Ansible(二)——基本环境的部署以及常用模块的使用
1、搭建实验环境
| 主机名 | IP | 服务 |
|---|---|---|
| server4 | 172.25.35.4 | 主控节点 |
| server5 | 172.25.35.5 | 被控节点 |
| server6 | 172.25.35.6 | 被控节点 |
由于软件包具有依赖性,所以此实验需要配置ansible的源,西面分别在三台虚拟机上配置yum源,步骤如下:
真机:
虚拟机server4上:
虚拟机server5上:
虚拟机server6上:
2、ansible基本环境的部署
1、在server4上面安装ansible
[root@server4 ~]# yum install -y ansible
2、查看ansible的安装的版本
[root@server4 ~]# ansible --version
3、查看ansible的配置文件
[root@server4 ansible]# cd /etc/ansible/
[root@server4 ansible]# ls
ansible.cfg hosts roles
[root@server4 ansible]# ll ansible.cfg
-rw-r--r-- 1 root root 20277 Feb 22 07:04 ansible.cfg
[root@server4 ansible]# ll hosts
-rw-r--r-- 1 root root 1016 Feb 22 07:04 hosts
[root@server4 ansible]# cd roles/
[root@server4 roles]# ls
[root@server4 roles]# cd ..
4、编辑/etc/hosts文件,添加本地解析
5、创建普通用户并添加普通用户ansible,编辑ansible主配置文件
[root@server4 ansible]# useradd devopes
[root@server4 ansible]# su - devopes
[devopes@server4 ~]$ ls
[devopes@server4 ~]$ mkdir ansible
[devopes@server4 ~]$ ll /etc/ansible/ansible.cfg
-rw-r--r-- 1 root root 20277 Feb 22 07:04 /etc/ansible/ansible.cfg
[devopes@server4 ~]$ ls
ansible
[devopes@server4 ~]$ cd ansible/
[devopes@server4 ansible]$ ls
[devopes@server4 ansible]$ pwd
/home/devopes/ansible
[devopes@server4 ansible]$ ls
[devopes@server4 ansible]$ vim ansible.cfg
[devopes@server4 ansible]$ cat ansible.cfg
[defaults]
inventory = ./inventory
6、在ansible主机设置inventory
[devopes@server4 ansible]$ vim inventory
[devopes@server4 ansible]$ cat inventory
[test]
172.25.35.5
[prod]
172.25.35.6
7、分别在server5和server6创建用户devopes并设置密码
[root@server5 ~]# useradd devopes
[root@server5 ~]# passwd devopes
[root@server6 ~]# useradd devopes
[root@server6 ~]# passwd devopes
8、设置ssh免密登陆
[devopes@server4 ansible]$ ssh-keygen
[devopes@server5 ~]$ ssh-copy-id 172.25.35.5
[devopes@server6 ~]$ ssh-copy-id 172.25.35.6
9、查看新建用户的id并尝试连接
[devopes@server4 ansible]$ id
[devopes@server4 ansible]$ ssh 172.25.35.5
[devopes@server4 ansible]$ ssh 172.25.35.6
10、测试所有的ansible节点是否可以ping通
3、常用命令和模块的练习
[devopes@server1 ansible]$ ansible all -m ping
[devopes@server1 ansible]$ ansible all -m ping -u devopes
[devopes@server1 ansible]$ ansible all -m ping -u root
[devopes@server1 ansible]$ ansible test -m copy -a "src=/etc/passwd
[devopes@server1 ansible]$ ansible test -a "ls /tmp"
[devopes@server1 ansible]$ ansible test -a "ls /tmp"
<1> ping一下远程主机组的所有主机
- all表示所有远程的主机组,使用command模块,也是默认的模块,然后使用ping命令,可以看到server5和server6主机是可以ping通的
<2> 使用devops的身份去检测
- -u表示指定用户,这里的用户指的都是远程主机的用户,拿谁家的钥匙开谁家的门
- -b表示自动由devops用户转为root用户,因此还是不可以的
<3> copy模块
- 将本地的文件拷贝到远程主机(test组的主机)的tmp目录下面
,远程主机的devops用户对tmp目录有权限
- 在test组的server2主机上面查看一下是否拷贝成功,发现拷贝成功
[root@server5 ~]# cd /tmp/
[root@server5 tmp]# ls
passwd
[root@server2 tmp]#
- 在server4主机上也可以直接查看,-a表示要执行的动作
- 也可以对其进行删除
- 将本地的文件拷贝到远程主机(test组的主机)的/mnt目录下面
会发现报错,因为server5和server6的 免密是devops用户的免密,devops用户对/mnt没有权限
接下来,我们在server5和server6上面授权,使devops具备root用户的权限
[root@server5 ~]# vim /etc/sudoers
92行 devopes ALL=(ALL) NOPASSWD: ALL
[root@server6 ~]# vim /etc/sudoers
92行 devopes ALL=(ALL) NOPASSWD: ALL
- 再次拷贝,发现就成功了
[devopes@server4 ansible]$ ansible test -m copy -a "src=/etc/passwd dest=/mnt/passwd" -b
[devopes@server4 ansible]$ ansible test -m copy -a "ls /mnt"
下面不想使用-b转换身份,想直接默认使用root身份
[devopes@server4 ansible]$ ls
ansible.cfg inventory
[devopes@server4 ansible]$ vim ansible.cfg
[devopes@server4 ansible]$ cat ansible.cfg
[defaults]
inventory = ./inventory
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
- 再次验证就成功了
[devopes@server4 ansible]$ ansible test -m copy -a "src=/etc/passwd dest=/mnt/passwd"
<4> 找出在test组里面但是不在prod组里面的主机
[devopes@server4 ansible]$ ls
ansible.cfg inventory
