ansible簡述

ansible是新出現的自動化運維工具，基於Python開發，集合了衆多運維工具（puppet、cfengine、chef、func、fabric）的優點，實現了批量系統配置、批量程序部署、批量運行命令等功能。

ansible是基於模塊工作的，本身沒有批量部署的能力。真正具有批量部署的是ansible所運行的模塊，ansible只是提供一種框架。主要包括：
(1)、連接插件connection plugins：負責和被監控端實現通信；
(2)、host inventory：指定操作的主機，是一個配置文件裏面定義監控的主機；
(3)、各種模塊核心模塊、command模塊、自定義模塊；
(4)、藉助於插件完成記錄日誌郵件等功能；
(5)、playbook：劇本執行多個任務時，非必需可以讓節點一次性運行多個任務。

ansible架構圖：

1.安裝ansible
//配置yum源
[root@heyuanjie ~]# cd /etc/yum.repos.d/
[root@heyuanjie yum.repos.d]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1572 100 1572 0 0 10783 0 --:--:-- --:--:-- --:--:-- 10841
[root@heyuanjie yum.repos.d]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@heyuanjie yum.repos.d]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@heyuanjie ~]# yum -y install epel-release
[root@heyuanjie ~]# yum -y install ansible ansible-doc
[root@heyuanjie ~]# ansible --version
ansible 2.6.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

2.ansible配置
/etc/ansible/ansible.cfg ansible主配置文件
/etc/ansible/hosts 受控主機清單

受控主機清單配置方式：
1)分組配置
2)ip配置
3)域名配置
4)通配符配置
ansible通過ssh來控制遠程主機，所以要配置ssh互信，否則將會提示你輸入密碼。

3.ansible如何獲取幫助
ansible通過ansible-doc命令來獲取幫助信息，可以使用此命令的-s選項來獲取指定模塊的的幫助信息。
//查詢ping模塊的幫助文檔
[root@heyuanjie ~]# ansible-doc -s ping

• name: Try to connect to host, verify a usable python and return pong' on success<br/>ping:<br/>data: # Data to return for theping' return value. If this
  parameter is set to `crash',
  the module will cause an
  exception.

4.ansible常用模塊詳解
ansiblechang用模塊有：
1)ping
2)yum
3)template
4)copy
5)user
6)group
7)service
8)raw
9)command
10)shell
11)script
ansible常用模塊raw,command,shell的區別：
shell模塊調用的是/bin/sh指令執行
command模塊不是調用的shell指令，所以沒有bash的環境變量
raw很多地方和shell相似，更多地方建議使用shell和command模塊。但是如果使用老版本的python，需要用到raw，又或者是客戶端是路由器，因爲沒有安裝python模塊，那就需要使用raw模塊了

//ansible常用模塊之ping
ping模塊用於檢查指定節點機器是否連通，用法很簡單，不涉及參數，主機如果在線，則回覆pong。

先將客戶機加入到受控主機清單中
[root@heyuanjie ~]# vi /etc/ansible/hosts //添加受控主機組loveran，並加入ip。
[loveran]
192.168.56.12
//配置ssh互信
[root@heyuanjie ~]# ssh-keygen -t rsa
[root@heyuanjie ~]# ssh-copy-id 192.168.56.12
[root@heyuanjie ~]# ansible all -m ping
192.168.56.12 | SUCCESS => {
"changed": false,
"ping": "pong"
}

//ansible常用模塊之command
command模塊用於在遠程主機上執行命令，ansible默認就是使用command模塊。
command模塊有一個缺陷就是不能使用管道符和重定向功能。
//查看受控主機的/tmp目錄內容
[root@heyuanjie ~]# ansible 192.168.56.12 -a 'ls /tmp'
192.168.56.12 | SUCCESS | rc=0 >>
ansible_bs1IKZ
systemd-private-76b20d25809c4faf803a4af9563853d1-vgauthd.service-eJNR6R
systemd-private-76b20d25809c4faf803a4af9563853d1-vmtoolsd.service-FyuJ1s
//在受控主機的/tmp目錄下新建一個文件ran
//由於之前在受控主機清單中創建了受控主機組loveran，所以這裏可以用組名代替ip。
[root@heyuanjie ~]# ansible loveran -a 'touch /tmp/ran'
[WARNING]: Consider using the file module with state=touch rather than running touch. If
you need to use command because file is insufficient you can add warn=False to this
command task or set command_warnings=False in ansible.cfg to get rid of this message.

