ansible是基于python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的事ansible所运行的模块,ansible只是提供了一种框架。
主要包括:
1、链接插件connection plugins:负责和被监控端实现通信;
2、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
3、模块:core modules、command模块、自定义模块;
4、plugins(email,logging,other):借助于插件完成记录日志邮件等功能;
5、playbooks:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
如图:
特点:
1、不需要再被监控主机上安装任何客户端;
2、无服务器端,使用时直接运行命令即可;
3、基于模块工作,可使用任意语言开发模块;
4、使用yaml语言定制剧本playbook;
5、基于ssh工作;
6、可实现多级指挥。
优点:
1、轻量级,安装简便,更新时,只需在操作机上进行一次更新即可;
2、批量任务执行可写成脚本,而且不用分发到远程就可执行;
3、使用python编写,维护简单;
4、支持sudo。
工作流程:
二、ansible安装
1、安装环境:
系统:CentOS release 6.5 and ubuntu 16.04.1
内核:Linux 2.6.32-431.el6.x86_64
Python:2.6或2.7
主机ip:192.168.1.123
被控机ip:192.168.1.124
2、安装方法:
2.1、pip安装:
#yum install python-pip python-devel -y
#pip install ansible --upgrade
2.2、source安装:
#git clone git://github.com/ansible/ansible.git --recursive
#cd ./ansible
#source ./hacking/env-setup
2.3、apt-get安装:
#apt-get install software-properties-common
#apt-add-repository ppa:ansible/ansible
#apt-get update
#apt-get install ansible
2.4、yum安装:
yum安装ansible
说明:ansible YAML格式,无client,去中心化;安装只依赖ssh,python;控制服务器(Master)需要安装Python2.6/7,windows无法安装ansible。被管理的服务器(Managed Node)需要安装Python2.4以上的版本,如低于2.5,需安装python-simplejson。
点击(此处)折叠或打开
-
python版本
-
# python -V
-
Python 2.6.6
-
配置epel(企业版 Linux 附加软件包)源
- #wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
- 或
- #rpm -Uvh
- #rpm -Uvh
- #rpm -Uvh http://mirror-fpt-telecom.fpt.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
- #rpm -Uvh
- #rpm -Uvh
-
#yum install -y ansible
-
-
Loaded plugins: fastestmirror, security
-
Loading mirror speeds from cached hostfile
-
* epel: mirrors.aliyun.com
-
base | 3.7 kB 00:00
-
epel | 4.3 kB 00:00
-
epel/primary_db | 5.9 MB 00:09
-
extras | 3.4 kB 00:00
-
updates | 3.4 kB 00:00
-
updates/primary_db | 4.7 MB 00:08
-
Setting up Install Process
-
Resolving Dependencies
-
--> Running transaction check
-
---> Package ansible.noarch 0:2.0.1.0-2.el6 will be installed
-
--> Processing Dependency: sshpass for package: ansible-2.0.1.0-2.el6.noarch
-
--> Processing Dependency: python-six for package: ansible-2.0.1.0-2.el6.noarch
-
--> Processing Dependency: python-simplejson for package: ansible-2.0.1.0-2.el6.noarch
-
--> Processing Dependency: python-keyczar for package: ansible-2.0.1.0-2.el6.noarch
-
--> Processing Dependency: python-jinja2-26 for package: ansible-2.0.1.0-2.el6.noarch
-
--> Processing Dependency: python-httplib2 for package: ansible-2.0.1.0-2.el6.noarch
-
--> Processing Dependency: python-crypto2.6 for package: ansible-2.0.1.0-2.el6.noarch
-
--> Processing Dependency: PyYAML for package: ansible-2.0.1.0-2.el6.noarch
-
--> Running transaction check
-
---> Package PyYAML.x86_64 0:3.10-3.1.el6 will be installed
-
