Ansible使用標準的SSH連接來執行自動化流程,不需要代理 (其他描述可自行搜索)
本文系統:
centos 6.5 x64
ip:172.16.162.129
hostname:vm.lansgg.com
測試client主機:
centos 6.5 x64
ip : 172.16.162.130
hostname:vm1.lansgg.com
#####摘自網友總結#####
一、Ansible介紹
ansible是一款的自動化運維工具,基於Python開發,集合了衆多運維工具(puppet、cfengine、chef、func、fabric)的優點,實現了批量系統配置、批量程序部署、批量運行命令等功能。ansible是基於模塊工作的,本身沒有批量部署的能力。真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架。主要包括:
1、連接插件connection plugins:負責和被監控端實現通信;
2、host inventory:指定操作的主機,是一個配置文件裏面定義監控的主機;
3、各種模塊核心模塊、command模塊、自定義模塊;
4、藉助於插件完成記錄日誌郵件等功能;
5、playbook:劇本執行多個任務時,非必需可以讓節點一次性運行多個任務。
二、Ansible特性
1、no agents:不需要在被管控主機上安裝任何客戶端;
2、no server:無服務器端,使用時直接運行命令即可;
3、modules in any languages:基於模塊工作,可使用任意語言開發模塊;
4、yaml,not code:使用yaml語言定製劇本playbook;
5、ssh by default:基於SSH工作;
6、strong multi-tier solution:可實現多級指揮。
三、Ansible優點
1、輕量級,無需在客戶端安裝agent,更新時,只需在操作機上進行一次更新即可;
2、批量任務執行可以寫成腳本,而且不用分發到遠程就可以執行;
3、使用python編寫,維護更簡單,ruby語法過於複雜;
4、支持sudo。
四、Ansible工作機制
五、安裝ansible
依賴模塊paramiko、PyYAML、Jinja2、httplib2、simplejson、pycrypto、crypto2.6、pyasn1、keyczar、sshpass等
rpm -vhi python-yaml-3.09-3.el6.rf.x86_64.rpm rpm -vhi python-jinja2-2.2.1-1.el6.rf.x86_64.rpm yum install ansible
ansible示例:
首先打通此主機到測試主機的ssh key
[root@vm ansible]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: ae:b1:ef:46:d8:e4:3f:38:38:8d:8b:e7:e3:a2:4c:c2 [email protected] The key's randomart p_w_picpath is: +--[ RSA 2048]----+ | | | | | | | . | | =S | |. ..+ | |.E. .=.o | | + ..*+= o | | o..=*Bo. . | +-----------------+ [root@vm ansible]# ssh-copy-id -i 172.16.162.130 The authenticity of host '172.16.162.130 (172.16.162.130)' can't be established. RSA key fingerprint is 1e:76:f9:17:93:20:f1:be:06:48:02:3b:7c:80:41:07. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.162.130' (RSA) to the list of known hosts. Address 172.16.162.130 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! [email protected]'s password: Now try logging into the machine, with "ssh '172.16.162.130'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
進行命令測試
[root@vm ansible]# ansible testhost -m ping 172.16.162.130 | success >> { "changed": false, "ping": "pong" } [root@vm ansible]#
而testhost代表的則是
[root@vm ansible]# pwd /etc/ansible [root@vm ansible]# cat hosts [testhost] 172.16.162.130 [root@vm ansible]#
具體命令介紹下節說明