[系统运维] Ansible的安装及部署

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 系统运维 -> Ansible的安装及部署 -> 正文阅读

[系统运维]Ansible的安装及部署

####1.Ansible对于企业运维的重大意义####

Ansible自动化部署可以实现用户级一对多的操作，对企业的工作具有很大的意义。

####2.Ansible的安装####

实验环境：开启3台虚拟机nodea nodeb nodec

真机：ip:172.25.254.74 systemctl enable --now firewalld firewalld-cmd --add-masquerade

nodea联网 ip172.25.254.174 GATEWAY:172.25.254.74 DNS1:114.114.114.114 ansible.westos.org

nodeb:ip:172.25.254.198 nodec:172.25.254.213

nodea:

下载ansible软件首先安装epel源
[root@ansible mnt]# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
[root@ansible mnt]# ls
epel-release-latest-8.noarch.rpm
[root@ansible mnt]# rpm -ivh epel-release-latest-8.noarch.rpm
[root@ansible mnt]# cd /etc/yum.repos.d
[root@ansible yum.repos.d]# ls
epel-modular.repo     epel.repo                  epel-testing.repo  westos.repo
epel-playground.repo  epel-testing-modular.repo  redhat.repo
[root@ansible yum.repos.d]# dnf search ansible
ansible.noarch : SSH-based configuration management, deployment, and task
               : execution system
[root@ansible yum.repos.d]# dnf install ansible.noarch -y

[root@ansible yum.repos.d]# ansible --version 查看安装版本
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Dec  5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]

连接nodeb nodec 设置免密认证

[root@ansible mnt]# ssh-keygen
[root@ansible mnt]# vim ssh.sh 自动生成免密认证脚本
 #!/bin/bash
 AUTOSSH()
 {
 /usr/bin/expect <<EOF
 spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.$ip
 expect {
 "yes/no" { send "yes\r";exp_continue }
 "password" {send "westos\r" }
 }
 expect eof
 EOF
 }
 
 for ip in 198 213
 do
   AUTOSSH
 done
[root@ansible mnt]# sh ssh.sh
ssh -l root 172.25.254.198 213 无需密码

ansible的基本信息:
/etc/ansible/ansible.conf ##全局配置文件,默认很少修改
/etc/ansible/hosts?##全局主机清单清单文件

####3.构建Anisble清单####
清单就是ansible控制主机的列表
/etc/ansible/hosts ##全局清单文件

 cd /etc/ansible/
[root@ansible ansible]# vim hosts  #单层清单#
 45 [westos]
 46 172.25.254.198
 47 
 48 [westos1]
 49 172.25.254.198
 50 172.25.254.213
 51 nodea.westos.org
 52
 53 172.25.254.174
[root@ansible ansible]# ansible westos --list-hosts  #清单查看#
  hosts (1):
    172.25.254.198
[root@ansible ansible]# ansible westos1 --list-hosts
  hosts (3):
    172.25.254.198
    172.25.254.213
    nodea.westos.org



[root@ansible ansible]# vim hosts
 44 172.25.254.174
 45 [westos]
 46 172.25.254.198
 47 
 48 [westos1]
 49 172.25.254.198
 50 172.25.254.213
 51 nodea.westos.org
[root@ansible ansible]# ansible westos1 --list-hosts
  hosts (3):
    172.25.254.198
    172.25.254.213
    nodea.westos.org
[root@ansible ansible]# ansible westos --list-hosts
  hosts (1):
    172.25.254.198
[root@ansible ansible]# ansible all --list-hosts
  hosts (4):
    172.25.254.174
    172.25.254.198
    172.25.254.213
    nodea.westos.org
[root@ansible ansible]# ansible ungrouped --list-hosts  未分组的清单
  hosts (1):
    172.25.254.174


[root@ansible ansible]# vim hosts
 44 [westos]
 45 172.25.254.198
 46 
 47 [westos1]
 48 172.25.254.213
 49 
 50 [westosall:children] #嵌套清单#
 51 westos
 52 westos1
[root@ansible ansible]# ansible westosall --list-hosts
  hosts (2):
    172.25.254.198
    172.25.254.213
[root@ansible ansible]# ansible westosall --list
  hosts (2):
    172.25.254.198
    172.25.254.213
[root@ansible ansible]# ansible westos --list-hosts
  hosts (1):
    172.25.254.198
[root@ansible ansible]# ansible westos1 --list-hosts
  hosts (1):
    172.25.254.213


 44 [westos]
 45 172.25.254.[198:208]  #通过指定主机名称或IP的范围可以简化Ansible主机清单#
 46 
 47 [westos1]
 48 172.25.254.213
 49 
 50 [westosall:children]
 51 westos
 52 westos1
[root@ansible ansible]# ansible westos --list-hosts
  hosts (11):
    172.25.254.198
    172.25.254.199
    172.25.254.200
    172.25.254.201
    172.25.254.202
    172.25.254.203
    172.25.254.204
    172.25.254.205
    172.25.254.206
    172.25.254.207
    172.25.254.208


