Ansible自动化运维工具
概述
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。Ansible架构相对比较简单,仅需通过SSH连接客户机执行任务即可。
安装部署
1.通过yum下载Ansible
[root@server1 ~]# yum install -y ansible
Last metadata expiration check: 1:33:20 ago on 2023年11月14日 星期二 19时08分08秒.
Dependencies resolved.
=================================================================================================================================================================================================================================================
Package Architecture Version Repository Size
=================================================================================================================================================================================================================================================
Installing:
ansible noarch 2.9.11-1.uel20 UnionTechOS-Server-20-everything 17 M
Installing dependencies:
libsodium x86_64 1.0.18-1.uel20 UnionTechOS-Server-20-everything 152 k
python3-asn1crypto noarch 1.4.0-1.uel20 UnionTechOS-Server-20-everything 181 k
python3-babel noarch 2.8.0-3.uel20 UnionTechOS-Server-20-everything 6.1 M
python3-bcrypt x86_64 3.2.0-1.uel20 UnionTechOS-Server-20-everything 40 k
python3-cffi x86_64 1.14.1-1.uel20 UnionTechOS-Server-20-everything 236 k
python3-cryptography x86_64 3.3.1-1.uel20 UnionTechOS-Server-20-everything 402 k
python3-invoke noarch 1.5.0-1.uel20.01 UnionTechOS-Server-20-everything 267 k
python3-jinja2 noarch 2.11.2-2.uel20 UnionTechOS-Server-20-everything 223 k
python3-jmespath noarch 0.9.0-11.uel20 UnionTechOS-Server-20-everything 42 k
python3-markupsafe x86_64 1.1.1-1.uel20 UnionTechOS-Server-20-everything 28 k
python3-pyasn1 noarch 0.4.8-1.uel20 UnionTechOS-Server-20-everything 136 k
python3-pycparser noarch 2.20-2.uel20 UnionTechOS-Server-20-everything 155 k
python3-pynacl x86_64 1.2.1-5.uel20 UnionTechOS-Server-20-everything 76 k
python3-pyyaml x86_64 5.3.1-4.uel20 UnionTechOS-Server-20-everything 188 k
sshpass x86_64 1.06-8.uel20 UnionTechOS-Server-20-everything 24 k
Installing weak dependencies:
python3-paramiko noarch 2.7.2-2.uel20 UnionTechOS-Server-20-everything 289 k
Transaction Summary
=================================================================================================================================================================================================================================================
Install 17 Packages
Total download size: 26 M
Installed size: 135 M
Downloading Packages:
(1/17): libsodium-1.0.18-1.uel20.x86_64.rpm 177 kB/s | 152 kB 00:00
(2/17): python3-asn1crypto-1.4.0-1.uel20.noarch.rpm 108 kB/s | 181 kB 00:01
(3/17): python3-bcrypt-3.2.0-1.uel20.x86_64.rpm 8.1 kB/s | 40 kB 00:04
(4/17): python3-cffi-1.14.1-1.uel20.x86_64.rpm 25 kB/s | 236 kB 00:09
(5/17): python3-cryptography-3.3.1-1.uel20.x86_64.rpm 31 kB/s | 402 kB 00:12
(6/17): python3-invoke-1.5.0-1.uel20.01.noarch.rpm 31 kB/s | 267 kB 00:08
(7/17): python3-jinja2-2.11.2-2.uel20.noarch.rpm 22 kB/s | 223 kB 00:10
(8/17): python3-jmespath-0.9.0-11.uel20.noarch.rpm 10 kB/s | 42 kB 00:04
(9/17): python3-markupsafe-1.1.1-1.uel20.x86_64.rpm 4.4 kB/s | 28 kB 00:06
(10/17): python3-paramiko-2.7.2-2.uel20.noarch.rpm 25 kB/s | 289 kB 00:11
(11/17): python3-pyasn1-0.4.8-1.uel20.noarch.rpm 17 kB/s | 136 kB 00:07
(12/17): python3-pycparser-2.20-2.uel20.noarch.rpm 28 kB/s | 155 kB 00:05
(13/17): python3-pynacl-1.2.1-5.uel20.x86_64.rpm 13 kB/s | 76 kB 00:05
(14/17): python3-pyyaml-5.3.1-4.uel20.x86_64.rpm 31 kB/s | 188 kB 00:06
