ansible基础教程 | Lanourain's blog

ansible 是一个轻量级的IT自动化工具，集合了众多运维工具（puppet、cfengine、chef、func、fabric）的优点，实现了批量系统配置、批量程序部署、批量运行命令等功能。

特点

SSH by default
No agents: controlled hosts / devices need no agent sofware
No server: any linux machine can do Ansible activities via terminal commands
Modules in any languages: the modules can be developed in any languages
YAML, not code: using YAML language(标记语言，类XML) to write playbook
Strong multi-tier solution：可实现多级指挥

ansible 配置文件

ansible.cfg
- 定义各种通用变量
- 查找ansible.cfg文件的顺序
  - ANSIBLE_CONFIG环境变量所指定的文件
  - ./ansible.cfg
  - ~/.ansible.cfg
  - /etc/ansible/ansible.cfg
- 配置举例：
  1
  inventory = /etc/ansible/hosts #指定inventory文件位置

Inventory

Ansible只能管理指定的服务器，在inventory文件中进行配置对应的主机/分组的数据，其格式如下：

--组名（对系统进行分组）
[webservers]
--主机名
foo.example.com
                             
--指定系统的别名 + ssh的用户
jumper ansible_ssh_host=192.168.1.50 ansible_ssh_user=appadmin
        
--01到50,一组相似的hostname
www[01:50].example.com
--给host设定变量，后续playbook中可以使用
host1 http_port=80 maxRequestsPerChild=808
--给group设定变量，应用于组内的所有host
[atlanta]
host1
host2
[atlanta:vars]
ntp_server=ntp.atlanta.example.com
proxy=proxy.atlanta.example.com    
--组内组
[southeast:children]
atlanta
raleigh

Ansible Ad-Hoc 命令

临时执行的命令

1	ansible <pattern_goes_here[webservers, all, *]> -m <module_name> -a <arguments>

不指定module的话，则默认执行command模块
ansible-doc: 获取模块列表，以及模块使用格式
- ansible-doc [-l] [-s MODULE]
  - -l : 列出支持的核心模块
  - -s MODULE : 查看模块的用法

使用例子：ping主机

1 2	ansible -i hosts webservers -m ping --ask-pass -u user ansible -i hosts all -m ping --ask-pass -u user

输出：

[root@Centos7 ~]# ansible all -m ping
host1 | success >> {
    "changed": false,
    "ping": "pong"
}
host2 | UNREACHABLE! => {
    "changed": false,
    "msg": "Authentication failed.",
    "unreachable": true
}

参数解释

-m, –module-name: module name to execute(default=command)
- -m ping : 执行ping module
-a, –args: module arguments
-i, –inventory-file: specify inventory host path(default=/etc/ansible/hosts) or comma separated host list.
-k, –ask-pass: ask for connection password
-u REMOTE_USER, –user=REMOTE_USER: connect as this user (default=None)
webservers 表示执行该命令的分组，all 表示inventory中配置的所有主机
-l, –limit=SUBSET: further limit selected hosts to an additional pattern,限定组或host来执行playbook
-c, –connect: connect type to use (default=smart)
–ask-vault-pass: ask for vault password(sudo 模式需要)
-b, –become: run operations with become (does not imply password prompting)(使用playbook制定的become_user进行操作)
-t TAGS, –tags=TAGS: only run plays and tasks tagged with these values
-C, –check: don’t make any changes; instead, try to predict some of the changes that may occur

Ansible Playbook

Ad-Hoc命令只能执行一些临时性的、简单的命令
实际企业应用需要经过多个步骤，且各个步骤之间存在依赖关系，Ad-Hoc命令无法满足使用需求
使用playbook来定义步骤以及依赖
playbook 由yaml编写，让远程主机按照事先编排的机制执行task

---
- hosts: all    #执行tasks的主机，all表示所有
  become: yes   #使用特定用户执行tasks，该参数也可以配置在相应task中。
  become_user: root
  remote_user: username #the user log into machine.
  
  tasks:
    # 每个task都相当于在执行对应模块的功能
    # 每个task感觉都是单次的连接，执行完之后断掉，之前的环境变量设置不会在后续的task中生效
    # 描述task
    - name: copy local file to remote machine
      # 执行对应模块功能
      copy: 
        src: ~/test
        dest: ~/test
        owner: root 
        mode: 0600
      # 命令执行的结果存到变量中，方便后续使用
      register: rsa
      # 设置环境变量
      environment:
        JAVA_HOME: /usr/java/jre1.8.0_51
      # task有失败之后，相同host后续的task不会执行，该参数可在失败后继续执行。
      ignore_errors: yes
      # 给这部分task打上tags，可指定只执行相应tags的task  (命令中添加：-t deploy)
      tags: deploy
      # (call the tasks defined in handlers if module does some changes to the remote host)
      notify:
        - do something
            
