Ansible基础

来自linux中国网wiki
Evan讨论 | 贡献2022年1月24日 (一) 02:47的版本 →‎12)script 模块
跳到导航 跳到搜索

进阶

Ansible中文权威指南

2021-Ansible学习

ansible playbook初始化系统基础环境,直接就可以用

ansible批量部署服务

ansible的安装和操作,并编写一个docker部署的示例

ansible-playbook使用实例(分发文件,执行脚本)

变量

vars:
  key_file: /etc/nginx/ssl/nginx.key 

play book 
- name: copy TLS key
  copy: src=files/nginx.key dest={{key_file}} owern=root  mode=0600 

Chapter 2 inventory

p48


Ansible教程 第三章 Inventory详解

ins

https://docs.ansible.com/ansible/latest/installation_guide/index.html

#on master
pip3 install --user ansible

ssh-copy-id  -i  id_ecdsa.pub [email protected]
ssh-copy-id  -i  id_ecdsa.pub [email protected]
ssh-copy-id  -i  id_ecdsa.pub [email protected]



mkdir   /etc/ansible
vi /etc/ansible/hosts

192.168.88.50
192.168.88.51
192.168.88.52

[intra]
192.168.10.120
192.168.10.121

 ansible  all  -b -u root  -a "hostname"
192.168.88.51 | CHANGED | rc=0 >>
k8s-node1
192.168.88.50 | CHANGED | rc=0 >>
k8s-master
192.168.88.52 | CHANGED | rc=0 >>
k8s-node2


 ansible all -m ping

ins on centos use yum

 yum install epel-release
 yum install ansible

配置文件



# 写在自己的home目录 
ansible在使用配置文件时按照以下顺序优先配置:

export ANSIBLE_CONFIG

./ansible.cfg

~/.ansible.cfg

/etc/ansible/ansible.cfg

如果以上顺序没有找到配置文件ansible会自动使用默认配置

可以去github上把默认配置拿下来:

https://raw.githubusercontent.com/ansible/ansible/devel/examples/ansible.cfg
# To generate an example config file (a "disabled" one with all default settings, commented out):
#               $ ansible-config init --disabled > ansible.cfg

# Also you can now have a more complete file by including existing plugins:
# ansible-config init --disabled -t all > ansible.cfg

把它放到/etc/ansible/目录

日常技巧

sudo

没密码的sudo

cat /etc/ansible/agent.yml
---
- hosts: all
  become: yes
  become_method: sudo
  remote_user: ops
  roles:
    - ag_conf

#当然 shell 里面也要写sudo 

ansible 普通用户执行命令


Ansible 使用普通用户远程执行playbook

分组

ansible beta -b -u evan -m shell   -a " sudo hostname"
执行ansible-playbook  -C /etc/ansible/agent.yml 得在 yml 里面指定 hostip etc
inventory 文件hosts

# 非标准的22端口 必须第一列为别外 不然无效哦 January 24 2022
[add]
#172.16.0.40
[beta]
beta-insurance ansible_host=172.16.0.14  ansible_port=22
[pro]
prod-core-mongo                ansible_host=172.16.1.40  ansible_port=22
prod-access                    ansible_host=172.16.1.8   ansible_port=22
prod-insurance-backstage       ansible_host=172.16.0.16  ansible_port=22 
prod-insurance-crm-mongo       ansible_host=172.16.1.37  ansible_port=22  
prod-insurance-backstage-count ansible_host=172.16.1.19  ansible_port=22 
prod_core                      ansible_host=172.16.1.9 ansible_port=22
prod_mq                        ansible_host=172.16.1.12 ansible_port=22

 
[core]
prod_core
prod-core-mongo 

[insure]
prod-access
prod-insurance-backstage
prod-insurance-crm-mongo
prod-insurance-backstage-count

run shell

ansible core  -b -u evan -m shell   -a "sudo ls /home/evan"

常用参数

-m MODULE_NAME	#执行模块的名字,默认使用 command 模块,所以如果是只执行单一命令可以不用 -m参数
-u REMOTE_USER	#远程用户,默认为 root 用户
查看列表的命令
-m	要执行的模块,默认为command
-a	模块的参数
-u	ssh连接的用户名,默认用root,ansible.cfg中可以配置
-C, --check           don't make any changes; instead, try to predict some
                       of the changes that may occur

ansible 常用模块

主机连通性测试

ansible web -m ping命令来进行主机连通性测试

command 模块

 ansible web -m command -a 'ss -ntl'

