自动运维化工具:saltstack ansible:
传统运维效率低,大多工作人为完成;
传统运维工作繁琐,容易出错;
传统运维每日重复做相同的事情;
传统运维没有标准化流程;
传统运维的脚本繁多,不能方便管理;
自动化运维就是要解决上面所有问题;
常用的自动化运维工具:适用于十多台 上百台 上千台等;
puppet: (www.puppetlabs.com)
基于rubby开发,C/S架构,支持多平台,可管理配置文件,用户,crond任务,软件包,系统服务等,分为社区版和企业版(收费,但是支持图形化);
saltstack:https://saltstack.com 文档:docs.saltstack.com
基于python开发, C/S架构,多平台,比puppet轻量,在远程执行命令时非常快捷(因为它有消息队列,它是并行的,所以快,如expect是串行,一个一个执行,比较慢),配置和使用puppet容易多了,能实习puppet的所有功能;
ansible:www.ansible.com
基于python开发,更加方便简洁的自动化运维工具,不需要在客户端安装anget,可以实现批量操作系统配置,批量程序部署,批量运行命令;
注释:saltstack与ansible相比,saltstack支持的机器更多,ansible是通过秘钥认证的方式来执行后面的命令,更改文件,安装服务呀;
1、ansible: 不需要安装客户端,通过sshd通信,可以基于模块工作,支持命令行操作,也支持playbook,也支持UI WEB界面(收费的),
ansible被redhat公司收购,它在github的地址:htts://guhub.com/ansible/ansible
入门电子书:https://ansible-book.gitbooks.io/ansible-first-book/
安装:准备两台机器001(129) 和002(130) 03(131)
只需要在001上安装ansible就可以了:
当然也可以看到Centos自带的源里面的ansible的版本; yum list|grep ansible
[root@localhost_001 ~]# yum list|grep ansible
ansible.noarch 2.7.2-1.el7 epel
ansible-doc.noarch 2.7.2-1.el7 epel
1:安装: yum install -y ansible ansible-doc
[root@localhost_001 ~]# yum install -y ansible ansible-doc
已加载插件:fastestmirror
2:在001(129)机器上生成秘钥对,使用ssh-keygen -t rsa ,然后把公钥id_rs.pub放到002(130)机器和03(131)/root/.ssh/authorized_keys上了。
[root@localhost_001 ~]# ls /root/.ssh/
authorized_keys id_rsa id_rsa.pub known_hosts
[root@localhost_001 ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7G1C6L20UA+jxG+2Umvx0KXex9xJNybaBXy6v1FiMA8xZpOzBd8++nndtNX8IpyiwaNls9l3LMUIn60WLMPuWOK91EpAVgUMHjtPQkPzB2qTb7ntg5GfOrRRCz+in96Z4cxhMHUh28gqsous83G0zaNI8XQ5RQIeUf0fIZ+9fxt/e4jIdmyf/01Ia96bW6rKQT6bWAXrOKQO5JhhG9u4GwYIsWJPkG+D4Mxa+Yah0ynTksORlBAsGmHz2vhbJQXhPkhs/XUUTw9lyjbt4cImj69TtZZdFWNAD4SBL+fXItr44v2KNasgBmBAOXJmdJg+NnfeAcwahm0B1p4BIIKMj root@localhost_001
注释:如上图,我的机器已经生成了,然后复制到002机器的/root/.ssh/authorzed_keys
2:守在001(129)机器上写入到/etc/hosts文件,用于在后面ansible的hosts定义;如下;
[root@localhost_001 ~]# cat /etc/hosts
127.0.0.1 localhost_001 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.149.130 localhost_002
192.168.149.131 localhost_03
3:测试是否可以远程到002(130) 和03(131)这台机器上来;
[root@localhost_001 ~]# ssh localhost_002
Last login: Fri Nov 23 16:43:31 2018 from 192.168.149.129
[root@localhost_002 ~]# exit
登出
Connection to localhost_002 closed.
[root@localhost_001 ~]# ssh localhost_03
Last login: Fri Nov 23 16:51:30 2018 from 192.168.149.129
[root@localhost_03 ~]# exit
登出
Connection to localhost_03 closed.
