ansible概述和运行机制
ansible概述
Ansible是一款为类Unix系统开发的自由开源的配置和自动化工具, 它用Python写成,类似于saltstack和Puppet,但是有一个不同和优点是我们不需要在节点中安装任何客户端 , 它使用SSH来和节点进行通信 Ansible基于 Python paramiko 开发,分布式,无需客户端,轻量级,配置语法使用 YMAL 及 Jinja2模板语言,更强的远程命令执行操作
官方网站 :https://www.ansible.com/
2015年10月,红帽(Red Hat)宣布收购软件开发公司 Ansible,消息称此次收购耗资逾 1亿美元,也有消息称接近 1.5亿美元
Ansible 成立于 2013年,总部设在北卡罗来纳州达勒姆,联合创始人 aïd Ziouani 和高级副总裁 Todd Barr 都是红帽的老员工 Ansible 旗下的开源软件 Ansible 十分流行 ,这家公司还提供 Tower 软件和咨询服务,这个款软件能使开发者轻松地建立和管理规模化应用程序的 IT 基础架构
ansiblle具有如下特点:
1、部署简单,只需在主控端部署Ansible环境,被控端无需做任何操作;
2、默认使用SSH协议对设备进行管理;
3、主从集中化管理;
4、配置简单、功能强大、扩展性强;
5、支持API及自定义模块,可通过Python轻松扩展;
6、通过Playbooks来定制强大的配置、状态管理
7、对云计算平台、大数据都有很好的支持;
Ansible 的组成由 5 个部分组成:
Ansible : ansible核心
Modules : 包括 Ansible 自带的核心模块及自定义模块
Plugins : 完成模块功能的补充,包括连接插件、邮件插件等
Playbooks : 剧本;定义 Ansible 多任务配置文件,由Ansible 自动执行
Inventory : 定义 Ansible 管理主机的清单
安装ansible服务
# 需要epel源 [root@Ansibel ~]# yum -y install ansible [root@Ansibel ~]# ansible --version ansible 2.6.3 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Jul 13 2018, 13:06:57) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
ansible命令参数
anisble命令语法: ansible [-i 主机文件] [-f 批次] [组名] [-m 模块名称] [-a 模块参数]
ansible详细参数:
-v,–verbose # 详细模式,如果命令执行成功,输出详细的结果 (-vv -vvv -vvvv)
-i PATH, -inventory=PATH # 指定 host 文件的路径,默认是在 /etc/ansible/hosts
-f NUM,-forks=NUM # NUM 是指定一个整数,默认是 5 ,指定 fork 开启同步进程的个数。
-m NAME,-module-name=NAME # 指定使用的 module 名称,默认使用 command模块
-a,MODULE_ARGS # 指定 module 模块的参数
-k,-ask-pass # 提示输入 ssh 的密码,而不是使用基于 ssh 的密钥认证
-s, sudo # 指定使用 sudo 获得 root 权限
-K,-ask-sudo-pass # 提示输入 sudo 密码,与 -sudo 一起使用
-u USERNAME,-user=USERNAME # 指定移动端的执行用户
-C,–check # 测试此命令执行会改变什么内容,不会真正的去执行
ansible-doc详细参数:
ansible-doc -l # 列出所有的模块列表
ansible-doc -s 模块名 # 查看指定模块的参数
定义主机清单
基于端口,用户,密码定义主机清单
ansible基于ssh连接-i (inventory)参数后指定的远程主机时,也可以写端口,用户,密码。
格式:ansible_ssh_port:指定ssh端口 ansible_ssh_user:指定 ssh 用户 ansible_ssh_pass:指定 ssh 用户登录是认证密码(明文密码不安全) ansible_sudo_pass:指明 sudo 时候的密码
/etc/ansible/hosts 文件维护着Ansible中服务器的清单
[root@Ansibel ~]# vim /etc/ansible/hosts [web-servers] # 主机组名 192.168.94.22 ansible_ssh_port=2222 ansible_ssh_user=damowang ansible_ssh_pass=475541270 ansible_ssh_pass=475541270 192.168.94.33 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=475541270 # 测试连通性 [root@Ansibel ~]# ansible -i /etc/ansible/hosts web-servers -m ping 192.168.94.33 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.94.22 | SUCCESS => { "changed": false, "ping": "pong" }
-i # 指定 host 文件的路径,默认是在 /etc/ansible/hosts 定义的主机清单写在该文件下 , 那么可以不加 -i
-m # 指定使用的ping模块
# 如果报错 那么可以手动ssh到报错主机 , 原因是需要建立一个fingerprint(指纹) 需要交互 手动输入yes即可
因为明文密码并不安全 , 所以可以生成秘钥对在对下面管理的节点批量分发公钥
生成和批量分发 这里就不再重述了 在 <轻量级集群管理软件-ClusterShell> 中有讲
这里直接修改主机清单文件 把配置项里的密码部分删除
[root@Ansibel ~]# vim /etc/ansible/hosts [web-servers] 192.168.94.22 ansible_ssh_port=2222 ansible_ssh_user=damowang 192.168.94.33 ansible_ssh_port=22 ansible_ssh_user=root [root@Ansibel ~]# ansible -m command -a whoami web-servers 192.168.94.22 | SUCCESS | rc=0 >> damowang 192.168.94.33 | SUCCESS | rc=0 >> root
为节点创建用户
