Ansible
https://github.com/ansible/ansible
http://www.ansible.com.cn/index.html
ansible通过SSH来远程管理Linux/Unix机器.
ansible通过winrm+powershell来远程管理Windows机器.
安装:
$ sudo pip install ansible
$ sudo apt-get install ansible
$ sudo yum install ansible
$ brew install ansible sshpass
配置:
参考Network-SSH实现从controller到所有node的无密码登陆
配置文件执行顺序:
ANSIBLE_CONFIG
ansible.cfg
.ansible.cfg
/etc/ansible/ansible.cfg
手动配置:
$ sudo vim /etc/ansible/ansible.cfg
[defaults]
ask_pass = False
host_key_checking = False
ansible命令
ansible运行命令的两种方式:
- Ad-hoc相当于直接运行shell命令
- playbooks相当于运行shell脚本
ansible:
$ ansible group1:group1:group3/all -i inventory ......
$ansible --help
-m MODULE_NAME, --module-name=MODULE_NAME # 执行模块,默认是command
-M MODULE_PATH, --module-path=MODULE_PATH # 指定模块的路径
-a MODULE_ARGS, --args=MODULE_ARGS # 模块的参数
-i INVENTORY, --inventory INVENTORY # 默认/etc/ansible/hosts, 需要指定hosts分组
-f FORKS, --forks=FORKS # 指定并发进程的数量
-C, --check
-D, --diff
-l SUBSET, --limit=SUBSET
--syntax-check
--list-hosts
-v, --verbose # -v, -vvv, -vvvv
# 提权选项
-b, --become
--become-method=BECOME_METHOD # sudo(default)/su/pbrun/pfexec/runas/doas
--become-user=BECOME_USER # root(default)
-K, --ask-become-pass
# 连接选项
-u REMOTE_USER
--ssh-common-args
--ssh-extra-args
-T TIMEOUT # default 10s
-K, --ask-pass
inventory
inventory包括主机和分组,以及主机变量和分组变量. 默认是/etc/ansible/hosts
文件.
可以是ini格式,也可以是yaml格式.
可以是一个文件,可以是多个文件,也可以是一个目录.
$ ansible all -i inventory/folder/ ......
ini格式:
定义主机和主机变量
[host1]
node1
ansible_connection=ssh
ansible_host=host
ansible_port=port
ansible_user=user
ansible_ssh_pass=password
定义分组和分组变量
[group1]
node1
node2
[group1:vars]
ansible_connection=local/smart/ssh/paramiko
ansible_host=
ansible_port=
ansible_user=
ansible_ssh_pass=
ansible_ssh_common_args=
ansible_ssh_extra_args=
ansible_become=
ansible_become_method=
ansible_become_user=
ansible_become_pass=
ansible_become_exe=
ansible_become_flags=
定义分组的分组, children是固定写法
[big-group:children]
group1
group2
yaml:
all:
hosts: # hosts, 定义主机和主机变量
node1:
ansible_host:
ansible_port:
ansible_user:
ansible_ssh_pass: "${{ ansible_ssh_pass }}" # use ansible-vault
children: # children, 定义分组和分组变量
production:
hosts:
node1:
node2:
vars:
env: prod
staging:
hosts:
node3:
node4:
vars:
env: staging
module
module也就是所说的task plugins/library plugins.
$ ansible-doc -l/--list # 查看所有已经安装的模块
$ ansible-doc apt # 查看apt模块的文档
内置的模块
$ ansible-docs -l | grep "ansible.builtin"
ping
执行命令
command # 默认模块,用于在远程机器上执行命令
shell # 和command相同,只是该模块支持管道和特殊字符,一般用来执行脚本和复杂命令
raw
expect
script
telnet
files modules:
copy src dest mode ...
synchronize src dest ...
package modules:
apt name/deb state=present/absent/latest/build-dep update_cache autoclean autoremove
apt_repository repo state=present/absent
apt_rpm pkg state=present/absent
yum name state=present/absent/latest/installed/removed
adhoc
$ ansible group -m <module> -a <args> ...
$ ansible all -i inventory.yml -m ping -e "@vault.yml" --ask-vault-pass
copy:
$ ansible group -m copy -a "src=/sr dest=/dest mode=0655"
ansible-playbooks
playbook的格式是YAML.
$ ansible-playbook -i inventory playbook.yaml -K -vvv > output.txt
$ ansible-playbook -i inventory.yml playbook.yml -e "@vault.yml" --ask-vault-pass
$ ansible-playbook -i inventory.yml playbook.yml -e "@vault.yml" --vault-password-file ~/.vault_pass.txt
playbook:
- name: install
hosts: host-or-group
become: true
vars:
var1: value1
var2: value2
tasks:
- name: "{{ var1 }}"
module: args
debug:
msg: "This is a debug message"
- name: "{{ var2 }}"
module: args
variables:
register: var # 用var来存储task的结果,查看不同模块的返回值.
become:
become: true
become_user: root
become_method: sudo
become_flags:
debug:
strategy: debug
ansible-vault
ansible-vault用于加密敏感数据,比如密码等.
$ ansible-vault create vault.yml
$ ansible-vault edit vault.yml
$ ansible-vault view vault.yml
$ ansible-vault encrypt vault.yml
$ ansible-vault decrypt vault.yml
ansible-inventory
ansible-inventory用于查看inventory的内容.
$ ansible-inventory --list -i inventory.yml
$ ansible-inventory --graph -i inventory.yml
$ ansible-inventory --host host1 -i inventory.yml # 查看主机的详细信息
$ ansible-inventory --tree -i inventory.yml # 查看分组树状图
$ ansible-inventory --export -i inventory.yml # 导出inventory到标准输出
$ ansible-inventory --validate -i inventory.yml # 验证inventory文件的语法
ansible-config
ansible-config用于查看和管理ansible的配置.
$ ansible-config view # 查看当前配置
$ ansible-config dump --only-changed # 查看修改过的配置
$ ansible-config list --type=defaults # 列出所有默认配置
$ ansible-config list --type=privilege # 列出特权配置
$ ansible-config list --type=all # 列出所有配置
$ ansible-config init --disabled > ansible.cfg # 初始化一个新的ansible.cfg文件
ansible-pull
ansible-pull用于从远程仓库拉取playbook并执行.
$ ansible-pull -U <repo_url> -i inventory.yml playbook.yml
-U, --url <repo_url> # 指定远程仓库的URL
-i, --inventory <inventory> # 指定inventory文件
-d, --directory <directory> # 指定工作目录
-C, --checkout <branch> # 指定分支
-c, --clean # 清理工作目录
ansible-console
ansible-console是一个交互式的命令行界面,可以执行ansible命令和playbook.
$ ansible-console -i inventory.yml
-i, --inventory <inventory> # 指定inventory文件
-c, --connection <connection> # 指定连接方式,默认是ssh
-u, --user <user> # 指定远程用户
-k, --ask-pass # 提示输入SSH密码
ansible-galaxy
ansible-galaxy用于管理Ansible的角色和集合.
$ ansible-galaxy install <role_name> # 安装角色
$ ansible-galaxy remove <role_name> # 卸载角色
$ ansible-galaxy list # 列出已安装的角色
$ ansible-galaxy init <role_name> # 初始化一个新的角色
$ ansible-galaxy collection install <collection_name> # 安装集合
$ ansible-galaxy collection remove <collection_name> # 卸载集合
$ ansible-galaxy collection list # 列出已安装的集合