开源Devops工具-Ansible
Ansible简介
Ansible是基于Python开发的自动化运维工具,架构相对比较简单,仅需通过SSH连接客户机执行任务即可。集合了众多运维工具(puppet、chef、func)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
Ansible安装
1.安装EPEL扩展源:
sudo yum install -y epel-release
2.安装Ansible:
sudo yum install -y ansible
3.验证安装:
ansible --version
Ansible配置示例
1.修改Ansible配置文件:Ansible的默认配置文件位于/etc/ansible/ansible.cfg。我们可以根据需要进行修改,例如设置主机清单文件路径:
[defaults]
inventory = /etc/ansible/hosts
2.被控服务器(客户机)设置:
在Ansible主机上生成SSH密钥对
ssh-keygen
将公钥复制到客户机
#test为被控主机上的用户名
ssh-copy-id test@192.168.1.100
ssh-copy-id test@192.168.1.101ssh-copy-id test@172.30.52.194
验证 SSH 连接
ssh test@192.168.1.100
ssh test@192.168.1.101ssh test@172.30.52.194
3.配置主机清单: 编辑步骤1中指定的/etc/ansible/hosts文件,添加需要管理的主机
[webservers]
192.168.1.100 ansible_user=test
192.168.1.101 ansible_user=test[demo]
172.30.52.194
4.测试Ansible连接
ansible demo -m ping
172.30.52.194 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
Ansible常用模块
首先使用ansible-doc -l命令可以查看所有可用模块,并使用ansible-doc <module_name> 查看特定模块的详细文档。然后我看下常用的一些模块:
1.Ping模块
用于测试连接,如上所示
#ansible demo -m ping
2.Command模块
用于在远程主机上执行命令,不会通过shell进行处理,比如$HOME和操作如"<",">","|",";","&"等(需要用shell模块实现)
# ansible demo -m command -a "uptime"
172.30.52.194 | CHANGED | rc=0 >>
18:28:28 up 17 days, 3:19, 2 users, load average: 0.00, 0.01, 0.05
3.Shell模块
用于在远程主机上执行Shell命令
# ansible demo -m shell -a "echo hello"
172.30.52.194 | CHANGED | rc=0 >>
hello
4.Copy模块
用于复制文件到远程主机
#echo heloo >demo.txt
# ansible demo -m copy -a "src=/root/demo.txt dest=/home/test/demo.txt"
172.30.52.194 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "5f304b1e7476c3ce2861001dfbb529aa90dce3c5",
"dest": "/home/test/demo.txt",
"gid": 0,
"group": "root",
"md5sum": "0b2078e6b45544d1938f63e9404c9d4a",
"mode": "0644",
"owner": "root",
"size": 6,
"src": "/root/.ansible/tmp/ansible-tmp-1725878802.63-19129-236554822146927/source",
"state": "file",
"uid": 0
}
检查文件是否存在远程主机:
# ansible demo -m shell -a "cat /home/test/demo.txt"
172.30.52.194 | CHANGED | rc=0 >>
heloo
5.Yum模块
用于管理软件包(适用于基于 RPM 的系统)
# ansible demo -m yum -a "name=httpd state=present"
172.30.52.194 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"changes": {
"installed": [
"httpd"
]
},
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached
......省略
检查结果
# ansible demo -m shell -a "rpm -qa | grep httpd"
172.30.52.194 | CHANGED | rc=0 >>
httpd-tools-2.4.6-99.el7.centos.1.x86_64
httpd-2.4.6-99.el7.centos.1.x86_64
6.Service模块
用于管理服务
# ansible demo -m service -a "name=httpd state=started"
172.30.52.194 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimes
......省略
检查是否启动
# ansible demo -m shell -a "systemctl status httpd"
172.30.52.194 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since 一 2024-09-09 18:58:46 CST; 56s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 20722 (httpd)
7.User模块
用于管理用户账户
# ansible demo -m user -a "name=johndoe state=present"
172.30.52.194 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1001,
"home": "/home/johndoe",
"name": "johndoe",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1001
}
检查用户创建情况
# ansible demo -m shell -a "ls /home/ | grep johndoe "
172.30.52.194 | CHANGED | rc=0 >>
johndoe
8.File模块
用于管理文件和目录属性
# ansible demo -m file -a "path=/home/test/demo2.txt state=touch"
172.30.52.194 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/home/test/demo2.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
9.Cron模块
用于管理操作系统计划任务
# ansible demo -m cron -a "name='backup' minute='0' hour='2' job='/usr/local/bin/backup.sh'"
172.30.52.194 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"backup"
]
}
检查任务是否创建
# ansible demo -m shell -a "crontab -l "
172.30.52.194 | CHANGED | rc=0 >>
#Ansible: backup
0 2 * * * /usr/local/bin/backup.sh
10.Setup模块
用于收集远程主机的系统信息
# ansible demo -m setup -a 'filter="*mem*"'
172.30.52.194 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 324,
"ansible_memory_mb": {
"nocache": {
"free": 1423,
"used": 333
},
"real": {
"free": 324,
"total": 1756,
"used": 1432
},
"swap": {
"cached": 0,
"free": 0,
"total": 0,
"used": 0
}
},
"ansible_memtotal_mb": 1756,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
Ansible命令执行过程
1.加载工具本身的配置文件,默认/etc/ansible/ansible.cfg;
2.找配置文件里设置的主机配置文件,如/etc/ansible/hosts,找到要执行的主机或者组;
3.加载对应的模块文件,如command;
4.通过ansible将模块命令生成对应的临时py文件(python脚本),并将该文件传输至客户机;
5.对应执行客户机的用户家目录下的.ansible/tmp/xxx/xxx.py文件;
6.给文件+x执行权限;
7.执行并返回结果;
8.删除临时py文件,sleep 0退出;
Ansible Playbook
