云野 Ansible-安装部署
实验之前:
最少需要三台虚拟机,并且处在同一网段
Ansible 172.25.32.10
node1 172.25.32.11
node2 172.25.32.12
ansible
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:c0:03:a9 brd ff:ff:ff:ff:ff:ff
inet 172.25.32.10/24 brd 172.25.32.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fec0:3a9/64 scope link
valid_lft forever preferred_lft forever
node1
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:f3:c3:94 brd ff:ff:ff:ff:ff:ff
inet 172.25.32.11/24 brd 172.25.32.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fef3:c394/64 scope link
valid_lft forever preferred_lft forever
node2
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:fd:53:c7 brd ff:ff:ff:ff:ff:ff
inet 172.25.32.12/24 brd 172.25.32.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fefd:53c7/64 scope link
valid_lft forever preferred_lft forever
1.Ansible的安装
1.1 配置epel源
这里用的是阿里的源地址
[root@ansible ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
--2022-07-23 15:44:23-- http://mirrors.aliyun.com/repo/epel-7.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 61.241.149.112, 61.241.149.114, 61.241.149.113, ...
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|61.241.149.112|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 664 [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/epel.repo’
100%[=================================================================================================================================>] 664 --.-K/s in 0s
2022-07-23 15:44:23 (182 MB/s) - ‘/etc/yum.repos.d/epel.repo’ saved [664/664]
[root@ansible ~]# cd /etc/yum.repos.d/
[root@ansible yum.repos.d]# ls
dvd.repo epel.repo redhat.repo
因为这个地址有点问题,所以将源地址改一下
[root@ansible yum.repos.d]# sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@ansible yum.repos.d]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
1.2 下载ansible
[root@ansible yum.repos.d]# yum install ansible -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
epel | 4.7 kB 00:00:00
(1/3): epel/x86_64/group_gz | 96 kB 00:00:00
(2/3): epel/x86_64/updateinfo | 1.1 MB 00:00:00
(3/3): epel/x86_64/primary_db | 7.0 MB 00:00:02
...........
Dependency Installed:
PyYAML.x86_64 0:3.10-11.el7 libyaml.x86_64 0:0.1.4-11.el7_0 python-babel.noarch 0:0.9.6-8.el7 python-cffi.x86_64 0:1.6.0-5.el7
python-enum34.noarch 0:1.0.4-1.el7 python-idna.noarch 0:2.4-1.el7 python-jinja2.noarch 0:2.7.2-2.el7 python-markupsafe.x86_64 0:0.11-10.el7
python-paramiko.noarch 0:2.1.1-5.el7 python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7 python2-cryptography.x86_64 0:1.7.2-2.el7
python2-httplib2.noarch 0:0.18.1-3.el7 python2-jmespath.noarch 0:0.9.4-2.el7 python2-pyasn1.noarch 0:0.1.9-7.el7 sshpass.x86_64 0:1.06-1.el7
Complete!
ansible --viersion ##查看ansible的相关信息,可验证是否安装完成
1.3 ansible的基本信息
[root@ansible yum.repos.d]# cd /etc/ansible/
[root@ansible ansible]# ls
ansible.cfg hosts roles
/etc/ansible/ansible.cfg ##全局配置文件,默认很少修改
/etc/ansible/hosts ##全局主机清单清单文件
2 . 构建Anisble清单, 清单就是ansible控制主机的列表
2.1 直接书写受管主机名或ip,每行一个
清单查看:
ansible 清单中组名称 [-i 清单文件]
ansible ungrouped --list-hosts
ansible all --list-hosts
单层清单:
[root@ansible ansible]# tail hosts
........
