ansible基礎
- 安裝
# 查看ansible有哪些可用版本
[root@localhost day03] pip3 install ansible==
# 在線安裝2.7.2
[root@localhost day03] pip3 install ansible==2.7.2
- 環境配置
[root@localhost day03] mkdir myansible
[root@localhost day03] cd myansible/
[root@localhost myansible] vim ansible.cfg
[defaults]
inventory = hosts
remote_user = root
[root@localhost myansible] vim hosts
[dbservers]
db1
[webservers]
web1
[root@localhost myansible] vim /etc/hosts
192.168.113.131 db1
192.168.113.133 web1
[root@localhost myansible] ping db1
[root@localhost myansible] ping web1
# 配置免密登陸到各臺主機
[root@localhost myansible] ssh-keygen
[root@localhost myansible] ssh-copy-id [email protected]
[root@localhost myansible] ssh-copy-id [email protected]
- 遠程管理方法一:adhoc臨時命令
# 語法
ansible 主機清單 -m 模塊 -a "參數"
[root@localhost myansible] ansible all -m ping
[root@localhost myansible] ansible all -m shell -a "id root"
- 遠程管理方法二:playbook
# 爲了書寫yaml的方便,先修改vim的配置
[root@localhost myansible] vim ~/.vimrc
autocmd FileType yaml setlocal ai et sw=2 ts=2
[root@localhost myansible] vim lamp.yml
---
- name: configure dbservers
hosts: dbservers
tasks:
- name: install mariadb-server
yum:
name: mariadb-server
state: present
- name: configure mariadb
service:
name: mariadb
state: started
enabled: yes
- name: configure webservers
hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd, php, php-mysql
state: present
- name: configure httpd
service:
name: httpd
state: started
enabled: yes
# 語法檢查
[root@localhost myansible] ansible-playbook --syntax-check lamp.yml
# 執行playbook
[root@localhost myansible] ansible-playbook lamp.yml
ansible編程之adhoc
- 命名的元組
- 仍然是元組,擁有元組的特性
- 爲元組的每個下標命名,可以通過下標的名字打到值
>>> import collections
>>> Point = collections.namedtuple('Point', ('x', 'y', 'z'))
>>> a = Point(10, 15, 8)
>>> type(a)
<class '__main__.Point'>
>>> a[0]
10
>>> len(a)
3
>>> a[1:]
(15, 8)
>>> a.x
10
>>> a.y
15
>>> a.z
8
- 如果ssh遠程到目標主機時,使用的是普通用戶,需要提權才能執行管理命令,例:
[root@localhost myansible] vim ansible.cfg
[defaults]
inventory = hosts
remote_user = tom
[privilege_escalation]
become = yes
become_method = sudo
become_user = root
# 每臺目標主機需要配置sudo
[root@localhost myansible] visudo
tom ALL=(ALL) NOPASSWD: ALL
- 手工將yaml文件轉成python數據類型
[root@localhost myansible]# vim lamp.yml
---
- name: configure dbservers
hosts: dbservers
tasks:
- name: install mariadb-server
yum:
name: mariadb-server
state: present
- name: configure mariadb
service:
name: mariadb
state: started
enabled: yes
- name: configure webservers
hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd, php, php-mysql
state: present
- name: configure httpd
service:
name: httpd
state: started
enabled: yes
轉成python的數據類型:
[
{
'name': 'configure dbservers',
'hosts': 'dbservers',
'tasks': [
{
'name': 'install mariadb-server',
'yum': {
'name': 'mariadb-server',
'state': 'present'
}
},
{
'name': 'configure mariadb',
'service': {
'name': 'mariadb',
'state': 'started',
'enabled': 'yes'
}
}
]
},
{
'name': 'configure webservers',
'hosts': 'webservers',
'tasks': [
{
'name': 'install httpd',
'yum': {
'name': ['httpd', 'php', 'php-mysql'],
'state': 'present'
}
},
{
'name': 'configure httpd',
'service': {
'name': 'httpd',
'state': 'started',
'enabled': 'yes'
}
}
]
}
]
- ansible加解密
# 加密文件
[root@localhost myansible] cp /etc/passwd /tmp/mima
[root@localhost myansible] cat /tmp/mima
[root@localhost myansible] ansible-vault encrypt /tmp/mima
New Vault password:
Confirm New Vault password:
Encryption successful
[root@localhost myansible] cat /tmp/mima
# 解密文件
[root@localhost myansible] ansible-vault decrypt /tmp/mima
Vault password:
Decryption successful
[root@localhost myansible]4 cat /tmp/mima
編寫ansible模塊
- 聲明自定義模塊路徑
export ANSIBLE_LIBRARY=/opt/mylibs
- 編寫用於在遠程主機拷貝文件的模塊
[root@localhost myansible] vim /opt/mylibs/rcopy.py
import shutil
from ansible.module_utils.basic import AnsibleModule
def main():
module = AnsibleModule(
argument_spec=dict(
yuan=dict(required=True, type='str'),
mubiao=dict(required=True, type='str')
)
)
shutil.copy(module.params['yuan'], module.params['mubiao'])
module.exit_json(changed=True)
if __name__ == '__main__':
main()
- 編寫一個用於實現下載的模塊
import wget
from ansible.module_utils.basic import AnsibleModule
def main():
module = AnsibleModule(
argument_spec=dict(
url=dict(required=True, type='str'),
dest=dict(required=True, type='str')
)
)
wget.download(module.params['url'], module.params['dest'])
module.exit_json(changed=True)
if __name__ == '__main__':
main()
[root@localhost myansible] ansible web1.tedu.cn -m rcopy -a "url=http://bj.people.com.cn/NMediaFile/2020/0325/LOCAL202003251946000143788826678.jpg dest=/tmp/yulan.jpg"
- 在目標主機上安裝缺失模塊
[root@localhost ~] wget https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f/pip-20.0.2.tar.gz
[root@localhost ~] tar xf pip-20.0.2.tar.gz
[root@localhost ~] cd pip-20.0.2/
[root@localhost pip-20.0.2] python setup.py install
[root@localhost pip-20.0.2] pip install wget
# 重新運行ansible命令,下載文件
通過ansible-cmdb生成web頁
# 收集遠程主機信息
[root@localhost myansible] ansible all -m setup --tree /tmp/nsd1910
# 安裝ansible-cmdb
[root@localhost myansible] pip3 install ansible-cmdb
# 生成web頁面
[root@localhost myansible] which ansible-cmdb
/usr/local/bin/ansible-cmdb
[root@localhost myansible] vim /usr/local/bin/ansible-cmdb
修改第8行爲以下格式:
PY_BIN=$(which python3)
[root@localhost myansible] ansible-cmdb /tmp/nsd1910/ > /tmp/hosts.html
[root@localhost myansible] firefox /tmp/hosts.html