Ansible入门学习

版权声明:本文为Buddy Yuan原创文章,未经允许不得转载。原文地址:ANSIBLE入门学习
当我们的基础设备和环境变得越来越多的时候,我们需要一个工具来帮助我们管理服务器,无论是物理机还是虚拟机。Ansible这个工具可以帮助我们进行配置、管理和大规模进行部署。而且Ansible是基于ssh来执行的,不需要在其他服务器上安装agent类的插件。现在就开始来入门。
当前我的系统是Ubuntu 16.04.4 LTS,将作为ansible的管理机器。使用virtualbox的网卡,IP地址是192.168.56.1。而我的虚拟机使用的是centos系统,IP地址是192.168.56.91。这个虚拟机将要是被我Ansible管理的机器。
第一步,我们需要安装ansible,我这里直接使用

postgres@postgres-N65S01:~$ sudo apt-get install ansible
[sudo] password for postgres: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  ieee-data python-crypto python-ecdsa python-httplib2 python-jinja2 python-markupsafe python-netaddr python-paramiko python-pkg-resources python-selinux python-six python-yaml
Suggested packages:
  sshpass python-crypto-dbg python-crypto-doc python-jinja2-doc ipython python-netaddr-docs python-setuptools
The following NEW packages will be installed:
  ansible ieee-data python-crypto python-ecdsa python-httplib2 python-jinja2 python-markupsafe python-netaddr python-paramiko python-pkg-resources python-selinux python-six python-yaml
0 upgraded, 13 newly installed, 0 to remove and 95 not upgraded.
Need to get 2,967 kB of archives.
After this operation, 17.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

安装完成之后,通过查看一下版本命令看看是否正常运行。

postgres@postgres-N65S01:~$ ansible --version
ansible 2.0.0.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = Default w/o overrides

在开始使用Ansible之前(因为我们不想使用root),所以两个主机都会创建一个组并创建一个用户。同时还要生成密钥。生成密钥非常重要。因为我们将使用无密码ssh身份验证从控制主机到托管主机进行通信。

postgres@postgres-N65S01:~$ sudo groupadd ansible
postgres@postgres-N65S01:~$ sudo useradd -g ansible ansible
postgres@postgres-N65S01:~$ sudo passwd ansible
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
postgres@postgres-N65S01:/home$ su - ansible
Password: 
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/postgres/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/postgres/.ssh/id_rsa.
Your public key has been saved in /home/postgres/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:z0mFh7iuQig7vGlg55GA8i9LyysG9X32fiR41+cdvEQ postgres@postgres-N65S01
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|         . o     |
|.       . o o    |
|o..      . o   E |
|.o.o..  S..  .o  |
|+.o+o ..++o.o .+.|
|=o+o.  o.o++  .o+|
|+*ooo  .  . .  .o|
|o=*+ ..  ...     |
+----[SHA256]-----+

为了不需要密码来控制,我们需要将ssh公钥文件从控制主机复制到托管主机:

$ ssh-copy-id -i .ssh/id_rsa.pub ansible@192.168.56.91
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '192.168.56.91 (192.168.56.91)' can't be established.
ECDSA key fingerprint is SHA256:/+Re8LQTEBXAvC2rNaTpKiuO5vAL+4yBZvRa3soV0zs.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ansible@192.168.56.91's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'ansible@192.168.56.91'"
and check to make sure that only the key(s) you wanted were added.

当然我们还需要添加主机设置,这样控制机才知道它应管理哪些主机。因为我们使用ansible用户单独管理,而不是root,这里把权限修改一下。

postgres@postgres-N65S01:/etc$ ls -l ansible/*
-rw-r--r-- 1 root root 10301 1月  15  2016 ansible/ansible.cfg
-rw-r--r-- 1 root root   982 8月  21 23:13 ansible/hosts
postgres@postgres-N65S01:/etc$ sudo chown -R ansible:ansible /etc/ansible/*
postgres@postgres-N65S01:/etc$ su - ansible
Password: 
$ cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.

#green.example.com
#blue.example.com
#192.168.100.1
#192.168.100.10

# Ex 2: A collection of hosts belonging to the 'webservers' group

#[webservers]
#alpha.example.org
#beta.example.org
#192.168.1.100
#192.168.1.110

# If you have multiple hosts following a pattern you can specify
# them like this:

#www[001:006].example.com

# Ex 3: A collection of database servers in the 'dbservers' group

#[dbservers]
#
#db01.intranet.mydomain.net
#db02.intranet.mydomain.net
#10.25.1.56
#10.25.1.57

# Here's another example of host ranges, this time there are no
# leading 0s:

#db-[99:101]-node.example.com

这里给出了一系列的示例,我们这里设置如下,括号中的名称是所谓的组名。这意味着在Ansible命令中引用“pg-servers”,会将组名解析为为服务器地址。让我们做一个基本测试。

[pg-servers]
192.168.56.91

$ ansible pg-servers -a "/bin/echo I love ansible"
192.168.56.91 | SUCCESS | rc=0 >>
I love ansible

$ ansible pg-servers -a "/bin/mkdir -p aaa"
192.168.56.91 | SUCCESS | rc=0 >>

postgres@postgres-N65S01:/etc$ ssh ansible@192.168.56.91
ansible@192.168.56.91's password: 
Last failed login: Wed Oct 24 23:41:56 CST 2018 from 192.168.56.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Wed Oct 24 23:41:45 2018 from 192.168.56.1
[ansible@db ~]$ ls -lrt
total 0
drwxrwxr-x. 2 ansible ansible 6 10月 24 23:41 aaa

可以看到ansible执行了我们相要的操作。非常酷。

关注dbDao.com的新浪微博

扫码加入微信Oracle小密圈,了解Oracle最新技术下载分享资源

TEL/電話+86 13764045638
Email service@parnassusdata.com
QQ 47079569