[root@Ansibel ~]# ansible -m user -s -a 'name=mingming shell=/bin/bash home=/home/mingming state=present' web-servers 192.168.94.33 | SUCCESS => { "changed": true, "comment": "", "create_home": true, "group": 1000, "home": "/home/mingming", "name": "mingming", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1000 } 192.168.94.22 | SUCCESS => { "changed": true, "comment": "", "create_home": true, "group": 1001, "home": "/home/mingming", "name": "mingming", "shell": "/bin/bash", "state": "present", "system": false, "uid": 1001 }
为用户设置密码
安装 passlib 要求系统 python 版本在2.7以上
[root@Ansibel ~]# pip install passlib -bash: pip: 未找到命令 [root@Ansibel ~]# yum -y install python-pip [root@Ansibel ~]# pip install passlib 安装完 passlib 后,生成加密的密码 python 3.x 版本(sha512 加密算法): [root@Ansibel ~]# python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))' Password: $6$rounds=656000$G5MXmLZ0J0e1ppzM$V4MGqttDX9LFB5FJPbhV4vqIz0KIzTbrUkx05QLG1mdbDH0e.rVQveAGCVNXiulrkWO/42Z68DVaeNRN3q4oH. # 在Password 后输入我们的密码然后再按enter 键,就会生成经过加密的密码了 python 3.x 版本(普通加密算法): [root@Ansibel ~]# python -c 'import crypt; print (crypt.crypt("475541270","apple"))' apAM.814qQtJg
python 2.x 版本(sha512 加密算法): [root@Ansibel ~]# python -c 'from passlib.hash import sha512_crypt; import getpass; print (sha512_crypt.encrypt(getpass.getpass()))' Password: $6$rounds=656000$G5MXmLZ0J0e1ppzM$V4MGqttDX9LFB5FJPbhV4vqIz0KIzTbrUkx05QLG1mdbDH0e.rVQveAGCVNXiulrkWO/42Z68DVaeNRN3q4oH. python 2.x 版本(普通加密算法): [root@Ansibel ~]# python -c 'import crypt; print (crypt.crypt("475541270","apple"))' apAM.814qQtJg # 其实python3.x 和 python2.x 版本的区别不大,只是加密算法是用 sha512 还是用普通算法的区别而已
为新创建的用户设置密码
[root@Ansibel ~]# ansible -m user -s -a 'name=mingming password=apAM.814qQtJg update_password=always' web-servers 192.168.94.33 | SUCCESS => { "append": false, "changed": true, "comment": "", "group": 1000, "home": "/home/mingming", "move_home": false, "name": "mingming", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 1000 } 192.168.94.22 | SUCCESS => { "append": false, "changed": true, "comment": "", "group": 1001, "home": "/home/mingming", "move_home": false, "name": "mingming", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 1001 }
将df命令在所有节点执行后,重定向输出到本机的/tmp/command-output.txt文件中
[root@Ansibel ~]# ansible -m command -a 'df -Th' web-servers > /tmp/command-output.txt [root@Ansibel ~]# cat /tmp/command-output.txt 192.168.94.33 | SUCCESS | rc=0 >> 文件系统 类型 容量 已用 可用 已用% 挂载点 /dev/mapper/centos-root xfs 17G 2.4G 15G 14% / devtmpfs devtmpfs 476M 0 476M 0% /dev tmpfs tmpfs 488M 0 488M 0% /dev/shm tmpfs tmpfs 488M 7.7M 480M 2% /run tmpfs tmpfs 488M 0 488M 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 130M 885M 13% /boot tmpfs tmpfs 98M 0 98M 0% /run/user/0 192.168.94.22 | SUCCESS | rc=0 >> 文件系统 类型 容量 已用 可用 已用% 挂载点 /dev/mapper/centos-root xfs 17G 2.4G 15G 14% / devtmpfs devtmpfs 476M 0 476M 0% /dev tmpfs tmpfs 488M 0 488M 0% /dev/shm tmpfs tmpfs 488M 7.8M 480M 2% /run tmpfs tmpfs 488M 0 488M 0% /sys/fs/cgroup /dev/sda1 xfs 1014M 130M 885M 13% /boot tmpfs tmpfs 98M 0 98M 0% /run/user/0 tmpfs tmpfs 98M 0 98M 0% /run/user/1000
ansible常见模块高级使用方法
3个远程命令模块的区别