(15/17): sshpass-1.06-8.uel20.x86_64.rpm 5.3 kB/s | 24 kB 00:04
(16/17): python3-babel-2.8.0-3.uel20.noarch.rpm 35 kB/s | 6.1 MB 02:58
(17/17): ansible-2.9.11-1.uel20.noarch.rpm 87 kB/s | 17 MB 03:22
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 130 kB/s | 26 MB 03:22
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-jmespath-0.9.0-11.uel20.noarch 1/17
Installing : sshpass-1.06-8.uel20.x86_64 2/17
Installing : python3-pyyaml-5.3.1-4.uel20.x86_64 3/17
Installing : python3-pycparser-2.20-2.uel20.noarch 4/17
Installing : python3-cffi-1.14.1-1.uel20.x86_64 5/17
Installing : python3-bcrypt-3.2.0-1.uel20.x86_64 6/17
Installing : python3-pyasn1-0.4.8-1.uel20.noarch 7/17
Installing : python3-markupsafe-1.1.1-1.uel20.x86_64 8/17
Installing : python3-invoke-1.5.0-1.uel20.01.noarch 9/17
Installing : python3-babel-2.8.0-3.uel20.noarch 10/17
Installing : python3-jinja2-2.11.2-2.uel20.noarch 11/17
Installing : python3-asn1crypto-1.4.0-1.uel20.noarch 12/17
Installing : python3-cryptography-3.3.1-1.uel20.x86_64 13/17
Installing : libsodium-1.0.18-1.uel20.x86_64 14/17
Installing : python3-pynacl-1.2.1-5.uel20.x86_64 15/17
Installing : python3-paramiko-2.7.2-2.uel20.noarch 16/17
Installing : ansible-2.9.11-1.uel20.noarch 17/17
Running scriptlet: ansible-2.9.11-1.uel20.noarch 17/17
Verifying : ansible-2.9.11-1.uel20.noarch 1/17
Verifying : libsodium-1.0.18-1.uel20.x86_64 2/17
Verifying : python3-asn1crypto-1.4.0-1.uel20.noarch 3/17
Verifying : python3-babel-2.8.0-3.uel20.noarch 4/17
Verifying : python3-bcrypt-3.2.0-1.uel20.x86_64 5/17
Verifying : python3-cffi-1.14.1-1.uel20.x86_64 6/17
Verifying : python3-cryptography-3.3.1-1.uel20.x86_64 7/17
Verifying : python3-invoke-1.5.0-1.uel20.01.noarch 8/17
Verifying : python3-jinja2-2.11.2-2.uel20.noarch 9/17
Verifying : python3-jmespath-0.9.0-11.uel20.noarch 10/17
Verifying : python3-markupsafe-1.1.1-1.uel20.x86_64 11/17
Verifying : python3-paramiko-2.7.2-2.uel20.noarch 12/17
Verifying : python3-pyasn1-0.4.8-1.uel20.noarch 13/17
Verifying : python3-pycparser-2.20-2.uel20.noarch 14/17
Verifying : python3-pynacl-1.2.1-5.uel20.x86_64 15/17
Verifying : python3-pyyaml-5.3.1-4.uel20.x86_64 16/17
Verifying : sshpass-1.06-8.uel20.x86_64 17/17
Installed:
ansible-2.9.11-1.uel20.noarch libsodium-1.0.18-1.uel20.x86_64 python3-asn1crypto-1.4.0-1.uel20.noarch python3-babel-2.8.0-3.uel20.noarch python3-bcrypt-3.2.0-1.uel20.x86_64 python3-cffi-1.14.1-1.uel20.x86_64
python3-cryptography-3.3.1-1.uel20.x86_64 python3-invoke-1.5.0-1.uel20.01.noarch python3-jinja2-2.11.2-2.uel20.noarch python3-jmespath-0.9.0-11.uel20.noarch python3-markupsafe-1.1.1-1.uel20.x86_64 python3-paramiko-2.7.2-2.uel20.noarch
python3-pyasn1-0.4.8-1.uel20.noarch python3-pycparser-2.20-2.uel20.noarch python3-pynacl-1.2.1-5.uel20.x86_64 python3-pyyaml-5.3.1-4.uel20.x86_64 sshpass-1.06-8.uel20.x86_64
Complete!
[root@server1 ~]#
2.对自己做免密配置
[root@server1 ~]# ssh-copy-id root@server1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'server1 (192.168.122.1)' can't be established.
ECDSA key fingerprint is SHA256:TWajqYQ0cY7n48NQANig8R2qvjcRIDQagMvYot7yIT4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
UnionTech OS Server 20 1050e
root@server1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@server1'"
and check to make sure that only the key(s) you wanted were added.
[root@server1 ~]# ssh root@server1
UnionTech OS Server 20 1050e
Authorized users only. All activities may be monitored and reported.
