入门文档
开始get ops技能,自动部署应该算是基础的基础了吧,而ansible美名远扬,自然不能错过。
先从入门文档开始http://docs.ansible.com/
install
老规矩,从源码开始1
2
3
4
5
6git clone https://github.com/ansible/ansible.git --recursive
cd ./ansible
source ./hacking/env-setup
# 依赖的库
sudo pip install paramiko PyYAML Jinja2 httplib2 six
当然,也可以直接用pip安装1
sudo pip install ansible
Inventory
创建hosts
1 | sudo mkdir /etc/ansible/ |
执行ping
1 | ansible all -m ping |
提示失败
1 | 192.168.161.52 | UNREACHABLE! => { |
我明明已经把master加入到可信SSH里了呀,可以不用密码ssh到agent呢。
配置ssh-agent试试
1 | ssh-agent bash |
还是不行
解决
查看官方文档http://docs.ansible.com/ansible/intro_inventory.html,提到
ansible_host
The name of the host to connect to, if different from the alias you wish to give to it.ansible_port
The ssh port number, if not 22ansible_user
The default ssh user name to use.
ansible_ssh_pass
The ssh password to use (this is insecure, we strongly recommend using –ask-pass or SSH keys)
ansible_ssh_private_key_file
Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent.
ansible_ssh_common_args
This setting is always appended to the default command line for
sftp, scp, and ssh. Useful to configure aProxyCommandfor a
certain host (or group).
ansible_sftp_extra_args
This setting is always appended to the default sftp command line.
ansible_scp_extra_args
This setting is always appended to the default scp command line.
ansible_ssh_extra_args
This setting is always appended to the default ssh command line.
ansible_ssh_pipelining
Determines whether or not to use SSH pipelining. This can override the
pipeliningsetting inansible.cfg.
需要设置IP、port和user
改写hosts文件
加上user1
g530 ansible_user=g530 ansible_ssh_host=192.168.161.52
再次调用ansible all -m ping,提示成功
dynamic_inventory
http://docs.ansible.com/ansible/intro_dynamic_inventory.html
暂时不看,等用到的时候再看
pattern & ad-hoc command
也暂时略过
playbook
ping
先写一个最简单的ping
1 | --- |
然后调用1
ansible-playbook -i /etc/ansible/hosts playbook.yml
显示1
2
3
4
5
6
7
8
9
10PLAY ***************************************************************************
TASK [setup] *******************************************************************
ok: [g530 -> localhost]
TASK [ping] ********************************************************************
ok: [g530 -> localhost]
PLAY RECAP *********************************************************************
g530 : ok=2 changed=0 unreachable=0 failed=0
说明成功
代码放在https://github.com/CodeJuan/ansible_play/tree/master/ping
advanced
来尝试一个高端点的,带roles handler template的
playbook
1 | --- |
创建roles
1 | current_dir |
需要创建一个roles文件夹,里边的子文件夹的名字就是playbook里写的roles名字
handlers
每个role都会有handlers文件夹,里边的main.yml放一些响应事件1
2
3---
- name: restart
service: name=iptables state=restarted enabled=yes
例子里表示重启iptables
tasks
role的tasks里的main.yml就是真正要执行的任务1
2
3
4---
- name: ping and restart iptables
ping:
notify: restart test
表示先ping,然后调用handler里的restart
template
在template里创建一个文件haha,将他拷贝到agent的/tmp
tasks mail.yml改为1
2
3
4
5---
- name: ping
ping:
template: src=haha dest=/tmp/haha
notify: restart test
提示语法错误,看起来似乎一个name只能有一个操作
改为两个name貌似就好了1
2
3
4
5
6
7---
- name: ping
ping:
- name: template iptables
template: src=haha dest=/tmp/haha
notify: restart test
再play一下1
2
3
4
5
6
7
8
9
10
11
12
13PLAY [role_handler] ************************************************************
TASK [setup] *******************************************************************
ok: [g530 -> localhost]
TASK [test : ping] *************************************************************
ok: [g530 -> localhost]
TASK [test : template iptables] ************************************************
changed: [g530 -> localhost]
PLAY RECAP *********************************************************************
g530 : ok=3 changed=1 unreachable=0 failed=0
果然多了一个操作
代码放在https://github.com/CodeJuan/ansible_play/tree/master/advancded_play
深入学习
已经了解了基本概念,接下来就要看一些优秀案例了
http://docs.ansible.com/ansible/playbooks_best_practices.html
https://github.com/ansible/ansible-examples
本博客欢迎转发,但请保留原作者信息
github:codejuan
博客地址:http://blog.decbug.com/