192.168.56.12 | SUCCESS | rc=0 >>
[root@heyuanjie ~]# ansible loveran -a 'ls /tmp'
192.168.56.12 | SUCCESS | rc=0 >>
ansible_ls11Da
ran
systemd-private-76b20d25809c4faf803a4af9563853d1-vgauthd.service-eJNR6R
systemd-private-76b20d25809c4faf803a4af9563853d1-vmtoolsd.service-FyuJ1s

//command模塊不支持管道符，不支持重定向
[root@heyuanjie ~]# ansible loveran -a 'echo "hello world">/tmp/ran'
192.168.56.12 | SUCCESS | rc=0 >>
hello world>/tmp/ran
[root@heyuanjie ~]# ansible loveran -a 'cat /tmp/ran'
192.168.56.12 | SUCCESS | rc=0 >>

[root@heyuanjie ~]# ansible loveran -a 'ps -ef|grep ssh'
192.168.56.12 | FAILED | rc=1 >>
error: unsupported SysV option

Usage:
ps [options]

Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.

For more details see ps(1).non-zero return code

//ansible常用模塊之raw
raw模塊用於在遠程主機上執行命令，支持管道符與重定向
//重定向
[root@heyuanjie ~]# ansible loveran -m raw -a 'echo "you are my rose,ran">/tmp/ran'
192.168.56.12 | SUCCESS | rc=0 >>
Shared connection to 192.168.56.12 closed.
[root@heyuanjie ~]# ansible loveran -m raw -a 'cat /tmp/ran'
192.168.56.12 | SUCCESS | rc=0 >>
you are my rose,ran
Shared connection to 192.168.56.12 closed.
//管道
[root@heyuanjie ~]# ansible loveran -m raw -a 'ps -ef|grep ssh'
192.168.56.12 | SUCCESS | rc=0 >>
root 985 1 0 14:37 ? 00:00:00 /usr/sbin/sshd -D
root 1096 985 0 14:38 ? 00:00:00 sshd: root@pts/0
root 1664 985 0 15:39 ? 00:00:00 sshd: root@pts/1
root 1667 1664 0 15:39 pts/1 00:00:00 bash -c ps -ef|grep ssh
root 1677 1667 0 15:39 pts/1 00:00:00 grep ssh
Shared connection to 192.168.56.12 closed.

//ansible常用模塊之shell
shell模塊用於在受控機上執行受控機上的腳本，亦可以直接在受控機上執行命令。
shell模塊同時支持管道和重定向
//在受控機上創建腳本存放目錄，並手動編寫一個腳本。
[root@hyj ~]# mkdir /scripts
[root@hyj ~]# vi /scripts/test.sh
#!/bin/bash
for i in $(seq 10);do
echo $i
done
//在服務器端執行
[root@heyuanjie ~]# ansible loveran -m shell -a 'sh /scripts/test.sh &> /tmp/test'
192.168.56.12 | SUCCESS | rc=0 >>
[root@heyuanjie ~]# ansible loveran -m shell -a 'cat /tmp/test'
192.168.56.12 | SUCCESS | rc=0 >>
1
2
3
4
5
6
7
8
9
10

