自动化运维工具ansible的基本应用
在不少场景中咱们都须要在多个主机上执行相同的命令或者是作相同的配置工做,此时,为了简化操做,咱们能够借助一些自动化的工具来完成咱们的需求,这种工具咱们称之为自动化运维工具。ansible就是其中之一,下面咱们就来用ansible来实现一些简单操做。html
下面是ansible能够实现不少工具的功能,框架图以下所示:ansible不能实现操做系统的安装node
ansible做者就是早期puppet和func的维护者之一,由于ansible充分吸收了puppet和func的优点,又力图避免他们的劣势。python
OS Provisioning
PXE,cobbler
OS config
cfengine,puppet,saltstack, chef
Deployment
func(ssl)
fabric(ssh)
ansible(既具备OS config的功能又具备Deployment功能)mysql
如何指挥一台主机上实现控制多台主机运行相同的命令?要指挥其余系统工做不只仅是非特权的操做,好比建立一个帐号,这一般都是和系统安全密切相关的。因此这种远程指挥工具,必须使用一种很是安全的方式进行。如何实现呢?web
1.基于ssl加密远程链接;redis
2.基于ssh远程发送控制指令,让对方接收指令并运行; sql
基于ssl来如何实现?都会事先要求被管理端安装上一个应用程序,应用程序自己以特权方式运行,可以接收控制端两者可以对接的应用程序所发来的指令,并接收到指令在本地运行,并把运行的结果反馈给指令发送端,须要一种专门的程序在被控制端上可以接收控制端所发来的各类指令而且将指令运行后的结果反馈给控制端的程序称为控制程序的agent。agent之间的通讯就是经过ssl加密,工做机制就是https协议,虽然使用https协议但其并非一个http服务器。
shell
若是不指望也不须要依赖于被控制安装一个agent的话,能够基于ssh来实现,意味着被控制端都运行着ssh服务,而这里所谓的远程控制端则以ssh客户端的方式向服务器端发起请求。服务器接收到请求后并运行。ssh链接每次都须要认证,ssh支持密钥认证,也能够都使用基于密钥认证,就不用输入密码了。json
运维工具
基于agent:一般基于ssl实现,例如puppet, funct等
基于agentless:一般基于ssh实现,例如fabric, ansible等
这些工具都具备
幂等性:(同一个操做执行多半获得的结果是相同的)
指望状态:(只提供条件给ansible,至于实现过程由执行条件来自动完成,)
Several Tools In One
Conguration (cfengine, Chef, Puppet)
Deployment (Capistrano, Fabric)
Ad-Hoc Tasks (Func)
Multi-tier Orchestration (Juju, sort of)
ansible 特性
Minimal learning curve, auditability (学习曲线低)
No bootstrapping
No DAG ordering, Fails Fast
No agents (other than sshd) – 0 resource consumptionwhen not in use
No server
No additional PKI
Modules in any language
YAML, not code
SSH by default
Strong multi-tier solutionbootstrap
ansible是基于模块工做的,他的每一种功能都依赖于模块,ansible自身只是一个框架,它可以指挥着远程主机作某些操做,可是每个特定操做都须要模块来实现,好比依赖yum模块,可让远程工具用yum源的方式安装应用程序或者卸载应用程序,能够基于command模块让远程主机执行命令等。
若是须要让远程主机同时运行多个任务,此时就须要多项配置,这多项配置能够定义在一个文本文件中,让ansible经过读取这个文件一次性把任务都执行完,而此文件就叫playbook(剧本),playbook是yaml格式的,可是yaml只是所谓的文档格式。
ansible的架构
ansible是经过指挥着多个远程主机来完成运维工做,hostX是远程主机(被指挥段),ansible链接每个被指挥端让其可以工做时,是使用链接插件(Connection Plugins)向每个被控制端发起链接请求,这个链接请求是ssh的,ansible须要读取配置文件,在配置文件中事先定义好有主机组,这些主机组都是分别作不一样的功用的,就要依赖于(Host Inventory),这个文件能够静态的(手动编写好)也能够动态生成,这个文件中把主机事先分好组,然后使用ansible指挥操做时,ansible会自动读取那个配置文件,去获取指定组名下都有哪些主机然后仅去链接所指定的组名下的主机,在默认状况ansible只控制5台节点,5个完成后就接着去执行下面的5个,一批一批去执行,要改变其值能够本身设定,ansible模块有两类:核心模块、自定义模块(可使用多种语言开发属于本身的模块),【工做过程:用户指定主机,ansible读取Inventory获取主机,而后去链接主机,而且借助模块,经过Connection Plugins向主机发送指令,每个节点运行指令,并返回结果】,要使用其余什么功能均可以经过加载对应的插件来实现。
ansible是基于Python研发的,官方站点:www.ansible.com/home,Linux下centos 6.6在epel源上提供了其rpm包,查看一下
ansible.noarch 1.9.0.1-2.el6 epel
此处yum源为阿里云的配置以下:
[epel]
nama=epel package
baseurl=http://mirrors.aliyun.com/epel/6/x86_64/
