1.介绍Ansible
1.1什么是Ansible
Ansible是一款自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
Ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是Ansible所运行的模块,Ansible只是提供一种框架。主要包括:
(1) 连接插件connection plugins:负责和被监控端实现通信; (2) host inventory:指定操作的主机,是一个配置文件里面定义监控的主机; (3) 各种模块核心模块、command模块、自定义模块; (4) 借助于插件完成记录日志邮件等功能; (5) playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
1.2Ansible架构图及其工作原理
-
Ansible Ansible的核心程序 -
Host Inventory 记录了每一个由Ansible管理的主机信息,信息包括ssh端口,root帐号密码,ip地址等等。可以通过file来加载,可以通过CMDB加载 -
Playbooks YAML格式文件,多个任务定义在一个文件中,使用时可以统一调用,用来定义哪些主机需要调用哪些模块来完成的功能 -
Core Modules Ansible执行任何管理任务都不是由Ansible自己完成,而是由核心模块完成;Ansible管理主机之前,先调用core Modules中的模块,然后指明管理Host Inventory中的主机,就可以完成管理主机 -
Custom Modules 自定义模块,完成Ansible核心模块无法完成的功能,此模块支持任何语言编写 -
Connection Plugins 连接插件,Ansible和Host通信使用
2.Ansible自动化运维工具的部署安装
角色 | 主机名 | IP地址 | 组名 |
---|
控制主机 | master | 192.168.8.129 | | 被管理主机 | node1 | 192.168.8.130 | webservers |
2.1部署安装Ansible
//先配置好网络仓库
[root@master ~]
[root@master ~]
[root@master ~]
[root@master ~]
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
[root@master ~]
3.构建Ansible清单
3.1 Ansible配置文件
- /etc/ansible/hosts文件被视为系统的默认静态清单文件。不过,通常的做法是不使用该文件,而是在Ansible配置文件中为清单文件定义一个不同的位置。
[root@master ~]
[root@master ansible]
ansible.cfg hosts roles
[root@master ansible]
[root@master ansible]
[root@master ansible]
[defaults]
inventory = /etc/ansible/inventory //在这里添加一行构建一个inventory新清单
[root@master ansible]
[root@master ansible]
ansible.cfg hosts inventory roles
[root@master ansible]
3.2编写清单
- 但通常而言,可以将受管主机组织为主机组。通过主机组,可以更加有效的对一系列系统运行Ansible。这时,每一部分的开头为以中括号括起来的主机组名称。其后为该组中每一受管主机的主机名或IP地址,每行一个。
[root@master ansible]
[webservers] //添加一个组方便对这个组进行管理
192.168.8.130 //添加被管理主机的ip
//运行以下所有命令可以列出所有主机
[root@master ~]
hosts (1):
192.168.8.130
[root@master ~]
[root@master ~]
hosts (1):
192.168.8.130
[root@master ~]
[root@master ~]
hosts (1):
192.168.8.130
[root@master ~]
[root@master ~]
[WARNING]: No hosts matched, nothing to do
hosts (0):
[root@master ~]
3.3控制主机
[root@master ~]
The authenticity of host '192.168.8.130 (192.168.8.130)' can't be established.
ECDSA key fingerprint is SHA256:4Q2ZziaMX2llFBT+mqwjrcp6jzKWtHuNrTR5OJTlXNU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
192.168.8.130 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.8.130' (ECDSA) to the list of known hosts.\r\nroot@192.168.8.130: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
[root@master ~]#
[root@master ansible]# vim inventory //修改清单配置文件并添加用户名和密码
[webservers]
192.168.8.130 ansible_user=root ansible_password=1
[root@master ansible]# ansible all -m ping //现在发现可以ping通了
192.168.8.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@master ansible]
[root@master ansible]
[webservers]
192.168.8.130
[root@master ansible]
[root@master ansible]
[root@master ~]
[root@master ~]
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:VI05OJI1mGBir3J9bvE24cQhdb4IyOjms5yR/910HE8 root@master
The key's randomart image is:
+---[RSA 3072]----+
| o o. =+.o+ |
| . * .=.o=+ . |
| . + o.o... |
| . o = o . |
|. = . o S . . E |
| = . o = . . + |
| = o = . o . |
| . * . o + . |
| + ... . . |
+----[SHA256]-----+
[root@master ~]# ssh-copy-id root@192.168.8.130 发送到被控制主机上
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.8.130's password: //被控制主机密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.8.130'"
and check to make sure that only the key(s) you wanted were added.
[root@master ~]
192.168.8.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@master ~]
3.4管理Ansible配置文件
root@master ansible]
[root@master ansible]
ansible.cfg hosts inventory roles
[root@master ansible]
[root@master ansible]
[root@master ansible]
[WARNING]: Unable to parse /etc/ansible/inventory as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
[root@master ansible]
[root@master ~]
[root@master opt]
ansible.cfg inventory
[root@master opt]
[defaults]
inventory = inventory //修改目录位置
//再次验证清单效果
[root@master opt]
/opt
[root@master opt]
192.168.8.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@master opt]
[root@master opt]
[root@master opt]
ansible.cfg inventory pengyudong
[root@master opt]
mv: 无法将目录'pengyudong' 移动至自身的子目录'pengyudong/pengyudong' 下
[root@master opt]
[root@master pengyudong]
ansible.cfg inventory
[root@master pengyudong]
[root@master opt]
pengyudong
[root@master opt]
[root@master opt]
[root@master pengyudong]
192.168.8.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@master pengyudong]
|