前言html
Ansible是一款優秀的自動化IT運維工具,具備遠程安裝、遠程部署應用、遠程管理能力,支持Windows、Linux、Unix、macOS和大型機等多種操做系統。node
下面就以CentOS 7.6爲主機操做系統,演示安裝Ansible工具的過程,將一個本地應用例子安裝到遠程主機,並在遠程主機上運行應用。python
1、環境準備shell
完成這個例子,最少須要兩臺主機,一臺安裝Ansible運維工具自己,用做管理主機,一臺用做遠程目標主機。centos
兩臺主機都預先安裝了CentOS 7.6操做系統。bash
# Ansible管理主機babel
192.168.6.190 root@k3s-vip網絡
# 遠程目標主機運維
192.168.6.193 root@k3s-node3 dom
2、安裝Ansible運維工具
使用SSH登陸到擬安裝Ansible的主機。
[root@k3s-vip ~]# uname -a Linux k3s-vip 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Ansible的安裝過程很簡單,只須要一條yum命令。
使用CentOS自帶工具yum自動下載、安裝Ansible。Ansible依賴於Python語言,安裝Ansible時會自動下載、安裝Python語言包。
安裝過程當中會提示是否安裝依賴軟件包,所有選y。
[root@k3s-vip ~]# yum install ansible Loaded plugins: fastestmirror, langpacks Determining fastest mirrors * base: centos.ustc.edu.cn * extras: mirrors.cqu.edu.cn * updates: mirrors.cqu.edu.cn base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 (1/2): extras/7/x86_64/primary_db | 187 kB 00:00:01 (2/2): updates/7/x86_64/primary_db | 3.4 MB 00:00:15 Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.4.2.0-2.el7 will be installed --> Processing Dependency: sshpass for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python2-jmespath for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-passlib for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-paramiko for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-jinja2 for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-httplib2 for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-cryptography for package: ansible-2.4.2.0-2.el7.noarch --> Running transaction check ---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed ---> Package python-jinja2.noarch 0:2.7.2-2.el7 will be installed --> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-2.el7.noarch --> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-2.el7.noarch ---> Package python-paramiko.noarch 0:2.1.1-9.el7 will be installed --> Processing Dependency: python2-pyasn1 for package: python-paramiko-2.1.1-9.el7.noarch ---> Package python-passlib.noarch 0:1.6.5-2.el7 will be installed ---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed --> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64 --> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64 --> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64 ---> Package python2-jmespath.noarch 0:0.9.0-3.el7 will be installed ---> Package sshpass.x86_64 0:1.06-2.el7 will be installed --> Running transaction check ---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed ---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed --> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64 ---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed ---> Package python-idna.noarch 0:2.4-1.el7 will be installed ---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed ---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed --> Running transaction check ---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed --> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch --> Running transaction check ---> Package python-ply.noarch 0:3.4-11.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================================================================== Installing: ansible noarch 2.4.2.0-2.el7 extras 7.6 M Installing for dependencies: python-babel noarch 0.9.6-8.el7 base 1.4 M python-cffi x86_64 1.6.0-5.el7 base 218 k python-enum34 noarch 1.0.4-1.el7 base 52 k python-httplib2 noarch 0.9.2-1.el7 extras 115 k python-idna noarch 2.4-1.el7 base 94 k python-jinja2 noarch 2.7.2-2.el7 base 515 k python-markupsafe x86_64 0.11-10.el7 base 25 k python-paramiko noarch 2.1.1-9.el7 updates 269 k python-passlib noarch 1.6.5-2.el7 extras 488 k python-ply noarch 3.4-11.el7 base 123 k python-pycparser noarch 2.14-1.el7 base 104 k python2-cryptography x86_64 1.7.2-2.el7 base 502 k python2-jmespath noarch 0.9.0-3.el7 extras 39 k python2-pyasn1 noarch 0.1.9-7.el7 base 100 k sshpass x86_64 1.06-2.el7 extras 21 k Transaction Summary ============================================================================================================================================================================================================== Install 1 Package (+15 Dependent packages) Total download size: 12 M Installed size: 57 M Is this ok [y/d/N]: y Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/python-babel-0.9.6-8.