zoukankan      html  css  js  c++  java
  • Ansible基础

    Ansible基础

    一、Ansible简介

    批量管理服务器的工具 
    无需部署agent,通过ssh进行管理 
    流行的自动化运维工具:https://github.com/ansible/ansible

    二、jenkins简介

    可视化运维(主要用在可视化部署) 
    持续构建,可以和gitsvn结合 
    可结合ssh实现可视化运维 
    可结合ansible实现可视化运维

    三、环境说明

    Centos7.3yum -y install net-tools vim 
    关闭防火墙(systemctl stop firewalldsystemctl disable firewalld 
    关闭selinux

    四、Python3与Ansible的安装

    使用源码安装Python3.5

    安装支持包

    yum -y install lrzsz vim net-tools gcc gcc-c++ ncurses ncurses-devel unzip zlib-devel zlib openssl-devel openssl libffi-devel epel-release libselinux-python

    源码编译Python3.5

    tar xf Python-3.5.2.tgz -C /usr/src/
    cd /usr/src/Python-3.5.2/
    ./configure --prefix=/usr/local/python/
    make && make install
    ln -s /usr/local/python/bin/python3 /usr/bin/python3
    which python3
    python3 -V

    使用pip3安装Ansible

    安装Ansible最新版本

    /usr/local/python/bin/pip3 install ansible

    安装完毕后

    ln -s /usr/local/python/bin/ansible /usr/local/bin/
    which ansible
    ansible --version

    Ansible查看帮助

    /usr/local/python/bin/ansible-doc -l 查看总帮助

    /usr/local/python/bin/ansible-doc -s shell 查看shell模块的帮助

    /usr/local/python/bin/ansible-doc -s raw

    五、使用公私钥实现ssh无密码登录

    ansible是无agent的,无agent是怎么批量管理服务器的?主要是借用ssh来批量管理服务器。 
    ssh默认登陆是需要密码的,所以管理起来比较麻烦,这节课主要是介绍ssh的无密码登陆。 
    ssh无密码登陆实现以后,使用ansible批量管理服务器就变得简单了。

    生成秘钥对

    ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ""

    分发秘钥

    sshpass -p "123123" ssh-copy-id -i ~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 192.168.200.55

    进行免密码登录测试==>ssh 192.168.200.55

    使用hostname -I查看当前IP地址看是否登录成功

    六、Ansible的简单配置和ping模块

    1、ansible的配置文件

    通过pip安装的ansible是没有配置文件的。我们需要创建一个

    1. [root@ansible python]# mkdir -p /etc/ansible
    2. [root@ansible python]# vim /etc/ansible/hosts
    3. [root@ansible python]# cat /etc/ansible/hosts   #ansible主机管理配置文件
    4. [nginx]         #被管理的主机组名称
    5. webA ansible_ssh_host=192.168.200.132 ansible_ssh_port=22 ansible_ssh_user=root #第一台主机
    6. webB ansible_ssh_host=192.168.200.138 ansible_ssh_port=22 ansible_ssh_user=root  ansible_ssh_pass=666666    #第二台主机
    7. 特别提示:
    8. WebA  ===> 主机名
    9. ansible_ssh_host ===>主机IP
    10. ansible_ssh_port ===>ssh的默认端口
    11. ansible_ssh_user ===>ssh的用户名
    12. ansible_ssh_pass ===>ssh的用户的连接密码

    如果我们已经设置了ssh免密钥了。那么就不需要写密码了。例如:webA 
    我们要是没有设置免密钥,那么就需要安装sshpass工具,并在/etc/ansible/hosts文件里写上主机的连接密码。例如webB

    下载epel源安装sshpass

    wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
    yum -y install sshpass
    which sshpass

    2、进行Ansible远程执行命令测试

    语法:

    ansible all -m command -a 'uptime' 
    ansible 主机组 -m ansible内置功能模块名 -a 命令

    进行命令测试:

    1. #进行ping模块的连接测试
    2. [root@ansible python]# ansible nginx -m ping
    3. webB | FAILED! => {         #我们发现webB还是没链接成功,这是因为本机的known_hosts文件还没有记录对方主机的信息。
    4. "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."
    5. }
    6. webA | SUCCESS => {         #webA成功
    7. "changed": false,
    8. "ping": "pong"
    9. }

