【无标题】

最新推荐文章于 2024-07-10 21:02:27 发布

TNTsdant

最新推荐文章于 2024-07-10 21:02:27 发布

阅读量52

点赞数

文章标签：服务器运维

本文链接：https://blog.csdn.net/TNTsdant/article/details/127426238

版权

部署ansible

文章目录

部署ansible

ansible优点

1、跨平台支持：ansible提供Linux、windows、unix和网络设备的无代理支持，适用于物理、虚拟、云和容器环境。
2、人类可读的自动化：ansible playbook采用YAML文本文件编写，易于阅读，有助于确保所有人都能理解它们的用途。
3、完美描述应用：可以通过ansible playbook进行每一种更改，并描述和记录应用环境的每一个方面。
4、轻松管理版本控制：ansible playbook和项目是纯文本，它们可以视作源代码，放在您的现有版本控制系统中。
5、支持动态清单：可以从外部来源动态更新ansible管理的计算机的列表，随时获取所有受管服务器的当前正确列表，不受基础架构或位置的影响。
6、编排可与其他系统轻松集成：能够利用环境中现有的HP SA、Puppet、Jenkins、红帽卫星和其他系统，并且集成到您的ansible工作中。

ansible管理方式

Ansible是一个模型驱动的配置管理器，支持多节点发布、远程任务执行。默认使用SSH进行远程连接。无需在被管节点上安装附加软件，可使用各种编程语言进行扩展。Ansible管理系统由控制主机和一组被管节点组成。控制主机直接通过SSH控制被管节点，被管节点通过 Ansible的资源清单 (inventory)来进行分组管理

ansible系统架构

在这里插入图片描述
在控制主机时，ansible是如何知道哪些主机是被自己控制的呢？
这就需要一个Host Inventory（主机清单），用于记录ansible可以控制网络中的哪些主机。另外，要配置和管理这些主机，可以采用两种方式，一种是单一的命令实现，另外一种也可以使用palybook实现。单一的命令模式是采用不同的模块进行管理，一个模块类似于一些管理的命令，如top，ls，ping等等，适用于临时性的操作任务。如果需要执行一些例行性或经常性的操作，则需要采用playbook的方式，playbook类似于一个脚本，将多个模块按一定的逻辑关系进行组合，然后执行。ansible还支持一些插件，如邮件、日志等，在和远程主机通信时，也会采用类似的连接插件，这里使用则是SSH协议的插件进行通信。
核心: ansible
Core Modules: ansible自带的模块
Custom Modules: 核心模块功能不足时,用户可以添加扩展模块
Plugins: 通过插件来实现记录日志,发送邮件或其他功能
Playbooks: 剧本,YAML格式文件，多个任务定义在一个文件中，定义主机需要调用哪些模块来完成的功能
Connection Plugins: ansible基于连接插件连接到各个主机上,默认是使用ssh
Host Inventory: 记录由Ansible管理的主机信息，包括端口、密码、ip等

ansible任务执行模式

Ansible系统由控制主机对被管节点的操作方式可分为两类，即ad-hoc和playbook：

ad-hoc模式(点对点模式)
使用单个模块，支持批量执行单条命令。ad-hoc 命令是一种可以快速输入的命令，而且不需要保存起来的命令。就相当于bash中的一句话shell。

playbook模式(剧本模式)
是Ansible主要管理方式，也是Ansible功能强大的关键所在。playbook通过多个task集合完成一类功能，如Web服务的安装部署、数据库服务器的批量备份等。可以简单地把playbook理解为通过组合多条ad-hoc操作的配置文件。

ansible工作流程

在这里插入图片描述

安装yum源

[root@localhost yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@localhost yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@localhost ~]# dnf -y install centos-release-ansible-29-1-2.el8.noarch

安装ansible

[root@localhost ~]# yum -y install ansible

查看ansible版本

[root@localhost ~]# ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Dec  3 2020, 18:11:24) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]

配置/etc/hosts

[root@ansible ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.17.136 ausible.example.com ausible
192.168.17.128 node1.example.com node1
192.168.17.129 node2.example.com node2
192.168.17.135 node3.example.com node3

