Ansible入門學習
版權宣告:本文為Buddy Yuan原創文章,未經允許不得轉載。原文地址:ANSIBLE入門學習
當我們的基礎裝置和環境變得越來越多的時候,我們需要一個工具來幫助我們管理伺服器,無論是物理機還是虛擬機器。Ansible這個工具可以幫助我們進行配置、管理和大規模進行部署。而且Ansible是基於ssh來執行的,不需要在其他伺服器上安裝agent類的外掛。現在就開始來入門。
當前我的系統是Ubuntu 16.04.4 LTS,將作為ansible的管理機器。使用virtualbox的網絡卡,IP地址是192.168.56.1。而我的虛擬機器使用的是centos系統,IP地址是192.168.56.91。這個虛擬機器將要是被我Ansible管理的機器。
第一步,我們需要安裝ansible,我這裡直接使用
postgres@postgres-N65S01:~$ sudo apt-get install ansible [sudo] password for postgres: Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: ieee-data python-crypto python-ecdsa python-httplib2 python-jinja2 python-markupsafe python-netaddr python-paramiko python-pkg-resources python-selinux python-six python-yaml Suggested packages: sshpass python-crypto-dbg python-crypto-doc python-jinja2-doc ipython python-netaddr-docs python-setuptools The following NEW packages will be installed: ansible ieee-data python-crypto python-ecdsa python-httplib2 python-jinja2 python-markupsafe python-netaddr python-paramiko python-pkg-resources python-selinux python-six python-yaml 0 upgraded, 13 newly installed, 0 to remove and 95 not upgraded. Need to get 2,967 kB of archives. After this operation, 17.9 MB of additional disk space will be used. Do you want to continue? [Y/n] y
安裝完成之後,通過檢視一下版本命令看看是否正常執行。
postgres@postgres-N65S01:~$ ansible --version ansible 2.0.0.2 config file = /etc/ansible/ansible.cfg configured module search path = Default w/o overrides
在開始使用Ansible之前(因為我們不想使用root),所以兩個主機都會建立一個組並建立一個使用者。同時還要生成金鑰。生成金鑰非常重要。因為我們將使用無密碼ssh身份驗證從控制主機到託管主機進行通訊。
postgres@postgres-N65S01:~$ sudo groupadd ansible postgres@postgres-N65S01:~$ sudo useradd -g ansible ansible postgres@postgres-N65S01:~$ sudo passwd ansible Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully postgres@postgres-N65S01:/home$ su - ansible Password: $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/postgres/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/postgres/.ssh/id_rsa. Your public key has been saved in /home/postgres/.ssh/id_rsa.pub. The key fingerprint is: SHA256:z0mFh7iuQig7vGlg55GA8i9LyysG9X32fiR41+cdvEQ postgres@postgres-N65S01 The key's randomart image is: +---[RSA 2048]----+ || |. o| |.. o o| |o... oE | |.o.o..S...o| |+.o+o ..++o.o .+.| |=o+o.o.o++.o+| |+*ooo.. ..o| |o=*+ .....| +----[SHA256]-----+
為了不需要密碼來控制,我們需要將ssh公鑰檔案從控制主機複製到託管主機:
$ ssh-copy-id -i .ssh/id_rsa.pub [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub" The authenticity of host '192.168.56.91 (192.168.56.91)' can't be established. ECDSA key fingerprint is SHA256:/+Re8LQTEBXAvC2rNaTpKiuO5vAL+4yBZvRa3soV0zs. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with:"ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
當然我們還需要新增主機設定,這樣控制機才知道它應管理哪些主機。因為我們使用ansible使用者單獨管理,而不是root,這裡把許可權修改一下。
postgres@postgres-N65S01:/etc$ ls -l ansible/* -rw-r--r-- 1 root root 10301 1月152016 ansible/ansible.cfg -rw-r--r-- 1 root root982 8月21 23:13 ansible/hosts postgres@postgres-N65S01:/etc$ sudo chown -R ansible:ansible /etc/ansible/* postgres@postgres-N65S01:/etc$ su - ansible Password: $ cat /etc/ansible/hosts # This is the default ansible 'hosts' file. # # It should live in /etc/ansible/hosts # #- Comments begin with the '#' character #- Blank lines are ignored #- Groups of hosts are delimited by [header] elements #- You can enter hostnames or ip addresses #- A hostname/ip can be a member of multiple groups # Ex 1: Ungrouped hosts, specify before any group headers. #green.example.com #blue.example.com #192.168.100.1 #192.168.100.10 # Ex 2: A collection of hosts belonging to the 'webservers' group #[webservers] #alpha.example.org #beta.example.org #192.168.1.100 #192.168.1.110 # If you have multiple hosts following a pattern you can specify # them like this: #www[001:006].example.com # Ex 3: A collection of database servers in the 'dbservers' group #[dbservers] # #db01.intranet.mydomain.net #db02.intranet.mydomain.net #10.25.1.56 #10.25.1.57 # Here's another example of host ranges, this time there are no # leading 0s: #db-[99:101]-node.example.com
這裡給出了一系列的示例,我們這裡設定如下,括號中的名稱是所謂的組名。這意味著在Ansible命令中引用“pg-servers”,會將組名解析為為伺服器地址。讓我們做一個基本測試。
[pg-servers] 192.168.56.91 $ ansible pg-servers -a "/bin/echo I love ansible" 192.168.56.91 | SUCCESS | rc=0 >> I love ansible $ ansible pg-servers -a "/bin/mkdir -p aaa" 192.168.56.91 | SUCCESS | rc=0 >> postgres@postgres-N65S01:/etc$ ssh [email protected] [email protected]'s password: Last failed login: Wed Oct 24 23:41:56 CST 2018 from 192.168.56.1 on ssh:notty There was 1 failed login attempt since the last successful login. Last login: Wed Oct 24 23:41:45 2018 from 192.168.56.1 [ansible@db ~]$ ls -lrt total 0 drwxrwxr-x. 2 ansible ansible 6 10月 24 23:41 aaa
可以看到ansible執行了我們相要的操作。非常酷。