    想要解决known_hosts的问题,只需要修改ssh的配置文件/etc/ssh/ssh_config即可

    1. #修改ssh配置文件
    2. [root@ansible .ssh]# sed -n '35p' /etc/ssh/ssh_config
    3. #   StrictHostKeyChecking ask
    4. [root@ansible .ssh]# vim /etc/ssh/ssh_config
    5. [root@ansible .ssh]# sed -n '35p' /etc/ssh/ssh_config
    6. StrictHostKeyChecking no     #去掉注释,修改成这样
    7. #重启ssh服务
    8. [root@ansible .ssh]# systemctl reload sshd.service
    9. #再次进行ansible连接测试
    10. [root@ansible .ssh]# ansible nginx -m ping
    11. webA | SUCCESS => {
    12. "changed": false,
    13. "ping": "pong"
    14. }
    15. webB | SUCCESS => {
    16. "changed": false,
    17. "ping": "pong"
    18. }

    3、Ansible的简单使用方法

    ansible -i /etc/ansible/hosts 主机或主机组 -m 指定模块 -a 命令

    不用-i指定配置文件默认为/etc/ansible/hosts

    4、使用ping模块用来查看服务器是否连接正常,ping模块不需要-a指定参数

    ansible all -m ping
    1. #操作测试
    2. [root@ansible .ssh]# ansible webA -m ping
    3. webA | SUCCESS => {
    4. "changed": false,
    5. "ping": "pong"
    6. }
    7. [root@ansible .ssh]# ansible all -m ping
    8. webA | SUCCESS => {
    9. "changed": false,
    10. "ping": "pong"
    11. }
    12. webB | SUCCESS => {
    13. "changed": false,
    14. "ping": "pong"
    15. }
    16. [root@ansible .ssh]# ansible webA:webB -m ping
    17. webA | SUCCESS => {
    18. "changed": false,
    19. "ping": "pong"
    20. }
    21. webB | SUCCESS => {
    22. "changed": false,
    23. "ping": "pong"
    24. }

    七、Ansible的三个命令模块

    1、Ansible模块command(不支持管道,不建议使用)

    1. #command支持直接回显命令的执行结果
    2. [root@ansible ~]# ansible all -m command -a "pwd"
    3. webA | SUCCESS | rc=0 >>
    4. /root
    5. webB | SUCCESS | rc=0 >>
    6. /root
    7. #command模块不支持管道符操作
    8. [root@ansible ~]# ansible all -m command -a "echo test | grep t"
    9. webA | SUCCESS | rc=0 >>
    10. test | grep t
    11. webB | SUCCESS | rc=0 >>
    12. test | grep t
    13. #command模块不支持重定向操作
    14. [root@ansible ~]# ansible all -m command -a "echo bb >> /tmp/testansible"
    15. webA | SUCCESS | rc=0 >>
    16. bb >> /tmp/testansible
    17. webB | SUCCESS | rc=0 >>
    18. bb >> /tmp/testansible

    2、Ansible模块shell(支持管道,支持重定向)

    1. #shell模块支持管道符
    2. [root@ansible ~]# ansible all -m shell -a "echo testansible | grep a"
    3. webA | SUCCESS | rc=0 >>
    4. testansible
    5. webB | SUCCESS | rc=0 >>
    6. testansible
    7. #shell支持重定向
    8. [root@ansible ~]# ansible all -m shell -a "echo bb >> /tmp/testansible"
    9. webA | SUCCESS | rc=0 >>
    10. webB | SUCCESS | rc=0 >>
    11. #如果遇到特殊符号需要加入转义,这样子ansible才能正常运行
    12. [root@ansible ~]# ansible all -m shell -a "cat /etc/passwd | awk -F":" '{print $1}'"
    13. webB | SUCCESS | rc=0 >>
    14. root
    15. bin
    16. daemon
    17. adm
    18. lp
    19. sync
    20. shutdown
    21. halt
    22. mail
    23. operator
    24. games
    25. ftp
    26. nobody
    27. systemd-bus-proxy
    28. systemd-network
    29. dbus
    30. polkitd
    31. tss
    32. postfix
    33. sshd
    34. chrony
    35. webA | SUCCESS | rc=0 >>
    36. root
    37. bin
    38. daemon
    39. adm
    40. lp
    41. sync
    42. shutdown
    43. halt
    44. mail
    45. operator
    46. games
    47. ftp
    48. nobody
    49. systemd-bus-proxy
    50. systemd-network
    51. dbus
    52. polkitd
    53. tss
    54. postfix
    55. sshd
    56. chrony