    # defines a list of tasks
    handlers:
      - name: do something
        service: test
    - name: task 2
      debug: var={{ host_vars }} # 使用对应host的host_vars变量

例：在几台机子中执行hostname命令，并获取返回值

文件目录：

1 2	test # inventory文件，配置主机 test.yml # playbook

inventory 配置内容

1
2
3

[server]
host1 ansible_ssh_host=1.1.1.1 ansible_ssh_user=appadmin
host2 ansible_ssh_host=1.1.1.2 ansible_ssh_user=appadmin

* test.yml 内容

1
2
3
4
5
6
7
8 ---
- hosts: all
  tasks:
    - name: get hostname
      shell: hostname
      register: out
    - debug: var=out


* 执行playbook：ansible-playbook -i test test.yml ```，返回内容：
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50 
```    
PLAY [all] *********************************************************************
TASK [setup] *******************************************************************
ok: [host1]
ok: [host2]
TASK [get hostname] ************************************************************
changed: [host1]
changed: [host2]
TASK [debug] *******************************************************************
ok: [host1] => {
    "out": {
        "changed": true,
        "cmd": "hostname",
        "delta": "0:00:00.003584",
        "end": "2017-02-09 16:05:04.043118",
        "rc": 0,
        "start": "2017-02-09 16:05:04.039534",
        "stderr": "",
        "stdout": "host1.com",
        "stdout_lines": [
            "host1.com"
        ],
        "warnings": []
    }
}
ok: [host2] => {
    "out": {
        "changed": true,
        "cmd": "hostname",
        "delta": "0:00:00.003584",
        "end": "2017-02-09 16:05:04.043118",
        "rc": 0,
        "start": "2017-02-09 16:05:04.039534",
        "stderr": "",
        "stdout": "host2.com",
        "stdout_lines": [
            "host1.com"
        ],
        "warnings": []
    }
}
PLAY RECAP *********************************************************************
# 以下是对应host的task执行情况，ok表示执行成功的task数量，charged表示对host产生修改的task数量。
host1                         : ok=3    changed=1    unreachable=0    failed=0
host2                         : ok=3    changed=1    unreachable=0    failed=0

role 使用

playbook 直接调用 task 问题
- playbook 是需要处理的事情，task 是执行细节，playbook并不关心细节
- playbook 直接调用task 使task无法复用
- playbook会越来越长，难维护
将一个或多个task抽象成一个role，隐藏细节，供playbook调用
role易于复用，可以从一个已知的文件结构中自动加载vars, tasks, handler。
部分文件结构：

test
test.yml
roles/
    install/
        files/
        templates/
        tasks/
            main.yml  #应用 install 时，优先执行main.yml
        handlers/
        vars/
    deploy/
        files/
        templates/
        tasks/
            main.yml
        handlers/
        vars/

playbook内容

---
- hosts: webservers
  roles:
     - install
     - deploy

部分常用模块

file: 包含了文件、文件夹、超级链接类的创立、拷贝、移动、删除操作。
copy: copy a file on the local box to remote locations. (可以使用 remote_src，使src在远程机子上，2.0 以后的版本适用）
fetch: copy files from remote locations to the local box.
template: Templates a file out to a remote server.
command: Executes a command on a remote node(It will not be processed through the shell, so variables like $HOME and operations like “<”, “>”, “|”, “;” and “&” will not work)If you want to execute a command securely and predictably, it may be better to use the command module instead.
lineinfile: Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression.
pause : Pause playbook execution
ping : Try to connect to host, verify a usable python and return pong on success. no sense in playbook.
shell : Execute commands in nodes.(runs the command through a shell (/bin/sh) on the remote node.)If you want to execute a command securely and predictably, it may be better to use the command module instead.
debug : Print statements during execution
setup : Gathers facts about remote hosts（默认执行）,支持filter。
apt : Manages apt-packages
service: Controls services on remote hosts
fail: Fail with custom message
subversion: Deploys a subversion repository.
group: Add or remove groups
user: Manage user accounts
get_url: Downloads files from HTTP, HTTPS, or FTP to node
wait_for: Waits for a condition before continuing.(port is open , file is present, and so on.)
script: Runs a local script on a remote node after transferring it

实际场景应用

可以考虑使用原生的ansible进行管理，参考：Ansible Best Practices Summary
除了ansible自家出的 ansible tower, 也可以考虑尝试一些开源的ui，semaphore， semaphore使用教程，ansible ui，或者用django自己实现一个前端完成简单的管理。

参考：

an-intro-to-network-automation-3-ansible
an-ansible-tutorial
ansible-simple-tutorial