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY ] 0.0 B/s | 574 kB --:--:-- ETA Public key for python-babel-0.9.6-8.el7.noarch.rpm is not installed (1/16): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:00 (2/16): python-idna-2.4-1.el7.noarch.rpm | 94 kB 00:00:00 (3/16): python-enum34-1.0.4-1.el7.noarch.rpm | 52 kB 00:00:00 Public key for python-httplib2-0.9.2-1.el7.noarch.rpm is not installed 13% [==========- ] 1.5 MB/s | 1.6 MB 00:00:06 ETA (4/16): python-httplib2-0.9.2-1.el7.noarch.rpm | 115 kB 00:00:00 (5/16): python-jinja2-2.7.2-2.el7.noarch.rpm | 515 kB 00:00:00 (6/16): python-passlib-1.6.5-2.el7.noarch.rpm | 488 kB 00:00:00 Public key for python-paramiko-2.1.1-9.el7.noarch.rpm is not installed (7/16): python-paramiko-2.1.1-9.el7.noarch.rpm | 269 kB 00:00:00 (8/16): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00:00 (9/16): python-pycparser-2.14-1.el7.noarch.rpm | 104 kB 00:00:00 (10/16): python2-cryptography-1.7.2-2.el7.x86_64.rpm | 502 kB 00:00:00 (11/16): python2-pyasn1-0.1.9-7.el7.noarch.rpm | 100 kB 00:00:00 (12/16): python2-jmespath-0.9.0-3.el7.noarch.rpm | 39 kB 00:00:00 (13/16): sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00 (14/16): ansible-2.4.2.0-2.el7.noarch.rpm | 7.6 MB 00:00:03 (15/16): python-cffi-1.6.0-5.el7.x86_64.rpm | 218 kB 00:00:04 (16/16): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:04 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 1.8 MB/s | 12 MB 00:00:06 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-6.1810.2.el7.centos.x86_64 (@anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Is this ok [y/N]: y Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : python2-pyasn1-0.1.9-7.el7.noarch 1/16 Installing : python-enum34-1.0.4-1.el7.noarch 2/16 Installing : python-httplib2-0.9.2-1.el7.noarch 3/16 Installing : sshpass-1.06-2.el7.x86_64 4/16 Installing : python-babel-0.9.6-8.el7.noarch 5/16 Installing : python2-jmespath-0.9.0-3.el7.noarch 6/16 Installing : python-passlib-1.6.5-2.el7.noarch 7/16 Installing : python-ply-3.4-11.el7.noarch 8/16 Installing : python-pycparser-2.14-1.el7.noarch 9/16 Installing : python-cffi-1.6.0-5.el7.x86_64 10/16 Installing : python-markupsafe-0.11-10.el7.x86_64 11/16 Installing : python-jinja2-2.7.2-2.el7.noarch 12/16 Installing : python-idna-2.4-1.el7.noarch 13/16 Installing : python2-cryptography-1.7.2-2.el7.x86_64 14/16 Installing : python-paramiko-2.1.1-9.el7.noarch 15/16 Installing : ansible-2.4.2.0-2.el7.noarch 16/16 Verifying : python-idna-2.4-1.el7.noarch 1/16 Verifying : python-markupsafe-0.11-10.el7.x86_64 2/16 Verifying : python-jinja2-2.7.2-2.el7.noarch 3/16 Verifying : python-ply-3.4-11.el7.noarch 4/16 Verifying : python-passlib-1.6.5-2.el7.noarch 5/16 Verifying : python2-jmespath-0.9.0-3.el7.noarch 6/16 Verifying : python-paramiko-2.1.1-9.el7.noarch 7/16 Verifying : python-babel-0.9.6-8.el7.noarch 8/16 Verifying : ansible-2.4.2.0-2.el7.noarch 9/16 Verifying : python-cffi-1.6.0-5.el7.x86_64 10/16 Verifying : sshpass-1.06-2.el7.x86_64 11/16 Verifying : python-httplib2-0.9.2-1.el7.noarch 12/16 Verifying : python2-pyasn1-0.1.9-7.el7.noarch 13/16 Verifying : python-enum34-1.0.4-1.el7.noarch 14/16 Verifying : python-pycparser-2.14-1.el7.noarch 15/16 Verifying : python2-cryptography-1.7.2-2.el7.x86_64 16/16 Installed: ansible.noarch 0:2.4.2.0-2.el7 Dependency Installed: python-babel.noarch 0:0.9.6-8.el7 python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7 python-httplib2.noarch 0:0.9.2-1.el7 python-idna.noarch 0:2.4-1.el7 python-jinja2.noarch 0:2.7.2-2.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-paramiko.noarch 0:2.1.1-9.el7 python-passlib.noarch 0:1.6.5-2.el7 python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7 python2-cryptography.x86_64 0:1.7.2-2.el7 python2-jmespath.noarch 0:0.9.0-3.el7 python2-pyasn1.noarch 0:0.1.9-7.el7 sshpass.x86_64 0:1.06-2.el7 Complete!