    3、ansible模块raw,最原始的方式运行命令(不依赖python,仅通过ssh实现)

    1. #清除yum缓存
    2. [root@ansible ~]# ansible all -m raw -a "yum -y clean all"
    3. webB | SUCCESS | rc=0 >>
    4. Loaded plugins: fastestmirror
    5. Cleaning repos: c7-media
    6. Cleaning up everything
    7. Shared connection to 192.168.200.138 closed.
    8. webA | SUCCESS | rc=0 >>
    9. Loaded plugins: fastestmirror
    10. Cleaning repos: c7-media epel
    11. Cleaning up everything
    12. Cleaning up list of fastest mirrors
    13. Shared connection to 192.168.200.132 closed.
    14. #建立yum缓存
    15. [root@ansible ~]# ansible all -m raw -a "yum makecache"
    16. webA | SUCCESS | rc=0 >>
    17. Loaded plugins: fastestmirror
    18. c7-media                                                 | 3.6 kB     00:00     
    19. Loading mirror speeds from cached hostfile
    20. * c7-media: 
    21. Metadata Cache Created
    22. Shared connection to 192.168.200.132 closed.
    23. webB | SUCCESS | rc=0 >>
    24. Loaded plugins: fastestmirror
    25. c7-media                                                 | 3.6 kB     00:00     
    26. Loading mirror speeds from cached hostfile
    27. * c7-media: 
    28. Metadata Cache Created
    29. Shared connection to 192.168.200.138 closed.
    30. #yumnmap
    31. ansible all -m raw -a "yum -y install nmap"

    八、Ansible的copy模块批量下发文件或文件夹

    1、copy模块概述

    • copy模块的参数,ansible 主机组 -m 模块 -a 命令
      • src:指定源文件或目录
      • dest:指定目标服务器的文件或目录
      • backup:是否要备份
      • owner:拷贝到目标服务器后,文件或目录的所属用户
      • group:拷贝到目标服务器后,文件或目录的所属群组
      • mode:文件或目录的权限
    • 准备工作
      • [root@ansible ~]# mkdir -p /service/scripts
      • [root@ansible ~]# echo "aaa" > /service/scripts/test.txt
      • [root@ansible ~]# echo "bbb" > /service/scripts/test2.txt
    • 所有被管理端节点必须安装libselinux-python
      • yum -y install libselinux-python

    2、copy模块拷贝文件

    特别提示:如果目标路径不存在会自动创建 
    src===>源文件路径 dest=目标路径位置

    1. [root@ansible ~]# ansible all -m copy -a "src=/service/scripts/test.txt dest=/service/scripts/"
    2. webB | FAILED! => {     #节点未安装libselinux-python
    3. "changed": false,
    4. "checksum": "972a1a11f19934401291cc99117ec614933374ce",
    5. "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"
    6. }
    7. webA | SUCCESS => {
    8. "changed": true,
    9. "checksum": "972a1a11f19934401291cc99117ec614933374ce",
    10. "dest": "/service/scripts/test.txt",
    11. "gid": 0,
    12. "group": "root",
    13. "md5sum": "5c9597f3c8245907ea71a89d9d39d08e",
    14. "mode": "0644",
    15. "owner": "root",
    16. "secontext": "system_u:object_r:svc_svc_t:s0",
    17. "size": 4,
    18. "src": "/root/.ansible/tmp/ansible-tmp-1529035954.8010113-22928023490467/source",
    19. "state": "file",
    20. "uid": 0
    21. }
    22. #节点安装libselinux-python后在进行发送测试
    23. [root@ansible ~]# ansible webB -m copy -a "src=/service/scripts/test.txt dest=/service/scripts/"
    24. webB | SUCCESS => {         #发送成功
    25. "changed": true,
    26. "checksum": "972a1a11f19934401291cc99117ec614933374ce",
    27. "dest": "/service/scripts/test.txt",
    28. "gid": 0,
    29. "group": "root",
    30. "md5sum": "5c9597f3c8245907ea71a89d9d39d08e",
    31. "mode": "0644",
    32. "owner": "root",
    33. "secontext": "system_u:object_r:svc_svc_t:s0",
    34. "size": 4,
    35. "src": "/root/.ansible/tmp/ansible-tmp-1529036146.1609693-94270890826089/source",
    36. "state": "file",
    37. "uid": 0
    38. }

