一、轻量级自动化运维工具对比
二、ansible 的优势和应用场景
1.轻量级无客户端(Agentless)
2.开源免费,学习成本低、快速上手;
3.使用playbook 作为核心配置架构,统一的脚本格式,批量化部署 ;
4.完善的模块化扩展,支持目前主流的开发场景;
5.江大的稳定性和兼容性;
6.活跃的官方社区问题讨论,方便Trubleshooting 与DEBUG 问题 。
三、ansible 的安装配置
四、安装过程:
[root@ansible ~]# wget http://www.python.org/ftp/python/3.6.5/Python-3.6.5.tar.xz # tar xf Python-3.6.5.tar.xz # cd Python-3.6.5 # ./configure --prefix=/usr/local --with-ensurepip=install --enable-shared LDFLAGS="-Wl,-rpath /usr/local/lib"
# make && make altinstall
# which pip3.6
/usr/local/bin/pip3.6
# ln -s /usr/local/bin/pip3.6 /usr/local/bin/pip
# pip install virtualenv
# useradd deploy
# su - deploy
# virtualenv -p /usr/local/bin/python3.6 .py3-a2.5-env
# cd /home/deploy/.py3-a2.5-env
# which git
/bin/git
如果没有安装git 客户端,执行一下两步操作
(# su - root
# yum -y install git nss curl )
# git clone https://github.com/ansible/ansible.git
# source /home/deploy/.py3-a2.5-env/bin/activate
# (.py3-a2.5-env) [deploy@ansible ~]$ pip install paramiko PyYAML jinja2
# ll
总用量 4
drwxrwxr-x 14 deploy deploy 4096 2月 5 17:15 ansible
# mv ansible .py3-a2.5-env/
# cd .py3-a2.5-env/ansible
# git checkout stable-2.5
# source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q
# (.py3-a2.5-env) [deploy@ansible ansible]$ ansible --version
ansible 2.5.15 (stable-2.5 c8dfe5b6d3) last updated 2021/02/05 18:19:52 (GMT +800)
config file = None
configured module search path = ['/home/deploy/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/deploy/.py3-a2.5-env/ansible/lib/ansible
executable location = /home/deploy/.py3-a2.5-env/ansible/bin/ansible
python version = 3.6.5 (default, Feb 5 2021, 13:52:27) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
至此,ansible 安装完成!
五、Ansible playbook 入门及编写规范
(.py3-a2.5-env) [deploy@ansible ansible]$ ansible-playbook --version ansible-playbook 2.5.15 (stable-2.5 c8dfe5b6d3) last updated 2021/02/05 18:19:52 (GMT +800) config file = None configured module search path = ['/home/deploy/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/deploy/.py3-a2.5-env/ansible/lib/ansible executable location = /home/deploy/.py3-a2.5-env/ansible/bin/ansible-playbook python version = 3.6.5 (default, Feb 5 2021, 13:52:27) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
六、简单演示实例:
1.先进行密钥的创建和公钥的分发,便于免密管理目标机器
# ssh-keygen -t rsa #交互界面一路回车就行 # ssh-copy-id -i /home/deploy/.ssh/id_rsa.pub root@test.example.com #分发公钥到目标机器 # ssh root@test.example.com #测试免密登录
# echo "192.168.11.22 test.example.com" >> /etc/hosts #添加目标主机域名解析
2.创建ansible-playbook 相应的目录结构
(.py3-a2.5-env) [deploy@ansible ~]$ pwd /home/deploy (.py3-a2.5-env) [deploy@ansible ~]$ cd test_playbooks/ (.py3-a2.5-env) [deploy@ansible test_playbooks]$ tree ./ ./ ├── deploy.yml ├── inventory │ └── testenv └── roles └── testbox └── tasks └── main.yml 4 directories, 4 files
(.py3-a2.5-env) [deploy@ansible test_playbooks]$ cat deploy.yml
- hosts: "testservers"
gather_facts: true
remote_user: root
roles:
- testbox
(.py3-a2.5-env) [deploy@ansible test_playbooks]$ cat inventory/testenv
[testservers]
test.example.com
[testservers:vars]
server_name=test.example.com
user=root
output=/root/test.txt
(.py3-a2.5-env) [deploy@ansible test_playbooks]$ cat roles/testbox/tasks/main.yml
- name: Print server name and user to remote testbox
shell: "echo 'Currently {{ user }} is logining {{ server_name }} > {{ output }}'"
执行 ansible-playbook
(.py3-a2.5-env) [deploy@ansible test_playbooks]$ ansible-playbook -i inventory/testenv ./deploy.yml
PLAY [testservers] ***************************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************************
ok: [test.example.com]
TASK [testbox : Print server name and user to remote testbox] ********************************************************************************************************************
changed: [test.example.com]
PLAY RECAP ***********************************************************************************************************************************************************************
test.example.com : ok=2 changed=1 unreachable=0 failed=0
登录目标主机查看结果
(.py3-a2.5-env) [deploy@ansible test_playbooks]$ ssh root@test.example.com
Last login: Sun Feb 7 15:30:00 2021 from 192.168.11.09
[root@testbox ~]# ls
bak test.txt
[root@testbox ~]# cat test.txt
Currently root is logining test.example.com #执行playbook 成功后的结果
七、Ansible playbook 的常用模块介绍
实例展示:
实例解释:
实例演示:
