容器云系列之Ansible部署使用

本文简要介绍自动化运维工具Ansible的部署。Ansible的自动化运维实现分三部分介绍：

容器云系列之基于Docker的Ansible自动化运维实现——介绍Ansible的基本概念和语法使用
容器云系列之Ansible部署使用——介绍Ansible的安装部署和使用
容器云系列之基于Docker部署Ansible-Tower——介绍使用Docker部署Ansible-Tower

2、Ansible部署使用

2.1 环境准备

1）服务器环境

2）服务器间基于ssh密钥方式建立远程连接

• 安装openssh-server

[root@tango-01 /]# yum install openssh-server -y
[root@tango-centos01 /]# yum install openssh-server
[root@tango-centos02 /]# yum install openssh-server
[root@tango-centos03 /]# yum install openssh-server

• 在tango-01生成密钥

[root@tango-01 /]# ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""
Generating public/private dsa key pair.
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:b+893eSvCD5PGT9J+36+EHVcJhumQgHKn13tVNlry0Y root@tango-01
The key's randomart image is:
+---[DSA 1024]----+
|        ..o.  + *|
|     . . .   + Oo|
|      o   . o +.+|
|       . o o o.E.|
|        S . ..* .|
|         .   =.*.|
|          + o.*+.|
|         o.+ ooo=|
|          .+= o*O|
+----[SHA256]-----+

• 将密钥分发到目标主机

[root@tango-01 /]# ssh-copy-id -i root@192.168.112.101
[root@tango-01 /]# ssh-copy-id -i root@192.168.112.102
[root@tango-01 /]# ssh-copy-id -i root@192.168.112.103

• SSH登录目标主机验证

[root@tango-01 /]# ssh 192.168.112.101
[root@tango-01 /]# ssh 192.168.112.102
[root@tango-01 /]# ssh 192.168.112.103

2.2 Ansible安装

1）在tango-01安装epel源

[root@tango-01 /]# yum install epel-release -y

2）查看epel源并安装ansible

[root@tango-01 /]# ll /etc/yum.repos.d/epel*
-rw-r--r-- 1 root root  951 Oct  3  2017 /etc/yum.repos.d/epel.repo
-rw-r--r-- 1 root root 1050 Oct  3  2017 /etc/yum.repos.d/epel-testing.repo
[root@tango-01 /]# yum install -y ansible

3）查看Ansible版本

[root@tango-01 /]# ansible --version
ansible 2.9.15
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Apr  2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

4）修改配置文件，添加主机组：

[root@tango-01 /]# vi /etc/ansible/hosts
[node01]
192.168.112.101
192.168.112.102
192.168.112.103

5）使用ping命令测试连通性

[root@tango-01 /]# ansible node01 -m ping
192.168.112.102 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.112.101 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.112.103 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

2.3 Ansible简单使用

1）检查节点的内核版本

[root@tango-01 /]# ansible node01 -m command -a "uname -r"
192.168.112.103 | CHANGED | rc=0 >>
3.10.0-693.el7.x86_64
192.168.112.101 | CHANGED | rc=0 >>
3.10.0-693.el7.x86_64
192.168.112.102 | CHANGED | rc=0 >>
3.10.0-693.el7.x86_64

2）给节点增加用户

[root@tango-01 /]# ansible node01 -m user -a "name=test001 password=123"
[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.
192.168.112.102 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1003, 
    "home": "/home/test001", 
    "name": "test001", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1003
}
192.168.112.101 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1003, 
    "home": "/home/test001", 
    "name": "test001", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1003
}
192.168.112.103 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1003, 
    "home": "/home/test001", 
    "name": "test001", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1003
}

---

参考资料

1. https://docs.ansible.com/ansible/latest/user_guide
2. http://www.ansible.com.cn/
3. https://www.cnblogs.com/keerya/p/7987886.html
4. https://www.cnblogs.com/liuyansheng/p/6093139.html
5. https://blog.csdn.net/len9596/article/details/82656902

---

转载请注明原文地址：https://blog.csdn.net/solihawk/article/details/121958932
文章会同步在公众号“牧羊人的方向”更新，感兴趣的可以关注公众号，谢谢！