101: 自动化运维saltstack ansible
自动运维化工具:saltstack ansible:python
传统运维效率低,大多工做人为完成;
传统运维工做繁琐,容易出错;
传统运维每日重复作相同的事情;
传统运维没有标准化流程;
传统运维的脚本繁多,不能方便管理;
自动化运维就是要解决上面全部问题;git
经常使用的自动化运维工具:适用于十多台 上百台 上千台等;github
puppet: (www.puppetlabs.com)
基于rubby开发,C/S架构,支持多平台,可管理配置文件,用户,crond任务,软件包,系统服务等,分为社区版和企业版(收费,可是支持图形化);web
saltstack:https://saltstack.com 文档:docs.saltstack.comshell
基于python开发, C/S架构,多平台,比puppet轻量,在远程执行命令时很是快捷(由于它有消息队列,它是并行的,因此快,如expect是串行,一个一个执行,比较慢),配置和使用puppet容易多了,能实习puppet的全部功能;apache
ansible:www.ansible.comcentos
基于python开发,更加方便简洁的自动化运维工具,不须要在客户端安装anget,能够实现批量操做系统配置,批量程序部署,批量运行命令;bash
注释:saltstack与ansible相比,saltstack支持的机器更多,ansible是经过秘钥认证的方式来执行后面的命令,更改文件,安装服务呀;架构
一、ansible: 不须要安装客户端,经过sshd通讯,能够基于模块工做,支持命令行操做,也支持playbook,也支持UI WEB界面(收费的),运维
ansible被redhat公司收购,它在github的地址:htts://guhub.com/ansible/ansible
入门电子书:https://ansible-book.gitbooks.io/ansible-first-book/
安装:准备两台机器001(129) 和002(130) 03(131)
只须要在001上安装ansible就能够了:
固然也能够看到Centos自带的源里面的ansible的版本; yum list|grep ansible
[root@localhost_001 ~]# yum list|grep ansible ansible.noarch 2.7.2-1.el7 epel ansible-doc.noarch 2.7.2-1.el7 epel
1:安装: yum install -y ansible ansible-doc
[root@localhost_001 ~]# yum install -y ansible ansible-doc 已加载插件:fastestmirror
2:在001(129)机器上生成秘钥对,使用ssh-keygen -t rsa ,而后把公钥id_rs.pub放到002(130)机器和03(131)/root/.ssh/authorized_keys上了。
[root@localhost_001 ~]# ls /root/.ssh/ authorized_keys id_rsa id_rsa.pub known_hosts [root@localhost_001 ~]# cat /root/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7G1C6L20UA+jxG+2Umvx0KXex9xJNybaBXy6v1FiMA8xZpOzBd8++nndtNX8IpyiwaNls9l3LMUIn60WLMPuWOK91EpAVgUMHjtPQkPzB2qTb7ntg5GfOrRRCz+in96Z4cxhMHUh28gqsous83G0zaNI8XQ5RQIeUf0fIZ+9fxt/e4jIdmyf/01Ia96bW6rKQT6bWAXrOKQO5JhhG9u4GwYIsWJPkG+D4Mxa+Yah0ynTksORlBAsGmHz2vhbJQXhPkhs/XUUTw9lyjbt4cImj69TtZZdFWNAD4SBL+fXItr44v2KNasgBmBAOXJmdJg+NnfeAcwahm0B1p4BIIKMj root@localhost_001
注释:如上图,个人机器已经生成了,而后复制到002机器的/root/.ssh/authorzed_keys
2:守在001(129)机器上写入到/etc/hosts文件,用于在后面ansible的hosts定义;以下;
[root@localhost_001 ~]# cat /etc/hosts 127.0.0.1 localhost_001 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.149.130 localhost_002 192.168.149.131 localhost_03
3:测试是否能够远程到002(130) 和03(131)这台机器上来;
[root@localhost_001 ~]# ssh localhost_002 Last login: Fri Nov 23 16:43:31 2018 from 192.168.149.129 [root@localhost_002 ~]# exit 登出 Connection to localhost_002 closed. [root@localhost_001 ~]# ssh localhost_03 Last login: Fri Nov 23 16:51:30 2018 from 192.168.149.129 [root@localhost_03 ~]# exit 登出 Connection to localhost_03 closed.
