首页
视频
资源
登录
原
Ansible 安装与简介
6755
人阅读
2021/3/15 13:52
总访问:
2537827
评论:
0
收藏:
0
手机
分类:
Ansible
![ansible](https://img.tnblog.net/arcimg/hb/e283c36cf43847558bcb2c8461e20850.jpg "ansible") ># Ansible 安装与简介 [TOC] Ansible简介 ------------ tn>Ansible是您安装在控制节点上的无代理自动化工具。Ansible从控制节点远程管理计算机和其他设备(默认情况下,通过SSH协议)。 Ansible安装 ------------ ### 环境 ![](https://img.tnblog.net/arcimg/hb/8900e305b5264145b5bbf2bbbcf6e569.png) ### rpm包安装 ```bash # 在Master上安装ansible yum install ansible -y # 查看ansible的相关文件 rpm -ql ansible ``` ### 编译安装 ```bash #下载到本地(当前最新版本ansible-2.9.13.tar.gz) wget -O ansible-2.9.13.tar.gz https://files.pythonhosted.org/packages/32/62/eec759cd8ac89a866df1aba91abf785486fed7774188a41f42f5c7326dcb/ansible-2.9.13.tar.gz #解压 tar -xzvf ansible-2.9.13.tar.gz #进入更新目录 cd ansible-2.9.13/ #更新 python setup.py install ``` 相关文件 ------------ ### 配置文件 <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> /etc/ansible/ansible.cfg 主配置文件,配置ansible工作特性 /etc/ansible/hosts 主机清单 /etc/ansible/roles 存放角色的目录 </p> ### 程序应用文件 <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> /usr/bin/ansible 主程序,临时命令执行工具 /usr/bin/ansible-doc 查看配置文档,模块功能查看工具 /usr/bin/ansible-galaxy 下载/上传优秀代码或Roles模块的官方平台 /usr/bin/ansible-playbook 定制自动化任务,编排剧本工具/usr/bin/ansible-pull远程执行命令的工具 /usr/bin/ansible-vault 文件加密工具 /usr/bin/ansible-console 基于Console界面与用户交互的执行工具 </p> 主机清单inventory ------------ <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> ansible的主要功用在与批量主机操作,为了便捷地使用其中的部分主机,可以在inventory file中将其分组命名 默认的inventory file为/etc/ansible/hosts inventory file可以有多个,且也可以通过Dynamic Inventory来动态生成 </p> ### 运用ping模块进行测试 <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 运用ping模块去ping子机 </p> ```bash # ansible 10.211.55.5 -m ping [WARNING]: No inventory was parsed, only implicit localhost is available [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' [WARNING]: Could not match supplied host pattern, ignoring: 10.211.55.5 ``` <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 我们发现它在清单文件中并没有找到该IP,所以我们需要通过`/etc/ansible`与`vim /etc/ansible/hosts`命令去添加我们的IP地址,这里我们把2个子节点都添加上。然后再次尝试 </p> ```bash 10.211.55.5 10.211.55.6 ``` ```bash # ansible 10.211.55.5 -m ping The authenticity of host '10.211.55.5 (10.211.55.5)' can't be established. ECDSA key fingerprint is SHA256:zgJwK5DOvrR+/ntWGo5SgKXfoqFfyM5Y6ISCyGKmYwM. ECDSA key fingerprint is MD5:da:99:9f:63:09:3d:d3:b7:a1:80:f5:ca:d1:80:d6:7c. Are you sure you want to continue connecting (yes/no)? yes 10.211.55.5 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.211.55.5' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true } ``` <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 显然我们可以直观的看到走的是SSH的方式,可是为什么还是报错呢? 因为你通过SSH的方式去走一般都需要输入密码所以加上`-k`参数可以按照常规方式执行模块 </p> ```bash # ansible 10.211.55.5 -m ping -k SSH password: 10.211.55.5 | FAILED! => { "msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program" } ``` <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 这样走是可以的,但我们还是要更具它的指示去安装对应`sshpass`软件,最后成功调用到了我们的模块 </p> ```bash # yum install sshpass -y ... # ansible 10.211.55.5 -m ping -k SSH password: 10.211.55.5 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } ``` ### 运用ping模块进行多主机测试 <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 我们继续来通过master主机对多个子机进行ping操作 </p> ```bash # ansible 10.211.55.5,10.211.55.6 -m ping -k SSH password: 10.211.55.6 | FAILED! => { "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host." } 10.211.55.5 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } ``` <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 我们发现它有三个问题: 1. 