晏维
puppet与salt这2个软件都需要安装客户端,并且更新很快,每次更新都是令人蛋疼的事,尤其是salt,喜欢他的命令功能,但bug太多,不敢在公司线上使用,puppet虽然稳定,但弄命令执行的时候,需要mco配置,ansible自动化软件,他既有命令执行也有配置管理,关键开发它的语言是python,paramiko进行ssh连接,不需要安装客户端。
一、安装
1、安装第三方epel源
centos 5的epel
rpm -ivh http: //mirrors .sohu.com /fedora-epel/5/x86_64/epel-release-5-4 .noarch.rpm centos 6的epel
rpm -ivh http: //mirrors .sohu.com /fedora-epel/6/x86_64/epel-release-6-8 .noarch.rpm 查看系统版本
cat /etc/issue
2、安装ansible
yum install ansible 如果需要自定义module或者想阅读源码、使用最新版本,可以去github里下载源码
git clone https: //github .com /ansible/ansible .git 3. 查看ansible在哪里
whereis ansible
ansible: /usr/bin/ansible /etc/ansible /usr/share/ansible /usr/share/man/man1/ansible.1.gz
4. ssh密钥
# useradd ansible -s /bin/bash -m //服务端客户端都创建用户ansible
# su - ansible //服务端生成ssh-key 并分发到所有客户端
$ ssh-keygen -t ras //一直回车键到完成
$ ssh-copy-id -i ~/.ssh/id_rsa.pub ansible@192.168.0.10//也可scp等熟悉的方法拷贝过去
$ cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys //服务器本机测试用
$ ssh -p 2221 //测试ssh可否
5. 进行相关配置,添加主机
17:22:08 # cd /etc/ansible/root@ip-10-10-10-10:/etc/ansible17:23:27 # lltotal 12-rw-r--r-- 1 root root 5113 Dec 29 03:00 ansible.cfg-rw-r--r-- 1 root root 965 Dec 29 03:00 hosts其中ansible.cfg是配置文件,hosts是管理主机信息17:24:44 # cat hosts[localhost]127.0.0.1172.17.0.10[zabbix]172.17.0.2:49154172.17.0.4:49155[***]172.17.0.10
#vim /etc/ansible/ansible.cfg
[defaults]# some basic default values...hostfile = /etc/ansible/hostslibrary = /usr/share/ansibleremote_tmp = $HOME/.ansible/tmppattern = *forks = 5poll_interval = 15sudo_user = test #ask_sudo_pass = True#ask_pass = Truetransport = smartremote_port = 22
#vim /etc/sudoers
test ALL=(ALL) NOPASSWD:ALL //设置sudo
6、使用密码登陆
ansible支持正则测试
16:20:57 # ansible 127.0.0.1 -m pingSSH password: 127.0.0.1 | success >> { "changed": false, "ping": "pong"} root@ip-10-10-10-10:/etc/ansible16:21:05 # ansible all -m pingSSH password: 172.17.0.5 | success >> { "changed": false, "ping": "pong"} 172.17.0.4 | success >> { "changed": false, "ping": "pong"}
如果你有多台服务器的话,想并发运行,可以使用-f参数,默认是并发5
7、使用密钥登陆测试
11:30:35 # ansible *** -m shell -a "echo hello world" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>hello world
8. 模块相关命令
ansible <pattern_goes_here> -m<module_name> -a <arguments>
选项
-i 设备列表路径,可制定一些动态路径
-f 并行任务数
–private-key 私钥路径
-m 模块名
-M 模块夹在路径
-a 参数
-k 登陆密码
-K sudo密码
-t 输出结果保存路径
-B 后台运行超时时间
-P 调查后台程序时间
-u 执行用户
-U sudo用户
-l 限制设备范围
-s是此用户sudo无需输入密码
9.体验命令操作
(1)用户类操作
$ ansible webtest -m group -a"name=jjgame state=present" -s
$ ansible webtest -m user -a"name=utest groups=jjgame state=present" -s
$ ansible webtest -m user -a"name=utest state=absent remove=yes" -s
(2)服务安装管理
$ ansible local -a 'sudo apt-get -y installnginx'
$ ansible local -a "sudo /etc/init.d/nginx stop"
$ ansible local -a "sudo /etc/init.d/nginx start"
$ ansible webtest -m service -a "name=nginx state=running" -s
(3)其他测试过的
$ ansible datacenter -a 'ls -l /root' -s
$ ansible datacenter -a 'mv /root/old.tar.gz /root/new.tar.gz' -s
$ ansible datacenter -m file -a'path=/root/new.tar.gz' -s //查看文件属性
$ ansible datacenter -a 'rm -rf /root/directory' -s //删除目录
$ ansible all -m command -a "/bin/echo hello world " --ask-pass
$ ansible all -m ping --ask-pass -u root
$ ansible all -m script -a "/root/hequan/shell/t.sh" -k
$ ansible all -m copy -a "src=/root/hequan/shell/t.sh dest=/tmp/ mode=755 owner=rootgroup=root" -k -u root
$ ansible all -m file -a"dest=/tmp/t.sh mode=755 owner=root group=root" -k -u root
$ ansible all -i /etc/ansible/serverlist -m shell -a "/tmp/t.sh" -k -u root
$ ansible webtest -m get_url -a "url=http://192.168.0.8/sa/sh.tar.gz dest=/tmp/" -s
$ ansible webtest -a "sudo tar zxvf/tmp/sh.tar.gz -C /tmp/" -s //不指定解压目录,会解压到/home/ansible目录下
$ ansible webtest -a "sudo /tmp/lansa_sh/t.sh" –s
# ansible all -m get_url -a "url=http://192.168.24.14/sa.tar.gz dest=/tmp/" -k # 下载
# ansible all -a 'md5sum /tmp/sa.tar.gz' -k # md5校验
# ansible all -m raw -a 'ls -l /tmp |grepsa' -k # 查看下载文件,注意 raw
# ansible all -m raw -a 'chmod +x/tmp/sa/*.sh' -k # 赋予执行权限对*.sh文件或以下单文件:
# ansible all -m file -a "path=/tmp/sa/game_os.sh owner=root group=root mode=0755" -k
# ansible all -a '/tmp/sa/os.sh' -k # 执行脚本,注意脚本中必须使用绝对路径
这里也有一堆模块 没事的自己去看吧
不想看那里的,那就看这里的吧
ansible-doc -l太多了 想看详细用法 那就这样吧 (比如只看yum的)ansible-doc -s yum 如果想自定义的话 看这里 , 呵呵ansible叫playbook 这个东西 (就是saltstack的state东西)可以查看源码。
给个源码的地址
二、模块应用
6、文件传输