結果代表,Ansible已經正確安裝。
[root@k3s-vip ~]# ansible --version ansible 2.4.2.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]
Ansible的版本號是2.4.2.0,依賴的Python語言包版本號是2.7.5。
安裝Ansible不是目的,Ansible的強大功能是自動化安裝、部署和運行。下面以一個小例子來演示Ansible的IT運維能力。
3、創建主機信任關係
Ansible是基於SSH來管理遠程主機的,爲了能自動化運行,須要在Ansible管理主機與遠程目標主機之間創建SSH信任關係。
信任關係創建後,Ansible就能夠自由訪問目標主機。
以root用戶遠程登陸目標主機,提示時選擇yes,輸入遠程目標主機上的root用戶密碼。由於須要在遠程目標主機上安裝軟件包,使用root用戶是必須的。
[root@k3s-vip ~]# ssh root@k3s-node3 The authenticity of host 'k3s-node3 (192.168.6.193)' can't be established. ECDSA key fingerprint is SHA256:v8yvQmBzZWZrQzhIn4lNMgTsVK7C0lHaEcvdL9cqdno. ECDSA key fingerprint is MD5:a0:aa:14:14:7e:7c:98:67:c1:9a:e4:aa:0d:ce:32:83. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'k3s-node3,192.168.6.193' (ECDSA) to the list of known hosts. root@k3s-node3's password: Last login: Sun Apr 7 11:09:20 2019 from 192.168.6.1
[root@k3s-vip ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:3GNNAxe62c9R505oFL0mkoKYJ53d2XjvP0cIWEsjvX8 root@k3s-vip The key's randomart image is: +---[RSA 2048]----+ | ..o... | | .+= ..| | + + o=B+. +| | + * +.%+* *.| | o S B =oB.o| | . . +o=E| | +o.| | o.| | =| +----[SHA256]-----+
[root@k3s-vip ~]# scp -p ~/.ssh/id_rsa.pub root@192.168.6.193:/root/.ssh/authorized_keys root@192.168.6.193's password: 100% 405 605.6KB/s 00:00 id_rsa.pub
從Ansible主機SSH登陸到目標主機:
[root@k3s-vip ~]# ssh 192.168.6.193 Last login: Sun Apr 7 12:00:19 2019 from k3s-vip
[root@k3s-node3 ~]#
結果顯示,能夠免密碼登陸了。
配置主機信任的過程有點麻煩,可是配置一次就能夠永久免密登陸,比起每次登陸輸入密碼仍是值得的。
4、配置Ansible環境
新建一個Shell腳本文件show_hosts.sh,功能很簡單,輸出日期時間和/etc/hosts文件的內容到控制檯。
編寫遠程安裝的Ansible部署文件,將show_hosts.sh文件安裝到遠程主機的/user/loca/bin目錄下。
在遠程主機運行腳本,而後刪除腳本。
[root@k3s-vip ~]# mkdir -p /root/ansible [root@k3s-vip ~]# cd /root/ansible/ [root@k3s-vip ansible]# vi show_hosts.sh [root@k3s-vip ansible]# chmod +x show_hosts.sh [root@k3s-vip ansible]# cat show_hosts.sh #!/usr/bin/bash date cat /etc/hosts
[root@k3s-vip ~]# ./show_hosts.sh Sun Apr 7 14:42:22 CST 2019 127.0.0.1 localhost localhost.localdomain 192.168.6.190 k3s-vip 192.168.6.193 k3s-node3
輸出了當前日期時間和/etc/hosts文件的內容。
[root@k3s-vip ~]# ls -ln /etc/ansible/ total 24 -rw-r--r-- 1 0 0 19179 Jan 30 2018 ansible.cfg # Ansible配置文件 -rw-r--r-- 1 0 0 1016 Jan 30 2018 hosts # Ansible主機文件 drwxr-xr-x 2 0 0 6 Jan 30 2018 roles # 角色文件
修改hosts文件,在文件最後添加主機組k3s-node以及組內主機IP:
[k3s-node]
192.168.6.193
[root@k3s-vip ~]# cd /etc/ansible/ [root@k3s-vip ansible]# vi hosts [root@k3s-vip ansible]# cat hosts # This is the default ansible 'hosts' file. # ... [k3s-node] 192.168.6.193
[root@k3s-vip ansible]# ansible k3s-node -m ping 192.168.6.193 | SUCCESS => { "changed": false, "ping": "pong" }
子命令ping會依次向主機組k3s-node內的各個主機發出報文,驗證網絡連通性。
5、編寫playbook劇本文件
playbook是預先編寫的描述性劇本,ansible會逐個執行playbook劇本內的命令。