4:编辑ansible的hosts文件,配置主机组: /etc/ansible/hosts
注释: 可以分成多个组,比如web组合db组等;每一组里有若干个机器,可以针对某个组去操作了;
[root@localhost_001 ~]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
#本次新增内容:----------------------
[testhost]
127.0.0.1
localhost_002 #此处也可以写IP地址;
[webserver]
localhost_03 #此处也可以写IP地址;
#新增内容结束-------------------------------
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
注释:如上图示:新增两个组 [testhost] 和 [webserver],然后里定要操作的客户端,可以写IP地址,也可以写主机名(需提前在/etc/hosts下定义);
注释:对于001(129)本机,也需要把自己的/root/.ssh/id_rsa.pub复制到/root/.ssh/authorized_keys文件里面去;
1、ansible远程执行命令;
ansbile testhost -m command -a 'hostnamectl'
注释:ansible 后面跟组的名字(在/etc/ansible/hosts定义),这里是 testhost 为主机名;
-m 后面跟模块的名字,这里使用的command模块;
-a 后面跟的命令,也可以是 hostname mv cp w 等;
[root@localhost_001 ~]# ansible testhost -m command -a 'hostname'
127.0.0.1 | CHANGED | rc=0 >>
localhost_001
localhost_002 | CHANGED | rc=0 >>
localhost_002
[root@localhost_001 ~]# ansible localhost_03 -m command -a 'w'
localhost_03 | CHANGED | rc=0 >>
17:18:41 up 38 min, 4 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 1311月18 9days 0.03s 0.03s -bash
root pts/1 192.168.149.135 16:48 27:45 0.02s 0.02s -bash
root pts/2 192.168.149.129 17:18 1.00s 0.19s 0.00s w
注释:如上,针对testhost这个组来执行命令以及针对localhost_03这台主机来执行命令;
同时还有一个shell模块,主要使用执行脚本的;命令格式如下;
ansible 192.168.149.132 -m shell -a 'w'
2、使用ansible复制和移动目录及文件; 也可以针对给一个组来复制;
在001(129)这台机器上复制/etc/ansible这个目录到002(130)这台机器上;
复制目录:ansible localhost_002 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=755"
[root@localhost_001 ~]# ansible localhost_002 -m copy -a "src=/etc/ansible dest=/tmp/ansibletest owner=root group=root mode=755"
localhost_002 | CHANGED => {
"changed": true,
"dest": "tmp/ansibletest/",
"src": "/etc/ansible"
}
然后在002这台机器来查看,如下;
[root@localhost_002 ~]# ls /tmp/ansibletest/
ansible
[root@localhost_002 ~]# ls /tmp/ansibletest/ansible/
ansible.cfg hosts roles
注释:当复制或移动的目录时,源目录会放到目标目录下,当目录目录不存在时,则会自动创建,如果存在,则直接放到该目录下;
复制文件: ansible localhost_002 -m copy -a "src=/etc/passwd dest=/tmp/passwd owner=root group=root mode=755"
在001(129)这台机器上操作;
[root@localhost_001 ~]# ansible localhost_002 -m copy -a "src=/etc/passwd dest=/tmp/passwd owner=root group=root mode=755"
localhost_002 | CHANGED => {
"changed": true,
"checksum": "a1b2385096229bc513afc9af77a36619d1af0f77",
"dest": "/tmp/passwd",
"gid": 0,
"group": "root",
"md5sum": "35430c216ac8c7834378501fdfc5e41f",
"mode": "0755",
"owner": "root",
"size": 1309,
"src": "/root/.ansible/tmp/ansible-tmp-1542965995.03-104940655542836/source",
"state": "file",
"uid": 0
}
然后在002(130)这台机器上查看文件;
[root@localhost_002 ~]# ls /tmp/passwd
/tmp/passwd
注释:在拷贝文件时,当目标文件存在,则覆盖目标文件,相当于重名了,当目标文件不存在,则直接复制;
也可以自定义目标的文件名;
ansible localhost_002 -m copy -a "src=/etc/passwd dest=/tmp/1.txt owner=root group=root mode=755"
3:ansible远程执行脚本;
1:在001(129)上写一个脚本:内容如下;
[root@localhost_001 ~]# cat /tmp/1.sh
#!/bin/bash
echo `date` > /tmp/ansible_test.txt
2:把脚本拷贝到三个机器,然后再执行; -m copy -a " "
[root@localhost_001 ~]# ansible testhost -m copy -a "src=/tmp/1.sh dest=/tmp/test.sh owner=root group=root mode=777"
[root@localhost_001 ~]# ansible localhost_03 -m copy -a "src=/tmp/1.sh dest=/tmp/test.sh owner=root group=root mode=777"
3:再三台机器上远程来执行: -m shell -a " "
[root@localhost_001 ~]# ansible testhost -m shell -a "/tmp/test.sh"
localhost_002 | CHANGED | rc=0 >>
