[关闭]
@nalan90 2017-10-20T14:50:47.000000Z 字数 8989 阅读 712

Ansible快速入门

自动化运维

摘自:http://getansible.com
示例代码: https://github.com/ansible-book/playbook-examples-chapter3-ansible-advanced

配置文件

看一个完整的anbile配置文件例子,就能基本了解到ansible都能配置什么了:
https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg

对ansible配置文件里面的关键字不能完整理解,还可以参考关键词解释列表:
http://docs.ansible.com/ansible/intro_configuration.html#explanation-of-values-by-section

ansible的默认配置文件是/etc/ansible/ansible.cfg。
其实ansible会按照下面的顺序查找配置文件,并使用第一个发现的配置文件。

配置示例

  1. [ssh_connection]
  2. pipelining=True
  3. #ssh_args = -F ./ssh-bastion.conf -o ControlMaster=auto -o ControlPersist=30m
  4. #control_path = ~/.ssh/ansible-%%r@%%h:%%p
  5. [defaults]
  6. host_key_checking=False
  7. gathering = smart
  8. fact_caching = jsonfile
  9. fact_caching_connection = /tmp
  10. stdout_callback = skippy
  11. library = ./library
  12. callback_whitelist = profile_tasks

实验使用的配置

  1. ##ansible.cfg
  2. work:ansible ys$ cat /etc/ansible/ansible.cfg
  3. [defaults]
  4. host_key_checking = False   ##关闭ssh指纹识别
  6. [ssh_connection]
  7. ssh_args=-o ForwardAgent=yes    ##开启ssh-agent forward
远程主机的分组

简单的分组[]内是组名

  1. mail.example.com
  3. [webservers]
  4. foo.example.com
  5. bar.example.com
  7. [dbservers]
  8. one.example.com
  9. two.example.com
  10. three.example.com
  12. [webservers]
  13. www[01:50].example.com
  15. [databases]
  16. db-[a:f].example.com

分组usa的子组还可以是其它的组,
例如[usa:children]中还可以包含southeast子组,
[southeast:children]中还可以包含atlanta和releigh

  1. [atlanta]
  2. host1
  3. host2
  5. [raleigh]
  6. host2
  7. host3
  9. [southeast:children]
  10. atlanta
  11. raleigh
  14. [usa:children]
  15. southeast
  16. northeast
  17. southwest
  18. northwest

实验环境分组

  1. ##HostInventory 配置文件
  2. 默认的文件是:/etc/ansible/hosts,可通过-i指定文件
  4. work:ansible ys$ cat hosts
  5. [hadoop]
  6. 172.16.1.163
  7. 172.16.1.162
  9. [web]
  10. 172.16.1.121
  11. 172.16.1.122
  12. 172.16.1.123
远程主机的连接参数和变量
  1. ##指定Server的连接参数,其中包括连接方法,用户等。
  3. [targets]
  4. localhost              ansible_connection=local
  5. other1.example.com     ansible_connection=ssh        ansible_user=mpdehaan
  6. other2.example.com     ansible_connection=ssh        ansible_user=mdehaan
  8. [atlanta]
  9. host1 http_port=80 maxRequestsPerChild=808
  10. host2 http_port=303 maxRequestsPerChild=909

所有可以指定的参数在文档中 http://docs.ansible.com/ansible/intro_inventory.html#list-of-behavioral-inventory-parameters

