ansible 是一款轻量级自动化运维工具,由的 Python 语言开发,结合了多种自动化运维工具的特性,实现了批量系统配置,批量程序部署,批量命令执行等功能; ansible 是基于模块化实现批量操作的。
一、安装
控制机器
pip install ansible==2.5.5
yum install sshpass
受控机器
yum install libselinux-python
yum install python2-simplejson
version<python2.4
测试
echo 127.0.0.1>host
ansible all -m ping -i hosts --ask -pass
二、管理协议
Ansible 通过 ssh 协议对受控机器管理,可使用口令和秘钥对两种方式进行权限验证,默认使用密钥对方式。
秘钥对
1.在控制机器生成秘钥对
ssh -keygen -t rsa -b 4096 -C*kk
2.添加公钥到受控机器
-
拷贝添加:ssh-copy-id -i ~/.ssh/id_rsa.pub user@host
-
本地添加:cat /.ssh/id_rsa.pub>>/.ssh/authorized_keys
3.测试
ssh user@host
ansible all -m ping -i hosts
三、配置
inventory
1.ansible 管理主机信息的配置
2.配置文件格式
-
ini
-
yaml
3.配置文件路径
-
通过命令行参数制定:ansible -i
-
通过环境变量制定:export ANSIBLE_INVENTORY
-
默认配置路径:/ect/ansible/hosts
4.配置内容
4.1基本配置
host_v1.ini
127.0.0.1ip
host_v1.yaml
---all: hosts: 127.0.0.1: ip:
测试
ansible all -m ping -i hosts -i host_v1.ini
ansible all -m ping -i hosts -i host_v1.yaml
ansible 127.0.0.1 -m ping -i hosts -i host_v1.ini
ansible ip -m ping -i hosts -i host_v1.yaml
主机参数配置
1.参数项
**alias ** 主机别名
**ansible_connection **
默认 smart
可选值:local、smart、ssh、paramiko
ansilbe_host 登录主机地址
ansilbe_port 默认 22
ansilbe_user 登录主机用户名
ansible_become
是否启用 sudo 权限
默认: false
可选值 :true、false
ansible_become_pass
登录主机用户密码,用于切换 sudo 权限
建议使用 ansible 命令行参数 ask_become_pass 替换
ansible_become_user
切换 sudo 后 执行进程中使用的用户名
ansible_ssh_pass
登录主机使用密码
建议使用 ansible 命令行参数 ask_pass 替换
ansible_ssh_private_key_file
登录主机使用私钥
ansible_python_interpreter
受控机器执行 Python 解释器
默认 /bin/env/python
hosts_v2.ini
localhost ansible_connect=localmystest ansible_connect=smart ansible_host="ip" ansible_port=22 ansible_user="silence" ansible_become_user="root" ansible_python_interpreter="/bin/env python2.6"
hosts_v2.yaml
---all: hosts: localhost: ansible_connect: local mytest: ansible_connect: smart ansible_host: ip ansible_port: 22 ansible_user: silence ansible_become_user: root ansible_python_interpreter: "/bin/env python2.6"
组&组变量
-
可对主机进行分组并命名,批量对主机进行操作
-
一个主机可属于多个组
host_v3.ini
localhost ansible_connect=local[webserver]mytest ansible_host="ip" ansible_user="silence"[webserver:vars]ansible_connect=smartansible_port=22ansible_become_user="root"ansible_python_interpreter="/bin/env python2.6"
host_v3.yaml
---all: hosts: localhost: ansible_connect: local children: webserver: hosts: mytest: ansible_host: ip ansible_user: silence vars: ansible_connect: smart ansible_port: 22 ansible_become_user: root ansible_python_interpreter: "/bin/env python2.6"
测试
ansible ip -m ping -i hosts -i host_v3.yaml
ansible webserver -m command -a 'sleep 30' -i host_v3.ini --become --ask-become-pass
组中组
host_v4.ini
localhost ansible_connect=local[webserver]mytest ansible_host="ip" ansible_user="silence"[webserver:vars]ansible_connect=smartansible_port=22ansible_become_user="root"ansible_python_interpreter="/bin/env python2.6"[test:children]webserver
host_v4.yaml
---all: hosts: localhost: ansible_connect: local children: webserver: hosts: mytest: ansible_host: ip ansible_user: silence vars: ansible_connect: smart ansible_port: 22 ansible_become_user: root ansible_python_interpreter: "/bin/env python2.6" test: children: webserver:
测试
ansible test --list hosts -i host_v4.yaml
ansible test -m ping -i hosts -i host_v4.yaml
配置分割
-
在 hosts 文件中值配置主机分组信息,主机配置与组配置分别存储在 host_vars 和 group_vars 目录
-
主机配置存储在 host_vars 目录中,文件名使用别名.yaml
-
组配置存储在 group_vars 目录中,文件名使用组名.yaml
host_v5.ini
localhost[webserver]mytest[test:children]webserver
host_v5.yaml
---all: hosts: localhost: children: webserver: hosts: mytestm: test: children: webserver:
host_vars
host_vars/localhost.yaml
---ansible_connect: local
host_vars/mytest.yaml
---ansible_host: ipansible_user: silence
group_vars
group_vars/webserver.yaml
---ansible_connect: smartansible_port: 22ansible_become_user: rootansible_python_interpreter: "/bin/env python2.6"
测试
ansible test -m ping -i host_v5.yaml
ansible test -m setup -i host_v5.yaml
ansible test -m command -a 'sleep 30' -i host_v5.ini --become --ask-become-pass
动态 inventory
文件 inventory.py 脚本内容
#!/bin/env python3#encoding: utf-8inventory = { '_meta' : { 'hostvars' : { 'localhost' : { 'ansible_connect' : 'local', }, '51reboot' : { 'ansible_host' : '112.74.164.107', 'ansible_user' : 'silence', } } }, 'all' : { 'hosts' : [ 'localhost' ] }, 'webserver' : { 'hosts' : [ '51reboot' ], 'vars' : { 'ansible_connect' : 'smart', 'ansible_port' : 22, 'ansible_become_user' : 'root', 'ansible_python_interpreter' : '/bin/env python2.6' } }}if __name__ == '__main__': import json, sys print(json.dumps(inventory)) sys.exit(0)
初始化权限
xhmod +x inventory.py
测试
ansible all --list -hosts -i inventory.py
ansible all -m ping -i inventory.py
ansible.cfg
1.配置文件路径
-
export ANSIBLE_CONFIG=~/ansible.cfg
-
ansible.cfg
-
~/.ansible.cfg
-
/etc/ansible/ansible.cfg
2.默认配置
-
https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg
-
ansible-config list
-
ansible-config dump
3.配置项
host_key_checking
-
是否检查控制密钥存在于 know_hosts 列表
-
默认值 :true
-
可选值:true、false
未完待续......
公告通知
Python实战班、自动化运维班、区块链正在招生中
各位小伙伴们,欢迎试听和咨询:
网友评论