Ansible和SatltStack是什么?
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible是基于 paramiko 开发的,并且基于模块化工作,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。ansible不需要在远程主机上安装client/agents,因为它们是基于ssh来和远
程主机通讯的。ansible目前已经已经被红帽官方收购,是自动化运维工具中大家认可度最高的,并且上手容易,学习简单。是每位运维工程师必须掌握的技能之一。
saltstack是一个配置管理系统,能够维护预定义状态的远程节点。
saltstack是一个分布式远程执行系统,用来在远程节点上执行命令和查询数据。
saltstack是运维人员提高工作效率、规范业务配置与操作的利器。
一.Ansible安装
| 主机名 | IP地址 |
|---|---|
| bogon | 192.168.10.139 |
| cj-a1 | 192.168.10.150 |
| cj-a2 | 192.168.10.151 |
安装环境:
centos8
安装前请确认自己是否将源换为国内镜像
需要注意的是,系统自带的仓库源是没有Ansilble,需要额外添加epel仓库源(因centos8官方源停止维护,故使用阿里云的epel镜像源)
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm将 repo 配置中的地址替换为阿里云镜像站地址
sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*以及添加 centos-release-ansible-29.noa源
yum install centos-release-ansible-29.noarch
1.1.安装ansible
注意:最新版本需要python3.11,但源内最高只有python3.9,故安装老版本ansible
yum install ansible-2.9.27
ansible --version
1.2.生成ssh密钥
在控制机生成一组密钥
ssh-keygen -t rsa
可以看到,在/root/.ssh/中,有两个文件id_rsa是私钥,id_rsa.pub是公钥,我们要把公钥发送到另外的两个虚拟机
1.3配置文件
修改配置文件/etc/Ansible/hosts
[/etc/Ansible/hosts]
192.168.10.150
192.168.10.151
[webservers]
192.168.10.150 192.168.10.151
修改后测试一下节点是否连通
ansible webservers -m ping测试正常,返回值如下图
1.4Ansible常用模块
0.查看已加载模块
ansible-doc -l查看已加载模块
[root@bogon ansible]# ansible-doc -l
a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' server object
a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' server object
a10_server_axapi3 Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' service groups
a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices' virtual servers
aci_aaa_user Manage AAA users (aaa:User)
....1.setup模块
查看目录节点的各种信息
[root@bogon ansible]# ansible webservers -m setup
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
192.168.10.150 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.10.150"
],
"ansible_all_ipv6_addresses": [
"fe80::20c:29ff:fe48:eab5"
],
"ansible_apparmor": {
"status": "disabled"
},
"ansible_architecture": "x86_64",
"ansible_bios_date": "11/12/2020",
"ansible_bios_version": "6.00",
"ansible_cmdline": {
"BOOT_IMAGE": "(hd0,msdos1)/vmlinuz-4.18.0-348.7.1.el8_5.x86_64",
"crashkernel": "auto",
"quiet": true,
"rd.lvm.lv": "cl/swap",
"resume": "/dev/mapper/cl-swap",
"rhgb": true,
"ro": true,
"root": "/dev/mapper/cl-root"
},
....