--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-3.1.el6.x86_64
-
---> Package python-crypto2.6.x86_64 0:2.6.1-2.el6 will be installed
-
---> Package python-httplib2.noarch 0:0.7.7-1.el6 will be installed
-
---> Package python-jinja2-26.noarch 0:2.6-3.el6 will be installed
-
--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-26-2.6-3.el6.noarch
-
--> Processing Dependency: python-markupsafe for package: python-jinja2-26-2.6-3.el6.noarch
-
---> Package python-keyczar.noarch 0:0.71c-1.el6 will be installed
-
--> Processing Dependency: python-pyasn1 for package: python-keyczar-0.71c-1.el6.noarch
-
---> Package python-simplejson.x86_64 0:2.0.9-3.1.el6 will be installed
-
---> Package python-six.noarch 0:1.9.0-2.el6 will be installed
-
---> Package sshpass.x86_64 0:1.05-1.el6 will be installed
-
--> Running transaction check
-
---> Package libyaml.x86_64 0:0.1.3-4.el6_6 will be installed
-
---> Package python-babel.noarch 0:0.9.4-5.1.el6 will be installed
-
---> Package python-markupsafe.x86_64 0:0.9.2-4.el6 will be installed
-
---> Package python-pyasn1.noarch 0:0.0.12a-1.el6 will be installed
-
--> Finished Dependency Resolution
-
-
Dependencies Resolved
-
-
=====================================================================================================================
-
Package Arch Version Repository Size
-
=====================================================================================================================
-
Installing:
-
ansible noarch 2.0.1.0-2.el6 epel 2.9 M
-
Installing for dependencies:
-
PyYAML x86_64 3.10-3.1.el6 base 157 k
-
libyaml x86_64 0.1.3-4.el6_6 base 52 k
-
python-babel noarch 0.9.4-5.1.el6 base 1.4 M
-
python-crypto2.6 x86_64 2.6.1-2.el6 epel 513 k
-
python-httplib2 noarch 0.7.7-1.el6 epel 70 k
-
python-jinja2-26 noarch 2.6-3.el6 epel 527 k
-
python-keyczar noarch 0.71c-1.el6 epel 219 k
-
python-markupsafe x86_64 0.9.2-4.el6 base 22 k
-
python-pyasn1 noarch 0.0.12a-1.el6 base 70 k
-
python-simplejson x86_64 2.0.9-3.1.el6 base 126 k
-
python-six noarch 1.9.0-2.el6 base 28 k
-
sshpass x86_64 1.05-1.el6 epel 19 k
-
-
Transaction Summary
-
=====================================================================================================================
-
Install 13 Package(s)
-
-
Total download size: 6.1 M
-
Installed size: 25 M
-
Downloading Packages:
-
(1/13): PyYAML-3.10-3.1.el6.x86_64.rpm | 157 kB 00:00
-
(2/13): ansible-2.0.1.0-2.el6.noarch.rpm | 2.9 MB 00:04
-
(3/13): libyaml-0.1.3-4.el6_6.x86_64.rpm | 52 kB 00:00
-
(4/13): python-babel-0.9.4-5.1.el6.noarch.rpm | 1.4 MB 00:02
-
(5/13): python-crypto2.6-2.6.1-2.el6.x86_64.rpm | 513 kB 00:00
-
(6/13): python-httplib2-0.7.7-1.el6.noarch.rpm | 70 kB 00:00
-
(7/13): python-jinja2-26-2.6-3.el6.noarch.rpm | 527 kB 00:00
-
(8/13): python-keyczar-0.71c-1.el6.noarch.rpm | 219 kB 00:00