(1)、command模块为ansible默认模块,不指定-m参数时,使用的就是command模块; comand模块比较简单,常见的命令都可以使用,但其命令的执行不是通过shell执行的,所以,像这些 "<", ">", "|", and "&"操作都不可以,当然,也就不支持管道; 缺点:不支持管道,没法批量执行命令;
(2)、shell模块:使用shell模块,在远程命令通过/bin/sh来执行;所以,我们在终端输入的各种命令方式,都可以使用
(3)、scripts模块 :如果在远程待执行的语句比较多,可写成一个脚本,通过copy模块传到远端,然后再执行;但这样就又涉及到两次ansible调用;对于这种需求,ansible已经为我们考虑到了,script模块就是干这事的;
使用scripts模块可以在本地写一个脚本,在远程服务器上执行:
[root@Ansibel ~]# vim /etc/ansible/test.sh #!/bin/bash date hostname [root@Ansibel ~]# ansible -m script -a '/etc/ansible/test.sh' web-servers 192.168.94.33 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 192.168.94.33 closed. ", "stderr_lines": [ "Shared connection to 192.168.94.33 closed." ], "stdout": "2018年 09月 09日 星期日 00:15:44 CST host2 ", "stdout_lines": [ "2018年 09月 09日 星期日 00:15:44 CST", "host2" ] } 192.168.94.22 | SUCCESS => { "changed": true, "rc": 0, "stderr": "Shared connection to 192.168.94.22 closed. ", "stderr_lines": [ "Shared connection to 192.168.94.22 closed." ], "stdout": "2018年 09月 09日 星期日 00:15:44 CST host1 ", "stdout_lines": [ "2018年 09月 09日 星期日 00:15:44 CST", "host1" ] }
copy模块:实现主控端向目标主机拷贝文件,类似scp功能
[root@Ansibel ~]# ansible -m copy -s -a 'src=/etc/hosts dest=/tmp owner=root group=root mode=755' web-servers 192.168.94.33 | SUCCESS => { "changed": true, "checksum": "bf651d9270aa5d2f73e1987c1bba58b3a7732e30", "dest": "/tmp/hosts", "gid": 0, "group": "root", "md5sum": "da3395b279a7cd7a1187ae82acb24b2d", "mode": "0755", "owner": "root", "size": 225, "src": "/root/.ansible/tmp/ansible-tmp-1536423509.88-40213567242184/source", "state": "file", "uid": 0 } 192.168.94.22 | SUCCESS => { "changed": true, "checksum": "bf651d9270aa5d2f73e1987c1bba58b3a7732e30", "dest": "/tmp/hosts", "gid": 0, "group": "root", "md5sum": "da3395b279a7cd7a1187ae82acb24b2d", "mode": "0755", "owner": "root", "size": 225, "src": "/home/damowang/.ansible/tmp/ansible-tmp-1536423509.88-138418725080513/source", "state": "file", "uid": 0 } [root@Ansibel ~]# ansible -a 'ls -l /tmp/hosts' web-servers 192.168.94.33 | SUCCESS | rc=0 >> -rwxr-xr-x 1 root root 225 9月 9 00:18 /tmp/hosts 192.168.94.22 | SUCCESS | rc=0 >> -rwxr-xr-x 1 root root 225 9月 9 00:18 /tmp/hosts
file模块设置文件属性
[root@Ansibel ~]# ansible -m file -s -a 'path=/tmp/hosts mode=777' web-servers 192.168.94.33 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/hosts", "size": 225, "state": "file", "uid": 0 } 192.168.94.22 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/hosts", "size": 225, "state": "file", "uid": 0 } [root@Ansibel ~]# ansible -a 'ls -l /tmp/hosts' web-servers 192.168.94.33 | SUCCESS | rc=0 >> -rwxrwxrwx 1 root root 225 9月 9 00:18 /tmp/hosts 192.168.94.22 | SUCCESS | rc=0 >> -rwxrwxrwx 1 root root 225 9月 9 00:18 /tmp/hosts
stat模块获取远程文件信息