//ansible模塊之scripts
scripts模塊用於在受控機上執行主控機上腳本
[root@heyuanjie ~]# mkdir /scripts
[root@heyuanjie ~]# vi /scripts/test1.sh
for i in $(cat /etc/passwd);do
echo $i
echo '--------------------'
done
//執行腳本
[root@heyuanjie ~]# ansible loveran -m script -a '/scripts/test1.sh &> /tmp/test1'
192.168.56.12 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.56.12 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.56.12 closed."
],
"stdout": "",
"stdout_lines": []
}
//查看受控主機上的/tmp/test1的內容
[root@heyuanjie ~]# ansible loveran -a 'cat /tmp/test1'
192.168.56.12 | SUCCESS | rc=0 >>
root:x:0:0:root:/root:/bin/bash

中間省略......
SSH:/var/empty/sshd:/sbin/nologin

//由此可見確是在受控機上執行了主控機上的腳本，且輸出記錄到了受控機上

//ansible常用模塊之template
template模塊用於生成一個模板，並可將其傳輸至遠程主機上
//例如將之前下載好的163源傳到受控主機
[root@heyuanjie ~]# ansible loveran -m template -a 'src=/etc/yum.repos.d/CentOS7-Base-163.repo dest=/etc/yum.repos.d/163.repo'
192.168.56.12 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:system_conf_t:s0",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536567908.24-251842099276509/source",
"state": "file",
"uid": 0
}

//在受控主機上查看是否有163源
[root@hyj ~]# ls /etc/yum.repos.d/
163.repo CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo

//ansible常用模塊之yum
yum模塊用於在指定節點機器上通過yum管理軟件，其支持的參數主要有兩個
1)name:要管理的包名
2)state:要進行的操作
state常用的值：
1)latest：安裝軟件
2)installed：安裝軟件
3)present：安裝軟件
4)removed：卸載軟件
5)absent：卸載軟件
若想使用yum來管理軟件，請確保受控機上的yum源無異常
在受控主機上查看vsftpd軟件是否安裝
[root@hyj ~]# rpm -qa|grep vsftpd
//在ansible主機上使用yum模塊在受控機上安裝vsftpd
[root@heyuanjie ~]# ansible loveran -m yum -a 'name=vsftpd state=present'
192.168.56.12 | SUCCESS => {
"changed": true,
"msg": "Repository base is listed more than once in the configuration\nRepository updates is listed more than once in the configuration\nRepository extras is listed more than once in the configuration\nRepository centosplus is listed more than once in the configuration\nwarning: /var/cache/yum/x86_64/7/base/packages/vsftpd-3.0.2-22.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY\nImporting GPG key 0xF4A80EB5:\n Userid : \"CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>\"\n Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5\n From : http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7\n",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:3.0.2-22.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n vsftpd x86_64 3.0.2-22.el7 base 169 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 169 k\nInstalled size: 348 k\nDownloading packages:\nPublic key for vsftpd-3.0.2-22.el7.x86_64.rpm is not installed\nRetrieving key from http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : vsftpd-3.0.2-22.el7.x86_64 1/1 \n Verifying : vsftpd-3.0.2-22.el7.x86_64 1/1 \n\nInstalled:\n vsftpd.x86_64 0:3.0.2-22.el7 \n\nComplete!\n"
]
}

//查看受控機上是否安裝了vsftpd
[root@hyj ~]# rpm -qa|grep vsftpd
vsftpd-3.0.2-22.el7.x86_64

//ansible常用模塊之copy
copy模塊用於複製文件至遠程受控機。
[root@heyuanjie ~]# ls /scripts/
test1.sh
[root@heyuanjie ~]# ansible loveran -m copy -a 'src=/scripts/test1.sh dest=/scripts/'
192.168.56.12 | SUCCESS => {
"changed": true,
"checksum": "eb97897fd2d5e4fbcd4a52e22375f4cbfb1eccf1",
"dest": "/scripts/test1.sh",
"gid": 0,
"group": "root",
"md5sum": "7bfa938368f4bbf2fb2f0e6b4e0f4f40",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:default_t:s0",
"size": 92,
"src": "/root/.ansible/tmp/ansible-tmp-1536569473.16-220537992503363/source",
"state": "file",
"uid": 0
}
[root@heyuanjie ~]# ansible loveran -a 'ls /scripts'
192.168.56.12 | SUCCESS | rc=0 >>
test1.sh
test.sh

