Ansible简单安装和批量配置

Ansible

ansible不需要任何agent,除了sshd,在ansible不执行时不占用管控端任何资源(默认支持ssh,也支持其他)
ansible也没有服务端,只有在需要时执行命令即可
ansible基于模块工作,执行命令,脚本,计划任务等都需要一个模块来实现,ansible有近百个模块,模块可以由任意编程语言开发
ansible支持yaml语言任务列表,来做多主机多任务

ansible由python研发

YAML语法和其他语法类似,可以简单表达清单,散列,标量等数据结构。其结构(structure)通过空格来展示,序列(sequence)里的项用“-”来代表,map里的键值对用“:"分割。如下实例:
- hosts: 主机名或组名,可以是多个
vars:
http_prot:80
max_clients:256
remote_user:root
tashs: 任务
- name:任务名称
yum: name=httpd state=latest 安装httpd
- name:
service: name=httpd state=started 确保安装后能够启动
下载ansible:

https://pypi.python.org/pypi/ansible
http://pkgs.org/download/ansible
https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz

一,编译安装ansible
1,安装依赖包:

yum install  python-jinja2 PyYAML python-paramiko python-babel python-crypto pip* gcc python-devel
wget -P /usr/local/ https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz && cd /usr/local
tar xf ansible-2.0.1.0.tar.gz
ln -sv ansible-2.0.1.0 ansible
cd ansible
python setup.py build
python setup.py install
mkdir /etc/ansible
cp -r examples/* /etc/ansible
[root@yum-down bin]# ls /etc/ansible/
ansible.cfg   配置文件
hosts  主机文件
yum remove python-jinja2 PyYAML python-paramiko python-babel python-crypto gcc python-devel

在hosts文件中,定义主机可以单独写主机名或者ip,也可以使用[主机组],或者通配符www.[1*].com

1,添加主机:

[db-server]
192.168.1.7
192.168.1.8
[web-server]
192.168.1.4

2,添加ssh-key

[root@yum-down ansible]# ssh-keygen -t rsa -P ''
[root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.4
[root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.7
[root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.8

3,查看时间

[root@yum-down bin]# ./ansible all -a 'date'
192.168.1.7 | SUCCESS | rc=0 >>
Sat Apr  9 05:58:16 PDT 2016

192.168.1.8 | SUCCESS | rc=0 >>
Sat Apr  9 05:58:16 PDT 2016

192.168.1.4 | SUCCESS | rc=0 >>
Sat Apr  9 05:58:16 PDT 2016

[root@yum-down bin]# ./ansible all -m command -a 'date'
192.168.1.4 | SUCCESS | rc=0 >>
Sat Apr  9 05:58:36 PDT 2016

192.168.1.7 | SUCCESS | rc=0 >>
Sat Apr  9 05:58:36 PDT 2016

192.168.1.8 | SUCCESS | rc=0 >>
Sat Apr  9 05:58:36 PDT 2016

[root@yum-down bin]# ./ansible all -m command -a 'service httpd status'
192.168.1.7 | FAILED | rc=3 >>
httpd is stopped

192.168.1.8 | FAILED | rc=3 >>
httpd is stopped

192.168.1.4 | FAILED | rc=3 >>
httpd is stopped

4,列出所有模块的支持
[root@yum-down bin]# ./ansible-doc -l
查看模块的参数帮助
[root@yum-down bin]# ./ansible-doc -s copy

二,yum安装 yum -y install ansible即可
1,文件推送copy
将root下epel-release-6-8.noarch.rpm推送到db-server组中机器的opt目录下

[root@node ansible]# ansible db-server -m copy -a "src=/root/epel-release-6-8.noarch.rpm dest=/opt/"
192.168.1.8 | success >> {
    "changed": true, 
    "checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a", 
    "dest": "/opt/epel-release-6-8.noarch.rpm", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "2cd0ae668a585a14e07c2ea4f264d79b", 
    "mode": "0644", 
    "owner": "root", 
    "size": 14540, 
    "src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-117005813385704/source", 
    "state": "file", 
    "uid": 0
}

