ansible简介
1.Ansible可以同时管理Redhat系的Linux,Debian系的Linux,以及Windows主机。管理节点只在执行脚本时与远程主机连接,没有特别的同步机制,所以断电等异常一般不会影响ansbile。
2.ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
3.ansible的架构:连接其他主机默认使用ssh协议
ansible环境安装部署
管理端:192.168.35.100
被管理端:192.168.35.101
被管理端:192.168.35.102
所有管理端关闭防火墙
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
安装epel源
[root@localhost ~]# yum install -y epel-release
安装ansible服务
[root@localhost ~]# yum install ansible -y
查看ansible版本
[root@localhost ~]# ansible --version
ansible 2.9.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
树状结构展示文件夹
[root@localhost ~]# yum install tree -y //安装tree服务
[root@localhost ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg #ansible的配置文件
├── hosts #ansible的主仓库,用于存储需要管理的远程主机的相关信息
└── roles1 directory, 2 files
配置主机清单
[root@localhost ~]# vim /etc/ansible/hosts
#在25~28行添加
[webserver]
192.168.35.101
[mysql]
192.168.35.102
配置密钥对验证
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #输入密码abc123
Enter same passphrase again: #再次输入密码abc123
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:45OoRKsFf6MuqeGFWfRdORMW+kVjkCpeULT7fhXgvuQ [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| oo =++ |
| . +.=.. |
| . .o.=... |
| . ...o+ +. . |
| ..o.ooS.. . |
| ++ o o.o o . |
|.o o= + +.o o |
|..++ + ... E |
|.o.o+ .. |
+----[SHA256]-----+
秘钥对传送
[root@localhost ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.35.101 (192.168.35.101)' can't be established.
ECDSA key fingerprint is SHA256:JsLSnAul/dncM/HPvpJWWB09dHLzpIfArHv1fWjQyA8.
ECDSA key fingerprint is MD5:d1:b7:d7:74:c6:4a:2a:7b:fc:33:8c:9c:3a:f2:6e:8a.
Are you sure you want to continue connecting (yes/no)? yes #输入yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: # 输入要访问主机密码123123Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.[root@localhost ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.35.102 (192.168.35.102)' can't be established.
ECDSA key fingerprint is SHA256:JsLSnAul/dncM/HPvpJWWB09dHLzpIfArHv1fWjQyA8.
ECDSA key fingerprint is MD5:d1:b7:d7:74:c6:4a:2a:7b:fc:33:8c:9c:3a:f2:6e:8a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
查看对方系统时间
[root@localhost ~]# ansible webserver -m command -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa': #输入密码abc123
192.168.35.101 | CHANGED | rc=0 >>
2020年 01月 26日 星期日 11:58:25 CST[root@localhost ~]# ansible mysql -m command -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa': #输入密码abc123
192.168.35.102 | CHANGED | rc=0 >>
2020年 01月 26日 星期日 12:26:18 CST
免交互代理
[root@localhost ~]# ssh-agent bash
[root@localhost ~]# ssh-add
Enter passphrase for /root/.ssh/id_rsa: #输入密码
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
[root@localhost ~]# ansible webserver -m command -a 'date' #在进行验证,直接就会查看,无需输入密码
192.168.35.101 | CHANGED | rc=0 >>
2020年 01月 26日 星期日 12:00:10 CST
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。