0


开源Devops工具-Ansible

一、Ansible简介

    Ansible是基于Python开发的自动化运维工具,架构相对比较简单,仅需通过SSH连接客户机执行任务即可。集合了众多运维工具(puppet、chef、func)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。

二、Ansible安装

1.安装EPEL扩展源:

sudo yum install -y epel-release

2.安装Ansible:

sudo yum install -y ansible

3.验证安装:

ansible --version

三、Ansible配置示例

1.修改Ansible配置文件:Ansible的默认配置文件位于/etc/ansible/ansible.cfg。我们可以根据需要进行修改,例如设置主机清单文件路径:

[defaults]
inventory = /etc/ansible/hosts

2.被控服务器(客户机)设置

在Ansible主机上生成SSH密钥对

ssh-keygen

将公钥复制到客户机

#test为被控主机上的用户名
ssh-copy-id test@192.168.1.100
ssh-copy-id test@192.168.1.101

ssh-copy-id test@172.30.52.194

验证 SSH 连接

ssh test@192.168.1.100
ssh test@192.168.1.101

ssh test@172.30.52.194

3.配置主机清单: 编辑步骤1中指定的/etc/ansible/hosts文件,添加需要管理的主机

[webservers]
192.168.1.100 ansible_user=test
192.168.1.101 ansible_user=test

[demo]

172.30.52.194

4.测试Ansible连接

ansible demo -m ping

172.30.52.194 | SUCCESS => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

}, 

"changed": false, 

"ping": "pong"

}

四、Ansible常用模块

    首先使用ansible-doc -l命令可以查看所有可用模块,并使用ansible-doc <module_name> 查看特定模块的详细文档。然后我看下常用的一些模块:

1.Ping模块

    用于测试连接,如上所示

#ansible demo -m ping

2.Command模块

    用于在远程主机上执行命令,不会通过shell进行处理,比如$HOME和操作如"<",">","|",";","&"等(需要用shell模块实现)

ansible demo -m command -a "uptime"

172.30.52.194 | CHANGED | rc=0 >>

18:28:28 up 17 days, 3:19, 2 users, load average: 0.00, 0.01, 0.05

3.Shell模块

用于在远程主机上执行Shell命令

ansible demo -m shell -a "echo hello"

172.30.52.194 | CHANGED | rc=0 >>

hello

4.Copy模块

     用于复制文件到远程主机

#echo heloo >demo.txt

ansible demo -m copy -a "src=/root/demo.txt dest=/home/test/demo.txt"

172.30.52.194 | CHANGED => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

}, 

"changed": true, 

"checksum": "5f304b1e7476c3ce2861001dfbb529aa90dce3c5", 

"dest": "/home/test/demo.txt", 

"gid": 0, 

"group": "root", 

"md5sum": "0b2078e6b45544d1938f63e9404c9d4a", 

"mode": "0644", 

"owner": "root", 

"size": 6, 

"src": "/root/.ansible/tmp/ansible-tmp-1725878802.63-19129-236554822146927/source", 

"state": "file", 

"uid": 0

}

检查文件是否存在远程主机:

ansible demo -m shell -a "cat /home/test/demo.txt"

172.30.52.194 | CHANGED | rc=0 >>

heloo

5.Yum模块

    用于管理软件包(适用于基于 RPM 的系统)

ansible demo -m yum -a "name=httpd state=present"

172.30.52.194 | CHANGED => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

}, 

"changed": true, 

"changes": {

    "installed": [

        "httpd"

    ]

}, 

"msg": "", 

"rc": 0, 

"results": [

    "Loaded plugins: fastestmirror\nLoading mirror speeds from cached 

......省略

检查结果

ansible demo -m shell -a "rpm -qa | grep httpd"

172.30.52.194 | CHANGED | rc=0 >>

httpd-tools-2.4.6-99.el7.centos.1.x86_64

httpd-2.4.6-99.el7.centos.1.x86_64

6.Service模块

     用于管理服务

ansible demo -m service -a "name=httpd state=started"

172.30.52.194 | CHANGED => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

}, 

"changed": true, 

"name": "httpd", 

"state": "started", 

"status": {

    "ActiveEnterTimes

......省略

检查是否启动

ansible demo -m shell -a "systemctl status httpd"

