自动化运维ansible

一、Ansible概述:
是一个配置管理系统（configuration management system）,当下最流行的批量自动化运维工具之一。
Ansible是一个开源的自动化工具，用于配置管理、应用程序部署和编排等 IT 任务的执行。它专注于简单性和可扩展性，并使用人类可读的 YAML 语言编写自动化脚本。
Ansible 的特点包括：
无需客户端：Ansible 是一种无需在目标系统上安装任何额外软件或代理的代理服务器配置管理工具。它基于 SSH 进行通信，只需要远程系统上的 SSH 服务。
声明性语言：使用 YAML 的声明性语言，可以方便地描述系统的期望状态。这使得 Ansible 任务的编写和理解变得简单。
广泛的模块支持：Ansible 提供了众多的模块，用于执行各种不同的任务，例如文件操作、软件包管理、服务管理等。模块可以轻松地扩展 Ansible 的功能。
Playbook：Ansible 使用 Playbook 文件来组织和描述配置任务。Playbook 可以包含一个或多个任务，这些任务按照定义的顺序执行。Playbook 可以指定目标主机、任务的执行条件以及一些其他选项。
角色和剧本：Ansible 提供了角色和剧本的概念，以帮助组织复杂的配置和部署任务。角色是一组相关任务和配置的集合，而剧本则是包含角色和相关配置的抽象层。
扩展性：Ansible 提供了丰富的插件系统，允许用户编写自定义的模块、插件和回调函数，以满足特定的需求。
社区支持：Ansible 拥有庞大的活跃社区，提供了大量的文档、示例和第三方扩展。这使得用户可以轻松地获取支持和共享最佳实践
Ansible的作用:
批量部署，服务安装，日常备份。
Ansible官方文档:
https://docs.ansible.com/ansible/latest/index.html
Ansible的特性:
无客户端软件，通过ssh远程管理
安装后不需要启动服务
依赖大量的Python模块扩展功能
配置文件：/etc/ansible/ansible.cfg
Ansible基础架构:
连接插件(connecter plugins):用来连接主机，连接被管理端
核心模块（core modules）:连接主机，实现操作，依赖于具体模块来执行
自定义模块：用户自己开发的功能模块
剧本（playbook）:将多个任务组合成一个剧本，由ansible自动批量执行
主机清单（host inventory）：定义ansible管理的客户端主机范围
Ansible的命令格式：
ansible [-f forks] [-m module_name] [-a args]
ansible 主机清单名 -m 调用的模块 -a 动作命令
inventory group name
ip
all
-f forks 并发线程数，默认为5个线程
-m module_name 要使用的模块
-a args 模块特有的参数
-i hosts文件 指定特定的inventory文件，默认为 /etc/ansible/hosts
二、安装

yum -y install ansible
#查看版本
[root@192 ansible]# ansible --version
ansible 2.9.27config file = /etc/ansible/ansible.cfgconfigured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location = /usr/lib/python2.7/site-packages/ansibleexecutable location = /usr/bin/ansiblepython version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

三、修改配置文件
/etc/ansible/hosts：主机列表清单，也叫Inventory。
所有被管理的主机都需要定义在该文件中。
如果不想使用默认清单的话可以用-i选项指定自定义的清单文件，防止多人混合使用一个主机清单。
如果没有定义在主机列表文件中，执行命令会提示“No hosts matched”。
/etc/ansible/ansible.cfg：Ansible服务主配置文件，比如并发数控制等在此文件定义。
1、修改hosts文件

[root@192 ansible]# vim k8s-hosts
[master]
192.168.100.15[node]
192.168.100.16
192.168.100.17[harbor]
192.168.100.20[k8s]
192.168.100.21

2、使用ssh免密访问

[root@ansible ~]# ssh-keygen -t rsa    //执行后按三次回车键
[root@ansible ~]# ssh-copy-id root@192.168.100.20  
[root@ansible ~]# ssh-copy-id root@192.168.100.21