-
(9/13): python-markupsafe-0.9.2-4.el6.x86_64.rpm | 22 kB 00:00
-
(10/13): python-pyasn1-0.0.12a-1.el6.noarch.rpm | 70 kB 00:00
-
(11/13): python-simplejson-2.0.9-3.1.el6.x86_64.rpm | 126 kB 00:00
-
(12/13): python-six-1.9.0-2.el6.noarch.rpm | 28 kB 00:00
-
(13/13): sshpass-1.05-1.el6.x86_64.rpm | 19 kB 00:00
-
---------------------------------------------------------------------------------------------------------------------
-
Total 105 kB/s | 6.1 MB 00:59
-
Running rpm_check_debug
-
Running Transaction Test
-
Transaction Test Succeeded
-
Running Transaction
-
Installing : python-markupsafe-0.9.2-4.el6.x86_64 1/13
-
Installing : sshpass-1.05-1.el6.x86_64 2/13
-
Installing : python-crypto2.6-2.6.1-2.el6.x86_64 3/13
-
Installing : python-simplejson-2.0.9-3.1.el6.x86_64 4/13
-
Installing : python-httplib2-0.7.7-1.el6.noarch 5/13
-
Installing : python-pyasn1-0.0.12a-1.el6.noarch 6/13
-
Installing : python-keyczar-0.71c-1.el6.noarch 7/13
-
Installing : libyaml-0.1.3-4.el6_6.x86_64 8/13
-
Installing : PyYAML-3.10-3.1.el6.x86_64 9/13
-
Installing : python-six-1.9.0-2.el6.noarch 10/13
-
Installing : python-babel-0.9.4-5.1.el6.noarch 11/13
-
Installing : python-jinja2-26-2.6-3.el6.noarch 12/13
-
Installing : ansible-2.0.1.0-2.el6.noarch 13/13
-
Verifying : PyYAML-3.10-3.1.el6.x86_64 1/13
-
Verifying : python-babel-0.9.4-5.1.el6.noarch 2/13
-
Verifying : python-six-1.9.0-2.el6.noarch 3/13
-
Verifying : python-keyczar-0.71c-1.el6.noarch 4/13
-
Verifying : libyaml-0.1.3-4.el6_6.x86_64 5/13
-
Verifying : python-pyasn1-0.0.12a-1.el6.noarch 6/13
-
Verifying : python-httplib2-0.7.7-1.el6.noarch 7/13
-
Verifying : python-simplejson-2.0.9-3.1.el6.x86_64 8/13
-
Verifying : python-jinja2-26-2.6-3.el6.noarch 9/13
-
Verifying : python-crypto2.6-2.6.1-2.el6.x86_64 10/13
-
Verifying : sshpass-1.05-1.el6.x86_64 11/13
-
Verifying : ansible-2.0.1.0-2.el6.noarch 12/13
-
Verifying : python-markupsafe-0.9.2-4.el6.x86_64 13/13
-
-
Installed:
-
ansible.noarch 0:2.0.1.0-2.el6
-
-
Dependency Installed:
-
PyYAML.x86_64 0:3.10-3.1.el6 libyaml.x86_64 0:0.1.3-4.el6_6
-
python-babel.noarch 0:0.9.4-5.1.el6 python-crypto2.6.x86_64 0:2.6.1-2.el6
-
python-httplib2.noarch 0:0.7.7-1.el6 python-jinja2-26.noarch 0:2.6-3.el6
-
python-keyczar.noarch 0:0.71c-1.el6 python-markupsafe.x86_64 0:0.9.2-4.el6
-
python-pyasn1.noarch 0:0.0.12a-1.el6 python-simplejson.x86_64 0:2.0.9-3.1.el6
-
python-six.noarch 0:1.9.0-2.el6 sshpass.x86_64 0:1.05-1.el6
-
-
-
-
# ansible --version
-
ansible 2.0.1.0
- 查看安装包列表
- # rpm -ql ansible
-
- ansible安装完毕
点击(此处)折叠或打开
- 生成ssh公钥/私钥:ssh-keygen
- # ssh-keygen -t rsa -P ''
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa_ansible
- Your identification has been saved in /root/.ssh/id_rsa_ansible.
- Your public key has been saved in /root/.ssh/id_rsa_ansible.pub.
