一、简介
Ansible是一种集IT系统的配置管理、应用部署、流程设置的开源软件工具,与其他管理软件工具有多方面的差异。目标是提供面对广泛的自动化挑战如何获得大型生产力的优势。当Ansible提供更强大的生产力逐步替代其他许多核心性能的自动化解决方案,它也在寻求解决其他还没解决的IT挑战,这些包括如何时复杂多层级工作流程清晰化、清楚统一的OS配置、在单一框架下应用软件的部署。
官方文档:http://docs.ansible.com/#playbooks
二、直接安装配置
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@localhost ~]
# yum -y install ansible-1.5.4-1.el6.noarch.rpm
#下载安装包后使用yum安装;因为存在依赖关系
#
[root@localhost ~]
# rpm -ql ansible
/
etc
/
ansible
/
etc
/
ansible
/
ansible.cfg
/
etc
/
ansible
/
hosts
/
usr
/
bin
/
ansible
/
usr
/
bin
/
ansible
-
doc
/
usr
/
bin
/
ansible
-
galaxy
/
usr
/
bin
/
ansible
-
playbook
/
usr
/
bin
/
ansible
-
pull
/
usr
/
bin
/
ansible
-
vault
/
usr
/
lib
/
python2.
6
/
site
-
packages
/
ansible
|
安装完成后进行配置:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@localhost ~]
# vim /etc/ansible/hosts
[webserver]
#定义一组服务
node1.soul.com
node2.soul.com
[dbserver]
node3.soul.com
#
#定义完成后进行ssh认证
[root@localhost ~]
# ssh-keygen -t rsa
Generating public
/
private rsa key pair.
Enter
file
in
which to save the key (
/
root
/
.ssh
/
id_rsa):
Enter passphrase (empty
for
no passphrase):
[root@localhost ~]
# ssh-copy-id -i .ssh/id_rsa.pub node1
[root@localhost ~]
# ssh-copy-id -i .ssh/id_rsa.pub node2
[root@localhost ~]
# ssh-copy-id -i .ssh/id_rsa.pub node3
|
基本语法:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@localhost ~]
# man ansible
ANSIBLE(
1
) System administration commands ANSIBLE(
1
)
NAME
ansible
-
run a command somewhere
else
SYNOPSIS
ansible <host
-
pattern> [
-
f forks] [
-
m module_name] [
-
a args]
#host-pattern 主机列表
#-f forks 一次管理多少
#-m module_name 指定模块;默认为command
#-a args 参数
#
[root@localhost ~]
# ansible all -a 'date'
node2.soul.com | success | rc
=
0
>>
Sat Apr
19
22
:
28
:
00
CST
2014
node1.soul.com | success | rc
=
0
>>
Sat Apr
19
22
:
28
:
00
CST
2014
node3.soul.com | success | rc
=
0
>>
Sat Apr
19
22
:
28
:
00
CST
2014
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
#显示所有模块
[root@localhost ~]
# ansible-doc -l
acl Sets
and
retrieves
file
ACL information.
add_host add a host (
and
alternatively a group) to the ansible
-
playbo
airbrake_deployment Notify airbrake about app deployments
apt Manages apt
-
packages
apt_key Add
or
remove an apt key
apt_repository Add
and
remove APT repositores
arista_interface Manage physical Ethernet interfaces
arista_l2interface Manage layer
2
interfaces
arista_lag Manage port channel (lag) interfaces
arista_vlan Manage VLAN resources
assemble Assembles a configuration
file
from
fragments
assert
Fail with custom message
at Schedule the execution of a command
or
scripts via the at co
authorized_key Adds
or
removes an SSH autho
...
#
[root@localhost ~]
# ansible-doc -s
Usage: ansible
-
doc [options] [module...]
#查看模块的参数
[root@localhost ~]
# ansible-doc -s yum
-
name: Manages packages with the `yum' package manager
action: yum
state
=
# Whether to install (`present', `latest'), or remove (`absent') a packa
disablerepo
=
# `repoid' of repositories to disable for the install/update operation T
name
=
# Package name, or package specifier with version, like `name-1.0'. When
enablerepo
=
# Repoid of repositories to enable for the install/update operation. The
list
=
# Various (non-idempotent) commands for usage with `/usr/bin/ansible' an
disable_gpg_check
=
# Whether to disable the GPG checking of signatures of packages being in
conf_file
=
|
测试安装包:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@localhost ~]
# ansible all -m yum -a "state=present name=corosync"
node2.soul.com | success >> {
"changed"
: true,
"msg"
: "",
"rc"
:
0
,
"results"
:
...
#由于需要依赖关系;所以会输出很多信息;这里不贴了
[root@localhost ~]
# ansible all -a "rpm -q corosync" 验证
node2.soul.com | success | rc
=
0
>>
corosync
-
1.4
.
1
-
17.el6
.x86_64
node3.soul.com | success | rc
=
0
>>
corosync
-
1.4
.
1
-
15.el6
.x86_64
node1.soul.com | success | rc
=
0
>>
corosync
-
1.4
.