[root@ansible ansible]# ls
ansible.cfg  hosts  roles
[root@ansible ansible]# vim /mnt/inventory  #指定其他清单文件#
[lee]
172.25.254.[174:184]

[lee1]
nodea.westos.org

[root@ansible ansible]# ansible -i /mnt/inventory lee --list-hosts
  hosts (11):
    172.25.254.174
    172.25.254.175
    172.25.254.176
    172.25.254.177
    172.25.254.178
    172.25.254.179
    172.25.254.180
    172.25.254.181
    172.25.254.182
    172.25.254.183
    172.25.254.184

#ansible命令指定清单的正则表达式

*	所有 ##172.25.254.* ##westos*
:	逻辑或 ##westos1:linux ##172.25.254.100:172.25.254.200
:&	逻辑与 ##westos1:&linux ##主机即在westos1清单也在linux清单中
:!	逻辑非 ##westos1:!linux ##在westos1中不在linux中
~	以关键字开头
~(str1\|str2)	以条件1或者条件2开头

example:

cd /etc/ansible
[root@ansible ansible]# vim hosts
 44 [westos]
 45 172.25.254.[198:208]
 46
 47 [westos1]
 48 172.25.254.213
 49
 50 [westosall:children]
 51 westos
 52 westos1
 53
 54 [lee]
 55 nodea.westos.org
 56 nodeb.westos.org
[root@ansible ansible]# ansible 172* --list-hosts   *所有
  hosts (12):
    172.25.254.198
    172.25.254.199
    172.25.254.200
    172.25.254.201
    172.25.254.202
    172.25.254.203
    172.25.254.204
    172.25.254.205
    172.25.254.206
    172.25.254.207
    172.25.254.208
    172.25.254.213
[root@ansible ansible]# ansible node* --list-hosts
  hosts (2):
    nodea.westos.org
    nodeb.westos.org
[root@ansible ansible]# ansible node*:172* --list-hosts
  hosts (14):
    nodea.westos.org
    nodeb.westos.org
    172.25.254.198
    172.25.254.199
    172.25.254.200
    172.25.254.201
    172.25.254.202
    172.25.254.203
    172.25.254.204
    172.25.254.205
    172.25.254.206
    172.25.254.207
    172.25.254.208
    172.25.254.213
[root@ansible ansible]# ansible westos:westos1 --list-hosts  : 逻辑或 主机在westos或者在westos1中
  hosts (12):
    172.25.254.198
    172.25.254.199
    172.25.254.200
    172.25.254.201
    172.25.254.202
    172.25.254.203
    172.25.254.204
    172.25.254.205
    172.25.254.206
    172.25.254.207
    172.25.254.208
    172.25.254.213
[root@ansible ansible]# ansible "westos:&westosall" --list-hosts  &逻辑与 主机既在westos中也在westosall中
  hosts (11):
    172.25.254.198
    172.25.254.199
    172.25.254.200
    172.25.254.201
    172.25.254.202
    172.25.254.203
    172.25.254.204
    172.25.254.205
    172.25.254.206
    172.25.254.207
    172.25.254.208
[root@ansible ansible]# ansible "westos:&westos1" --list-hosts  主机既在westos中也在westos1中
[WARNING]: No hosts matched, nothing to do
  hosts (0):
[root@ansible ansible]# ansible "westos1:&westosall" --list-hosts 主机既在westos1中也在westosall中
  hosts (1):
    172.25.254.213

[root@ansible ansible]# ansible 'westos1:!westos' --list-hosts  !  逻辑非在westos1中不在westos中
  hosts (1):
    172.25.254.213
[root@ansible ansible]# ansible '~node' --list-hosts  ~以关键字开头  以node开头
  hosts (2):
    nodea.westos.org
    nodeb.westos.org
[root@ansible ansible]# ansible 'westos*' --list-hosts  以westos开头
  hosts (12):
    172.25.254.198
    172.25.254.199
    172.25.254.200
    172.25.254.201
    172.25.254.202
    172.25.254.203
    172.25.254.204
    172.25.254.205
    172.25.254.206
    172.25.254.207
    172.25.254.208
    172.25.254.213
[root@ansible ansible]# ansible '*org' --list-hosts
  hosts (2):
    nodea.westos.org
    nodeb.westos.org
[root@ansible ansible]# ansible '~(node|172)' --list-hosts  以条件1或者条件2开头 以node或者172开头
  hosts (14):
    172.25.254.198
    172.25.254.199
    172.25.254.200
    172.25.254.201
    172.25.254.202
    172.25.254.203
    172.25.254.204
    172.25.254.205
    172.25.254.206
    172.25.254.207
    172.25.254.208
    172.25.254.213
    nodea.westos.org
    nodeb.westos.org

