Chinaunix首页 | 论坛 | 博客
  • 博客访问: 181244
  • 博文数量: 111
  • 博客积分: 10
  • 博客等级: 民兵
  • 技术积分: 790
  • 用 户 组: 普通用户
  • 注册时间: 2010-12-29 13:41
  • 认证徽章:
文章分类

全部博文(111)

文章存档

2018年(10)

2017年(27)

2016年(18)

2015年(31)

2014年(25)

分类: 系统运维

2016-05-05 00:05:19

一、ansible介绍:
ansible是基于python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的事ansible所运行的模块,ansible只是提供了一种框架。
 主要包括:
1、链接插件connection plugins:负责和被监控端实现通信;
2、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
3、模块:core modules、command模块、自定义模块;
4、plugins(email,logging,other):借助于插件完成记录日志邮件等功能;
5、playbooks:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
如图:
       

特点:
1、不需要再被监控主机上安装任何客户端;
2、无服务器端,使用时直接运行命令即可;
3、基于模块工作,可使用任意语言开发模块;
4、使用yaml语言定制剧本playbook;
5、基于ssh工作;
6、可实现多级指挥。

优点:
1、轻量级,安装简便,更新时,只需在操作机上进行一次更新即可;
2、批量任务执行可写成脚本,而且不用分发到远程就可执行;
3、使用python编写,维护简单;
4、支持sudo。

工作流程:
 

二、ansible安装
1、安装环境:
    系统:CentOS release 6.5 and ubuntu  16.04.1
    内核:Linux 2.6.32-431.el6.x86_64
   Python:2.6或2.7
    主机ip:192.168.1.123
    被控机ip:192.168.1.124
2、安装方法:
    2.1、pip安装:
            #yum install python-pip python-devel -y
            #pip install ansible --upgrade
    2.2、source安装:
            #git clone git://github.com/ansible/ansible.git --recursive
            #cd ./ansible
            #source ./hacking/env-setup
    2.3、apt-get安装:
            #apt-get install software-properties-common
            #apt-add-repository ppa:ansible/ansible
            #apt-get update
            #apt-get install ansible
   2.4、yum安装:
            
yum安装ansible
      说明:ansible YAML格式,无client,去中心化;安装只依赖ssh,python;控制服务器(Master)需要安装Python2.6/7,windows无法安装ansible。被管理的服务器(Managed Node)需要安装Python2.4以上的版本,如低于2.5,需安装python-simplejson。

点击(此处)折叠或打开

  1. python版本
  2. # python -V
  3. Python 2.6.6
  4. 配置epel(企业版 Linux 附加软件包)
  5. #wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
  6. #rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
  7. #rpm -Uvh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
  8. #rpm -Uvh http://mirror-fpt-telecom.fpt.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
  9. #rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/i386/epel-release-6-8.noarch.rpm
  10. #rpm -Uvh http://ftp.linux.ncsu.edu/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
  11. #yum install -y ansible

  12. Loaded plugins: fastestmirror, security
  13. Loading mirror speeds from cached hostfile
  14.  * epel: mirrors.aliyun.com
  15. base | 3.7 kB 00:00
  16. epel | 4.3 kB 00:00
  17. epel/primary_db | 5.9 MB 00:09
  18. extras | 3.4 kB 00:00
  19. updates | 3.4 kB 00:00
  20. updates/primary_db | 4.7 MB 00:08
  21. Setting up Install Process
  22. Resolving Dependencies
  23. --> Running transaction check
  24. ---> Package ansible.noarch 0:2.0.1.0-2.el6 will be installed
  25. --> Processing Dependency: sshpass for package: ansible-2.0.1.0-2.el6.noarch
  26. --> Processing Dependency: python-six for package: ansible-2.0.1.0-2.el6.noarch
  27. --> Processing Dependency: python-simplejson for package: ansible-2.0.1.0-2.el6.noarch
  28. --> Processing Dependency: python-keyczar for package: ansible-2.0.1.0-2.el6.noarch
  29. --> Processing Dependency: python-jinja2-26 for package: ansible-2.0.1.0-2.el6.noarch
  30. --> Processing Dependency: python-httplib2 for package: ansible-2.0.1.0-2.el6.noarch
  31. --> Processing Dependency: python-crypto2.6 for package: ansible-2.0.1.0-2.el6.noarch
  32. --> Processing Dependency: PyYAML for package: ansible-2.0.1.0-2.el6.noarch
  33. --> Running transaction check
  34. ---> Package PyYAML.x86_64 0:3.10-3.1.el6 will be installed
  35. --> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-3.1.el6.x86_64
  36. ---> Package python-crypto2.6.x86_64 0:2.6.1-2.el6 will be installed
  37. ---> Package python-httplib2.noarch 0:0.7.7-1.el6 will be installed
  38. ---> Package python-jinja2-26.noarch 0:2.6-3.el6 will be installed
  39. --> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-26-2.6-3.el6.noarch
  40. --> Processing Dependency: python-markupsafe for package: python-jinja2-26-2.6-3.el6.noarch
  41. ---> Package python-keyczar.noarch 0:0.71c-1.el6 will be installed
  42. --> Processing Dependency: python-pyasn1 for package: python-keyczar-0.71c-1.el6.noarch
  43. ---> Package python-simplejson.x86_64 0:2.0.9-3.1.el6 will be installed
  44. ---> Package python-six.noarch 0:1.9.0-2.el6 will be installed
  45. ---> Package sshpass.x86_64 0:1.05-1.el6 will be installed
  46. --> Running transaction check
  47. ---> Package libyaml.x86_64 0:0.1.3-4.el6_6 will be installed
  48. ---> Package python-babel.noarch 0:0.9.4-5.1.el6 will be installed
  49. ---> Package python-markupsafe.x86_64 0:0.9.2-4.el6 will be installed
  50. ---> Package python-pyasn1.noarch 0:0.0.12a-1.el6 will be installed
  51. --> Finished Dependency Resolution

