Ansible 自动化部署:告别手动运维
随着服务器数量增长,手动运维的效率和准确性越来越难以保证。Ansible 是一款强大的自动化运维工具,使用简单,功能强大。本文详细介绍 Ansible 的使用方法和实战技巧。
一、Ansible 优势
- 无需 Agent:使用 SSH 协议,无需在被控端安装代理
- YAML 配置:配置文件使用 YAML,易读易写
- 幂等性:多次执行结果一致,不会重复执行
- 模块化:丰富的内置模块,支持自定义模块
二、安装 Ansible
# Ubuntu/Debian sudo apt update sudo apt install ansible # CentOS/RHEL sudo yum install ansible # macOS brew install ansible # 验证安装 ansible --version
三、配置 Inventory
# 编辑 /etc/ansible/hosts sudo vim /etc/ansible/hosts [webservers] 192.168.1.10 192.168.1.11 [dbservers] 192.168.1.20 [all:vars] ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/id_rsa
四、常用命令
# 测试连接 ansible all -m ping # 查看主机信息 ansible all -m setup # 执行命令 ansible webservers -m shell -a "uptime" # 复制文件 ansible webservers -m copy -a "src=/local/file dest=/remote/file" # 安装软件包 ansible webservers -m apt -a "name=nginx state=present"
五、Playbook 编写
# deploy_web.yml
---
- name: Deploy Web Server
hosts: webservers
become: yes
tasks:
- name: Update apt cache
apt:
update_cache: yes
- name: Install Nginx
apt:
name: nginx
state: present
- name: Start Nginx
service:
name: nginx
state: started
enabled: yes
- name: Copy website files
copy:
src: ./website/
dest: /var/www/html/
- name: Configure Nginx
template:
src: ./nginx.conf.j2
dest: /etc/nginx/sites-available/default
notify: restart nginx
handlers:
- name: restart nginx
service:
name: nginx
state: restarted
六、执行 Playbook
# 语法检查 ansible-playbook --syntax-check deploy_web.yml # 模拟执行(不做实际更改) ansible-playbook --check deploy_web.yml # 执行 Playbook ansible-playbook deploy_web.yml # 指定主机组执行 ansible-playbook -i inventory.ini deploy_web.yml # 增加详细输出 ansible-playbook -vvv deploy_web.yml
七、常用模块
1. apt/yum – 包管理
- name: Install packages
apt:
name:
- nginx
- mysql-server
- python3-pip
state: present
2. service – 服务管理
- name: Ensure Nginx is running
service:
name: nginx
state: started
enabled: yes
3. copy – 文件复制
- name: Copy configuration file
copy:
src: config/nginx.conf
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '0644'
backup: yes
4. template – 模板渲染
# nginx.conf.j2
server {
listen {{ nginx_port }};
server_name {{ server_name }};
root {{ document_root }};
}
# playbook
- name: Configure Nginx
template:
src: nginx.conf.j2
dest: /etc/nginx/sites-available/default
vars:
nginx_port: 80
server_name: example.com
document_root: /var/www/html
5. file – 文件管理
- name: Create directory
file:
path: /var/www/html
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Ensure file exists
file:
path: /var/www/html/index.html
state: touch
6. systemd – systemd 管理
- name: Reload systemd
systemd:
daemon_reload: yes
- name: Restart service
systemd:
name: nginx
state: restarted
八、变量使用
# 定义变量
---
- name: Deploy Application
hosts: webservers
vars:
app_name: myapp
app_port: 3000
app_user: appuser
tasks:
- name: Create user
user:
name: "{{ app_user }}"
shell: /bin/bash
- name: Deploy application
copy:
src: "./{{ app_name }}/"
dest: "/opt/{{ app_name }}/"
九、Roles 角色
roles/
├── common/
│ ├── tasks/
│ │ └── main.yml
│ ├── handlers/
│ │ └── main.yml
│ ├── files/
│ ├── templates/
│ ├── vars/
│ │ └── main.yml
│ └── defaults/
│ └── main.yml
├── nginx/
│ └── ...
└── mysql/
└── ...
# site.yml
---
- hosts: webservers
roles:
- common
- nginx
- hosts: dbservers
roles:
- common
- mysql
十、Vault 加密敏感数据
# 创建加密文件
ansible-vault create secret.yml
# 编辑加密文件
ansible-vault edit secret.yml
# 使用加密变量
- hosts: webservers
vars_files:
- secret.yml
# 执行时提供密码
ansible-playbook site.yml --ask-vault-pass
十一、最佳实践
- 使用版本控制:将 Playbook 和 Roles 放入 Git 仓库
- 模块化设计:使用 Roles 复用配置
- 幂等性:确保多次执行结果一致
- 错误处理:使用 ignore_errors 和 failed_when 控制错误处理
- 测试:使用 –check 参数先测试再执行
总结
Ansible 是自动化运维的利器。通过 Playbook 和 Roles,可以轻松实现自动化部署、配置管理、应用发布等任务。掌握 Ansible,告别手动运维,提升工作效率。