1锰霜、介紹

Ansible是一個(gè)自動(dòng)化管理IT資源的工具示姿。

功能：

系統(tǒng)環(huán)境配置
安裝軟件
持續(xù)集成：自動(dòng)化部署
熱回滾

優(yōu)點(diǎn)

無(wú)客戶端
推送式
豐富的第三方module甜橱，大概1W多個(gè)
基于YAML的Playbook
商業(yè)化的支持

缺點(diǎn)

效率低，易掛起：基于ssh通信
并發(fā)性能差

自動(dòng)化運(yùn)維工具對(duì)比

2栈戳、Ansible安裝與運(yùn)行

安裝

環(huán)境準(zhǔn)備
Python
Setuptools

方法一： pip安裝

pip(可選): pip install ansible

方法二：源碼安裝

git clone https://github.com/ansible/ansible.git
source ./hacking/env-setup
python setup.py install 替換自帶的二進(jìn)制運(yùn)行文件

方法三：系統(tǒng)源安裝

yum install ansible

運(yùn)行流程

Ansible -> ssh -> ssh -> shell

Ansible配置文件路徑優(yōu)先級(jí)
(1) export ANSIBLE_CONFIG
(2) ./ansible.cfg
(3) ~/.ansible.cfg
(4) /etc/ansible/ansible.cfg

配置文件詳解
ansible/ansible.cfg at devel · ansible/ansible · GitHub

(1) defaults默認(rèn)配置項(xiàng)

[defaults]
#inventory       = /etc/ansible/hosts
#library         = ~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
#module_utils    = ~/.ansible/plugins/module_utils:/usr/share/ansible/plugins/module_utils
#remote_tmp      = ~/.ansible/tmp
#local_tmp       = ~/.ansible/tmp
#forks           = 5
#poll_interval   = 0.001
#ask_pass        = False
#transport       = smart
...
#gather_subset = all
...
#remote_user = root
...
# set plugin path directories here, separate with colons
#action_plugins     = /usr/share/ansible/plugins/action
#become_plugins     = /usr/share/ansible/plugins/become
#cache_plugins      = /usr/share/ansible/plugins/cache
#callback_plugins   = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins     = /usr/share/ansible/plugins/lookup
#inventory_plugins  = /usr/share/ansible/plugins/inventory
#vars_plugins       = /usr/share/ansible/plugins/vars
#filter_plugins     = /usr/share/ansible/plugins/filter
#test_plugins       = /usr/share/ansible/plugins/test
#terminal_plugins   = /usr/share/ansible/plugins/terminal
#strategy_plugins   = /usr/share/ansible/plugins/strategy

inventory: 存放可通信主機(jī)的目錄岂傲，可修改為普通用戶目錄
library: Ansible默認(rèn)搜尋模塊路徑
forks: 最大開(kāi)辟的進(jìn)程數(shù)，不易過(guò)大子檀，過(guò)大性能耗費(fèi)高譬胎；不宜過(guò)小，過(guò)小并發(fā)性能低命锄，一般設(shè)置為CPU核數(shù)*2堰乔。
ask_pass: 可以控制Ansible playbook是否會(huì)自動(dòng)默認(rèn)彈出輸入密碼框
ask_sudo_pass: 用戶使用的系統(tǒng)平臺(tái)開(kāi)啟了sudo密碼的話，這個(gè)參數(shù)應(yīng)該設(shè)置為true
gather_subset: 設(shè)置收集的內(nèi)容脐恩，包括all镐侯、network、hardware驶冒、virtual苟翻、facter、ohai
remote_port: 設(shè)置客戶機(jī)的端口骗污，一般都是22
remote_tmp: 設(shè)置客戶機(jī)的臨時(shí)目錄
remote_user: 設(shè)置客戶機(jī)的用戶
sudo_exe: sudo命令的路徑
sudo_flags: sudo參數(shù)
sudo_user: 能夠使用sudo的user
開(kāi)發(fā)者中心的插件相關(guān)功能崇猫，開(kāi)發(fā)者可以開(kāi)發(fā)相應(yīng)的插件，來(lái)完成自己的功能：
action_plugins: 激活事件
callback_plugins: 回調(diào)
connection_plugins: 連接需忿，比如不使用ssh連接
filter_plugins: 過(guò)濾器
loopup_plugins: 加載路徑
vars_plugins: 任何地方加載

(2) privilege_escalation執(zhí)行命令的用戶權(quán)限設(shè)置

[privilege_escalation]
#become = False
#become_method = sudo
#become_ask_pass = False


## Connection Plugins ##

# Settings for each connection plugin go under a section titled '[[plugin_name]_connection]'
# To view available connection plugins, run ansible-doc -t connection -l
# To view available options for a connection plugin, run ansible-doc -t connection [plugin_name]
# https://docs.ansible.com/ansible/latest/plugins/connection.html

(3) paramiko_connection paramika插件設(shè)置

[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False

# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty = False

# paramiko will default to looking for SSH keys initially when trying to
# authenticate to remote devices. This is a problem for some network devices
# that close the connection after a key failure. Uncomment this line to
# disable the Paramiko look for keys function
#look_for_keys = False

