Linux安装Ansible

Linux安装Ansible

1.Ansible概述

  1. Ansible可以同时管理Redhat系的Linux,Debian系的Linux,以及Windows主机。管理节点只在执行脚本时与远程主机连接,没有特别的同步机制,所以断电等异常一般不会影响ansbile。
  2. ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
    1、连接插件connection plugins:负责和被监控端实现通信;
    2、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
    3、各种模块核心模块、command模块、自定义模块;
    4、借助于插件完成记录日志邮件等功能;
    5、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
  3. ansible的架构:连接其他主机默认使用ssh协议

Linux安装Ansible_第1张图片

  • Inventory:Ansible管理的主机信息,包括IP地址、SSH端口、账号、密码等
  • Modules:任务均有模块完成,也可以自定义模块,例如经常用的脚本。
  • Plugins:使用插件增加Ansible核心功能,自身提供了很多插件,也可以自定义插件。例如connection插件,用于连接目标主机。
  • Playbooks:“剧本”,模块化定义一系列任务,供外部统一调用。Ansible核心功能。

2.安装相关软件

[root@localhost ~]# yum -y install epel-release.noarch 
[root@localhost ~]# yum install -y tree
在主控机器上安装 ansible
yum install ansible
[root@localhost ~]# yum install -y ansible
[root@localhost ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg
├── hosts
└── roles

查找ansible安装的位置

[root@centos111 ~]# rpm -ql ansible
/etc/ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-2
/usr/bin/ansible-2.7
/usr/bin/ansible-config
/usr/bin/ansible-connection

3.修改主机清单

[root@centos111 ~]# vim /etc/ansible/hosts
[root@centos111 ~]#

[webservers]
## alpha.example.org
## beta.example.org
192.168.134.120
192.168.134.121

4.创建密钥对,进行远程连接

[root@centos111 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jpaHOsasS+nwXcTjqX6IpOx37QImnclr8D7+JL1lFwo root@centos111
The key's randomart image is:
+---[RSA 2048]----+
|     .           |
|  o oE+ S.       |
| o.O.o.B. .      |
|ooB=o+X+o.       |
|.*.BOB=o.        |
|..XBO=o.         |
+----[SHA256]-----+
[root@centos111 ~]#

5.将公钥上传到被监控端

[root@centos111 ~]# cd .ssh/
[root@centos111 .ssh]# ll
total 8
-rw-------. 1 root root 1679 Aug 29 17:40 id_rsa
-rw-r--r--. 1 root root  396 Aug 29 17:40 id_rsa.pub
[root@centos111 .ssh]#

[root@centos111 .ssh]# ssh-copy-id -i [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.134.120 (192.168.134.120)' can't be established.
ECDSA key fingerprint is SHA256:s0PUkmqboMRsanbnsKeC1vAJ3PMGFepws8/0lbZKXUo.
ECDSA key fingerprint is MD5:6d:22:d6:96:dc:e1:9e:f4:83:c5:2a:a9:3f:5e:e5:f5.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

[root@centos111 .ssh]# 

证明 配置ansible正确

[root@centos111 .ssh]# ansible 192.168.134.120 -m command -a 'date'
192.168.134.120 | CHANGED | rc=0 >>
Mon Aug 29 17:45:04 CST 2022
[root@centos111 .ssh]#
[root@centos111 .ssh]# ansible 192.168.134.121 -m command -a 'df -lh'
192.168.134.121 | CHANGED | rc=0 >>
Filesystem               Size  Used Avail Use% Mounted on
devtmpfs                 894M     0  894M   0% /dev
tmpfs                    910M     0  910M   0% /dev/shm
tmpfs                    910M   11M  900M   2% /run
tmpfs                    910M     0  910M   0% /sys/fs/cgroup
/dev/mapper/centos-root   17G  9.9G  7.1G  59% /
/dev/sda1               1014M  280M  735M  28% /boot
tmpfs                    182M   12K  182M   1% /run/user/42
tmpfs                    182M     0  182M   0% /run/user/0
[root@centos111 .ssh]#

SSH带密码的方式,创建密钥

#生成密钥对
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):   #回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):      #输入密码788788
Enter same passphrase again:                     #确认密码788788
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:WKpIMqbJgc2JyTz2C351d7bzbDUsyf1oKXaq82c [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|        .        |
|+= .   +   . +   |
|*B=   o S   + +  |
|==+. o . . o . = |
|oo..o . . + + = o|
|. ...     .B.BE o|
| ...      .+X=...|
+----[SHA256]-----+
[root@localhost ~]# ls -al
drwx------.  2 root root   57 48 10:31 .ssh
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ls

上传验证

[root@localhost .ssh]# ssh-copy-id [email protected]
[root@localhost .ssh]# ssh-copy-id [email protected]
#在监控端登录被监控端查看日期
[root@ansible ~]# ansible 192.168.223.20 -m command -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa':    #输入之前设置的密码:788788
192.168.223.20 | CHANGED | rc=0 >>
2021年 04月 08日 星期四 12:12:19 CST
[root@ansible ~]# ansible mysql -m command -a 'date'    #当然也可以用别名进程查看
Enter passphrase for key '/root/.ssh/id_rsa':
192.168.223.30 | CHANGED | rc=0 >>
2021年 04月 08日 星期四 12:14:22 CST
-m:指定模块
-a:指定参数

6. 命令行使用

ad-hoc命令可以输入内容,快速执行某个操作,但不希望留存记录。

ad-hoc命令是理解Ansible和在学习playbooks之前需要掌握的基础知识。

一般来说,Ansible的真正能力在于剧本。

6.1连接远程主机认证

SSH密码认证:

[webservers]
192.168.1.100:22 ansible_ssh_user=root ansible_ssh_pass=’123456’
192.168.1.101:22 ansible_ssh_user=root ansible_ssh_pass=’123456’

SSH密钥对认证:

[webservers]
10.206.240.111:22 ansible_ssh_user=root ansible_ssh_key=/root/.ssh/id_rsa 
10.206.240.112:22 ansible_ssh_user=root

也可以ansible.cfg在配置文件中指定:
[defaults]
private_key_file = /root/.ssh/id_rsa  # 默认路径

6.2常用选项

选项 描述
-C, --check 运行检查,不执行任何操作
-e EXTRA_VARS,–extra-vars=EXTRA_VARS 设置附加变量 key=value
-u REMOTE_USER, --user=REMOTE_USER SSH连接用户,默认None
-k, --ask-pass SSH连接用户密码
-b, --become 提权,默认root
-K, --ask-become-pass 提权密码

6.3命令行使用

ansible all -m ping
ansible all -m shell -a "ls /root" -u root -k 
ansible webservers -m copy –a "src=/etc/hosts dest=/tmp/hosts"

你可能感兴趣的:(Linux,linux,服务器)