172.30.52.194 | CHANGED | rc=0 >>

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

Active: active (running) since 一 2024-09-09 18:58:46 CST; 56s ago

 Docs: man:httpd(8)

       man:apachectl(8)

Main PID: 20722 (httpd)

7.User模块

    用于管理用户账户

ansible demo -m user -a "name=johndoe state=present"

172.30.52.194 | CHANGED => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

}, 

"changed": true, 

"comment": "", 

"create_home": true, 

"group": 1001, 

"home": "/home/johndoe", 

"name": "johndoe", 

"shell": "/bin/bash", 

"state": "present", 

"system": false, 

"uid": 1001

}

检查用户创建情况

ansible demo -m shell -a "ls /home/ | grep johndoe "

172.30.52.194 | CHANGED | rc=0 >>

johndoe

8.File模块

    用于管理文件和目录属性

ansible demo -m file -a "path=/home/test/demo2.txt state=touch"

172.30.52.194 | CHANGED => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

}, 

"changed": true, 

"dest": "/home/test/demo2.txt", 

"gid": 0, 

"group": "root", 

"mode": "0644", 

"owner": "root", 

"size": 0, 

"state": "file", 

"uid": 0

}

9.Cron模块

    用于管理操作系统计划任务

ansible demo -m cron -a "name='backup' minute='0' hour='2' job='/usr/local/bin/backup.sh'"

172.30.52.194 | CHANGED => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

}, 

"changed": true, 

"envs": [], 

"jobs": [

    "backup"

]

}

检查任务是否创建

ansible demo -m shell -a "crontab -l "

172.30.52.194 | CHANGED | rc=0 >>

#Ansible: backup

0 2 * * * /usr/local/bin/backup.sh

10.Setup模块

    用于收集远程主机的系统信息

ansible demo -m setup -a 'filter="mem"'

172.30.52.194 | SUCCESS => {

"ansible_facts": {

    "ansible_memfree_mb": 324, 

    "ansible_memory_mb": {

        "nocache": {

            "free": 1423, 

            "used": 333

        }, 

        "real": {

            "free": 324, 

            "total": 1756, 

            "used": 1432

        }, 

        "swap": {

            "cached": 0, 

            "free": 0, 

            "total": 0, 

            "used": 0

        }

    }, 

    "ansible_memtotal_mb": 1756, 

    "discovered_interpreter_python": "/usr/bin/python"

}, 

"changed": false

}

五、Ansible命令执行过程

1.加载工具本身的配置文件,默认/etc/ansible/ansible.cfg;
2.找配置文件里设置的主机配置文件,如/etc/ansible/hosts,找到要执行的主机或者组;
3.加载对应的模块文件,如command;
4.通过ansible将模块命令生成对应的临时py文件(python脚本),并将该文件传输至客户机;
5.对应执行客户机的用户家目录下的.ansible/tmp/xxx/xxx.py文件;
6.给文件+x执行权限;
7.执行并返回结果;
8.删除临时py文件,sleep 0退出;

六、Ansible Playbook

    Ansible Playbook是一种用于自动化配置管理和多机器部署的工具。它使用YAML语言编写,能够定义一系列任务(tasks),并在多个主机上有序执行这些任务。主要作用如下:

配置管理:自动化配置服务器和应用程序,确保一致性。
应用部署:在多个服务器上部署应用程序,简化复杂的部署流程。
任务编排:定义和执行一系列有序的任务,支持同步和异步执行。
状态验证:确保服务器和应用程序处于预期的状态。

    以下是Ansible Playbook的主要作用及一个简单示例,用于在一组名为demo的主机上安装和配置 Apache HTTP服务器(注意格式,每个Playbook的顶层必须以"---"开始;列表中的成员以"-"开头,后面要带个空格;对齐;在运行前,最好先检查一次,以保证所有的命令都能运行):
---
- hosts: demo
  vars:
    http_port: 80
    max_clients: 200
  tasks:
    - name: Ensure Apache is installed
      yum:
        name: httpd
        state: latest

    - name: Write the Apache config file
      template:
        src: /srv/httpd.j2
        dest: /etc/httpd.conf
      notify:
        - Restart Apache

    - name: Ensure Apache is running
      service:
        name: httpd
        state: started

  handlers:
    - name: Restart Apache
      service:
        name: httpd
        state: restarted

/srv/httpd.j2的内容如下,注意变量的书写格式:

This is the main Apache HTTP server configuration file. It contains the

configuration directives that give the server its instructions.

