文章目录
- Ansible 自动化运维工具
- 1. Ansible 简介
- 1.1 什么是Ansible
- 1.2 absible 特点
- 2. 安装Ansible
- 2.1 控制节点
- 2.2 被控节点
- 3. 部署ansible
- 3.1 构建ansible清单
Ansible 自动化运维工具
1. Ansible 简介
1.1 什么是Ansible
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible是基于 paramiko 开发的,并且基于模块化工作,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。ansible不需要在远程主机上安装client/agents,因为它们是基于ssh来和远程主机通讯的。
1.2 absible 特点
- 部署简单,只需在主控端部署Ansible环境,被控端无需做任何操作;
- 默认使用SSH协议对设备进行管理;
- 有大量常规运维操作模块,可实现日常绝大部分操作;
- 配置简单、功能强大、扩展性强;
- 支持API及自定义模块,可通过Python轻松扩展;
- 通过Playbooks来定制强大的配置、状态管理;
- 轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可;
- 提供一个功能强大、操作性强的Web管理界面和REST API接口——AWX平台。
- Ansible Playbook采用YAML文本文件编写,易于阅读,有助于确保所有人都能理解它们的用途。
Asnible架构图:
Ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是Ansible所运行的模块,Ansible只是提供一种框架。主要包括:
(1) 连接插件connection plugins:负责和被监控端实现通信;
(2) host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3) 各种模块核心模块、command模块、自定义模块;
(4) 借助于插件完成记录日志邮件等功能;
(5) playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
Ansible流程图:
2. 安装Ansible
2.1 控制节点
//安装epel源
[root@localhost ~]# yum -y install epel-release
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Repository AppStream is listed more than once in the configuration
CentOS-8 - Base - mirrors.aliyun.co 1.3 MB/s | 3.6 MB 00:02
CentOS-8 - Extras - mirrors.aliyun. 20 kB/s | 9.8 kB 00:00
CentOS-8 - AppStream - mirrors.aliy 924 kB/s | 8.1 MB 00:08
.....
//安装ansible
[root@localhost ~]# yum -y install ansible
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Repository AppStream is listed more than once in the configuration
Extra Packages for Enterprise Linux 172 kB/s | 663 kB 00:03
Extra Packages for Enterprise Linux 1.7 MB/s | 10 MB 00:05
.......
已安装:
ansible-2.9.23-1.el8.noarch
libsodium-1.0.18-2.el8.x86_64
python3-babel-2.5.1-5.el8.noarch
python3-bcrypt-3.1.6-2.el8.1.x86_64
python3-jinja2-2.10.1-2.el8_0.noarch
python3-jmespath-0.9.0-11.el8.noarch
python3-markupsafe-0.23-19.el8.x86_64
python3-paramiko-2.4.3-1.el8.noarch
python3-pip-9.0.3-19.el8.noarch
python3-pyasn1-0.3.7-6.el8.noarch
python3-pynacl-1.3.0-5.el8.x86_64
python3-pytz-2017.2-9.el8.noarch
python3-pyyaml-3.12-12.el8.x86_64
python3-setuptools-39.2.0-5.el8.noarch
python36-3.6.8-2.module_el8.4.0+790+083e3d81.x86_64
sshpass-1.06-9.el8.x86_64
完毕!
[root@localhost ~]#2.2 被控节点
安装python
[root@localhost ~]# yum module install python36
....
[root@localhost yum.repos.d]#3. 部署ansible
3.1 构建ansible清单
//使用静态清单指定受管主机
[root@localhost ansible]# vim ansible.cfg 在配置文件添加一行
inventory = /etc/ansible/inventory
[root@localhost ansible]# touch inventory
[root@localhost ansible]# ls
ansible.cfg hosts inventory roles
//添加受管主机
[root@localhost ansible]# vim inventory
192.168.200.144
[webservers]
192.168.200.143
//使用命令列出默认清单文件中所有受管主机
[root@localhost ansible]# ansible all --list-hosts
hosts (2):
192.168.200.144
192.168.200.143
//使用以下命令列出不属于任何组的受管主机
[root@localhost ansible]# ansible ungrouped --list-hosts
hosts (1):
192.168.200.144
//使用以下命令列出属于某组的受管主机
[root@localhost ansible]# ansible webservers --list-hosts
hosts (1):
192.168.200.143
//添加用户 密码
[root@localhost ansible]# vim inventory
[webservers]
192.168.200.143 ansible_user=root ansible_password=1
//ping 主机
[root@localhost ansible]# ansible all -m ping
192.168.200.143 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
// 做ssh 互信
[root@localhost ansible]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ZX7EPEtGIyy6NzFuxt2itSEFhJc7lAy+ZqZ2bxSfP3U root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| .=.+. o |
| .. O .= . |
| .+ +o B |
| ..*+.+ o |
| =+SO.oo |
| =. X B.. . E|
| o .= = = . . |
| . . .o . o |
| .. . |
+----[SHA256]-----+
[root@localhost ansible]# ssh-copy-id root@192.168.200.143
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.200.143's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.200.143'"
and check to make sure that only the key(s) you wanted were added.
//删除用户和密码 ping主机
[root@localhost ansible]# vim inventory
[webservers]
192.168.200.143
[root@localhost ansible]# ansible all -m ping
192.168.200.143 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
//移动清单文件ping主机需要指定移动到的目录
[root@localhost ansible]# mv inventory /opt/
[root@localhost ansible]# cd /opt/
[root@localhost opt]# ls
inventory
[root@localhost opt]# ansible all -m ping
[WARNING]: Unable to parse /etc/ansible/inventory as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all' // 这个时候ping不通需要指定
[root@localhost opt]# ansible all -i /opt/inventory -m ping
192.168.200.143 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
} // 指定后可以ping通
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