4:编辑ansible的hosts文件,配置主机组: /etc/ansible/hosts
注释: 能够分红多个组,好比web组合db组等;每一组里有若干个机器,能够针对某个组去操做了;
[root@localhost_001 ~]# cat /etc/ansible/hosts # This is the default ansible 'hosts' file. ## green.example.com ## blue.example.com ## 192.168.100.1 ## 192.168.100.10 # Ex 2: A collection of hosts belonging to the 'webservers' group ## [webservers] ## alpha.example.org ## beta.example.org ## 192.168.1.100 ## 192.168.1.110 #本次新增内容:---------------------- [testhost] 127.0.0.1 localhost_002 #此处也能够写IP地址; [webserver] localhost_03 #此处也能够写IP地址; #新增内容结束------------------------------- # Ex 3: A collection of database servers in the 'dbservers' group ## [dbservers] ## db01.intranet.mydomain.net ## db02.intranet.mydomain.net ## 10.25.1.56 ## 10.25.1.57
注释:如上图示:新增两个组 [testhost] 和 [webserver],而后里定要操做的客户端,能够写IP地址,也能够写主机名(需提早在/etc/hosts下定义);
注释:对于001(129)本机,也须要把本身的/root/.ssh/id_rsa.pub复制到/root/.ssh/authorized_keys文件里面去;
一、ansible远程执行命令;
ansbile testhost -m command -a 'hostnamectl'
注释:ansible 后面跟组的名字(在/etc/ansible/hosts定义),这里是 testhost 为主机名;
-m 后面跟模块的名字,这里使用的command模块;
-a 后面跟的命令,也能够是 hostname mv cp w 等;
[root@localhost_001 ~]# ansible testhost -m command -a 'hostname' 127.0.0.1 | CHANGED | rc=0 >> localhost_001 localhost_002 | CHANGED | rc=0 >> localhost_002 [root@localhost_001 ~]# ansible localhost_03 -m command -a 'w' localhost_03 | CHANGED | rc=0 >> 17:18:41 up 38 min, 4 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 1311月18 9days 0.03s 0.03s -bash root pts/1 192.168.149.135 16:48 27:45 0.02s 0.02s -bash root pts/2 192.168.149.129 17:18 1.00s 0.19s 0.00s w
注释:如上,针对testhost这个组来执行命令以及针对localhost_03这台主机来执行命令;
同时还有一个shell模块,主要使用执行脚本的;命令格式以下;
ansible 192.168.149.132 -m shell -a 'w'
二、使用ansible复制和移动目录及文件; 也能够针对给一个组来复制;
在001(129)这台机器上复制/etc/ansible这个目录到002(130)这台机器上;
复制目录:ansible localhost_002 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=755"
[root@localhost_001 ~]# ansible localhost_002 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=755"
localhost_002 | CHANGED => {
"changed": true,
"dest": "tmp/ansibletest/",
"src": "/etc/ansible"
}
而后在002这台机器来查看,以下;
[root@localhost_002 ~]# ls /tmp/ansibletest/ ansible [root@localhost_002 ~]# ls /tmp/ansibletest/ansible/ ansible.cfg hosts roles
注释:当复制或移动的目录时,源目录会放到目标目录下,当目录目录不存在时,则会自动建立,若是存在,则直接放到该目录下;
复制文件: ansible localhost_002 -m copy -a "src=/etc/passwd dest=/tmp/passwd owner=root group=root mode=755"
在001(129)这台机器上操做;
[root@localhost_001 ~]# ansible localhost_002 -m copy -a "src=/etc/passwd dest=/tmp/passwd owner=root group=root mode=755"
localhost_002 | CHANGED => {
"changed": true,
"checksum": "a1b2385096229bc513afc9af77a36619d1af0f77",
"dest": "/tmp/passwd",
"gid": 0,
"group": "root",
"md5sum": "35430c216ac8c7834378501fdfc5e41f",
"mode": "0755",
"owner": "root",
"size": 1309,
"src": "/root/.ansible/tmp/ansible-tmp-1542965995.03-104940655542836/source",
"state": "file",
"uid": 0
}
而后在002(130)这台机器上查看文件;
[root@localhost_002 ~]# ls /tmp/passwd /tmp/passwd
注释:在拷贝文件时,当目标文件存在,则覆盖目标文件,至关于重名了,当目标文件不存在,则直接复制;
也能够自定义目标的文件名;
ansible localhost_002 -m copy -a "src=/etc/passwd dest=/tmp/1.txt owner=root group=root mode=755"
3:ansible远程执行脚本;
1:在001(129)上写一个脚本:内容以下;
[root@localhost_001 ~]# cat /tmp/1.sh #!/bin/bash echo `date` > /tmp/ansible_test.txt
2:把脚本拷贝到三个机器,而后再执行; -m copy -a " "
[root@localhost_001 ~]# ansible testhost -m copy -a "src=/tmp/1.sh dest=/tmp/test.sh owner=root group=root mode=777" [root@localhost_001 ~]# ansible localhost_03 -m copy -a "src=/tmp/1.sh dest=/tmp/test.sh owner=root group=root mode=777"
3:再三台机器上远程来执行: -m shell -a " "
[root@localhost_001 ~]# ansible testhost -m shell -a "/tmp/test.sh" localhost_002 | CHANGED | rc=0 >> 127.0.0.1 | CHANGED | rc=0 >> [root@localhost_001 ~]# ansible localhost_03 -m shell -a "/tmp/test.sh" localhost_03 | CHANGED | rc=0 >>