# When using persistent connections with Paramiko, the connection runs in a
# background process. If the host doesn't already have a valid SSH key, by
# default Ansible will prompt to add the host key. This will cause connections
# running in background processes to fail. Uncomment this line to have
# Paramiko automatically add host keys.
#host_key_auto_add = True

(4) ssh_connection ssh鏈接設(shè)置

[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it, -C controls compression use
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s

# The base directory for the ControlPath sockets.
# This is the "%(directory)s" in the control_path option
#
# Example:
# control_path_dir = /tmp/.ansible/cp
#control_path_dir = ~/.ansible/cp

# The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname,
# port and username (empty string in the config). The hash mitigates a common problem users
# found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format.
# In those cases, a "too long for Unix domain socket" ssh error would occur.
#
# Example:
# control_path = %(directory)s/%%C
#control_path =

# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False

# Control the mechanism for transferring files (old)
#   * smart = try sftp and then try scp [default]
#   * True = use scp only
#   * False = use sftp only
#scp_if_ssh = smart

# Control the mechanism for transferring files (new)
# If set, this will override the scp_if_ssh option
#   * sftp  = use sftp to transfer files
#   * scp   = use scp to transfer files
#   * piped = use 'dd' over SSH to transfer files
#   * smart = try sftp, scp, and piped, in that order [default]
#transfer_method = smart

# If False, sftp will not use batch mode to transfer files. This may cause some
# types of file transfer failures impossible to catch however, and should
# only be disabled if your sftp version has problems with batch mode
#sftp_batch_mode = False

# The -tt argument is passed to ssh when pipelining is not enabled because sudo
# requires a tty by default.
#usetty = True

# Number of times to retry an SSH connection to a host, in case of UNREACHABLE.
# For each retry attempt, there is an exponential backoff,
# so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max).

(4) accelerate
(5) selinux & colors
看源碼

[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependent context.
#special_context_filesystems=fuse,nfs,vboxsf,ramfs,9p,vfat

# Set this to True to allow libvirt_lxc connections to work without SELinux.
#libvirt_lxc_noseclabel = False


[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan

3诅炉、 添加機(jī)器

3.1 編輯/etc/ansible/hosts蜡歹，添加機(jī)器ip
3.2 添加本機(jī)的Public SSH key到目標(biāo)機(jī)器的authorized_keys
3.3 添加本機(jī)的私鑰到Ansible
3.4 ansible all -m ping測(cè)試是否添加成功
ansible: 命令主體
all: 默認(rèn)是所有機(jī)器，被操作的目標(biāo)機(jī)器的正則表達(dá)式涕烧，也可以按需求換做hosts文件中的其他組名
舉例：
ansible test -m ping
ansible 192.168.1.10 -m ping
-m ping: 指定要使用的模塊
-a: 指定傳入模塊的參數(shù)
舉例：
ansible all -a "/sbin/reboot" -f 10 重啟所有機(jī)器月而，每次重啟10個(gè)
ansible all -a "/usr/bin/foo" -u root 指定root用戶執(zhí)行shell命令
-C -D: 兩個(gè)一起使用，檢查hosts規(guī)則文件的修改
-l: 限制匹配規(guī)則的主機(jī)數(shù)
--list-hosts: 顯示所有匹配規(guī)則的主機(jī)
-m -M:指定所使用的模塊和模塊的路徑
--syntax-check: 檢查語(yǔ)法
-v: 顯示詳細(xì)的日志

4议纯、playbook

playbook可以編排有序的執(zhí)行過(guò)程父款，甚至可以在多組機(jī)器間，來(lái)回有序的執(zhí)行特別指定的步驟瞻凤，并且可以同步或異步的發(fā)起任務(wù)憨攒。
待學(xué)習(xí)補(bǔ)充...

5、Ansible API

功能：

1. 調(diào)用Ansible的模塊
2. 開(kāi)發(fā)動(dòng)態(tài)的Inventory數(shù)據(jù)源
3. 更好的控制playbook等功能的運(yùn)行

調(diào)用Ansible模塊：

1. 引入Ansible runner庫(kù)
2. 初始化runner對(duì)象阀参，傳入相關(guān)參數(shù)
3. 運(yùn)行runner對(duì)象的run函數(shù)
   舉例：

import ansible.runner
runner = ansible.runner.Runner(
    module_name='ping',
    module_args='',
    pattern='all',
    forks=10
)
datastructure = runner.run()

Ansible 2.0之前和2.0之后API相差很大肝集，注意版本

調(diào)用Ansible2.0 API:

1. 定義一個(gè)結(jié)果對(duì)象
2. 初始化Ansible節(jié)點(diǎn)對(duì)象
3. 初始化結(jié)果對(duì)象
4. 創(chuàng)建一個(gè)任務(wù)
5. 運(yùn)行ansible節(jié)點(diǎn)
   舉例【ansible 2.0】：

待學(xué)習(xí)補(bǔ)充...

6、自定義Ansible Module

6.1 自己寫(xiě)一個(gè)模塊 test.py
6.2 把模塊放到木塊文件夾下
配置文件ansible.cfg中的lilbrary配置參數(shù)為ansible module的放置路徑结笨。
6.3 運(yùn)行自己的模塊ansible all -m test