11:30:44 # ansible *** -m copy -a "src=/tmp/server dest=/tmp/server" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success >> { "changed": true, "dest": "/tmp/server", "gid": 505, "group": "test", "md5sum": "e8b32bc4d7b564ac6075a1418ad8841e", "mode": "0664", "owner": "test", "size": 7, "src": "/home/test/.ansible/tmp/ansible-1402630447.45-253524136818424/source", "state": "file", "uid": 503} 去客户端查看文件是否传输过来
11:34:57 # ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>total 76-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rw-rw-r-- 1 test test 7 Jun 13 19:33 server-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 3124 Jun 12 21:32 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 12 21:32 zabbix_agentd.pid
可以看到已经传过来了
看看文件内容,内容正常
11:35:09 # ansible *** -m shell -a "cat /tmp/server" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>server
7. 模块file,可以修改用户与权限
下面是当前文件状态
13:50:07 # ansible *** -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>-rw-rw-r-- 1 test test 7 Jun 13 19:33 /tmp/server
server文件是664权限,用户与组都是test
修改一下
13:51:17 # ansible *** -m file -a "dest=/tmp/server mode=755 owner=root group=root" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success >> { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/server", "size": 7, "state": "file", "uid": 0} root@ip-10-10-10-10:/etc/ansible13:51:31 # ansible *** -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>-rwxr-xr-x 1 root root 7 Jun 13 19:33 /tmp/server 7、安装软件
14:20:30 # ansible *** -m yum -a "name=nmap state=installed" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success >> { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, security\nLoading mirror speeds from cached hostfile\n * epel: mirrors.hust.edu.cn\nSetting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package nmap.x86_64 2:5.51-3.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n nmap x86_64 2:5.51-3.el6 Base 2.7 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.7 M\nInstalled size: 9.7 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 2:nmap-5.51-3.el6.x86_64 1/1 \n\r Verifying : 2:nmap-5.51-3.el6.x86_64 1/1 \n\nInstalled:\n nmap.x86_64 2:5.51-3.el6 \n\nComplete!\n" ]}
三、playbook配置管理
8、playbook
A.进行一下shell模块操作,测试删除文件
先查看一下客户端的server-test是否存在
[root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>-rw-rw-r-- 1 test test 7 Jun 14 00:37 /tmp/server-test
可以看到是存在的
然后写一个删除的playbook[root@puppet ansible]# cat test.yml ---- hosts: *** remote_user: test tasks: - name: delete /tmp/server-test shell: rm -rf /tmp/server-test
运行
[root@puppet ansible]# ansible-playbook test.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [delete /tmp/server-test] *********************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
在进行查看,发现文件已经删除
[root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | FAILED | rc=2 >>ls: cannot access /tmp/server-test: No such file or directory
B.进行一下template模块操作,测试文件传输
[root@puppet ansible]# cat copy.yml ---- hosts: *** remote_user: test tasks: - name: copy local server to client /tmp/server-test template: src=/tmp/server dest=/tmp/server-test[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [copy local server to client /tmp/server-test] ************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 [root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>-rw-rw-r-- 1 test test 7 Jun 14 17:07 /tmp/server-test
C.使用service模块,测试一下服务重启
[root@puppet ansible]# ansible *** -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -K -sSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>Shutting down pptpd: [ OK ][root@puppet ansible]# ansible *** -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -K -sSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>Shutting down pptpd: [ OK ]
D.多项目同时更新
[root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 84-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid [root@puppet ansible]# vim multi_copy.yml [root@puppet ansible]# cat multi_copy.yml ---- hosts: *** remote_user: test gather_facts: False tasks: - name: copy local server to client /tmp/server-test template: src=/tmp/server dest=/tmp/test-`item` with_items: - server-1 - server-2 - server-3[root@puppet ansible]# ansible-playbook multi_copy.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** TASK: [copy local server to client /tmp/server-test] ************************** changed: [172.17.0.10] => (item=server-1)changed: [172.17.0.10] => (item=server-2)changed: [172.17.0.10] => (item=server-3) PLAY RECAP ******************************************************************** 172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0 [root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 96-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-1-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