访问次序与我们预期的次序有所不同 2. 两台子机器密码一样却还是访问不了 3. 如果密码不一样不可能一条一条的输入密码吧 第一和第二个问题是因为本地没有`10.211.55.6`的ssh所以我们先单个访问在一同访问 </p> ```bash # ssh 10.211.55.6 # exit # ansible 10.211.55.5,10.211.55.6 -m ping -k SSH password: 10.211.55.5 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 10.211.55.6 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } ``` <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 如果想对所有对的host主机进行执行ping模块可以直接通过`all`的方式进行执行 </p> ```bash # ansible all -m ping -k SSH password: 10.211.55.5 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 10.211.55.6 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } ``` ### Host分组 <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> inventory文件遵循INI文件风格,中括号中的字符为组名。可以将同一个主机同时归并到多个不同的组中;此外,当目标主机使用了非默认的SSH端口,还可以在主机名称之后使用冒号加端口号来标明. 接下来我们来举例(将ip分为两个组): </p> ```bash # vim /etc/ansible/hosts [webserver] 10.211.55.5 10.211.55.6 [dbserver] 10.211.55.5 ``` <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 我们也可以通过指定几到几到方式进行创建组(比如1-10,这里只有5与6所以我这里就写5-6的式例) </p> ```bash # vim /etc/ansible/hosts [apiserver] 10.211.55.[5:6] ``` <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 域名的方式同样可行,我这里的域名如下,如果我们需要配置子机可以按照如下配置 </p> ![](https://img.tnblog.net/arcimg/hb/44c1a4af4759435aac9f3594c363668d.png) ```bash # vim /etc/ansible/hosts [domainserver] rabbitmqslave[1:2] ``` <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 如果端口号有细微的变动,比如ssh默认是22的,现在改成了2222,我们直接在后面添加2222端口就可以了 </p> ```bash # vim /etc/ansible/hosts [domainserver] rabbitmqslave[1:2]:2222 ``` <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 除了`1-10`数字可以写成`[1:10]`之外,`a-f`字母可以写成`[a:f]` </p> ### 按组访问 <p style=" font-weight: 400; line-height: 1.5; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 20px 20px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; display: block; border-left-color: #5bc0de;"> 我们可以通过如下命令按照我们创建的组进行访问(这里我们访问 **webserver** 组) </p> ```bash # ansible webserver -m ping -k SSH password: 10.211.55.5 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 10.211.55.6 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } ```
欢迎加群讨论技术,1群:677373950(满了,可以加,但通过不了),2群:656732739
👈{{preArticle.title}}
👉{{nextArticle.title}}
评价
{{titleitem}}
{{titleitem}}
{{item.content}}
{{titleitem}}
{{titleitem}}
{{item.content}}
尘叶心繁
这一世以无限游戏为使命!
博主信息
排名
6
文章
6
粉丝
16
评论
8
文章类别
.net后台框架
166篇
linux
17篇
linux中cve
1篇
windows中cve
0篇
资源分享
10篇
Win32
3篇
前端
28篇
传说中的c
4篇
Xamarin
9篇
docker
15篇
容器编排
101篇
grpc
4篇
Go
15篇
yaml模板
1篇
理论
2篇
更多
Sqlserver
4篇
云产品
39篇
git
3篇
Unity
1篇
考证
2篇
RabbitMq
23篇
Harbor
1篇
Ansible
8篇
Jenkins
17篇
Vue
1篇
Ids4
18篇
istio
1篇
架构
2篇
网络
7篇
windbg
4篇
AI
18篇
threejs
2篇
人物
1篇
嵌入式
2篇
python
13篇
HuggingFace
8篇
pytorch
9篇
opencv
6篇
最新文章
最新评价
{{item.articleTitle}}
{{item.blogName}}
:
{{item.content}}
关于我们
ICP备案 :
渝ICP备18016597号-1
网站信息:
2018-2024
TNBLOG.NET
技术交流:
群号656732739
联系我们:
contact@tnblog.net
欢迎加群
欢迎加群交流技术