（Ansible）（1）Ansible的安装和部署

---

1，虚拟机封装

• （1）下载镜像8.2版本：rhel-8.2-x86_64-dvd.iso
• （2）安装虚拟机：
  硬盘：

Software Selection:
时区：
KDUMP
分区为自动：

设置完成，开始安装。

• （3）虚拟机设置：ip、仓库文件、相关安装包（vim，httpd，bash-*等）、解析

%虚拟机中
dnf install vim
dnf install httpd
dnf install bash-*
hostname
[root@localhost yum.repos.d]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.3.150 localhost.localdomain  #hostname
172.25.3.1 server1
172.25.3.2 server2
172.25.3.3 server3
172.25.3.4 server4
172.25.3.5 server5
172.25.3.6 server6

• （4）新建三个快照，server1,server2,server3

2，让虚拟机上网

%真机里加网关
ip addr add 192.168.3.173/24 dev br0
ip route add defaulte via 192.168.3.253
route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.3.253   0.0.0.0         UG    0      0        0 br0
172.25.3.0      0.0.0.0         255.255.255.0   U     425    0        0 br0
172.25.250.0    0.0.0.0         255.255.255.0   U     0      0        0 privbr0
172.25.254.0    0.0.0.0         255.255.255.0   U     425    0        0 br0
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
%真机里解析
[root@zhenji yum.repos.d]# cat /etc/resolv.conf
# Generated by NetworkManager
search ilt.example.com example.com
nameserver 114.114.114.114
%真机地址伪装
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
ping www.baidu.com #可以ping通，此时虚拟机也都能上网了

%对于自己电脑，直接在每个虚拟机里加网关，改解析即可
[root@server1 ansible]# ip route add defaulte via 10.4.17.1
[root@server1 ansible]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 114.114.114.114

3，Ansible的安装

网页艘阿里云，开发者->景象展->epel

%虚拟机server1

yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
dnf install ansible

3，inventory文件配置及常用模块

%先读目录，再读用户，全局
%server1，2，3都建立用户devops，该密码westos
su - devop
mkdir ansible
cd ansible 
全在ansible目录下作：
[devops@server1 ansible]$ vim hosts
[test]
172.25.3.2
[prod]
172.25.3.3
[devops@server1 ansible]$ cat ansible.cfg
[defaults]

inventory= ./hosts
%做免密
[devops@server1 ansible]$ ssh-keygen  #全部回车
[devops@server1 ansible]$ ssh-copy-id 172.25.3.2
[devops@server1 ansible]$ ssh-copy-id 172.25.3.3
[devops@server1 ansible]$ ansible all -m ping #检查解析是否做好
[devops@server1 ansible]$ ansible test -m ping -u root -k 
[devops@server1 ansible]$ ansible test -m ping -u devops -k#可以指定用户登陆

%超户登陆
%server1里
[devops@server1 ansible]$ ansible test -m ping -b #可以访问超级用户
%做visudo后， ansible test -m ping可以直接登陆超户
[devops@server1 ansible]$ ls
ansible.cfg  hosts
[devops@server1 ansible]$ cat ansible.cfg
[defaults]
inventory= ./hosts  #读当前目录下的配置文件
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False

%server2和server3里都写
[root@server2 ~]# visudo
devops    ALL=(ALL)     NOPASSWD: ALL

[devops@server1 ansible]$ ansible test -m ping  #做完visudo就能直接进入超级用户
[devops@server1 ansible]$ ansible all -m copy -a "src=/etc/passwd dest=/mnt" #server2和3的ls -ld /mnt的权限只有root能写
ansible all -m copy -a "ls /mnt"
ansible all  -a "ls /mnt"
ansible test -m ping -u devops -k

[devops@server1 ansible]$ ansible all -a "rm -fr /mnt/passwd"  #删除
[devops@server1 ansible]$ ansible all  -a "ls /mnt"  #查看，已被删除
172.25.3.3 | CHANGED | rc=0 >>

172.25.3.2 | CHANGED | rc=0 >>

[root@server1 ansible]# ansible -i hosts all -m ping  #-i指定当前目录下的hosts文件
[root@server1 ansible]# vim hosts 
[root@server1 ansible]# ansible "*" -m ping #读取当前目录下的所有hosts文件李的用户
[root@server1 ansible]# cat hosts 
[test]
172.25.3.2
[prod]
172.25.3.3
172.25.3.2
[webserver:children]
test
prod

[root@server1 ansible]# ansible 'test:prod' -m ping
[root@server1 ansible]# ansible 'test:!prod' -m ping
[WARNING]: No hosts matched, nothing to do
[root@server1 ansible]# ansible 'test:&prod' -m ping

[root@server1 ansible]# ansible-doc dnf #查看用法

[root@server1 ansible]# ansible test -m dnf -a "name=httpd state=present"
[root@server1 ansible]# ansible test -a "rpm -q httpd"
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.  If you need
to use command because yum, dnf or zypper is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
172.25.3.2 | CHANGED | rc=0 >>
httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64

[root@server1 ansible]# ansible test -m dnf -a "name=httpd state=present"
[root@server1 ansible]# ansible test -m dnf -a "name=firewalld state=present"


[root@server1 ansible]# ansible test -m firewalld -a "service=http permanent=yes immediate=yes state=enabled"


[root@server1 ansible]# vim index.html
www.westos.org
[root@server1 ansible]# ansible test -m copy -a "src=index.html dest=/var/www/html/"

[root@server1 ansible]# curl 172.25.3.2
www.westos.org

[root@server1 ansible]# ansible test -m file -a "dest=/mnt/passwd owner=root group=root"
[devops@server1 ansible]$ ansible all -m copy -a "src=/etc/passwd dest=/tmp"
[devops@server1 ansible]$ ansible test -m file -a "dest=/tmp/passwd owner=root group=root"

[devops@server1 ansible]$ ansible test -m file -a "dest=/tmp/passwd mode=600"
%test,是server2。在server2中查看文件属性
[root@server2 ~]# ls -l /tmp/passwd
-rw-r--r--. 1 root root 1251 Dec 27 08:52 /tmp/passwd
[root@server2 ~]# ls -l /tmp/passwd
-rw-------. 1 root root 1251 Dec 27 08:52 /tmp/passwd



[devops@server1 ansible]$ ansible test -m user -a "name=wxh"
[devops@server1 ansible]$ ansible test -m user -a "name=wxh state=absent"

扫描二维码关注公众号，回复： 12439741 查看本文章