四、ansible模块
调用模块颜色显示：

黄色  更改成功
绿色  没有更改
红色  错误
紫色  警告

列出所有模块

ansible-doc --list

1.command

ansible查看harbor主机的主机名称
[root@192 ansible]# ansible -i k8s-hosts harbor -m command -a "hostname"
[WARNING]: Platform linux on host 192.168.100.20 is using the discovered Python interpreter at /usr/bin/python3, but future
installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
192.168.100.20 | CHANGED | rc=0 >>
yunwei.harbor.com
#ansible创建web主机用户test
[root@192 ansible]# ansible -i k8s-hosts harbor -m command -a "useradd test"
[WARNING]: Platform linux on host 192.168.100.20 is using the discovered Python interpreter at /usr/bin/python3, but future
installation of another Python interpreter could change this. See
https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
192.168.100.20 | CHANGED | rc=0 >>

2.shell
command的升级版，支持复杂语句，但不支持别名。正常情况下使用shell就可以了，command可以忽略

[root@192 ansible]# ansible -i k8s-hosts harbor -m shell -a "echo 123 | passwd --stdin test"
192.168.100.20 | CHANGED | rc=0 >>
更改用户 test 的密码 。
passwd：所有的身份验证令牌已经成功更新。

3.yum
harbor主机yum安装nginx服务。

[root@192 ansible]# ansible -i k8s-hosts harbor -m yum -a "name=nginx state=installed"
192.168.100.20 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"msg": "","rc": 0,"results": ["Installed: nginx-mod-mail-1:1.21.5-5.oe2203sp2.x86_64","Installed: nginx-mod-stream-1:1.21.5-5.oe2203sp2.x86_64","Installed: libwebp-1.2.1-4.oe2203sp2.x86_64","Installed: libxslt-1.1.37-1.oe2203sp2.x86_64","Installed: gd-2.3.3-3.oe2203sp2.x86_64","Installed: gperftools-libs-2.10-1.oe2203sp2.x86_64","Installed: libunwind-2:1.6.2-5.oe2203sp2.x86_64","Installed: libXpm-3.5.13-5.oe2203sp2.x86_64","Installed: nginx-1:1.21.5-5.oe2203sp2.x86_64","Installed: nginx-all-modules-1:1.21.5-5.oe2203sp2.noarch","Installed: nginx-filesystem-1:1.21.5-5.oe2203sp2.noarch","Installed: nginx-mod-http-image-filter-1:1.21.5-5.oe2203sp2.x86_64","Installed: nginx-mod-http-perl-1:1.21.5-5.oe2203sp2.x86_64","Installed: nginx-mod-http-xslt-filter-1:1.21.5-5.oe2203sp2.x86_64"]
}

4.copy
复制ansible本地hosts文件到harbor的主机。

[root@192 ansible]# ansible -i k8s-hosts  harbor -m copy -a "src=/home/admin/xunjian.sh dest=/home/admin/xunjian.sh mode=755"
192.168.100.20 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"checksum": "edabfe7d12be113132cb753bca4b2257f56729b1","dest": "/home/admin/xunjian.sh","gid": 0,"group": "root","md5sum": "a6c55dfc444995f85d01ef50e444eb53","mode": "0755","owner": "root","size": 9594,"src": "/root/.ansible/tmp/ansible-tmp-1697897996.12-19512-73839827124674/source","state": "file","uid": 0
}注释：src         源文件路径dest        目标文件路径backup      覆盖到目标文件前，是否提前备份content     添加文件内容group       指定属组owner        指定属主mode        指定权限
[root@192 ansible]# ansible -i k8s-hosts harbor -m shell -a "ls /home/admin"
192.168.100.20 | CHANGED | rc=0 >>
harbor
xunjian.sh