playbook文件是yaml語言格式描述的。show_hosts.yaml劇本分爲三個子任務:
複製shell腳本到遠程主機;
在遠程主機執行shell腳本,休眠3秒;
最後刪除腳本。
[root@k3s-vip ansible]# cd /root/ansible/ [root@k3s-vip ansible]# [root@k3s-vip ansible]# cat show_hosts.yaml - name: a sample for show /etc/hosts hosts: k3s-node remote_user: root tasks: - name: copy show_hosts shell file: src: '{{ item.src }}' dest: '{{ item.dest }}' mode: 755 with_items: - { src: '/root/ansible/show_hosts.sh', dest: '/usr/local/bin/'} - name: run shell shell: | /usr/local/bin/show_hosts.sh; sleep 3; - name: delete shell file: src: '{{ item.src }}' dest: '{{ item.dest }}' state: '{{ item.state }}' with_items: - { src: '', dest: '/usr/local/bin/show_hosts.sh', state: 'absent' }
萬事具有,只欠東風了。激動人心的時刻即將到來。
6、遠程執行playbook劇本
在Ansible主機運行ansible-playbook命令,按順序執行playbook劇本子任務,從結果看全部子任務所有執行成功。
[root@k3s-vip ansible]# ansible-playbook show_hosts.yaml PLAY [a sample for show /etc/hosts] ************************************************************************************************************************************************************************** TASK [Gathering Facts] *************************************************************************************************************************************************************************************** ok: [192.168.6.193] TASK [copy show_hosts shell] ********************************************************************************************************************************************************************************* changed: [192.168.6.193] => (item={u'dest': u'/usr/local/bin/', u'src': u'/root/ansible/show_hosts.sh'}) TASK [run shell] ********************************************************************************************************************************************************************************************* changed: [192.168.6.193] TASK [delete shell] ****************************************************************************************************************************************************************************************** changed: [192.168.6.193] => (item={u'dest': u'/usr/local/bin/show_hosts.sh', u'src': u'', u'state': u'absent'}) PLAY RECAP *************************************************************************************************************************************************************************************************** 192.168.6.193 : ok=4 changed=3 unreachable=0 failed=0 [root@k3s-vip ansible]#
7、小結
下載安裝自動化運維工具Ansible;
創建管理主機和目標主機之間的SSH信任關係;
配置管理主機上的Ansible運行環境:遠程目標主機組等;
編寫例子腳本show_hosts.sh;
編寫playbook劇本:複製shell腳本、遠程執行腳本,最後刪除腳本;
運行playbook。
Ansible是一個功能強大的IT運維工具,本文只是揭開冰山一角。本文的過程略顯複雜,可是「寫一次,到處運行」的好處的是顯而易見的。
但願本文對讀者有幫助,歡迎留言交流。
原文出處:https://www.cnblogs.com/solomonxu/p/10664207.html