[root@Ansibel ~]# ansible -m stat -a 'path=/tmp/hosts' web-servers 192.168.94.33 | SUCCESS => { "changed": false, "stat": { "atime": 1536423510.9210756, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bf651d9270aa5d2f73e1987c1bba58b3a7732e30", "ctime": 1536423695.9194686, "dev": 64768, "device_type": 0, "executable": true, "exists": true, "gid": 0, "gr_name": "root", "inode": 17913070, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0777", "mtime": 1536423510.5610728, "nlink": 1, "path": "/tmp/hosts", "pw_name": "root", "readable": true, "rgrp": true, "roth": true, "rusr": true, "size": 225, "uid": 0, "version": "18446744072814493691", "wgrp": true, "woth": true, "writeable": true, "wusr": true, "xgrp": true, "xoth": true, "xusr": true } } 192.168.94.22 | SUCCESS => { "changed": false, "stat": { "atime": 1536423510.943854, "attr_flags": "", "attributes": [], "block_size": 4096, "blocks": 8, "charset": "us-ascii", "checksum": "bf651d9270aa5d2f73e1987c1bba58b3a7732e30", "ctime": 1536423695.9422553, "dev": 64768, "device_type": 0, "executable": true, "exists": true, "gid": 0, "gr_name": "root", "inode": 17916998, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mimetype": "text/plain", "mode": "0777", "mtime": 1536423510.5838513, "nlink": 1, "path": "/tmp/hosts", "pw_name": "root", "readable": true, "rgrp": true, "roth": true, "rusr": true, "size": 225, "uid": 0, "version": "439688826", "wgrp": true, "woth": true, "writeable": true, "wusr": true, "xgrp": true, "xoth": true, "xusr": true } }
get_url模块实现远程主机下载指定url到本地,支持sha256sum文件校验
[root@Ansibel ~]# ansible -m get_url -a 'url=https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm dest=/tmp mode=0440 force=yes' web-servers 192.168.94.33 | SUCCESS => { "changed": true, "checksum_dest": null, "checksum_src": "5512b80e5b71f2370d8419fa16a0bc14c5edf854", "dest": "/tmp/epel-release-latest-7.noarch.rpm", "gid": 0, "group": "root", "md5sum": "d512508b8629428e7c3f535cc8012680", "mode": "0440", "msg": "OK (15080 bytes)", "owner": "root", "size": 15080, "src": "/root/.ansible/tmp/ansible-tmp-1536424011.27-144130983589743/tmpJs0QN9", "state": "file", "status_code": 200, "uid": 0, "url": "https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm" } 192.168.94.22 | SUCCESS => { "changed": true, "checksum_dest": null, "checksum_src": "5512b80e5b71f2370d8419fa16a0bc14c5edf854", "dest": "/tmp/epel-release-latest-7.noarch.rpm", "gid": 1000, "group": "damowang", "md5sum": "d512508b8629428e7c3f535cc8012680", "mode": "0440", "msg": "OK (15080 bytes)", "owner": "damowang", "size": 15080, "src": "/home/damowang/.ansible/tmp/ansible-tmp-1536424011.25-163292980253597/tmpvx9BOK", "state": "file", "status_code": 200, "uid": 1000, "url": "https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm" }
# force=yes,当下载文件时,如果所下的内容和原目录下的文件内容不一样,则替换原文件,如果一样,就不下载了
如果为“否”,则仅在目标不存在时才下载文件
一般来说,只有小型本地文件才应该为“是”
在0.6之前,该模块默认为“是”
url=https://xxx 的等号=前后不能有空格
yum模块linux平台软件包管理
yum模块可以提供的status状态: latest ,present,installed 都是表示安装
removed, absent 表示卸载
为下面节点安装apache
