我使用过puppet与salt，但这2个软件都需要安装客户端，并且更新很快，每次更新都是令人蛋疼的事，尤其是salt，喜欢他的命令功能，但bug太多，不敢在公司线上使用，puppet虽然稳定，但弄命令执行的时候，需要mco配置，非常麻烦，我公司由于跟多家公司合作，很多业务没办法安装客户端，所以没办法使用puppet与salt(虽然salt有ssh，但不太好使），最后找到了ansible，他既有命令执行也有配置管理，关键开发它的语言是python，paramiko进行ssh连接,跟我之前开发的自动管理软件都是使用paramiko进行操作，不需要安装客户端，满足我的需求，下面给大家介绍一下我是如何使用的。
一、安装
1、安装第三方epel源
centos 5的epel

rpm -ivh http://mirrors.sohu.com/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpm

centos 6的epel

rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm

查看系统版本

17:01:30 # cat /etc/issueCentOS release 6.5 (Final)Kernel \r on an \m

由于是6版本所以安装6的epel
2、安装ansible

yum install ansible

如果需要自定义module或者想阅读源码、使用最新版本，可以去github里下载源码

git clone https://github.com/ansible/ansible.git

3、添加主机

17:22:08 # cd /etc/ansible/root@ip-10-10-10-10:/etc/ansible17:23:27 # lltotal 12-rw-r--r-- 1 root root 5113 Dec 29 03:00 ansible.cfg-rw-r--r-- 1 root root 965 Dec 29 03:00 hosts其中ansible.cfg是配置文件，hosts是管理主机信息17:24:44 # cat hosts172.17.0.2:49154172.17.0.4:49155[zabbix]172.17.0.2:49154172.17.0.4:49155[vpn]172.17.0.10

4、使用密码登陆
ansible支持正则测试

16:20:57 # ansible 127* -m pingSSH password: 127.0.0.1 | success >> { "changed": false, "ping": "pong"} root@ip-10-10-10-10:/etc/ansible16:21:05 # ansible 172* -m pingSSH password: 172.17.0.5 | success >> { "changed": false, "ping": "pong"} 172.17.0.4 | success >> { "changed": false, "ping": "pong"} 172.17.0.2 | success >> { "changed": false, "ping": "pong"}

如果你有多台服务器的话，想并发运行，可以使用-f参数，默认是并发5
5、使用密钥登陆测试

11:30:35 # ansible vpn -m shell -a "echo $TERM" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>xterm

二、模块应用
6、文件传输

11:30:44 # ansible vpn -m copy -a "src=/tmp/server dest=/tmp/server" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success >> { "changed": true, "dest": "/tmp/server", "gid": 505, "group": "test", "md5sum": "e8b32bc4d7b564ac6075a1418ad8841e", "mode": "0664", "owner": "test", "size": 7, "src": "/home/test/.ansible/tmp/ansible-1402630447.45-253524136818424/source", "state": "file", "uid": 503}

去客户端查看文件是否传输过来

11:34:57 # ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>total 76-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rw-rw-r-- 1 test test 7 Jun 13 19:33 server-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 3124 Jun 12 21:32 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 12 21:32 zabbix_agentd.pid

可以看到已经传过来了
看看文件内容

11:35:09 # ansible vpn -m shell -a "cat /tmp/server" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>server

内容正常
还有另外一个模块file，可以修改用户与权限
下面是当前文件状态

13:50:07 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>-rw-rw-r-- 1 test test 7 Jun 13 19:33 /tmp/server

server文件是664权限，用户与组都是test
修改一下

13:51:17 # ansible vpn -m file -a "dest=/tmp/server mode=755 owner=root group=root" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success >> { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/server", "size": 7, "state": "file", "uid": 0} root@ip-10-10-10-10:/etc/ansible13:51:31 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>-rwxr-xr-x 1 root root 7 Jun 13 19:33 /tmp/server

7、安装软件

14:20:30 # ansible vpn -m yum -a "name=nmap state=installed" -u test --private-key=denglei -KSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success >> { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, security\nLoading mirror speeds from cached hostfile\n * epel: mirrors.hust.edu.cn\nSetting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package nmap.x86_64 2:5.51-3.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n nmap x86_64 2:5.51-3.el6 Base 2.7 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.7 M\nInstalled size: 9.7 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 2:nmap-5.51-3.el6.x86_64 1/1 \n\r Verifying : 2:nmap-5.51-3.el6.x86_64 1/1 \n\nInstalled:\n nmap.x86_64 2:5.51-3.el6 \n\nComplete!\n" ]}

