以下为观看Ansible-Configuration Management的笔记。不适合初学者查看。可以作为温习使用

Ansible总结

  1. 单个Module是基石,将机器分组,严重依靠变量
  2. task组成任务
  3. 全部的task组成playbooks.将所有的机器定义到一个确定的状态
  4. 使用role对playbooks进行拆分.role有约定好的目录结构
  5. ansible galaxy来分享role.使用时完全使用变量来覆盖原有变量,严重依赖社区水平(比如国情安装许多软件都需要使用镜像,而外国作者编写role并不会考虑这些)

特点

  • change management(定义一个特定的系统状态,change_event用于回调)
  • Provisioning(role。服务划分。比如一个webserver会依次执行某些步骤)
  • Automation(playbook同时设置上千台)
  • Orchestration(编排多个tasks让其协调coordinates执行。多个系统配置。解决task间的依赖性)

为什么使用它

  • No agents
  • No database
  • No residual software
  • No complex upgrades
  • 题外话。使用yaml文件描述而无法使用编程控制。我认为迟早药丸。只不过目前还没找到更好的替代品
  • ssh/root/encrypted vault(共享到github仓库成标配了,几乎所有的软件都是这个套路)
  • easy to extend:http call、shell commands(挺有用)、scripts(暂时不太懂,感觉是扩充model)、Ansible-Galaxy

Ansible 架构

Ansible 架构

Variables:

  • Host Variables: 在资产中给host或者group设置的变量
  • Facts: ansible进行的第一步就是setup。获取机器的基础信息。比如内网ip
  • Dynamic Variables: 收集tasks数据或者运行时获取?比如将上一个task的结果作为参数

执行过程中将model发送到远方机器临时目录执行。返回json结果。然后删除临时目录内容

学习环境搭建(视频19)

  • Vagrant、Virtualbox、Ansible
  • Remote、Local(基本不使用Local模式。仅有一次无法远程ssh我用过)

Inventory Features

  • Behavioral Parameters
  • Groups
  • Groups of Groups
  • Assign Variables
  • Scaling out using multiple files
  • Static/Dynamic
    分组、组合、赋予变量(和python里面变量作用域LEGB差不多)
1
2
3
4
5
6
7
8
9
10
[db]
db1.company.com ansible_ssh_user=aarom xx=xx
db2.company.com

[datacenter-west:children]
db

[datacenter-west:vars]
ansible_ssh_user=ansible_user
xx=xx

分组的套路(group_vars、host_vars下面的文件必须和inventory相对应)

1
2
3
4
5
6
7
├── group_vars   # 全局
│   ├── all
│   ├── db
├── host_vars # 单个host
│   └── web1
├── inventory_prod
├── inventory_test
1
2
3
4
5
# variable file example
--- # 标记
# key-value pairs
ntp: ntp-west.company.com
syslog: logger-west.company.com

Ad-Hoc 临时使用

1
2
3
4
ansible -m ping all
ansible -m shell -a "hostname" all
ansible -m shell -a "getent passwd | grep deploy" all
ansible -b -K -m shell -a "whoami" all -vvv -T 30 -c paramiko

参数注解

  • -b become变成某用户一般是root
  • -K 配合-b输入密码
  • -m 使用某个模块
  • -vvv 和ssh -vvv一样查看详细日志
  • -T timeout 设置超时
  • -c 选择连接的模块. 3.5使用默认值搞sudo可能会有问题
1
2
使用变量(估计使用janja2模板引擎是会python的人使用ansible的唯一优势了-_-)
ansible webservers -i inventory_prod -m user -a "name={{username}} password=1234 -b"

ansible-doc可以查看文档

Host/Group Target Patterns

  • OR (group1:group2)
  • NOT (!group2)
  • Wildcard (web*.ex.com)
  • Regex (~web[0-9]+)
  • Complex Patterns AND (group1:&group2) # 求交集、中间出现一个:有点奇葩

Anaible Playbooks

  • 组合ansible modules组成play,多个play组成playbooks
  • logic controls & error handle
  • include 合并多个
  • Grab output of task for another task(register)
  • Debug Module(debug/msg or var)
  • Promptins for input(类似与input,vars_prompt)
  • Playbook Handlers(notify)
    1. Tasks with asynchronous execution
    2. Only runs tasks when notified
    3. Tasks Only notify when state=changed
    4. Does not run until all playbook tasks have executed
    5. Most common for restarting services to load changes(if changes are made)
  • Contitional Clause(when: ansible_os_family == “Debian”,搭配register使用)
  • Jinja2 Template Module(template)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
---
- hosts: webservres
sudo: yes

vars:
http_port: 80
doc_dir: /ansible/
doc_root: /var/www/html/ansible/
max_clients: 5

vars_prompt:
- name: username
prompt: what is your name?

tasks:
- name: Ensure that Apache is installed
yum: name=httpd state=present
when: ansible_os_family == "RedHat"

- name: Start Apache Services
service: name=httpd enabled=yes state=started

- name: Deploy configuration File
template: src=templates/httpd.j2 dest=/etc/httpd/conf/httpd.conf
notify:
- Restart Apache

- name: Copy Site Files
template: src=templates/index.j2 dest={{ doc_root }}/index.html

handlers:
- name: Restart Apache
service: name=httpd state=restarted

- hosts: dbservers
sudo: yes

tasks:
- name: Ensure MySQL is installed
yum: name=mysql-server state=present

- name: Start MySQL
service: name=mysqld state=started

- hosts: webservers:dbservers
sudo: yes

tasks:
- name: Stop IPTABLES NOW!!!
service: name=iptables state=stopped

ansible-playbook -i inventory web_db.yaml

Roles

  • Predefined directory structure

  • defaults、files、handlers、meta、tasks、templates、vars

  • main.yml,使用include.vars除外

  • use tags to define categories within your playbooks

  • Adding Roles to Playbook

    1
    2
    3
    4
    5
    6
    7
    8
    ---
    - hosts: code-dev
    roles:
    - server-common
    - builders
    gather_facts: no
    tasks:
    # Build your extra tasks here like
  • Pre-tasks and Post-tasks(executes plays before or after roles)

  • ansible-playbook site.yml -tags "web" -limit atlanta

  • ansible galaxy(ansible-galaxy install username.role)

最佳实践

ansible-best-practises