当前位置：首页 > news >正文

开源Devops工具-Ansible

news 来源：原创 2024/9/21 22:38:32

Ansible简介

Ansible是基于Python开发的自动化运维工具，架构相对比较简单，仅需通过SSH连接客户机执行任务即可。集合了众多运维工具（puppet、chef、func）的优点，实现了批量系统配置、批量程序部署、批量运行命令等功能。

Ansible安装

1.安装EPEL扩展源：

sudo yum install -y epel-release

2.安装Ansible：

sudo yum install -y ansible

3.验证安装：

ansible --version

Ansible配置示例

1.修改Ansible配置文件：Ansible的默认配置文件位于/etc/ansible/ansible.cfg。我们可以根据需要进行修改，例如设置主机清单文件路径：

[defaults]
inventory = /etc/ansible/hosts

2.被控服务器（客户机）设置：

在Ansible主机上生成SSH密钥对

ssh-keygen

将公钥复制到客户机

#test为被控主机上的用户名
ssh-copy-id test@192.168.1.100
ssh-copy-id test@192.168.1.101

ssh-copy-id test@172.30.52.194

验证 SSH 连接

ssh test@192.168.1.100
ssh test@192.168.1.101

ssh test@172.30.52.194

3.配置主机清单：编辑步骤1中指定的/etc/ansible/hosts文件，添加需要管理的主机

[webservers]
192.168.1.100 ansible_user=test
192.168.1.101 ansible_user=test

[demo]

172.30.52.194

4.测试Ansible连接

ansible demo -m ping

172.30.52.194 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

Ansible常用模块

首先使用ansible-doc -l命令可以查看所有可用模块，并使用ansible-doc <module_name> 查看特定模块的详细文档。然后我看下常用的一些模块：

1.Ping模块

用于测试连接，如上所示

#ansible demo -m ping

2.Command模块

用于在远程主机上执行命令，不会通过shell进行处理，比如$HOME和操作如"<"，">"，"|"，";"，"&"等（需要用shell模块实现）

# ansible demo -m command -a "uptime"

172.30.52.194 | CHANGED | rc=0 >>

18:28:28 up 17 days, 3:19, 2 users, load average: 0.00, 0.01, 0.05

3.Shell模块

用于在远程主机上执行Shell命令

# ansible demo -m shell -a "echo hello"

172.30.52.194 | CHANGED | rc=0 >>

hello

4.Copy模块

用于复制文件到远程主机

#echo heloo >demo.txt

# ansible demo -m copy -a "src=/root/demo.txt dest=/home/test/demo.txt"

172.30.52.194 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"checksum": "5f304b1e7476c3ce2861001dfbb529aa90dce3c5",

"dest": "/home/test/demo.txt",

"gid": 0,

"group": "root",

"md5sum": "0b2078e6b45544d1938f63e9404c9d4a",

"mode": "0644",

"owner": "root",

"size": 6,

"src": "/root/.ansible/tmp/ansible-tmp-1725878802.63-19129-236554822146927/source",

"state": "file",

"uid": 0

}

检查文件是否存在远程主机：

# ansible demo -m shell -a "cat /home/test/demo.txt"

172.30.52.194 | CHANGED | rc=0 >>

heloo

5.Yum模块

用于管理软件包（适用于基于 RPM 的系统）

# ansible demo -m yum -a "name=httpd state=present"

172.30.52.194 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"changes": {

"installed": [

"httpd"

]

},

"msg": "",

"rc": 0,

"results": [

"Loaded plugins: fastestmirror\nLoading mirror speeds from cached

......省略

检查结果

# ansible demo -m shell -a "rpm -qa | grep httpd"

172.30.52.194 | CHANGED | rc=0 >>

httpd-tools-2.4.6-99.el7.centos.1.x86_64

httpd-2.4.6-99.el7.centos.1.x86_64

6.Service模块

用于管理服务

# ansible demo -m service -a "name=httpd state=started"

172.30.52.194 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"name": "httpd",

"state": "started",

"status": {

"ActiveEnterTimes

......省略

检查是否启动

# ansible demo -m shell -a "systemctl status httpd"

172.30.52.194 | CHANGED | rc=0 >>

● httpd.service - The Apache HTTP Server

   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

   Active: active (running) since 一 2024-09-09 18:58:46 CST; 56s ago

   Docs: man:httpd(8)

   man:apachectl(8)

Main PID: 20722 (httpd)

7.User模块

用于管理用户账户

# ansible demo -m user -a "name=johndoe state=present"

172.30.52.194 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"comment": "",

"create_home": true,

"group": 1001,

"home": "/home/johndoe",

"name": "johndoe",

"shell": "/bin/bash",

"state": "present",

"system": false,

"uid": 1001

}

检查用户创建情况

# ansible demo -m shell -a "ls /home/ | grep johndoe "

172.30.52.194 | CHANGED | rc=0 >>

johndoe

8.File模块

用于管理文件和目录属性

# ansible demo -m file -a "path=/home/test/demo2.txt state=touch"

172.30.52.194 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"dest": "/home/test/demo2.txt",

