背景:
传统的运维基本工作:
以上是一位运维工程师要做的一些工作,当我们的主机数量非常少时,我们可以手动登陆机器,手动敲命令来完成工作,但是当我们的主机数量有几百台、上千台之后我们再去每一台去处理就显得不现实了,所以这时我们需要学习ansible或者saltstack等来完成我们日常的工作
ansible是一个批量部署的自动化工具,通过ssh协议实现远程节点和管理节点之间的通信,理论上说,只要能通过ssh登陆到远程主机上所做的操作,ansible都可以做到。
好处:
1 2 | yum -y install epel-release yum -y install ansible |
---|
1 | ssh-keygen |
---|
1 | ssh-copy-id -i ~/.ssh/id_rsa.pub -p 9777 "ansible@192.168.111.27" |
---|
1 2 3 4 | vim /etc/ansible/hosts 添加内容 [test] 192.168.111.27 ansible_ssh_user=ansible ansible_ssh_port=9777 |
---|
1 2 3 4 5 6 7 8 | #ansible test -m command -a "w" 192.168.111.27 | SUCCESS | rc=0 >> 17:17:49 up 117 days, 1:47, 3 users, load average: 0.00, 0.01, 0.22 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 242月18 104days 0.55s 0.55s -bash xs pts/0 192.168.30.201 09:59 21:41 2.31s 0.08s sshd: xs [priv] ansible pts/1 192.168.111.28 17:17 1.00s 0.23s 0.01s w |
---|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | 用来介绍模块的使用方法: # ansible-doc -s yum - name: Manages packages with the `yum' package manager yum: allow_downgrade: # Specify if the named package and version is allowed to downgrade a maybe already installed higher version of that package. Note that setting allow_downgrade=True can make this module behave in a non-idempotent way. The task could end up with a set of packages that does not match the complete list of specified packages to install (because dependencies between the downgraded package and others can cause changes to the packages which were in the earlier transaction). conf_file: # The remote yum configuration file to use for the transaction. disable_gpg_check: # Whether to disable the GPG checking of signatures of packages being installed. Has an effect only if state is `present' or `latest'. disable_plugin: # `Plugin' name to disable for the install/update operation. The disabled plugins will not persist beyond the transaction. disablerepo: # `Repoid' of repositories to disable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a ",". enable_plugin: # `Plugin' name to enable for the install/update operation. The enabled plugin will not persist beyond the transaction. enablerepo: # `Repoid' of repositories to enable for the install/update operation. These repos will not persist beyond the transaction. When specifying multiple repos, separate them with a ",". exclude: # Package name(s) to exclude when state=present, or latest installroot: # Specifies an alternative installroot, relative to which all packages will be installed. list: # Package name to run the equivalent of yum list <package> against. In addition to listing packages, use can also list the following: `installed', `updates', `available' and `repos'. name: # (required) A package name , or package specifier with version, like `name-1.0'. If a previous version is specified, the task also needs to turn `allow_downgrade' on. See the `allow_downgrade' documentation for caveats with downgrading packages. When using state=latest, this can be '*' which means run `yum -y update'. You can also pass a url or a local path to a rpm file (using state=present). To operate on several packages this can accept a comma separated list of packages or (as of 2.0) a list of packages. |
---|
1 | ansible test-server -m user -a 'name=ansible state={present|absent} system=yes' |
---|
1 | ansible test-server -m group -a 'name=ansible gid=10001 state={present|absent} system=yes' |
---|
1 2 | ansible test-server -m cron -a 'name="this is a test" minute="*/10" job="/sbin/ntpdate 192.168.111.28 &>/dev/null" state={prement|absent} user=root' |
---|
1 | ansible test-server -m copy -a 'src=/etc/fstab dst=/tmp/fstab.bak mode=600 owner=ansible' |
---|
1 | ansible test-server -m service -a 'name=nginx state={started|stopped|restarted enabled={yes|no}' |
---|
1 | ansible test-server -m yum -a 'name=nginx state={present|latest|absent' |
---|
1 2 3 | ansible test-server -m file -a 'path=/tmp/testdir state=directory' 创建目录 -a 'path=/tmp/test.sh state=link src=/usr/local/bin/test force=yes' 创建软链接,force是说如果没有文件,会强制创建 -a 'path= mode= owner= group= state={directory|link|present|absent} src=' |
---|
1 2 | shell模块会指定一个模块会运行命令,而不会在当前shell中运行 ansible all -m shell -a 'echo 123456 | passwd ansible --stdin' |
---|
1 2 | script模块会把本地的一个脚本在远程服务器上执行,这个模块会先把脚本发送到目标机器上,执行完之后脚本在目标机器就会被删除 ansible all -m script -a '/devilf/script/test.sh' |
---|
1 | ansible all -m setup |
---|