20-ansible.html 13.3 KB


<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
  <meta charset="utf-8">
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  
  <title>2. ansible集群管理工具 &mdash; watchmen 1.0 documentation</title>
  

  
  
  
  

  

  
  
    

  

  <link rel="stylesheet" href="_static/css/theme.css" type="text/css" />
  <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="3. elk日志系统" href="30-elk.html" />
    <link rel="prev" title="1. 概述" href="10-summary.html" /> 

  
  <script src="_static/js/modernizr.min.js"></script>

</head>

<body class="wy-body-for-nav">

   
  <div class="wy-grid-for-nav">

    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search">
          

          
            <a href="index.html" class="icon icon-home"> watchmen
          

          
          </a>

          
            
            
              <div class="version">
                1.0
              </div>
            
          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <p class="caption"><span class="caption-text">Contents:</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="10-summary.html">1. 概述</a></li>
<li class="toctree-l1 current"><a class="current reference internal" href="#">2. ansible集群管理工具</a><ul>
<li class="toctree-l2"><a class="reference internal" href="#id1">2.1. 安装</a></li>
<li class="toctree-l2"><a class="reference internal" href="#id2">2.2. 配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="#id3">2.3. 使用</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="30-elk.html">3. elk日志系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="40-zabbix.html">4. zabbix监测系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="99-history.html">5. 修订历史</a></li>
</ul>

            
          
        </div>
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="index.html">watchmen</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          