5.service(或systemd)
启动harbor主机的nginx服务，实现开机自启

[root@192 ansible]# ansible -i k8s-hosts harbor -m service -a 'enabled=true name=nginx state=started'
192.168.100.20 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"enabled": true,"name": "nginx","state": "started","status": {"ActiveEnterTimestamp": "n/a","ActiveEnterTimestampMonotonic": "0","ActiveExitTimestamp": "n/a","ActiveExitTimestampMonotonic": "0","ActiveState": "inactive","After": "sysinit.target tmp.mount remote-fs.target -.mount network.target system.slice systemd-journald.socket systemd-tmpfiles-setup.service basic.target nss-lookup.target",
#enabled：是否开机自启动，取值为true或者false。
#name：服务名称
#state：状态，取值有started，stopped，restarted

6.group

（1）在harbor主机上创建组www,gid 666
[root@192 ansible]# ansible -i k8s-hosts harbor -m group -a "name=www gid=666"
192.168.100.20 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"gid": 666,"name": "www","state": "present","system": false
}
（2）在harbor主机删除组www
[root@192 ansible]# ansible -i k8s-hosts harbor -m group -a "name=www gid=666 state=absent"
192.168.100.20 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"name": "www","state": "absent"
}

7.user

1）所有主机创建用户abc
[root@192 ansible]# ansible -i k8s-hosts  harbor -m user -a "name=abc"
192.168.100.20 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"comment": "","create_home": true,"group": 1005,"home": "/home/abc","name": "abc","shell": "/bin/bash","state": "present","system": false,"uid": 1005
}

8.file

1）创建backup目录，并赋权，更改属主属组
[root@192 ansible]# ansible -i k8s-hosts  harbor -m file -a "path=/backup owner=root group=root recurse=yes mode=777"
192.168.100.20 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"gid": 0,"group": "root","mode": "0777","owner": "root","path": "/backup","size": 4096,"state": "directory","uid": 0
}
（2）创建test.txt文件，file模块可以创建目录又能创建文件
[root@192 ansible]# ansible -i k8s-hosts  harbor -m file -a "path=/backup/test.txt owner=root group=root state=touch  mode=777"
192.168.100.20 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"dest": "/backup/test.txt","gid": 0,"group": "root","mode": "0777","owner": "root","size": 0,"state": "file","uid": 0
}

9.ping

[root@192 ansible]# ansible -i k8s-hosts demo -m ping
192.168.100.20 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"
}
192.168.100.21 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": false,"ping": "pong"
}

10.script
在ansible上编写测试脚本，指定harbor主机执行。

[root@192 ansible]# ansible -i k8s-hosts harbor -m script -a "/home/admin/dir.sh"
192.168.100.20 | CHANGED => {"changed": true,"rc": 0,"stderr": "Shared connection to 192.168.100.20 closed.\r\n","stderr_lines": ["Shared connection to 192.168.100.20 closed."],"stdout": "","stdout_lines": []
}

11.cron

[root@192 ansible]# ansible -i k8s-hosts harbor -m cron -a 'minute="*/10" job="/bin/echo test" name="test cron job"'
192.168.100.20 | CHANGED => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"},"changed": true,"envs": [],"jobs": ["test cron job"]
}

12.setup
收集被管理主机的信息，包含系统版本、IP地址、CPU核心数。

[root@192 ansible]# ansible -i k8s-hosts  harbor -m setup
192.168.100.20 | SUCCESS => {"ansible_facts": {"ansible_all_ipv4_addresses": ["192.168.100.20","172.17.0.1"],"ansible_all_ipv6_addresses": ["fe80::20c:29ff:fe5a:c40d"],"ansible_apparmor": {"status": "disabled"},"ansible_architecture": "x86_64","ansible_bios_date": "11/12/2020","ansible_bios_version": "6.00","ansible_cmdline": {"BOOT_IMAGE": "/vmlinuz-5.10.0-153.12.0.92.oe2203sp2.x86_64","apparmor": "0","cgroup_disable": "files","crashkernel": "512M","rd.lvm.lv": "openeuler/swap","resume": "/dev/mapper/openeuler-swap","ro": true,"root": "/dev/mapper/openeuler-root"},