Ansible安装配置与简单使用

223次阅读

共计 21914 个字符，预计需要花费 55 分钟才能阅读完成。

前言：
AnsibleWorks 成立于 2012 年，由自动化工具 Cobbler 及 Func 的开发者 Michael DeHaan 创建。其 Ansible 平台是一个开源的配置及计算机管理平台。可实现多节点的软件部署，执行特定任务并进行配置管理。

Ansible 跟其他 IT 自动化技术的区别在于其关注点并非配置管理、应用部署或 IT 流程工作流，而是提供一个统一的界面来协调所有的 IT 自动化功能，因此 Ansible 的系统更加易用，部署更快。受管理的节点无需安装额外的远程控制软件，由平台通过 SSH（Secure SHell）对其进行管理，因此十分方便。其模块支持 JSON 等标准输出格式，可采用任何编程语言重写。

Ansible 可以让用户避免编写脚本或代码来管理应用，同时还能搭建工作流实现 IT 任务的自动化执行。IT 自动化可以降低技术门槛及对传统 IT 的依赖，从而加快项目的交付速度。
ansible 有如下优点：
1、轻量级，他不需要去客户端安装 agent，更新时，只需要在操作机上进行一次更新即可
2、批量任务执行可以写成脚本，而且不用分发到远程就可以执行
3、使用 Python 编写的，维护更简单
4、支持 sudo

——安装 ansible
1）创建 ansible 用户
[root@node1 ~]# useradd ansible
[root@node1 ~]# passwd ansible
更改用户 ansible 的密码。
新的密码：
重新输入新的密码：
passwd：所有的身份验证令牌已经成功更新。

2）赋予 root 权限
[root@node1 ~]# vi /etc/sudoers
ansible ALL=(ALL) NOPASSWD:ALL

3）安装 ansible
[root@node1 ~]# yum install PyYAML.x86_64 python-paramiko.noarch python-jinja2.x86_64 python-devel -y
[root@node1 ~]# wget https://pypi.python.org/packages/source/a/ansible/ansible-1.7.2.tar.gz
[root@node1 ~]#wget https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gz
[root@node1 ~]# tar zfxv setuptools-7.0.tar.gz
[root@node1 ~]# cd setuptools-7.0
[root@node1 setuptools-7.0]# python setup.py install
[root@node1 setuptools-7.0]# cd ..
[root@node1 ~]# tar fzvx ansible-1.7.2.tar.gz
[root@node1 ~]# cd ansible-1.7.2
[root@node1 ansible-1.7.2]# python setup.py build
[root@node1 ansible-1.7.2]# python setup.py install
[root@node1 ansible-1.7.2]# mkdir /etc/ansible
[root@node1 ansible-1.7.2]# cp examples/ansible.cfg /etc/ansible/
[root@node1 ansible-1.7.2]# cp examples/hosts /etc/ansible/

4）配置 ansible

4）配置 ansible
[root@node1 ansible-1.7.2]# vi /etc/ansible/ansible.cfg
hostfile = /etc/ansible/hosts
library = /usr/share/ansible
remote_tmp = $HOME/.ansible/tmp
pattern = *
forks = 5
poll_interval = 15
sudo_user = ansible
#ask_sudo_pass = True
#ask_pass = True
transport = smart
remote_port = 22
module_lang = C
[root@node1 ansible-1.7.2]# vi /etc/ansible/hosts
#server
[localhost]
127.0.0.1
#client
[client]
192.168.253.129
192.168.253.130
192.168.253.131

5）ssh 互信
[root@node1 ansible-1.7.2]# su – ansible
[ansible@node1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory ‘/home/ansible/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
dc:c9:ac:d8:46:81:37:72:08:f3:77:06:98:33:cb:5f ansible@node1
The key’s randomart image is:
+–[RSA 2048]—-+
| o o. |
| +=o . |
| .=+* o |
| o* OE. |
| .S.= |
| +.. |
| . + |
| . |
| |
+—————–+
[ansible@node1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_dsa.
Your public key has been saved in /home/ansible/.ssh/id_dsa.pub.
The key fingerprint is:
b3:a6:94:bf:5c:21:a3:c5:8b:74:b8:a5:8c:62:34:d2 ansible@node1
The key’s randomart image is:
+–[DSA 1024]—-+
| |
| |
| |
| . o |
|. E o S . |
| o . + X * . |
| o . O + . |
| . . . = . |
| . +. |
+—————–+
[ansible@node1 ~]$ cd .ssh/
[ansible@node1 .ssh]$ cat *.pub > authorized_keys
[ansible@node1 .ssh]$ chmod -R 700 .