127.0.0.1 | CHANGED | rc=0 >>
[root@localhost_001 ~]# ansible localhost_03 -m shell -a "/tmp/test.sh"
localhost_03 | CHANGED | rc=0 >>
4:在另外两台机器来查看;
[root@localhost_002 ~]# ls /tmp/ansible_test.txt
/tmp/ansible_test.txt
[root@localhost_03 ~]# cat /tmp/ansible_test.txt
2018年 11月 23日 星期五 17:53:44 CST
注释:在使用 command 模块时,不支持带管道的;会报如下错误;
[root@localhost_001 ~]# ansible testhost -m command -a "cat /etc/passwd|wc -l"
127.0.0.1 | FAILED | rc=1 >>
cat:无效选项 -- l
Try 'cat --help' for more information.non-zero return code
而在使用shell模式,支持可以带管道符;如下:
[root@localhost_001 ~]# ansible testhost -m shell -a "cat /etc/passwd|wc -l"
127.0.0.1 | CHANGED | rc=0 >>
28
localhost_002 | CHANGED | rc=0 >>
22
4:ansible管理任务计划: 用到 cron 模块;
ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/123.txt' weekday=6"
[root@localhost_001 ~]# ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/123.txt' weekday=6"
localhost_002 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
127.0.0.1 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/123.txt' weekday=6"
注释:脚本最后写 分钟minute 时 hour 日 day 月 mouth 周 weekday 不定义则模式是 *
登录002(130)机器查看; 会注释表示是ansible ,也就是之前定义的名字;
[root@localhost_002 ~]# crontab -l
#Ansible: test cron
10 * * * * /bin/touch /tmp/123.txt
删除cron; "name='test cron' state=sbsent"
[root@localhost_001 ~]# ansible testhost -m cron -a "name='test cron' state=absent"
127.0.0.1 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
localhost_002 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
这样就可以删除了;注意:注释的哪一行不能删除,不然会无法操作了;
4:再添加一个cron:星期六十点二十创建/tmp/123.txt脚本;
[root@localhost_001 ~]# ansible webserver -m cron -a "name='test cron' job='/bin/touch /tmp/123.txt' minute=20 hour=10 weekday=6"
localhost_03 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
5:在03(131)上查看; crontab -l
[root@localhost_03 ~]# crontab -l
#Ansible: test cron
20 10 * * 6 /bin/touch /tmp/123.txt
注释:以后在生成环境中用到cron,不要手动去更改,不然就无法操作了;
6:ansilbe安装包及管理服务; 用到了 yum 模块 server 模块
ansible webserver -m yum "name=httpd" #安装httpd服务;
[root@localhost_001 ~]# ansible webserver -m yum -a "name=httpd"
[root@localhost_03 ~]# rpm -qa |grep httpd
httpd-tools-2.4.6-80.el7.centos.1.x86_64
httpd-2.4.6-80.el7.centos.1.x86_64
2:卸载一个包;
ansible weserver -m yum “name=httpd state=removed”
[root@localhost_001 ~]# ansible webserver -m yum -a "name=httpd state=removed"
[root@localhost_03 ~]# rpm -qa |grep httpd
3:启动httpd服务,需要用到 server 模块;
[root@localhost_001 ~]# ansible webserver -m service -a "name=httpd state=started enabled=yes"
[root@localhost_03 ~]# ps aux |grep httpd #查看03(131)的httpd进程;
root 16307 0.1 0.5 226220 5144 ? Ss 18:36 0:00 /usr/sbin/httpd -DFOREGROUND
apache 16308 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND
apache 16309 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND
apache 16310 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND
apache 16311 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND
apache 16312 0.0 0.3 226220 3016 ? S 18:36 0:00 /usr/sbin/httpd -DFOREGROUND
root 16322 0.0 0.0 444 4 pts/1 R+ 18:36 0:00 grep --color=auto httpd
注释:列出所有模块: ansible-doc -l
[root@localhost_001 ~]# ansible-doc -l
copy Copies files to remote locations
yum Manages packages with the `yum' package manager
针对某个模块查询: ansible-doc -l cron
如果管理100多台机器,需要一台一台的把公钥放到远端的机器上,如下两个方法:
可以使用expect脚本批量传送;
也可以使用ansible authorized_keys;