Ansible Playbook是一种用于自动化配置管理和多机器部署的工具。它使用YAML语言编写,能够定义一系列任务(tasks),并在多个主机上有序执行这些任务。主要作用如下:
配置管理:自动化配置服务器和应用程序,确保一致性。
应用部署:在多个服务器上部署应用程序,简化复杂的部署流程。
任务编排:定义和执行一系列有序的任务,支持同步和异步执行。
状态验证:确保服务器和应用程序处于预期的状态。
以下是Ansible Playbook的主要作用及一个简单示例,用于在一组名为demo的主机上安装和配置 Apache HTTP服务器(注意格式,每个Playbook的顶层必须以"---"开始;列表中的成员以"-"开头,后面要带个空格;对齐;在运行前,最好先检查一次,以保证所有的命令都能运行):
---
- hosts: demo
vars:
http_port: 80
max_clients: 200
tasks:
- name: Ensure Apache is installed
yum:
name: httpd
state: latest
- name: Write the Apache config file
template:
src: /srv/httpd.j2
dest: /etc/httpd.conf
notify:
- Restart Apache
- name: Ensure Apache is running
service:
name: httpd
state: started
handlers:
- name: Restart Apache
service:
name: httpd
state: restarted
/srv/httpd.j2的内容如下,注意变量的书写格式:
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.ServerRoot "/etc/httpd"
Listen {{ http_port }}# LoadModule directives
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule dir_module modules/mod_dir.so
LoadModule log_config_module modules/mod_log_config.so# User/Group
User apache
Group apache# ServerAdmin: Your address, where problems with the server should be e-mailed.
ServerAdmin you@example.com# ServerName gives the name and port that the server uses to identify itself.
ServerName www.example.com:{{ http_port }}# DocumentRoot: The directory out of which you will serve your documents.
DocumentRoot "/var/www/html"<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory># MaxClients: The maximum number of child processes that will be created to serve requests.
MaxClients {{ max_clients }}# ErrorLog: The location of the error log file.
ErrorLog "logs/error_log"# CustomLog: The location of the access log file.
CustomLog "logs/access_log" combined
以上示例的说明:
- hosts: 指定目标主机组。
- vars: 定义变量,如 HTTP 端口和最大客户端数。
- tasks: 定义任务列表,包括安装 Apache、配置文件和启动服务。
- handlers: 定义在特定条件下触发的操作,如重新启动 Apache。
检查及执行:
# ansible-playbook demo-playbook.yml --check
PLAY [demo] ***********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [172.30.52.194]
TASK [Ensure Apache is installed] *************************************************************************************
changed: [172.30.52.194]
TASK [Write the Apache config file] ***********************************************************************************
changed: [172.30.52.194]
TASK [Ensure Apache is running] ***************************************************************************************
changed: [172.30.52.194]
RUNNING HANDLER [Restart Apache] **************************************************************************************
changed: [172.30.52.194]
PLAY RECAP ************************************************************************************************************
172.30.52.194 : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
# ansible-playbook demo-playbook.yml
PLAY [demo] ***********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [172.30.52.194]
TASK [Ensure Apache is installed] *************************************************************************************
changed: [172.30.52.194]
TASK [Write the Apache config file] ***********************************************************************************
changed: [172.30.52.194]
TASK [Ensure Apache is running] ***************************************************************************************
changed: [172.30.52.194]
RUNNING HANDLER [Restart Apache] **************************************************************************************
changed: [172.30.52.194]
PLAY RECAP ************************************************************************************************************
172.30.52.194 : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
我们检查一下配置结果如何
# ansible demo -m shell -a "systemctl status httpd; cat /etc/httpd.conf | grep -e 80 -e 200"
172.30.52.194 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since 一 2024-09-09 19:30:27 CST; 6min ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 22829 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 22834 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
Tasks: 6
CGroup: /system.slice/httpd.service
├─22834 /usr/sbin/httpd -DFOREGROUND
├─22835 /usr/sbin/httpd -DFOREGROUND
├─22836 /usr/sbin/httpd -DFOREGROUND
├─22837 /usr/sbin/httpd -DFOREGROUND
├─22838 /usr/sbin/httpd -DFOREGROUND
└─22839 /usr/sbin/httpd -DFOREGROUND
9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ systemd[1]: Stopped The Apache HTTP Server.