1
-
17.el6
.x86_64
|
三、YAML语法
YAML的语法和其他高阶语言类似,并且可以简单表达清单、散列表、标量等数据结构。其结构(Structure)通过空格来展示,序列(Sequence)里的项用"-"来代表,Map里的键值对用":"分隔。下面是一个示例。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
name: Tom Smith
age:
40
gender: Male
spouse:
name: Jerry Smith
age:
35
gender: Female
children:
-
name: Jimmy Smith
age:
17
gender: Male
-
name: Jenny Smith
age:
15
gender: Female
|
YAML文件扩展名通常为.yaml,如example.yaml。
四、ansible playbooks
playbook是由一个或多个“play”组成的列表。play的主要功能在于将事先归并为一组的主机装扮成事先通过ansible中的task定义好的角色。从根本上来讲,所谓task无非是调用ansible的一个module。将多个play组织在一个playbook中,即可以让它们联同起来按事先编排的机制同唱一台大戏。下面是一个简单示例
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
-
hosts: webnodes
vars
:
http_port:
80
max_clients:
256
remote_user: root
tasks:
-
name: ensure apache
is
at the latest version
yum: name
=
httpd state
=
latest
-
name: ensure apache
is
running
service: name
=
httpd state
=
started
handlers:
-
name: restart apache
service: name
=
httpd state
=
restarted
|
五、Hosts和Users
playbook中的每一个play的目的都是为了让某个或某些主机以某个指定的用户身份执行任务。hosts用于指定要执行指定任务的主机,其可以是一个或多个由冒号分隔主机组;remote_user则用于指定远程主机上的执行任务的用户。如上面示例中的
|
1
2
|
-
hosts: webnodes
remote_user: root
|
不过,remote_user也可用于各task中。也可以通过指定其通过sudo的方式在远程主机上执行任务,其可用于play全局或某任务;此外,甚至可以在sudo时使用sudo_user指定sudo时切换的用户。
|
1
2
3
4
5
6
7
|
-
hosts: webnodes
remote_user: mageedu
tasks:
-
name: test connection
ping:
remote_user: mageedu
sudo: yes
|
六、任务列表和action
play的主体部分是task list。task list中的各任务按次序逐个在hosts中指定的所有主机上执行,即在所有主机上完成第一个任务后再开始第二个。在运行自下而下某playbook时,如果中途发生错误,所有已执行任务都将回滚,因此,在更正playbook后重新执行一次即可。
task的目的是使用指定的参数执行模块,而在模块参数中可以使用变量。模块执行是幂等的,这意味着多次执行是安全的,因为其结果均一致。
每个task都应该有其name,用于playbook的执行结果输出,建议其内容尽可能清晰地描述任务执行步骤。如果未提供name,则action的结果将用于输出。
定义task的可以使用“action: module options”或“module: options”的格式,推荐使用后者以实现向后兼容。如果action一行的内容过多,也中使用在行首使用几个空白字符进行换行。
|
1
2
3
|
tasks:
-
name: make sure apache
is
running
service: name
=
httpd state
=
running
|
在众多模块中,只有command和shell模块仅需要给定一个列表而无需使用“key=value”格式,例如:
|
1
2
3
|
tasks:
-
name: disable selinux
command:
/
sbin
/
setenforce
0
|
如果命令或脚本的退出码不为零,可以使用如下方式替代:
|
1
2
3
|
tasks:
-
name: run this command
and
ignore the result
shell:
/
usr
/
bin
/
somecommand ||
/
bin
/
true
|
或者使用ignore_errors来忽略错误信息:
|
1
2
3
4
|
tasks:
-
name: run this command
and
ignore the result
shell:
/
usr
/
bin
/
somecommand
ignore_errors:
True
|
七、handlers:用于当关注的资源发生变化时采取一定的操作。
“notify”这个action可用于在每个play的最后被触发,这样可以避免多次有改变发生时每次都执行指定的操作,取而代之,仅在所有的变化发生完成后一次性地执行指定操作。在notify中列出的操作称为handler,也即notify中调用handler中定义的操作。
|
1
2
3
4
5
|
-
name: template configuration
file
template: src
=
template.j2 dest
=
/
etc
/
foo.conf
notify:
-
restart memcached
-
restart apache
|
handler是task列表,这些task与前述的task并没有本质上的不同。
|
1
2
3
4
5
|
handlers:
-
name: restart memcached
service: name
=
memcached state
=
restarted
-
name: restart apache
service: name
=
apache state
=
restarted
|
实例:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
#安装heartbeat的
heartbeat.yaml
-
hosts: hbhosts
remote_user: root
tasks:
-
name: ensure heartbeat latest version
yum: name
=
heartbeat state
=
present
-
name: authkeys configure
file
copy: src
=
/
root
/
hb_conf
/
authkeys dest
=
/
etc
/
ha.d
/
authkeys
-
name: authkeys mode
600
file
: path
=
/
etc
/
ha.d
/
authkeys mode
=
600
notify:
-
restart heartbeat
-
name: ha.cf configure
file
copy: src
=
/
root
/
hb_conf
/
ha.cf dest
=
/
etc
/
ha.d
/
ha.cf
notify:
-
restart heartbeat
handlers:
-
name: restart heartbeat
service: name
=
heartbeat state
=
restarted
|
本文转自Mr_陈 51CTO博客,原文链接:http://blog.51cto.com/chenpipi/1399808,如需转载请自行联系原作者