"gid": 0,

"group": "root",

"mode": "0644",

"owner": "root",

"size": 0,

"state": "file",

"uid": 0

}

9.Cron模块

用于管理操作系统计划任务

# ansible demo -m cron -a "name='backup' minute='0' hour='2' job='/usr/local/bin/backup.sh'"

172.30.52.194 | CHANGED => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": true,

"envs": [],

"jobs": [

"backup"

]

}

检查任务是否创建

# ansible demo -m shell -a "crontab -l "

172.30.52.194 | CHANGED | rc=0 >>

#Ansible: backup

0 2 * * * /usr/local/bin/backup.sh

10.Setup模块

用于收集远程主机的系统信息

# ansible demo -m setup -a 'filter="*mem*"'

172.30.52.194 | SUCCESS => {

"ansible_facts": {

"ansible_memfree_mb": 324,

"ansible_memory_mb": {

"nocache": {

"free": 1423,

"used": 333

},

"real": {

"free": 324,

"total": 1756,

"used": 1432

},

"swap": {

"cached": 0,

"free": 0,

"total": 0,

"used": 0

}

},

"ansible_memtotal_mb": 1756,

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false

}

Ansible命令执行过程

1.加载工具本身的配置文件，默认/etc/ansible/ansible.cfg；
2.找配置文件里设置的主机配置文件，如/etc/ansible/hosts，找到要执行的主机或者组；
3.加载对应的模块文件，如command；
4.通过ansible将模块命令生成对应的临时py文件(python脚本)，并将该文件传输至客户机；
5.对应执行客户机的用户家目录下的.ansible/tmp/xxx/xxx.py文件；
6.给文件+x执行权限；
7.执行并返回结果；
8.删除临时py文件，sleep 0退出；

Ansible Playbook

Ansible Playbook是一种用于自动化配置管理和多机器部署的工具。它使用YAML语言编写，能够定义一系列任务（tasks），并在多个主机上有序执行这些任务。主要作用如下：
配置管理：自动化配置服务器和应用程序，确保一致性。
应用部署：在多个服务器上部署应用程序，简化复杂的部署流程。
任务编排：定义和执行一系列有序的任务，支持同步和异步执行。
状态验证：确保服务器和应用程序处于预期的状态。

以下是Ansible Playbook的主要作用及一个简单示例，用于在一组名为demo的主机上安装和配置 Apache HTTP服务器（注意格式，每个Playbook的顶层必须以"---"开始；列表中的成员以"-"开头，后面要带个空格；对齐；在运行前，最好先检查一次，以保证所有的命令都能运行）：

---
- hosts: demovars:http_port: 80max_clients: 200tasks:- name: Ensure Apache is installedyum:name: httpdstate: latest- name: Write the Apache config filetemplate:src: /srv/httpd.j2dest: /etc/httpd.confnotify:- Restart Apache- name: Ensure Apache is runningservice:name: httpdstate: startedhandlers:- name: Restart Apacheservice:name: httpdstate: restarted

/srv/httpd.j2的内容如下，注意变量的书写格式：

# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.

# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.

ServerRoot "/etc/httpd"
Listen {{ http_port }}

# LoadModule directives
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule dir_module modules/mod_dir.so
LoadModule log_config_module modules/mod_log_config.so

# User/Group
User apache
Group apache

# ServerAdmin: Your address, where problems with the server should be e-mailed.
ServerAdmin you@example.com

# ServerName gives the name and port that the server uses to identify itself.
ServerName www.example.com:{{ http_port }}

# DocumentRoot: The directory out of which you will serve your documents.
DocumentRoot "/var/www/html"

<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>

# MaxClients: The maximum number of child processes that will be created to serve requests.
MaxClients {{ max_clients }}

# ErrorLog: The location of the error log file.
ErrorLog "logs/error_log"

# CustomLog: The location of the access log file.
CustomLog "logs/access_log" combined

以上示例的说明：

hosts: 指定目标主机组。
vars: 定义变量，如 HTTP 端口和最大客户端数。
tasks: 定义任务列表，包括安装 Apache、配置文件和启动服务。
handlers: 定义在特定条件下触发的操作，如重新启动 Apache。

检查及执行：

# ansible-playbook demo-playbook.yml --check

PLAY [demo] ***********************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************

ok: [172.30.52.194]

TASK [Ensure Apache is installed] *************************************************************************************

changed: [172.30.52.194]

TASK [Write the Apache config file] ***********************************************************************************

changed: [172.30.52.194]

TASK [Ensure Apache is running] ***************************************************************************************

changed: [172.30.52.194]

RUNNING HANDLER [Restart Apache] **************************************************************************************

changed: [172.30.52.194]

PLAY RECAP ************************************************************************************************************

172.30.52.194 : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

# ansible-playbook demo-playbook.yml

PLAY [demo] ***********************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************

ok: [172.30.52.194]

TASK [Ensure Apache is installed] *************************************************************************************

changed: [172.30.52.194]

TASK [Write the Apache config file] ***********************************************************************************

changed: [172.30.52.194]

