20-ansible.html
13.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>2. ansible集群管理工具 — watchmen 1.0 documentation</title>
<link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="index" title="Index" href="genindex.html" />
<link rel="search" title="Search" href="search.html" />
<link rel="next" title="3. elk日志系统" href="30-elk.html" />
<link rel="prev" title="1. 概述" href="10-summary.html" />
<script src="_static/js/modernizr.min.js"></script>
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search">
<a href="index.html" class="icon icon-home"> watchmen
</a>
<div class="version">
1.0
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<p class="caption"><span class="caption-text">Contents:</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="10-summary.html">1. 概述</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">2. ansible集群管理工具</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#id1">2.1. 安装</a></li>
<li class="toctree-l2"><a class="reference internal" href="#id2">2.2. 配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="#id3">2.3. 使用</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="30-elk.html">3. elk日志系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="40-zabbix.html">4. zabbix监测系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="99-history.html">5. 修订历史</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="index.html">watchmen</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="index.html">Docs</a> »</li>
<li>2. ansible集群管理工具</li>
<li class="wy-breadcrumbs-aside">
<a href="_sources/20-ansible.rst.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<div class="section" id="ansible">
<h1>2. ansible集群管理工具<a class="headerlink" href="#ansible" title="Permalink to this headline">¶</a></h1>
<p>离线安装包: <a class="reference external" href="smb://192.168.9.1">smb://192.168.9.1</a>/公共模块/繁星/繁星二代/自检系统/ansible_offline_tx1</p>
<p>playback实例在 ansible_playback_example 目录。</p>
<p>在繁星中增加ansible,作为集群管理工具。ansible工作的流程是,读取/etc/ansible/hosts主机列表,批量的、自动的使用ssh远程到主机上执行指令,我们可以用它获得子节点的状态,批量配置、更新程序</p>
<p>我们有三种使用方法:</p>
<ol class="arabic simple">
<li>写python或shell脚本,在脚本中编写复杂的指令组合,利用ansible的command模块将脚本和所需文件上传、执行。–此方法学习成本低,易上手。初级使用方法</li>
<li>使用ansible提供的module+playback。 module相当于shell命令(copy/ls/ps/apt-get等等),playback相当于shell脚本,将module组合执行。 –此方法需要需要学习各module的功能和参数,playback语法(yml),优点是反馈更清晰,流程掌控更好,playback比shell和python好写些。</li>
<li>编写python脚本,使用ansible-api。 –此方法最高级,我能想到的需要使用此方法的应用途径:需要解析反馈信息并根据反馈做出不同反应;需要在自己的服务中利用ansible实现批量控制功能,比如批量升级服务,需要将各子节点升级进度,升级状态,错误信息反馈到web。</li>
</ol>
<p>中文说明文档:<a class="reference external" href="http://www.ansible.com.cn/docs/">http://www.ansible.com.cn/docs/</a></p>
<p>常用模块使用方法:<a class="reference external" href="https://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_032_ansible02.html">https://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_032_ansible02.html</a> 。</p>
<div class="section" id="id1">
<h2>2.1. 安装<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h2>
<ul class="simple">
<li>安装</li>
</ul>
<p>繁星的离线包已放在sdv,放在主节点上执行install.sh即可</p>
<p>在自己主机上安装: pip install ansible 。然后安装sshpass(支持在配置文件中增加密码免询问)</p>
</div>
<div class="section" id="id2">
<h2>2.2. 配置<a class="headerlink" href="#id2" title="Permalink to this headline">¶</a></h2>
<ul class="simple">
<li>配置主机列表</li>
</ul>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>mkdir /etc/ansible
vim /etc/ansible/hosts
</pre></div>
</div>
<p>文件实例</p>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span><span class="o">[</span>starnet1<span class="o">]</span>
ubuntu@192.168.66.7
<span class="c1">#指定密码,支持sudo不询问密码</span>
ubuntu@192.168.66.12 <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">'ubuntu'</span>
ubuntu@192.168.66.27 <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">'ubuntu'</span>
ubuntu@192.168.66.32 <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">'ubuntu'</span>
ubuntu@192.168.66.4 <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">'ubuntu'</span>
<span class="o">[</span>starnet2<span class="o">]</span>
<span class="c1">#公司内部使用这种配置方法。</span>