gpgcheck=1
enabled=1
gpgkey=http://mirrors.aliyun.com/epel/RPM-GPG-KEY-EPEL-6
使用ansible实现的简单架构:
这里的实验中nodeX和hostname是对应的
在node1上安装ansible
[root@node1 ~]# yum install ansible -y
Installed: 安装的包
ansible.noarch 0:1.9.0.1-2.el6
Dependency Installed: 安装依赖的包
PyYAML.x86_64 0:3.10-3.1.el6 libyaml.x86_64 0:0.1.3-4.el6_6
python-babel.noarch 0:0.9.4-5.1.el6 python-crypto.x86_64 0:2.0.1-22.el6
python-crypto2.6.x86_64 0:2.6.1-2.el6 python-httplib2.noarch 0:0.7.7-1.el6
python-jinja2.x86_64 0:2.2.1-2.el6_5 python-keyczar.noarch 0:0.71c-1.el6
python-paramiko.noarch 0:1.7.5-2.1.el6 python-pyasn1.noarch 0:0.0.12a-1.el6
python-setuptools.noarch 0:0.6.10-3.el6 python-simplejson.x86_64 0:2.0.9-3.1.el6
查看安装ansible生成了哪些文件
[root@node1 ~]# rpm -ql ansible | less
/etc/ansible
/etc/ansible/ansible.cfg 主配置文件
/etc/ansible/hosts 主机分组定义的文件
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-doc
/usr/bin/ansible-galaxy
/usr/bin/ansible-playbook 运行定义好的playbook程序
/usr/bin/ansible-pull 工做在推送模式
/usr/bin/ansible-vault 把playbook文件解密存放的
。。。。。
查看ansible命令的使用
[root@node1 ~]# ansible -h
Usage: ansible <host-pattern> [options]
<hostpattern> 主机模式
host-pattern
A name of a group in the inventory file, a shell-like glob selecting hosts in inventory file, or any combination of the two separated by semicolons.
-k, --ask-pass ask for SSH password 提示用户输入密码
-a 'ARGUMENTS', --args='ARGUMENTS' The ARGUMENTS to pass to the module.
经常使用模块:
command 这里不能执行管道
user
copy
cron
file
filesystem
group
hostname
ping
yum
service
shell
script
/etc/ansible/hosts 文件的说明必定要注意此文件的属性
[root@node1 ~]# ls -l /etc/ansible/hosts
-rw-r--r-- 1 root root 965 Mar 26 10:25 /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments be=ginwith the '#' character
# - Blank linesare ignored
# - Groups of hosts are delimited by [header] elements
# - You canenter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers. 没有分组的定义
# Ex 2: A collection of hosts belonging to the'webservers' group这里是经过分组定义的
[webservers]
# If you have multiple hosts following a pattern you can specify 分组定义中的模式匹配
# them like this:
www[001:006].example.com 表示www.001.example.com到www.006.example.com是指定范文匹配的
修改文件自定义,先备份文件,后删除所有内容,添加以下
[constrol]
192.168.21.234
192.168.21.230
同一个主机能够在多个组中定义的
[root@node1 ~]# cp /etc/ansible/hosts /etc/ansible/hosts.bak
[root@node1 ~]# vim /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234
192.168.21.230
#ansible <host pattern> [-m MODULE] -a 'MODULE_ARGS'
链接执行date命令
[root@node1 ~]# ansible constrol -m command -a 'date'
The authenticity of host '192.168.21.230 (192.168.21.230)' can't be established.