# 测试本机互信
[ansible@node1 .ssh]$ ssh 127.0.0.1
The authenticity of host ‘127.0.0.1 (127.0.0.1)’ can’t be established.
RSA key fingerprint is fa:73:59:f5:08:95:b2:2e:7f:3e:52:91:8a:e6:47:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘127.0.0.1’ (RSA) to the list of known hosts.
[ansible@node1 ~]$ exit
logout
Connection to 127.0.0.1 closed.

6）远程 ssh 互信配置以及测试
# 复制公钥到 client
[ansible@node1 .ssh]$ scp authorized_keys ansible@192.168.253.129:
The authenticity of host ‘192.168.253.129 (192.168.253.129)’ can’t be established.
RSA key fingerprint is fa:73:59:f5:08:95:b2:2e:7f:3e:52:91:8a:e6:47:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.253.129’ (RSA) to the list of known hosts.
ansible@192.168.253.129’s password:
authorized_keys 100% 998 1.0KB/s 00:00
[ansible@node1 .ssh]$ scp authorized_keys ansible@192.168.253.130:
The authenticity of host ‘192.168.253.130 (192.168.253.130)’ can’t be established.
RSA key fingerprint is fa:73:59:f5:08:95:b2:2e:7f:3e:52:91:8a:e6:47:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.253.130’ (RSA) to the list of known hosts.
ansible@192.168.253.130’s password:
authorized_keys 100% 998 1.0KB/s 00:00
[ansible@node1 .ssh]$ scp authorized_keys ansible@192.168.253.131:
The authenticity of host ‘192.168.253.131 (192.168.253.131)’ can’t be established.
RSA key fingerprint is fa:73:59:f5:08:95:b2:2e:7f:3e:52:91:8a:e6:47:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.253.131’ (RSA) to the list of known hosts.
ansible@192.168.253.131’s password:
authorized_keys 100% 998 1.0KB/s 00:00

# 测试是否互信成功
[ansible@node1 .ssh]$ ssh 192.168.253.129
[ansible@node2 ~]$ mkdir .ssh
[ansible@node2 ~]$ mv authorized_keys .ssh/
[ansible@node2 ~]$ chmod -R 700 .ssh/

[ansible@node1 .ssh]$ ssh 192.168.253.130
[ansible@node3 ~]$ mkdir .ssh
[ansible@node3 ~]$ mv authorized_keys .ssh/
[ansible@node3 ~]$ chmod -R 700 .ssh/

[ansible@node1 .ssh]$ ssh 192.168.253.131
[ansible@node3 ~]$ mkdir .ssh
[ansible@node3 ~]$ mv authorized_keys .ssh/
[ansible@node3 ~]$ chmod -R 700 .ssh/

[ansible@node1 .ssh]$ ssh 192.168.253.129
[ansible@node2 ~]$ exit
logout
Connection to 192.168.253.129 closed.
[ansible@node1 .ssh]$ ssh 192.168.253.130
[ansible@node3 ~]$ exir
-bash: exir: command not found
[ansible@node3 ~]$ exit
logout
Connection to 192.168.253.130 closed.
[ansible@node1 .ssh]$ ssh 192.168.253.131
[ansible@node4 ~]$ exit
logout
Connection to 192.168.253.131 closed.

——使用 ansible
1）使用 ping 模块测试是否成功
[ansible@node1 ~]$ chmod g-wx,o-wx .python-eggs/
[ansible@node1 ~]$ ansible all -m ping
192.168.253.131 | success >> {
“changed”: false,
“ping”: “pong”
}

