前言
一个由 Python 编写的强大的配置管理解决方案。尽管市面上已经有很多可供选择的配置管理解决方案,但他们各有优劣,而 ansible 的特点就在于它的简洁。让 ansible 在主流的配置管理系统中与众不同的一点便是,它并不需要你在想要配置的每个节点上安装自己的组件。同时提供的一个优点在于,如果需要的话,你可以在不止一个地方控制你的整个基础架构。最后一点是它的正确性,或许这里有些争议,但是我认为在大多数时候这仍然可以作为它的一个优点。说得足够多了,让我们来着手在 RHEL/CentOS 和基于 Debian/Ubuntu 的系统中安装和配置 Ansible。
一、基础介绍
1、简介
ansible是新出现的自动化运维工具,基于Python开发,集合了从多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正有批量部署的是ansible锁运行的模块ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
2、总体架构
3、特性
(1)、no agents:不需要在被管控主机上安装任何客户端;
(2)、no server:无服务器端,使用时直接运行命令即可;
(3)、modules in any languages:基于模块工作,可使用任何语言开发模块;
(4)、yam1,not code:使用yam1语言定制剧本playbook;
(5)、ssh by default:基于SSH工作;
(6)、strong multi-tier solution:可实现多级指挥。
4、优点
(1)、轻量级,无需在客户端安装agent,更新时,只需要在操作机上进行一次更新即可;
(2)、批量任务执行可以写成脚本,而且不用分发到远程就可以执行;
(3)、使用python编写,维护更简单,ruby语法过于复杂;
(4)、支持sudo。
5、任务执行流程
安装环境
Wulaoer 10.211.55.22 服务端 Server03 10.211.55.21 客户端
源码安装
1、Ansible基础安装
(1)、python2.7安装
[root@Wulaoer ~]# wget https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgz [root@Wulaoer ~]# tar -zxf Python-2.7.8.tgz [root@Wulaoer ~]# cd Python-2.7.8 [root@Wulaoer Python-2.7.8]# ./configure --prefix=/usr/local/ [root@Wulaoer Python-2.7.8]# make [root@Wulaoer Python-2.7.8]# make install
注:将python头文件拷贝到标准目录,以避免编译ansible时,找不到所需的头文件
[root@Wulaoer Python-2.7.8]# cd /usr/local/include/python2.7/ [root@Wulaoer python2.7]# cp -a ./* /usr/local/include/
注:备份旧版的python,并符号链接新版的python
[root@Wulaoer python2.7]# cd /usr/bin/ [root@Wulaoer bin]# mv python python2.6 mv:是否覆盖"python2.6"? y [root@Wulaoer bin]# ln -s /usr/local/bin/python
注:修改yum脚本,使其指向旧版本的python,已避免其无法运行
[root@Wulaoer bin]# vi /usr/bin/yum #!/usr/bin/python --> #!/usr/bin/python2.6
(2)、setuptools模块安装
[root@Wulaoer ~]# wget https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gz --no-check-certificate [root@Wulaoer ~]# tar -zxf setuptools-7.0.tar.gz [root@Wulaoer ~]# cd setuptools-7.0 [root@Wulaoer setuptools-7.0]# python setup.py install
(3)、pycrypto模块安装
[root@Wulaoer ~]# wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz --no-check-certificate [root@Wulaoer ~]# tar -zxf pycrypto-2.6.1.tar.gz [root@Wulaoer ~]# cd pycrypto-2.6.1 [root@Wulaoer pycrypto-2.6.1]# python setup.py install
(4)、PyYAML模块安装
[root@Wulaoer ~]# wget http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gz [root@Wulaoer ~]# tar -zxf yaml-0.1.5.tar.gz [root@Wulaoer ~]# cd yaml-0.1.5 [root@Wulaoer yaml-0.1.5]# ./configure --prefix=/usr/local/ [root@Wulaoer yaml-0.1.5]# make [root@Wulaoer yaml-0.1.5]# make install [root@Wulaoer ~]# wget https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.11.tar.gz --no-check-certificate [root@Wulaoer ~]# tar -zxf PyYAML-3.11.tar.gz [root@Wulaoer ~]# cd PyYAML-3.11 [root@Wulaoer PyYAML-3.11]# python setup.py install
(5)、Jinja2模块安装
[root@Wulaoer ~]# wget https://pypi.python.org/packages/source/M/MarkupSafe/MarkupSafe-0.9.3.tar.gz --no-check-certificate [root@Wulaoer ~]# tar -zxf MarkupSafe-0.9.3.tar.gz [root@Wulaoer ~]# cd MarkupSafe-0.9.3 [root@Wulaoer MarkupSafe-0.9.3]# python setup.py install [root@Wulaoer ~]# wget https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.7.3.tar.gz --no-check-certificate [root@Wulaoer ~]# tar -zxf Jinja2-2.7.3.tar.gz [root@Wulaoer ~]# cd Jinja2-2.7.3 [root@Wulaoer Jinja2-2.7.3]# python setup.py install
(6)、paramiko模块安装
[root@Wulaoer ~]# wget https://pypi.python.org/packages/source/e/ecdsa/ecdsa-0.11.tar.gz --no-check-certificate [root@Wulaoer ~]# tar -zxf ecdsa-0.11.tar.gz [root@Wulaoer ~]# cd ecdsa-0.11 [root@Wulaoer ecdsa-0.11]# python setup.py install [root@Wulaoer ~]# wget https://pypi.python.org/packages/source/p/paramiko/paramiko-1.15.1.tar.gz --no-check-certificate [root@Wulaoer ~]# tar -zxf paramiko-1.15.1.tar.gz [root@Wulaoer ~]# cd paramiko-1.15.1 [root@Wulaoer paramiko-1.15.1]# python setup.py install