TASK [Ensure Apache is running] ***************************************************************************************

changed: [172.30.52.194]

RUNNING HANDLER [Restart Apache] **************************************************************************************

changed: [172.30.52.194]

PLAY RECAP ************************************************************************************************************

172.30.52.194 : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

我们检查一下配置结果如何

# ansible demo -m shell -a "systemctl status httpd; cat /etc/httpd.conf | grep -e 80 -e 200"

172.30.52.194 | CHANGED | rc=0 >>

● httpd.service - The Apache HTTP Server

   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

   Active: active (running) since 一 2024-09-09 19:30:27 CST; 6min ago

   Docs: man:httpd(8)

   man:apachectl(8)

Process: 22829 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)

Main PID: 22834 (httpd)

   Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"

Tasks: 6

   CGroup: /system.slice/httpd.service

   ├─22834 /usr/sbin/httpd -DFOREGROUND

   ├─22835 /usr/sbin/httpd -DFOREGROUND

   ├─22836 /usr/sbin/httpd -DFOREGROUND

   ├─22837 /usr/sbin/httpd -DFOREGROUND

   ├─22838 /usr/sbin/httpd -DFOREGROUND

   └─22839 /usr/sbin/httpd -DFOREGROUND

9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ systemd[1]: Stopped The Apache HTTP Server.

9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ systemd[1]: Starting The Apache HTTP Server...

9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ httpd[22834]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.30.52.194. Set the 'ServerName' directive globally to suppress this message

9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ systemd[1]: Started The Apache HTTP Server.

Listen 80

ServerName www.example.com:80

MaxClients 200

Ansible Role

Ansible Role角色是一种强大的组织和重用Ansible代码的方式。它们允许我们将相关的任务、变量、文件、模板和处理程序分组到一个单元中。在部署任务很多的情况下，增加了复用性。以下是如何创建和使用角色的简要概述：

目录结构

我们可以通过如下命令初始化一个目录结构：

ansible-galaxy role init my_role

一个典型角色目录结构示例：

├── defaults

│   └── main.yml

├── files

├── handlers

│   └── main.yml

├── meta

│   └── main.yml

├── README.md

├── tasks

│   └── main.yml

├── templates

├── tests

│   ├── inventory

│   └── test.yml

└── vars

└── main.yml

目录功能说明

defaults/: 存放默认变量，优先级最低。
files/: 存放静态文件，可以被 copy 或 script 模块调用。
handlers/: 存放处理程序，通常用于服务的重启等操作。
meta/: 存放角色的元数据，如依赖关系等。
tasks/: 存放任务列表，main.yml 是入口文件。
templates/: 存放 Jinja2 模板文件，可以动态生成配置文件。
vars/: 存放变量，优先级高于 defaults。

示例内容

1.defaults/main.yml

---
# 默认变量
http_port: 80
max_clients: 200

2.vars/main.yml

---
# 覆盖默认变量
http_port: 8080
max_clients: 300

3.files/example.conf

ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf

4.handlers/main.yml

---
- name: restart httpdservice:name: httpdstate: restarted

5.meta/main.yml

---
dependencies:- role: another_role

6.templates/example.j2

# 模板文件内容
Listen {{ http_port }}
MaxClients {{ max_clients }}

7.tasks/main.yml

---
- name: install httpdyum:name: httpdstate: present- name: copy config filescopy:src: example.confdest: /etc/httpd/conf/httpd.conf- name: deploy template filestemplate:src: example.j2dest: /etc/httpd/conf.d/example.conf- name: start httpd serviceservice:name: httpdstate: startedenabled: yesnotify:- restart httpd

8.执行文件demo.yml

- hosts: demoroles:- my_role

9.运行

#ansible-playbook demo.yml --check

# ansible-playbook demo.yml

PLAY [demo] ***********************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************

ok: [172.30.52.194]

TASK [my_role : install httpd] ****************************************************************************************

ok: [172.30.52.194]

TASK [my_role : copy config files] ************************************************************************************

ok: [172.30.52.194]

TASK [my_role : deploy template files] ********************************************************************************

ok: [172.30.52.194]

TASK [my_role : start httpd service] **********************************************************************************

changed: [172.30.52.194]

RUNNING HANDLER [my_role : restart httpd] *****************************************************************************

changed: [172.30.52.194]

PLAY RECAP ************************************************************************************************************

172.30.52.194 : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Ansible常见配置参数

Ansible 的主要配置参数可以通过 ansible.cfg 文件进行设置。以下是一些常用的配置参数：inventory：定义 inventory 文件的路径，包含 Ansible 需要管理的目标主机列表。
library：定义自定义模块的存放目录。
remote_user：定义在目标主机上执行命令时使用的远程用户。
forks：指定同时操作的目标主机数，有助于优化在多个主机上执行任务时的性能。
timeout：设置 SSH 连接的超时时间，对于较慢的网络或执行复杂任务时可以适当调整。
log_path：指定 Ansible 操作的日志文件路径和文件名。
host_key_checking：控制 Ansible 是否应检查 SSH 的 host key。
become_user：定义在目标主机上执行命令时使用的 sudo 用户。