  52. Dependencies Resolved

  53. =====================================================================================================================
  54.  Package Arch Version Repository Size
  55. =====================================================================================================================
  56. Installing:
  57.  ansible noarch 2.0.1.0-2.el6 epel 2.9 M
  58. Installing for dependencies:
  59.  PyYAML x86_64 3.10-3.1.el6 base 157 k
  60.  libyaml x86_64 0.1.3-4.el6_6 base 52 k
  61.  python-babel noarch 0.9.4-5.1.el6 base 1.4 M
  62.  python-crypto2.6 x86_64 2.6.1-2.el6 epel 513 k
  63.  python-httplib2 noarch 0.7.7-1.el6 epel 70 k
  64.  python-jinja2-26 noarch 2.6-3.el6 epel 527 k
  65.  python-keyczar noarch 0.71c-1.el6 epel 219 k
  66.  python-markupsafe x86_64 0.9.2-4.el6 base 22 k
  67.  python-pyasn1 noarch 0.0.12a-1.el6 base 70 k
  68.  python-simplejson x86_64 2.0.9-3.1.el6 base 126 k
  69.  python-six noarch 1.9.0-2.el6 base 28 k
  70.  sshpass x86_64 1.05-1.el6 epel 19 k

  71. Transaction Summary
  72. =====================================================================================================================
  73. Install 13 Package(s)

