ansible配置

张开发
2026/4/16 1:31:16 15 分钟阅读

最新文章

推荐文章

相关文章

分享文章

ansible配置
ansible 环境准备ansible 架构控制节点下发指令或文件到受控制节点。受控制节点接受控制节点发过来的指令并执行。ansible 工作原理ansible控制节点通过ssh协议将python 模块推送到受控制节点受控制节点使用python执行python模块进行相应的配置。ansible 环境准备实验环境10.1.8.10 controller.sjz.cloud controller10.1.8.11 server1.sjz.cloud server110.1.8.12 server2.sjz.cloud server210.1.8.13 server3.sjz.cloud server310.1.8.14 server4.sjz.cloud server4准备虚拟机模版准备1台干净的centos 7 虚拟机。注意模版虚拟机的CPU和内存的配置建议设置为1CPU和2G内存。开发脚本sethost不加参数执行sethost则提示命令使用方法。加参数执行sethost则第一个参数范围是10-14。超出范围也提示命令使用方法。正常执行示例sethost 10这设置正确的主机名和IP地址。[rootcentos ~13:34:31]# vim /usr/local/bin/sethost#!/bin/bash# test root user((UID!0))echoPlease run as root.exit1usageUsage:$010-14# test args number(($#!1))echo$usageexit2# 根据实际情况修改网卡名和域名con_nameens33domain_namesjz.cloudhost_id$1if((host_id10));thenHOSTNAMEcontroller.${domain_name}elif((11host_idhost_id14));thenHOSTNAMEserver$[host_id-10].${domain_name}elseecho$usageexit3fihostnamectl set-hostname$HOSTNAMEnmcli connection modify${con_name}ipv4.addresses10.1.8.${host_id}/24 nmcli connection up${con_name}hostnameip-braddress[rootcentos ~13:34:31]# chmod x /usr/local/bin/sethost关机打快照快照名为ansible。克隆虚拟机基于模版虚拟机快照ansible克隆出其他虚拟机并使用sethost脚本设置主机名和IP地址。以server1为例[rootcentos ~13:34:31]# sethost 11配置 ansible 基础环境在模版虚拟机上配置/etc/hosts添加ansible主机清单[rootdeploy ~14:51:11]# vim /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6################# ansible ####################10.1.8.10 controller.sjz.cloud controller10.1.8.11 server1.sjz.cloud server110.1.8.12 server2.sjz.cloud server210.1.8.13 server3.sjz.cloud server310.1.8.14 server4.sjz.cloud server4################# ansible ####################配置免密登录ansible节点[rootdeploy ~14:52:58]# ssh-keygen -t rsa -N -f .ssh/id_rsa[rootdeploy ~14:54:39]# \forhostincontroller server1 server2 server3 server4dosshpass-p123ssh-copy-id root$hostdone[rootdeploy ~14:56:02]#forhostincontroller server1 server2 server3 server4dosshroot$hosthostname;ip -br a show ens33;echodone# 输出内容如下controller.sjz.cloud ens33 UP10.1.8.10/24 fe80::20c:29ff:fe14:2f8b/64 server1.sjz.cloud ens33 UP10.1.8.11/24 fe80::20c:29ff:fe6a:559b/64 server2.sjz.cloud ens33 UP10.1.8.12/24 fe80::20c:29ff:feec:ac41/64 server3.sjz.cloud ens33 UP10.1.8.13/24 fe80::20c:29ff:fe19:59c1/64 server4.sjz.cloud ens33 UP10.1.8.14/24 fe80::20c:29ff:feaa:4763/64在模版虚拟机上开发脚本weihu用来集中管理其他机器。weihu cmd command将会在ansible 5台设备上执行command。weihu copy src dest将模版虚拟机上的src文件复制到ansible 5台设备dest位置。[rootdeploy ~14:49:42]# vim /usr/local/bin/weihu#!/bin/bashfunctionusage(){echoUsage: weihu cmd COMMAND, 在集群中所有的机器上执行对应COMMAND命令echoUsage: weihu copy source target将本地source文件推送到集群中所有的机器上exit}action$1HOSTLISTcontroller server1 server2 server3 server4(($#1))usagecase$actionincmd)# 删除参数1shiftCOMMAND$*forhostin$HOSTLISTdosshroot$host$COMMANDdone;;copy)# 删除参数1shiftforhostin$HOSTLISTdonum$#case$numin2)scp-r$1root$host:$2;;#[3-9]|[1-9][0-9])[3-9])last$(echo$*|awk{print $NF})args_exclude_last$(echo$*|seds#$last##)scp-r${args_exclude_last}root$host:${last};;*)usageesacdone;;*)usage;;esac[rootdeploy ~14:50:49]# chmod x /usr/local/bin/weihu测试维护脚本rootdeploy ~14:56:09]# weihu cmd hostnamecontroller.sjz.cloud server1.sjz.cloud server2.sjz.cloud server3.sjz.cloud server4.sjz.cloud[rootdeploy ~14:56:47]# weihu copy /etc/hosts /etc/hostshosts100%449222.1KB/s 00:00 hosts100%449245.5KB/s 00:00 hosts100%449275.8KB/s 00:00 hosts100%449351.0KB/s 00:00 hosts100%449317.4KB/s 00:00[rootdeploy ~14:57:33]# weihu cmd cat /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6################# ansible ####################10.1.8.10 controller.sjz.cloud controller10.1.8.11 server1.sjz.cloud server110.1.8.12 server2.sjz.cloud server210.1.8.13 server3.sjz.cloud server310.1.8.14 server4.sjz.cloud server4......