Do NOT simply read the instructions in here without understanding

what they do. They're here only as hints or reminders. If you are unsure

consult the online docs. You have been warned.

ServerRoot "/etc/httpd"
Listen {{ http_port }}

LoadModule directives

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule dir_module modules/mod_dir.so
LoadModule log_config_module modules/mod_log_config.so

User/Group

User apache
Group apache

ServerAdmin: Your address, where problems with the server should be e-mailed.

ServerAdmin you@example.com

ServerName gives the name and port that the server uses to identify itself.

ServerName www.example.com:{{ http_port }}

DocumentRoot: The directory out of which you will serve your documents.

DocumentRoot "/var/www/html"

<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>

MaxClients: The maximum number of child processes that will be created to serve requests.

MaxClients {{ max_clients }}

ErrorLog: The location of the error log file.

ErrorLog "logs/error_log"

CustomLog: The location of the access log file.

CustomLog "logs/access_log" combined

以上示例的说明:

  • hosts: 指定目标主机组。
  • vars: 定义变量,如 HTTP 端口和最大客户端数。
  • tasks: 定义任务列表,包括安装 Apache、配置文件和启动服务。
  • handlers: 定义在特定条件下触发的操作,如重新启动 Apache。

检查及执行:

ansible-playbook demo-playbook.yml --check

PLAY [demo] ***********************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************

ok: [172.30.52.194]

TASK [Ensure Apache is installed] *************************************************************************************

changed: [172.30.52.194]

TASK [Write the Apache config file] ***********************************************************************************

changed: [172.30.52.194]

TASK [Ensure Apache is running] ***************************************************************************************

changed: [172.30.52.194]

RUNNING HANDLER [Restart Apache] **************************************************************************************

changed: [172.30.52.194]

PLAY RECAP ************************************************************************************************************

172.30.52.194 : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

ansible-playbook demo-playbook.yml

PLAY [demo] ***********************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************

ok: [172.30.52.194]

TASK [Ensure Apache is installed] *************************************************************************************

changed: [172.30.52.194]

TASK [Write the Apache config file] ***********************************************************************************

changed: [172.30.52.194]

TASK [Ensure Apache is running] ***************************************************************************************

changed: [172.30.52.194]

RUNNING HANDLER [Restart Apache] **************************************************************************************

changed: [172.30.52.194]

PLAY RECAP ************************************************************************************************************

172.30.52.194 : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

我们检查一下配置结果如何

ansible demo -m shell -a "systemctl status httpd; cat /etc/httpd.conf | grep -e 80 -e 200"

172.30.52.194 | CHANGED | rc=0 >>

● httpd.service - The Apache HTTP Server

Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

Active: active (running) since 一 2024-09-09 19:30:27 CST; 6min ago

 Docs: man:httpd(8)

       man:apachectl(8)

Process: 22829 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)

Main PID: 22834 (httpd)

Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"

Tasks: 6

CGroup: /system.slice/httpd.service

       ├─22834 /usr/sbin/httpd -DFOREGROUND

       ├─22835 /usr/sbin/httpd -DFOREGROUND

       ├─22836 /usr/sbin/httpd -DFOREGROUND

       ├─22837 /usr/sbin/httpd -DFOREGROUND

       ├─22838 /usr/sbin/httpd -DFOREGROUND

       └─22839 /usr/sbin/httpd -DFOREGROUND

9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ systemd[1]: Stopped The Apache HTTP Server.

9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ systemd[1]: Starting The Apache HTTP Server...

9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ httpd[22834]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.30.52.194. Set the 'ServerName' directive globally to suppress this message

9月 09 19:30:27 iZ2zegatpev1hkxek13zfxZ systemd[1]: Started The Apache HTTP Server.

