Ansible基础 - 01简介

Ansible基础 - 01简介

一、Ansible介绍

  ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。

  ansible是基于 paramiko 开发的,并且基于模块化工作,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。

  ansible不需要在远程主机上安装client/agents,因为它们是基于ssh来和远程主机通讯的。

  ansible目前已经已经被红帽官方收购,是自动化运维工具中大家认可度最高的,并且上手容易,学习简单。是每位运维工程师必须掌握的技能之一。

  ansible是一个开源配置管理工具,使用它来自动化任务、部署应用程序实现IT基础架构。自动化日常任务,如服务器的初始化配置、安全基线配置、更新系统和打补丁、安装软件包等。

二、Ansible 特点

  • 部署简单,只需在主控端部署Ansible环境,被控端无需做任何操作;
  • 默认使用SSH协议对设备进行管理,有Paramiko,PyYAML,Jinja2(模板语言)三个关键模块;
  • 有大量常规运维操作模块,可实现日常绝大部分操作;
  • 配置简单、功能强大、扩展性强;
  • 支持API及自定义模块,可通过Python轻松扩展;
  • YAML格式,编排任务,支持丰富的数据结构;通过Playbooks来定制强大的配置、状态管理;
  • 轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可;
  • 提供一个功能强大、操作性强的Web管理界面和REST API接口——AWX平台。

三、Ansible框架

             

四、执行模式

Ansible 系统由控制主机对被管节点的操作方式可分为两类,即adhocplaybook

ad-hoc模式(点对点模式)
  使用单个模块,支持批量执行单条命令。ad-hoc 命令是一种可以快速输入的命令,而且不需要保存起来的命令。就相当于bash中的一句话shell。

playbook模式(剧本模式)
  是Ansible主要管理方式,也是Ansible功能强大的关键所在。playbook通过多个task集合完成一类功能,如Web服务的安装部署、数据库服务器的批量备份等。可以简单地把playbook理解为通过组合多条ad-hoc操作的配置文件。

 

五、执行流程

Ansible在运行时, 首先读取 ansible.cfg 中的配置, 根据规则获取Inventory中的管理主机列表, 并行的在这些主机中执行配置的任务, 最后等待执行返回的结果。

                  

5.1 执行过程 

  • 加载自己的配置文件,默认/etc/ansible/ansible.cfg
  • 查找对应的主机配置文件,找到要执行的主机或者组;
  • 加载自己对应的模块文件,如 command;
  • 通过ansible将模块或命令生成对应的临时py文件(python脚本), 并将该文件传输至远程服务器;对应执行用户的家目录的.ansible/tmp/xxx/xxx.py文件;
  • 给文件 +x 执行权限;
  • 执行并返回结果;
  • 删除临时py文件,sleep 0退出;
[root@cl-server ansible]# ansible cl-node01 -vvv -a 'cat /tmp/aa.txt'
ansible 2.9.21
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Nov 16 2020, 22:23:17) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
META: ran handlers

### 获取执行用户的家目录
 ESTABLISH SSH CONNECTION FOR USER: None
 SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/650f1c49eb cl-node01 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
 (0, '/root\n', '')

### 在cl-node01上创建临时文件夹,用作脚本存放位置
 ESTABLISH SSH CONNECTION FOR USER: None
 SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/650f1c49eb cl-node01 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1640850609.85-22672-276336393291970 `" && echo ansible-tmp-1640850609.85-22672-276336393291970="` echo /root/.ansible/tmp/ansible-tmp-1640850609.85-22672-276336393291970 `" ) && sleep 0'"'"''
 (0, 'ansible-tmp-1640850609.85-22672-276336393291970=/root/.ansible/tmp/ansible-tmp-1640850609.85-22672-276336393291970\n', '')

### 获取python执行环境
 Attempting python interpreter discovery
 ESTABLISH SSH CONNECTION FOR USER: None
 SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/650f1c49eb cl-node01 '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
 (0, 'PLATFORM\nLinux\nFOUND\n/usr/bin/python\n/usr/bin/python2.7\n/usr/libexec/platform-python\n/usr/bin/python\nENDFOUND\n', '')

