1.什么是ansible
1.1.基本介绍
1.2.基本架构
1.3.基本特征
1.4.优点
1.5.ansible工作机制
2.Ansible安装
2.1.机器准备
2.2.安装ansible
2.2.1.安装epel源
2.2.2.安装ansible
2.2.3.查看ansible版本
2.2.4.树状结构展示文件夹
2.2.4.1.其中ansible.cfg的内容如下
2.2.4.2.host的默认内容是
2.3.配置主机清单
2.4.设置SSH无密码登录
2.5.参考文章
1.什么是ansible
转自:https://blog.51cto.com/liqingbiao/1875921
1.1.基本介绍
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible是基于 paramiko 开发的,并且基于模块化工作,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。ansible不需要在远程主机上安装client/agents,因为它们是基于ssh来和远程主机通讯的。ansible目前已经已经被红帽官方收购,是自动化运维工具中大家认可度最高的,并且上手容易,学习简单。是每位运维工程师必须掌握的技能之一。主要包括:
- (1)、连接插件connection plugins:负责和被监控端实现通信;
- (2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
- (3)、各种模块核心模块、command模块、自定义模块;
- (4)、借助于插件完成记录日志邮件等功能;
- (5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
1.2.基本架构
1.3.基本特征
(1)、no agents:不需要在被管控主机上安装任何客户端;
(2)、no server:无服务器端,使用时直接运行命令即可;
(3)、modules in any languages:基于模块工作,可使用任意语言开发模块;
(4)、yaml,not code:使用yaml语言定制剧本playbook;
(5)、ssh by default:基于SSH工作;
(6)、strong multi-tier solution:可实现多级指挥。
1、部署简单,只需在主控端部署Ansible环境,被控端无需做任何操作;
2、默认使用SSH协议对设备进行管理;
3、有大量常规运维操作模块,可实现日常绝大部分操作。
4、配置简单、功能强大、扩展性强;
5、支持API及自定义模块,可通过Python轻松扩展;
6、通过Playbooks来定制强大的配置、状态管理;
7、轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可;
8、提供一个功能强大、操作性强的Web管理界面和REST API接口——AWX平台。
1.4.优点
(1)、轻量级,无需在客户端安装agent,更新时,只需在操作机上运行一次更新即可;
(2)、批量任务执行可以写成脚本,而且不用分发到远程就可以执行。
(3)、使用python编写,维护更简单,ruby语法过于复杂
(4)、支持sudo
1.5.ansible工作机制
2.Ansible安装
2.1.机器准备
本次使用docker进行虚拟化:
docker相关的命令是:
docker commit d74af80aa35a centos7.5.1804.v0.2将镜像保存docker save -o xxx.tar containerId将镜像导入docker load < xxx.tar============================================================docker run -itd --restart=always --name node2 --hostname node2 -v D:/dockerworkspace/node2/hosts:/etc/hosts -v D:/dockerworkspace/node2/hostname:/etc/hostname -v D:/dockerworkspace/node2/data:/data -v D:/dockerworkspace/node2/profile:/etc/profile -v D:/dockerworkspace/node2/software:/root/software -v D:/dockerworkspace/node2/installed:/root/installed -v D:/dockerworkspace/node2/workspace:/root/workspace -p 20022:22 --ip 172.17.0.2 1694ea743590 /usr/sbin/sshd -Ddocker run -itd --restart=always --name node3 --hostname node3 -v D:/dockerworkspace/node3/hosts:/etc/hosts -v D:/dockerworkspace/node3/hostname:/etc/hostname -v D:/dockerworkspace/node3/data:/data -v D:/dockerworkspace/node3/profile:/etc/profile -v D:/dockerworkspace/node3/software:/root/software -v D:/dockerworkspace/node3/installed:/root/installed -v D:/dockerworkspace/node3/workspace:/root/workspace -p 30022:22 --ip 172.17.0.31694ea743590 /usr/sbin/sshd -Ddocker run -itd --restart=always --name node4 --hostname node4 -v D:/dockerworkspace/node4/hosts:/etc/hosts -v D:/dockerworkspace/node4/hostname:/etc/hostname -v D:/dockerworkspace/node4/data:/data -v D:/dockerworkspace/node4/profile:/etc/profile -v D:/dockerworkspace/node4/software:/root/software -v D:/dockerworkspace/node4/installed:/root/installed -v D:/dockerworkspace/node4/workspace:/root/workspace -p 40022:22 --ip 172.17.0.4 1694ea743590 /usr/sbin/sshd -Ddocker run -itd --restart=always --name node5 --hostname node5 -v D:/dockerworkspace/node5/hosts:/etc/hosts -v D:/dockerworkspace/node5/hostname:/etc/hostname -v D:/dockerworkspace/node5/data:/data -v D:/dockerworkspace/node5/profile:/etc/profile -v D:/dockerworkspace/node5/software:/root/software -v D:/dockerworkspace/node5/installed:/root/installed -v D:/dockerworkspace/node5/workspace:/root/workspace -p 50022:22 --ip 172.17.0.5 1694ea743590 /usr/sbin/sshd -Ddocker run -itd --restart=always --name node6 --hostname node6 -v D:/dockerworkspace/node6/hosts:/etc/hosts -v D:/dockerworkspace/node6/hostname:/etc/hostname -v D:/dockerworkspace/node6/data:/data -v D:/dockerworkspace/node6/profile:/etc/profile -v D:/dockerworkspace/node6/software:/root/software -v D:/dockerworkspace/node6/installed:/root/installed -v D:/dockerworkspace/node6/workspace:/root/workspace -p 60022:22 --ip 172.17.0.6 1694ea743590 /usr/sbin/sshd -D
主机名 | IP | 安装软件 | 组名 |
---|---|---|---|
node2(管理机器) | 172.17.0.2 | Ansible | |
node3(被管理机器) | 172.17.0.3 | abc | |
node4(被管理机器) | 172.17.0.4 | abc | |
node5(备用) | 172.17.0.5 | ||
node6(备用) | 172.17.0.6 |
2.2.安装ansible
在管理机器上安装ansible
2.2.1.安装epel源
[root@node2 ~]# yum install -y epel-releaseLoaded plugins: fastestmirror, ovlDetermining fastest mirrors * base: mirrors.163.com * extras: mirrors.163.com * updates: mirrors.163.combase | 3.6 kB00:00:00extras | 2.9 kB00:00:00updates| 2.9 kB00:00:00(1/2): extras/7/x86_64/primary_db| 243 kB00:00:00(2/2): updates/7/x86_64/primary_db |11 MB00:00:01Resolving Dependencies--> Running transaction check---> Package epel-release.noarch 0:7-11 will be installed--> Finished Dependency ResolutionDependencies Resolved================================================================================================================================================ PackageArch Version RepositorySize================================================================================================================================================Installing: epel-release noarch 7-11extras15 kTransaction Summary================================================================================================================================================Install1 PackageTotal download size: 15 kInstalled size: 24 kDownloading packages:epel-release-7-11.noarch.rpm |15 kB00:00:00Running transaction checkRunning transaction testTransaction test succeededRunning transactionInstalling : epel-release-7-11.noarch 1/1Verifying: epel-release-7-11.noarch 1/1Installed:epel-release.noarch 0:7-11Complete![root@node2 ~]#
2.2.2.安装ansible
[root@node2 ~]# yum install ansible -yLoaded plugins: fastestmirror, ovlLoading mirror speeds from cached hostfileepel/x86_64/metalink | 3.9 kB00:00:00 * base: mirrors.163.com * epel: ftp.jaist.ac.jp * extras: mirrors.163.com * updates: mirrors.163.comepel | 4.7 kB00:00:00(1/3): epel/x86_64/group_gz|96 kB00:00:00(2/3): epel/x86_64/updateinfo| 1.0 MB00:00:01xxxxxxxxxxxxxxxxxxxxxxxxx--> Running transaction check---> Package python-backports.x86_64 0:1.0-8.el7 will be installed---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch--> Running transaction checkComplete![root@node2 ~]#
2.2.3.查看ansible版本
[root@node2 ~]# ansible --versionansible 2.9.25config file = /etc/ansible/ansible.cfgconfigured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location = /usr/lib/python2.7/site-packages/ansibleexecutable location = /usr/bin/ansiblepython version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)][root@node2 ~]#