三、playbook配置管理
8、playbook
A.进行一下shell模块操作，测试删除文件
先查看一下客户端的server-test是否存在

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>-rw-rw-r-- 1 test test 7 Jun 14 00:37 /tmp/server-test

可以看到是存在的
然后写一个删除的playbook

[root@puppet ansible]# cat test.yml ---- hosts: vpn remote_user: test tasks: - name: delete /tmp/server-test shell: rm -rf /tmp/server-test

运行

[root@puppet ansible]# ansible-playbook test.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [delete /tmp/server-test] *********************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0

在查看

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | FAILED | rc=2 >>ls: cannot access /tmp/server-test: No such file or directory

文件已经删除
B.进行一下template模块操作，测试文件传输

[root@puppet ansible]# cat copy.yml ---- hosts: vpn remote_user: test tasks: - name: copy local server to client /tmp/server-test template: src=/tmp/server dest=/tmp/server-test[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [copy local server to client /tmp/server-test] ************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>-rw-rw-r-- 1 test test 7 Jun 14 17:07 /tmp/server-test

C.使用service模块，测试一下服务重启

[root@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -K -sSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>Shutting down pptpd: [ OK ][root@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -K -sSSH password: sudo password [defaults to SSH password]: 172.17.0.10 | success | rc=0 >>Shutting down pptpd: [ OK ]

D.多项目同时更新

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 84-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid [root@puppet ansible]# vim multi_copy.yml [root@puppet ansible]# cat multi_copy.yml ---- hosts: vpn remote_user: test gather_facts: False tasks: - name: copy local server to client /tmp/server-test template: src=/tmp/server dest=/tmp/test-{{item}} with_items: - server-1 - server-2 - server-3[root@puppet ansible]# ansible-playbook multi_copy.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** TASK: [copy local server to client /tmp/server-test] ************************** changed: [172.17.0.10] => (item=server-1)changed: [172.17.0.10] => (item=server-2)changed: [172.17.0.10] => (item=server-3) PLAY RECAP ******************************************************************** 172.17.0.10 : ok=1 changed=1 unreachable=0 failed=0 [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 96-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-1-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid

E.根据条件进行删除

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 96-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-1-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid [root@puppet ansible]# cat delete.yml ---- hosts: vpn remote_user: test gather_facts: True tasks: - name: if system is centos,then rm /tmp/test-server-1 shell: rm -rf /tmp/test-server-1 when: ansible_os_family == "RedHat" [root@puppet ansible]# ansible-playbook delete.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-1] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid

F.debug输出

[root@puppet ansible]# cat debug.yml ---- hosts: vpn remote_user: test gather_facts: True tasks: - name: debug to print interface debug: msg="{{item}}" with_items: ansible_default_ipv4.address[root@puppet ansible]# ansible-playbook debug.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [debug to print interface] ********************************************** ok: [172.17.0.10] => (item=10.10.32.34) => { "item": "10.10.32.34", "msg": "10.10.32.34"}

G.check模式，仅检测，但不实行

[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid [root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --check [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [copy local server to client /tmp/server-test] ************************** changed: [172.17.0.10] => (item=server-1)ok: [172.17.0.10] => (item=server-2)ok: [172.17.0.10] => (item=server-3) PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=0 unreachable=0 failed=0H.diff

使用diff与不使用作对比

[root@puppet ansible]# ansible vpn -m shell -a "rm -rf /tmp/test-server-1" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >> [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid [root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --diff [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [copy local server to client /tmp/server-test] ************************** --- before +++ after @@ -1,0 +1,1 @@+server changed: [172.17.0.10] => (item=server-1) ok: [172.17.0.10] => (item=server-2) ok: [172.17.0.10] => (item=server-3) PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0

9、主机信息查看
类似puppet的fact、salt的grains

[root@puppet ansible]# ansible vpn -m setup -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success >> { "ansible_facts": { "ansible_all_ipv4_addresses": [ "10.10.32.34", "10.10.32.34" ], "ansible_all_ipv6_addresses": [ "fe80::f816:3eff:fe3e:1667" ], "ansible_architecture": "x86_64", "ansible_bios_date": "01/01/2007", "ansible_bios_version": "Bochs", "ansible_cmdline": { "KEYBOARDTYPE": "pc", "KEYTABLE": "us", "LANG": "zh_CN.UTF-8", "quiet": true, "rd_NO_DM": true, "rd_NO_LUKS": true, "rd_NO_LVM": true, "rd_NO_MD": true, "rhgb": true, "ro": true, "root": "UUID=c6042d42-8edb-4bb4-a31b-2197b043500c" },

数据太多，我就展示部分。

12下一页阅读全文