Ansible默认通过 SSH 协议管理机器.安装Ansible之后,不需要启动或运行一个后台进程,或是添加一个数据库.只要在一台电脑(可以是一台笔记本)上安装好,就可以通过这台电脑管理一组远程的机器.在远程被管理的机器上,不需要安装运行任何软件,因此升级Ansible版本不会有太多问题.

目前,只要机器上安装了 Python 2.6 或 Python 2.7 (windows系统不可以做控制主机),都可以运行Ansible.主机的系统可以是 Red Hat, Debian, CentOS, OS X, BSD的各种版本,等等.

自2.0版本开始,ansible使用了更多句柄来管理它的子进程,对于OS X系统,你需要增加ulimit值才能使用15个以上子进程,方法 sudo launchctl limit maxfiles 1024 2048,否则你可能会看见”Too many open file”的错误提示.

对托管节点的要求

通常我们使用 ssh 与托管节点通信,默认使用 sftp.如果 sftp 不可用,可在 ansible.cfg 配置文件中配置成 scp 的方式. 在托管节点上也需要安装 Python 2.4 或以上的版本.如果版本低于 Python 2.5 ,还需要额外安装一个模块:

python-simplejson

安装管理主机

这里安装以Python2.7.12、ansible2.4.2版本为例

升级Python2.7.12
下载地址:https://pkgs.org/download
# export LD_LIBRARY_PATH=/usr/local/ssl/lib/:$LD_LIBRARY_PATH
# tar xvzf Python-2.7.12.tgz
# cd Python-2.7.12
# ./configure --prefix=/usr/local
# make -j
# sudo make install
# sudo cp -a /usr/local/include/python2.7/* /usr/local/include/
# sudo mv /usr/bin/python /usr/bin/python.old
# sudo rm -f /usr/local/bin/python
# sudo ln -s /usr/local/bin/python2.7 /usr/local/bin/python
# sudo rm -f /usr/bin/python
# sudo cp /usr/local/bin/python2.7 /usr/bin/python
# chmod 755 /usr/bin/python
# python -V
# sudo cp /usr/lib64/python/lib-dynload/zlib.so /usr/local/lib/python2.7/lib-dynload/
安装setuptools
下载地址:https://pypi.python.org/simple/setuptools/
# unzip setuptools-36.5.0.zip
# cd setuptools-36.5.0
# sudo python setup.py install
安装pip
pip: https://pypi.python.org/simple/pip/
importlib: https://pypi.python.org/simple/importlib/
# unzip importlib-1.0.4.zip
# cd importlib-1.0.4/
# sudo python setup.py install
# tar -zxvf pip-9.0.1.tar.gz
# cd pip-9.0.1
# sudo python setup.py install
安装依赖

下载地址:
https://pypi.python.org/pypi/ansible/2.4.2.0
https://pypi.python.org/simple/asn1crypto/
https://pypi.python.org/simple/bcrypt/
https://pypi.python.org/simple/cffi/
https://pypi.python.org/simple/cryptography/
https://pypi.python.org/simple/enum34/
https://pypi.python.org/simple/idna/
https://pypi.python.org/simple/ipaddress/
https://pypi.python.org/simple/Jinja2/
ftp://sourceware.org/pub/libffi/libffi-3.2.1.tar.gz
https://pypi.python.org/simple/MarkupSafe/
https://pypi.python.org/simple/paramiko/
https://pypi.python.org/simple/passlib/
https://pypi.python.org/simple/pyasn1/
https://pypi.python.org/simple/pycparser/
https://pypi.python.org/simple/PyNaCl/
https://pypi.python.org/simple/PyYAML/
https://pypi.python.org/pypi/gnureadline/6.3.8
https://pypi.python.org/simple/six/

# pip install MarkupSafe-1.0.tar.gz
# pip install Jinja2-2.10.tar.gz
# pip install PyYAML-3.12.tar.gz
# pip install pycparser-2.18.tar.gz
# tar -zxvf libffi-3.2.1.tar.gz
# cd libffi-3.2.1/
# ./configure && make && make install
# pip install cffi-1.11.4.tar.gz
# pip install six-1.10.0.tar.gz
# export LD_LIBRARY_PATH="/usr/local/lib64/"
# pip install bcrypt-3.1.4.tar.gz
# pip install idna-2.6.tar.gz
# pip install asn1crypto-0.24.0.tar.gz
# pip install enum34-1.1.6.tar.gz
# pip install ipaddress-1.0.19.tar.gz
# pip install cryptography-2.1.4.tar.gz
# pip install PyNaCl-1.2.1.tar.gz
# pip install pyasn1-0.2.3.tar.gz
# pip install paramiko-2.4.0.tar.gz
# pip install gnureadline-6.3.8.tar.gz
# pip install passlib-1.6.5.tar.gz
安装ansible
# pip install ansible-2.4.2.0.tar.gz
# mkdir /etc/ansible
# cp /usr/local/lib/python2.7/site-packages/ansible/galaxy/data/container_enabled/tests/ansible.cfg /etc/ansible/

测试安装
# python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"

Playbooks

Playbooks 是 Ansible的配置,部署,编排语言.他们可以被描述为一个需要希望远程主机执行命令的方案,或者一组IT程序运行的命令集合.如果 Ansible 模块你是工作室中的工具,那么 playbooks 就是你设置的方案计划.

在基础层面, playbooks 可以被用来管理用于部署到远程主机的配置文件.在更高的层面上,playbooks 可以依次对多层式架构上的服务器执行上线包括滚动更新在内的操作并可以将操作委托给其他主机包括在此过程中发生的与监视服务器,负载均衡服务器的交互操作在内.