准备一个专用的账户devops用于控制节点远程登录其他节点。[rootdeploy ~15:21:59]# weihu cmd useradd devops[rootdeploy ~15:36:17]# weihu cmd id devopsuid1001(devops)gid1001(devops)groups1001(devops)uid1001(devops)gid1001(devops)groups1001(devops)uid1001(devops)gid1001(devops)groups1001(devops)uid1001(devops)gid1001(devops)groups1001(devops)uid1001(devops)gid1001(devops)groups1001(devops)[rootdeploy ~15:36:22]# weihu cmd echo 123 | passwd --stdin devops[rootdeploy ~15:37:41]# sshpass -p 123 ssh devopsserver1 iduid1001(devops)gid1001(devops)groups1001(devops)# 配置devops账户免密提权为root[rootdeploy ~15:39:17]# weihu cmd echo devops ALL(ALL)NOPASSWD: ALL /etc/sudoers.d/devops配置控制节点使用devops账户免密登录所有ansible节点。[rootdeploy ~15:47:55]# sshpass -p123 ssh devopscontroller ssh-keygen -t rsa -N -f .ssh/id_rsa[rootdeploy ~15:48:30]# sshpass -p123 ssh devopscontroller for host in controller server1 server2 server3 server4;do sshpass -p123 ssh-copy-id devops$host;done# 验证控制节点免密登录其他节点[devopscontroller ~15:50:01]$forhostincontroller server1 server2 server3 server4;dosshdevops$hostid;doneuid1001(devops)gid1001(devops)groups1001(devops)uid1001(devops)gid1001(devops)groups1001(devops)uid1001(devops)gid1001(devops)groups1001(devops)uid1001(devops)gid1001(devops)groups1001(devops)uid1001(devops)gid1001(devops)groups1001(devops)[devopscontroller ~15:50:12]$forhostincontroller server1 server2 server3 server4;dosshdevops$hostsudoid;doneuid0(root)gid0(root)groups0(root)uid0(root)gid0(root)groups0(root)uid0(root)gid0(root)groups0(root)uid0(root)gid0(root)groups0(root)uid0(root)gid0(root)groups0(root)ansible 配置部署 ansible软件控制节点[devopscontroller ~16:31:42]$sudoyuminstall-yansible受管理节点[rootdeploy ~16:36:44]# weihu cmd yum install -y python配置主机清单ansible管理的主机信息要保存到一个文件中这个文件称之为主机清单inventory。[devopscontroller ~16:33:11]$mkdiransible[devopscontroller ~16:38:45]$cdansible/[devopscontroller ansible16:38:47]$viminventory controller server1 server2 server3 server4[devopscontroller ansible16:43:15]$ ansible-iinventory-mcommand-aidserver1 server1|CHANGED|rc0uid1001(devops)gid1001(devops)groups1001(devops)# 参数说明# -i inventory主机清单位置# -m command使用命令模块# -a hostname模块对应的具体参数# server1针对哪个机器操作[devopscontroller ansible16:43:41]$ ansible-iinventory-mcommand-aid-bserver1 server1|CHANGED|rc0uid0(root)gid0(root)groups0(root)# -b 提权为root操作# 使用user模块管理用户[devopscontroller ansible16:43:00]$ ansible-iinventory-muser-anamezhangsan statepresent-bserver1 server1|CHANGED{ansible_facts:{discovered_interpreter_python:/usr/bin/python},changed:true,comment:,create_home:true,group:1002,home:/home/zhangsan,name:zhangsan,shell:/bin/bash,state:present,system:false,uid:1002}[devopscontroller ansible16:43:46]$ ansible-iinventory-mcommand-aid zhangsanserver1 server1|CHANGED|rc0uid1002(zhangsan)gid1002(zhangsan)groups1002(zhangsan)# 删除用户[devopscontroller