配置基于密钥认证

[root@ansible ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Th68W7btms/ZmPrdy6oyiNBMUvIm7EbNRZeKKfoveBg root@ansible.example.com
The key's randomart image is:
+---[RSA 3072]----+
|      .. ..      |
|   . . ...       |
|  . * + .        |
|   * O o         |
|  + O   S        |
| E + o + o       |
|  * . . = o      |
| o + . . * = *.. |
|  . o.  . BB@.+oo|
+----[SHA256]-----+

将ansible本地的/etc/hosts文件发送给受控主机

[root@ansible ~]# scp /etc/hosts root@node1:/etc/hosts
The authenticity of host 'node1 (192.168.17.128)' can't be established.
ECDSA key fingerprint is SHA256:GVceTt2WTrNjJTfGTdakFtahY7205NUrjWMbgyzBu1A.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node1,192.168.17.128' (ECDSA) to the list of known hosts.
root@node1's password: 
hosts                        100%  332    60.2KB/s   00:00 

[root@ansible ~]# scp /etc/hosts root@node2:/etc/hosts
The authenticity of host 'node2 (192.168.17.129)' can't be established.
ECDSA key fingerprint is SHA256:GVceTt2WTrNjJTfGTdakFtahY7205NUrjWMbgyzBu1A.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node2,192.168.17.129' (ECDSA) to the list of known hosts.
root@node3's password: 
hosts                        100%  332    60.2KB/s   00:00 

[root@ansible ~]# scp /etc/hosts root@node3:/etc/hosts
The authenticity of host 'node3 (192.168.17.135)' can't be established.
ECDSA key fingerprint is SHA256:GVceTt2WTrNjJTfGTdakFtahY7205NUrjWMbgyzBu1A.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node3,192.168.17.135' (ECDSA) to the list of known hosts.
root@node3's password: 
hosts                        100%  332    60.2KB/s   00:00

在ansible主机和所有受控主机中创建student用户，并设置密码为redhat

[root@ansible ~]# useradd student
[root@ansible ~]# echo redhat | passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.



[root@node1 ~]# echo redhat | passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

[root@node2 ~]# useradd student
[root@node2 ~]# echo redhat | passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

[root@node3 ~]# useradd student
[root@node3 ~]# echo redhat | passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

使用student用户创建基于密钥认证

[student@ansible ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa): 
Created directory '/home/student/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:7g678XqP+rB+tN9iEfduANGtbRhhaxTL3NJJP7B7BU4 student@ansible.example.com
The key's randomart image is:
+---[RSA 3072]----+
|           .==E  |
|          .=oO++ |
|           .B*=.o|
|          o.+.+ o|
|        S  + + . |
|       .. . . o  |
|      +... . o   |
|       O+.o.  o  |
|     .BO*+o...   |
+----[SHA256]-----+


[student@ansible ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'node1 (192.168.17.128)' can't be established.
ECDSA key fingerprint is SHA256:5+DbjWPpBUBYrMun1AdYyUWjeSjOROAx0zbkaOIxN5g.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.


[student@ansible ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node
2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'node2 (192.168.17.129)' can't be established.
ECDSA key fingerprint is SHA256:8BUBURoskLnBVSSoObwE1yHlhERT0gdxcdVtoBgAe9g.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node2'"
and check to make sure that only the key(s) you wanted were added.


[student@ansible ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node
3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'node3 (192.168.17.135)' can't be established.
ECDSA key fingerprint is SHA256:GVceTt2WTrNjJTfGTdakFtahY7205NUrjWMbgyzBu1A.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node3'"
and check to make sure that only the key(s) you wanted were added.

[student@ansible ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@node1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'student@node1'"
and check to make sure that only the key(s) you wanted were added.

[student@ansible ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@node2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'student@node2'"
and check to make sure that only the key(s) you wanted were added.

[student@ansible ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@node3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'student@node3'"
and check to make sure that only the key(s) you wanted were added.

验证

[student@ansible ansible]$ cat ansible.cfg 
# config file for ansible -- https://ansible.com/
# ===============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]

# some basic default values...

inventory      = /home/student/ansible/zzy

[student@ansible ansible]$ cat zzy
node1
node2
node3


[student@ansible ansible]$ ansible all -m ping
node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
node3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}