Ansible基础:自动化配置管理
Ansible基础:自动化配置管理
Ansible简介
Ansible是一个开源的自动化工具,用于配置管理、应用部署和任务自动化。它使用SSH协议,无需在目标主机安装代理。
核心优势
优势:
- 无代理:通过SSH连接,无需安装agent
- 简单易学:使用YAML编写Playbook
- 幂等性:多次执行结果一致
- 声明式:描述期望状态而非过程
安装Ansible
# pip安装
pip install ansible
# Ubuntu/Debian
sudo apt update
sudo apt install ansible
# CentOS/RHEL
sudo yum install epel-release
sudo yum install ansible
# 验证安装
ansible --version
Inventory配置
静态Inventory
# /etc/ansible/hosts
[webservers]
web1 ansible_host=192.168.1.10
web2 ansible_host=192.168.1.11
[dbservers]
db1 ansible_host=192.168.1.20
db2 ansible_host=192.168.1.21
[all:vars]
ansible_user=deploy
ansible_ssh_private_key_file=~/.ssh/id_rsa
YAML格式Inventory
# inventory.yml
all:
children:
webservers:
hosts:
web1:
ansible_host: 192.168.1.10
web2:
ansible_host: 192.168.1.11
vars:
http_port: 80
dbservers:
hosts:
db1:
ansible_host: 192.168.1.20
vars:
ansible_user: deploy
Ad-hoc命令
# 测试连接
ansible all -m ping
# 执行命令
ansible webservers -m shell -a "uptime"
# 复制文件
ansible webservers -m copy -a "src=./app.conf dest=/etc/app.conf"
# 安装软件包
ansible webservers -m apt -a "name=nginx state=present" --become
# 服务管理
ansible webservers -m service -a "name=nginx state=restarted" --become
# 创建用户
ansible all -m user -a "name=deploy state=present" --become
基本模块
文件模块
# 创建目录
- name: 创建应用目录
ansible.builtin.file:
path: /opt/myapp
state: directory
owner: deploy
group: deploy
mode: '0755'
# 复制文件
- name: 复制配置文件
ansible.builtin.copy:
src: files/app.conf
dest: /etc/app/app.conf
owner: root
group: root
mode: '0644'
backup: yes
# 模板
- name: 生成配置文件
ansible.builtin.template:
src: templates/nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
validate: "nginx -t -c %s"
包管理模块
# apt(Ubuntu/Debian)
- name: 安装nginx
ansible.builtin.apt:
name: nginx
state: present
update_cache: yes
# yum(CentOS/RHEL)
- name: 安装nginx
ansible.builtin.yum:
name: nginx
state: present
服务模块
- name: 启动nginx
ansible.builtin.service:
name: nginx
state: started
enabled: yes
变量管理
# 变量定义
vars:
app_name: myapp
app_port: 8080
app_user: deploy
# 变量优先级(从低到高)
# 1. role defaults
# 2. inventory vars
# 3. play vars
# 4. role vars
# 5. include vars
# 6. set_facts / registered vars
# 7. extra vars
实践:服务器初始化Playbook
# init-server.yml
---
- name: 服务器初始化
hosts: webservers
become: yes
vars:
timezone: Asia/Shanghai
packages:
- vim
- curl
- wget
- htop
- net-tools
tasks:
- name: 设置时区
ansible.builtin.timezone:
name: {{ timezone }}
- name: 安装基础软件包
ansible.builtin.apt:
name: {{ packages }}
state: present
update_cache: yes
- name: 配置系统参数
ansible.builtin.sysctl:
name: {{ item.key }}
value: {{ item.value }}
sysctl_set: yes
reload: yes
loop:
- { key: 'net.ipv4.tcp_tw_reuse', value: '1' }
- { key: 'net.core.somaxconn', value: '32768' }
- { key: 'vm.swappiness', value: '10' }
- name: 创建deploy用户
ansible.builtin.user:
name: deploy
groups: sudo
shell: /bin/bash
create_home: yes
- name: 配置SSH密钥
ansible.builtin.authorized_key:
user: deploy
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
常用命令
# 执行Playbook
ansible-playbook init-server.yml
# 检查模式(dry run)
ansible-playbook init-server.yml --check
# 指定主机
ansible-playbook init-server.yml --limit webservers
# 详细输出
ansible-playbook init-server.yml -v
# 使用vault加密变量
ansible-vault create secrets.yml
ansible-vault edit secrets.yml
ansible-playbook site.yml --ask-vault-pass
总结
Ansible是运维自动化的利器。掌握Inventory配置、模块使用和Playbook编写,可以实现高效的配置管理和应用部署。