E.根据条件进行删除
[root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 96-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-1-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid [root@puppet ansible]# cat delete.yml ---- hosts: *** remote_user: test gather_facts: True tasks: - name: if system is centos,then rm /tmp/test-server-1 shell: rm -rf /tmp/test-server-1 when: ansible_os_family == "RedHat" [root@puppet ansible]# ansible-playbook delete.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-1] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 [root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
F.debug输出
[root@puppet ansible]# cat debug.yml ---- hosts: *** remote_user: test gather_facts: True tasks: - name: debug to print interface debug: msg="`item`" with_items: ansible_default_ipv4.address[root@puppet ansible]# ansible-playbook debug.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [debug to print interface] ********************************************** ok: [172.17.0.10] => (item=10.10.32.34) => { "item": "10.10.32.34", "msg": "10.10.32.34"} G.check模式,仅检测,但不进行执行
[root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid [root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --check [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [copy local server to client /tmp/server-test] ************************** changed: [172.17.0.10] => (item=server-1)ok: [172.17.0.10] => (item=server-2)ok: [172.17.0.10] => (item=server-3) PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=0 unreachable=0 failed=0
H.diff
使用diff与不使用作对比,使用diff可以看到详细变化情况
[root@puppet ansible]# ansible *** -m shell -a "rm -rf /tmp/test-server-1" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >> [root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid [root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --diff [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [copy local server to client /tmp/server-test] ************************** --- before +++ after @@ -1,0 +1,1 @@+server changed: [172.17.0.10] => (item=server-1) ok: [172.17.0.10] => (item=server-2) ok: [172.17.0.10] => (item=server-3) PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
9、主机信息查看
类似puppet的fact、salt的grains,数据太多,我就展示部分。
[root@puppet ansible]# ansible *** -m setup -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "10.10.32.34", "10.10.32.34" ], "ansible_all_ipv6_addresses": [ "fe80::f816:3eff:fe3e:1667" ], "ansible_architecture": "x86_64", "ansible_bios_date": "01/01/2007", "ansible_bios_version": "Bochs", "ansible_cmdline": { "KEYBOARDTYPE": "pc", "KEYTABLE": "us", "LANG": "zh_CN.UTF-8", "quiet": true, "rd_NO_DM": true, "rd_NO_LUKS": true, "rd_NO_LVM": true, "rd_NO_MD": true, "rhgb": true, "ro": true, "root": "UUID=c6042d42-8edb-4bb4-a31b-2197b043500c" },
10、优化ansible-playbook运行时间
默认playbook是进行客户端fact搜集,一般如果你配置里没有使用fact,可以关闭这样就能减少运行时间
A: 没有优化的时候
[root@puppet ansible]# cat shell.yml ---- hosts: *** remote_user: test# gather_facts: False tasks: - name: echo hi shell: echo "hi"[root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [echo hi] *************************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 real 0m8.396suser 0m0.796ssys 0m0.158s [root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [echo hi] *************************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 real 0m3.409suser 0m0.716ssys 0m0.099s
可以看到第一次8s,后1次都是3s
B: 下面是优化后(未使用fact)
[root@puppet ansible]# cat shell.yml ---- hosts: *** remote_user: test gather_facts: False tasks: - name: echo hi shell: echo "hi"[root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** TASK: [echo hi] *************************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0 real 0m2.758suser 0m0.585ssys 0m0.096s[root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** TASK: [echo hi] *************************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0 real 0m2.359suser 0m0.565ssys 0m0.077s
运行时间就是2s
11、自定义模块
默认的模块放到/usr/share/ansible
在这个目录创建一个目录hostname,然后把下面文件放到此目录
