霏霏的网络日志

简介

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.
(http://ansible.com/)

相关资源:

• ansible官方blog:http://blog.ansibleworks.com/
• ansible手册:http://docs.ansible.com/
• ansiblegithub:https://github.com/ansible/ansible
• yaml手册:http://docs.ansible.com/YAMLSyntax.html

安装

安装pip

curl -O https://raw.github.com/pypa/pip/master/contrib/get-pip.py
python get-pip.py 

安装支持包

yum install python26 python26-PyYAML python26-paramiko python26-jinja2 python-simplejson

安装ansible

pip install ansible

或

yum install ansible

为了避免python环境对项目造成影响,建议用virtualenv将ansible部署在独立的目录.

配置

ansible.cfg

hostfile = /usr/local/ansible/etc/hosts   # 指定 ansible 的 inventory 文件

相关配置文件位置可通过constents.py调整

hosts

写入所有待管理的主机列表

vim /etc/ansible/hosts
[aliyun]
192.168.1.1
[do]
192.168.1.2

ssh-key

ansible基于ssh,设置主机间的信任关系是必须的.

ssh-keygen
ssh-copy-id -i /etc/root/.ssh/id_rsa.pub "-p port_number root@192.168.1.1"
ssh-copy-id -i /etc/root/.ssh/id_rsa.pub "-p port_number root@192.168.1.2"

命令执行

简单命令可使用 command 模块:

#ping
$ ansible all -m ping
192.168.1.1 | success >> {
    "changed": false, 
    "ping": "pong"
}

192.168.1.2 | success >> {
    "changed": false, 
    "ping": "pong"
}

#负载
$ ansible 192.168.1.2 -m command -a 'w'
192.168.1.2 | success | rc=0 >>
19:21:35 up 183 days,  5:43,  0 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

带管道的命令使用 shell 模块执行:

$ ansible 192.1681.2 -m shell -a "/bin/rpm -qa|grep git"
192.1681.2 | success | rc=0 >>
git-1.7.1-3.el6_4.1.x86_64

使用 copy 模块拷贝文件

$ ansible 192.168.1.2 -m copy -a "src=/data/1.txxt dest=/data/1.txt" -s     #-s=sudo
192.168.1.2 | success >> {
    "changed": true, 
    "dest": "/data/1.txt", 
    "gid": 502, 
    "group": "mayiwei", 
    "md5sum": "d41d8cd900998ecf8427e", 
    "mode": "0664", 
    "owner": "mayiwei", 
    "size": 0, 
    "src": "/home/user/.ansible/tmp/ansible-tmp-1395199010.27-242962401345102/source", 
    "state": "file", 
    "uid": 502
}

使用 service 模块管理服务

$ ansible 192.168.1.2 -m service -a 'name=nginxd state=started' -s
192.168.1.2 | success >> {
    "changed": true,
    "name": "nginxd",
    "state": "started"
}

