1,基本介紹
(一)ansible簡單介紹
ansible是新出現的自動化運維工具,基於Python開發,集合了衆多運維工具
(puppet、cfengine、chef、func、fabric)的優點,實現了批量系統配置、批量程序部署、批量運行命令等功能
ansible是基於模塊工作的,本身沒有批量部署的能力
真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架。主要包括:
(1)、連接插件connection plugins:負責和被監控端實現通信;
(2)、host inventory:指定操作的主機,是一個配置文件裏面定義監控的主機;
(3)、各種模塊核心模塊、command模塊、自定義模塊;
(4)、藉助於插件完成記錄日誌郵件等功能;
(5)、playbook:劇本執行多個任務時,非必需可以讓節點一次性運行多個任務。
-----來源百度百科
2,基本架構
3、基本特性
(1)、no agents:不需要在被管控主機上安裝任何客戶端;
(2)、no server:無服務器端,使用時直接運行命令即可;
(3)、modules in any languages:基於模塊工作,可使用任意語言開發模塊;
(4)、yaml,not code:使用yaml語言定製劇本playbook;
(5)、ssh by default:基於SSH工作;
(6)、strong multi-tier solution:可實現多級指揮。
4、優點
(1)、輕量級,無需在客戶端安裝agent,更新時,只需在操作機上進行一次更新即可;
(2)、批量任務執行可以寫成腳本,而且不用分發到遠程就可以執行;
(3)、使用python編寫,維護更簡單,ruby語法過於複雜;
(4)、支持sudo。
5,ansible工作機制
(二)Ansible的安裝與配置
1,安裝相應的基礎模塊,建議使用yum直接安裝
[root@GJB-TESTING .ssh]# yum install python26 python26-PyYAML python26-paramiko python26-ji
nja2 python-simplejson
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* extras: mirrors.zju.edu.cn
* updates: mirrors.163.com
Setting up Install Process
No package python26 available.
No package python26-PyYAML available.
No package python26-paramiko available.
No package python26-jinja2 available.
Resolving Dependencies
--> Running transaction check
---> Package python-simplejson.x86_64 0:2.0.9-3.1.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================
Package Arch Version Repository Size
================================================================================================
Installing:
python-simplejson x86_64 2.0.9-3.1.el6 base 126 k
Transaction Summary
================================================================================================
Install 1 Package(s)
Total download size: 126 k
Installed size: 437 k
Is this ok [y/N]: y
2,下載ansible(http://releases.ansible.com/ansible/)可在改頁面選擇相應的版本進行下載。
[root@Monitor tmp]# wget http://releases.ansible.com/ansible/ansible-2.2.0.0.tar.gz
--2016-11-23 18:06:35-- http://releases.ansible.com/ansible/ansible-2.2.0.0.tar.gz
正在解析主機 releases.ansible.com... 104.25.170.30, 104.25.171.30, 2400:cb00:2048:1::6819:ab1e, ...
正在連接 releases.ansible.com|104.25.170.30|:80... 已連接。
已發出 HTTP 請求,正在等待迴應... 200 OK
長度:2441851 (2.3M) [application/x-gzip]
正在保存至: “ansible-2.2.0.0.tar.gz”
100%[======================================================>] 2,441,851 1.36M/s in 1.7s
2016-11-23 18:06:42 (1.36 MB/s) - 已保存 “ansible-2.2.0.0.tar.gz” [2441851/2441851])
3,解壓下載的文件並安裝
[root@Monitor tmp]# tar xf ansible
ansible-2.2.0.0.tar.gz ansible.cfg
[root@Monitor tmp]# tar xf ansible-2.2.0.0.tar.gz
[root@Monitor tmp]# cd ansible-2.2.0.0
[root@Monitor ansible-2.2.0.0]# python setup.py
bin/ COPYING lib/ packaging/ setup.cfg
CHANGELOG.md docs/ Makefile PKG-INFO setup.py
contrib/ examples/ MANIFEST.in README.md VERSION
[root@Monitor ansible-2.2.0.0]# python setup.py build
running build
running build_py
running build_scripts
[root@Monitor ansible-2.2.0.0]# python setup.py install
........
