ansible指路篇-安装及基本命令使用

                                            作者:尹正杰

版权声明:原创作品,谢绝转载!否则将追究法律责任。

一.什么是ansible

  ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
 ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:

   >.连接插件connection plugins:负责和被监控端实现通信;

   >.host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;

   >.各种模块核心模块、command模块、自定义模块;

   >.借助于插件完成记录日志邮件等功能;

   >.playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
 
二.准备环境
  我们本次试验需要4台主机,1台web服务器,2台数据库服务器,1台发送指令的服务器。并且需要配置好域名。其对应关系如下:
主机名称 对应IP 部署服务
node1.yinzhengjie.com 192.168.105/24 http
node2.yinzhengjie.com 192.168.1.110/24 nginx,mysql
node3.yinzhengjie.com 192.168.1.115/24 mysql
node4.yinzhengjie.com 192.168.1.200/24 ansible 
 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.200

 [root@yinzhengjie ~]# more /etc/hosts | grep yinzhengjie

 192.168.1.105   node1.yinzhengjie.com

 192.168.1.110   node2.yinzhengjie.com

 192.168.1.115   node3.yinzhengjie.com

 192.168.1.200   node4.yinzhengjie.com

 [root@yinzhengjie ~]#
三.安装ansible
1.下载安装包(RPM包搜索站点:https://pkgs.org/
 [root@yinzhengjie ~]# wget http://dl.fedoraproject.org/pub/epel/6/x86_64//ansible-2.3.2.0-1.el6.noarch.rpm

 [root@yinzhengjie ~]# rpm -qpi ansible-2.3.2.0-.el6.noarch.rpm
2.yum安装即可(它可以自动解决依赖关系)
  [root@yinzhengjie ~]# yum -y install ansible-2.3.2.0-.el6.noarch.rpm 
3.查看安装完毕后生产了哪些文件
 [root@yinzhengjie ~]#  rpm -qal ansible |wc -l

                         ------------->由于文件行数过多,此处我就不列出了

 [root@yinzhengjie ~]#
4.修改配置文件
 [root@yinzhengjie ~]# cd /etc/ansible/

 [root@yinzhengjie ansible]# more hosts |tail -

 #Add by yinzhengjie

 [webservers]

 node1.yinzhengjie.com

 node2.yinzhengjie.com

 [dbservers]

 node2.yinzhengjie.com

 node3.yinzhengjie.com

 [root@yinzhengjie ansible]#
 
5.配置无秘钥登录证书
a>..生成证书
 [root@yinzhengjie ~]# cd

 [root@yinzhengjie ~]# ssh-keygen -t rsa -P ''

 Generating public/private rsa key pair.

 Enter file in which to save the key (/root/.ssh/id_rsa):

 /root/.ssh/id_rsa already exists.

 Overwrite (y/n)? y

 Your identification has been saved in /root/.ssh/id_rsa.

 Your public key has been saved in /root/.ssh/id_rsa.pub.

 The key fingerprint is:

 ::9e:::6b::::7a:7e::c8::af: root@yinzhengjie

 The key's randomart image is:

 +--[ RSA ]----+

 |      .o+oo.=+  .|

 |       +o. +. oo.|

 |      ..o....E.o.|

 |       oo. .o.o  |

 |      . S. . o   |

 |          .      |

 |                 |

 |                 |

 |                 |

 +-----------------+

 [root@yinzhengjie ~]#
b>.将公钥拷贝到其他的服务器上去
 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node1.yinzhengjie.com

 The authenticity of host 'node1.yinzhengjie.com (192.168.1.105)' can't be established.

 RSA key fingerprint is ::2b:::::::c1:be:e3:ba:::.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node1.yinzhengjie.com' (RSA) to the list of known hosts.

 root@node1.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node1.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node2.yinzhengjie.com

 The authenticity of host 'node2.yinzhengjie.com (192.168.1.110)' can't be established.

 RSA key fingerprint is ::0a:6e::e9:::e5:c8:3f:b3:1d:::8e.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node2.yinzhengjie.com,192.168.1.110' (RSA) to the list of known hosts.

 root@node2.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node2.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node3.yinzhengjie.com

 The authenticity of host 'node3.yinzhengjie.com (192.168.1.115)' can't be established.

 RSA key fingerprint is :a4:bf:f7:b7::e7:e6:ce::bb:8f:e7:d8:e5:.

 Are you sure you want to continue connecting (yes/no)? yes

 Warning: Permanently added 'node3.yinzhengjie.com,192.168.1.115' (RSA) to the list of known hosts.

 root@node3.yinzhengjie.com's password:

 Now try logging into the machine, with "ssh 'root@node3.yinzhengjie.com'", and check in:

   .ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.

 [root@yinzhengjie ~]#
 
c>.验证是否配置成功
 [root@yinzhengjie ~]# ssh node1.yinzhengjie.com

 Last login: Fri Oct  ::  from 192.168.1.161

 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.105

 [root@yinzhengjie ~]# logout

 Connection to node1.yinzhengjie.com closed.