RSA key fingerprint is 4f:33:a8:ce:34:20:2f:04:3b:ad:c9:26:f4:bd:d0:f5.
Are you sure you want to continue connecting (yes/no)? yes
192.168.21.230 | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
while connecting to 192.168.21.230:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
The authenticity of host '192.168.21.234 (192.168.21.234)' can't be established.
RSA key fingerprint is 30:43:cb:45:98:67:51:e5:36:82:e6:62:03:5e:98:fc.
Are you sure you want to continue connecting (yes/no)? yes
192.168.21.234 | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
while connecting to 192.168.21.234:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
SSH链接期间遇到了一个未知错误。咱们建议您使用-vvvv从新运行命令,这将使SSH调试输出来帮助诊断问题
使用ansible constrol -m command -a 'date' –vvvv能够查看详细的帮助信息
默认须要基于密钥方式来认证,-k指定须要基于口令来进行认证
[root@node1 ~]# ansible constrol -m command -a 'date' -k
SSH password:
192.168.21.234 | FAILED => to use the 'ssh' connection type with passwords, you must install the sshpass program
192.168.21.230 | FAILED => to use the 'ssh' connection type with passwords, you must install the sshpass program
提示须要安装sshpass,安装sshpass,sshpass也是epel源提供的
[root@node1 ~]# yum install -y sshpass
[root@node1 ~]# ansible constrol -m command -a 'date' -k
SSH password: 注意由于此处两端的口令同样,因此只提示一次,不同的话会提示两次
192.168.21.230 | success | rc=0 >>
Tue Apr 7 01:11:47 CST 2015
192.168.21.234 | success | rc=0 >>
Mon Apr 13 03:12:42 CST 2015
被控制节点ip 执行成功 成功码显示
在主控节点上显示被控制节点上磁盘使用状况
[root@node1 ~]# ansible constrol -m command -a 'df -lhP' -k
SSH password:
192.168.21.234 | success | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_lvm-lv1 20G 1.8G 17G 10% /
tmpfs 491M 0 491M 0% /dev/shm
/dev/sda1 190M 27M 153M 16% /boot
/dev/mapper/vg_lvm-lv2 9.8G 112M 9.2G 2% /var
192.168.21.230 | success | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_lvm-lv1 20G 814M 18G 5% /
tmpfs 491M 0 491M 0% /dev/shm
/dev/sda1 190M 27M 153M 15% /boot
/dev/mapper/vg_lvm-lv2 9.8G 110M 9.2G 2% /var
如今每次发送到被控节点上执行的指令都会提示说输入口令,咱们把口令在配置文件中指定就不用每次都输入了,修改/etc/ansible/hosts文件指定密码选项 ansible_ssh_pass=password
咱们的密码为123456,因此修改后以下:
[root@node1 ~]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234 ansible_ssh_pass=123456
192.168.21.230 ansible_ssh_pass=123456
此时不须要-k选项,不用输入密码了,使用指定用户登陆能够用选项ansible_ssh_user=xxx,使用指定非标准端口ansible_ssh_port=xxx,显示各节点的date
[root@node1 ~]# ansible constrol -m command -a 'date'
192.168.21.234 | success | rc=0 >>
Mon Apr 13 03:21:15 CST 2015
192.168.21.230 | success | rc=0 >>
Tue Apr 7 01:20:20 CST 2015
在理时间不一样步,使用ntpdate同步一下时间,时间服务器能够选择网络上的时间服务器,这里咱们用的是time.windows.com
node三、node4节点都使用# crontab -e 添加以下内容
1 * * * * /usr/sbin/ntpdate time.windows.com > /dev/null 每小时同步一下时间,并把输出重定向到/dev/null上。
在远程主机上建立用户
[root@node1 ~]# ansible control -m command -a 'useradd openstack'
No hosts matched 这里若是hosts文件中不匹配也会提示的
[root@node1 ~]# ansible constrol -m command -a 'useradd openstack'
192.168.21.234 | success | rc=0 >>
192.168.21.230 | success | rc=0 >>
查看用户是否建立成功
[root@node1 ~]# ansible constrol -m command -a 'tail -3 /etc/passwd'
192.168.21.230 | success | rc=0 >>
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
