服务器之家:专注于服务器技术及软件下载分享
分类导航

云服务器|WEB服务器|FTP服务器|邮件服务器|虚拟主机|服务器安全|DNS服务器|服务器知识|Nginx|IIS|Tomcat|

服务器之家 - 服务器技术 - 服务器知识 - 集群运维自动化工具ansible的安装与使用(包括模块与playbook使用)

集群运维自动化工具ansible的安装与使用(包括模块与playbook使用)

2020-08-31 19:47服务器技术网 服务器知识

Ansible是一款很好的基于ssh方案的,替代品,他能够大大简化Unix管理员的自动化配置管理与流程控制方式。它利用推送方式对客户系统加以配置,这样所有工作都可在主服务器端完成。

我使用过puppet与salt,但这2个软件都需要安装客户端,并且更新很快,每次更新都是令人蛋疼的事,尤其是salt,喜欢他的命令功能,但bug太多,不敢在公司线上使用,puppet虽然稳定,但弄命令执行的时候,需要mco配置,非常麻烦,我公司由于跟多家公司合作,很多业务没办法安装客户端,所以没办法使用puppet与salt(虽然salt有ssh,但不太好使),最后找到了ansible,他既有命令执行也有配置管理,关键开发它的语言是python,paramiko进行ssh连接,跟我之前开发的自动管理软件都是使用paramiko进行操作,不需要安装客户端,满足我的需求,下面给大家介绍一下我是如何使用的。
一、安装
1、安装第三方epel源
centos 5的epel

?
1
rpm -ivh http://mirrors.sohu.com/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpm

centos 6的epel

?
1
rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm

查看系统版本

?
1
2
3
17:01:30 # cat /etc/issue
CentOS release 6.5 (Final)
Kernel \r on an \m

由于是6版本所以安装6的epel
2、安装ansible

?
1
yum install ansible

如果需要自定义module或者想阅读源码、使用最新版本,可以去github里下载源码

?
1
git clone https://github.com/ansible/ansible.git

3、添加主机

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
17:22:08 # cd /etc/ansible/
root@ip-10-10-10-10:/etc/ansible
17:23:27 # ll
total 12
-rw-r--r-- 1 root root 5113 Dec 29 03:00 ansible.cfg
-rw-r--r-- 1 root root 965 Dec 29 03:00 hosts
其中ansible.cfg是配置文件,hosts是管理主机信息
17:24:44 # cat hosts
172.17.0.2:49154
172.17.0.4:49155
[zabbix]
172.17.0.2:49154
172.17.0.4:49155
[vpn]
172.17.0.10

4、使用密码登陆
ansible支持正则测试

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
16:20:57 # ansible 127* -m ping
SSH password:
127.0.0.1 | success >> {
  "changed": false,
  "ping": "pong"
}
 
root@ip-10-10-10-10:/etc/ansible
16:21:05 # ansible 172* -m ping
SSH password:
172.17.0.5 | success >> {
  "changed": false,
  "ping": "pong"
}
 
172.17.0.4 | success >> {
  "changed": false,
  "ping": "pong"
}
 
172.17.0.2 | success >> {
  "changed": false,
  "ping": "pong"
}

如果你有多台服务器的话,想并发运行,可以使用-f参数,默认是并发5
5、使用密钥登陆测试

?
1
2
3
4
5
11:30:35 # ansible vpn -m shell -a "echo $TERM" -u test --private-key=denglei -K
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success | rc=0 >>
xterm

二、模块应用
6、文件传输

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
11:30:44 # ansible vpn -m copy -a "src=/tmp/server dest=/tmp/server" -u test --private-key=denglei -K
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success >> {
  "changed": true,
  "dest": "/tmp/server",
  "gid": 505,
  "group": "test",
  "md5sum": "e8b32bc4d7b564ac6075a1418ad8841e",
  "mode": "0664",
  "owner": "test",
  "size": 7,
  "src": "/home/test/.ansible/tmp/ansible-1402630447.45-253524136818424/source",
  "state": "file",
  "uid": 503
}