[deploy@ansible ~]$ source /home/deploy/.py3-a2.5-env/bin/activate (.py3-a2.5-env) [deploy@ansible ~]$ source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q (.py3-a2.5-env) [deploy@ansible ~]$ ansible-playbook --version ansible-playbook 2.5.15 (stable-2.5 c8dfe5b6d3) last updated 2021/02/05 18:19:52 (GMT +800) config file = None configured module search path = ['/home/deploy/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/deploy/.py3-a2.5-env/ansible/lib/ansible executable location = /home/deploy/.py3-a2.5-env/ansible/bin/ansible-playbook python version = 3.6.5 (default, Feb 5 2021, 13:52:27) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] 切换到目标主机 (.py3-a2.5-env) [deploy@ansible ~]$ ssh root@test.example.com [root@testbox ~]# useradd foo [root@testbox ~]# useradd deploy [root@testbox ~]# mkdir /etc/nginx [root@testbox ~]# rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm 返回到ansible主机 (.py3-a2.5-env) [deploy@ansible ~]$ pwd /home/deploy (.py3-a2.5-env) [deploy@ansible ~]$ cd test_playbooks/ (.py3-a2.5-env) [deploy@ansible test_playbooks]$ vim roles/testbox/tasks/main.yml - name: Print server name and user to remote testbox shell: "echo 'Currently {{ user }} is logining {{ server_name }} > {{ output }}'" - name: create a file file: 'path=/root/foo.txt state=touch mode=0755 owner=foo group=foo' (.py3-a2.5-env) [deploy@ansible test_playbooks]$ ansible-playbook -i inventory/testenv ./deploy.yml 略。。。 test.example.com : ok=3 changed=2 unreachable=0 failed=0 (.py3-a2.5-env) [deploy@ansible test_playbooks]$ ssh root@test.example.com ls -l /root/foo.txt -rwxr-xr-x 1 foo foo 0 2月 8 10:19 /root/foo.txt 编辑变量 (.py3-a2.5-env) [deploy@ansible test_playbooks]$ vim inventory/testenv [testservers] test.example.com [testservers:vars] server_name=test.example.com user=root output=/root/test.txt rver_name=test.example ▽ort=80 user=deploy worker_processes=4 max_open_file=65505 root=/www 创建管理nginx的目录 (.py3-a2.5-env) [deploy@ansible test_playbooks]$ mkdir roles/testbox/templates
编辑 nginx的配置文件 (.py3-a2.5-env) [deploy@ansible test_playbooks]$ vim roles/testbox/templates/nginx.j2 # For more information on configuration, see: user {{ user }}; worker_processes {{ worker_processes }}; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections {{ max_open_file }}; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; # Load config files from the /etc/nginx/conf.d directory # The default server is in conf.d/default.conf #include /etc/nginx/conf.d/*.conf; server { listen {{ port }} default_server; server_name {{ server_name }}; #charset koi8-r; #access_log logs/host.access.log main; location / { root {{ root }}; index index.html index.htm; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } }
编辑检查nginx的版本并将nginx的配置文件写入目标机器的yml 文件 (.py3-a2.5-env) [deploy@ansible test_playbooks]$ vim roles/testbox/tasks/main.yml - name: Print server name and user to remote testbox shell: "echo 'Currently {{ user }} is logining {{ server_name }} > {{ output }}'" - name: create a file file: 'path=/root/foo.txt state=touch mode=0755 owner=foo group=foo' - name: copy a file copy: 'remote_src=no src=roles/testbox/files/foo.sh dest=/root/foo.sh mode=0644 force=yes' - name: check if foo.sh exists stat: 'path=/root/foo.sh' register: script_stat - debug: msg="foo.sh exists" when: script_stat.stat.exists - name: run the script command: 'sh /root/foo.sh' - name: write the nginx config file template: src=roles/testbox/templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf - name: ensure nginx is at the latest version yum: pkg=nginx state=latest - name: start nginx service service: name=nginx state=started (.py3-a2.5-env) [deploy@ansible test_playbooks]$ ansible-playbook -i inventory/testenv ./deploy.yml 略。。。 test.example.com : ok=10 changed=6 unreachable=0 failed=0 (.py3-a2.5-env) [deploy@ansible test_playbooks]$ ssh root@test.example.com cat /etc/nginx/nginx.conf # For more information on configuration, see: user deploy; worker_processes 4; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; 。。。 。。。 目标机器的nginx 配置文件就是我们复制过去的 nginx配置文件 #检查目标机器的nginx 服务是否启动 (.py3-a2.5-env) [deploy@ansible test_playbooks]$ ssh root@test.example.com ps -ef | grep nginx root 6301 1 0 10:52 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 6302 6301 0 10:52 ? 00:00:00 nginx: worker process (.py3-a2.5-env) [deploy@ansible test_playbooks]$ ssh root@test.example.com ps -ef | grep nginx root 6373 1 0 11:20 ? 00:00:00 nginx: master process nginx deploy 6374 6373 0 11:20 ? 00:00:00 nginx: worker process deploy 6375 6373 0 11:20 ? 00:00:00 nginx: worker process deploy 6376 6373 0 11:20 ? 00:00:00 nginx: worker process deploy 6377 6373 0 11:20 ? 00:00:00 nginx: worker process
至此,完成了复制文件,远程部署并启动服务的实例演示!