【Ansible自动部署工具】

最新推荐文章于 2023-12-07 15:24:22 发布

小怪兽ysl

最新推荐文章于 2023-12-07 15:24:22 发布

阅读量503

点赞数

分类专栏：运维文章标签：运维 linux centos

本文链接：https://blog.csdn.net/weixin_47308871/article/details/122152084

版权

运维专栏收录该内容

26 篇文章 0 订阅

订阅专栏

运维部署三层次：
1 纯手动操作
2 一键部署脚本
3 使用自动部署工具

ansible是自动化运维工具，基于Python开发
功能：批量系统配置、批量程序部署、批量运行命令

工作原理：
1 主机清单：定义ansible要管理的对象
2 playbooks：剧本 python的yml脚本
3 功能插件(模块)：实现剧本中具体的任务
4 连接模块：ssh
5 ansible整合
-----------------------------------------------
应用场景：
安装系统的工具：
    kickstart
初始化：
    selinux 、iptables 、 IP 联网、主机名、时间、常用工具
部署应用：
    apache 、nginx 、 tomcat 、 mysql
批量执行命令
…
--------------------------------------
准备环境：

ansible 172.20.10.6  
node1 172.20.10.7  
node2 172.20.10.8  
[root@ansible ~]# tail -3 /etc/hosts  
172.20.10.6 ansible.ysla.com ansible  
172.20.10.7 node1.ysla.com node1  
172.20.10.8 node2.ysla.com node2  
[root@ansible ~]# scp /etc/hosts 172.20.10.7:/etc/  
[root@ansible ~]# scp /etc/hosts 172.20.10.8:/etc/

--------------------------------------------------

开始部署ansible：

[root@ansible ~]# rpm -ivh epel-release-7-6.noarch.rpm //安装epel,yum也可以  
[root@ansible ~]# yum install -y ansible  
[root@ansible ~]# rpm -ql ansible | head -20  
/etc/ansible  
/etc/ansible/ansible.cfg ##配置文件  
/etc/ansible/hosts ##主机清单文件  
/etc/ansible/roles ##角色配置文件  
/usr/bin/ansible-playbook ##运行剧本的命令

配置：  
[root@ansible ~]# cd /etc/ansible/  
[root@ansible /etc/ansible]# ls  
ansible.cfg hosts roles  
[root@ansible /etc/ansible]# vim hosts  
172.20.10.7

测试连接：  
[root@ansible ~]# ssh 172.20.10.7  
The authenticity of host '172.20.10.7 (172.20.10.7)' can't be established.  
ECDSA key fingerprint is SHA256:4JUE9YLEued+tSEr4sRDz1+7hze39R8aiRHxwQaaO4A.  
ECDSA key fingerprint is MD5:f7:3b:08:d7:a2:1f:19:2d:c4:98:6a:9c:d0:a8:72:8a.  
Are you sure you want to continue connecting (yes/no)? yes  

  
[root@ansible ~]# cat .ssh/known_hosts  
172.20.10.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDHNd2TGYifRr0u1Yr94st5CdVG+NqoHVcG8Fyt/Hh2osliJmUu1N/UDTS8MvD8T+nSMYcGQ3GUvAV0YZ+uUf8Q=  
需要记录节点的公钥指纹  
  
[root@ansible /etc/ansible]# ansible 172.20.10.7 -m ping -k  
SSH password:  
172.20.10.7 | SUCCESS => {  
  
[root@ansible /etc/ansible]# vim hosts  
[node]  
172.20.10.7  
172.20.10.8  
  
无密码连接：  
[root@ansible ~]# vim /etc/ansible/hosts  
[node]  
172.20.10.7 ansible_ssh_user=root ansible_ssh_pass=123  
172.20.10.8 ansible_ssh_user=root ansible_ssh_pass=123  
  
[root@ansible ~]# ansible node -m ping  
  
[root@ansible ~]# ll /etc/ansible/hosts  
-rw-r--r-- 1 root root 1134 Jul 19 10:08 /etc/ansible/hosts  
  
ssh无密码连接：
[root@ansible ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 回车
Enter passphrase (empty for no passphrase): 回车
Enter same passphrase again:回车

[root@ansible ~]# cd .ssh/
[root@ansible ~/.ssh]# ls
id_rsa  id_rsa.pub
私钥	公钥
	公钥发布给被连接端

[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub 172.20.10.7

[root@node1 ~]# cd .ssh/
[root@node1 ~/.ssh]# ls
authorized_keys
[root@node1 ~/.ssh]# cat authorized_keys