192.168.253.129 | success >> {
“changed”: false,
“ping”: “pong”
}

192.168.253.130 | success >> {
“changed”: false,
“ping”: “pong”
}

127.0.0.1 | success >> {
“changed”: false,
“ping”: “pong”
}

3）安装软件
# 使用 yum 安装软件
[ansible@node1 ~]$ ansible all -m command -a “sudo yum install zip unzip -y”
192.168.253.131 | success | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
Setting up Install Process
Package zip-3.0-1.el6.x86_64 already installed and latest version
Package unzip-6.0-1.el6.x86_64 already installed and latest version
Nothing to do
# 说明此软件之前在每台服务器都已经装过了
192.168.253.129 | success | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* extras: mirrors.btte.net
* updates: mirrors.yun-idc.com
Setting up Install Process
Package zip-3.0-1.el6.x86_64 already installed and latest version
Package unzip-6.0-1.el6.x86_64 already installed and latest version
Nothing to do

192.168.253.130 | success | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
Setting up Install Process
Package zip-3.0-1.el6.x86_64 already installed and latest version
Package unzip-6.0-1.el6.x86_64 already installed and latest version
Nothing to do

127.0.0.1 | success | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
Setting up Install Process
Package zip-3.0-1.el6.x86_64 already installed and latest version
Package unzip-6.0-1.el6.x86_64 already installed and latest version
Nothing to do