9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ systemd[1]: Starting The Apache HTTP Server...
9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ httpd[22834]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.30.52.194. Set the 'ServerName' directive globally to suppress this message
9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ systemd[1]: Started The Apache HTTP Server.
Listen 80
ServerName www.example.com:80
MaxClients 200
Ansible Role
Ansible Role角色是一种强大的组织和重用Ansible代码的方式。它们允许我们将相关的任务、变量、文件、模板和处理程序分组到一个单元中。在部署任务很多的情况下,增加了复用性。以下是如何创建和使用角色的简要概述:
目录结构
我们可以通过如下命令初始化一个目录结构:
ansible-galaxy role init my_role
一个典型角色目录结构示例:
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
目录功能说明
- defaults/: 存放默认变量,优先级最低。
- files/: 存放静态文件,可以被
copy
或script
模块调用。 - handlers/: 存放处理程序,通常用于服务的重启等操作。
- meta/: 存放角色的元数据,如依赖关系等。
- tasks/: 存放任务列表,
main.yml
是入口文件。 - templates/: 存放 Jinja2 模板文件,可以动态生成配置文件。
- vars/: 存放变量,优先级高于
defaults
。
示例内容
1.defaults/main.yml
---
# 默认变量
http_port: 80
max_clients: 200
2.vars/main.yml
---
# 覆盖默认变量
http_port: 8080
max_clients: 300
3.files/example.conf
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
4.handlers/main.yml
---
- name: restart httpd
service:
name: httpd
state: restarted
5.meta/main.yml
---
dependencies:
- role: another_role
6.templates/example.j2
# 模板文件内容
Listen {{ http_port }}
MaxClients {{ max_clients }}
7.tasks/main.yml
---
- name: install httpd
yum:
name: httpd
state: present
- name: copy config files
copy:
src: example.conf
dest: /etc/httpd/conf/httpd.conf
- name: deploy template files
template:
src: example.j2
dest: /etc/httpd/conf.d/example.conf
- name: start httpd service
service:
name: httpd
state: started
enabled: yes
notify:
- restart httpd
8.执行文件demo.yml
- hosts: demo
roles:
- my_role
9.运行
#ansible-playbook demo.yml --check
# ansible-playbook demo.yml
PLAY [demo] ***********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [172.30.52.194]
TASK [my_role : install httpd] ****************************************************************************************
ok: [172.30.52.194]
TASK [my_role : copy config files] ************************************************************************************
ok: [172.30.52.194]
TASK [my_role : deploy template files] ********************************************************************************
ok: [172.30.52.194]
TASK [my_role : start httpd service] **********************************************************************************
changed: [172.30.52.194]
RUNNING HANDLER [my_role : restart httpd] *****************************************************************************
changed: [172.30.52.194]
PLAY RECAP ************************************************************************************************************
172.30.52.194 : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Ansible常见配置参数
Ansible 的主要配置参数可以通过 ansible.cfg 文件进行设置。以下是一些常用的配置参数:inventory:定义 inventory 文件的路径,包含 Ansible 需要管理的目标主机列表。
library:定义自定义模块的存放目录。
remote_user:定义在目标主机上执行命令时使用的远程用户。
forks:指定同时操作的目标主机数,有助于优化在多个主机上执行任务时的性能。
timeout:设置 SSH 连接的超时时间,对于较慢的网络或执行复杂任务时可以适当调整。
log_path:指定 Ansible 操作的日志文件路径和文件名。
host_key_checking:控制 Ansible 是否应检查 SSH 的 host key。
become_user:定义在目标主机上执行命令时使用的 sudo 用户。