2.copy模块
将主控端的文件复制到远程主机,只针对文件
| 参数 | 默认值 | 选项 | 含义 |
|---|---|---|---|
| src | 用于指定需要copy的文件或目录 | ||
| dest | 用于指定文件将被拷贝到远程主机的哪个目录中,dest为必须参数 | ||
| content | 当不使用src指定拷贝的文件时,可以使用content直接指定文件内容,src与content两个参数必有其一,否则会报错。 | ||
| force | yes | yes/no | 当远程主机的目标路径中已经存在同名文件,并且与ansible主机中的文件内容不同时,是否强制覆盖,可选值有yes和no,默认值为yes,表示覆盖,如果设置为no,则不会执行覆盖拷贝操作,远程主机中的文件保持不变。 |
| backup | no | yes/no | 当远程主机的目标路径中已经存在同名文件,并且与ansible主机中的文件内容不同时,是否对远程主机的文件进行备份,可选值有yes和no,当设置为yes时,会先备份远程主机中的文件,然后再将ansible主机中的文件拷贝到远程主机。 |
[root@bogon chapter06]# ansible all -m copy -a 'dest=/root src=/root/chapter06/name.sh'
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
192.168.10.150 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "35ea9da31dc0599becd08dc710516f22d0f8321b",
"dest": "/root/name.sh",
"gid": 0,
"group": "root",
"md5sum": "f7e12ba43f53b80235b7892b9a18acd7",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 83,
"src": "/root/.ansible/tmp/ansible-tmp-1699445118.5752468-12129-207182632001977/source",
"state": "file",
"uid": 0
}
192.168.10.151 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "35ea9da31dc0599becd08dc710516f22d0f8321b",
"dest": "/root/name.sh",
"gid": 0,
"group": "root",
"md5sum": "f7e12ba43f53b80235b7892b9a18acd7",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 83,
"src": "/root/.ansible/tmp/ansible-tmp-1699445118.6054213-12131-219970837491220/source",
"state": "file",
"uid": 0
}3.file模块
创建或者和删除远程主机上的文件或者目录
| 参数 | 默认值 | 选项 | 含义 |
|---|---|---|---|
| path | 指定文件 如果远程主机上没有该文件,则进行创建 | ||
| state | |||
| link | |||
| hard | |||
path 指定文件 如果远程主机上没有该文件,则进行创建
state 创建类型 touch 文件 directory 目录
state=absent 删除文件或者目录
link 软连接 src=源文件名 path=目标链接文件名
hard 硬链接 src=源文件名 path=目标链接文件名
以下三个参数,既可以修改,也可以自动添加
mod:权限 可以在添加时设置特殊权限,前提要有执行权限( set 粘滞位)
owner:属主
group:属组
# 删除刚才复制的文件
[root@bogon chapter06]# ansible all -m file -a 'path=/root/name.sh state=absent'
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
192.168.10.150 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"path": "/root/name.sh",
"state": "absent"
}
192.168.10.151 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"path": "/root/name.sh",
"state": "absent"
}4.command模块和shell模块
command模块在远程主机上执行指定得命令 如:cat ls ,不能使用特殊得符号 :| > >>
语法:ansible 主机清单 -m 模块名 -a '执行命令'
creates:当指定文件存在时,后一条命令不执行 / 指定文件不存在,后一条命令执行
removes:当指定文件存在时,后一条命令执行 / 指定文件不存在,后一条命令不执行
# 查看所有节点/root下的文件
[root@bogon chapter06]# ansible all -m command -a 'ls /root'
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
192.168.10.151 | CHANGED | rc=0 >>
anaconda-ks.cfg
192.168.10.150 | CHANGED | rc=0 >>
anaconda-ks.cfgshell模块在远程主机上执行复杂的命令,比较好用得模块
语法:
ansible 主机清单 -m 模块名 -a '执行命令'
# 查看所有节点/root下的文件
[root@bogon chapter06]# ansible all -m command -a 'ls /root'
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
192.168.10.151 | CHANGED | rc=0 >>
anaconda-ks.cfg
192.168.10.150 | CHANGED | rc=0 >>
anaconda-ks.cfg二.SatltStack
2.1.SaltStack的安装与配置
| 主机名 | IP地址 |
|---|---|
| bogon | 192.168.10.139 |
| cj-a1 | 192.168.10.150 |
| cj-a2 | 192.168.10.151 |
1.Master控制端安装
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el8.noarch.rpm
yum -y install salt-master2.Minion受控端安装
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest.el8.noarch.rpm
yum -y install salt-minion修改/etc/salt/minion文件
cj-a1
master: 192.168.10.139
id: saltminion1cj-a2
master: 192.168.10.139
id: saltminion23.连通配置
master端
[root@bogon chapter06]# systemctl start salt-masterminion端
[root@cj-a1 ~]# systemctl start salt-minion
[root@cj-a2 ~]# systemctl start salt-minion在master端测试
[root@bogon chapter06]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
saltminion1
saltminion2
Rejected Keys:
[root@bogon chapter06]# salt-key -a saltminion1,saltminion2
The following keys are going to be accepted:
Unaccepted Keys:
saltminion1
saltminion2
Proceed? [n/Y] y
Key for minion saltminion1 accepted.
Key for minion saltminion2 accepted.
[root@bogon chapter06]# salt-key
Accepted Keys:
saltminion1
saltminion2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@bogon chapter06]#
Comments NOTHING