  74. Total download size: 6.1 M
  75. Installed size: 25 M
  76. Downloading Packages:
  77. (1/13): PyYAML-3.10-3.1.el6.x86_64.rpm | 157 kB 00:00
  78. (2/13): ansible-2.0.1.0-2.el6.noarch.rpm | 2.9 MB 00:04
  79. (3/13): libyaml-0.1.3-4.el6_6.x86_64.rpm | 52 kB 00:00
  80. (4/13): python-babel-0.9.4-5.1.el6.noarch.rpm | 1.4 MB 00:02
  81. (5/13): python-crypto2.6-2.6.1-2.el6.x86_64.rpm | 513 kB 00:00
  82. (6/13): python-httplib2-0.7.7-1.el6.noarch.rpm | 70 kB 00:00
  83. (7/13): python-jinja2-26-2.6-3.el6.noarch.rpm | 527 kB 00:00
  84. (8/13): python-keyczar-0.71c-1.el6.noarch.rpm | 219 kB 00:00
  85. (9/13): python-markupsafe-0.9.2-4.el6.x86_64.rpm | 22 kB 00:00
  86. (10/13): python-pyasn1-0.0.12a-1.el6.noarch.rpm | 70 kB 00:00
  87. (11/13): python-simplejson-2.0.9-3.1.el6.x86_64.rpm | 126 kB 00:00
  88. (12/13): python-six-1.9.0-2.el6.noarch.rpm | 28 kB 00:00
  89. (13/13): sshpass-1.05-1.el6.x86_64.rpm | 19 kB 00:00
  90. ---------------------------------------------------------------------------------------------------------------------
  91. Total 105 kB/s | 6.1 MB 00:59
  92. Running rpm_check_debug
  93. Running Transaction Test
  94. Transaction Test Succeeded
  95. Running Transaction
  96.   Installing : python-markupsafe-0.9.2-4.el6.x86_64 1/13
  97.   Installing : sshpass-1.05-1.el6.x86_64 2/13
  98.   Installing : python-crypto2.6-2.6.1-2.el6.x86_64 3/13
  99.   Installing : python-simplejson-2.0.9-3.1.el6.x86_64 4/13
  100.   Installing : python-httplib2-0.7.7-1.el6.noarch 5/13
  101.   Installing : python-pyasn1-0.0.12a-1.el6.noarch 6/13
  102.   Installing : python-keyczar-0.71c-1.el6.noarch 7/13
  103.   Installing : libyaml-0.1.3-4.el6_6.x86_64 8/13
  104.   Installing : PyYAML-3.10-3.1.el6.x86_64 9/13
  105.   Installing : python-six-1.9.0-2.el6.noarch 10/13
  106.   Installing : python-babel-0.9.4-5.1.el6.noarch 11/13
  107.   Installing : python-jinja2-26-2.6-3.el6.noarch 12/13
  108.   Installing : ansible-2.0.1.0-2.el6.noarch 13/13
  109.   Verifying : PyYAML-3.10-3.1.el6.x86_64 1/13
  110.   Verifying : python-babel-0.9.4-5.1.el6.noarch 2/13
  111.   Verifying : python-six-1.9.0-2.el6.noarch 3/13
  112.   Verifying : python-keyczar-0.71c-1.el6.noarch 4/13
  113.   Verifying : libyaml-0.1.3-4.el6_6.x86_64 5/13
  114.   Verifying : python-pyasn1-0.0.12a-1.el6.noarch 6/13
  115.   Verifying : python-httplib2-0.7.7-1.el6.noarch 7/13
  116.   Verifying : python-simplejson-2.0.9-3.1.el6.x86_64 8/13
  117.   Verifying : python-jinja2-26-2.6-3.el6.noarch 9/13
  118.   Verifying : python-crypto2.6-2.6.1-2.el6.x86_64 10/13
  119.   Verifying : sshpass-1.05-1.el6.x86_64 11/13
  120.   Verifying : ansible-2.0.1.0-2.el6.noarch 12/13
  121.   Verifying : python-markupsafe-0.9.2-4.el6.x86_64 13/13

  122. Installed:
  123.   ansible.noarch 0:2.0.1.0-2.el6

  124. Dependency Installed:
  125.   PyYAML.x86_64 0:3.10-3.1.el6 libyaml.x86_64 0:0.1.3-4.el6_6
  126.   python-babel.noarch 0:0.9.4-5.1.el6 python-crypto2.6.x86_64 0:2.6.1-2.el6
  127.   python-httplib2.noarch 0:0.7.7-1.el6 python-jinja2-26.noarch 0:2.6-3.el6
  128.   python-keyczar.noarch 0:0.71c-1.el6 python-markupsafe.x86_64 0:0.9.2-4.el6
  129.   python-pyasn1.noarch 0:0.0.12a-1.el6 python-simplejson.x86_64 0:2.0.9-3.1.el6
  130.   python-six.noarch 0:1.9.0-2.el6 sshpass.x86_64 0:1.05-1.el6



  131. # ansible --version
  132. ansible 2.0.1.0
  133. 查看安装包列表
  134. rpm -ql ansible

  135. ansible安装完毕
3、ansible配置ssh无密码访问
 

点击(此处)折叠或打开

  1. 生成ssh公钥/私钥:ssh-keygen
  2. # ssh-keygen -t rsa -P ''
  3. Generating public/private rsa key pair.
  4. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa_ansible
  5. Your identification has been saved in /root/.ssh/id_rsa_ansible.
  6. Your public key has been saved in /root/.ssh/id_rsa_ansible.pub.
  7. The key fingerprint is:
  8. ae:89:e7:70:29:7e:af:6e:57:60:7b:b6:ad:fd:59:e8 root@web1
  9. The key's randomart image is:
  10. +--[ RSA 2048]----+
  11. | |
  12. | |
  13. | |
  14. | o |
  15. | .So |
  16. | o. + . |
  17. | o o .+ o . .|
  18. | . =+o. .... o |
  19. | o**+. ....E |
  20. +-----------------+
  21. # cat /root/.ssh/id_rsa_ansible.pub > /root/.ssh/authorized_keys
  22. # chmod 600 /root/.ssh/authorized_keys
  23. 将公钥分发到被控机
  24. #scp -P “端口号” /root/.ssh/authorized_keys root@192.168.1.124:/root/.ssh/
  25. #ssh-copy-id -i /root/.ssh/id_rsa_ansible.pub “-p “端口号” root@192.168.1.124”
  26. ssh报错1:
  27. # ssh -p 8020 root@192.168.1.124
    reverse mapping checking getaddrinfo for bogon [192.168.1.124] failed - POSSIBLE BREAK-IN ATTEMPT!