####4.Ansible配置文件参数详解####

1.配置文件的分类与优先

/etc/ansible/ansible.cfg	基本配置文件,找不到其他配置文件此文件生效
~/.ansible.cfg	用户当前目录中没有ansible.cfg此文件生效
./ansible.cfg	优先级最高

2.常用配置参数

[default]	基本信息设定
inventory=	指定清单路径
remote_user=	在受管主机上登陆的用户名称,未指定使用当前用户
ask_pass=	在受管主机上登陆的用户名称,未指定使用当前用户
library=	库文件存放目录
local_tmp=	本机临时命令执行目录
remote_tmp=	远程主机临时py命令文件存放目录
forks=	默认并发数量
host_key_checking=	第一次连接受管主机时是否要输入yes建立host_key
sudo_user=	默认sudo用户
ask_sudo_pass=	每次在受控主机执行ansible命令时是否询问sudo密码
module_name=	默认模块,默认使用command,可以修改为shell
log_path=	日志文件路径

[privilege_escalation]	身份信息设定
become=	连接后是否自动切换用户
become_method=	设定切换用户的方式,通常用sudo
become_user=	在受管主机中切换到的用户,通常为root
become_ask_pass	是否需要为become_method提示输入密码,默认为false

?Ansible 配置文件参数详解
?

[root@ansible ansible]# rm -fr /root/.ssh/known_hosts  删掉免密认证
[root@ansible ansible]# ansible westos -m 先进行yse/no认证  如果第一次没有执行这个 在下面进行密码认证的时候会出错   第一次连接需要接收远程主机推送到我们当前主机的认证密钥
解决方法： 
[root@ansible ansible]# vim ansible.cfg ansible的配置文件
 71行 host_key_checking = False  不需要输入yes/no
[root@ansible ansible]# vim ansible.cfg  删掉westos1 及 westosall-westos1
[root@ansible ansible]# ansible westos -m ping -k   
SSH password: 成功
[root@ansible ansible]# ansible westos -m shell -a 'touch /mnt/file' -k  在受控主机/mnt/下建立文件file -a模块的参数  改变了远程主机的某些信息  -k表示默认输入密码 
SSH password: 
此处受控主机ip为172.25.254.198 172.25.254.213
【[root@198 mnt]# ls
8-abstract-dark.xml   circles-dark.xml   desktop-backgrounds-default.xml  hello-world-dark.xml
8-abstract-light.xml  circles-light.xml  file                             qwe.sh
[root@westoslinux mnt]# ls
8-abstract-dark.xml   circles-dark.xml   desktop-backgrounds-default.xml  hello-world-dark.xml】
8-abstract-light.xml  circles-light.xml  file

[root@ansible ansible]# ansible westos -m shell -a 'whoami' -k 默认是在远程主机里边用超级用户操作 
SSH password: 
172.25.254.213 | CHANGED | rc=0 >>
root
172.25.254.198 | CHANGED | rc=0 >>
root
[root@ansible ansible]# ansible westos -m shell -a 'whoami' -k -u westos -u指定用户用westos用户执行
SSH password: 
172.25.254.213 | CHANGED | rc=0 >>
westos
172.25.254.198 | CHANGED | rc=0 >>
westos

[root@ansible ansible]# cd /etc/ansible
[root@ansible ansible]# ls
ansible.cfg  hosts  roles
[root@ansible ansible]# vim ansible.cfg
18 local_tmp      = ~/.ansible/tmp  保存本地的临时文件 指定本地临时存放用ansible生成的python脚本和远程存放用ansible生成python脚本的位置
【remote_user = westos   指定用户为westos

####5.构建用户级Ansible操作环境####

ansible在企业批量管理文件具有重要的作用 
ansble配置 首先配置私有化 ansible受控主机用户的sudo和建立 
[root@ansible ansible]# useradd devops
[root@ansible ansible]# su - devops
[devops@ansible ~]$ ls
[devops@ansible ~]$ mkdir .ansible 建立.ansible的目录
[devops@ansible ~]$ cd .ansible/
[devops@ansible .ansible]$ ls
[devops@ansible .ansible]$ vim inventory 清单
【 [westos]
172.25.254.198
172.25.254.213】
[devops@ansible .ansible]$ exit
logout
[root@ansible ansible]# vim /etc/ansible/hosts 删掉之前建立的清单
[root@ansible ansible]# su - devops
Last login: Fri Nov 26 15:22:27 CST 2021 on pts/1
[devops@ansible ~]$ ls
[devops@ansible ~]$ cd .ansible/
[devops@ansible .ansible]$ ls
inventory
[devops@ansible .ansible]$ vim ansible.cfg 子配置文件