openstack:x:500:500::/home/openstack:/bin/bash
192.168.21.234 | success | rc=0 >>
tcpdump:x:72:72::/:/sbin/nologin
mysql:x:498:498::/home/mysql:/sbin/nologin
openstack:x:500:500::/home/openstack:/bin/bash 发现用户已经成建立了
给用户指定密码
[root@node1 ~]# ansible constrol -m command -a 'echo "puppet" | passwd --stdin openstack'
192.168.21.234 | success | rc=0 >>
puppet | passwd --stdin openstack
192.168.21.230 | success | rc=0 >>
puppet | passwd --stdin openstack
[root@node1 ~]# ansible constrol -m command -a 'tail -3 /etc/shadow'
192.168.21.230 | success | rc=0 >>
sshd:!!:16519::::::
tcpdump:!!:16519::::::
openstack:!!:16531:0:99999:7::: 发现此时远程主机上没有设置好密码,上面命令只是显示而已,其实建立用户和密码有专门的模块实现的
192.168.21.234 | success | rc=0 >>
tcpdump:!!:16525::::::
mysql:!!:16525::::::
openstack:!!:16537:0:99999:7:::
获取模块帮助:
man ansible-doc -l
NAME
ansible-doc - show documentation on Ansible modules
SYNOPSIS
ansible-doc [-M module_path] [-l] [-s] [module...]
-l, --list=
Produce a terse listing of modules and a short description of each.
-s, --snippet Show playbook snippet for specified module(s)
[root@node1 ~]# ansible-doc -l
a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
acl Sets and retrieves file ACL information.
add_host add a host (and alternatively a group) to the ansible-playbook in-m...
airbrake_deployment Notify airbrake about app deployments
....................
ansible-doc MODULE_NAME回车后就会显示对应模块的使用帮助
[root@node1 ~]# ansible-doc command
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
> COMMAND
The [command] module takes the command name followed by a list of
space-delimited arguments. The given command will be executed on all
selected nodes. It will not be processed through the shell, so
variables like `$HOME' and operations like `"<"', `">"', `"|"', and
`"&"' will not work (use the [shell] module if you need these
features).
Options (= is mandatory):
- chdir
cd into this directory before running the command [Default:
None]
- creates
a filename, when it already exists, this step will *not* be
run. [Default: None]
。。。。。。。。。。
user模块查看帮助
[root@node1 ~]# ansible-doc user
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
> USER
Manage user accounts and user attributes.
Options (= is mandatory):
- append
If `yes', will only add groups, not set them to just the list
in `groups'. (Choices: yes, no) [Default: no]
- comment
Optionally sets the description (aka `GECOS') of user account.
。。。。。。。。。。。。。。
后面还有实例
EXAMPLES:
# Add the user 'johnd' with a specific uid and a primary group of 'admin'
- user: name=johnd comment="John Doe" uid=1040 group=admin
# Add the user 'james' with a bash shell, appending the group 'admins' and 'developers' to the user's
- user: name=james shell=/bin/bash groups=admins,developers append=yes
# Remove the user 'johnd'
- user: name=johnd state=absent remove=yes
# Create a 2048-bit SSH key for user jsmith in ~jsmith/.ssh/id_rsa
- user: name=jsmith generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
用openssl生成随机的salt
[root@node1 ~]# openssl rand -hex 4
98a4afbe
生成加密后的密码
[root@node1 ~]# openssl passwd -1 -salt `openssl rand -hex 4`
Password:
$1$653fbb05$asLazeKl3u0SNit6lZWOe.
