- Ansible的用途介绍
Ansible是一种开源自动化平台,能够适应许多不同的工作流和环境。
Ansible可用于管理许多不同类型的系统,包括运行Linux、Microsoft Windows或UNIX服务器及网络设备。
Ansilbe Playbook是人类可读的文本文件,用于描述IT基础架构的所需状态。
Ansible围绕一种无代理架构构建,在控制节点安装Ansible,且客户端不需要任何特殊的代理软件。
Ansible使用SSH等标准协议连接受管主机,并在受管主机上运行代码或命令来确保它们处于Ansible指定的状态,因基于SSH连接,所以只需要受控端运行openssh服务即可。
自动化是减少人为错误并快速确保IT基础架构处于一致且正确的状态的关键工具,可以批量系统配置、批量软件部署、批量文件拷贝、批量运行命令等多个运维功能。
- 配置yum源来安装ansible
前言:因为Ansible包未在本地光盘中,因此配置的本地yum源是无法进行Ansible安装的,如果想安装,可以使用以下几种方法。
[root@RHEL8 ~]# dnf info ansible
Last metadata expiration check: 0:56:12 ago on Thu 24 Dec 2020 10:32:40 AM CST.
Error: No matching Packages to list
[root@RHEL8 ~]# dnf info epel-release
Last metadata expiration check: 0:56:25 ago on Thu 24 Dec 2020 10:32:40 AM CST.
Error: No matching Packages to list
方法1.通过阿里云配置yum源
[root@RHEL8 ~]# vim /etc/yum.repos.d/ansible.repo
添加如下内容:
[epel]
name=all source for ansible
baseurl=https://mirrors.aliyun.com/epel/8/Everything/x86_64/
enabled=1
gpgcheck=0
[root@RHEL8 ~]# dnf repolist
Last metadata expiration check: 0:20:39 ago on Thu 24 Dec 2020 11:12:08 AM CST.
repo id repo name status
LocalAppStream Local AppStream 4,681
LocalBaseOS local baseOS 1,655
epel all source for ansible 6,848
[root@RHEL8 ~]# dnf info ansible
Last metadata expiration check: 0:20:02 ago on Thu 24 Dec 2020 11:12:08 AM CST.
Available Packages
Name : ansible
Version : 2.9.15
Release : 1.el8
Arch : noarch
Size : 17 M
Source : ansible-2.9.15-1.el8.src.rpm
Repo : epel
Summary : SSH-based configuration management, deployment, and task execution system
URL : http://ansible.com
License : GPLv3+
Description : Ansible is a radically simple model-driven configuration management,
: multi-node deployment, and remote task execution system. Ansible works
: over SSH and does not require any software or daemons to be installed
: on remote nodes. Extension modules can be written in any language and
: are transferred to managed machines automatically.
[root@RHEL8 ~]# dnf install ansible
Last metadata expiration check: 0:21:22 ago on Thu 24 Dec 2020 11:12:08 AM CST.
Dependencies resolved.