【[defaults]默认
inventory = ~/.ansible/inventory 当前用户家目录下.ansible的inventory
host_key_checking = False
remote_user = devops
module_name = shell 默认模块

[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False】

[devops@ansible .ansible]$ ansible 172.25.254.198 -m shell -a 'useradd devops' -k -u root
SSH password: 
[devops@ansible .ansible]$ ansible 172.25.254.198 -m shell -a 'echo westos | passwd --stdin devops' -k -u root
SSH password:
[devops@ansible .ansible]$ ls
ansible.cfg  cp  inventory  tmp
[devops@ansible .ansible]$ ansible 172.25.254.198 -m shell -a 'echo "devops ALL=(root) NOPASSWD: ALL" >> /etc/sudoers' -k -u root  用户权力下放 让devpos在198主机有执行权限sudo 以root身份免密执行所有命令
SSH password: 
[devops@ansible .ansible]$ vim inventory
【 [westos]
172.25.254.198
  [westos1]
172.25.254.213】
[devops@ansible .ansible]$ ansible westos -m shell -a 'whoami' -k
SSH password: 
172.25.254.198 | CHANGED | rc=0 >>
root


[devops@ansible ~]$ ssh-keygen 用copy模块进行免密认证  
[devops@ansible .ansible]$ ansible westos -m shell -a 'mkdir -p /home/devops/.ssh' -k  建立用户存放key的命令0
SSH password: 
[root@198 mnt]# ls -ld /home/devops/.ssh/
drwxr-xr-x. 2 root root 6 Nov 26 15:54 /home/devops/.ssh/

[devops@ansible .ansible]$ ansible westos -m shell -a 'chown devops.devops /home/devops/.ssh' -k
SSH password: 
[devops@ansible .ansible]$ ansible westos -m shell -a 'chmod 700  /home/devops/.ssh' -k
SSH password: 


[devops@ansible .ansible]$ ansible westos -m copy -a 'src=/home/devops/.ssh/id_rsa.pub dest=/home/devops/.ssh/authorized_keys mode=0600' -k     src复制文件对象  dest目的地
SSH password:
[root@198 mnt]# ls /home/devops/.ssh/
authorized_keys
[root@198 ~]# ls /home/devops/.ssh/ -l
total 4
-rw-------. 1 root root 579 Nov 26 15:58 authorized_keys

[devops@ansible .ansible]$ ansible westos -m copy -a 'src=/home/devops/.ssh/id_rsa.pub dest=/home/devops/.ssh/authorized_keys mode=0600 owner=devops group=devops' -k
SSH password: 
[root@198 ~]# ls /home/devops/.ssh/ -l
total 4
-rw-------. 1 devops devops 579 Nov 26 15:58 authorized_keys

[devops@ansible .ansible]$ ssh -l devops 172.25.254.198 免密登陆

[devops@westoslinux .ansible]$ ansible westos -m shell -a 'touch /mnt/file5' -k 
SSH password: 
[WARNING]: Consider using the file module with state=touch rather than running
'touch'.  If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
172.25.254.198 | CHANGED | rc=0 >>

nodeb198
[root@westoslinux ~]# su - devops
[devops@westoslinux ~]$ cd /mnt/
[devops@westoslinux mnt]$ ls
8-abstract-dark.xml   circles-light.xml                file5文件存在
8-abstract-light.xml  desktop-backgrounds-default.xml  hello-world-dark.xml
circles-dark.xml      file




两者区别
[devops@ansible .ansible]$ vim ansible.cfg
#[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[devops@ansible .ansible]$ ansible westos -m shell -a 'whoami' -k
SSH password: 
172.25.254.198 | CHANGED | rc=0 >>
devops

先用devops连接到远程主机操作时在用sudo方式使用超级用户身份
[devops@ansible .ansible]$ vim ansible.cfg 取消注释
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
[devops@ansible .ansible]$ ansible westos -m shell -a 'whoami' -k
SSH password: 
172.25.254.198 | CHANGED | rc=0 >>
root

系统运维最新文章

配置小型公司网络WLAN基本业务（AC通过三层

如何用DWDM射频光纤技术实现200公里外的站点

国内顺畅下载k8s.gcr.io的镜像

自动化测试appium

ctfshow ssrf

Linux操作系统学习之实用指令（Centos7/8均

加:2021-12-05 12:23:43 更:2021-12-05 12:24:28

360图书馆购物三丰科技阅读网日历万年历 2024年11日历

-2024/11/16 2:31:31-

图片自动播放器
↓图片自动播放器↓

TxT小说阅读器
↓语音阅读,小说下载,古典文学↓

一键清除垃圾
↓轻轻一点,清除系统垃圾↓

图片批量下载器
↓批量下载图片,美女图库↓

网站联系: qq:121756557 email:121756557@qq.com IT数码