2.2.4.树状结构展示文件夹
# ansible --version//查看ansible版本# yum install tree -y# tree /etc/ansible/ //树状结构展示文件夹/etc/ansible/├── ansible.cfg#ansible的配置文件├── hosts#ansible的主仓库,用于存储需要管理的远程主机的相关信息└── roles #角色(这是一个目录)
2.2.4.1.其中ansible.cfg的内容如下
2.2.4.2.host的默认内容是
[root@node2 ansible]# cat hosts# This is the default ansible 'hosts' file.## It should live in /etc/ansible/hosts## - Comments begin with the '#' character# - Blank lines are ignored# - Groups of hosts are delimited by [header] elements# - You can enter hostnames or ip addresses# - A hostname/ip can be a member of multiple groups# Ex 1: Ungrouped hosts, specify before any group headers.## green.example.com## blue.example.com## 192.168.100.1## 192.168.100.10# Ex 2: A collection of hosts belonging to the 'webservers' group## [webservers]## alpha.example.org## beta.example.org## 192.168.1.100## 192.168.1.110# If you have multiple hosts following a pattern you can specify# them like this:## www[001:006].example.com# Ex 3: A collection of database servers in the 'dbservers' group## [dbservers]#### db01.intranet.mydomain.net## db02.intranet.mydomain.net## 10.25.1.56## 10.25.1.57# Here's another example of host ranges, this time there are no# leading 0s:## db-[99:101]-node.example.com[root@node2 ansible]#
2.3.配置主机清单
[root@node2 ansible]# cd /etc/ansible[root@node2 ansible]# vim hosts[abc]# 自定义一个组名172.17.0.3 # 添加被管理主机的IP[aaa]172.17.0.4[bbb]172.17.0.5172.17.0.6
2.4.设置SSH无密码登录
[root@node2 ansible]# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:sZtXen524PUZoQP5C76faiL/Rpx9IOUIFpVB7SIjymM root@node2The key's randomart image is:+---[RSA 2048]----+| .+++|| o . o ||o . *|| . = * + . ||. . S + O o .|| E o B =.o.||. . o = o.+o+|| . o * .=.o||o.=+== . |+----[SHA256]-----+[root@node2 ansible]#
yum -y install openssh-clients (此命令是在出现了-bash: ssh-copy-id: command not found之后执行)
ssh-copy-id root@172.17.0.3ssh-copy-id root@172.17.0.4ssh-copy-id root@172.17.0.5ssh-copy-id root@172.17.0.6免交互代理:[root@node2 ansible]# ssh-agent bash[root@node2 ansible]# ssh-add[root@node2 ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.17.0.3/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@172.17.0.3's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@172.17.0.3'"and check to make sure that only the key(s) you wanted were added.[root@node2 ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.17.0.4/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@172.17.0.4's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@172.17.0.4'"and check to make sure that only the key(s) you wanted were added.[root@node2 ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.17.0.5/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@172.17.0.5's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@172.17.0.5'"and check to make sure that only the key(s) you wanted were added.[root@node2 ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.17.0.6/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@172.17.0.6's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@172.17.0.6'"and check to make sure that only the key(s) you wanted were added.[root@node2 ansible]#
2.5.参考文章
https://blog.51cto.com/u_13630803/2153392
https://www.cnblogs.com/cyleon/p/11164344.html
https://blog.51cto.com/u_13630803/2153820