  1. ##为一个组指定变量
  3. [atlanta]
  4. host1
  5. host2
  7. [atlanta:vars]
  8. ntp_server=ntp.atlanta.example.com
  9. proxy=proxy.atlanta.example.com
示例命令
  1. ## 打印hello
  2. work:ansible ys$ ansible web -a "/bin/echo hello" -u zhangshuang -i hosts
  3. 172.16.1.123 | SUCCESS | rc=0 >>
  4. hello
  6. 172.16.1.122 | SUCCESS | rc=0 >>
  7. hello
  9. 172.16.1.121 | SUCCESS | rc=0 >>
  10. hello
  12. --------------------------------------------------
  14. ## ping 所有主机
  15. work:ansible ys$ ansible all -m ping -u zhangshuang -i hosts
  16. 172.16.1.162 | SUCCESS => {
  17.     "changed": false,
  18.     "ping": "pong"
  19. }
  20. 172.16.1.123 | SUCCESS => {
  21.     "changed": false,
  22.     "ping": "pong"
  23. }
  24. 172.16.1.122 | SUCCESS => {
  25.     "changed": false,
  26.     "ping": "pong"
  27. }
  28. 172.16.1.163 | SUCCESS => {
  29.     "changed": false,
  30.     "ping": "pong"
  31. }
  32. 172.16.1.121 | SUCCESS => {
  33.     "changed": false,
  34.     "ping": "pong"
  35. }
  37. --------------------------------------------------
  39. ## 文件拷贝
  40. work:ansible ys$ ansible web -m copy -a "src=/etc/hosts dest=/tmp/hosts" -u zhangshuang -i hosts
  41. 172.16.1.123 | SUCCESS => {
  42.     "changed": true,
  43.     "checksum": "f687508cb64fbe053d7c9e9ec72c4426dbb64903",
  44.     "dest": "/tmp/hosts",
  45.     "gid": 2006,
  46.     "group": "zhangshuang",
  47.     "md5sum": "080286ed718f4c63119b91820f434dd2",
  48.     "mode": "0664",
  49.     "owner": "zhangshuang",
  50.     "size": 861,
  51.     "src": "/home/zhangshuang/.ansible/tmp/ansible-tmp-1508404372.35-206978874040737/source",
  52.     "state": "file",
  53.     "uid": 2006
  54. }
  55. 172.16.1.122 | SUCCESS => {
  56.     "changed": true,
  57.     "checksum": "f687508cb64fbe053d7c9e9ec72c4426dbb64903",
  58.     "dest": "/tmp/hosts",
  59.     "gid": 2006,
  60.     "group": "zhangshuang",
  61.     "md5sum": "080286ed718f4c63119b91820f434dd2",
  62.     "mode": "0664",
  63.     "owner": "zhangshuang",
  64.     "secontext": "unconfined_u:object_r:user_tmp_t:s0",
  65.     "size": 861,
  66.     "src": "/home/zhangshuang/.ansible/tmp/ansible-tmp-1508404373.17-143062131252567/source",
  67.     "state": "file",
  68.     "uid": 2006
  69. }
  70. 172.16.1.121 | SUCCESS => {
  71.     "changed": true,
  72.     "checksum": "f687508cb64fbe053d7c9e9ec72c4426dbb64903",
  73.     "dest": "/tmp/hosts",
  74.     "gid": 2003,
  75.     "group": "zhangshuang",
  76.     "md5sum": "080286ed718f4c63119b91820f434dd2",
  77.     "mode": "0664",
  78.     "owner": "zhangshuang",
  79.     "secontext": "unconfined_u:object_r:user_tmp_t:s0",
  80.     "size": 861,
  81.     "src": "/home/zhangshuang/.ansible/tmp/ansible-tmp-1508404373.24-123352246327910/source",
  82.     "state": "file",
  83.     "uid": 2003
  84. }
  86. --------------------------------------------------
  88. ##添加指定用户 password为加密后的密码
  89. work:ansible ys$ ansible hadoop -m user -a "name=test1 password=fsfsdfxvcxv" -u zhangshuang -b -i hosts
  90. 172.16.1.163 | SUCCESS => {
  91.     "changed": true,
  92.     "comment": "",
  93.     "createhome": true,
  94.     "group": 2011,
  95.     "home": "/home/test1",
  96.     "name": "test1",
  97.     "password": "NOT_LOGGING_PASSWORD",
  98.     "shell": "/bin/bash",
  99.     "state": "present",
  100.     "system": false,
  101.     "uid": 2011
  102. }
  103. 172.16.1.162 | SUCCESS => {
  104.     "changed": true,
  105.     "comment": "",
  106.     "createhome": true,
  107.     "group": 2011,
  108.     "home": "/home/test1",
  109.     "name": "test1",
  110.     "password": "NOT_LOGGING_PASSWORD",
  111.     "shell": "/bin/bash",
  112.     "state": "present",
  113.     "system": false,
  114.     "uid": 2011
  115. }
  117. --------------------------------------------------
  119. ## 更新代码
  120. work:ansible ys$ ansible hadoop -m git -a "repo=git@git.sunfund.com:9douyu/9douyu.git dest=/home/zhangshuang/git/9douyu  version=HEAD" -u zhangshuang -i hosts
  121. 172.16.1.162 | SUCCESS => {
  122.     "after": "d9e3c9f9ce24b61776cfd54401e090db8b5c9451",
  123.     "before": null,
  124.     "changed": true,
  125.     "warnings": []
  126. }
  127. 172.16.1.163 | SUCCESS => {
  128.     "after": "d9e3c9f9ce24b61776cfd54401e090db8b5c9451",
  129.     "before": null,
  130.     "changed": true,
  131.     "warnings": []
  132. }
  134. --------------------------------------------------
  136. ## 安装nginx
  137. work:ansible ys$ ansible hadoop -m yum -a "name=nginx state=present" -u zhangshuang -b -i hosts
  138. 172.16.1.163 | SUCCESS => {
  139.     "changed": false,
  140.     "msg": "",
  141.     "rc": 0,
  142.     "results": [
  143.         "nginx-1:1.10.2-2.el7.x86_64 providing nginx is already installed"
  144.     ]
  145. }
  146. 172.16.1.162 | SUCCESS => {
  147.     "changed": false,
  148.     "msg": "",
  149.     "rc": 0,
  150.     "results": [
  151.         "nginx-1:1.10.2-2.el7.x86_64 providing nginx is already installed"
  152.     ]
  153. }
  155. --------------------------------------------------
  157. ##启动nginx服务
  158. work:ansible ys$ ansible hadoop -m service -a "name=nginx state=started" -u zhangshuang -b -i hosts
  160. [zhangshuang@master 9douyu]$ ps -ef | grep nginx
  161. root     15880 15864  0 Sep13 pts/1    00:00:00 nginx: master process nginx -g daemon off;
  162. 101      15897 15880  0 Sep13 pts/1    00:00:00 nginx: worker process
  163. root     16107 16102  0 Sep13 pts/2    00:00:00 tail -f /var/log/nginx/access.log /var/log/nginx/error.log
  164. root     28035     1  0 17:17 ?        00:00:00 nginx: master process /usr/sbin/nginx
  165. nginx    28036 28035  0 17:17 ?        00:00:00 nginx: worker process
  166. nginx    28037 28035  0 17:17 ?        00:00:00 nginx: worker process
  167. zhangsh+ 28063 26475  0 17:18 pts/0    00:00:00 grep --color=auto nginx
  169. --------------------------------------------------
  171. ##启动10个并行进行执行重起
  172. $ansible all -a "/sbin/reboot" -f 10 -u zhangshuang -b -i hosts
  174. ##查看远程主机的全部系统信息!!!
  175. work:ansible ys$ ansible hadoop -m setup -u zhangshuang  -b -i hosts
ansible-playbook(安装apache)