分发公钥的操作脚本化：

[root@ansible ~]# vim iplist
172.20.10.7
172.20.10.8

[root@ansible ~]# vim scp_sshpubkey.sh
#!/bin/bash
# 分发ssh的公钥

pass="123"
key="/root/.ssh/id_rsa.pub"
file="/root/iplist"

while read ip
do
    sshpass -p ${pass} /usr/bin/ssh-copy-id -o StrictHostKeyChecking=no -i ${key} ${ip} &> /dev/null && echo "${ip}公钥传输成功."

done < $file

sshpass带入ssh被连接端的密码
[root@ansible ~]# sshpass -p 123 ssh 172.20.10.7
Last login: Thu Jul 19 10:15:12 2021 from ansible.ysla.com
[root@node1 ~]#

[root@ansible ~]# > .ssh/known_hosts
[root@ansible ~]# sshpass -p 123 ssh -o StrictHostKeyChecking=no 172.20.10.7

介绍ansible的常用模块：
1. ping
探测对端是否存活

ansible node -m ping

2. command
在节点执行命令，不支持管道|

[root@ansible ~]# ansible node -m command -a "mkdir /tmp/dir1"
返回信息：
	绿	成功
	红	失败
	粉	警告
	黄	执行成功

3. copy

将ansible的文件传输给节点。

选项：
	src		源文件
	dest	目标文件
	backup	如果目标文件已存在，覆盖之前是否要备份
	owner	指定所有者
	mode	指定权限

[root@ansible /etc/ansible]# mkdir files
[root@ansible /etc/ansible]# ls
ansible.cfg  files  hosts  roles
[root@ansible /etc/ansible]# cp /etc/hosts files/
[root@ansible /etc/ansible]# ansible node -m copy -a "src=/etc/ansible/files/hosts dest=/tmp/hosts
[root@ansible /etc/ansible]# ansible node -m copy -a "src=/etc/ansible/files/hosts dest=/etc/hosts backup=yes"
[root@ansible /etc/ansible]# ansible node -m command -a "useradd user1"
[root@ansible /etc/ansible]# ansible node -m copy -a "src=/etc/ansible/files/hosts dest=/tmp/hosts1 owner=user1 mode=700"
[root@ansible /etc/ansible]# ansible node -m command -a "ls -l /tmp/hosts1"
172.20.10.8 | CHANGED | rc=0 >>
-rwx------ 1 user1 root 256 Jul 19 11:53 /tmp/hosts1
172.20.10.7 | CHANGED | rc=0 >>
-rwx------ 1 user1 root 256 Jul 19 11:53 /tmp/hosts1

4. file
管理节点上的文件

选项：
		path	指定文件路径
		state	操作
			touch		创建文件
			directory	创建目录
			absent		删除

[root@ansible ~]# ansible node -m file -a "path=/tmp/f1 state=touch"
	## == touch
[root@ansible ~]# ansible node -m file -a "path=/tmp/d1 state=directory"
	## == mkdir 
[root@ansible ~]# ansible node -m file -a "path=/tmp/f1 state=absent"
	## == rm -f
[root@ansible ~]# ansible node -m file -a "path=/tmp/d1 state=absent"
	## == rm -fr 
[root@ansible ~]# ansible node -m file -a "path=/tmp/f1 mode=700 owner=user1 group=user1 state=touch"
	## == touch
	## == chown user1:user1
	## == chmod 700
[root@ansible ~]# ansible node -m file -a "path=/tmp/d1/d2/d3 state=directory"
	## == mkdir -p
[root@ansible ~]# ansible node -m file -a "path=/tmp/d1/d2/d3 mode=757 recurse=yes"
	## == chmod -R 757 

# vim /etc/bashrc
export PS1="[\u@\[\e[32;40m\]\h \[\e[31;40m\]\w\[\e[0m\]]\\$ "

5. get_url
下载文件的

[root@ansible ~]# ansible node -m get_url -a "url=ftp://172.20.10.99/release/epel-release-7-6.noarch.rpm dest=/tmp"
[root@ansible ~]# ansible node -m get_url -a "url=ftp://172.20.10.99/scripts/nginx-1.13-clean.sh dest=/tmp mode=755"

6. user
管理用户

[root@ansible ~]# ansible node -m user -a "name=zhangsan uid=2000"
## == useradd -u 2000 zhangsan
[root@ansible ~]# ansible 172.20.10.7 -m user -a "name=zhangsan state=absent"
## == userdel zhangsan
[root@ansible ~]# ansible 172.20.10.8 -m user -a "name=zhangsan state=absent remove=yes"
## == userdel -r zhangsan

7. group
管理组

[root@ansible ~]# ansible node -m group -a "name=group1 gid=100000"
## == groupadd -g 100000 group1
[root@ansible ~]# ansible node -m group -a "name=group1 state=absent"
## == groupdel group1