4）查看 ansible 内置模块
[ansible@node1 ~]$ ansible-doc -l
acl Sets and retrieves file ACL information.
add_host add a host (and alternatively a group) to the ansible-playbo
airbrake_deployment Notify airbrake about app deployments
alternatives Manages alternative programs for common commands
apache2_module enables/disables a module of the Apache2 webserver
apt Manages apt-packages
apt_key Add or remove an apt key
apt_repository Add and remove APT repositories
apt_rpm apt_rpm package manager
arista_interface Manage physical Ethernet interfaces
arista_l2interface Manage layer 2 interfaces
arista_lag Manage port channel (lag) interfaces
arista_vlan Manage VLAN resources
assemble Assembles a configuration file from fragments
assert Fail with custom message
at Schedule the execution of a command or script file via the a
authorized_key Adds or removes an SSH authorized key
azure create or terminate a virtual machine in azure
bigip_facts Collect facts from F5 BIG-IP devices
bigip_monitor_http Manages F5 BIG-IP LTM http monitors
bigip_monitor_tcp Manages F5 BIG-IP LTM tcp monitors
bigip_node Manages F5 BIG-IP LTM nodes
bigip_pool Manages F5 BIG-IP LTM pools
bigip_pool_member Manages F5 BIG-IP LTM pool members
boundary_meter Manage boundary meters
bzr Deploy software (or files) from bzr branches
campfire Send a message to Campfire
capabilities Manage Linux capabilities
cloudformation create a AWS CloudFormation stack
command Executes a command on a remote node
composer Dependency Manager for PHP
copy Copies files to remote locations.
cpanm Manages Perl library dependencies.
cron Manage cron.d and crontab entries.
datadog_event Posts events to DataDog service
debconf Configure a .deb package
debug Print statements during execution
digital_ocean Create/delete a droplet/SSH_key in DigitalOcean
digital_ocean_domain Create/delete a DNS record in DigitalOcean
digital_ocean_sshkey Create/delete an SSH key in DigitalOcean
django_manage Manages a Django application.
dnsimple Interface with dnsimple.com (a DNS hosting service).
dnsmadeeasy Interface with dnsmadeeasy.com (a DNS hosting service).
docker manage docker containers
docker_image manage docker images
easy_install Installs Python libraries
ec2 create, terminate, start or stop an instance in ec2, return
ec2_ami create or destroy an image in ec2, return imageid
ec2_ami_search Retrieve AWS AMI for a given operating system.
ec2_asg Create or delete AWS Autoscaling Groups
ec2_eip associate an EC2 elastic IP with an instance.
ec2_elb De-registers or registers instances from EC2 ELBs
ec2_elb_lb Creates or destroys Amazon ELB. – Returns information about
ec2_facts Gathers facts about remote hosts within ec2 (aws)
ec2_group maintain an ec2 VPC security group.
ec2_key maintain an ec2 key pair.
ec2_lc Create or delete AWS Autoscaling Launch Configurations
ec2_metric_alarm Create/update or delete AWS Cloudwatch ‘metric alarms’
ec2_scaling_policy Create or delete AWS scaling policies for Autoscaling groups
ec2_snapshot creates a snapshot from an existing volume
ec2_tag create and remove tag(s) to ec2 resources.
ec2_vol create and attach a volume, return volume id and device map.
ec2_vpc configure AWS virtual private clouds
ejabberd_user Manages users for ejabberd servers
elasticache Manage cache clusters in Amazon Elasticache.
facter Runs the discovery program `facter’ on the remote system…
fail Fail with custom message
fetch Fetches a file from remote nodes
file Sets attributes of files
filesystem Makes file system on block device
fireball Enable fireball mode on remote node
firewalld Manage arbitrary ports/services with firewalld
flowdock Send a message to a flowdock
gc_storage This module manages objects/buckets in Google Cloud Storage.
gce create or terminate GCE instances
gce_lb create/destroy GCE load-balancer resources
gce_net create/destroy GCE networks and firewall rules
gce_pd utilize GCE persistent disk resources
gem Manage Ruby gems
get_url Downloads files from HTTP, HTTPS, or FTP to node
git Deploy software (or files) from git checkouts
github_hooks Manages github service hooks.
glance_image Add/Delete images from glance
group Add or remove groups
group_by Create Ansible groups based on facts
grove Sends a notification to a grove.io channel
hg Manages Mercurial (hg) repositories.
hipchat Send a message to hipchat
homebrew Package manager for Homebrew
homebrew_cask Install/uninstall homebrew casks.
homebrew_tap Tap a Homebrew repository.
hostname Manage hostname
htpasswd manage user files for basic authentication
include_vars Load variables from files, dynamically within a task.
ini_file Tweak settings in INI files
irc Send a message to an IRC channel
jabber Send a message to jabber user or chat room
jboss deploy applications to JBoss
jira create and modify issues in a JIRA instance
kernel_blacklist Blacklist kernel modules
keystone_user Manage OpenStack Identity (keystone) users, tenants and role
layman Manage Gentoo overlays
librato_annotation create an annotation in librato
lineinfile Ensure a particular line is in a file, or replace an existin
linode create / delete / stop / restart an instance in Linode Publi
lldp get details reported by lldp
locale_gen Creates of removes locales.
logentries Module for tracking logs via logentries.com
lvg Configure LVM volume groups
lvol Configure LVM logical volumes
macports Package manager for MacPorts
mail Send an email
modprobe Add or remove kernel modules
mongodb_user Adds or removes a user from a MongoDB database.
monit Manage the state of a program monitored via Monit
mount Control active and configured mount points
mqtt Publish a message on an MQTT topic for the IoT
MySQL_db Add or remove MySQL databases from a remote host.
mysql_replication Manage MySQL replication
mysql_user Adds or removes a user from a MySQL database.
mysql_variables Manage MySQL global variables