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ifconfig |grep addr | head -|tail - |cut -d ":" -f  | awk '{print $1}'

 192.168.1.200

 [root@yinzhengjie ~]#
四.ansible简单应用
1.检查所有定义的主机是否在线
 [root@yinzhengjie ~]# ansible all -m ping

 node3.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 node1.yinzhengjie.com | SUCCESS => {

     "changed": false,

     "ping": "pong"

 }

 [root@yinzhengjie ~]#
2.查看所有定义的主机的时间
 [root@yinzhengjie ~]# ansible all -m command -a 'date'

 node3.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node2.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node1.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a 'date'

 node3.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node1.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 node2.yinzhengjie.com | SUCCESS | rc= >>

 Fri Oct  :: PDT

 [root@yinzhengjie ~]#
3.检查所有定义的主机的http服务是否正常
 [root@yinzhengjie ~]# ansible all -m command -a 'service httpd status'

  [WARNING]: Consider using service module rather than running service

 node1.yinzhengjie.com | SUCCESS | rc= >>

 httpd (pid  ) is running...

 node3.yinzhengjie.com | FAILED | rc= >>

 httpd is stopped

 node2.yinzhengjie.com | FAILED | rc= >>

 httpd is stopped

 [root@yinzhengjie ~]#
4.拷贝本地文件到定义的服务器群组
 [root@yinzhengjie ~]# ansible dbservers -m copy -a "src=/root/ansible-2.3.2.0-1.el6.noarch.rpm dest=/tmp/"

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",

     "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",

     "gid": ,

     "group": "root",

     "md5sum": "8388f98019479244b5098e5e23941da7",

     "mode": "",

     "owner": "root",

     "secontext": "unconfined_u:object_r:admin_home_t:s0",

     "size": ,

     "src": "/root/.ansible/tmp/ansible-tmp-1507900705.1-53916243211948/source",

     "state": "file",

     "uid":

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",

     "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",

     "gid": ,

     "group": "root",

     "md5sum": "8388f98019479244b5098e5e23941da7",

     "mode": "",

     "owner": "root",

     "secontext": "unconfined_u:object_r:admin_home_t:s0",

     "size": ,

     "src": "/root/.ansible/tmp/ansible-tmp-1507900705.18-246525313248421/source",

     "state": "file",

     "uid":

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible dbservers -a "ls /tmp"

 node3.yinzhengjie.com | SUCCESS | rc= >>

 ansible-2.3.2.0-.el6.noarch.rpm

 ansible_46ihbB

 keyring-Dp3ZRf

 ks-script-VsmDKH

 ks-script-VsmDKH.log

 orbit-gdm

 orbit-root

 pulse-qotd3GsczqPx

 pulse-sxkC9wDU7bP6

 vgauthsvclog.txt.

 virtual-root.mMq8ds

 vmware-config0

 VMwareDnD

 vmware-root

 yum.log

 node2.yinzhengjie.com | SUCCESS | rc= >>

 ansible-2.3.2.0-.el6.noarch.rpm

 ansible_KZ8J1M

 keyring-pUri5c

 orbit-gdm

 orbit-root

 pulse-UgBUKbuMXzGR

 [root@yinzhengjie ~]#
5.定义周期计划任务的模块
 [root@yinzhengjie ~]# ansible all -m cron -a 'name="yinzhengjie is good boy" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 1.cn.pool.ntp.org"'

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 node1.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "envs": [],

     "jobs": [

         "yinzhengjie is good boy"

     ]

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a "crontab -l"

 node2.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 node3.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 node1.yinzhengjie.com | SUCCESS | rc= >>

 #Ansible: yinzhengjie is good boy

 */ * * * * /usr/sbin/ntpdate .cn.pool.ntp.org

 [root@yinzhengjie ~]#
 
6.给所有定义的主机创建组
 [root@yinzhengjie ~]# ansible all -m group -a "gid=306 system=yes name=yinzhengjie520"

 node1.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 node2.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 node3.yinzhengjie.com | SUCCESS => {

     "changed": true,

     "gid": ,

     "name": "yinzhengjie520",

     "state": "present",

     "system": true

 }

 [root@yinzhengjie ~]#

 [root@yinzhengjie ~]# ansible all -a "tail -1 /etc/group"

 node3.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 node1.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 node2.yinzhengjie.com | SUCCESS | rc= >>

 yinzhengjie520:x::

 [root@yinzhengjie ~]#
 
五.ansible模块
  关于ping,date等一些命令其实都是ansible所对应的模块,因此,我们熟悉它的常用模块(ansible支持上千多个模块)还是很有必要的。用下面的命令就可以查看其支持的模块的使用方式。
1.查看ansible支持的模块个数
[root@yinzhengjie ~]# ansible-doc -l | wc -l
1039
[root@yinzhengjie ~]#
2.查看ansible对某个模块的帮助
[root@yinzhengjie ~]# ansible-doc -s copy
3.指点迷津
  想要学好ansible这个开源工具,需要熟练掌握YAML,palybook,corosync集群,crmch和pcs的使用方式。生产环境中我用不到这些。我用ansible就是因为生产环境中有50台服务器需要安装zabbix_agent服务器。听朋友介绍这个软件好使,就来研究一下。我的思路就是用ansible命令来管理所有主机,当然我会把shell安装脚本分发到各个服务器上去。帮我执行任务即可。
 
 
 

ansible指路篇-安装及基本命令使用的更多相关文章

  1. Ansible第一篇:介绍及安装

    Ansible介绍 Ansible是个什么东西呢?官方的title是"Ansible is Simple IT Automation"--简单的自动化IT工具.ansible基于P ...