====================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================
Installing:
ansible noarch 2.9.15-1.el8 epel 17 M
Installing dependencies:
libsodium x86_64 1.0.18-2.el8 epel 162 k
python3-bcrypt x86_64 3.1.6-2.el8.1 epel 44 k
python3-pynacl x86_64 1.3.0-5.el8 epel 100 k
sshpass x86_64 1.06-9.el8 epel 27 k
python3-babel noarch 2.5.1-3.el8 LocalAppStream 4.8 M
python3-jinja2 noarch 2.10-9.el8 LocalAppStream 537 k
python3-jmespath noarch 0.9.0-11.el8 LocalAppStream 45 k
python3-markupsafe x86_64 0.23-19.el8 LocalAppStream 39 k
python3-pyasn1 noarch 0.3.7-6.el8 LocalAppStream 126 k
Installing weak dependencies:
python3-paramiko noarch 2.4.3-1.el8 epel 289 kTransaction Summary
====================================================================================================================================================
Install 11 PackagesTotal size: 23 M
Total download size: 18 M
Installed size: 123 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): python3-bcrypt-3.1.6-2.el8.1.x86_64.rpm 8.0 kB/s | 44 kB 00:05
(2/6): libsodium-1.0.18-2.el8.x86_64.rpm 29 kB/s | 162 kB 00:05
(3/6): python3-paramiko-2.4.3-1.el8.noarch.rpm 1.4 MB/s | 289 kB 00:00
(4/6): python3-pynacl-1.3.0-5.el8.x86_64.rpm 414 kB/s | 100 kB 00:00
(5/6): sshpass-1.06-9.el8.x86_64.rpm 129 kB/s | 27 kB 00:00
(6/6): ansible-2.9.15-1.el8.noarch.rpm 2.3 MB/s | 17 MB 00:07
----------------------------------------------------------------------------------------------------------------------------------------------------
Total 2.4 MB/s | 18 MB 00:07
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-jmespath-0.9.0-11.el8.noarch 1/11
Installing : python3-pyasn1-0.3.7-6.el8.noarch 2/11
Installing : python3-markupsafe-0.23-19.el8.x86_64 3/11
Installing : python3-babel-2.5.1-3.el8.noarch 4/11
Installing : python3-jinja2-2.10-9.el8.noarch 5/11
Installing : sshpass-1.06-9.el8.x86_64 6/11
Installing : python3-bcrypt-3.1.6-2.el8.1.x86_64 7/11
Installing : libsodium-1.0.18-2.el8.x86_64 8/11
Installing : python3-pynacl-1.3.0-5.el8.x86_64 9/11
Installing : python3-paramiko-2.4.3-1.el8.noarch 10/11
Installing : ansible-2.9.15-1.el8.noarch 11/11
Running scriptlet: ansible-2.9.15-1.el8.noarch 11/11
Verifying : ansible-2.9.15-1.el8.noarch 1/11
Verifying : libsodium-1.0.18-2.el8.x86_64 2/11
Verifying : python3-bcrypt-3.1.6-2.el8.1.x86_64 3/11
Verifying : python3-paramiko-2.4.3-1.el8.noarch 4/11
Verifying : python3-pynacl-1.3.0-5.el8.x86_64 5/11
Verifying : sshpass-1.06-9.el8.x86_64 6/11
Verifying : python3-babel-2.5.1-3.el8.noarch 7/11
Verifying : python3-jinja2-2.10-9.el8.noarch 8/11
Verifying : python3-jmespath-0.9.0-11.el8.noarch 9/11
Verifying : python3-markupsafe-0.23-19.el8.x86_64 10/11
Verifying : python3-pyasn1-0.3.7-6.el8.noarch 11/11Installed:
ansible-2.9.15-1.el8.noarch python3-paramiko-2.4.3-1.el8.noarch libsodium-1.0.18-2.el8.x86_64 python3-bcrypt-3.1.6-2.el8.1.x86_64
python3-pynacl-1.3.0-5.el8.x86_64 sshpass-1.06-9.el8.x86_64 python3-babel-2.5.1-3.el8.noarch python3-jinja2-2.10-9.el8.noarch
python3-jmespath-0.9.0-11.el8.noarch python3-markupsafe-0.23-19.el8.x86_64 python3-pyasn1-0.3.7-6.el8.noarchComplete!
[root@RHEL8 ~]# ansible --version
ansible 2.9.15
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, May 21 2019, 23:51:36) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)]
[root@RHEL8 ~]#
方法2 .使用EPEL源
Extra Packages for Enterprise Linux
是基于Fedora的一个项目,为“红帽系”的操作系统提供额外的软件包,适用于RHEL、CentOS和Scientific Linux。首先安装一个叫“epel-release”的软件包,这个软件包会自动配置yum的软件仓库。[root@RHEL8 ~]# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm -y
Last metadata expiration check: 1:10:34 ago on Thu 24 Dec 2020 10:32:40 AM CST.
epel-release-latest-8.noarch.rpm 3.4 kB/s | 22 kB 00:06
Dependencies resolved.
====================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================
Installing:
epel-release noarch 8-10.el8 @commandline 22 kTransaction Summary
====================================================================================================================================================
Install 1 PackageTotal size: 22 k
Installed size: 32 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : epel-release-8-10.el8.noarch 1/1
Running scriptlet: epel-release-8-10.el8.noarch 1/1
Verifying : epel-release-8-10.el8.noarch 1/1Installed:
epel-release-8-10.el8.noarchComplete!
[root@RHEL8 ~]# dnf repolist
Last metadata expiration check: 0:02:01 ago on Thu 24 Dec 2020 11:44:03 AM CST.
repo id repo name status
LocalAppStream Local AppStream 4,681
LocalBaseOS local baseOS 1,655
*epel Extra Packages for Enterprise Linux 8 - x86_64 6,854
*epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64 0[root@RHEL8 ~]# dnf info ansible
Last metadata expiration check: 0:02:18 ago on Thu 24 Dec 2020 11:44:03 AM CST.
Installed Packages
Name : ansible
Version : 2.9.15
Release : 1.el8
Arch : noarch
Size : 98 M
Source : ansible-2.9.15-1.el8.src.rpm
Repo : @System
From repo : epel
Summary : SSH-based configuration management, deployment, and task execution system
URL : http://ansible.com
License : GPLv3+
Description : Ansible is a radically simple model-driven configuration management,
: multi-node deployment, and remote task execution system. Ansible works
: over SSH and does not require any software or daemons to be installed
: on remote nodes. Extension modules can be written in any language and
: are transferred to managed machines automatically[root@RHEL8 ~]# dnf install ansible
Last metadata expiration check: 0:27:48 ago on Thu 24 Dec 2020 11:44:03 AM CST.
Dependencies resolved.
====================================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================================
Installing:
ansible noarch 2.9.15-1.el8 epel 17 M
Installing dependencies:
libsodium x86_64 1.0.18-2.el8 epel 162 k
python3-bcrypt x86_64 3.1.6-2.el8.1 epel 44 k
python3-pynacl x86_64 1.3.0-5.el8 epel 100 k
sshpass x86_64 1.06-9.el8 epel 27 k
python3-babel noarch 2.5.1-3.el8 LocalAppStream 4.8 M
python3-jinja2 noarch 2.10-9.el8 LocalAppStream 537 k
python3-jmespath noarch 0.9.0-11.el8 LocalAppStream 45 k
python3-markupsafe x86_64 0.23-19.el8 LocalAppStream 39 k
python3-pyasn1 noarch 0.3.7-6.el8 LocalAppStream 126 k
Installing weak dependencies:
python3-paramiko noarch 2.4.3-1.el8 epel 289 kTransaction Summary
====================================================================================================================================================
Install 11 PackagesTotal size: 23 M
Total download size: 17 M
Installed size: 123 M
Is this ok [y/N]: y
Downloading Packages:
[SKIPPED] libsodium-1.0.18-2.el8.x86_64.rpm: Already downloaded
[SKIPPED] python3-bcrypt-3.1.6-2.el8.1.x86_64.rpm: Already downloaded
[SKIPPED] python3-paramiko-2.4.3-1.el8.noarch.rpm: Already downloaded
[SKIPPED] python3-pynacl-1.3.0-5.el8.x86_64.rpm: Already downloaded
[SKIPPED] sshpass-1.06-9.el8.x86_64.rpm: Already downloaded
(6/6): ansible-2.9.15-1.el8.noarch.rpm 27 kB/s | 17 MB 10:46
----------------------------------------------------------------------------------------------------------------------------------------------------
Total 27 kB/s | 17 MB 10:48
warning: /var/cache/dnf/epel-6519ee669354a484/packages/ansible-2.9.15-1.el8.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Extra Packages for Enterprise Linux 8 - x86_64 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x2F86D6A1:
Userid : "Fedora EPEL (8) <epel@fedoraproject.org>"
Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-jmespath-0.9.0-11.el8.noarch 1/11
Installing : python3-pyasn1-0.3.7-6.el8.noarch 2/11
Installing : python3-markupsafe-0.23-19.el8.x86_64 3/11
Installing : python3-babel-2.5.1-3.el8.noarch 4/11
Installing : python3-jinja2-2.10-9.el8.noarch 5/11
Installing : sshpass-1.06-9.el8.x86_64 6/11
Installing : python3-bcrypt-3.1.6-2.el8.1.x86_64 7/11
Installing : libsodium-1.0.18-2.el8.x86_64 8/11
Installing : python3-pynacl-1.3.0-5.el8.x86_64 9/11
Installing : python3-paramiko-2.4.3-1.el8.noarch 10/11
Installing : ansible-2.9.15-1.el8.noarch 11/11
Running scriptlet: ansible-2.9.15-1.el8.noarch 11/11
Verifying : ansible-2.9.15-1.el8.noarch 1/11
Verifying : libsodium-1.0.18-2.el8.x86_64 2/11
Verifying : python3-bcrypt-3.1.6-2.el8.1.x86_64 3/11
Verifying : python3-paramiko-2.4.3-1.el8.noarch 4/11
Verifying : python3-pynacl-1.3.0-5.el8.x86_64 5/11
Verifying : sshpass-1.06-9.el8.x86_64 6/11
Verifying : python3-babel-2.5.1-3.el8.noarch 7/11
Verifying : python3-jinja2-2.10-9.el8.noarch 8/11
Verifying : python3-jmespath-0.9.0-11.el8.noarch 9/11
Verifying : python3-markupsafe-0.23-19.el8.x86_64 10/11
Verifying : python3-pyasn1-0.3.7-6.el8.noarch 11/11Installed:
ansible-2.9.15-1.el8.noarch python3-paramiko-2.4.3-1.el8.noarch libsodium-1.0.18-2.el8.x86_64 python3-bcrypt-3.1.6-2.el8.1.x86_64
python3-pynacl-1.3.0-5.el8.x86_64 sshpass-1.06-9.el8.x86_64 python3-babel-2.5.1-3.el8.noarch python3-jinja2-2.10-9.el8.noarch
python3-jmespath-0.9.0-11.el8.noarch python3-markupsafe-0.23-19.el8.x86_64 python3-pyasn1-0.3.7-6.el8.noarchComplete!
[root@RHEL8 ~]#
- 查看ansible的版本和帮助
[root@RHEL8 ~]# ansible --version
ansible 2.9.15
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, May 21 2019, 23:51:36) [GCC 8.2.1 20180905 (Red Hat 8.2.1-3)]
[root@RHEL8 ~]#[root@RHEL8 ~]# ansible –help
[root@RHEL8 ~]# man ansible
- 测试是否能连接成功?(使用密码)
1.编辑ansible的配置文件
#ansible_ssh_user:指定用户名
#ansible_ssh_pass:指定密码[RHEL8-294]
192.168.0.110 ansible_ssh_user=kiosk ansible_ssh_pass="redhat" #局域网内另一台RHEL-294学习用RHEL8系统2.检查是否能连接到服务器
[root@RHEL8 ~]# ansible -m ping RHEL8-294
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
192.168.0.110 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.0.110 port 12888: Connection refused",
"unreachable": true
}[root@RHEL8 ~]# ansible -m ping 127.0.0.1
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
127.0.0.1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@RHEL8 ~]# ping 192.168.0.110
PING 192.168.0.110 (192.168.0.110) 56(84) bytes of data.
64 bytes from 192.168.0.110: icmp_seq=1 ttl=64 time=4.64 ms
--- 192.168.0.110 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 4.64ms
rtt min/avg/max/mdev = 4.644/14.575/32.752/10.795 ms
[root@RHEL8 ~]# ssh kiosk@192.168.0.110
The authenticity of host '192.168.0.110 (192.168.0.110)' can't be established.
ECDSA key fingerprint is SHA256:CKi+9sR77X7AXJlF/cDaYRGfimNPpeO+Ql/bYAAWik0.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.0.110' (ECDSA) to the list of known hosts.
kiosk@192.168.0.110's password:
Last login: Thu Dec 24 12:43:25 2020 from 192.168.0.108
[kiosk@foundation0 ~]$ exit
logout
Connection to 192.168.0.110 closed.