### 获取cl-node01的系统版本
 ESTABLISH SSH CONNECTION FOR USER: None
 SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/650f1c49eb cl-node01 '/bin/sh -c '""'"'/usr/bin/python && sleep 0'"'"''
 (0, '{"osrelease_content": "NAME=\\"CentOS Linux\\"\\nVERSION=\\"7 (Core)\\"\\nID=\\"centos\\"\\nID_LIKE=\\"rhel fedora\\"\\nVERSION_ID=\\"7\\"\\nPRETTY_NAME=\\"CentOS Linux 7 (Core)\\"\\nANSI_COLOR=\\"0;31\\"\\nCPE_NAME=\\"cpe:/o:centos:centos:7\\"\\nHOME_URL=\\"https://www.centos.org/\\"\\nBUG_REPORT_URL=\\"https://bugs.centos.org/\\"\\n\\nCENTOS_MANTISBT_PROJECT=\\"CentOS-7\\"\\nCENTOS_MANTISBT_PROJECT_VERSION=\\"7\\"\\nREDHAT_SUPPORT_PRODUCT=\\"centos\\"\\nREDHAT_SUPPORT_PRODUCT_VERSION=\\"7\\"\\n\\n", "platform_dist_result": ["centos", "7.9.2009", "Core"]}\n', '')

### Ansible将模块生成为临时py文件,传输到cl-node01
Using module file /usr/lib/python2.7/site-packages/ansible/modules/commands/command.py
 PUT /root/.ansible/tmp/ansible-local-22664hvCjPv/tmpqGrbsM TO /root/.ansible/tmp/ansible-tmp-1640850609.85-22672-276336393291970/AnsiballZ_command.py
 SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/650f1c49eb '[cl-node01]'
 (0, 'sftp> put /root/.ansible/tmp/ansible-local-22664hvCjPv/tmpqGrbsM /root/.ansible/tmp/ansible-tmp-1640850609.85-22672-276336393291970/AnsiballZ_command.py\n', '')

### 给cl-node01上的脚本 AnsiballZ_command.py 添加执行权限
 ESTABLISH SSH CONNECTION FOR USER: None
 SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/650f1c49eb cl-node01 '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1640850609.85-22672-276336393291970/ /root/.ansible/tmp/ansible-tmp-1640850609.85-22672-276336393291970/AnsiballZ_command.py && sleep 0'"'"''
 (0, '', '')

### 执行cl-node01上的脚本 AnsiballZ_command.py,返回结果
 ESTABLISH SSH CONNECTION FOR USER: None
 SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/650f1c49eb -tt cl-node01 '/bin/sh -c '"'"'sudo -H -S -n  -u root /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-qjunattafphmecirysqyzrcgodccasis ; /usr/bin/python /root/.ansible/tmp/ansible-tmp-1640850609.85-22672-276336393291970/AnsiballZ_command.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
 (0, '\r\n{"changed": true, "end": "2021-12-30 15:50:10.334612", "stdout": "aa\\nbb\\ncc", "cmd": ["cat", "/tmp/aa.txt"], "rc": 0, "start": "2021-12-30 15:50:10.331730", "stderr": "", "delta": "0:00:00.002882", "invocation": {"module_args": {"creates": null, "executable": null, "_uses_shell": false, "strip_empty_ends": true, "_raw_params": "cat /tmp/aa.txt", "removes": null, "argv": null, "warn": true, "chdir": null, "stdin_add_newline": true, "stdin": null}}}\r\n', 'Shared connection to cl-node01 closed.\r\n')

### 删除cl-node01上的临时文件夹
 ESTABLISH SSH CONNECTION FOR USER: None
 SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/650f1c49eb cl-node01 '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1640850609.85-22672-276336393291970/ > /dev/null 2>&1 && sleep 0'"'"''
 (0, '', '')

### 在Ansible控制端展示结果
cl-node01 | CHANGED | rc=0 >>
aa
bb
cc
META: ran handlers
META: ran handlers

 

06运维自动化

相关

标签