以密码为参数经过user模块来传递过去
[root@node1 ~]# ansible constrol -m user -a 'name=openstack password=$1$653fbb05$asLazeKl3u0SNit6lZWOe.'
192.168.21.230 | success >> {
"append": false,
"changed": true,
"comment": "",
"group": 500,
"home": "/home/openstack",
"move_home": false,
"name": "openstack",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 500
}
192.168.21.234 | success >> {
"append": false,
"changed": true,
"comment": "",
"group": 500,
"home": "/home/openstack",
"move_home": false,
"name": "openstack",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 500
}
查看发现密码已经生成了
[root@node1 ~]# ansible constrol -m command -a 'tail -3 /etc/shadow'
192.168.21.234 | success | rc=0 >>
tcpdump:!!:16525::::::
mysql:!!:16525::::::
openstack:$1$653fbb05$asLazeKl3u0SNit6lZWOe.:16538:0:99999:7:::
192.168.21.230 | success | rc=0 >>
sshd:!!:16519::::::
tcpdump:!!:16519::::::
openstack:$1$653fbb05$asLazeKl3u0SNit6lZWOe.:16538:0:99999:7:::
官网下ansible的全部模块列表
http://docs.ansible.com/list_of_all_modules.html
在hosts文件中指定用户和密码,修改后以下所示
[root@node1 ~]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234 ansible_ssh_user=openstack ansible_ssh_pass=zabbix
192.168.21.230 ansible_ssh_pass=123456
查看系统上当前运行的用户是谁whoami
[root@node1 ~]# ansible constrol -m command -a 'whoami'
192.168.21.230 | success | rc=0 >>
root
192.168.21.234 | success | rc=0 >>
openstack
各经常使用模块
command 默认
#ansible constrol –m command –a ‘date’
user
Manage user accounts and userattributes. 管理用户帐号和用户属性
#ansible constrol –m user –a ‘name=fedora password=xxxx’
copy Copiesfiles to remote locations.
The [copy] module copies a fileon the local box to remote locations. Use the [fetch]module to copy files from remote locations to the local box.
#ansibleconstrol –m copy –a ‘src=how.txt dest=/tmp’
cron 定义管理任务计划 Manage cron.d andcrontab entries.
#ansible constrol -m cron -a 'name="print info" minute="*/3"job="echo How are you. >> /tmp/echo.txt'
file Sets attributes offiles
file:src=/file/to/link/to dest=/path/to/symlink owner=foo group=foo state=link 建立符号连接的
state 若是是If `absent',directorieswill be recursively deleted, and files or symlinkswill be unlinked.
#ansiblecontrol –m file –a ‘dest=/tmp/you state=absent’ 会删除文件
filesystem Makes file system on block device
#Create a ext2 filesystem on /dev/sdb1.
- filesystem:fstype=ext2 dev=/dev/sdb1
group Add or remove groups
hostname
ping
Try to connect to host and return `pong' onsuccess.,探测主机是否在线
#ansibleconstrol –m ping
yum
Installs, upgrade, removes, andlists packages and groups with the
`yum' package manager.
#ansibleconstrol –m yum –a ‘name=tree state=present’
service Controls services on remote hosts.
#Example action to enable service httpd, and not touch the running state
- service:name=httpd enabled=yes(enabled开机是否自动启动)
#ansible constrol–m service –a ‘name=httpd state=restart’
shell
#ansible constrol -m shell -a 'name=fedora password=fedora'
script
#ansibleconstrol –m script –a ‘/root/xxx.sh’
copy模块使用
[root@node1 ~]# ansible-doc copy
> COPY
The [copy]module copies a file on the local box to remote locations. Usethe [fetch] module to copy files from remote locations tothe local box.