    3、copy模块拷贝文件夹

    特别提示: 
    如果目标路径里有与我拷贝的文件同名文件的话,会直接覆盖目标路径下的文件

      1. #拷贝/service/scripts/  目录下所有内容到dest的路径下(注意两条命令的对比)
      2. [root@ansible ~]# ansible webA -m copy -a "src=/service/scripts/ dest=/service/scripts/"
      3. webA | SUCCESS => {
      4. "changed": true,
      5. "dest": "/service/scripts/",
      6. "src": "/service/scripts/"
      7. }
      8. #拷贝/service/scripts目录本身及其内部的所有内容到dest的路径下(注意两条命令的对比)
      9. [root@ansible ~]# ansible webA -m copy -a "src=/service/scripts dest=/service/scripts/"
      10. webA | SUCCESS => {
      11. "changed": true,
      12. "dest": "/service/scripts/",
      13. "src": "/service/scripts"
      14. }

    4、copy模块自动备份

    特别提示: 
    参数:backup=yes ===>意思是,如果目标路径下,有与我同名但不同内容的文件时,在覆盖前,对目标文件先进行备份。

      1. [root@ansible ~]# ansible webB -m copy -a "src=/service/scripts/ dest=/service/scripts/ backup=yes"
      2. webB | SUCCESS => {
      3. "changed": true,
      4. "dest": "/service/scripts/",
      5. "src": "/service/scripts/"
      6. }

    5、copy模块指定用户和属主

    1. [root@ansible ~]# ansible webA -m copy -a "src=/service/scripts/ dest=/service/scripts/ owner=nobody group=nobody mode=0600"
    2. webA | SUCCESS => {
    3. "changed": true,
    4. "dest": "/service/scripts/",
    5. "src": "/service/scripts/"
    6. }

    九、Ansible的script模块批量运行脚本

    ansiblescript模块能够实现远程服务器批量运行本地的shell脚本。

    1. #操作示例-->远程批量分发并自动部署nginx
    2. #所有被管理端需要挂载光盘,并创建本地yum配置文件
    3. [root@ansible scripts]# pwd
    4. /service/scripts
    5. [root@ansible scripts]# ls | xargs -n1
    6. auto_nginx.sh   #自动安装nginx脚本
    7. fenfa.sh        #批量分发脚本
    8. nginx-1.10.2.tar.gz #nginx源码包
    9. [root@ansible scripts]# cat auto_nginx.sh   #nginx安装脚本
    10. #!/bin/sh
    11. #nginx install shell scripts
    12. test -d /media/cdrom || mkdir -p /media/cdrom
    13. mount /dev/sr0 /media/cdrom &>/dev/null
    14. yum -y install gcc gcc-c++ make pcre pcre-devel zlib zlib-devel openssl  openssl-devel &>/dev/null
    15. test -d /service/scripts || exit 3
    16. cd /service/scripts/
    17. tar xf nginx-1.10.2.tar.gz -C /usr/src/
    18. cd /usr/src/nginx-1.10.2/
    19. ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module &>/dev/null
    20. make &>/dev/null
    21. make install &>/dev/null
    22. exit 0
    23. [root@ansible scripts]# cat fenfa.sh    #源码包和安装脚本的批量分发脚本
    24. #!/bin/sh
    25. #批量分发脚本
    26. Group=$1
    27. ansible $Group -m copy -a "src=/service/scripts/ dest=/service/scripts/"
    28. ansible $Group -m script -a "/service/scripts/auto_nginx.sh"
    29. [root@ansible scripts]# sh fenfa.sh all #激活脚本

    此脚本只是个演示示例,工作中需要写的尽量严谨一些。

  • 相关阅读:
    Path Sum II
    Convert Sorted Array to Binary Search Tree
    Construct Binary Tree from Inorder and Postorder Traversal
    Construct Binary Tree from Preorder and Inorder Traversal
    Maximum Depth of Binary Tree
    Binary Tree Zigzag Level Order Traversal
    Binary Tree Level Order Traversal
    Same Tree
    Validate Binary Search Tree
    Binary Tree Inorder Traversal
  • 原文地址:https://www.cnblogs.com/heroke/p/9994032.html
Copyright © 2011-2022 走看看