ansible -m yum -s -a 'name=httpd state=latest' web-servers 192.168.94.33 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-80.el7.centos.1 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd x86_64 2.4.6-80.el7.centos.1 updates 2.7 M Transaction Summary ================================================================================ Install 1 Package Total download size: 2.7 M Installed size: 9.4 M Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : httpd-2.4.6-80.el7.centos.1.x86_64 1/1 Verifying : httpd-2.4.6-80.el7.centos.1.x86_64 1/1 Installed: httpd.x86_64 0:2.4.6-80.el7.centos.1 Complete! " ] } 192.168.94.22 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.4.6-80.el7.centos will be updated ---> Package httpd.x86_64 0:2.4.6-80.el7.centos.1 will be an update --> Processing Dependency: httpd-tools = 2.4.6-80.el7.centos.1 for package: httpd-2.4.6-80.el7.centos.1.x86_64 --> Running transaction check ---> Package httpd-tools.x86_64 0:2.4.6-80.el7.centos will be updated ---> Package httpd-tools.x86_64 0:2.4.6-80.el7.centos.1 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: httpd x86_64 2.4.6-80.el7.centos.1 updates 2.7 M Updating for dependencies: httpd-tools x86_64 2.4.6-80.el7.centos.1 updates 90 k Transaction Summary ================================================================================ Upgrade 1 Package (+1 Dependent package) Total download size: 2.8 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. -------------------------------------------------------------------------------- Total 5.6 MB/s | 2.8 MB 00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : httpd-tools-2.4.6-80.el7.centos.1.x86_64 1/4 Updating : httpd-2.4.6-80.el7.centos.1.x86_64 2/4 Cleanup : httpd-2.4.6-80.el7.centos.x86_64 3/4 Cleanup : httpd-tools-2.4.6-80.el7.centos.x86_64 4/4 Verifying : httpd-tools-2.4.6-80.el7.centos.1.x86_64 1/4 Verifying : httpd-2.4.6-80.el7.centos.1.x86_64 2/4 Verifying : httpd-tools-2.4.6-80.el7.centos.x86_64 3/4 Verifying : httpd-2.4.6-80.el7.centos.x86_64 4/4 Updated: httpd.x86_64 0:2.4.6-80.el7.centos.1 Dependency Updated: httpd-tools.x86_64 0:2.4.6-80.el7.centos.1 Complete! " ] }
cron模块远程主机crontab配置
[root@Ansible ~]# ansible -m cron -s -a "name='My Wifi' minute='*/1' job='cat /root/mingming>/var/www/html/index.html'" web-servers 192.168.94.33 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "My Wifi" ] } 192.168.94.22 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "My Wifi" ] } [root@Ansible ~]# ansible -m shell -s -a 'crontab -l' web-servers 192.168.94.33 | SUCCESS | rc=0 >> #Ansible: My Wifi */1 * * * * cat /root/mingming>/var/www/html/index.html 192.168.94.22 | SUCCESS | rc=0 >> #Ansible: My Wifi */1 * * * * cat /root/mingming>/var/www/html/index.html
service模块远程主机系统服务管理(CentOS7 中为systemd模块 用法基本一样)
service模块常用参数:
(1)name参数:此参数用于指定需要操作的服务名称,比如 nginx,httpd
(2)state参数:此参数用于指定服务的状态,比如,我们想要启动远程主机中的httpd,则可以将 state 的值设置为 started;如果想要停止远程主机中的服务,则可以将 state 的值设置为 stopped
此参数的可用值有 started、stopped、restarted(重启)、reloaded
enabled参数:此参数用于指定是否将服务设置为开机 启动项,设置为 yes 表示将对应服务设置为开机启动,设置为 no 表示不会开机启动
想使用service模块启动服务,被启动的服务,必须可以使用service 命令启动或关闭
