目录
Ansible介绍
什么是ansible
Ansible : 一款自动化运维工具,更快捷更高效的批量执行任务
ansible的好处
简单易读:基于YAML文本编写,易于阅读,非专业的开发人员也可以编写
功能强大:软件淡妆,流程自动化
无代理:不需要在客户端安装额外的agent
跨平台支持:支持Linux,Windows,unix和网络设备。只需要ssh远程连接即可
ansible是如何工作的:
ansible通过YAML格式构建的一个脚本文件,通过ssh远程控制连接按照特定的顺序执行任务
结构:
ansible是基于模块工作的,自身并没有自动化批量部署能力,真正具有部署能力的是运行的模块(wegame游戏平台就好比一个框架,具有工作能力的是wegame里的游戏)
ansible结构图:
ansible主要模块作用:
host inventory : 指定操作的主机,,是一个配置文件里面定义监控的主机
paly books : 剧本,需要在被控制节点主机上运行的任务列表
modules : 确保主机处在一个特定的状态。保证任务稳定连续的运行。例如可以使用yum(linux中是yum,而ubuntu里则称呼为apt)模块,确保主机已经安装了某个软件,如果主机专改是已经预期的(已经安装了该软件),那就不会执行任何操作,则执行下一个模块
connectin plugins : 连接插件,负责和被监控实现通信
Ansible安装
安装要求:
ansible只需安装在控制节点上,被控制主机则不需要。
对控制节点要求:
- 控制节点必须是Linux或unix系统,不能是window系统,但Windows可以是受管主机
- 控制节点但需要安装python3及以上版本
[root@yang ~]# yum list installed platform-python
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
已安装的软件包
platform-python.x86_64 3.6.8-23.el8 @anaconda
//这里显示我已安装版本为3.6的pythonAnsible安装实例:
//先配置网络仓库
[root@yang yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2595 100 2595 0 0 9368 0 --:--:-- --:--:-- --:--:-- 9334
[root@yang yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@yang yum.repos.d]# ls /etc/yum.repos.d/
CentOS-Base.repo
//安装eple源
[root@yang yum.repos.d]# yum install -y epel-release
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
CentOS-8 - Base - mirrors.aliyun.com 578 kB/s | 3.6 MB 00:06
CentOS-8 - Extras - mirrors.aliyun.com 14 kB/s | 9.8 kB 00:00
CentOS-8 - AppStream - mirrors.aliyun.com 791 kB/s | 8.1 MB 00:10
依赖关系解决。
......
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
准备中 : 1/1
安装 : epel-release-8-11.el8.noarch 1/1
运行脚本: epel-release-8-11.el8.noarch 1/1
验证 : epel-release-8-11.el8.noarch 1/1
Installed products updated.
已安装:
epel-release-8-11.el8.noarch
完毕!
[root@yang yum.repos.d]# ls
CentOS-Base.repo epel-playground.repo epel-testing-modular.repo redhat.repo
epel-modular.repo epel.repo epel-testing.repo
[root@yang yum.repos.d]#
//现在yum库里搜索ansible,看有无
[root@yang ~]# yum list all|grep ansible
ansible.noarch 2.9.23-1.el8 epel
ansible-collection-ansible-posix.noarch 1.2.0-1.el8 epel
ansible-collection-community-general.noarch 3.1.0-2.el8 epel
ansible-doc.noarch 2.9.23-1.el8 epel
ansible-freeipa.noarch 0.3.2-2.el8 AppStream
ansible-test.noarch 2.9.23-1.el8 epel
centos-release-ansible-29.noarch 1-2.el8 extras
vim-ansible.noarch 3.2-1.el8 epel
//安装ansible
[root@yang ~]# yum install -y ansible
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
上次元数据过期检查:0:00:56 前,执行于 2021年07月13日 星期二 16时16分33秒。
依赖关系解决。
=====================================================================================
软件包 架构 版本 仓库 大小
=====================================================================================
安装:
ansible noarch 2.9.23-1.el8 epel 17 M
升级:
platform-python-pip noarch 9.0.3-19.el8 base 1.7 M
platform-python-setuptools
noarch 39.2.0-6.el8 base 632 k
安装依赖关系:
libsodium x86_64 1.0.18-2.el8 epel 162 k
......