Listen 80

ServerName www.example.com:80

MaxClients 200

七、Ansible Role

     Ansible Role角色是一种强大的组织和重用Ansible代码的方式。它们允许我们将相关的任务、变量、文件、模板和处理程序分组到一个单元中。在部署任务很多的情况下,增加了复用性。以下是如何创建和使用角色的简要概述:

目录结构

    我们可以通过如下命令初始化一个目录结构:

ansible-galaxy role init my_role

    一个典型角色目录结构示例:

├── defaults

│ └── main.yml

├── files

├── handlers

│ └── main.yml

├── meta

│ └── main.yml

├── README.md

├── tasks

│ └── main.yml

├── templates

├── tests

│ ├── inventory

│ └── test.yml

└── vars

└── main.yml

目录功能说明

  1. defaults/: 存放默认变量,优先级最低。
  2. files/: 存放静态文件,可以被 copyscript 模块调用。
  3. handlers/: 存放处理程序,通常用于服务的重启等操作。
  4. meta/: 存放角色的元数据,如依赖关系等。
  5. tasks/: 存放任务列表,main.yml 是入口文件。
  6. templates/: 存放 Jinja2 模板文件,可以动态生成配置文件。
  7. vars/: 存放变量,优先级高于 defaults

示例内容

1.defaults/main.yml

---
# 默认变量
http_port: 80
max_clients: 200

2.vars/main.yml

---
# 覆盖默认变量
http_port: 8080
max_clients: 300

3.files/example.conf

ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common

<IfModule logio_module>
   LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
 </IfModule>
 CustomLog "logs/access_log" combined
</IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on IncludeOptional conf.d/*.conf

4.handlers/main.yml

---
- name: restart httpd
  service:
    name: httpd
    state: restarted

5.meta/main.yml

---
dependencies:
  - role: another_role

6.templates/example.j2

模板文件内容

Listen {{ http_port }}
MaxClients {{ max_clients }}

7.tasks/main.yml

---
- name: install httpd
  yum:
    name: httpd
    state: present

- name: copy config files
  copy:
    src: example.conf
    dest: /etc/httpd/conf/httpd.conf

- name: deploy template files
  template:
    src: example.j2
    dest: /etc/httpd/conf.d/example.conf

- name: start httpd service
  service:
    name: httpd
    state: started
    enabled: yes
  notify:
    - restart httpd

8.执行文件demo.yml

- hosts: demo
  roles:
    - my_role

9.运行

#ansible-playbook demo.yml --check

ansible-playbook demo.yml

PLAY [demo] ***********************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************

ok: [172.30.52.194]

TASK [my_role : install httpd] ****************************************************************************************

ok: [172.30.52.194]

TASK [my_role : copy config files] ************************************************************************************

ok: [172.30.52.194]

TASK [my_role : deploy template files] ********************************************************************************

ok: [172.30.52.194]

TASK [my_role : start httpd service] **********************************************************************************

changed: [172.30.52.194]

RUNNING HANDLER [my_role : restart httpd] *****************************************************************************

changed: [172.30.52.194]

PLAY RECAP ************************************************************************************************************

172.30.52.194 : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

八、Ansible常见配置参数

    Ansible 的主要配置参数可以通过 ansible.cfg 文件进行设置。以下是一些常用的配置参数:inventory:定义 inventory 文件的路径,包含 Ansible 需要管理的目标主机列表。

library:定义自定义模块的存放目录。
remote_user:定义在目标主机上执行命令时使用的远程用户。
forks:指定同时操作的目标主机数,有助于优化在多个主机上执行任务时的性能。
timeout:设置 SSH 连接的超时时间,对于较慢的网络或执行复杂任务时可以适当调整。
log_path:指定 Ansible 操作的日志文件路径和文件名。
host_key_checking:控制 Ansible 是否应检查 SSH 的 host key。
become_user:定义在目标主机上执行命令时使用的 sudo 用户。

标签: 开源 devops ansible

本文转载自: https://blog.csdn.net/fzw1030/article/details/142066073
版权归原作者 炸裂狸花猫 所有, 如有侵权,请联系我们删除。

“开源Devops工具-Ansible”的评论:

还没有评论