命令模块接受命令名称,后面是空格分隔的列表参数。给定的命令将在所有选定的节点上执行。它不会通过shell进行处理,比如$HOME和操作如"<",">","|",";","&" 工作(需要使用(shell)模块实现这些功能)。注意,该命令不支持| 管道命令。
  下面来看一看该模块下常用的几个命令:

    chdir       # 在执行命令之前,先切换到该目录
    executable # 切换shell来执行命令,需要使用命令的绝对路径
    free_form   # 要执行的Linux指令,一般使用Ansible的-a参数代替。
    creates  # 一个文件名,当这个文件存在,则该命令不执行,可以
    用来做判断
    removes # 一个文件名,这个文件不存在,则该命令不执行

shell 模块

copy 模块

9)service 模块

该模块用于服务程序的管理。
  其主要选项如下:

    arguments #命令行提供额外的参数
    enabled #设置开机启动。
    name= #服务名称
    runlevel #开机启动的级别,一般不用指定。
    sleep #在重启服务的过程中,是否等待。如在服务关闭以后等待2秒再启动。(定义在剧本中。)
    state #有四种状态,分别为:started--->启动服务, stopped--->停止服务, restarted--->重启服务, reloaded--->重载配置

  下面是一些例子:
① 开启服务并设置自启动

[root@server ~]# ansible web -m service -a 'name=nginx state=started enabled=true'

12)script 模块


万事先man 

root@myxps:~# ansible-doc  -s script
- name: Runs a local script on a remote node after transferring it
  script:
      chdir:                 # Change into this directory on the remote node before
                               running the script.
      cmd:                   # Path to the local script to run followed by optional
                               arguments.
      creates:               # A filename on the remote node, when it already
                               exists, this step will
                               *not* be run.
      decrypt:               # This option controls the autodecryption of source
                               files using vault.
      executable:            # Name or path of a executable to invoke the script
                               with.
      free_form:             # Path to the local script file followed by optional
                               arguments.
      removes:               # A filename on the remote node, when it does not
                               exist, this step will
                               *not* be run.


 [evan@ ansible]$ ansible add -m script -a './1.sh'

[evan@ ansible]$ cat  1.sh 
touch /tmp/byevanjan.log




https://blog.51cto.com/noodle/1769474

stat 模块

 ansible sftp -m stat  -a "path=/etc/passwd"

ansible配合shell脚本批量编译安装python3.7

https://github.com/evan886/my-ansible

具体安排脚本here https://github.com/evan886/my-ansible/tree/main/ansible4py3.7ins

git clone [email protected]:evan886/my-ansible.git

cd ansible4py3.7ins/

执行playbook
测试
root@myxps:/etc/ansible# ansible-playbook -C  python.yml

执行
root@myxps:/etc/ansible# ansible-playbook  python.yml


ansible配合shell脚本批量编译安装python3.6.6


ansible配合shell脚本批量安装golang

https://golang.org/doc/install

tree 
.
├── ansible.cfg
├── go.yml
├── hosts
└── roles
    └── go_install
        ├── files
        │   └── go1.17.1.linux-amd64.tar.gz
        ├── tasks
        │   ├── copy.yml
        │   ├── install.yml
        │   └── main.yml
        └── templates
            └── go_install.sh

5 directories, 8 files



reload environment variable.  怎么搞 要手工不成  不科学
oot@myxps:/etc/ansible# ansible intra -b -u root  -a "source /etc/profile"
192.168.10.120 | FAILED | rc=2 >>
[Errno 2] 没有那个文件或目录
192.168.10.121 | FAILED | rc=2 >>
[Errno 2] 没有那个文件或目录
root@myxps:/etc/ansible# ansible intra -b -u root  -a ". /etc/profile"
192.168.10.121 | FAILED | rc=13 >>
[Errno 13] 权限不够
192.168.10.120 | FAILED | rc=13 >>
[Errno 13] 权限不够


run


#!/usr/bin/env ansible-playbook

加权限后就可以   ./youfile


root@myxps:/etc/ansible# ansible-playbook -C  go.yml 
[WARNING]: ansible.utils.display.initialize_locale has not been called, this may result in incorrectly
calculated text widths that can cause Display to print incorrect line lengths

PLAY [all] *****************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.10.121]
ok: [192.168.10.120]

TASK [go_install : copy go_tgz to client] **********************************************************************
changed: [192.168.10.120]
changed: [192.168.10.121]

