学习自动化运维工具-ansible
Posted 人间忽晚,山河以秋
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了学习自动化运维工具-ansible相关的知识,希望对你有一定的参考价值。
学习ansible
介绍ansible
(1)Ansible不需要安装客户端,通过sshd去通信(无密钥登录)。
(2)Ansible基于模块工作,模块可以由任何语言开发。
(3)Ansible不仅支持命令行使用模块,也支持编写Yaml格式的playbook,易于编写和阅读。
(4)Ansible安装十分简单,CentOS上可直接Yum安装。
(5)Ansible有提供UI(浏览器图形化)www.ansible.com/tower,收费的官方文档 http://docs.ansible.com/ansible/latest/index.html。
Ansible已经被RedHat公司收购,它在Github(https://github.com/ansible/ansible)上是一个非常受欢迎的开源软件。
一本不错的入门电子书 https://ansible-book.gitbooks.io/ansible-first-book/
一、先部署一下使用ansible的环境,
需要两台机器,一个做服务端主机名为ansible-01,一个做客户端ansible-02
改名和编写hosts文件
服务端ansible-01
[root@localhost ~]# hostnamectl set-hostname ansible-01
[root@localhost ~]# bash
[root@ansible-01 ~]#
[root@ansible-01 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localh
ost4.localdomain4
::1 localhost localhost.localdomain localhost6 localh
ost6.localdomain6
10.30.59.248 ansible-01
10.30.59.216 ansible-02
客户端ansible-02
[root@localhost ~]# hostnamectl set-hostname ansible-02
[root@localhost ~]# bash
[root@ansible-02 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.30.59.248 ansible-01
10.30.59.216 ansible-02
~
~
~
~
"/etc/hosts" 4L, 206C 已写入
关闭防火前墙和selinux
服务端ansible-01
[root@ansible-01 ~]# systemctl stop firewalld
[root@ansible-01 ~]# systemctl disable firewalld
[root@ansible-01 ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforci
ng.
# disabled - No SELinux policy is loaded.
SELINUX=disabled # 修改这里,和我的一样
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selecte
d processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
~
~
~
"/etc/selinux/config" 14L, 546C 已写入
[root@ansible-01 ~]# setenforce 0
客户端ansible-02
[root@ansible-02 ~]# systemctl stop firewalld
[root@ansible-02 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@ansible-02 ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
~
~
~
~
~
~
~
~
"/etc/selinux/config" 14L, 546C 已写入
[root@ansible-02 ~]# setenforce 0
anisble-01上生成密钥对ssh-keygen -t rsa,把公钥放到anisble-02上,设置密钥认证
[root@ansible-01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1dnbBneiMoZIahPJcM0gVrpJal7T4f3KxOh09orJ6cs root@ansible-01
The key's randomart image is:
+---[RSA 2048]----+
| +.++ |
| . * .o . o |
| o +.. . o + o|
| o oo+o. o . *.|
|..oo+o..S + . . o|
|o ....o .. o . |
| . o = . |
= O o |
| .E.+.. |
+----[SHA256]-----+
[root@ansible-01 ~]# ssh-copy-id 10.30.59.216
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.30.59.216 (10.30.59.216)' can't be established.
ECDSA key fingerprint is SHA256:4hN1+edBB8HYHiTjITfpUbgmBqpWrqMagmMx5a3cEDg.
ECDSA key fingerprint is MD5:4b:9a:54:ef:90:18:96:e7:3c:2b:a2:8f:4d:1c:ac:95.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.30.59.216's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.30.59.216'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible-01 ~]# ssh 10.30.59.216 ## 测试以下是否成功
Last login: Tue May 25 03:29:49 2021 from 10.30.58.58
[root@ansible-02 ~]# ^C # 进入了ansible,说明成功了
[root@ansible-02 ~]# 登出 #ctil+D退出
Connection to 10.30.59.216 closed.
[root@ansible-01 ~]#
安装epel的包
[root@ansible-01 ~]# yum install -y epel-release
安装ansible
[root@ansible-01 ~]# yum install -y ansible
在/etc/ansible/hosts中添加一个主机组
[root@ansible-01 ~]# vim /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
[testhost] #主机组的名字
127.0.0.1 #添加本机
10.30.59.216 #另一台的ip
# Ex 2: A collection of hosts belonging to the 'webservers' g
roup
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
# If you have multiple hosts following a pattern you can spec
ify
# them like this:
"/etc/ansible/hosts" 47L, 1050C 已写入
因为主机组里的地址我们没有给127.0.0.1密钥
[root@ansible-01 ~]# ssh-copy-id 127.0.0.1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:4hN1+edBB8HYHiTjITfpUbgmBqpWrqMagmMx5a3cEDg.
ECDSA key fingerprint is MD5:4b:9a:54:ef:90:18:96:e7:3c:2b:a2:8f:4d:1c:ac:95.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@127.0.0.1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '127.0.0.1'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible-01 ~]# ssh 127.0.0.1 #测试
Last login: Tue May 25 00:53:30 2021 from 10.30.58.58
[root@ansible-01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:a0:b7:0c brd ff:ff:ff:ff:ff:ff
inet 10.30.59.248/25 brd 10.30.59.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet 10.30.59.249/25 brd 10.30.59.255 scope global secondary noprefixroute ens192:1
valid_lft forever preferred_lft forever
inet 10.30.59.250/25 brd 10.30.59.255 scope global secondary noprefixroute ens192:2
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fea0:b70c/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:c9:62:89:95 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@ansible-01 ~]# 登出
二、Ansible远程执行命令
远程执行命令查看主机名
testhost为主机组名,-m后边是模块名字,-a后面是命令
[root@ansible-01 ~]# ansible 127.0.0.1 -m command -a 'hostname'
127.0.0.1 | CHANGED | rc=0 >>
ansible-01
远程执行命令查看客户端的主机名
[root@ansible-01 ~]# ansible 10.30.59.216 -m command -a 'hostname'
10.30.59.216 | CHANGED | rc=0 >>
ansible-02
以组为单位,对组里所有的机器执行查看主机名的命令
[root@ansible-01 ~]# ansible testhost -m command -a 'hostname'
10.30.59.216 | CHANGED | rc=0 >>
ansible-02
127.0.0.1 | CHANGED | rc=0 >>
ansible-01
用shell模块同样也可以
[root@ansible-01 ~]# ansible testhost -m shell -a 'hostname'
127.0.0.1 | CHANGED | rc=0 >>
ansible-01
10.30.59.216 | CHANGED | rc=0 >>
ansible-02
[root@ansible-01 ~]#
以上是关于学习自动化运维工具-ansible的主要内容,如果未能解决你的问题,请参考以下文章