ansible16:44:33]$ ansible-iinventory-muser-anamezhangsan stateabsent removeyes-bserver1 server1|CHANGED{ansible_facts:{discovered_interpreter_python:/usr/bin/python},changed:true,force:false,name:zhangsan,remove:true,state:absent}[devopscontroller ansible16:45:49]$ ansible-iinventory-mcommand-aid zhangsanserver1 server1|FAILED|rc1id: zhangsan: no such usernon-zeroreturncode分组主机清单[devopscontroller ansible16:45:53]$viminventory[controllers]controller[webs]server1 server2[dbs]server3 server4测试# 针对webs主机组操作[devopscontroller ansible16:48:55]$ ansible-iinventory-mcommand-ahostname-owebs server2|CHANGED|rc0|(stdout)server2.sjz.cloud server1|CHANGED|rc0|(stdout)server1.sjz.cloud# -o 输出内容合并为一行# all代表所有机器[devopscontroller ansible16:49:03]$ ansible-iinventory-mcommand-ahostname-oall server2|CHANGED|rc0|(stdout)server2.sjz.cloud server1|CHANGED|rc0|(stdout)server1.sjz.cloud controller|CHANGED|rc0|(stdout)controller.sjz.cloud server3|CHANGED|rc0|(stdout)server3.sjz.cloud server4|CHANGED|rc0|(stdout)server4.sjz.cloud# web主机组安装nginx[devopscontroller ansible16:51:41]$ ansible-iinventory-myum-anamenginx statepresent-bwebs# web主机组卸载nginx[devopscontroller ansible16:51:41]$ ansible-iinventory-myum-anamenginx stateabsent-bwebs查看模块帮助# 查看模块清单并过滤出yum相关信息[devopscontroller ansible16:53:41]$ ansible-doc-l|grepyum yum Manages packages with the yum package manager yum_repository Add or remove YUM repositories# 查看yum模块帮助信息[devopscontroller ansible16:53:47]$ ansible-doc yum# 直接搜索EXAMPLE# 部分内容如下EXAMPLES: - name:installthe latest version of Apache yum: name: httpd state: latest - name: ensure a list of packages installed yum: name:{{ packages }}vars: packages: - httpd - httpd-tools - name: remove the Apache package yum: name: httpd state: absent - name:installthe latest version of Apache from the testing repo yum: name: httpd enablerepo: testing state: present...ansible最大的特点简单只要能看懂English就行。幂等性多次执行结果一致。假设第一次执行软件包未安装则执行安装。第二次执行则不需要做任何事情。playbook 编写和执行通过编写playbook完成重复、复杂的任务。ansible 命令类似于 shell 中单个命令。playbook 类似于 shell 脚本。[devopscontroller ansible16:55:36]$vimdeploy_web.yaml# yaml格式起始行一般不省略---# Playbook中第一个play# play具有属性namehostsbecometasks缩进一致# name属性用于简要描述play- name: debploy WebSite# hosts属性用于定义要在哪个受管理节点执行hosts: webs# tasks属性用于描述play中任务属性是列表格式tasks:# 第一个任务# 任务具有属性涵name和模块名等。# name属性用于简要描述任务- name: latest version of httpd and firewalld installed# 指明模块名也就是要执行的任务yum:# 指定要操作的rpm包名称name:# rpm包名称是-开头的列表格式或者逗号分隔的列表格式- httpd - firewalld# 定义软件包的状态lastet代表升级为最新版本state: latest# 第二个任务- name: prepare index.html# copy 模块用于将content属性值写入到目标文件copy: content:Welcome to {{ ansible_fqdn }} WebSite!\ndest: /var/www/html/index.html# 第三个任务- name:enableand start httpd# service模块用于启用并启动httpd服务service: name: httpd enabled:truestate: started# 第四个任务- name:enableand start firewalld# service模块用于启用并启动firewalld服务service: name: firewalld enabled:truestate: started# 第五个任务- name: firewalld permits access to httpdservice# firewalld用于放行http服务firewalld: service: http permanent:truestate: enabled immediate:yes# Playbook中第二个play-开头表示列表- name: Test WebSite hosts: localhost become: no tasks: - name: connect to intranet web server# uri模块用于测试网站是否可以访问uri: url: http://{{item}}loop: - server1 - server2# yaml格式结束行一般省略...# 执行剧本[devopscontroller ansible17:01:40]$ ansible-playbook-iinventory-bdeploy_web.yaml

更多文章