//ansible常用模塊之group
group模塊用於在受控主機上添加或刪除組
//在受控主機上添加一個系統組，gid爲306，組名爲mysql

[root@heyuanjie ~]# ansible loveran -m group -a 'name=mysql gid=306 state=present'
192.168.56.12 | SUCCESS => {
"changed": true,
"gid": 306,
"name": "mysql",
"state": "present",
"system": false
}

[root@heyuanjie ~]# ansible loveran -m shell -a 'grep mysql /etc/group'
192.168.56.12 | SUCCESS | rc=0 >>
mysql:x:306:
//刪除受控機上的組
[root@heyuanjie ~]# ansible loveran -m group -a 'name=mysql state=absent'
192.168.56.12 | SUCCESS => {
"changed": true,
"name": "mysql",
"state": "absent"
}
[root@heyuanjie ~]# ansible loveran -m shell -a 'grep mysql /etc/group'
192.168.56.12 | FAILED | rc=1 >>
non-zero return code

//ansible常用模塊之user
user模塊用於管理受控機的用戶賬號
//在受控機上添加一個系統用戶，用戶名爲mysql，uid爲306，設置其shell爲/sbin/nologin,無家目錄
[root@heyuanjie ~]# ansible loveran -m user -a 'name=mysql uid=306 system=yes create_home=no shell=/sbin/nologin state=present'
192.168.56.12 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
[root@heyuanjie ~]# ansible loveran -m shell -a 'grep mysql /etc/passwd'
192.168.56.12 | SUCCESS | rc=0 >>
mysql:x:306:306::/home/mysql:/sbin/nologin
//修改mysql用戶uid爲366
[root@heyuanjie ~]# ansible loveran -m user -a 'name=mysql uid=366'
192.168.56.12 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 366
}
[root@heyuanjie ~]# ansible loveran -m shell -a 'grep mysql /etc/passwd'
192.168.56.12 | SUCCESS | rc=0 >>
mysql:x:366:306::/home/mysql:/sbin/nologin

//刪除受控機上的mysql用戶
[root@heyuanjie ~]# ansible loveran -m user -a 'name=mysql state=absent'
192.168.56.12 | SUCCESS => {
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
[root@heyuanjie ~]# ansible loveran -m shell -a 'grep mysql /etc/passwd'
192.168.56.12 | FAILED | rc=1 >>
non-zero return code

//ansible常用模塊之service
service模塊用於管理受控機上的服務。
//查看受控機上的vsftpd服務是否啓動
[root@heyuanjie ~]# ansible loveran -a 'systemctl is-active vsftpd'
192.168.56.12 | FAILED | rc=3 >>
unknownnon-zero return code
//啓動受控機上的vsftpd服務
[root@heyuanjie ~]# ansible loveran -m service -a 'name=vsftpd state=started'
192.168.56.12 | SUCCESS => {
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
此處省略n行......
}
[root@heyuanjie ~]# ansible loveran -a 'systemctl is-active vsftpd'
192.168.56.12 | SUCCESS | rc=0 >>
active

//設置受控機上的vsftpd服務開機自啓動
[root@heyuanjie ~]# ansible loveran -m service -a 'name=vsftpd enabled=yes'
192.168.56.12 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "Mon 2018-09-10 17:11:43 CST",
此處省略n行......
}
//查看受控機上vsftpd是否開機自啓
[root@heyuanjie ~]# ansible loveran -a 'systemctl is-enabled vsftpd'
192.168.56.12 | SUCCESS | rc=0 >>
enabled
//停止受控機上的vsftpd服務
[root@heyuanjie ~]# ansible loveran -m service -a 'name=vsftpd state=stopped'
[root@heyuanjie ~]# ansible loveran -a 'systemctl is-active vsftpd'
192.168.56.12 | FAILED | rc=3 >>
inactivenon-zero return code