15:03:26 # cat /usr/share/ansible/hostname/hostname #!/bin/bash#This script is modify system hostnameset -e# This is potentially dangeroussource ${1}OLDHOSTNAME="$(hostname)"CHANGED="False"if [ ! -z "$hostname" -a "${hostname}x" != "${OLDHOSTNAME}x" ];thenhostname $hostnameOLDHOSTNAME="$hostname"CHANGED="True"fiecho "hostname=${OLDHOSTNAME} changed=${CHANGED}"exit 0 查看一下***的当前hostname
15:03:29 # ansible *** -m shell -a "hostname" -u test --private-key=denglei -kSSH password: 172.17.0.10 | success | rc=0 >>ip-10-10-32-34
然后编写playbook
15:04:14 # cat /etc/ansible/hostname.yml - name: Test the hostname file hosts: *** tasks: - name: Set the hostname hostname: hostname=ip-10-10-32-34
运行这个模块, -M用于指定模块的文件路径
15:04:37 # ansible-playbook hostname.yml -u test --private-key=denglei -M /usr/share/ansible/hostname -kSSH password: PLAY [Test the hostname file] ************************************************* GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [Set the hostname] ****************************************************** ok: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=0 unreachable=0 failed=0
然后修改一下hostname.yml的主机名
16:20:00 # cat hostname.yml - name: Test the hostname file hosts: *** tasks: - name: Set the hostname hostname: hostname=ip-10-10-32-34-test
在playbook运行这个模块
16:26:46 # ansible-playbook hostname.yml -u test --private-key=denglei -M /usr/share/ansible/hostname -k -K -sSSH password: sudo password [defaults to SSH password]: PLAY [Test the hostname file] ************************************************* GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [Set the hostname] ****************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 root@ip-10-10-10-10:/etc/ansible16:26:55 # ansible *** -m shell -a "hostname" -u test --private-key=denglei -kSSH password: 172.17.0.10 | success | rc=0 >>ip-10-10-32-34-test
12、playbook扩展var
扩展var就是在playbook的yml里写入变量,在执行的时候制定变量从而执行,大大的提供了重复使用率
[root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 96-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 01:44 test-server-1-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
可以看到有test-server-1文件
在看看playbook文件内容
root@puppet ansible]# cat delete_vars.yml ---- hosts: `host` remote_user: `user` gather_facts: `gather` tasks: - name: if system is centos,then rm /tmp/test-server-1 shell: rm -rf /tmp/test-server-1 when: ansible_os_family == "RedHat"
执行前先检测一下语法是否有问题,使用--syntax-check
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=*** user=test gather=False" -k --syntax-check [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). ERROR: Syntax Error while loading YAML script, delete_vars.ymlNote: The error may actually appear before this position: line 2, column 11 ---- hosts: `host` ^This one looks easy to fix. YAML thought it was looking for the start of a hash/dictionary and was confused to see a second "{". Most likely this wasmeant to be an ansible template evaluation instead, so we have to give the parser a small hint that we wanted a string instead. The solution here is to just quote the entire value. For instance, if the original line was: app_path: { { base_path }}/foo It should be written as: app_path: "{ { base_path }}/foo" We could be wrong, but this one looks like it might be an issue withmissing quotes. Always quote template expression brackets when they start a value. For instance: with_items: - { { foo }} Should be written as: with_items: - "{ { foo }}" This one looks easy to fix. YAML thought it was looking for the start of a hash/dictionary and was confused to see a second "{". Most likely this wasmeant to be an ansible template evaluation instead, so we have to give the parser a small hint that we wanted a string instead. The solution here is to just quote the entire value. For instance, if the original line was: app_path: { { base_path }}/foo It should be written as: app_path: "{ { base_path }}/foo"
可以看到有问题
解决方法是把var的变量前后添加""或者''
[root@puppet ansible]# cat delete_vars.yml ---- hosts: "`host`" remote_user: "`user`" gather_facts: "`gather`" tasks: - name: if system is centos,then rm /tmp/test-server-1 shell: rm -rf /tmp/test-server-1 when: ansible_os_family == "RedHat"
然后再检测一下
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=*** user=test gather=False" -k --syntax-check [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). playbook: delete_vars.yml
没有问题了,现在运行一下