Using /usr/lib/python2.6/site-packages/Jinja2-2.6-py2.6.egg
Searching for paramiko==1.7.5
Best match: paramiko 1.7.5
Adding paramiko 1.7.5 to easy-install.pth file
Using /usr/lib/python2.6/site-packages
Finished processing dependencies for ansible==2.2.0.0
[root@Monitor ansible-2.2.0.0]# mkdir /etc/ansible
[root@Monitor ansible-2.2.0.0]# pwd
/tmp/ansible-2.2.0.0
[root@Monitor ansible-2.2.0.0]# cp -r examples/* /etc/ansible
4,ssh免密鑰登錄設置(只在控制端使用)
[root@Monitor ansible]# ssh-keygen -t rsa -P '' #####生成公鑰/私鑰
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa_web
Your identification has been saved in /root/.ssh/id_rsa_web.
Your public key has been saved in /root/.ssh/id_rsa_web.pub.
The key fingerprint is:
41:c8:41:e7:be:32:4c:68:76:e8:9a:9c:bb:07:f0:06 root@Monitor
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| oooo |
| o+ |
| o |
|E o . . |
| + = o S |
| ++ + . |
| . .. + . |
| . +. o |
| B+ |
+-----------------+
[root@Monitor ansible]# cat /root/.ssh/id_rsa_web
id_rsa_web id_rsa_web1 id_rsa_web1.pub id_rsa_web.pub
[root@Monitor ansible]# cat /root/.ssh/id_rsa_web.pub >> /root/.ssh/authorized_keys
5,將加密的文件(/root/.ssh/id_rsa_web.pub)分發到其它服務器,並在其它的服務器執行如下命令
########在ansible服務器上執行以下語句
[root@Monitor ansible]# scp /root/.ssh/id_rsa_web.pub [email protected]:/root/.ssh/
reverse mapping checking getaddrinfo for . [192.168.110.5] failed - POSSIBLE BREAK-IN ATTEMPT!
[email protected]'s password:
id_rsa_web.pub 100% 394 0.4KB/s 00:00
######在客戶端上執行以下語句
[root@GJB-TESTING .ssh]# cat /root/.ssh/id_rsa_web.pub >> /root/.ssh/authorized_keys
[root@GJB-TESTING .ssh]# chmod 600 /root/.ssh/authorized_keys
[root@GJB-TESTING .ssh]# ll /root/.ssh/authorized_keys
-rw-------. 1 root root 2861 11月 24 14:21 /root/.ssh/authorized_keys
6,Ansible默認安裝好後有一個配置文件/etc/ansible/ansible.cfg,該配置文件中定義了ansible的主機的默認配置部分
如默認是否需要輸入密碼、是否開啓sudo認證、action_plugins插件的位置、hosts主機組的位置、是否開啓log功能
默認端口、key文件位置等等,默認的都是關閉,現在需要開啓remote_port和private_key_file兩個配置
[root@Monitor ansible]# vim ansible.cfg
remote_port = 22 ####用於連接遠程ssh的端口
private_key_file = /root/.ssh/id_rsa_web ####用於免密碼登陸的
7,定義hosts主機組(被控制主機)
[root@Monitor ansible]# vim hosts
[web]
192.168.110.4
192.168.110.5
[db]
192.168.110.2
(三)簡單的測試
######只測試web組的主機
[root@Monitor ansible]# ansible web -m command -a 'uptime'
192.168.110.4 | SUCCESS | rc=0 >>
14:30:31 up 47 days, 5:29, 2 users, load average: 0.00, 0.00, 0.00
192.168.110.5 | SUCCESS | rc=0 >>
14:32:28 up 7 days, 22:26, 2 users, load average: 0.01, 0.02, 0.00
######測試所有的主機
[root@Monitor ansible]# ansible all -m command -a 'uptime'
192.168.110.4 | SUCCESS | rc=0 >>
14:35:51 up 47 days, 5:34, 2 users, load average: 0.02, 0.03, 0.00
192.168.110.2 | SUCCESS | rc=0 >>
14:36:04 up 47 days, 5:47, 4 users, load average: 0.23, 0.13, 0.10
192.168.110.5 | SUCCESS | rc=0 >>
14:37:48 up 7 days, 22:32, 2 users, load average: 0.00, 0.00, 0.00