使用 yum 模块安装软件包

$ ansible 192.168.1.2 -m yum -a 'name=git state=present' -s
192.168.1.2 | success >> {
    "changed": true, 
    "msg": "", 
    "rc": 0, 
    "results": [
    "Setting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package git.x86_64 0:1.7.1-3.el6_4.1 will be installed\n--> Processing Dependency: perl-Git = 1.7.1-3.el6_4.1 for package: git-1.7.1-3.el6_4.1.x86_64\n--> Processing Dependency: rsync for package: git-1.7.1-3.el6_4.1.x86_64\n--> Processing Dependency: perl(Git) for package: git-1.7.1-3.el6_4.1.x86_64\n--> Processing Dependency: perl(Error) for package: git-1.7.1-3.el6_4.1.x86_64\n--> Running transaction check\n---> Package perl-Error.noarch 1:0.17015-4.el6 will be installed\n---> Package perl-Git.noarch 0:1.7.1-3.el6_4.1 will be installed\n---> Package rsync.x86_64 0:3.0.6-9.el6_4.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package            Arch           Version                   Repository    Size\n================================================================================\nInstalling:\n git                x86_64         1.7.1-3.el6_4.1           base         4.6 M\nInstalling for dependencies:\n perl-Error         noarch         1:0.17015-4.el6           base          29 k\n perl-Git           noarch         1.7.1-3.el6_4.1           base          28 k\n rsync              x86_64         3.0.6-9.el6_4.1           base         334 k\n\nTransaction Summary\n================================================================================\nInstall       4 Package(s)\n\nTotal download size: 5.0 M\nInstalled size: 15 M\nDownloading Packages:\n--------------------------------------------------------------------------------\nTotal                                           586 kB/s | 5.0 MB     00:08     \nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r  Installing : 1:perl-Error-0.17015-4.el6.noarch                            1/4 \n\r  Installing : rsync-3.0.6-9.el6_4.1.x86_64                                 2/4 \n\r  Installing : perl-Git-1.7.1-3.el6_4.1.noarch                              3/4 \n\r  Installing : git-1.7.1-3.el6_4.1.x86_64                                   4/4 \n\r  Verifying  : rsync-3.0.6-9.el6_4.1.x86_64                                 1/4 \n\r  Verifying  : git-1.7.1-3.el6_4.1.x86_64                                   2/4 \n\r  Verifying  : perl-Git-1.7.1-3.el6_4.1.noarch                              3/4 \n\r  Verifying  : 1:perl-Error-0.17015-4.el6.noarch                            4/4 \n\nInstalled:\n  git.x86_64 0:1.7.1-3.el6_4.1                                                  \n\nDependency Installed:\n  perl-Error.noarch 1:0.17015-4.el6      perl-Git.noarch 0:1.7.1-3.el6_4.1     \n  rsync.x86_64 0:3.0.6-9.el6_4.1        \n\nComplete!\n"
    ]
}

playbook

说明

ansible的配置管理基于playbook,一个playbook包含多个play,一个play包含多个task;

playbook的语法格式采用yaml;

典型的playbook形如:

---                                              # playbook
- hosts: groupname               # play
  remote_user: yourname
  sudo: yes

  tasks:                                     # tasks
    - task1
    - task2

编写好playbook再通过ansible-playbook命令下发:

ansible-play playbook.yml

简单实例:

1. 编写playbook

   vim playbook.yml
   ---
   - hosts: all                                            # hosts中指定
     remote_user: mayiwei                      # 如果和当前用户一样，则无需指定
     sudo: yes
   
     tasks:                                                  # 执行任务
     - name: install git                               # 任务名称
       yum: pkg=git state=present         # 使用yum模块
   

2. 执行playbook:

   $ansible-playbook git.yaml
   PLAY [all] ***********************************************************
   
   GATHERING FACTS ************************************************* 
   ok: [192.168.1.1]
   ok: [192.168.1.2]
   
   TASK: [yum pkg=git state=present] ********************************
   changed: [192.168.1.1]
   changed: [192.168.1.2]
   
   PLAY RECAP ******************************************************** 
   192.168.1.1            : ok=2    changed=1    unreachable=0    failed=0   
   192.168.1.2            : ok=2    changed=1    unreachable=0    failed=0
   

多play实例

1. 编写playbook:

   vim playbook.yml
   ---
   - hosts: all
     remote_user: mayiwei
     sudo: yes
   
     tasks:
       - include: git.yml
       - include: wget.yml
   
   vim git.yml
   - yum: pkg=git state=present
   
   vim wget.yml
   - yum: pkg=wget state=present
   

2. 执行playbook:

   $ ansible-playbook playbook.yml 
   
   PLAY [all] ******************************************************************** 
   
   GATHERING FACTS *************************************************************** 
   ok: [192.168.1.1]
   ok: [192.168.1.2]
   
   TASK: [yum pkg=git state=present] ********************************************* 
   ok: [192.168.1.1]
   ok: [192.168.1.2]
   
   TASK: [yum pkg=wget state=present] ******************************************** 
   ok: [192.168.1.1]
   ok: [192.168.1.2]
   
   PLAY RECAP ******************************************************************** 
   192.168.1.1             : ok=3    changed=0    unreachable=0    failed=0   
   192.168.1.2             : ok=3    changed=0    unreachable=0    failed=0
   

variables

roles

roles的作用:

• 组织项目
• 复用组件
• 定义文件结构
  -

  参考

• http://noops.me/?p=1446#more-1446
• http://www.the5fire.com/ansible-guide-cn.html
  -