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=*** user=test gather=False" -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** TASK: [if system is centos,then rm /tmp/test-server-1] ************************ fatal: [172.17.0.10] => error while evaluating conditional: ansible_os_family == "RedHat" FATAL: all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/root/delete_vars.retry 172.17.0.10 : ok=0 changed=0 unreachable=1 failed=0
无法运行,原因是我yml里制定了获取fact信息后,判断如果是redhat系列系统才删除,
而我在运行的指定不收集fact,
下面在指定收集fact
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=*** user=test gather=True" -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-1] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
可以看到发现运行成功了,文件已经删除了。
[root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
13、tags
A: 使用tag可以让playbook选择性的运行程序
查看一下客户端情况
[root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
带有tag的yml文件
[root@puppet ansible]# cat delete_vars_tags.yml ---- hosts: "`host`" remote_user: "`user`" gather_facts: "`gather`" tasks: - name: if system is centos,then rm /tmp/test-server-1 shell: rm -rf /tmp/test-server-1 when: ansible_os_family == "RedHat" tags: server-1 - name: if system is centos,then rm /tmp/test-server-2 shell: rm -rf /tmp/test-server-2 when: ansible_os_family == "RedHat" tags: server-2
做一下错误检测--syntax-check
[root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=*** user=test gather=True" --tags server-2 -k --syntax-check [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). playbook: delete_vars_tags.yml
没问题在运行
[root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=*** user=test gather=True" --tags server-2 -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-2] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0
查看一下客户端的文件情况
[root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 88-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
从上面测试可以看到,如果playbook使用了tag,并且在运行中指定tag,那么运行时候仅允许此tag的信息
B: 下面是测试运行时候不带tag的情况
先创建文件
[root@puppet ansible]# cat copy.yml ---- hosts: *** remote_user: test tasks: - name: copy local server to client /tmp/server-test template: src=/tmp/server dest=/tmp/test-`item` with_items: - server-1 - server-2 - server-3[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [copy local server to client /tmp/server-test] ************************** changed: [172.17.0.10] => (item=server-1)changed: [172.17.0.10] => (item=server-2)ok: [172.17.0.10] => (item=server-3) PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 [root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 96-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 19 19:02 test-server-1-rw-rw-r-- 1 test test 7 Jun 19 19:02 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
然后再不指定tag运行,可以看到如果不知道tag,那么运行的时候,会全部运行。
[root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=*** user=test gather=True" -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [***] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-1] ************************ changed: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-2] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=3 changed=2 unreachable=0 failed=0 [root@puppet ansible]# ansible *** -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 88-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_***.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 ***_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid
常见出现错误问题:
1、出现Error: ansible requires a json module, none found!
SSH password: 172.17.0.4 | FAILED >> { "failed": true, "msg": "Error: ansible requires a json module, none found!", "parsed": false} 原因是python版本过低,要不升级python要不就安装python-simplejson
安装完成后,在查看
SSH password: 172.17.0.4 | success >> { "changed": false, "ping": "pong"}
2、默认ansible是使用key验证的,如果使用密码登陆的服务器,使用ansible的话,要不修改ansible.cfg配置文件的ask_pass = True给取消注释,要不就在运行命令时候加上-k,这个意思是-k, --ask-pass ask for SSH password
3、如果客户端不在know_hosts里将会报错
paramiko: The authenticity of host '172.17.0.5' can't be established. The ssh-rsa key fingerprint is 397c139fd4b0d763fcffaee346a4bf6b. Are you sure you want to continue connecting (yes/no)?
如果想解决此问题,需要修改ansible.cfg的#host_key_checking = False取消注释。
4、如果出现
[root@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei172.17.0.2 | FAILED => FAILED: not a valid DSA private key file172.17.0.4 | FAILED => FAILED: not a valid DSA private key file
需要你在最后添加参数-k
[root@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei -kSSH password: 172.17.0.2 | success | rc=0 >>xterm 172.17.0.4 | success | rc=0 >>xterm
转载: