在CentOS7.6上安裝自動化運維工具Ansible以及playbook案例實操

前言html

Ansible是一款優秀的自動化IT運維工具,具備遠程安裝、遠程部署應用、遠程管理能力,支持Windows、Linux、Unix、macOS和大型機等多種操做系統。node

下面就以CentOS 7.6爲主機操做系統,演示安裝Ansible工具的過程,將一個本地應用例子安裝到遠程主機,並在遠程主機上運行應用。python

 1、環境準備shell

完成這個例子,最少須要兩臺主機,一臺安裝Ansible運維工具自己,用做管理主機,一臺用做遠程目標主機。centos

兩臺主機都預先安裝了CentOS 7.6操做系統。bash

# Ansible管理主機babel

192.168.6.190  root@k3s-vip網絡

# 遠程目標主機運維

 192.168.6.193  root@k3s-node3 dom

2、安裝Ansible運維工具

使用SSH登陸到擬安裝Ansible的主機。

  • 查看系統環境:
[root@k3s-vip ~]# uname -a Linux k3s-vip 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
  • 運行安裝命令

Ansible的安裝過程很簡單,只須要一條yum命令。

使用CentOS自帶工具yum自動下載、安裝Ansible。Ansible依賴於Python語言,安裝Ansible時會自動下載、安裝Python語言包。

安裝過程當中會提示是否安裝依賴軟件包,所有選y。

[root@k3s-vip ~]# yum install ansible Loaded plugins: fastestmirror, langpacks Determining fastest mirrors * base: centos.ustc.edu.cn * extras: mirrors.cqu.edu.cn * updates: mirrors.cqu.edu.cn base | 3.6 kB  00:00:00 extras | 3.4 kB  00:00:00 updates | 3.4 kB  00:00:00 (1/2): extras/7/x86_64/primary_db                                                                                                                                                      | 187 kB  00:00:01 (2/2): updates/7/x86_64/primary_db                                                                                                                                                     | 3.4 MB  00:00:15 Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.4.2.0-2.el7 will be installed --> Processing Dependency: sshpass for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python2-jmespath for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-passlib for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-paramiko for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-jinja2 for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-httplib2 for package: ansible-2.4.2.0-2.el7.noarch --> Processing Dependency: python-cryptography for package: ansible-2.4.2.0-2.el7.noarch --> Running transaction check ---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed ---> Package python-jinja2.noarch 0:2.7.2-2.el7 will be installed --> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-2.el7.noarch --> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-2.el7.noarch ---> Package python-paramiko.noarch 0:2.1.1-9.el7 will be installed --> Processing Dependency: python2-pyasn1 for package: python-paramiko-2.1.1-9.el7.noarch ---> Package python-passlib.noarch 0:1.6.5-2.el7 will be installed ---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed --> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64 --> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64 --> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64 ---> Package python2-jmespath.noarch 0:0.9.0-3.el7 will be installed ---> Package sshpass.x86_64 0:1.06-2.el7 will be installed --> Running transaction check ---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed ---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed --> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64 ---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed ---> Package python-idna.noarch 0:2.4-1.el7 will be installed ---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed ---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed --> Running transaction check ---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed --> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch --> Running transaction check ---> Package python-ply.noarch 0:3.4-11.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================================================================== Installing: ansible noarch 2.4.2.0-2.el7                                       extras                                       7.6 M Installing for dependencies: python-babel                                              noarch                                      0.9.6-8.el7                                         base                                         1.4 M python-cffi                                               x86_64                                      1.6.0-5.el7                                         base                                         218 k python-enum34                                             noarch                                      1.0.4-1.el7                                         base                                          52 k python-httplib2                                           noarch                                      0.9.2-1.el7                                         extras                                       115 k python-idna                                               noarch                                      2.4-1.el7                                           base                                          94 k python-jinja2                                             noarch                                      2.7.2-2.el7                                         base                                         515 k python-markupsafe                                         x86_64                                      0.11-10.el7                                         base                                          25 k python-paramiko                                           noarch                                      2.1.1-9.el7                                         updates                                      269 k python-passlib                                            noarch                                      1.6.5-2.el7                                         extras                                       488 k python-ply                                                noarch                                      3.4-11.el7                                          base                                         123 k python-pycparser                                          noarch                                      2.14-1.el7                                          base                                         104 k python2-cryptography                                      x86_64                                      1.7.2-2.el7                                         base                                         502 k python2-jmespath                                          noarch                                      0.9.0-3.el7                                         extras                                        39 k python2-pyasn1                                            noarch                                      0.1.9-7.el7                                         base                                         100 k sshpass x86_64 1.06-2.el7                                          extras                                        21 k Transaction Summary ============================================================================================================================================================================================================== Install 1 Package (+15 Dependent packages) Total download size: 12 M Installed size: 57 M Is this ok [y/d/N]: y Downloading packages: warning: /var/cache/yum/x86_64/7/base/packages/python-babel-0.9.6-8.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY                                  ]  0.0 B/s | 574 kB  --:--:-- ETA Public key for python-babel-0.9.6-8.el7.noarch.rpm is not installed (1/16): python-babel-0.9.6-8.el7.noarch.rpm                                                                                                                                            | 1.4 MB  00:00:00 (2/16): python-idna-2.4-1.el7.noarch.rpm                                                                                                                                               |  94 kB  00:00:00 (3/16): python-enum34-1.0.4-1.el7.noarch.rpm                                                                                                                                           |  52 kB  00:00:00 Public key for python-httplib2-0.9.2-1.el7.noarch.rpm is not installed                   13% [==========-                                                                   ] 1.5 MB/s | 1.6 MB  00:00:06 ETA (4/16): python-httplib2-0.9.2-1.el7.noarch.rpm                                                                                                                                         | 115 kB  00:00:00 (5/16): python-jinja2-2.7.2-2.el7.noarch.rpm                                                                                                                                           | 515 kB  00:00:00 (6/16): python-passlib-1.6.5-2.el7.noarch.rpm                                                                                                                                          | 488 kB  00:00:00 Public key for python-paramiko-2.1.1-9.el7.noarch.rpm is not installed (7/16): python-paramiko-2.1.1-9.el7.noarch.rpm                                                                                                                                         | 269 kB  00:00:00 (8/16): python-ply-3.4-11.el7.noarch.rpm                                                                                                                                               | 123 kB  00:00:00 (9/16): python-pycparser-2.14-1.el7.noarch.rpm                                                                                                                                         | 104 kB  00:00:00 (10/16): python2-cryptography-1.7.2-2.el7.x86_64.rpm                                                                                                                                   | 502 kB  00:00:00 (11/16): python2-pyasn1-0.1.9-7.el7.noarch.rpm                                                                                                                                         | 100 kB  00:00:00 (12/16): python2-jmespath-0.9.0-3.el7.noarch.rpm                                                                                                                                       |  39 kB  00:00:00 (13/16): sshpass-1.06-2.el7.x86_64.rpm                                                                                                                                                 |  21 kB  00:00:00 (14/16): ansible-2.4.2.0-2.el7.noarch.rpm                                                                                                                                              | 7.6 MB  00:00:03 (15/16): python-cffi-1.6.0-5.el7.x86_64.rpm                                                                                                                                            | 218 kB  00:00:04 (16/16): python-markupsafe-0.11-10.el7.x86_64.rpm                                                                                                                                      |  25 kB  00:00:04     
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 1.8 MB/s |  12 MB  00:00:06 Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5: Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-6.1810.2.el7.centos.x86_64 (@anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Is this ok [y/N]: y Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : python2-pyasn1-0.1.9-7.el7.noarch                                                                                                                                                         1/16 Installing : python-enum34-1.0.4-1.el7.noarch                                                                                                                                                          2/16 Installing : python-httplib2-0.9.2-1.el7.noarch                                                                                                                                                        3/16 Installing : sshpass-1.06-2.el7.x86_64                                                                                                                                                                 4/16 Installing : python-babel-0.9.6-8.el7.noarch                                                                                                                                                           5/16 Installing : python2-jmespath-0.9.0-3.el7.noarch                                                                                                                                                       6/16 Installing : python-passlib-1.6.5-2.el7.noarch                                                                                                                                                         7/16 Installing : python-ply-3.4-11.el7.noarch                                                                                                                                                              8/16 Installing : python-pycparser-2.14-1.el7.noarch                                                                                                                                                        9/16 Installing : python-cffi-1.6.0-5.el7.x86_64                                                                                                                                                           10/16 Installing : python-markupsafe-0.11-10.el7.x86_64                                                                                                                                                     11/16 Installing : python-jinja2-2.7.2-2.el7.noarch                                                                                                                                                         12/16 Installing : python-idna-2.4-1.el7.noarch                                                                                                                                                             13/16 Installing : python2-cryptography-1.7.2-2.el7.x86_64                                                                                                                                                  14/16 Installing : python-paramiko-2.1.1-9.el7.noarch                                                                                                                                                       15/16 Installing : ansible-2.4.2.0-2.el7.noarch                                                                                                                                                             16/16 Verifying : python-idna-2.4-1.el7.noarch                                                                                                                                                              1/16 Verifying : python-markupsafe-0.11-10.el7.x86_64                                                                                                                                                      2/16 Verifying : python-jinja2-2.7.2-2.el7.noarch                                                                                                                                                          3/16 Verifying : python-ply-3.4-11.el7.noarch                                                                                                                                                              4/16 Verifying : python-passlib-1.6.5-2.el7.noarch                                                                                                                                                         5/16 Verifying : python2-jmespath-0.9.0-3.el7.noarch                                                                                                                                                       6/16 Verifying : python-paramiko-2.1.1-9.el7.noarch                                                                                                                                                        7/16 Verifying : python-babel-0.9.6-8.el7.noarch                                                                                                                                                           8/16 Verifying : ansible-2.4.2.0-2.el7.noarch                                                                                                                                                              9/16 Verifying : python-cffi-1.6.0-5.el7.x86_64                                                                                                                                                           10/16 Verifying : sshpass-1.06-2.el7.x86_64                                                                                                                                                                11/16 Verifying : python-httplib2-0.9.2-1.el7.noarch                                                                                                                                                       12/16 Verifying : python2-pyasn1-0.1.9-7.el7.noarch                                                                                                                                                        13/16 Verifying : python-enum34-1.0.4-1.el7.noarch                                                                                                                                                         14/16 Verifying : python-pycparser-2.14-1.el7.noarch                                                                                                                                                       15/16 Verifying : python2-cryptography-1.7.2-2.el7.x86_64                                                                                                                                                  16/16 Installed: ansible.noarch 0:2.4.2.0-2.el7 Dependency Installed: python-babel.noarch 0:0.9.6-8.el7        python-cffi.x86_64 0:1.6.0-5.el7              python-enum34.noarch 0:1.0.4-1.el7        python-httplib2.noarch 0:0.9.2-1.el7     python-idna.noarch 0:2.4-1.el7 python-jinja2.noarch 0:2.7.2-2.el7       python-markupsafe.x86_64 0:0.11-10.el7        python-paramiko.noarch 0:2.1.1-9.el7      python-passlib.noarch 0:1.6.5-2.el7      python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7     python2-cryptography.x86_64 0:1.7.2-2.el7     python2-jmespath.noarch 0:0.9.0-3.el7     python2-pyasn1.noarch 0:0.1.9-7.el7      sshpass.x86_64 0:1.06-2.el7 Complete!
安裝Ansible