- The key fingerprint is:
- ae:89:e7:70:29:7e:af:6e:57:60:7b:b6:ad:fd:59:e8 root@web1
- The key's randomart image is:
- +--[ RSA 2048]----+
- | |
- | |
- | |
- | o |
- | .So |
- | o. + . |
- | o o .+ o . .|
- | . =+o. .... o |
- | o**+. ....E |
- +-----------------+
- # cat /root/.ssh/id_rsa_ansible.pub > /root/.ssh/authorized_keys
- # chmod 600 /root/.ssh/authorized_keys
- 将公钥分发到被控机
- #scp -P “端口号” /root/.ssh/authorized_keys root@192.168.1.124:/root/.ssh/
- 或
- #ssh-copy-id -i /root/.ssh/id_rsa_ansible.pub “-p “端口号” root@192.168.1.124”
- ssh报错1:
-
# ssh -p 8020 root@192.168.1.124
reverse mapping checking getaddrinfo for bogon [192.168.1.124] failed - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.124's password:
Permission denied, please try again.
root@192.168.1.124's password:
解决办法:修改被控机/etc/ssh/sshd_config中”PermitRootLogin no“为”PermitRootLogin yes“,重启sshd服务。
-
- ssh报错2:
-
# ssh -p 8020 root@192.168.1.124
ssh_exchange_identification: Connection closed by remote host
解决办法:修改/etc/hosts.allow 添加sshd:all 或者sshd:192.168.1.123 -
- 报错:
-
点击(此处)折叠或打开
-
192.168.3.72 | => {
-
"changed": false,
-
"msg": "Authentication failed.",
-
"unreachable": true
- }
-
192.168.3.72 | => {
- 解决办法修改ansible.cfg中remote_user = root
- #vim /etc/ansible/ansible.cfg
- remote_port = 22 #远程被控机端口号
-
ask_pass = True #默认ansible使用key验证,如果使用密码登陆的服务器,使用ansible命令取消注释ask_pass就不需要在命令执行的时候加上-k参数。
- private_key_file = /root/.ssh/id_rsa_ansible #使用该私钥文件进行身份验证
-
remote_user = ansible #远程用户
-
log_path = /var/log/ansible.log #ansible日志
-
remote_user = root #设置远程用户为root
-
- 添加主机
- # vim /etc/ansible/hosts
-
[web]
192.168.1.123
192.168.1.124 - 测试ansible
- 执行ansible报错:“FAILED => FAILED: not a valid DSA private key file”
- 解决方法:在执行命令行最后加-k参数。如:ansible web -m command -a 'w' -k
-
- 利用comman模块敲命令
- #ansible web -m command -a 'w'
-
192.168.1.123 | SUCCESS | rc=0 >>
22:56:33 up 1 day, 5:01, 3 users, load average: 0.07, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - 31Dec15 125days 0.13s 0.13s -bash
root pts/0 192.168.1.107 01Jan16 2.00s 2.11s 0.56s /usr/bin/python
root pts/1 192.168.1.123 22:56 0.00s 0.34s 0.00s /bin/sh -c LANG
192.168.1.124 | SUCCESS | rc=0 >>
01:49:54 up 18:39, 3 users, load average: 0.00, 0.14, 0.12
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu07 18:35m 0.13s 0.13s -bash
root pts/0 192.168.1.107 01:42 3:50 0.14s 0.14s -bash
root pts/1 192.168.1.123 01:49 0.00s 0.51s 0.00s /bin/sh -c LANG
- 查看主机运行状态
-
# ansible web -m ping
-
192.168.1.123 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.124 | SUCCESS => {
"changed": false,
"ping": "pong"
} - 查看远程主机基本信息
-
# ansible web -m setup
-
192.168.1.124 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.1.121",
"192.168.1.124"
],
"ansible_all_ipv6_addresses": [
"fe80::20c:29ff:fe58:77e6"
],
-
ansible默认提供了很多模块来供我们使用。
比较常见的模块:
copy、file、cron、group、user、yum、service、script、ping、command、raw、get_url、synchronize
点击(此处)折叠或打开
-
查看当前ansible都支持哪些模块
-
#ansible-doc -l
-
查看copy模块有哪些参数可以使用
- #ansible-doc -s copy
参考:
http://devopsh.com/537.html
http://sofar.blog.51cto.com/353572/1579894/
http://blog.csdn.net/iloveyin/article/details/46982023
http://laowafang.blog.51cto.com/251518/1380909