[root@RHEL8 ~]# ansible -m ping RHEL8-294
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
192.168.0.110 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}如果没有ssh过192.168.0.110,则会报最初错误,SSH过后,ansible测试成功。
测试是否能连接成功?(使用秘钥)
1.生成秘钥(默认情况下,私钥和公钥分别保存在~/.ssh/id_rsa和~/.ssh/id_rsa.pub文件中)
[root@RHEL8 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:wDAE5SKIVh6lmnS/Glze0aHJQt90XdEsY0tZ8I1W2uI root@RHEL8.example.com
The key's randomart image is:
+---[RSA 2048]----+
| .**. .B=|
|o o.o+ . B*+|
|+o.+..o o . +=++|
|o.+.o o.* o o.. |
| o + *So E |
| . o + . |
| o o . |
| o |
| . |
+----[SHA256]-----+[root@RHEL8 ~]# ll ~/.ssh/
total 12
-rw-------. 1 root root 1831 Dec 24 13:00 id_rsa
-rw-r--r--. 1 root root 404 Dec 24 13:00 id_rsa.pub
-rw-r--r--. 1 root root 175 Dec 24 12:45 known_hosts
[root@RHEL8 ~]# cat .ssh/id_rsa.pub #查看生成公钥信息
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiBNJUs7fTOFiNIxuIoWczV5s7z5hnMlfjwPeaCDq5HcLLWztn46ZW3mQwlXGsdQynNwhZDcN7tiDusfGWSi6CaTuVCkiD4c8ZhReXmos7rvyTQiORd3TE6JDu8fO2wWy/c6dqVPfDFVr/I/GYMLUgvdVgbWVUxKxoa3ThI317dvbWuZqJ3SG9sneZ0eWVNV52XU2cTfElH3fTDz2P2+zKN3qMg93EcQ0e0LBKLZlxREFgMMO8LHLLsVjpIX03JujtynTTnPX0cbq1t8zIB1vHSuYoO+hugw/XQO4UVDZr1U4/JjtBoRvN2+6umUC6QbuJZRDAqzovzw9dmZX9qYRh root@RHEL8.example.com2.上传公钥到192.168.0.110服务器
[root@RHEL8 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub kiosk@192.168.0.110
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
kiosk@192.168.0.110's password:Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'kiosk@192.168.0.110'"
and check to make sure that only the key(s) you wanted were added.3.登陆到受控端服务器检查,是否已把KEY写入
[kiosk@foundation0 ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiBNJUs7fTOFiNIxuIoWczV5s7z5hnMlfjwPeaCDq5HcLLWztn46ZW3mQwlXGsdQynNwhZDcN7tiDusfGWSi6CaTuVCkiD4c8ZhReXmos7rvyTQiORd3TE6JDu8fO2wWy/c6dqVPfDFVr/I/GYMLUgvdVgbWVUxKxoa3ThI317dvbWuZqJ3SG9sneZ0eWVNV52XU2cTfElH3fTDz2P2+zKN3qMg93EcQ0e0LBKLZlxREFgMMO8LHLLsVjpIX03JujtynTTnPX0cbq1t8zIB1vHSuYoO+hugw/XQO4UVDZr1U4/JjtBoRvN2+6umUC6QbuJZRDAqzovzw9dmZX9qYRh root@RHEL8.example.com
[root@RHEL8 ~]# ssh 192.168.0.106
Web console: https://node1.example.com:9090/ or https://192.168.0.106:9090/
Last failed login: Sat Dec 26 09:49:12 CST 2020 from 192.168.0.112 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sat Dec 26 09:48:37 2020 from 192.168.0.112
4.编辑配置文件,不再需要指定密码
[root@RHEL8 ~]# vim /etc/ansible/hosts
192.168.0.110 ansible_ssh_user=kiosk
5.测试是否能够连接
[root@RHEL8 ~]# ansible -m ping RHEL8-294
[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details
192.168.0.110 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
至此,Ansible安装成功,以上。