<span class="m">192</span>.168.66.<span class="o">[</span><span class="m">2</span>:41<span class="o">]</span> <span class="nv">ansible_ssh_pass</span><span class="o">=</span><span class="s2">"ubuntu"</span> <span class="nv">ansible_ssh_user</span><span class="o">=</span><span class="s2">"ubuntu"</span> <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">'ubuntu'</span>
</pre></div>
</div>
<ul class="simple">
<li><strong>非交互式用户名密码方式(推荐公司内部采用此方式,方便但安全性低)</strong></li>
</ul>
<p>此方法需要安装sshpass。离线包已包含。密码需要已明文卸载配置中,不安全,在安全要求高的环境中禁止使用。但这个方法节省了对每个主机执行ssh-copy-id,是最方便的。参考配置文件中的starnet2组。在执行命令前,需要配置环境变量 export ANSIBLE_HOST_KEY_CHECKING=False,否则会报错。</p>
<p>执行 ansible starnet2 -m ping, 会向192.168.66.2,192.168.66.3 … 192.168.66.41 测试是否连通。</p>
<ul class="simple">
<li>ssh公钥方式</li>
</ul>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>ssh-keygen <span class="c1">#一路回车</span>
ssh-copy-id ubuntu@目标节点IP
<span class="c1">#测试是否成功</span>
ssh ubuntu@ip <span class="c1">#不需要输入密码就能登录则说明成功</span>
<span class="c1">#也可以用root账户,输入密码。所有主机拷贝一次,后续就可以免密登陆了</span>
<span class="c1">#测试ping所有主机</span>
ansible all -m ping
</pre></div>
</div>
<ul class="simple">
<li>交互式用户名密码方式(询问密码)</li>
</ul>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>ansible starnet1 -m ping --user<span class="o">=</span>ubuntu -k
</pre></div>
</div>
</div>
<div class="section" id="id3">
<h2>2.3. 使用<a class="headerlink" href="#id3" title="Permalink to this headline">¶</a></h2>
<p>“上传文件夹,执行脚本” 。这种模式可以批量部署程序</p>
<ul class="simple">
<li>执行多条指令方式</li>
</ul>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span><span class="c1">#拷贝文件/文件夹</span>
<span class="sb">`</span>ansible starnet -m copy -a <span class="s2">"src=./ansible_offline_tx1 /home/ubuntu/"</span><span class="sb">`</span>
<span class="c1">#在主机上执行shell命令</span>
<span class="sb">`</span>ansible starnet -m <span class="nb">command</span> -a <span class="s2">"chmod +x /home/ubuntu/ansible_offline_tx1/install.sh"</span><span class="sb">`</span>
<span class="sb">`</span>ansible starnet -m <span class="nb">command</span> -a <span class="s2">"bash /home/ubuntu/ansible_offline_tx1/install.sh"</span><span class="sb">`</span>
以上两条指令结合,可满足大部分需求。
</pre></div>
</div>
<ul class="simple">
<li>playback方式</li>
</ul>
<p>playback文件内容:</p>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>---
- hosts: starnet
sudo: yes
tasks:•
- name: copy dir to remote
copy: <span class="nv">src</span><span class="o">=</span>ansible_offline_tx1 <span class="nv">dest</span><span class="o">=</span>/home/ubuntu/ansible_offline_tx1
- name: run script
command: chmod +x install.sh
args:
chdir: /home/ubuntu/ansible_offline_tx1/
command: bash install.sh
args:
chdir: /home/ubuntu/ansible_offline_tx1/
</pre></div>
</div>
<p>保存 ansible_offline_tx1.yml</p>
<p>执行playback</p>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>ansible-playback ansible_offline_tx1.yml
</pre></div>
</div>
<p>ansible提供了非常多的module,常用模块使用方法:<a class="reference external" href="https://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_032_ansible02.html">https://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_032_ansible02.html</a>。</p>
<p>ansible-doc -l #可查看所有模块</p>
<p>ansible-doc 模块名 #查看某模块的使用方法,比如 ansible-doc apt ; ansible-doc pip ; ansible-doc ps</p>
<p>我这里的介绍只是快速入门方法,还有很多强大的功能,比如copy的backup特性,幂性,hosts的多级分组,定时任务等等 建议通读一遍中文说明文档:<a class="reference external" href="http://www.ansible.com.cn/docs/">http://www.ansible.com.cn/docs/</a></p>
</div>
</div>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="30-elk.html" class="btn btn-neutral float-right" title="3. elk日志系统" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a>
<a href="10-summary.html" class="btn btn-neutral" title="1. 概述" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
© Copyright 2018, liuhang.
</p>
</div>
Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
</footer>
</div>
</div>
</section>
</div>
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT:'./',
VERSION:'1.0',
LANGUAGE:'None',
COLLAPSE_INDEX:false,
FILE_SUFFIX:'.html',
HAS_SOURCE: true,
SOURCELINK_SUFFIX: '.txt'
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<script type="text/javascript" src="_static/js/theme.js"></script>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>