結果代表,Ansible已經正確安裝。

  • 查看Ansible版本號
[root@k3s-vip ~]# ansible --version ansible 2.4.2.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

Ansible的版本號是2.4.2.0,依賴的Python語言包版本號是2.7.5。

安裝Ansible不是目的,Ansible的強大功能是自動化安裝、部署和運行。下面以一個小例子來演示Ansible的IT運維能力。

 

3、創建主機信任關係

 Ansible是基於SSH來管理遠程主機的,爲了能自動化運行,須要在Ansible管理主機與遠程目標主機之間創建SSH信任關係。

信任關係創建後,Ansible就能夠自由訪問目標主機。

  • 從Ansible管理主機遠程登陸到目標主機:

以root用戶遠程登陸目標主機,提示時選擇yes,輸入遠程目標主機上的root用戶密碼。由於須要在遠程目標主機上安裝軟件包,使用root用戶是必須的。

[root@k3s-vip ~]# ssh root@k3s-node3  The authenticity of host 'k3s-node3 (192.168.6.193)' can't be established.
ECDSA key fingerprint is SHA256:v8yvQmBzZWZrQzhIn4lNMgTsVK7C0lHaEcvdL9cqdno. ECDSA key fingerprint is MD5:a0:aa:14:14:7e:7c:98:67:c1:9a:e4:aa:0d:ce:32:83. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'k3s-node3,192.168.6.193' (ECDSA) to the list of known hosts. root@k3s-node3's password: 
Last login: Sun Apr  7 11:09:20 2019 from 192.168.6.1
  •  在Ansible管理主機生成RSA密鑰對(公鑰/私鑰)
[root@k3s-vip ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:3GNNAxe62c9R505oFL0mkoKYJ53d2XjvP0cIWEsjvX8 root@k3s-vip The key's randomart image is:
+---[RSA 2048]----+
|          ..o... |
|          .+=  ..|
|      + + o=B+. +|
|     + * +.%+* *.|
|      o S B =oB.o|
|         . . +o=E|
|              +o.|
|               o.|
|                =|
+----[SHA256]-----+
  • 複製Ansible管理主機的公鑰到遠程目標主機
[root@k3s-vip ~]#  scp -p ~/.ssh/id_rsa.pub root@192.168.6.193:/root/.ssh/authorized_keys root@192.168.6.193's password: 
         100%  405   605.6KB/s   00:00 id_rsa.pub 
  • 再次驗證SSH登陸

從Ansible主機SSH登陸到目標主機:

[root@k3s-vip ~]# ssh 192.168.6.193 Last login: Sun Apr  7 12:00:19 2019 from k3s-vip
[root@k3s-node3 ~]# 

結果顯示,能夠免密碼登陸了。

配置主機信任的過程有點麻煩,可是配置一次就能夠永久免密登陸,比起每次登陸輸入密碼仍是值得的。

4、配置Ansible環境

新建一個Shell腳本文件show_hosts.sh,功能很簡單,輸出日期時間和/etc/hosts文件的內容到控制檯。

編寫遠程安裝的Ansible部署文件,將show_hosts.sh文件安裝到遠程主機的/user/loca/bin目錄下。

在遠程主機運行腳本,而後刪除腳本。

  • 新建Shell腳本
[root@k3s-vip ~]# mkdir -p /root/ansible [root@k3s-vip ~]# cd /root/ansible/ [root@k3s-vip ansible]# vi show_hosts.sh [root@k3s-vip ansible]# chmod +x show_hosts.sh [root@k3s-vip ansible]# cat show_hosts.sh #!/usr/bin/bash date 
cat /etc/hosts
  • 在本地測試腳本
[root@k3s-vip ~]# ./show_hosts.sh Sun Apr 7 14:42:22 CST 2019
127.0.0.1 localhost localhost.localdomain 192.168.6.190  k3s-vip 192.168.6.193  k3s-node3

輸出了當前日期時間和/etc/hosts文件的內容。

  • 查看Ansible配置目錄
[root@k3s-vip ~]# ls -ln /etc/ansible/ total 24
-rw-r--r-- 1 0 0 19179 Jan 30  2018 ansible.cfg # Ansible配置文件 -rw-r--r-- 1 0 0  1016 Jan 30  2018 hosts # Ansible主機文件 drwxr-xr-x 2 0 0     6 Jan 30  2018 roles  # 角色文件
  • 修改/etc/ansible/hosts文件