  2. python Django教程 之 安装、基本命令、视图与网站

    python  Django教程  之 安装.基本命令.视图与网站 一.简介 Django 中提供了开发网站经常用到的模块,常见的代码都为你写好了,通过减少重复的代码,Django 使你能够专注于 w ...

  3. 自动化运维工具之 Ansible 介绍及安装使用

    一.初识Ansible 介绍: Absible 使用 模块(Modules)来定义配置任务.模块可以用标准脚本语言(Python,Bash,Ruby,等等)编写,这是一个很好的做法,使每个模块幂等.A ...

  4. 【OpenCV入门指南】第一篇 安装OpenCV

    http://blog.csdn.net/morewindows/article/details/8225783/ win10下vs2015配置Opencv3.1.0过程详解(转) http://ww ...

  5. ansible自动化工具安装和简单使用

    ansible自动化工具安装和简单使用 1.安装 ansible依赖于Python 2.6或更高的版本.paramiko.PyYAML及Jinja2. 2.1 编译安装 解决依赖关系 # yum -y ...

  6. ansible示例,离线安装etcd

    一.基础介绍 ========================================================================================== 1. ...

  7. Ansible介绍及安装部署

    本节内容: 运维工具 Ansible特性 Ansible架构图和核心组件 安装Ansible 演示使用示例 一.运维工具 作为一个Linux运维人员,需要了解大量的运维工具,并熟知这些工具的差异,能够 ...

  8. ansible介绍和安装

    ansible是由 Python 编写的强大的配置管理解决方案,ansible 的特点就在于它的简洁与高效率 ansible与其他的配置管理工具不同点在于:不需要你在想要配置的每个节点上安装自己的组件 ...

  9. ansible入门一(Ansible介绍及安装部署)

    本节内容: 运维工具 Ansible特性 Ansible架构图和核心组件 安装Ansible 演示使用示例 一.运维工具 作为一个Linux运维人员,需要了解大量的运维工具,并熟知这些工具的差异,能够 ...

随机推荐

  1. WIFI探针技术

    1.WIFI 探针定义 WIFI 探针是一种能够主动识别 Android 和 IOS 设备,感知用户行为轨迹的精准数据收集前端,基于 WIFI探测技术.移动互联网和云计算等先进技术自动识别探针附近的智 ...

  2. 『编程题全队』Scrum 冲刺博客

    1.介绍小组新加入的成员,Ta担任的角色 Answer: 我们小组的倪兢飞同学决定跳槽到团队あ,我们小组开了一个简短而又严肃的会议,满足倪兢飞同学的意愿,并感谢他为团队做出的巨大贡献.虽然我们遗失了一 ...

  3. Python入门:如何使用第三方库?

    这是关于Python的第13篇文章,也是关于<编程小白的第1本Python入门书>内容的最后一篇,主要介绍下如何使用第三方库. 1. 第三方库 Python相当于一个手机,第三方库相当于手 ...

  4. SpringMVC一例 是否需要重定向

    在ASP.NET MVC下: return view("List") 和 return RedirectToAction("List") 百度知道的最佳答案: ...

  5. [转帖]召冠总的 SQLSERVER常用的性能诊断语句. --保存学习备查

    CopyFrom https://www.cnblogs.com/zhaoguan_wang /*常规服务器动态管理对象包括:dm_db_*:数据库和数据库对象dm_exec_*:执行用户代码和关联的 ...

  6. K3CLOUD替代方案

    路径 [生产制造]->[工程数据]->[替代方案]->[替代方案] 应用场景 实际业务处理中,由于订单取消.工程变更.客户需求变化.预测或计划不准确等原因造成原材料库存积压.呆滞,使 ...

  7. (转)vmware下给linux虚拟机扩容

    “Well, here’s another fine mess you’ve gotten me into” Let us pretend that you have an Ubuntu Server ...

  8. js函數

    函數是什麼?函數就是被事件驅動或者調用執行的可重複的代碼塊. 函數聲明: 使用關鍵詞function,關鍵詞function大小敏感. function a{代碼塊} 局部變量: 在函數內部聲明的變量 ...

  9. mybatis 缓存(cache)的使用

    许多应用程序,为了提高性能而增加缓存, 特别是从数据库中获取的数据. 在默认情况下,mybatis 的一级缓存是默认开启的.类似于hibernate, 所谓一级缓存,也就是基于同一个sqlsessio ...

  10. ansible系列5-开启加速 Ansible 执行速度的功能

    SSH pipelining 是一个加速 Ansible 执行速度的简单方法.ssh pipelining 默认是关闭,之所以默认关闭是为了兼容不同的 sudo 配置,主要是 requiretty 选 ...