概述
- Blender建模笔记 | 大帅老猿threejs特训
- 计算机将文本朗读出来应用语音,你写我读_一边打字电脑将字朗读出来的软件 V1.2 最新免费版...
- c语言把char转化为string,浅析string 与char* char[]之间的转换
- 冒泡排序python和C语言
- 虚拟机防火墙如何关闭