    root@192.168.1.124's password: 
    Permission denied, please try again.
    root@192.168.1.124's password: 
    解决办法:修改被控机/etc/ssh/sshd_config中”PermitRootLogin no“为”PermitRootLogin yes“,重启sshd服务。

  28. ssh报错2:
  29. # ssh -p 8020 root@192.168.1.124
    ssh_exchange_identification: Connection closed by remote host
    解决办法:修改/etc/hosts.allow 添加sshd:all 或者sshd:192.168.1.123

  30. 报错:
  31. 点击(此处)折叠或打开

    1. 192.168.3.72 | => {
    2.     "changed": false,
    3.     "msg": "Authentication failed.",
    4.     "unreachable": true
    5. }
  32. 解决办法修改ansible.cfg中remote_user = root
  33. #vim /etc/ansible/ansible.cfg
  34. remote_port    = 22   #远程被控机端口号
  35. ask_pass      = True    #默认ansible使用key验证,如果使用密码登陆的服务器,使用ansible命令取消注释ask_pass就不需要在命令执行的时候加上-k参数。
  36. private_key_file = /root/.ssh/id_rsa_ansible      #使用该私钥文件进行身份验证
  37. remote_user = ansible    #远程用户
  38. log_path = /var/log/ansible.log    #ansible日志
  39. remote_user = root    #设置远程用户为root

  40. 添加主机
  41. # vim /etc/ansible/hosts
  42. [web]
    192.168.1.123
    192.168.1.124
  43. 测试ansible
  44. 执行ansible报错:“FAILED => FAILED: not a valid DSA private key file
  45. 解决方法:在执行命令行最后加-k参数。如:ansible web -m command -a 'w' -k

  46. 利用comman模块敲命令
  47. #ansible web -m command -a 'w'
  48. 192.168.1.123 | SUCCESS | rc=0 >>
     22:56:33 up 1 day,  5:01,  3 users,  load average: 0.07, 0.02, 0.00
    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
    root     tty1     -                31Dec15 125days  0.13s  0.13s -bash
    root     pts/0    192.168.1.107    01Jan16  2.00s  2.11s  0.56s /usr/bin/python
    root     pts/1    192.168.1.123    22:56    0.00s  0.34s  0.00s /bin/sh -c LANG


    192.168.1.124 | SUCCESS | rc=0 >>
     01:49:54 up 18:39,  3 users,  load average: 0.00, 0.14, 0.12
    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
    root     tty1     -                Thu07   18:35m  0.13s  0.13s -bash
    root     pts/0    192.168.1.107    01:42    3:50   0.14s  0.14s -bash
    root     pts/1    192.168.1.123    01:49    0.00s  0.51s  0.00s /bin/sh -c LANG


  49. 查看主机运行状态
  50. # ansible web -m ping
  51. 192.168.1.123 | SUCCESS => {
        "changed": false, 
        "ping": "pong"
    }
    192.168.1.124 | SUCCESS => {
        "changed": false, 
        "ping": "pong"
    }
  52. 查看远程主机基本信息
  53. # ansible web -m setup
  54. 192.168.1.124 | SUCCESS => {
        "ansible_facts": {
            "ansible_all_ipv4_addresses": [
                "192.168.1.121", 
                "192.168.1.124"
            ], 
            "ansible_all_ipv6_addresses": [
                "fe80::20c:29ff:fe58:77e6"
            ],


4、ansible模块:
ansible默认提供了很多模块来供我们使用。
 比较常见的模块:
 copy、file、cron、group、user、yum、service、script、ping、command、raw、get_url、synchronize

点击(此处)折叠或打开

  1. 查看当前ansible都支持哪些模块
  2. #ansible-doc -l
  3. 查看copy模块有哪些参数可以使用
  4. #ansible-doc -s copy


   参考:http://www.361way.com/
           http://devopsh.com/537.html
            http://sofar.blog.51cto.com/353572/1579894/
            http://www.ansible.com.cn/index.html
           http://blog.csdn.net/iloveyin/article/details/46982023
           http://laowafang.blog.51cto.com/251518/1380909
阅读(517) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~
评论热议
请登录后评论。

登录 注册