4:在另外两台机器来查看;
[root@localhost_002 ~]# ls /tmp/ansible_test.txt /tmp/ansible_test.txt [root@localhost_03 ~]# cat /tmp/ansible_test.txt 2018年 11月 23日 星期五 17:53:44 CST
注释:在使用 command 模块时,不支持带管道的;会报以下错误;
[root@localhost_001 ~]# ansible testhost -m command -a "cat /etc/passwd|wc -l" 127.0.0.1 | FAILED | rc=1 >> cat:无效选项 -- l Try 'cat --help' for more information.non-zero return code
而在使用shell模式,支持能够带管道符;以下:
[root@localhost_001 ~]# ansible testhost -m shell -a "cat /etc/passwd|wc -l" 127.0.0.1 | CHANGED | rc=0 >> 28 localhost_002 | CHANGED | rc=0 >> 22
4:ansible管理任务计划: 用到 cron 模块;
ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/123.txt' weekday=6"
[root@localhost_001 ~]# ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/123.txt' weekday=6"
localhost_002 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
127.0.0.1 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/123.txt' weekday=6"
注释:脚本最后写 分钟minute 时 hour 日 day 月 mouth 周 weekday 不定义则模式是 *
登陆002(130)机器查看; 会注释表示是ansible ,也就是以前定义的名字;
[root@localhost_002 ~]# crontab -l #Ansible: test cron 10 * * * * /bin/touch /tmp/123.txt
删除cron; "name='test cron' state=sbsent"
[root@localhost_001 ~]# ansible testhost -m cron -a "name='test cron' state=absent"
127.0.0.1 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
localhost_002 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
这样就能够删除了;注意:注释的哪一行不能删除,否则会没法操做了;
4:再添加一个cron:星期六十点二十建立/tmp/123.txt脚本;
[root@localhost_001 ~]# ansible webserver -m cron -a "name='test cron' job='/bin/touch /tmp/123.txt' minute=20 hour=10 weekday=6"
localhost_03 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
5:在03(131)上查看; crontab -l
[root@localhost_03 ~]# crontab -l #Ansible: test cron 20 10 * * 6 /bin/touch /tmp/123.txt
注释:之后在生成环境中用到cron,不要手动去更改,否则就没法操做了;
6:ansilbe安装包及管理服务; 用到了 yum 模块 server 模块
ansible webserver -m yum "name=httpd" #安装httpd服务;
[root@localhost_001 ~]# ansible webserver -m yum -a "name=httpd" [root@localhost_03 ~]# rpm -qa |grep httpd httpd-tools-2.4.6-80.el7.centos.1.x86_64 httpd-2.4.6-80.el7.centos.1.x86_64
2:卸载一个包;
ansible weserver -m yum “name=httpd state=removed”
[root@localhost_001 ~]# ansible webserver -m yum -a "name=httpd state=removed" [root@localhost_03 ~]# rpm -qa |grep httpd
3:启动httpd服务,须要用到 server 模块;
[root@localhost_001 ~]# ansible webserver -m service -a "name=httpd state=started enabled=yes" [root@localhost_03 ~]# ps aux |grep httpd #查看03(131)的httpd进程; root 16307 0.1 0.5 226220 5144 ? Ss 18:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 16308 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 16309 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 16310 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 16311 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND apache 16312 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND root 16322 0.0 0.0 444 4 pts/1 R+ 18:36 0:00 grep --color=auto httpd
注释:列出全部模块: ansible-doc -l
[root@localhost_001 ~]# ansible-doc -l copy Copies files to remote locations yum Manages packages with the `yum' package manager
针对某个模块查询: ansible-doc -l cron
若是管理100多台机器,须要一台一台的把公钥放到远端的机器上,以下两个方法:
可使用expect脚本批量传送;
也可使用ansible authorized_keys;
- 1. 自动化运维(一)——Saltstack
- 2. 自动化运维之Saltstack
- 3. saltstack 自动化运维
- 4. 自动化运维—saltstack
- 5. 【0723】自动化运维——saltstack
- 6. 自动化运维之saltstack
- 7. Saltstack自动化运维
- 8. Saltstack 自动化运维
- 9. ansible自动化运维
- 10. 【0725】自动化运维——ansible
- 更多相关文章...
- • Maven 自动化部署 - Maven教程
- • Spring自动装配Bean - Spring教程
- • SpringBoot中properties文件不能自动提示解决方法
- • IntelliJ IDEA中SpringBoot properties文件不能自动提示问题解决
-
每一个你不满意的现在,都有一个你没有努力的曾经。