验证 : platform-python-setuptools-39.2.0-5.el8.noarch 20/20
Installed products updated.
已升级:
platform-python-pip-9.0.3-19.el8.noarch
platform-python-setuptools-39.2.0-6.el8.noarch
已安装:
ansible-2.9.23-1.el8.noarch
libsodium-1.0.18-2.el8.x86_64
python3-babel-2.5.1-5.el8.noarch
python3-bcrypt-3.1.6-2.el8.1.x86_64
python3-jinja2-2.10.1-2.el8_0.noarch
python3-jmespath-0.9.0-11.el8.noarch
python3-markupsafe-0.23-19.el8.x86_64
python3-paramiko-2.4.3-1.el8.noarch
python3-pip-9.0.3-19.el8.noarch
python3-pyasn1-0.3.7-6.el8.noarch
python3-pynacl-1.3.0-5.el8.x86_64
python3-pytz-2017.2-9.el8.noarch
python3-pyyaml-3.12-12.el8.x86_64
python3-setuptools-39.2.0-6.el8.noarch
python36-3.6.8-2.module_el8.4.0+790+083e3d81.x86_64
sshpass-1.06-9.el8.x86_64
完毕!
[root@yang ~]#
//查看本机ansible模块,测试是否安装好
[root@yang ~]# ansible -m setup localhost
Ansible简单使用实例:
更改默认清单文件位置
ansible的文件都在/etc/ansible下
[root@yang ansible]# ls
ansible.cfg hosts roles
[root@yang ansible]# vim ansible.cfg
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts
inventory = /etc/ansible/inventory //将后面路径改为自己想要设置清单文件的绝对路径
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
#poll_interval = 15
[root@yang ansible]# touch inventory //如果原先没有,那便需要创建
[root@yang ansible]# ls
ansible.cfg hosts inventory roles
查看本机ansible所有主机
[root@yang ansible]# ls
ansible.cfg hosts inventory roles
[root@yang ansible]# cat inventory
192.168.75.128
[root@yang ansible]# cd
[root@yang ~]# ansible 192.168.75.128 --list-hosts
hosts (1):
192.168.75.128
[root@yang ~]# ansible all --list-hosts
hosts (1):
192.168.75.128
[root@yang ~]#
在清单文件里添加主机的用户名和密码,试着ping通
[root@yang ~]# vim /etc/ansible/inventory
[root@yang ~]# cat /etc/ansible/inventory
[webserver]
192.168.75.128 ansible_user=root ansible_password=1
[root@yang ~]# ansible all -m ping //我这里是ping本机清单文件里的所有ip
192.168.75.128 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@yang ~]#
做免密登录
//查看清单文件,确认里面只有一个ip
[root@yang ~]# cat /etc/ansible/inventory
[webserver]
192.168.75.128
//做ssh免密登录
[root@yang ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fpgTQoqijHUnyN0E9lRQJIJEejFBrlNqhPMWkz83qf0 root@yang
The key's randomart image is:
+---[RSA 3072]----+
| +Bo+ +=+ |
|.o.= = . |
|+.B + |
|.O B = . |
|=.B B B S |
|== . B + + |
|o. . . = . |
| . o |
| E |
+----[SHA256]-----+
[root@yang ~]# ssh-copy-id root@192.168.75.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.75.128's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.75.128'"
and check to make sure that only the key(s) you wanted were added.
//测试结果
[root@yang ~]# ansible all -m ping
192.168.75.128 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@yang ~]#
//免密登录已做好更改清单位置,使其在本机别的目录都可ping通
//先将原来的清单文件和移动到别的目录
[root@yang ~]# cd /etc/ansible/
[root@yang ansible]# ls
ansible.cfg hosts inventory roles
[root@yang ansible]# mv inventory /opt/
[root@yang ansible]# ls /opt/
inventory
//在将ansible配置文件复制一份到/opt/目录下并更改
[root@yang ~]# cp /etc/ansible/ansible.cfg /opt/ansible.cfg
[root@yang ~]# vim /opt/ansible.cfg
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts
inventory = inventory //将这里路径改为文件本身
//查看结果
[root@yang ~]# cd /opt/
[root@yang opt]# ansible all -m ping
192.168.75.128 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
//这样就可以在/opt目录下进行ansible操作了
701
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
