Ansible 快速入门

介绍

常见的自动化运维工具：Ansible         asltstack        puppet

Ansible 是一款简单的运维自动化工具，只需要使用ssh协议连接就可以来进行系统管理，自动化执行命令，部署等任务。

Ansible的特点

1、ansible 不需要单独安装客户端，也不需要启动任何服务

2、ansible 是python 中的一套完整的自动化执行任务模块

3、ansible   playbook 采用 yaml 配置，对于自动化任务执行过一目了然

ansible        {web  (组)   | 主机 | all  }        -m (调用模块)        ping

用ansible安装nginx

yum：        来安装nginx的依赖

user:          来添加nginx用户

command:     来解压配置编译安装nginx

service:        来启动nginx

有了playbook之后，你可以将以上四个模块写到剧本之中，然后再运行playbook

Ansible组成结构

红色 ：报错了   绿色：成功了    黄色：文件发生了变动       紫色：警告

1. Ansible

Ansible的命令工具，核心执行工具;一次性或临时执行的操作都是通过该命令执行。

1. Ansible Playbook

任务剧本(又称任务集)，编排定义Ansible任务集的配置文件，由Ansible顺序依次执行，yaml 格式。

1. Inventory

Ansible管理主机的清单，默认是/etc/ansible/hosts 文件。

1. Modules

Ansible执行命令的功能模块，Ansible2. 3版本为止，共有1039个模块。还可以自定义模块。

1. Plugins

插件，模块功能的补充，常有连接类型插件，循环插件，变量插件，过滤插件，插件功能用的较少。

1. API

提供给第三方程序调用的应用程序编程接口。

Ansible去其它配置管理的对比

环境准备

1.配置网络yum源

[root@localhost ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

2、配置Epel 镜像

[root@localhost ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

3.指令清除索引缓存和下载包的缓存

[root@localhost ~]# yum clean all

4.生成缓存

[root@localhost ~]# yum makecache

5、yum安装ansible

[root@localhost ~]# yum -y install ansible

6、查看python版本

[root@localhost ~]# python

7、管理主机的清单，默认是/etc/ansible/hosts文件

[root@localhost ~]# vim /etc/ansible/hosts

# This is the default ansible 'hosts' file.
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.

## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10

# Ex 2: A collection of hosts belonging to the 'webservers' group

## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110

# If you have multiple hosts following a pattern you can specify
# them like this:

## www[001:006].example.com

# Ex 3: A collection of database servers in the 'dbservers' group

## [dbservers]
## 
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57

# Here's another example of host ranges, this time there are no
# leading 0s:

## db-[99:101]-node.example.com
[webserver]
192.168.100.204 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123123"
192.168.100.205 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass="123123"

8、修改ansible的配置文件

[root@localhost ~]# vim /etc/ansible/ansible.cfg 

9、验证 

[root@localhost ~]# ansible all -m ping
192.168.100.205 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.100.204 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

10、给服务器做免登陆

 11、生成公钥和私钥

root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:z7I8yEbr+SK+gSXacvZS7xa6TaQW2yo65eHd7tC/AqQ root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|    .            |
|  .oo . S        |
| oE+oBo  o       |
|o+=+*B++. o      |
|.+=o+*@+.o       |
|.o +*@B+*o       |
+----[SHA256]-----+

12、传送给需要免登服务器

[root@localhost ~]# ssh-copy-id root@192.168.100.204
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.204's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.100.204'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost ~]# ssh-copy-id root@192.168.100.205
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.205's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.100.205'"
and check to make sure that only the key(s) you wanted were added.

13、验证

[root@localhost ~]# ansible webserver -m ping
192.168.100.204 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.100.205 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}