8. yum
安装rpm包

卸载：
[root@ansible ~]# ansible node -m yum -a "name=lftp state=absent"
安装：
[root@ansible ~]# ansible node -m yum -a "name=lftp"

9. systemd
管理节点上的服务开启或关闭
centos7
centos6是service模块

[root@ansible ~]# ansible node -m yum -a "name=httpd"
[root@ansible ~]# ansible node -m systemd -a "name=httpd state=started"
[root@ansible ~]# ansible node -m systemd -a "name=httpd state=stopped"
[root@ansible ~]# ansible node -m systemd -a "name=httpd state=restarted"
[root@ansible ~]# ansible node -m systemd -a "name=httpd enabled=yes"

10. shell
在节点执行shell脚本

[root@ansible ~]# ansible node -m shell -a "/usr/bin/bash /tmp/nginx-1.13-clean.sh"

11. cron
在远程节点配置计划任务

每隔5分钟，执行一次关闭firewalld的命令：
	*/5 * * * * systemctl stop firewalld

分	minute
时	hour
日	day
月	month
周	weekday
命令	job
[root@ansible ~]# ansible node -m cron -a 'name="stop firewalld" minute=*/5 job="systemctl stop firewalld"'
[root@node1 /tmp]# crontab  -l
#Ansible: stop firewalld
*/5 * * * * systemctl stop firewalld

=======================================
写剧本：

[root@ansible /etc/ansible]# mkdir playbooks
[root@ansible /etc/ansible]# cd playbooks/
[root@ansible /etc/ansible/playbooks]# vim apache.yml
- name: install and config apache
  hosts: node
  user: root
  tasks:
    - name: install apache
      yum: name=httpd
    - name: config apache
      copy: src=files/httpd.conf dest=/etc/httpd/conf/httpd.conf backup=yes
      notify: restart httpd
    - name: create index.html
      copy: src=files/index.html dest=/var/www/html/index.html
  handlers:
    - name: restart httpd
      systemd: name=httpd state=restarted enabled=yes

[root@ansible /etc/ansible/playbooks]# mkdir files
[root@ansible /etc/ansible/playbooks]# yum install -y httpd

[root@ansible /etc/ansible/playbooks]# cp /etc/httpd/conf/httpd.conf files/
[root@ansible /etc/ansible/playbooks]# echo "test-ansible" > files/index.html

[root@ansible /etc/ansible/playbooks]# vim files/httpd.conf 
	加一些注释符号

[root@ansible /etc/ansible/playbooks]# ansible-playbook apache.yml 

虚拟主机：
- name: config apache
  hosts: node
  user: root
  tasks:
    - name: config apache
      copy: src=files/httpd.conf dest=/etc/httpd/conf/httpd.conf backup=yes
      notify: restart httpd
    - name: create  a'directory
      file: path=/var/www/html/a state=directory
    - name: create b'directory
      file: path=/var/www/html/b state=directory
    - name: create a'index.html
      copy: src=files/aindex.html dest=/var/www/html/a/index.html
    - name: create b'index.html
      copy: src=files/bindex.html dest=/var/www/html/b/index.html
  handlers:
    - name: restart httpd
      systemd: name=httpd state=restarted enabled=yes

写一个ftp部署剧本：

[root@ansible /etc/ansible/playbooks]# vim ftp.yml
- name: install and config vsftpd
  hosts: node
  user: root
  tasks:
    - name: install vsftpd
      yum: name=vsftpd
    - name: create upload dir
      file: path=/var/ftp/upload owner=ftp state=directory
    - name: config vsftpd
      copy: src=files/vsftpd.conf dest=/etc/vsftpd/vsftpd.conf backup=yes
      notify: restart vsftpd
  handlers:
    - name: restart vsftpd
      systemd: name=vsftpd state=restarted enabled=yes

[root@ansible /etc/ansible/playbooks]# yum install -y vsftpd

[root@ansible /etc/ansible/playbooks]# cp /etc/vsftpd/vsftpd.conf files/
[root@ansible /etc/ansible/playbooks]# vim files/vsftpd.conf

小怪兽ysl

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
打赏
0
评论
【Ansible自动部署工具】

运维部署三层次：1 纯手动操作2 一键部署脚本3 使用自动部署工具ansible是自动化运维工具，基于Python开发功能：批量系统配置、批量程序部署、批量运行命令工作原理：1 主机清单：定义ansible要管理的对象2 playbooks：剧本 python的yml脚本3 功能插件(模块)：实现剧本中具体的任务4 连接模块：ssh5 ansible整合-----------------------------------------------应用场景：安装系统的工具：..
复制链接

扫一扫