deploy.yml的功能为hadoop组的主机部署apache, 其中包含以下部署步骤:

playbook deploy.yml包含下面几个关键字,每个关键字的含义:

具体示例如下:

  1. ##目录结构
  2. work:ansible ys$ tree
  3. .
  4. ├── deploy.retry
  5. ├── deploy.yml
  6. ├── hosts
  7. └── templates
  8.     ├── httpd.conf.j2
  9.     └── index.html.j2
  11. --------------------------------------------------
  13. ##ansible-playbook文件
  15. work:ansible ys$ cat deploy.yml
  16. ---
  17. - hosts: hadoop
  18.   vars:
  19.     http_port: 80
  20.     max_clients: 200
  21.   remote_user: root
  22.   tasks:
  23.   - name: ensure apache is at the latest version
  24.     yum: pkg=httpd state=latest
  26.   - name: write the configuration file
  27.     template: src=templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
  28.     notify:
  29.     - restart apache
  31.   - name: write the default index.html file
  32.     template: src=templates/index.html.j2 dest=/var/www/html/index.html
  34.   - name: ensure apache is running
  35.     service: name=httpd state=started
  36.   handlers:
  37.     - name: restart apache
  38.       service: name=httpd state=restarted
  40. --------------------------------------------------
  42. ##模板文件
  43. httpd.conf 
  44. https://github.com/ansible-book/playbook-examples-chapter3-ansible-advanced/blob/master/templates/httpd.conf.j2
  46. index.html
  47. https://github.com/ansible-book/playbook-examples-chapter3-ansible-advanced/blob/master/templates/index.html.j2
  49. --------------------------------------------------
  51. ##运行命令
  52. work:ansible ys$ ansible-playbook deploy.yml -i hosts -u zhangshuang -b
  54. PLAY [hadoop] ******************************************************************
  56. TASK [setup] *******************************************************************
  57. ok: [172.16.1.163]
  58. ok: [172.16.1.162]
  60. TASK [ensure apache is at the latest version] **********************************
  61. ok: [172.16.1.162]
  62. ok: [172.16.1.163]
  64. TASK [write the configuration file] ********************************************
  65. ok: [172.16.1.162]
  66. ok: [172.16.1.163]
  68. TASK [write the default index.html file] ***************************************
  69. ok: [172.16.1.162]
  70. ok: [172.16.1.163]
  72. TASK [ensure apache is running] ************************************************
  73. ok: [172.16.1.163]
  74. changed: [172.16.1.162]
  76. PLAY RECAP *********************************************************************
  77. 172.16.1.162               : ok=5    changed=1    unreachable=0    failed=0
  78. 172.16.1.163               : ok=5    changed=0    unreachable=0    failed=0
  80. --------------------------------------------------
  82. ##测试服务
  83. work:ansible ys$ curl http://172.16.1.162
  84. <html>
  86. <body>
  87. <div class="block" style="height: 99%;">
  88.     <div class="centered">
  89.         <h1>#46 Demo</h1>
  90.         <p>Served by master (172.16.1.162).</p>
  91.     </div>
  92. </div>
  93. </body>
  94. </html>
  96. work:ansible ys$ curl http://172.16.1.163
  97. <html>
  99. <body>
  100. <div class="block" style="height: 99%;">
  101.     <div class="centered">
  102.         <h1>#46 Demo</h1>
  103.         <p>Served by slave1 (172.16.1.163).</p>
  104.     </div>
  105. </div>
  106. </body>
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注