[root@Ansible ~]# ansible -m systemd -s -a 'name=httpd state=started' web-servers 192.168.94.33 | SUCCESS => { "changed": true, "name": "httpd", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "-.mount basic.target network.target tmp.mount remote-fs.target system.slice systemd-journald.socket nss-lookup.target", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "The Apache HTTP Server", "DevicePolicy": "auto", "Documentation": "man:httpd(8) man:apachectl(8)", "EnvironmentFile": "/etc/sysconfig/httpd (ignore_errors=no)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/httpd.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "httpd.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "18", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "3802", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "3802", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "0", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "httpd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "yes", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "-.mount basic.target", "RequiresMountsFor": "/var/tmp", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "notify", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "Wants": "system.slice", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } } 192.168.94.22 | SUCCESS => { "changed": true, "name": "httpd", "state": "started", "status": { "ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket nss-lookup.target network.target basic.target tmp.mount remote-fs.target system.slice -.mount", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "The Apache HTTP Server", "DevicePolicy": "auto", "Documentation": "man:httpd(8) man:apachectl(8)", "EnvironmentFile": "/etc/sysconfig/httpd (ignore_errors=no)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/httpd.service", "GuessMainPID": "yes", "IOScheduling": "0", "Id": "httpd.service", "IgnoreOnIsolate": "no", "IgnoreOnSnapshot": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobTimeoutAction": "none", "JobTimeoutUSec": "0", "KillMode": "control-group", "KillSignal": "18", "LimitAS": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCPU": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMSGQUEUE": "819200", "LimitNICE": "0", "LimitNOFILE": "4096", "LimitNPROC": "3802", "LimitRSS": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTTIME": "18446744073709551615", "LimitSIGPENDING": "3802", "LimitSTACK": "18446744073709551615", "LoadState": "loaded", "MainPID": "0", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "Names": "httpd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "main", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "yes", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "-.mount basic.target", "RequiresMountsFor": "/var/tmp", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "notify", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "Wants": "system.slice", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0" } }
访问节点web页面
sysctl模块远程主机sysctl配置
# 开启路由转发功能 [root@Ansible ~]# ansible -m sysctl -s -a 'name=net.ipv4.ip_forward value=1 reload=yes' web-servers 192.168.94.33 | SUCCESS => { "changed": true } 192.168.94.22 | SUCCESS => { "changed": true } [root@Ansible ~]# ansible -m shell -a "cat /proc/sys/net/ipv4/ip_forward" web-servers 192.168.94.33 | SUCCESS | rc=0 >> 1 192.168.94.22 | SUCCESS | rc=0 >> 1
Playbook是一个不同于使用ansible命令行执行方式的模式,功能更强大更灵活