192.168.1.7 | success >> {
    "changed": true, 
    "checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a", 
    "dest": "/opt/epel-release-6-8.noarch.rpm", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "2cd0ae668a585a14e07c2ea4f264d79b", 
    "mode": "0644", 
    "owner": "root", 
    "size": 14540, 
    "src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-59861356394345/source", 
    "state": "file", 
    "uid": 0
}

[root@node ansible]#

2,验证

[root@node ansible]# ansible db-server -a "ls /opt"
192.168.1.8 | success | rc=0 >>
epel-release-6-8.noarch.rpm
logstash
rh

192.168.1.7 | success | rc=0 >>
epel-release-6-8.noarch.rpm
rh

[root@node ansible]# 

定义cron任务

[root@node ansible]# ansible all -m cron -a'name="custom job" minute=*/3 hour=* day=*  month=* weekday=* job="/usr/sbin/ntpdate 192.168.1.6"'
192.168.1.7 | success >> {
    "changed": true, 
    "jobs": [
        "custom job", 
        "linuxea job"
    ]
}

192.168.1.4 | success >> {
    "changed": true, 
    "jobs": [
        "custom job", 
        "linuxea job"
    ]
}

192.168.1.8 | success >> {
    "changed": true, 
    "jobs": [
        "custom job", 
        "linuxea job"
    ]
}

查看:

[root@node ansible]# ansible all -a "crontab -l"
192.168.1.7 | success | rc=0 >>
#Ansible: custom job
*/3 * * * * /usr/sbin/ntpdate 192.168.1.6

192.168.1.8 | success | rc=0 >>
#Ansible: custom job
*/3 * * * * /usr/sbin/ntpdate 192.168.1.6

192.168.1.4 | success | rc=0 >>
#Ansible: custom job
*/3 * * * * /usr/sbin/ntpdate 192.168.1.6

[root@node ansible]# 

创建组:

[root@node ansible]# ansible-doc -s group
  action: group
      gid                    # Optional `GID' to set for the group.
      name=                  # Name of the group to manage.
      state                  # Whether the group should be present or not on the remote host.
      system                 # If `yes', indicates that the group created is a system group.
[root@node ansible]# ansible all -m group -a "gid=300 system=yes name=mysql"
192.168.1.8 | success >> {
    "changed": true, 
    "gid": 300, 
    "name": "mysql", 
    "state": "present", 
    "system": true
}

192.168.1.7 | success >> {
    "changed": true, 
    "gid": 300, 
    "name": "mysql", 
    "state": "present", 
    "system": true
}

192.168.1.4 | success >> {
    "changed": true, 
    "gid": 300, 
    "name": "mysql", 
    "state": "present", 
    "system": true
}

[root@node ansible]# ansible all -a "tail -1 /etc/group"
192.168.1.4 | success | rc=0 >>
mysql:x:300:

192.168.1.7 | success | rc=0 >>
mysql:x:300:

192.168.1.8 | success | rc=0 >>
mysql:x:300:

[root@node ansible]# 

yum安装

[root@yum-down ~]# ansible-doc -s yum
  action: yum
      conf_file      指定配置文件      
      disable_gpg_check     
      disablerepo           
      enablerepo           
      list            .
      name=             
      state                 
      update_cache         
安装corosync
[root@yum-down ~]# ansible all -m yum -a "state=present name=corosync"

[root@yum-down ~]# ansible all -a "rpm -qa corosync"
192.168.1.4 | success | rc=0 >>
corosync-1.4.7-2.el6.x86_64

192.168.1.8 | success | rc=0 >>
corosync-1.4.7-2.el6.x86_64

192.168.1.7 | success | rc=0 >>
corosync-1.4.7-2.el6.x86_64

[root@yum-down ~]# 

启动服务:

[root@yum-down ~]# ansible all -m service -a "state=started name=httpd enabled=yes"
192.168.1.7 | success >> {
    "changed": false, 
    "enabled": true, 
    "name": "httpd", 
    "state": "started"
}

192.168.1.8 | success >> {
    "changed": false, 
    "enabled": true, 
    "name": "httpd", 
    "state": "started"
}

192.168.1.4 | success >> {
    "changed": true, 
    "enabled": true, 
    "name": "httpd", 
    "state": "started"
} 

查看

[root@yum-down ~]# ansible all -a "service httpd status"
192.168.1.4 | success | rc=0 >>
httpd (pid  3702) is running...