Options (= is mandatory): (”=”号开头的是必须的)
目标
= dest
Remoteabsolute path where the file should be copied to. If src is adirectory, this must be a directory too. [Default:None] 远程节点的位置(绝对路径)
源
- src
Localpath to a file to copy to the remote server; can be absoluteor relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contentsof that directory are copied to destination.
Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavioris similar to Rsync.[Default: None](可相对可绝对位置)
实例:
Notes: The"copy" module recursively copy facility does not scale to lots
(>hundreds) of files. For alternative, see synchronize module,which is a wrapper around rsync.
# Example from Ansible Playbooks
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.confowner=foo group=foo mode=0644
# The same example as above, but using a symbolic modeequivalent to 0644
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.confowner=foo group=foo mode="u=rw,g=r,o=r"
# Another symbolic mode example, adding somepermissions and removing others
- copy: src=/srv/myfiles/foo.conf dest=/etc/foo.confowner=foo group=foo mode="u+rw,g-wx,o-rwx"
# Copy a new "ntp.conf file into place, backing upthe original if it differs from the copied version
- copy: src=/mine/ntp.conf dest=/etc/ntp.confowner=root group=root mode=644 backup=yes
# Copy a new "sudoers" file into place, afterpassing validation with visudo
- copy: src=/mine/sudoers dest=/etc/sudoersvalidate='visudo -cf %s'
新增一个复制的文件
root@node1 ~]# echo "The is new start." > start.txt
[root@node1 ~]# ansible constrol -m copy -a 'src=/root/start.txt dest=/tmp/'复制到/tmp目录下
192.168.21.230 | success >> {
"changed": true,
"checksum": "22be61e943af70c7ff8ae394428f195aaa72d10a",
"dest": "/tmp/start.txt",
"gid": 0,
"group": "root",
"md5sum": "589e84da9cb01000f0fccba722b6f4c2",
"mode": "0644",
"owner": "root",
"size": 18,
"src": "/root/.ansible/tmp/ansible-tmp-1427606759.7-78904826422288/source",
"state": "file",
"uid": 0
}
192.168.21.234 | success >> {
"changed": true,
"checksum": "22be61e943af70c7ff8ae394428f195aaa72d10a",
"dest": "/tmp/start.txt",
"gid": 500,
"group": "openstack",
"md5sum": "589e84da9cb01000f0fccba722b6f4c2",
"mode": "0664",
"owner": "openstack",
"size": 18,
"src": "/home/openstack/.ansible/tmp/ansible-tmp-1427606759.7-97947262909113/source",
"state": "file",
"uid": 500
}
[root@node1 ~]# ansible constrol -m command -a 'cat /tmp/start.txt' 查看复制成功了
192.168.21.230 | success | rc=0 >>
The is new start.
192.168.21.234 | success | rc=0 >>
The is new start.