playbooks使用步骤:
1、在playbooks 中定义任务:
- name: task description #任务描述信息
module_name: module_args #需要使用的模块名字: 模块参数
2、ansible-playbook 执行 命令:
[root@Ansible ~]# ansible-playbook LAMP.yml
playbook是由一个或多个"play"组成的列表
play的主要功能在于将事先归为一组的主机装扮成事先通过ansible中的task定义好的角色
github上提供了大量的实例供大家参考 https://github.com/ansible/ansible-examples
使用Playbook批量部署多台LAMP环境
Playbook常用文件夹作用:
files:存放需要同步到异地服务器的源码文件及配置文件;
handlers:当服务的配置文件发生变化时需要进行的操作,比如:重启服务,重新加载配置文件;
meta:角色定义,可留空;
tasks:需要进行的执行的任务;
templates:用于执行lamp安装的模板文件,一般为脚本;
vars:本次安装定义的变量
我们可以在ansible服务器上安装LAMP环境,然后,再将配置文件通过ansible拷贝到远程主机上
[root@Ansible ~]# yum -y install httpd mariadb mariadb-server php php-mysql [root@Ansible ~]# mkdir -p /mydata/data [root@Ansible ~]# chown -R mysql:mysql /mydata/ [root@Ansible ~]# vim /etc/my.cnf # 修改为 datadir=/mydata/data [root@Ansible ~]# systemctl start mariadb [root@Ansible ~]# echo "<?php phpinfo(); ?>" > /var/www/html/index.php [root@Ansible ~]# systemctl start httpd
访问测试页面 确认MySQL已经被整合进来再进行下一步
使用playbook创建一个LAMP构建的任务
创建相关文件
[root@Ansible ~]# mkdir -pv /etc/ansible/lamp/roles/{prepare,httpd,mysql,php}/{tasks,files,templates,vars,meta,default,handlers} mkdir: 已创建目录 "/etc/ansible/lamp" mkdir: 已创建目录 "/etc/ansible/lamp/roles" mkdir: 已创建目录 "/etc/ansible/lamp/roles/prepare" mkdir: 已创建目录 "/etc/ansible/lamp/roles/prepare/tasks" mkdir: 已创建目录 "/etc/ansible/lamp/roles/prepare/files" mkdir: 已创建目录 "/etc/ansible/lamp/roles/prepare/templates" mkdir: 已创建目录 "/etc/ansible/lamp/roles/prepare/vars" mkdir: 已创建目录 "/etc/ansible/lamp/roles/prepare/meta" mkdir: 已创建目录 "/etc/ansible/lamp/roles/prepare/default" mkdir: 已创建目录 "/etc/ansible/lamp/roles/prepare/handlers" mkdir: 已创建目录 "/etc/ansible/lamp/roles/httpd" mkdir: 已创建目录 "/etc/ansible/lamp/roles/httpd/tasks" mkdir: 已创建目录 "/etc/ansible/lamp/roles/httpd/files" mkdir: 已创建目录 "/etc/ansible/lamp/roles/httpd/templates" mkdir: 已创建目录 "/etc/ansible/lamp/roles/httpd/vars" mkdir: 已创建目录 "/etc/ansible/lamp/roles/httpd/meta" mkdir: 已创建目录 "/etc/ansible/lamp/roles/httpd/default" mkdir: 已创建目录 "/etc/ansible/lamp/roles/httpd/handlers" mkdir: 已创建目录 "/etc/ansible/lamp/roles/mysql" mkdir: 已创建目录 "/etc/ansible/lamp/roles/mysql/tasks" mkdir: 已创建目录 "/etc/ansible/lamp/roles/mysql/files" mkdir: 已创建目录 "/etc/ansible/lamp/roles/mysql/templates" mkdir: 已创建目录 "/etc/ansible/lamp/roles/mysql/vars" mkdir: 已创建目录 "/etc/ansible/lamp/roles/mysql/meta" mkdir: 已创建目录 "/etc/ansible/lamp/roles/mysql/default" mkdir: 已创建目录 "/etc/ansible/lamp/roles/mysql/handlers" mkdir: 已创建目录 "/etc/ansible/lamp/roles/php" mkdir: 已创建目录 "/etc/ansible/lamp/roles/php/tasks" mkdir: 已创建目录 "/etc/ansible/lamp/roles/php/files" mkdir: 已创建目录 "/etc/ansible/lamp/roles/php/templates" mkdir: 已创建目录 "/etc/ansible/lamp/roles/php/vars" mkdir: 已创建目录 "/etc/ansible/lamp/roles/php/meta" mkdir: 已创建目录 "/etc/ansible/lamp/roles/php/default" mkdir: 已创建目录 "/etc/ansible/lamp/roles/php/handlers"
我们将上面搭建成功的LAMP环境的httpd和MySQL的配置文件拷贝到对应目录下
[root@Ansible ~]# cd /etc/ansible/ [root@Ansible ansible]# cp /etc/httpd/conf/httpd.conf lamp/roles/httpd/files/ [root@Ansible ansible]# cp /etc/my.cnf lamp/roles/mysql/files/
写prepare(前期准备)角色的playbooks