[list1]
172.25.32.11
172.25.32.12
[list2]
172.25.32.10
[list3]
node1.westos.org
node2.westos.org
嵌套清单:
[root@ansible ansible]# tail hosts
[list2]
172.25.32.10
[list3]
node1.westos.org
node2.westos.org
[westos:children]
list1
list3
2.2 清单查看
ansible 清单中组名称 [-i 清单文件]
ansible ungrouped --list-hosts
ansible all --list-hosts
[root@ansible ansible]# ansible list1 --list-hosts
hosts (2):
172.25.32.11
172.25.32.12
[root@ansible ansible]# ansible list2 --list-hosts
hosts (1):
172.25.32.10
[root@ansible ansible]# ansible list3 --list-hosts
hosts (2):
node1.westos.org
node2.westos.org
[root@ansible ansible]# ansible all --list-hosts
hosts (5):
172.25.32.10
172.25.32.11
172.25.32.12
node1.westos.org
node2.westos.org
node2.westos.org
[root@ansible ansible]# ansible westos --list-hosts
hosts (4):
172.25.32.11
172.25.32.12
node1.westos.org
node2.westos.org
3.主机规格的范围化操作
3.1 通过指定主机名称或IP的范围可以简化Ansible主机清单
语法:
[start:end]
[westostest]
172.25.32.[100:108]
[root@ansible ansible]# tail hosts
node1.westos.org
node2.westos.org
[westos:children]
list1
list3
[westostest]
172.25.32.[100:108]
3.2 查看简化后的Ansible主机清单
[root@ansible ansible]# ansible westostest --list-hosts
hosts (9):
172.25.32.100
172.25.32.101
172.25.32.102
172.25.32.103
172.25.32.104
172.25.32.105
172.25.32.106
172.25.32.107
172.25.32.108
4.指定其他清单文件
4.1 在自定义文件中书写清单
[root@ansible ansible]# vim test
[root@ansible ansible]# cat test
[lee]
172.25.32.200
[lee1]
172.25.32.220
[lee2]
172.25.254.[201:210]
4.2 查看在自定义文件中书写的清单
[root@ansible ansible]# ansible all -i test --list-hosts
hosts (12):
172.25.254.201
172.25.254.202
172.25.254.203
172.25.254.204
172.25.254.205
172.25.254.206
172.25.254.207
172.25.254.208
172.25.254.209
172.25.254.210
172.25.32.200
172.25.32.220
[root@ansible ansible]# ansible lee -i test --list-hosts
hosts (1):
172.25.32.200
[root@ansible ansible]# ansible lee1 -i test --list-hosts
hosts (1):
172.25.32.220
[root@ansible ansible]# ansible lee2 -i test --list-hosts
hosts (10):
172.25.254.201
172.25.254.202
172.25.254.203
172.25.254.204
172.25.254.205
172.25.254.206
172.25.254.207
172.25.254.208
172.25.254.209
172.25.254.210
5. ansible命令指定清单的正则表达式
* ##所有
##172.25.254.*
##westos*
: ##逻辑或
##westos1:linux
##172.25.254.100:172.25.254.200
:& ##逻辑与
##westos1:&linux
##主机即在westos1清单也在linux清单中
:! ##逻辑非
##westos1:!linux
##在westos1中不在linux中
~ ##以关键字开头
~(str1|str2) ##以条件1或者条件2开头
5.1 书写test清单文件
[root@ansible ansible]# vim test
[root@ansible ansible]# cat test
[westos_list1]
node1.westos.org
[westos_list2]
172.25.32.12
172.25.32.11
[westos_list3]
172.25.32.11
172.25.32.13
[westos_all:children]
westos_list2
westos_list3
5.2 ansible命令指定清单的正则表达式的使用
[*]
[root@ansible ansible]# ansible 'westos*' -i test --list
hosts (4):
172.25.32.12
172.25.32.11
172.25.32.13
node1.westos.org
[root@ansible ansible]# ansible '172.*' -i test --list
hosts (3):
172.25.32.11
172.25.32.12
172.25.32.13
[:]
[root@ansible ansible]# ansible 'westos_list1:westos_list2' -i test --list
hosts (3):
node1.westos.org
172.25.32.12
172.25.32.11
[:&]
[root@ansible ansible]# ansible 'westos_list2:&westos_list3' -i test --list
hosts (1):
172.25.32.11
[:!]
[root@ansible ansible]# ansible 'westos_list2:!westos_list3' -i test --list
hosts (1):
172.25.32.12
[~]
[root@ansible ansible]# ansible '~westos' -i test --list
hosts (4):
172.25.32.12
172.25.32.11
172.25.32.13
node1.westos.org
6. Ansible配置文件参数详解
6.1 配置文件的分类与优先级
/etc/ansible/ansible.cfg #基本配置文件,找不到其他配置文件此文件生效
~/.ansible.cfg #用户当前目录中没有ansible.cfg此文件生效
./ansible.cfg #优先级最高
6.2 常用配置参数
[default] ##基本信息设定
inventory= ##指定清单路径
remote_user= ##在受管主机上登陆的用户名称,未指定使用当前用户
ask_pass= ##是否提示输入SSH密码,如果公钥登陆设定为false
library= ##库文件存放目录
local_tmp= ##本机临时命令执行目录
remote_tmp= ##远程主机临时py命令文件存放目录
forks= ##默认并发数量
host_key_checking= ##第一次连接受管主机时是否要输入yes建立host_key
sudo_user= ##默认sudo用户
ask_sudo_pass= ##每次在受控主机执行ansible命令时是否询问sudo密码
module_name= ##默认模块,默认使用command,可以修改为shell
log_path= ##日志文件路径
[privilege_escalation] ##身份信息设定
become= ##连接后是否自动切换用户
become_method= ##设定切换用户的方式,通常用sudo
become_user= ##在受管主机中切换到的用户,通常为root
become_ask_pass ##是否需要为become_method提示输入密码,默认为false
注意:Ansible对于企业运维有重大意义