[devopes@server4 ansible]$ vim inventory
[devopes@server4 ansible]$ cat inventory
[test]
172.25.35.5
[prod]
172.25.35.6
[devopes@server4 ansible]$ ansible 'test:!prod' -m ping
172.25.35.5 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[devopes@server4 ansible]$ vim inventory
[devopes@server4 ansible]$ cat inventory
[test]
172.25.35.5
[prod]
172.25.35.6
172.25.35.5
[devopes@server4 ansible]$ ansible 'test:!prod' -m ping
[WARNING]: No hosts matched, nothing to do
<5>找出既在test组又在prod组里面的所有主机
[devopes@server4 ansible]$ vim inventory
[devopes@server4 ansible]$ cat inventory
[test]
172.25.35.5
[prod]
172.25.35.6
[devopes@server4 ansible]$ ansible 'test:&prod' -m ping
[WARNING]: No hosts matched, nothing to do
}
[devopes@server4 ansible]$ vim inventory
[devopes@server4 ansible]$ cat inventory
[test]
172.25.35.5
[prod]
172.25.35.6
172.25.35.5
[devopes@server4 ansible]$ ansible 'test:&prod' -m ping
172.25.35.5 | SUCCESS => {
"changed": false,
"ping": "pong"
}
<6>找出所有组中的所有主机
[devopes@server4 ansible]$ vim inventory
[devopes@server4 ansible]$ cat inventory
[test]
172.25.35.5
[prod]
172.25.35.6
[devopes@server4 ansible]$ ansible 'test:prod' -m ping
172.25.35.5 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.25.35.6 | SUCCESS => {
"changed": false,
"ping": "pong"
}
<7>创建webserver组,批量检测
[devopes@server4 ansible]$ vim inventory
[devopes@server4 ansible]$ cat inventory
[test]
172.25.35.5
[prod]
172.25.35.6
[webserver:children]
test
prod
[devopes@server4 ansible]$ ansible webserver -m ping
172.25.35.5 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.25.35.6 | SUCCESS => {
"changed": false,
"ping": "pong"
}
<8>yum模块
- 使用yum模块给test组里面的主机安装httpd服务
[devopes@server4 ansible]$ ansible test -m yum -a "name=httpd state=present"
[root@server5 ~]# rpm -q httpd
httpd-2.4.6-45.el7.x86_64
[devopes@server4 ansible]$ ansible test -a "rpm -q httpd"
给server5安装httpd服务
在server5上查看发现了httpd服务
在server4上也可以查看,此时也能发现httpd的服务
- 关掉test组里面的刚才安装的httpd服务
[devopes@server4 ansible]$ ansible test -m yum -a "name=httpd state=absent"
[root@server5 ~]# rpm -q httpd
- 再次使用yum模块给test组里面的主机安装httpd服务并开启服务
[devopes@server4 ansible]$ ansible test -m yum -a "name=httpd state=present"
[devopes@server4 ansible]$ ansible test -m service -a "name=httpd state=started"
[root@server5 ~]# systemctl status httpd
[devopes@server4 ansible]$ ansible test -m service -a "name=httpd state=stopped"
[root@server5 ~]# systemctl status httpd
给server5安装httpd服务
在server5上查看httpd的状态,发现是开启的
关闭httpd服务
再次到server5上查看httpd的状态,发现是关闭的
<9> 给test组的主机创建用户
[devopes@server4 ansible]$ ansible test -m user -a "name=gjl password=westos"
[devopes@server5 mnt]$ cat /etc/passwd | grep gjl
[devopes@server5 mnt]$ cat /etc/shadow | grep gjl
<10>查看主机的详细信息
[devopes@server1 ansible]$ ansible test -m setup
<11>安装数据库并授权
- 安装数据库
[devopes@server4 ansible]$ ansible test -m yum -a "name=mariadb-server state=present"
[devopes@server4 ansible]$ ansible test -m yum -a "name=MySQL-python.x86_64 state=present"
- 开启数据库并给数据库授权
[devopes@server4 ansible]$ ansible test -m service -a "name=mariadb state=started"
[devopes@server4 ansible]$ ansible test -m mysql_user -a "name=gjl password=westos priv=*.*:select host='%' state=present"
- 远程登陆数据库
[root@foundation35 Desktop]# mysql -h 172.25.35.2 -u gjl -p
show databases;
- 本地登陆数据库
[root@server5 mnt]# mysql
show databases;
- 创建用户对用户密码加密
[devopes@server1 ansible]$ ansible test -m user -a "name=gjl password={{'westos'|password_hash('sha512')}}"
[devopes@server5 mnt]$ cat /etc/shadow | grep gjl
[devopes@server1 ansible]$ ansible test -m user -a "name=gjl password={{'westos'|password_hash('sha512','westos')}}"
[devopes@server5 mnt]$ cat /etc/shadow | grep gjl