去客户端查看文件是否传输过来

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
11:34:57 # ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=denglei -K
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success | rc=0 >>
total 76
-rw-r--r-- 1 root  root  41692 May 21 13:02 config
-rw-r--r-- 1 root  root  1228 Jun 12 18:24 install_pptpd_vpn.sh
-rw-rw-r-- 1 test  test    7 Jun 13 19:33 server
-rw-r--r-- 1 root  root   82 Jun 12 18:21 test.log
-rw-r--r-- 1 root  root   290 Jun 12 18:21 test.sh
-rw-r--r-- 1 root  root  2444 Apr 28 2012 vpn_centos6.sh
-rw------- 1 root  root   727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
-rw-rw-r-- 1 zabbix zabbix 3124 Jun 12 21:32 zabbix_agentd.log
-rw-rw-r-- 1 zabbix zabbix   5 Jun 12 21:32 zabbix_agentd.pid

可以看到已经传过来了
看看文件内容

?
1
2
3
4
5
11:35:09 # ansible vpn -m shell -a "cat /tmp/server" -u test --private-key=denglei -K
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success | rc=0 >>
server

内容正常
还有另外一个模块file,可以修改用户与权限
下面是当前文件状态

?
1
2
3
4
5
13:50:07 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -K
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success | rc=0 >>
-rw-rw-r-- 1 test test 7 Jun 13 19:33 /tmp/server

server文件是664权限,用户与组都是test
修改一下

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
13:51:17 # ansible vpn -m file -a "dest=/tmp/server mode=755 owner=root group=root" -u test --private-key=denglei -K
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success >> {
  "changed": true,
  "gid": 0,
  "group": "root",
  "mode": "0755",
  "owner": "root",
  "path": "/tmp/server",
  "size": 7,
  "state": "file",
  "uid": 0
}
 
root@ip-10-10-10-10:/etc/ansible
13:51:31 # ansible vpn -m shell -a "ls -l /tmp/server" -u test --private-key=denglei -K
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success | rc=0 >>
-rwxr-xr-x 1 root root 7 Jun 13 19:33 /tmp/server

7、安装软件

?
1
2
3
4
5
6
7
8
9
10
11
14:20:30 # ansible vpn -m yum -a "name=nmap state=installed" -u test --private-key=denglei -K
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success >> {
  "changed": true,
  "msg": "",
  "rc": 0,
  "results": [
    "Loaded plugins: fastestmirror, security\nLoading mirror speeds from cached hostfile\n * epel: mirrors.hust.edu.cn\nSetting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package nmap.x86_64 2:5.51-3.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package    Arch       Version          Repository   Size\n================================================================================\nInstalling:\n nmap      x86_64      2:5.51-3.el6       Base      2.7 M\n\nTransaction Summary\n================================================================================\nInstall    1 Package(s)\n\nTotal download size: 2.7 M\nInstalled size: 9.7 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 2:nmap-5.51-3.el6.x86_64                   1/1 \n\r Verifying : 2:nmap-5.51-3.el6.x86_64                   1/1 \n\nInstalled:\n nmap.x86_64 2:5.51-3.el6                           \n\nComplete!\n"
  ]
}

三、playbook配置管理
8、playbook
A.进行一下shell模块操作,测试删除文件
先查看一下客户端的server-test是否存在

?
1
2
3
4
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
-rw-rw-r-- 1 test test 7 Jun 14 00:37 /tmp/server-test

可以看到是存在的
然后写一个删除的playbook

?
1
2
3
4
5
6
7
[root@puppet ansible]# cat test.yml
---
- hosts: vpn
 remote_user: test
 tasks:
 - name: delete /tmp/server-test
  shell: rm -rf /tmp/server-test

运行

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@puppet ansible]# ansible-playbook test.yml --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
GATHERING FACTS ***************************************************************
ok: [172.17.0.10]
 
TASK: [delete /tmp/server-test] ***********************************************
changed: [172.17.0.10]
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=2  changed=1  unreachable=0  failed=0

在查看

?
1
2
3
4
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | FAILED | rc=2 >>
ls: cannot access /tmp/server-test: No such file or directory