使用基于密钥的方式认证登陆
[root@node1 ~]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
11:b5:f7:85:ec:64:b1:b4:95:0b:e6:1c:48:0f:04:32 root@node1
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| E.o=+. o o|
| o. oo* B |
| . . =.X o|
| . . B o |
| S o |
| |
| |
| |
| |
+-----------------+
修改配置文件hosts
[root@node1 ~]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234 ansible_ssh_pass=123456
192.168.21.230 ansible_ssh_pass=123456
[root@node1 ~]# ansible constrol -m copy -a 'src=/root/.ssh/id_rsa.pub dest=/root/.ssh/authorized_keys owner=root group=root mode=0600'
192.168.21.234 | success >> {
"changed": true,
"checksum": "062161f3b71748dfd975c8c4c4fce4fd4f935734",
"dest": "/root/.ssh/authorized_keys",
"gid": 0,
"group": "root",
"md5sum": "ad2489d1b76241e939c92001ac2a54c1",
"mode": "0600",
"owner": "root",
"size": 392,
"src": "/root/.ansible/tmp/ansible-tmp-1427607180.58-136701398329016/source",
"state": "file",
"uid": 0
}
192.168.21.230 | FAILED >> {
"checksum": "062161f3b71748dfd975c8c4c4fce4fd4f935734",
"failed": true,
"msg": "Destination directory /root/.ssh does not exist" 目录不存在
}
[root@node1 ~]# ansible constrol -m command -a 'mkdir /root/.ssh'
192.168.21.230 | success | rc=0 >>
192.168.21.234 | FAILED | rc=1 >>
mkdir: cannot create directory `/root/.ssh': File exists
[root@node1 ~]# ansible constrol -m copy -a 'src=/root/.ssh/id_rsa.pub dest=/root/.ssh/authorized_keys owner=root group=root mode=0600'
此时ok了,既然是部署好了基于密钥方式认证,那么把hosts文件中的ansible_ssh_pass删除,以下
[root@node1 ~]# ansible all -a 'date'(all是全部主机)执行过程的详细信息可经过加-vvvv选项
192.168.21.230 | success | rc=0 >>
Mon Apr 13 18:32:55 CST 2015
192.168.21.234 | success | rc=0 >>
Mon Apr 13 18:32:55 CST 2015
[root@node1 ~]# vim /etc/ansible/hosts
[root@node1 ~]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
[constrol]
192.168.21.234
192.168.21.230
[root@node1 ~]# ansible all -a 'date' 发现ok了
192.168.21.230 | success | rc=0 >>
Mon Apr 13 18:33:26 CST 2015
192.168.21.234 | success | rc=0 >>
Mon Apr 13 18:33:31 CST 2015
配置文件部份内容
[root@node1 ~]# cat /etc/ansible/ansible.cfg
# config file for ansible -- http://ansible.com/
# ==============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
inventory = /etc/ansible/hosts
#library = /usr/share/my_modules/
remote_tmp = $HOME/.ansible/tmp
pattern = *
forks = 5 每次能够处理的批量主机个数
poll_interval = 15
sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
transport = smart
#remote_port = 22 远程端口
。。。。。。。。。。
ping模块,查看远程主机是否在线
[root@node1 ~]# ansible-doc ping
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
> PING
A trivial test module, this module always returns `pong' on
successful contact. It does not make sense in playbooks, but it is
useful from `/usr/bin/ansible'
EXAMPLES:
# Test 'webservers' status
ansible webservers -m ping
[root@node1 ~]# ansible constrol -m ping
192.168.21.230 | success >> {
"changed": false,
"ping": "pong"
}
192.168.21.234 | success >> {
"changed": false,
"ping": "pong"
} ok了,都在线
本次ansible到此处结束,后面将介绍ansible的高级功能,使用playbook。欢迎关注
- 1. 自动化运维工具ansible的基本应用
- 2. 自动化运维工具-Ansible基础
- 3. 自动化运维工具Ansible工具
- 4. 常用自动化运维工具---Ansible
- 5. Ansible自动化运维工具使用
- 6. 自动化运维管理工具ansible
- 7. ansible自动化运维管理工具
- 8. 自动化运维工具之Ansible
- 9. 自动化运维工具ansible再探
- 10. ansible自动化运维工具(2)
- 更多相关文章...
- • Maven 自动化部署 - Maven教程
- • jQuery Mobile 工具栏 - jQuery Mobile 教程
- • PHP开发工具
- • Kotlin学习(二)基本类型
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. js中 charCodeAt
- 2. Android中通过ViewHelper.setTranslationY实现View移动控制(NineOldAndroids开源项目)
- 3. 【Android】日常记录:BottomNavigationView自定义样式,修改点击后图片
- 4. maya 文件检查 ui和数据分离 (一)
- 5. eclipse 修改项目的jdk版本
- 6. Android InputMethod设置
- 7. Simulink中Bus Selector出现很多? ? ?
- 8. 【Openfire笔记】启动Mac版Openfire时提示“系统偏好设置错误”
- 9. AutoPLP在偏好标签中的生产与应用
- 10. 数据库关闭的四种方式