Ansible是近年來知名度不斷上升的DevOps自動化軟體。目前
DevOps自動化軟體知名的工具有Puppet、Chef、Ansible、SaltStack及CFEngine等。
Ansible之所以易於使用,其一是Ansible用以設定自動化部署的Playbook,是以易讀易懂的YAML程式碼來撰寫,對於DevOps撰寫程式碼與維護自動化流程相對容易;再者,Ansible無須代理程式,以SSH來執行自動化程序,對於企業要採用也比較容易。
Ansible是以Python開發的自動化組態管理工具,架構靈活、部署模式不需依賴代理程式,目標是實現基礎建設即程式碼(Infrastructure as Code),協助開發者部署出一致的運作環境。此外,Ansible可以用於部署應用程式以及幫助開發者導入持續整合的作業流程。
Ansible的部署模式不需要依賴代理程式(agent),與Puppet及Chef的拉取(Pull-based)屬性為特色的工具相比,Ansible的屬性則為推播式(Push-based)。
Ansible透過劇本(Playbook) 以及模組(Module) 對節點進行管理。Ansible比喻:「如果模組是工作室內的工具,那麼劇本就是你的設計規畫。」
安裝
shell> apt-get install python
shell> apt-get install ansible
shell> brew install ansible
shell> ansible all -m raw -a 'apt-get install python -y' -b --ask-become-pass
shell> ansible all -m ping
shell> ansible all -m ping --ask-pass
shell> ansible all -m ping -u bruce
shell> ansible all -m ping -u bruce --sudo
shell> ansible all -m ping -u bruce --sudo --sudo-user batman
shell> ansible all -m ping -u bruce -b
shell> ansible all -m ping -u bruce -b --become-user batman
shell> ansible all -a "uptime"
shell> ansible foo.example.com -m yum -a "name=httpd state=installed"
shell> ansible foo.example.com -a "/usr/sbin/reboot"
shell> ansible myhost --sudo -m raw -a "yum install -y python2 python-simplejson"
shell> echo "127.0.0.1" > ~/ansible_hosts
shell> export ANSIBLE_INVENTORY=~/ansible_hosts
[defaults]
host_key_checking = False
shell> export ANSIBLE_HOST_KEY_CHECKING=False
參考網站:
Inventory
badwolf.example.com:5309
jumper ansible_port=5555 ansible_host=192.168.1.50
mail.example.com
192.168.1.50
aserver.example.org
bserver.example.org
[webservers]
www1.example.com
www2.example.com
foo.example.com
bar.example.com
[dbservers]
db0.example.com
db1.example.com
one.example.com
two.example.com
three.example.com
shell> ansible all -m setup
shell> ansible all -m setup -a 'filter=ansible_eth[0-2]'
shell> ansible all -m copy -a "src=/srv/myfiles/foo.conf dest=/etc/foo.conf owner=foo group=foo mode=0644"
shell> ansible all -m copy -a "src=/mine/ntp.conf dest=/etc/ntp.conf owner=root group=root mode=644 backup=yes"
shell> ansible all -m copy -a "src=/etc/hosts dest=/tmp/hosts"
shell> ansible all -m apt -a 'name=foo update_cache=yes' --sudo
- apt: update_cache=yes
- apt: name=foo state=present
- apt: name=foo update_cache=yes
filename.yml
- command: echo HelloWorld
- name: add several users
user: name={{ item }} state=present groups=wheel
with_items:
- testuser1
- testuser2
- user: name=johnd comment="John Doe" uid=1040 group=admin
- user: name=james shell=/bin/bash groups=admins,developers append=yes
- user: name=johnd state=absent remove=yes
- user: name=jsmith generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
- user: name=james18 shell=/bin/zsh groups=developers expires=1422403387
shell> ansible-doc -l
- lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line='127.0.0.1 localhost' owner=root group=root mode=0644
參考網站:
- ping_module
- setup_module
- copy_module
- debconf_module
- apt_module
- mail_module
- service_module
- template_module
- command_module
- apt_module
- user_module
- authorized_key_module
- lineinfile_module
- blockinfile_module
- shell_module
- mysql_db_module
- mysql_user_module
- fetch_module
---
- hosts: webservers
ansible-playbook playbook.yml -f 10
ansible-galaxy install
search
---
- hosts: 172.16.159.129
tasks:
- name: test connection
ping:
- apt: name=vim-nox update_cache=yes
become: true
- hostname: name=web01
- service: name=nginx state=started
become: yes
become_method: sudo
- name: make sure apache is running
service: name=httpd state=started
- name: disable selinux
command: /sbin/setenforce 0
- apt: name=postfix,mailutils state=present
when: ansible_os_family == "Debian"
---
# ...
tasks:
- name: recursively copy files from management server to target
local_action: command rsync -a /path/to/files {{ inventory_hostname }}:/path/to/target/
shell> python -c 'import crypt; print crypt.crypt("word", "salt")'
- name:
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^UseDNS'
line: 'UseDNS no'
insertafter: EOF
state: present
register: sshd_config
- name:
service:
name: ssh
state: restarted
when: sshd_config.changed
參考網站:
- name: this command prints FAILED when it fails
command: /usr/bin/example-command -x -y -z
register: command_result
ignore_errors: True
- name: fail the play if the previous command did not succeed
fail: msg="the command failed"
when: "'FAILED' in command_result.stderr"