(7)、simplejson模块安装
[root@Wulaoer ~]# wget https://pypi.python.org/packages/source/s/simplejson/simplejson-3.6.5.tar.gz --no-check-certificate [root@Wulaoer ~]# tar -zxf simplejson-3.6.5.tar.gz [root@Wulaoer ~]# cd simplejson-3.6.5 [root@Wulaoer simplejson-3.6.5]# python setup.py install
(8)、ansible安装
[root@Wulaoer ~]# wget https://codeload.github.com/ansible/ansible/tar.gz/v1.7.2 [root@Wulaoer ~]# tar -zxf ansible-1.7.2.tar.gz [root@Wulaoer ~]# cd ansible-1.7.2 [root@Wulaoer ansible-1.7.2]# python setup.py install
2、Ansible配置
(1)、SSH免密钥登录设置
生成公钥私钥
[root@Wulaoer ~]# ssh-keygen -t rsa -P '' Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa_storml 注:写入新人文件(将 /root/.ssh/id_rsa_storml.pub分发到其他服务器,并在所有服务器上执行如下指令)
yum安装
先安装一下依赖包,然后安装absible
yum install -y epel-release yum install -y ansible
查看一下absible的版本
[root@Wulaoer~]# ansible --version ansible 2.8.2 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Jun 20 2019, 20:27:34) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
以上是安装方法,下面对ansible做配置,实现批量操作
先在服务端创建SSH公钥认证
[root@Wulaoer ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 49:dc:b3:5b:34:08:1f:a1:3b:ba:99:ac:b3:8b:f7:70 root@Server04 The key's randomart image is: +--[ RSA 2048]----+ | . o. | | . = o | | + = o | | . o + . | | S . . | | . . o | | . E . | | .o+ + | | ..+** | +-----------------+
把ansible的公钥推送到客户端上
[root@Wulaoer ~]# ssh-copy-id -i root@10.211.55.21 The authenticity of host '10.211.55.21 (10.211.55.21)' can't be established. ECDSA key fingerprint is c1:65:c2:76:7f:72:7b:e9:3c:88:9e:8f:a8:1b:5a:57. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.211.55.21's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@10.211.55.21'" and check to make sure that only the key(s) you wanted were added.
验证公钥
[root@Wulaoer ~]# ssh root@10.211.55.21 Last login: Tue Jul 30 16:31:54 2019 from 10.211.55.2 [root@Server03 ~]# ls anaconda-ks.cfg apache-maven-3.1.1-bin.tar.gz bach.sh opdoctime3717.tmplog
配置ansible,增加可控制节点,多个节点可以添加多个
[root@Wulaoer ~]# vim /etc/ansible/hosts .............. [test] #节点名称 10.211.55.21 #节点ip
测试一下
[root@Wulaoer ~]# ansible -m ping test 10.211.55.21 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } #查看系统运行时间 [root@Wulaoer ~]# ansible -m command -a "uptime" 'test' 10.211.55.21 | CHANGED | rc=0 >> 16:38:43 up 6 days, 21:43, 2 users, load average: 0.00, 0.01, 0.05 #查看系统名称 [root@Wulaoer ~]# ansible -m command -a "uname -r" 'test' 10.211.55.21 | CHANGED | rc=0 >> 3.10.0-229.el7.x86_64 #查看ip [root@Wulaoer ~]# ansible -m command -a "ifconfig eth0" 'test' 10.211.55.21 | CHANGED | rc=0 >> eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.211.55.21 netmask 255.255.255.0 broadcast 10.211.55.255 inet6 fe80::21c:42ff:fe59:61e0 prefixlen 64 scopeid 0x20<link> inet6 fdb2:2c26:f4e4:0:21c:42ff:fe59:61e0 prefixlen 64 scopeid 0x0<global> ether 00:1c:42:59:61:e0 txqueuelen 1000 (Ethernet) RX packets 23152802 bytes 18204844463 (16.9 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16480206 bytes 8458148798 (7.8 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
常用监控命令
【监控磁盘空间】
#storm_cluster--》/etc/ansible/hosts 定义的主机分组; #int(\$5) 其中,$需要在执行时进行转义,否则报错,监控使用率超过30%的磁盘 ansible storm_cluster -m shell -a "df -hP|awk 'NR>1 && int(\$5) > 30'"
【监控进程运行状态】
ansible 192.168.52.101 -m shell -a 'ps auxf|grep snmp'
【检查服务运行状态】
ansible 192.168.52.101 -m service -a 'service httpd status'
您可以选择一种方式赞助本站
支付宝扫一扫赞助
微信钱包扫描赞助
赏