nagios Perform common tasks in Nagios related to downtime and notif
netscaler Manages Citrix NetScaler entities
newrelic_deployment Notify newrelic about app deployments
nexmo Send a SMS via nexmo
nova_compute Create/Delete VMs from OpenStack
nova_keypair Add/Delete key pair from nova
npm Manage node.js packages with npm
ohai Returns inventory data from `Ohai’
open_iscsi Manage iscsi targets with open-iscsi
openbsd_pkg Manage packages on OpenBSD.
openvswitch_bridge Manage Open vSwitch bridges
openvswitch_port Manage Open vSwitch ports
opkg Package manager for OpenWrt
osx_say Makes an OSX computer to speak.
ovirt oVirt/RHEV platform management
pacman Manage packages with `pacman’
pagerduty Create PagerDuty maintenance windows
pause Pause playbook execution
ping Try to connect to host and return `pong’ on success.
pingdom Pause/unpause Pingdom alerts
pip Manages Python library dependencies.
pkgin Package manager for SmartOS
pkgng Package manager for FreeBSD >= 9.0
pkgutil Manage CSW-Packages on Solaris
portage Package manager for Gentoo
portinstall Installing packages from FreeBSD’s ports system
postgresql_db Add or remove PostgreSQL databases from a remote host.
postgresql_privs Grant or revoke privileges on PostgreSQL database objects…
postgresql_user Adds or removes a users (roles) from a PostgreSQL database..
quantum_floating_ip Add/Remove floating IP from an instance
quantum_floating_ip_associate Associate or disassociate a particular floating IP with an i
quantum_network Creates/Removes networks from OpenStack
quantum_router Create or Remove router from openstack
quantum_router_gateway set/unset a gateway interface for the router with the specif
quantum_router_interface Attach/Dettach a subnet’s interface to a router
quantum_subnet Add/Remove floating IP from an instance
rabbitmq_parameter Adds or removes parameters to RabbitMQ
rabbitmq_plugin Adds or removes plugins to RabbitMQ
rabbitmq_policy Manage the state of policies in RabbitMQ.
rabbitmq_user Adds or removes users to RabbitMQ
rabbitmq_vhost Manage the state of a virtual host in RabbitMQ
raw Executes a low-down and dirty SSH command
rax create / delete an instance in Rackspace Public Cloud
rax_cbs Manipulate Rackspace Cloud Block Storage Volumes
rax_cbs_attachments Manipulate Rackspace Cloud Block Storage Volume Attachments.
rax_clb create / delete a load balancer in Rackspace Public Cloud…
rax_clb_nodes add, modify and remove nodes from a Rackspace Cloud Load Bal
rax_dns Manage domains on Rackspace Cloud DNS
rax_dns_record Manage DNS records on Rackspace Cloud DNS
rax_facts Gather facts for Rackspace Cloud Servers
rax_files Manipulate Rackspace Cloud Files Containers
rax_files_objects Upload, download, and delete objects in Rackspace Cloud File
rax_identity Load Rackspace Cloud Identity
rax_keypair Create a keypair for use with Rackspace Cloud Servers
rax_meta Manipulate metadata for Rackspace Cloud Servers
rax_network create / delete an isolated network in Rackspace Public Clou
rax_queue create / delete a queue in Rackspace Public Cloud
rax_scaling_group Manipulate Rackspace Cloud Autoscale Groups
rax_scaling_policy Manipulate Rackspace Cloud Autoscale Scaling Policy
rds create, delete, or modify an Amazon rds instance
rds_param_group manage RDS parameter groups
rds_subnet_group manage RDS database subnet groups
RedHat_subscription Manage Red Hat Network registration and subscriptions using
Redis Various redis commands, slave and flush
replace Replace all instances of a particular string in a file using
rhn_channel Adds or removes Red Hat software channels
rhn_register Manage Red Hat Network registration using the `rhnreg_ks’ co
riak This module handles some common Riak operations
rollbar_deployment Notify Rollbar about app deployments
route53 add or delete entries in Amazons Route53 DNS service
rpm_key Adds or removes a gpg key from the rpm db
s3 idempotent S3 module putting a file into S3.
script Runs a local script on a remote node after transferring it..
seboolean Toggles SELinux booleans.
selinux Change policy and state of SELinux
service Manage services.
set_fact Set host facts from a task
setup Gathers facts about remote hosts
shell Execute commands in nodes.
slack Send Slack notifications
slurp Slurps a file from remote nodes
sns Send Amazon Simple Notification Service (SNS) messages
stackdriver Send code deploy and annotation events to stackdriver
stat retrieve file or file system status
subversion Deploys a subversion repository.
supervisorctl Manage the state of a program or group of programs running v
svr4pkg Manage Solaris SVR4 packages
swdepot Manage packages with swdepot package manager (HP-UX)
synchronize Uses rsync to make synchronizing file paths in your playbook
sysctl Manage entries in sysctl.conf.
template Templates a file out to a remote server.
twilio Sends a text message to a mobile phone through Twilio.
typetalk Send a message to typetalk
ufw Manage firewall with UFW
unarchive Copies an archive to a remote location and unpack it
uri Interacts with webservices
urpmi Urpmi manager
user Manage user accounts
virt Manages virtual machines supported by libvirt
vsphere_guest Create/delete/manage a guest VM through VMware vSphere.
wait_for Waits for a condition before continuing.
win_feature Installs and uninstalls Windows Features
win_get_url Fetches a file from a given URL
win_group Add and remove local groups
win_msi Installs and uninstalls Windows MSI files
win_ping A windows version of the classic ping module.
win_service Manages Windows services
win_stat returns information about a Windows file
win_user Manages local Windows user accounts
xattr set/retrieve extended attributes
yum Manages packages with the `yum’ package manager
zfs Manage zfs
zypper Manage packages on SUSE and openSuSE
zypper_repository Add and remove Zypper repositories