Ansible初次使用

共计 3872 个字符，预计需要花费 10 分钟才能阅读完成。

Ansible简介

Ansible简单说是一个配置管理系统，你只需要可以使用ssh访问您的服务器或设备就可以控制所有服务器去执行一系列操作。

ansible优势

• ansible不需要单独安装客户端，也不需要启动任何服务
• ansible是python中的一套完整的自动化执行任务模块
• ansible playbook，采用yaml语法配置，对于自动化任务执行一目了然
• ansible 模块较多，对于自动化的场景支持较丰富

ansible架构

• 连接插件connectior plugins用于连接主机 用来连接被管理端
• 核心模块 core modules 连接主机实现操作， 它依赖于具体的模块来做具体的事情
• 自定义模块 custom modules，根据自己的需求编写具体的模块
• 插件 plugins，完成模块功能的补充
• 剧本 playbooks，ansible的配置文件,将多个任务定义在剧本中，由ansible自动执行
• 主机清单 inventor，定义ansible需要操作主机的范围

ansible执行流程

1. Ansible读取playbook剧本，剧本中会记录对哪些主机执行哪些任务。
2. 首先Ansible通过主机清单找到要执行的主机，然后调用具体的模块。
3. 其次Ansible会通过连接插件连接对应的主机并下发对应的任务列表。
4. 最后被管理的主机会将Ansible发送过来的任务解析为本地Shell命令执行。

Ansible安装

准备两台节点，一个为主控端（安装ansible），一个为客户端

[root@manager ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core)
[root@nfs ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core) 

查看ansible安装包信息

[root@manager ~]# yum info ansible
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.163.com
Installed Packages
Name        : ansible
Arch        : noarch
Version     : 2.7.4
Release     : 1.el7
Size        : 60 M
Repo        : installed
From repo   : epel
Summary     : SSH-based configuration management, deployment, and task execution system
URL         : http://ansible.com
License     : GPLv3+
Description : Ansible is a radically simple model-driven configuration management,
            : multi-node deployment, and remote task execution system. Ansible works
            : over SSH and does not require any software or daemons to be installed
            : on remote nodes. Extension modules can be written in any language and
            : are transferred to managed machines automatically.

安装ansible

[root@manager ~]# yum install ansible -y

ansible配置文件

[root@manager ~]# cat /etc/ansible/ansible.cfg 
#inventory      = /etc/ansible/hosts      #主机列表配置文件
#library        = /usr/share/my_modules/  #库文件存放目录
#remote_tmp     = ~/.ansible/tmp          #临时py文件存放在远程主机目录
#local_tmp      = ~/.ansible/tmp          #本机的临时执行目录
#forks          = 5                       #默认并发数
#sudo_user      = root                    #默认sudo用户
#ask_sudo_pass = True                     #每次执行是否询问sudo的ssh密码
#ask_pass      = True                     #每次执行是否询问ssh密码
#remote_port    = 22                      #远程主机端口
host_key_checking = False                 #跳过检查主机指纹
log_path = /var/log/ansible.log           #ansible日志

Ansible初步使用

主控端生成密钥对

[root@manager ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:qCPWwGHKyoJQnaI++CwqIEf4m570/43jlJsHbEVLkrA root@manager
The key's randomart image is:
+---[RSA 2048]----+
|      .. .       |
|   . . .o o      |
| .= o E  + .     |
|o*.o   .  o      |
|++o   ..S.       |
|X oo .  +.       |
|B=+o+  .o.       |
|+=++ . ..=.      |
|+o= ...o*o.      |
+----[SHA256]-----+

将主控端的公钥推送至客户端节点和本地

[root@manager ~]# ssh-copy-id 172.16.1.31
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.31's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '172.16.1.31'"
and check to make sure that only the key(s) you wanted were added.
[root@manager ~]# ssh-copy-id 172.16.1.61
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.61's password: 
Permission denied, please try again.
root@172.16.1.61's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '172.16.1.61'"
and check to make sure that only the key(s) you wanted were added.

# 测试免密登录
[root@manager ~]# ssh root@172.16.1.31
Last login: Wed Jan 9 00:29:17 2018 from 10.0.0.1
[root@nfs ~]# 

配置ansible主机清单配置文件

[root@manager ~]# cat >> /etc/ansible/hosts << EOF
[nfs]
172.16.1.31
[manager]
172.16.1.61
EOF
[root@manager ~]# tail /etc/ansible/hosts -n4
[nfs]
172.16.1.31
[manager]
172.16.1.61

使用ping模块测试客户端连通性

[root@manager ~]# ansible all -m ping
172.16.1.31 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
172.16.1.61 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}