<div role="navigation" aria-label="breadcrumbs navigation">

  <ul class="wy-breadcrumbs">
    
      <li><a href="index.html">Docs</a> &raquo;</li>
        
      <li>2. ansible集群管理工具</li>
    
    
      <li class="wy-breadcrumbs-aside">
        
            
            <a href="_sources/20-ansible.rst.txt" rel="nofollow"> View page source</a>
          
        
      </li>
    
  </ul>

  
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
  <div class="section" id="ansible">
<h1>2. ansible集群管理工具<a class="headerlink" href="#ansible" title="Permalink to this headline"></a></h1>
<p>离线安装包:  <a class="reference external" href="smb://192.168.9.1">smb://192.168.9.1</a>/公共模块/繁星/繁星二代/自检系统/ansible_offline_tx1</p>
<p>playbook实例在 ansible_playbook_example 目录。</p>
<p>在繁星中增加ansible,作为集群管理工具。ansible工作的流程是,读取/etc/ansible/hosts主机列表,批量的、自动的使用ssh远程到主机上执行指令,我们可以用它获得子节点的状态,批量配置、更新程序</p>
<p>我们有三种使用方法:</p>
<ol class="arabic simple">
<li>写python或shell脚本,在脚本中编写复杂的指令组合,利用ansible的command模块将脚本和所需文件上传、执行。–此方法学习成本低,易上手。初级使用方法</li>
<li>使用ansible提供的module+playbook。 module相当于shell命令(copy/ls/ps/apt-get等等),playbook相当于shell脚本,将module组合执行。 –此方法需要需要学习各module的功能和参数,playbook语法(yml),优点是反馈更清晰,流程掌控更好,playbook比shell和python好写些。</li>
<li>编写python脚本,使用ansible-api。 –此方法最高级,我能想到的需要使用此方法的应用途径:需要解析反馈信息并根据反馈做出不同反应;需要在自己的服务中利用ansible实现批量控制功能,比如批量升级服务,需要将各子节点升级进度,升级状态,错误信息反馈到web。</li>
</ol>
<p>中文说明文档:<a class="reference external" href="http://www.ansible.com.cn/docs/">http://www.ansible.com.cn/docs/</a></p>
<p>常用模块使用方法:<a class="reference external" href="https://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_032_ansible02.html">https://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_032_ansible02.html</a></p>
<div class="section" id="id1">
<h2>2.1. 安装<a class="headerlink" href="#id1" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li>安装</li>
</ul>
<p>繁星的离线包已放在sdv,放在主节点上执行install.sh即可</p>
<p>在自己主机上安装: pip install ansible 。然后安装sshpass(支持在配置文件中增加密码免询问)</p>
</div>
<div class="section" id="id2">
<h2>2.2. 配置<a class="headerlink" href="#id2" title="Permalink to this headline"></a></h2>
<ul class="simple">
<li>配置主机列表</li>
</ul>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>mkdir /etc/ansible
vim /etc/ansible/hosts
</pre></div>
</div>
<p>文件实例</p>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span><span class="o">[</span>starnet1<span class="o">]</span>
ubuntu@192.168.66.7
<span class="c1">#指定密码,支持sudo不询问密码</span>
ubuntu@192.168.66.12 <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">&#39;ubuntu&#39;</span>
ubuntu@192.168.66.27 <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">&#39;ubuntu&#39;</span>
ubuntu@192.168.66.32 <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">&#39;ubuntu&#39;</span>
ubuntu@192.168.66.4 <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">&#39;ubuntu&#39;</span>
<span class="o">[</span>starnet2<span class="o">]</span>
<span class="c1">#公司内部使用这种配置方法。</span>
<span class="m">192</span>.168.66.<span class="o">[</span><span class="m">2</span>:41<span class="o">]</span> <span class="nv">ansible_ssh_pass</span><span class="o">=</span><span class="s2">&quot;ubuntu&quot;</span> <span class="nv">ansible_ssh_user</span><span class="o">=</span><span class="s2">&quot;ubuntu&quot;</span> <span class="nv">ansible_sudo_pass</span><span class="o">=</span><span class="s1">&#39;ubuntu&#39;</span>
</pre></div>
</div>
<ul class="simple">
<li><strong>非交互式用户名密码方式(推荐公司内部采用此方式,方便但安全性低)</strong></li>
</ul>
<p>此方法需要安装sshpass。离线包已包含。密码需要已明文卸载配置中,不安全,在安全要求高的环境中禁止使用。但这个方法节省了对每个主机执行ssh-copy-id,是最方便的。参考配置文件中的starnet2组。在执行命令前,需要配置环境变量 export ANSIBLE_HOST_KEY_CHECKING=False,否则会报错。</p>
<p>执行 ansible starnet2 -m ping, 会向192.168.66.2,192.168.66.3 … 192.168.66.41 测试是否连通。</p>
<ul class="simple">
<li>ssh公钥方式</li>
</ul>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>ssh-keygen <span class="c1">#一路回车</span>
ssh-copy-id ubuntu@目标节点IP
<span class="c1">#测试是否成功</span>
ssh ubuntu@ip <span class="c1">#不需要输入密码就能登录则说明成功</span>
<span class="c1">#也可以用root账户,输入密码。所有主机拷贝一次,后续就可以免密登陆了</span>
<span class="c1">#测试ping所有主机</span>
ansible all -m ping
</pre></div>
</div>
<ul class="simple">
<li>交互式用户名密码方式(询问密码)</li>
</ul>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>ansible starnet1 -m ping --user<span class="o">=</span>ubuntu -k
</pre></div>
</div>
</div>
<div class="section" id="id3">
<h2>2.3. 使用<a class="headerlink" href="#id3" title="Permalink to this headline"></a></h2>
<p>“上传文件夹,执行脚本” 。这种模式可以批量部署程序</p>
<ul class="simple">
<li>执行多条指令方式</li>
</ul>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span><span class="c1">#拷贝文件/文件夹</span>
<span class="sb">`</span>ansible starnet -m copy -a <span class="s2">&quot;src=./ansible_offline_tx1 /home/ubuntu/&quot;</span><span class="sb">`</span>
<span class="c1">#在主机上执行shell命令</span>
<span class="sb">`</span>ansible starnet -m <span class="nb">command</span> -a <span class="s2">&quot;chmod +x /home/ubuntu/ansible_offline_tx1/install.sh&quot;</span><span class="sb">`</span>
<span class="sb">`</span>ansible starnet -m <span class="nb">command</span> -a <span class="s2">&quot;bash /home/ubuntu/ansible_offline_tx1/install.sh&quot;</span><span class="sb">`</span>
以上两条指令结合,可满足大部分需求。
</pre></div>
</div>
<ul class="simple">
<li>playbook方式</li>
</ul>
<p>playbook文件内容:</p>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>---
- hosts: starnet
  sudo: yes
  tasks:•
    - name: copy dir to remote
      copy: <span class="nv">src</span><span class="o">=</span>ansible_offline_tx1 <span class="nv">dest</span><span class="o">=</span>/home/ubuntu/ansible_offline_tx1
    - name: run script
      command: chmod +x install.sh
      args:
        chdir: /home/ubuntu/ansible_offline_tx1/
      command: bash install.sh
      args:
        chdir: /home/ubuntu/ansible_offline_tx1/
</pre></div>
</div>
<p>保存 ansible_offline_tx1.yml</p>
<p>执行playbook</p>
<div class="highlight-shell notranslate"><div class="highlight"><pre><span></span>ansible-playbook ansible_offline_tx1.yml
</pre></div>
</div>
<p>ansible提供了非常多的module,常用模块使用方法:<a class="reference external" href="https://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_032_ansible02.html">https://www.cnblogs.com/zhaojiedi1992/p/zhaojiedi_linux_032_ansible02.html</a></p>
<p>ansible-doc -l #可查看所有模块</p>
<p>ansible-doc 模块名   #查看某模块的使用方法,比如 ansible-doc apt  ;  ansible-doc pip  ; ansible-doc ps</p>
<p>我这里的介绍只是快速入门方法,还有很多强大的功能,比如copy的backup特性,幂性,hosts的多级分组,定时任务等等 建议通读一遍中文说明文档:<a class="reference external" href="http://www.ansible.com.cn/docs/">http://www.ansible.com.cn/docs/</a></p>
</div>
</div>


           </div>
           
          </div>
          <footer>
  
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
      
        <a href="30-elk.html" class="btn btn-neutral float-right" title="3. elk日志系统" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a>
      
      
        <a href="10-summary.html" class="btn btn-neutral" title="1. 概述" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a>
      
    </div>
  

  <hr/>

  <div role="contentinfo">
    <p>
        &copy; Copyright 2018, liuhang.

    </p>
  </div>
  Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. 

</footer>

        </div>
      </div>

    </section>

  </div>
  


  

    <script type="text/javascript">
        var DOCUMENTATION_OPTIONS = {
            URL_ROOT:'./',
            VERSION:'1.0',
            LANGUAGE:'None',
            COLLAPSE_INDEX:false,
            FILE_SUFFIX:'.html',
            HAS_SOURCE:  true,
            SOURCELINK_SUFFIX: '.txt'
        };
    </script>
      <script type="text/javascript" src="_static/jquery.js"></script>
      <script type="text/javascript" src="_static/underscore.js"></script>
      <script type="text/javascript" src="_static/doctools.js"></script>

  

  <script type="text/javascript" src="_static/js/theme.js"></script>

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script> 

</body>
</html>