ansible 是一个自动化的工具,主要用来管理配置文件,应用部署等作用。
非常高效
通过ssh协议,不需要mq,数据库,agentless的不需要在client上面安装agent,比较轻量级,兼容性比较好。
ansible一般参数
并发10个
$ ansible atlanta -a "/sbin/reboot" -f 10
指定user
$ ansible atlanta -a "/usr/bin/foo" -u username
ad-hoc任务
一般用来做一些一次性的工作,ansible还支持所谓的playbook,一段剧本,可以保持下来复用。
比如说安装一个软件啊,开一个服务啊,执行一条命令什么的。
我们先从最简单的ping开始。
1. ping模块
[root@monitor ]120.25.145.42 | success >> { "changed": false, "ping": "pong"}
很简单加个-m 参数代表用ping这个模块。他返回两个,changed ,和ping ,
2. shell模块
很简单,就是执行一个shell命令。
比如说echo hello
[root@monitor ~]120.25.145.42 | success | rc=0 >>hello
-a 代表shell模块的参数
3. copy,file文件传输模块
copy可以把本机的文件远程传输到目标机器上
例如
[root@monitor ~]120.25.145.42 | success >> { "changed": false, "checksum": "9d85f37d33366a82f2486c304c4c420a214f2aba", "dest": "/tmp/hosts", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/tmp/hosts", "size": 353, "state": "file", "uid": 0}
file模块可以修改文件的所有人,所属组,mode。
[root@monitor ~]120.25.145.42 | success >> { "changed": true, "gid": 0, "group": "root", "mode": "0644", "owner": "nobody", "path": "/tmp/hosts", "size": 353, "state": "file", "uid": 99}
这些参数同样可以传到copy 模块里面。copy模块的实现好像用的scp。
4. yum,apt模块,软件管理的模块。
ansible-doc yum 看下参数说明
主要是state这个参数,代表安装,卸载等。
state Whether to install (`present', `latest'), or remove (`absent') a package. (Choices: present, latest, absent) [Default: present]
就三个状态,present,latest,absent,前两个代表安装,后面一个是卸载。很好理解。
用起来就是:
[root@monitor ~]# ansible test -m yum -a "name=ntp state=present"120.25.145.42 | success >> { "changed": false, "msg": "", "rc": 0, "results": [ "ntp-4.2.6p5-3.el6.centos.x86_64 providing ntp is already installed" ]}卸载:[root@monitor ~]# ansible test -m yum -a "name=ntp state=absent"120.25.145.42 | success >> { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package ntp.x86_64 0:4.2.6p5-3.el6.centos will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n ntp x86_64 4.2.6p5-3.el6.centos @updates 1.6 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 1.6 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : ntp-4.2.6p5-3.el6.centos.x86_64 1/1 \nwarning: /etc/ntp.conf saved as /etc/ntp.conf.rpmsave\nUnable to connect to dbus\n\r Verifying : ntp-4.2.6p5-3.el6.centos.x86_64 1/1 \n\nRemoved:\n ntp.x86_64 0:4.2.6p5-3.el6.centos \n\nComplete!\n" ]}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
5. User 用户管理模块
包括用户和用户组都可以进行管理。
[root@monitor ~]120.25.145.42 | success >> { "append": false, "changed": true, "comment": "", "group": 504, "home": "/home/ss", "move_home": false, "name": "ss", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 503}
password的参数是sha512加密的,
可以用grub-crypt生成,或者是用python的模块生成
python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"
详细可以看http://docs.ansible.com/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module
[root@monitor install-zabbix-playbook]120.25.145.42 | success >> { "append": false, "changed": true, "comment": "", "group": 506, "home": "/home/fuck", "move_home": false, "name": "fuck", "password": "NOT_LOGGING_PASSWORD", "shell": "/bin/bash", "state": "present", "uid": 505}
查看是否修改成功
[root@iZ94wi1x5hoZ ~]root:$6$AXHXCLyd$vXQw0C/WuHqEM0htW/c9lGAW03Gm8NXnUD9MSHvz9kjBoqqL/AvhxWBX2/NhAXemFtgJPGUYsP0A8hXDMUgns0:16579:0:99999:7:::fuck:$6$rounds=40000$M.jOLGeGue3hPdYb$FTaslz1igc8IKi7TolGxkDrr9XSRLPT0QXtgwRCqac9XsTEqmWagxLY.1s8oQMjuQUI6hlK/DyFb3Kxye5nar0:16583:0:99999:7:::
6. Git模块
部署项目用
设置一个repo 就好了,当然你设置git:的repo必须ssh认证。这边是基于https认证的例子。
[root@monitor install-zabbix-playbook]# ansible test -m git -a "repo=https://code.csdn.net/aca_jingru/tomcat.git dest=/data"120.25.145.42 | success >> { "after": "b11ee2f3471fe647a70a514acb22ecf8b1146628", "before": null, "changed": true}
7. Service服务模块
启动,停止,重启,reload,对应4个state如下:
- started
- stopped
- restarted
- reloaded
[root@monitor ~]120.25.145.42 | success >> { "changed": true, "name": "httpd", "state": "started"}
8. facts侦测模块
把主机上面的基本信息全部侦测一般,这个模块一般不单独用,一般都是配合playbook使用,
单独的用的话一般加个filter过滤参数,比如我要获取网卡信息:
[root@monitor ~]120.25.145.42 | success >> { "ansible_facts": { "ansible_eth0": { "active": true, "device": "eth0", "ipv4": { "address": "10.116.133.68", "netmask": "255.255.248.0", "network": "10.116.128.0" }, "macaddress": "00:16:3e:00:00:ab", "module": "xen_netfront", "mtu": 1500, "promisc": false, "type": "ether" }, "ansible_eth1": { "active": true, "device": "eth1", "ipv4": { "address": "120.25.145.42", "netmask": "255.255.252.0", "network": "120.25.144.0" }, "macaddress": "00:16:3e:00:18:9b", "module": "xen_netfront", "mtu": 1500, "promisc": false, "type": "ether" } }, "changed": false}