[root@Ansible ansible]# vim lamp/roles/prepare/tasks/main.yml - name: delete yum config shell: rm -rf /etc/yum.repos.d/* #删除原有的yum配置文件 - name: provide yumrepo file shell: wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #下载新的yum配置文件 - name: clean the yum repo shell: yum clean all #清除原有的yum缓存信息 - name: clean the iptables shell: iptables -F #清除原有防火墙规则,不然后可能上不了网
构建httpd的任务
[root@Ansible ansible]# cd /etc/ansible/lamp/roles [root@Ansible roles]# mv /var/www/html/index.php httpd/files/ [root@Ansible roles]# vim httpd/tasks/main.yml - name: web server install yum: name=httpd state=present #安装httpd服务 - name: provide test page copy: src=index.php dest=/var/www/html #提供测试页 - name: delete apache config shell: rm -rf /etc/httpd/conf/httpd.conf #删除原有的apache配置文件,如果不删除,下面的copy任务是不会执行的,因为当源文件httpd.conf和目标文件一样时,copy命令是不执行的。如果copy命令不执行,那么notify将不调用handler - name: provide configuration file copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf #提供httpd的配置文件 notify: restart httpd #当前面的copy复制成功后,通过notify通知名字为restart httpd的handlers运行。
notify: 这个action可用于在每个play的最后被触发,这样可以避免多次有改变发生时,每次都执行指定的操作,取而代之,仅在所有的变化发生完成后一次性地执行指定操作
在notify中列出的操作称为handler,也即notify中调用handler中定义的操作
---- name: test.yml just for test
hosts: testserver
vars:
region: ap-southeast-1
tasks:
- name: template configuration
file template: src=template.j2 dest=/etc/foo.conf
notify:
- restart memcached
- restart apache
handlers:
- name: restart memcached
service: name=memcached state=restarted
- name: restart apache
service: name=apache state=restarted
handlers概述:
Handlers 也是一些 task 的列表,通过名字来引用,它们和一般的 task 并没有什么区别
Handlers 是由通知者进行notify, 如果没有被 notify,handlers 不会执行
不管有多少个通知者进行了notify,等到 play 中的所有 task 执行完成之后,handlers 也只会被执行一次
Handlers 最佳的应用场景是用来重启服务,或者触发系统重启操作.除此以外很少用到了
构建httpd的handlers
[root@Ansible roles]# vim httpd/handlers/main.yml - name: restart httpd service: name=httpd enabled=yes state=restarted
部署mariadb数据库
创建MySQL服务的任务,需要安装MySQL服务,改变属主信息,启动MySQL
[root@Ansible roles]# cd /etc/ansible/lamp/roles [root@Ansible roles]# vim mysql/tasks/main.yml - name: install the mysql yum: name=mariadb-server state=present #安装mysql服务 - name: mkdir date directory shell: mkdir -p /mydata/data #创建挂载点目录 - name: provide configration file copy: src=my.cnf dest=/etc/my.cnf #提供mysql的配置文件 - name: chage the owner shell: chown -R mysql:mysql /mydata/* #更改属主和属组 - name: start mariadb service: name=mariadb enabled=yes state=started #启动mysql服务
构建PHP的任务
[root@Ansible roles]# vim php/tasks/main.yml - name: install php yum: name=php state=present #安装php - name: install php-mysql yum: name=php-mysql state=present #安装php与mysql交互的插件
定义整个的任务
[root@Ansible roles]# cd /etc/ansible/lamp/roles [root@Ansible roles]# vim site.yml - name: LAMP build remote_user: root hosts: web-servers roles: - prepare - mysql - php - httpd
所有yml的配置文件中,空格必须严格对齐
开始部署
[root@Ansible roles]# ansible-playbook -s /etc/ansible/lamp/roles/site.yml
在浏览器中访问这两台节点主机 IP/index.php
特别注意 : 默认情况下,首次登陆一台服务器,系统会提示是否要记住对端的指纹,用ansible也会这样,这样会导致需要手工输入yes或no,ansible 才可以往下执行。如需避免这种情况,需要在 /etc/ansible/ansible.cfg 文件中设置 host_key_checking = False