192.168.1.7 | success | rc=0 >>
httpd (pid  4046) is running...

192.168.1.8 | success | rc=0 >>
httpd (pid  4097) is running...

[root@yum-down ~]# 

执行多个命令

[root@yum-down ~]# cat linuxea.yaml 
- hosts: all 所有主机
  remote_user: root 执行用户
  tasks:
    - name: add group 添加用户
      group: gid=1000 name=linuxea system=no
    - name: excute a command 执行时间
      command: /bin/date
[root@yum-down ~]# 

执行

[root@yum-down ~]# ansible-playbook linuxea.yaml 

PLAY [all] ******************************************************************** 

GATHERING FACTS *************************************************************** 
ok: [192.168.1.7]
ok: [192.168.1.8]
ok: [192.168.1.4]

TASK: [add group] ************************************************************* 
changed: [192.168.1.4]
changed: [192.168.1.8]
changed: [192.168.1.7]

TASK: [excute a command] ****************************************************** 
changed: [192.168.1.4]
changed: [192.168.1.7]
changed: [192.168.1.8]

PLAY RECAP ******************************************************************** 
192.168.1.4                : ok=3    changed=2    unreachable=0    failed=0   
192.168.1.7                : ok=3    changed=2    unreachable=0    failed=0   
192.168.1.8                : ok=3    changed=2    unreachable=0    failed=0   

[root@yum-down ~]# 

批量替换文件
修改httpd端口为801,而后将文件推送并且重启服务

[root@yum-down ~]# cat web.yaml
- hosts: all
  remote_user: root
  tasks: 
    - name: ensure apache latest version 确保apache是最新版本
      yum:  state=latest name=httpd  确保httpd安装
    - name: copy configure file  复制文件
      copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf force=yes 复制文件
      notify: 复制完成执行的任务
        - restart httpd
  handlers: 重启,这里如果文件被修改则被激活,并且重启
    - name: restart httpd
      service: name=httpd state=restarted
[root@yum-down ~]# 

执行

[root@yum-down ~]# ansible-playbook web.yaml 

PLAY [all] ******************************************************************** 

GATHERING FACTS *************************************************************** 
ok: [192.168.1.4]
ok: [192.168.1.7]
ok: [192.168.1.8]

TASK: [ensure apache latest version] ****************************************** 
ok: [192.168.1.4]
ok: [192.168.1.7]
ok: [192.168.1.8]

TASK: [copy configure file] *************************************************** 
changed: [192.168.1.4]
changed: [192.168.1.7]
changed: [192.168.1.8]

NOTIFIED: [restart httpd] ***************************************************** 
changed: [192.168.1.4]
changed: [192.168.1.7]
changed: [192.168.1.8]

PLAY RECAP ******************************************************************** 
192.168.1.4                : ok=4    changed=2    unreachable=0    failed=0   
192.168.1.7                : ok=4    changed=2    unreachable=0    failed=0   
192.168.1.8                : ok=4    changed=2    unreachable=0    failed=0   

查看

[root@yum-down ~]# ansible all -a "ss -tlnp"
192.168.1.4 | success | rc=0 >>
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      128                      :::801                     :::*      users:(("httpd",4973,6),("httpd",4976,6),("httpd",4977,6),("httpd",4978,6),("httpd",4979,6),("httpd",4980,6),("httpd",4981,6),("httpd",4982,6),("httpd",4983,6))

192.168.1.7 | success | rc=0 >>
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      128                      :::801                     :::*      users:(("httpd",5302,6),("httpd",5305,6),("httpd",5306,6),("httpd",5307,6),("httpd",5308,6),("httpd",5309,6),("httpd",5310,6),("httpd",5311,6),("httpd",5312,6))

192.168.1.8 | success | rc=0 >>
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      128                      :::801                     :::*      users:(("httpd",5382,6),("httpd",5385,6),("httpd",5386,6),("httpd",5387,6),("httpd",5388,6),("httpd",5389,6),("httpd",5390,6),("httpd",5391,6),("httpd",5392,6))

[root@yum-down ~]# 

2 分享

您可以选择一种方式赞助本站

支付宝扫码赞助

支付宝扫码赞助

日期: 2016-04-10分类: Ansible

标签: ansible

发表评论