Last login: Tue Nov 14 15:18:38 2023 from 192.168.3.1
Welcome to 4.19.90-2201.4.0.0135.up1.uel20.x86_64
System information as of time: 2023年 11月 14日 星期二 20:53:43 CST
System load: 0.01
Processes: 202
Memory used: 58.1%
Swap used: 0.2%
Usage On: 10%
IP address: 192.168.3.5
IP address: 192.168.122.1
IP address: 172.17.0.1
Users online: 3
[root@server1 ~]# exit
注销
Connection to server1 closed.
[root@server1 ~]# ssh root@server2
UnionTech OS Server 20 1050e
Authorized users only. All activities may be monitored and reported.
Last login: Tue Nov 14 15:18:29 2023 from 192.168.122.1
Welcome to 4.19.90-2201.4.0.0135.up1.uel20.x86_64
System information as of time: 2023年 11月 14日 星期二 20:53:41 CST
System load: 0.00
Processes: 121
Memory used: 13.2%
Swap used: 0.0%
Usage On: 6%
IP address: 192.168.122.2
Users online: 2
免密已经成功了
3.修改ansiable host配置对服务器进行分组
- 在/etc/ansible/hosts最下方新增一下组别和服务器名
结果如下
[root@server1 ~]# vi /etc/ansible/hosts
[root@server1 ~]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com
[web]
server1
[db]
server2
4.测试:对所有服务器进行ping命令
root@server1 ~]# ansible all -m ping
[WARNING]: Platform linux on host server2 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
server2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[WARNING]: Platform linux on host server1 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
server1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
5.写playbook
vi install_php_fpm.yml
内容如下:
---
- hosts: web
user: root
tasks:
- name: install php-fpm
yum:
name: php-fpm
state: present
- name: start php-fpm
service:
name: php-fpm
state: started
enable: yes
[root@server1 ~]# vi install_php_fpm.yml
[root@server1 ~]# cat install_php_fpm.yml
---
- hosts: web
tasks:
- name: install php
yum:
name: "{{item}}"
state: present
loop:
- php-fpm
- samba
- name: start php
service:
name: php-fpm
state: started
enabled: yes
- name: start smb
service:
name: smb
state: started
enabled: yes
- hosts: db
tasks:
- name: install mariadb
yum:
name: mariadb-server
state: present
- name: start mariadb
service:
name: mariadb
state: started
enabled: yes
[root@server1 ~]# ansible-playbook --syntax-check install_php_fpm.yml
playbook: install_php_fpm.yml
6.执行我们写的playbook脚本
[root@server1 ~]# ansible-playbook install_php_fpm.yml -e "ansible_python_interpreter=/usr/bin/python3"
PLAY [web] **************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************************************************************************************************
ok: [server1]
TASK [install php] ******************************************************************************************************************************************************************************************************************************
ok: [server1] => (item=php-fpm)
changed: [server1] => (item=samba)
TASK [start php] ********************************************************************************************************************************************************************************************************************************
ok: [server1]
TASK [start smb] ********************************************************************************************************************************************************************************************************************************
changed: [server1]
PLAY [db] ***************************************************************************************************************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************************************************************************************************
ok: [server2]
TASK [install mariadb] **************************************************************************************************************************************************************************************************************************
changed: [server2]
TASK [start mariadb] ****************************************************************************************************************************************************************************************************************************
changed: [server2]
PLAY RECAP **************************************************************************************************************************************************************************************************************************************
server1 : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
server2 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@server1 ~]#
7.验证
[root@server1 ~]# rpm -qc php-fpm
/etc/httpd/conf.d/php.conf
/etc/logrotate.d/php-fpm
/etc/nginx/conf.d/php-fpm.conf
/etc/nginx/default.d/php.conf
/etc/php-fpm.conf
/etc/php-fpm.d/www.conf
[root@server1 ~]# systemctl status php-fpm
● php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2023-11-15 00:14:45 CST; 4min 33s ago
Main PID: 22863 (php-fpm)
Status: "Processes active: 0, idle: 5, Requests: 0, slow: 0, Traffic: 0req/sec"
Tasks: 6
Memory: 16.1M
CGroup: /system.slice/php-fpm.service
├─22863 php-fpm: master process (/etc/php-fpm.conf)
├─22864 php-fpm: pool www
├─22865 php-fpm: pool www
├─22866 php-fpm: pool www
├─22867 php-fpm: pool www
└─22868 php-fpm: pool www
11月 15 00:14:45 server1 systemd[1]: Starting The PHP FastCGI Process Manager...
11月 15 00:14:45 server1 systemd[1]: Started The PHP FastCGI Process Manager.
[root@server1 ~]#