TASK [go_install : copy install_go_script to client] ***********************************************************
changed: [192.168.10.120]
changed: [192.168.10.121]

TASK [go_install : install go] *********************************************************************************
skipping: [192.168.10.120]
skipping: [192.168.10.121]

PLAY RECAP *****************************************************************************************************
192.168.10.120             : ok=3    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
192.168.10.121             : ok=3    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   

root@myxps:/etc/ansible# ansible-playbook   go.yml 
[WARNING]: ansible.utils.display.initialize_locale has not been called, this may result in incorrectly calculated text widths that can cause Display to print incorrect line
lengths

PLAY [all] ******************************************************************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************************************************
ok: [192.168.10.121]
ok: [192.168.10.120]

TASK [go_install : copy go_tgz to client] ***********************************************************************************************************************************
changed: [192.168.10.120]
changed: [192.168.10.121]

TASK [go_install : copy install_go_script to client] ************************************************************************************************************************
changed: [192.168.10.120]
changed: [192.168.10.121]

TASK [go_install : install go] **********************************************************************************************************************************************
changed: [192.168.10.120]
changed: [192.168.10.121]

PLAY RECAP ******************************************************************************************************************************************************************
192.168.10.120             : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.10.121             : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   


Ansible Role 系统环境 之【go】

ansible sudo 安装配置zbx agent

https://github.com/evan886/my-ansible
#具体脚本
https://github.com/evan886/my-ansible/tree/main/ansible4zbxagent-insconf

Ansible使用playbook自动化编译安装Nginx

Ansible使用playbook自动化编译安装Nginx

ansible 创建用户

useradd jsxge
chown -R jsxge.wheel jsxge
echo "123456" | passwd --stdin jsxge

关于sudoers:Ansible:创建具有sudo特权的用户

ansible修改hostname modify_hostname

cat hosts 
[pro]
172.16.0.8  
172.16.0.16  
172.16.0.37 
172.16.0.19 
172.16.0.9  

ansible]$ cat modify_hostname.yml
---
- name: set hostname
  hosts: pro
  #hosts: all
  become: yes
  become_method: sudo
  remote_user: eva

  gather_facts: false
  vars:
    hostnames:
      - host: 172.16.0.8
        name: prod-access
      - host: 172.16.0.16
        name: prod-insurance-backstage

      - host: 172.16.0.37
        name: prod-insurance-crm-mongo
      - host: 172.16.0.19
        name: prod-insurance-backstage-count
      - host: 172.16.0.9
        name: prod-insurance-core
  tasks:
    - name: set hostname
      hostname:
        name: "{{item.name}}"
      when: item.host == inventory_hostname
      loop: "{{hostnames}}"


ansible and shell

使用ansible执行shell命令的正确姿势

分发文件

 

 cat /etc/ansible/hosts
[intra]
192.168.10.120
192.168.10.121



ansible intra -m copy -a "src=/home/evan/data/devops/node-v14.17.6-linux-x64.tar.xz  dest=/root/"

ansible 122 -m copy -a "src=/home/evan/data/devops/jdk/jdk-8u212-linux-x64.rpm dest=/root/"


ansible批量传输文件

结合P2P软件使用Ansible分发大文件_神棍之路-程序员宅基地

使用 Ansible 传输文件的几种方式

troubleshooting


TASK [ag_conf : install conig  zbx agent] **************************************************************************
fatal: [172.16.0.16]: FAILED! => {"changed": true, "cmd": "/bin/bash /tmp/i.sh", "delta": "0:00:00.065791", "end": "2021-10-15 10:54:54.896410", "msg": "non-zero return code", "rc": 127, "start": "2021-10-15 10:54:54.830619", "stderr": "/bin/bash: /tmp/i.sh: 没有那个文件或目录", "stderr_lines": ["/bin/bash: /tmp/i.sh: 没有那个文件或目录"], "stdout": "", "stdout_lines": []}

PLAY RECAP *********************************************************************************************************
172.16.0.16                : ok=1    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0   


忘记main.yml 加上 copy.yml喽

Playbook

Ansible之Playbook详解、案例

References

Ansible 简介

ansible基础教程


Jenkins + Ansible 实现 Golang 自动化编译部署

https://github.com/apenella/go-ansible#install

Ansible系列(四):playbook应用和roles自动化批量安装示例

langroot下载 分享Ansible批量安装golang环境


Ansible(1)—— Ansible详解及inventory文件配置