Playbooks 的格式是YAML(详见:YAML 语法),语法做到最小化,意在避免 playbooks 成为一种编程语言或是脚本,但它也并不是一个配置模型或过程的模型.

playbook 由一个或多个 ‘plays’ 组成.它的内容是一个以 ‘plays’ 为元素的列表.

在 play 之中,一组机器被映射为定义好的角色.在 ansible 中,play 的内容,被称为 tasks,即任务.在基本层次的应用中,一个任务是一个对 ansible 模块的调用,这在前面章节学习过.

‘plays’ 好似音符,playbook 好似由 ‘plays’ 构成的曲谱,通过 playbook,可以编排步骤进行多机器的部署,比如在 webservers 组的所有机器上运行一定的步骤, 然后在 database server 组运行一些步骤,最后回到 webservers 组,再运行一些步骤,诸如此类.

“plays” 算是一个体育方面的类比,你可以通过多个 plays 告诉你的系统做不同的事情,不仅是定义一种特定的状态或模型.你可以在不同时间运行不同的 plays.

adduser.yml

---
#use local root create users and upload root public keys
- name: Linux Create AppUserName and AppGroupName
  hosts: "{{HostName}}"
  vars:
    AppUserName: "{{ AppUserName }}"
    AppGroupName: "{{ AppGroupName }}"
  vars_files:
    - "{{ commonfile }}"
  tasks:
    #创建用户组
    - name: get all groups
      action: shell cat /etc/group
      register: allgroups
    - name: create group if group is not exist
      group:
          name: "{{ AppGroupName }}"
          gid: "{{AppGroupGid}}"
      when: allgroups.stdout.find('AppGroupName') == -1
    #创建用户
    - name: check user is exis
      action: shell id {{ AppUserName }}
      register: command_result
      ignore_errors: true
    - name: Create user {{ AppUserName }} if user is not exist
      user:
        name: "{{ AppUserName }}"
        shell: /bin/bash
        password: "{{AppUserPassword}}"
        group: "{{AppGroupName}}"
        uid: "{{AppUserUid}}"
        createhome: yes
        home: /home/{{AppUserName}}
        state: present
      when: command_result.failed == true
common.yml
---
HostName: "hosts"
AppUserName: "portaltest"
AppGroupName: "ibdetest"
AppUserUid: "1094"
AppGroupGid: "2094"
AppUserPassword: "123456"
ansible-playbook groups/adduser.yml  --extra-vars "commonfile=/etc/ansible/groups/common.yml"

PLAY [Linux Create AppUserName and Upload AppUserName Public keys] **************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************
ok: [100.101.23.153]

TASK [get all groups] ***********************************************************************************************************************************************************************************
changed: [100.101.23.153]

TASK [create group if group is not exist] ***************************************************************************************************************************************************************
changed: [100.101.23.153]

TASK [check user is exis] *******************************************************************************************************************************************************************************
fatal: [100.101.23.153]: FAILED! => {"changed": true, "cmd": "id portaltest", "delta": "0:00:00.176964", "end": "2018-03-27 09:21:05.460807", "msg": "non-zero return code", "rc": 1, "start": "2018-03-27 09:21:05.283843", "stderr": "id: ‘portaltest’: no such user", "stderr_lines": ["id: ‘portaltest’: no such user"], "stdout": "", "stdout_lines": []}
...ignoring

TASK [Create user portaltest if user is not exist] ******************************************************************************************************************************************************
changed: [100.101.23.153]

PLAY RECAP **********************************************************************************************************************************************************************************************
100.101.23.153             : ok=5    changed=4    unreachable=0    failed=0
---
#uninstall user
- hosts: "{{ HostName }}"
  remote_user: root
  vars:
    AppUserName: "{{ AppUserName }}"
    AppGroupName: "{{ AppGroupName }}"
  vars_files:
    - "{{ commonfile }}"
  tasks:
  - name: check user is exis
    action: shell id {{AppUserName}}
    register: command_result
    ignore_errors: true
  - name: Delete remote user
    action: shell userdel {{AppUserName}}
  - name: Delete remote group
    action: shell groupdel {{AppGroupName}}
    when: command_result.failed == false
PLAY [hosts] ********************************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************
ok: [100.101.23.153]

TASK [check user is exis] *******************************************************************************************************************************************************************************
changed: [100.101.23.153]

TASK [Delete remote user] *******************************************************************************************************************************************************************************
changed: [100.101.23.153]

TASK [Delete remote group] ******************************************************************************************************************************************************************************
changed: [100.101.23.153]

PLAY RECAP **********************************************************************************************************************************************************************************************
100.101.23.153             : ok=4    changed=3    unreachable=0    failed=0
upload zip file 

---
#use local root create users and upload root public keys
- name: Linux Create AppUserName and Upload AppUserName Public keys
  hosts: "{{HostName}}"
  vars:
    AppUserName: "{{ AppUserName }}"
    AppGroupName: "{{ AppGroupName }}"
  vars_files:
    - "{{ commonfile }}"
  tasks:
  - name: upload software package
    copy: 
      src: "./test.zip"
      dest: "/root/"
      group: "root"
      owner: "root"
---
################################################################################
#delete zipfile
################################################################################
- hosts: "{{HostName}}"
  remote_user: "root"
  vars: 
    applicationPath: "{{applicationPath}}"
  vars_files:
    - "{{ commonfile }}"
  tasks:
  - name: Delete OpenAS software
    file: path=/root/test.zip state=absent