文件已经删除
B.进行一下template模块操作,测试文件传输

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@puppet ansible]# cat copy.yml
---
- hosts: vpn
 remote_user: test
 tasks:
 - name: copy local server to client /tmp/server-test
  template: src=/tmp/server dest=/tmp/server-test
[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
GATHERING FACTS ***************************************************************
ok: [172.17.0.10]
 
TASK: [copy local server to client /tmp/server-test] **************************
changed: [172.17.0.10]
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=2  changed=1  unreachable=0  failed=0 
 
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/server-test" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
-rw-rw-r-- 1 test test 7 Jun 14 17:07 /tmp/server-test

C.使用service模块,测试一下服务重启

?
1
2
3
4
5
6
7
8
9
10
[root@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -K -s
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success | rc=0 >>
Shutting down pptpd:                    [ OK ]
[root@puppet ansible]# ansible vpn -m shell -a "/etc/init.d/pptpd stop" -u test --private-key=/root/denglei -k -K -s
SSH password:
sudo password [defaults to SSH password]:
172.17.0.10 | success | rc=0 >>
Shutting down pptpd:                    [ OK ]

D.多项目同时更新

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
total 84
-rw-r--r-- 1 root  root  41692 May 21 13:02 config
-rw-r--r-- 1 root  root  1228 Jun 12 18:24 install_pptpd_vpn.sh
-rwxr-xr-x 1 root  root    7 Jun 13 19:33 server
-rw-rw-r-- 1 test  test    7 Jun 14 17:07 server-test
-rw-r--r-- 1 root  root   82 Jun 12 18:21 test.log
-rw-r--r-- 1 root  root   290 Jun 12 18:21 test.sh
-rw-r--r-- 1 root  root  2444 Apr 28 2012 vpn_centos6.sh
-rw------- 1 root  root   727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
-rw-rw-r-- 1 zabbix zabbix   5 Jun 14 00:30 zabbix_agentd.pid
 
[root@puppet ansible]# vim multi_copy.yml
[root@puppet ansible]# cat multi_copy.yml
---
- hosts: vpn
 remote_user: test
 gather_facts: False
 tasks:
 - name: copy local server to client /tmp/server-test
  template: src=/tmp/server dest=/tmp/test-{{item}}
  with_items:
   - server-1
   - server-2
   - server-3
[root@puppet ansible]# ansible-playbook multi_copy.yml --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
TASK: [copy local server to client /tmp/server-test] **************************
changed: [172.17.0.10] => (item=server-1)
changed: [172.17.0.10] => (item=server-2)
changed: [172.17.0.10] => (item=server-3)
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=1  changed=1  unreachable=0  failed=0 
 
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
total 96
-rw-r--r-- 1 root  root  41692 May 21 13:02 config
-rw-r--r-- 1 root  root  1228 Jun 12 18:24 install_pptpd_vpn.sh
-rwxr-xr-x 1 root  root    7 Jun 13 19:33 server
-rw-rw-r-- 1 test  test    7 Jun 14 17:07 server-test
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-1
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-2
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-3
-rw-r--r-- 1 root  root   82 Jun 12 18:21 test.log
-rw-r--r-- 1 root  root   290 Jun 12 18:21 test.sh
-rw-r--r-- 1 root  root  2444 Apr 28 2012 vpn_centos6.sh
-rw------- 1 root  root   727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
-rw-rw-r-- 1 zabbix zabbix   5 Jun 14 00:30 zabbix_agentd.pid

E.根据条件进行删除

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
total 96
-rw-r--r-- 1 root  root  41692 May 21 13:02 config
-rw-r--r-- 1 root  root  1228 Jun 12 18:24 install_pptpd_vpn.sh
-rwxr-xr-x 1 root  root    7 Jun 13 19:33 server
-rw-rw-r-- 1 test  test    7 Jun 14 17:07 server-test
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-1
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-2
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-3
-rw-r--r-- 1 root  root   82 Jun 12 18:21 test.log
-rw-r--r-- 1 root  root   290 Jun 12 18:21 test.sh
-rw-r--r-- 1 root  root  2444 Apr 28 2012 vpn_centos6.sh
-rw------- 1 root  root   727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
-rw-rw-r-- 1 zabbix zabbix   5 Jun 14 00:30 zabbix_agentd.pid
 
