Ansible的安装及部署
1.实验环境
两个虚拟机以上
在家设定一个网关一个dns
一个控制机
一个被控机
hostnamectl ##查看版本需要8.0以上
2.Ansible的安装
epel for rhel8 ##网页搜索下载包
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm 下载
直接下载到当前路径找到下载好的包进行安装:
rpm -ivh 安装下载好的包
dnf search ansible ##查找ansible
dnf install ansible.noarch ##下载
yumdownloader ansible --destdir=/mnt --resolve ##安装解决依赖性,–destdir=/mnt 去/mnt查找
dnf install 先下载sshpass
dnf install 在下载ansible
ansible --version ##查看是否安装成功(查看版本信息)
ansible 2.9.11
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
有的下载好epel源解决掉依赖性没有出现sshpass包的直接查询ansible --version肯能否出现信息出现了就说明已经安装好了
3.ansible的基本信息
/etc/ansible/ansible.conf ##全局配置文件,默认很少修改
/etc/ansible/hosts ##全局主机清单清单文件
3.1ansible 清单管理
cd /etc/ansible/
vim hosts ##清单文件如果没有谋主机的信息,是无法对其进行管理的
最下面添加 172.25.254.229
测试:
ansible 172.25.254.229 -m ping -k ##如果不加 -k 无法通过认证
SSH password:
172.25.254.229 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
-k ##询问ssh的密码
出现pong回馈表示与229主机实现ansible关联
##
3.2密钥认证
去被控主机添加用户 useradd devops
给创建用户设定密码 echo westos | passwd --stdin devops
去控制机生成面密认证
[root@westoslinux ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ##全部直接回车
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:eS3G9nYzoYBTKXRbL9GM+YQBpME9fAdfhns9e2NDG08 root@westoslinux.westos.org
The key's randomart image is:
+---[RSA 3072]----+
| .o++.=O .o|
| ..+++=+*o |
| o +o.+o..|
| * . .o+E|
| S B . oo*|
| = + . Bo|
| + = +|
| . . o |
| |
+----[SHA256]-----+
ssh-copy-id -i /root/.ssh/id_rsa.pub devops@172.25.254.229 ##生成密钥copy到你的被控主机 ##devops是你在被控机建立的用户和更改的密码
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '172.25.254.229 (172.25.254.229)' can't be established.
ECDSA key fingerprint is SHA256:j1eksGwobdp+MVYQXJB+MoyMeCMt6FIYzp5egJFXyws.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
devops@172.25.254.229's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'devops@172.25.254.229'"
and check to make sure that only the key(s) you wanted were added.
设定好进行测试:
ansible 172.25.254.229 -m ping -u devops
172.25.254.229 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong" ##成功
}
3.3权限的下放
控制机给被控主机touch一个文件时
权力太小被限制
visudo 添加你的用户 ##去被控主机
[root@westosb mnt]# visudo
测试:
ansible 172.25.254.229 -m shell -a 'touch /mnt/xixi' -u devops --become
--become 指定devops在执行命令是用sudo调用
3.4ansible 清单
cd /etc/ansible/ ##注意路径
vim westos ##自己定义清单
172.25.254.129
172.25.254.229
查看清单中不再组的主机
定义主机组westos组 注意 [ ] 括起来
在查看不再组的主机
在查看添加到westos组的主机
下列添加更多组进行查看
vim hosts
[192] ##指定组的名称
172.25.254.130
172.25.254.229
[westos2]
192.168.0.1
172.25.254.[129:139] ## 主机ip129到139
[westos:children]
westos1
westos2
ansible westos --list ##列出指定组的主机
ansible 'westos*' ##列出清单中所有以westos开头的清单或清单的主机
ansible '172*:192*' --list ## 列出以172和192开头的清单或主机
ansible 'westos1:&westos2' --list ##列出在清单1和清单2共同的主机
ansible 'westos1:!westos2' --list ##列出不在清单1和清单2的主机
ansible '~(172|192)' --list ##列出172或者192开头
3.5常用配置参数
vim /etc/ansible/ansible.cfg #配置文件都可以看到
#[default] ##基本信息设定
inventory= ##指定清单路径
remote_user= ##在受管主机上登陆的用户名称,未指定使用当前用户
ask_pass= ##是否提示输入SSH密码,如果公钥登陆设定为false
library= ##库文件存放目录
local_tmp= ##本机临时命令执行目录
remote_tmp= ##远程主机临时py命令文件存放目录
forks= ##默认并发数量
host_key_checking= ##第一次连接受管主机时是否要输入yes建立host_key
sudo_user= ##默认sudo用户
ask_sudo_pass= ##每次在受控主机执行ansible命令时是否询问sudo密码
module_name= ##默认模块,默认使用command,可以修改为shell
log_path= ##日志文件路径
[privilege_escalation] ##身份信息设定
become= ##连接后是否自动切换用户
become_method= ##设定切换用户的方式,通常用sudo
become_user= ##在受管主机中切换到的用户,通常为root
become_ask_pass ##是否需要为become_method提示输入密码,默认为false
3.6构建用户级Ansible操作环境
useradd zzw
echo westos | grep --stdin zzw
su - zzw
mkdir ~/ansible
cd ansible/
vim ansible.cfg
[defaults]
inventory = ~/ansible/inventory
host_key_checking = False
ask_pass = False
#roles_path =
remote_user = devops
module_name = shell
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
vim ~/ansible/inventory
[westos]
172.25.254.129
172.25.254.229
在root用户
useradd devops
echo westos | grep --stdin devops
vim visudo
在100行添加 devops ALL=(ALL) NOPASSWD: ALL
ssh-copy-id -i ~/.ssh/id_rsa.pub devops@172.25.254.129
su - zzw
在zzw用户
scp root@172.25.254.129:/root/.ssh/id_rsa /home/zzw/.ssh/
测试 ansible westos -m ping ##做好成功