修改hosts文件,在文件最後添加主機組k3s-node以及組內主機IP:

[k3s-node]

192.168.6.193

[root@k3s-vip ~]# cd  /etc/ansible/ [root@k3s-vip ansible]# vi hosts [root@k3s-vip ansible]# cat hosts # This is the default ansible 'hosts' file. # ... [k3s-node] 192.168.6.193
  • 測試遠程主機的連通性
[root@k3s-vip ansible]# ansible k3s-node -m ping              
192.168.6.193 | SUCCESS => { "changed": false, "ping": "pong" }

子命令ping會依次向主機組k3s-node內的各個主機發出報文,驗證網絡連通性。

 

5、編寫playbook劇本文件

 playbook是預先編寫的描述性劇本,ansible會逐個執行playbook劇本內的命令。

  •  編寫playbook文件

 playbook文件是yaml語言格式描述的。show_hosts.yaml劇本分爲三個子任務:

複製shell腳本到遠程主機;

在遠程主機執行shell腳本,休眠3秒;

最後刪除腳本。

[root@k3s-vip ansible]# cd /root/ansible/ [root@k3s-vip ansible]# [root@k3s-vip ansible]# cat show_hosts.yaml - name: a sample for show /etc/hosts hosts: k3s-node remote_user: root tasks: - name: copy show_hosts shell file: src: '{{ item.src }}' dest: '{{ item.dest }}' mode: 755 with_items: - { src: '/root/ansible/show_hosts.sh', dest: '/usr/local/bin/'} - name: run shell shell: |
      /usr/local/bin/show_hosts.sh; sleep 3; - name: delete shell file: src: '{{ item.src }}' dest: '{{ item.dest }}' state: '{{ item.state }}' with_items: - { src: '', dest: '/usr/local/bin/show_hosts.sh', state: 'absent' }

萬事具有,只欠東風了。激動人心的時刻即將到來。

 

6、遠程執行playbook劇本

  • 遠程執行playbook劇本

在Ansible主機運行ansible-playbook命令,按順序執行playbook劇本子任務,從結果看全部子任務所有執行成功。

[root@k3s-vip ansible]# ansible-playbook show_hosts.yaml PLAY [a sample for show /etc/hosts] ************************************************************************************************************************************************************************** TASK [Gathering Facts] *************************************************************************************************************************************************************************************** ok: [192.168.6.193] TASK [copy show_hosts shell] ********************************************************************************************************************************************************************************* changed: [192.168.6.193] => (item={u'dest': u'/usr/local/bin/', u'src': u'/root/ansible/show_hosts.sh'}) TASK [run shell] ********************************************************************************************************************************************************************************************* changed: [192.168.6.193] TASK [delete shell] ****************************************************************************************************************************************************************************************** changed: [192.168.6.193] => (item={u'dest': u'/usr/local/bin/show_hosts.sh', u'src': u'', u'state': u'absent'}) PLAY RECAP ***************************************************************************************************************************************************************************************************
192.168.6.193              : ok=4    changed=3    unreachable=0    failed=0 [root@k3s-vip ansible]#

 

7、小結

  • 本文主要工做以下:

下載安裝自動化運維工具Ansible;

創建管理主機和目標主機之間的SSH信任關係;

配置管理主機上的Ansible運行環境:遠程目標主機組等;

編寫例子腳本show_hosts.sh;

編寫playbook劇本:複製shell腳本、遠程執行腳本,最後刪除腳本;

運行playbook。

  • 小結

Ansible是一個功能強大的IT運維工具,本文只是揭開冰山一角。本文的過程略顯複雜,可是「寫一次,到處運行」的好處的是顯而易見的。

但願本文對讀者有幫助,歡迎留言交流。

 

 

原文出處:https://www.cnblogs.com/solomonxu/p/10664207.html

相關文章
相關標籤/搜索