Ansible 自动化运维完全指南:配置管理一把抓
Ansible 简介
Ansible 是一个开源的自动化工具,用于配置管理、应用部署、任务编排等。其特点是"无代理",通过 SSH 连接目标服务器,无需在被管理节点安装任何软件。
Ansible 核心概念
- Control Node - 运行 Ansible 的控制节点
- Managed Node - 被管理的服务器
- Inventory - 主机清单
- Playbook - 任务剧本(YAML 格式)
- Module - Ansible 模块
- Role - 角色,模块化组织
Ansible 安装
# Ubuntu/Debian
sudo apt update
sudo apt install ansible
# CentOS/RHEL
sudo yum install epel-release
sudo yum install ansible
# pip 安装(推荐)
pip install ansible
# 验证安装
ansible --versionInventory 主机清单
# inventory.ini
[webservers]
web1.example.com
web2.example.com
web3.example.com
[dbservers]
db1.example.com
db2.example.com
[production:children]
webservers
dbservers
[production:vars]
ansible_user=ubuntu
ansible_python_interpreter=/usr/bin/python3
[webservers:vars]
nginx_version=1.24Ad-hoc 命令(快速执行)
# 批量 ping 所有主机
ansible all -i inventory.ini -m ping
# 查看主机信息
ansible all -i inventory.ini -m setup
# 执行 shell 命令
ansible all -i inventory.ini -a "df -h"
# 安装软件包
ansible webservers -i inventory.ini -m apt -a "name=nginx state=present" --become
# 启动服务
ansible webservers -i inventory.ini -m service -a "name=nginx state=started enabled=yes" --become
# 复制文件
ansible all -i inventory.ini -m copy -a "src=./file.conf dest=/etc/file.conf mode=0644" --become
# 创建用户
ansible all -i inventory.ini -m user -a "name=deploy state=present" --becomePlaybook 基础
# nginx.yml
---
- name: Install and Configure Nginx
hosts: webservers
become: yes
vars:
nginx_port: 80
server_name: example.com
tasks:
- name: Install Nginx
apt:
name: nginx
state: present
update_cache: yes
- name: Copy nginx config
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/nginx.conf
mode: '0644'
notify: Restart Nginx
- name: Start Nginx
service:
name: nginx
state: started
enabled: yes
- name: Configure firewall
ufw:
rule: allow
port: "{{ nginx_port }}"
proto: tcp
handlers:
- name: Restart Nginx
service:
name: nginx
state: restartedPlaybook 执行
# 执行 playbook
ansible-playbook -i inventory.ini nginx.yml
# 试运行(不执行)
ansible-playbook -i inventory.ini nginx.yml --check
# 查看语法
ansible-playbook -i inventory.ini nginx.yml --syntax-check
# 列出所有任务
ansible-playbook -i inventory.ini nginx.yml --list-tasks
# 逐步确认
ansible-playbook -i inventory.ini nginx.yml --stepRoles 角色管理
# 目录结构
roles/
nginx/
tasks/
main.yml
handlers/
main.yml
templates/
nginx.conf.j2
vars/
main.yml
defaults/
main.yml
meta/
main.yml# roles/nginx/tasks/main.yml
---
- name: Install Nginx
apt:
name: nginx
state: present
- name: Copy config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart Nginx
- name: Start Nginx
service:
name: nginx
state: started# site.yml - 使用 Role
---
- name: Configure Web Servers
hosts: webservers
become: yes
roles:
- nginx
- php
- composer
- name: Configure Database Servers
hosts: dbservers
become: yes
roles:
- mysql条件判断和循环
# 条件判断
---
- name: Install PHP based on OS
hosts: webservers
vars:
php_version: "8.2"
tasks:
- name: Install PHP on Debian
apt:
name: "php{{ php_version }}"
state: present
when: ansible_os_family == "Debian"
- name: Install PHP on RedHat
yum:
name: "php{{ php_version }}"
state: present
when: ansible_os_family == "RedHat"
# 循环
- name: Install multiple packages
apt:
name: "{{ item }}"
state: present
loop:
- nginx
- php
- php-fpm
- php-mysql
# 循环字典
- name: Create users
user:
name: "{{ item.name }}"
state: present
shell: "{{ item.shell }}"
loop:
- { name: 'alice', shell: '/bin/bash' }
- { name: 'bob', shell: '/bin/sh' }Vault 敏感数据管理
# 创建加密文件
ansible-vault create secrets.yml
# 编辑加密文件
ansible-vault edit secrets.yml
# 查看加密文件
ansible-vault view secrets.yml
# 加密现有文件
ansible-vault encrypt plain.yml
# 解密文件
ansible-vault decrypt plain.yml
# 执行时输入密码
ansible-playbook site.yml --ask-vault-pass
# 使用密码文件
ansible-playbook site.yml --vault-password-file ~/.vault_pass.txt# secrets.yml (加密后)
---
db_password: "mysecretpassword"
api_key: "your-api-key"
# playbook 中使用
- name: Configure Database
mysql_db:
name: myapp
state: present
login_password: "{{ db_password }}"常用模块
| 模块 | 用途 |
|---|---|
| apt/yum | 软件包管理 |
| service | 服务管理 |
| copy | 文件复制 |
| template | 模板渲染 |
| file | 文件属性 |
| user | 用户管理 |
| git | Git 操作 |
| docker_container | Docker 容器 |
| k8s | Kubernetes |
| mysql_db | MySQL 管理 |
总结
Ansible 是配置管理和自动化运维的利器,其简洁的 YAML 语法和"无代理"架构使其成为 DevOps 工程师的首选工具。掌握 Ansible 的 Playbook、Roles、Vault 等核心功能,能够大幅提升运维效率。
参考资源:Ansible 官方文档
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