[root@puppet ansible]# cat delete.yml
---
- hosts: vpn
 remote_user: test
 gather_facts: True
 tasks:
 - name: if system is centos,then rm /tmp/test-server-1
  shell: rm -rf /tmp/test-server-1
  when: ansible_os_family == "RedHat"
 
[root@puppet ansible]# ansible-playbook delete.yml --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
GATHERING FACTS ***************************************************************
ok: [172.17.0.10]
 
TASK: [if system is centos,then rm /tmp/test-server-1] ************************
changed: [172.17.0.10]
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=2  changed=1  unreachable=0  failed=0 
 
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
total 92
-rw-r--r-- 1 root  root  41692 May 21 13:02 config
-rw-r--r-- 1 root  root  1228 Jun 12 18:24 install_pptpd_vpn.sh
-rwxr-xr-x 1 root  root    7 Jun 13 19:33 server
-rw-rw-r-- 1 test  test    7 Jun 14 17:07 server-test
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-2
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-3
-rw-r--r-- 1 root  root   82 Jun 12 18:21 test.log
-rw-r--r-- 1 root  root   290 Jun 12 18:21 test.sh
-rw-r--r-- 1 root  root  2444 Apr 28 2012 vpn_centos6.sh
-rw------- 1 root  root   727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
-rw-rw-r-- 1 zabbix zabbix   5 Jun 14 00:30 zabbix_agentd.pid

F.debug输出

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@puppet ansible]# cat debug.yml
---
- hosts: vpn
 remote_user: test
 gather_facts: True
 tasks:
 - name: debug to print interface
  debug: msg="{{item}}"
  with_items: ansible_default_ipv4.address
[root@puppet ansible]# ansible-playbook debug.yml --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
GATHERING FACTS ***************************************************************
ok: [172.17.0.10]
 
TASK: [debug to print interface] **********************************************
ok: [172.17.0.10] => (item=10.10.32.34) => {
  "item": "10.10.32.34",
  "msg": "10.10.32.34"
}

G.check模式,仅检测,但不实行

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
total 92
-rw-r--r-- 1 root  root  41692 May 21 13:02 config
-rw-r--r-- 1 root  root  1228 Jun 12 18:24 install_pptpd_vpn.sh
-rwxr-xr-x 1 root  root    7 Jun 13 19:33 server
-rw-rw-r-- 1 test  test    7 Jun 14 17:07 server-test
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-2
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-3
-rw-r--r-- 1 root  root   82 Jun 12 18:21 test.log
-rw-r--r-- 1 root  root   290 Jun 12 18:21 test.sh
-rw-r--r-- 1 root  root  2444 Apr 28 2012 vpn_centos6.sh
-rw------- 1 root  root   727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
-rw-rw-r-- 1 zabbix zabbix   5 Jun 14 00:30 zabbix_agentd.pid
 
[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --check
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
GATHERING FACTS ***************************************************************
ok: [172.17.0.10]
 
TASK: [copy local server to client /tmp/server-test] **************************
changed: [172.17.0.10] => (item=server-1)
ok: [172.17.0.10] => (item=server-2)
ok: [172.17.0.10] => (item=server-3)
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=2  changed=1  unreachable=0  failed=0 
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=2  changed=0  unreachable=0  failed=0
H.diff

使用diff与不使用作对比

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
[root@puppet ansible]# ansible vpn -m shell -a "rm -rf /tmp/test-server-1" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
 
 
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success | rc=0 >>
total 92
-rw-r--r-- 1 root  root  41692 May 21 13:02 config
-rw-r--r-- 1 root  root  1228 Jun 12 18:24 install_pptpd_vpn.sh
-rwxr-xr-x 1 root  root    7 Jun 13 19:33 server
-rw-rw-r-- 1 test  test    7 Jun 14 17:07 server-test
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-2
-rw-rw-r-- 1 test  test    7 Jun 18 00:50 test-server-3
-rw-r--r-- 1 root  root   82 Jun 12 18:21 test.log
-rw-r--r-- 1 root  root   290 Jun 12 18:21 test.sh
-rw-r--r-- 1 root  root  2444 Apr 28 2012 vpn_centos6.sh
-rw------- 1 root  root   727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx
-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log
-rw-rw-r-- 1 zabbix zabbix   5 Jun 14 00:30 zabbix_agentd.pid
 
[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k --diff
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
GATHERING FACTS ***************************************************************
 
ok: [172.17.0.10]
 
TASK: [copy local server to client /tmp/server-test] **************************
--- before
+++ after
@@ -1,0 +1,1 @@
+server
 
changed: [172.17.0.10] => (item=server-1)
 
ok: [172.17.0.10] => (item=server-2)
 
ok: [172.17.0.10] => (item=server-3)
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=2  changed=1  unreachable=0  failed=0

9、主机信息查看
类似puppet的fact、salt的grains

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@puppet ansible]# ansible vpn -m setup -u test --private-key=/root/denglei -k
SSH password:
172.17.0.10 | success >> {
  "ansible_facts": {
    "ansible_all_ipv4_addresses": [
      "10.10.32.34",
      "10.10.32.34"
    ],
    "ansible_all_ipv6_addresses": [
      "fe80::f816:3eff:fe3e:1667"
    ],
    "ansible_architecture": "x86_64",
    "ansible_bios_date": "01/01/2007",
    "ansible_bios_version": "Bochs",
    "ansible_cmdline": {
      "KEYBOARDTYPE": "pc",
      "KEYTABLE": "us",
      "LANG": "zh_CN.UTF-8",
      "quiet": true,
      "rd_NO_DM": true,
      "rd_NO_LUKS": true,
      "rd_NO_LVM": true,
      "rd_NO_MD": true,
      "rhgb": true,
      "ro": true,
      "root": "UUID=c6042d42-8edb-4bb4-a31b-2197b043500c"
    },

数据太多,我就展示部分。


10、优化ansible-playbook运行时间
默认playbook是进行客户端fact搜集,一般如果你配置里没有使用fact的话,可以关闭这样就能减少运行时间
没有优化的时候

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
[root@puppet ansible]# cat shell.yml
---
- hosts: vpn
 remote_user: test
# gather_facts: False
 tasks:
 - name: echo hi
  shell: echo "hi"
[root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
GATHERING FACTS ***************************************************************
ok: [172.17.0.10]
 
TASK: [echo hi] ***************************************************************
changed: [172.17.0.10]
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=2  changed=1  unreachable=0  failed=0 
 
real  0m8.396s
user  0m0.796s
sys 0m0.158s
[root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
GATHERING FACTS ***************************************************************
ok: [172.17.0.10]
 
TASK: [echo hi] ***************************************************************
changed: [172.17.0.10]
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=2  changed=1  unreachable=0  failed=0 
 
real  0m3.309s
user  0m0.724s
sys 0m0.108s
[root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
GATHERING FACTS ***************************************************************
ok: [172.17.0.10]
 
TASK: [echo hi] ***************************************************************
changed: [172.17.0.10]
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=2  changed=1  unreachable=0  failed=0 
 
 
real  0m3.409s
user  0m0.716s
sys 0m0.099s

可以看到第一次8s,后2次都是3s
下面是优化后(未使用fact)

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
[root@puppet ansible]# cat shell.yml
---
- hosts: vpn
 remote_user: test
 gather_facts: False
 tasks:
 - name: echo hi
  shell: echo "hi"
[root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
TASK: [echo hi] ***************************************************************
changed: [172.17.0.10]
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=1  changed=1  unreachable=0  failed=0 
 
 
real  0m2.758s
user  0m0.585s
sys 0m0.096s
[root@puppet ansible]# time ansible-playbook shell.yml -u test --private-key=/root/denglei -k
 [WARNING]: The version of gmp you have installed has a known issue regarding
timing vulnerabilities when used with pycrypto. If possible, you should update
it (ie. yum update gmp).
 
SSH password:
 
PLAY [vpn] ********************************************************************
 
TASK: [echo hi] ***************************************************************
changed: [172.17.0.10]
 
PLAY RECAP ********************************************************************
172.17.0.10       : ok=1  changed=1  unreachable=0  failed=0 
 
real  0m2.359s
user  0m0.565s
sys 0m0.077s

运行时间就是2s

延伸 · 阅读

精彩推荐