在CentOS上安装自动化运维工具Ansible

简述：

Ansible是一款优秀的自动化IT运维工具，具有远程安装、远程部署应用、远程管理能力，支持Windows、Linux、Unix、macOS和大型机等多种操作系统。

下面就以CentOS 7.6为主机操作系统，演示安装Ansible工具的过程，将一个本地应用例子安装到远程主机，并在远程主机上运行应用。

一、环境准备

完成这个例子，最少需要两台主机，一台安装Ansible运维工具本身，用作管理主机，一台用作远程目标主机。

两台主机都预先安装了CentOS 7.6操作系统。

# Ansible管理主机

10.72.8.118 push@hwcloud-bj4-1-lead-server03-8118

# 远程目标主机

10.72.11.183 push@hwcloud-bj4-1-lead-server04-11183

二、安装Ansible运维工具

使用SSH登录到拟安装Ansible的主机。

运行安装命令

Ansible的安装过程很简单，只需要一条yum命令。

使用CentOS自带工具yum自动下载、安装Ansible。Ansible依赖于Python语言，安装Ansible时会自动下载、安装Python语言包。

安装过程中会提示是否安装依赖软件包，全部选y。

@hwcloud-bj4-1-lead-server03-8118 ~]$ sudo yum install ansible

Loaded plugins: fastestmirror, priorities

Loading mirror speeds from cached hostfile

base | 3.6 kB 00:00:00

cloudera-cdh5 | 2.9 kB 00:00:00

cloudera-cm5 | 2.9 kB 00:00:00

epel | 4.7 kB 00:00:00

extras | 2.9 kB 00:00:00

kubernetes | 2.9 kB 00:00:00

updates | 2.9 kB 00:00:00

(1/3): epel/x86_64/updateinfo | 1.0 MB 00:00:00

(2/3): updates/7/x86_64/primary_db | 4.7 MB 00:00:00

(3/3): epel/x86_64/primary_db | 6.9 MB 00:00:00

60 packages excluded due to repository priority protections

Resolving Dependencies

--> Running transaction check

---> Package ansible.noarch 0:2.9.16-1.el7 will be installed

--> Processing Dependency: PyYAML for package: ansible-2.9.16-1.el7.noarch

--> Processing Dependency: python-httplib2 for package: ansible-2.9.16-1.el7.noarch

--> Processing Dependency: python-jinja2 for package: ansible-2.9.16-1.el7.noarch

--> Processing Dependency: python-paramiko for package: ansible-2.9.16-1.el7.noarch

--> Processing Dependency: python2-cryptography for package: ansible-2.9.16-1.el7.noarch

--> Processing Dependency: python2-jmespath for package: ansible-2.9.16-1.el7.noarch

--> Processing Dependency: sshpass for package: ansible-2.9.16-1.el7.noarch

--> Running transaction check

---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed

--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.el7.x86_64

---> Package python-jinja2.noarch 0:2.7.2-4.el7 will be installed

--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-4.el7.noarch

--> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-4.el7.noarch

---> Package python-paramiko.noarch 0:2.1.1-9.el7 will be installed

--> Processing Dependency: python2-pyasn1 for package: python-paramiko-2.1.1-9.el7.noarch

---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed

--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64

--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64

--> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64

---> Package python2-httplib2.noarch 0:0.18.1-3.el7 will be installed

---> Package python2-jmespath.noarch 0:0.9.4-2.el7 will be installed

---> Package sshpass.x86_64 0:1.06-2.el7 will be installed

--> Running transaction check

---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed

---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed

---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed

--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64

---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed

---> Package python-idna.noarch 0:2.4-1.el7 will be installed

---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed

---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed

--> Running transaction check

---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed

--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch

--> Running transaction check

---> Package python-ply.noarch 0:3.4-11.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================================================

Package Arch Version Repository Size

Installing:

ansible noarch 2.9.16-1.el7 epel 17 M

Installing for dependencies:

PyYAML x86_64 3.10-11.el7 base 153 k

libyaml x86_64 0.1.4-11.el7_0 base 55 k

python-babel noarch 0.9.6-8.el7 base 1.4 M

python-cffi x86_64 1.6.0-5.el7 base 218 k

python-enum34 noarch 1.0.4-1.el7 base 52 k

python-idna noarch 2.4-1.el7 base 94 k

python-jinja2 noarch 2.7.2-4.el7 base 519 k

python-markupsafe x86_64 0.11-10.el7 base 25 k

python-paramiko noarch 2.1.1-9.el7 base 269 k

python-ply noarch 3.4-11.el7 base 123 k

python-pycparser noarch 2.14-1.el7 base 104 k

python2-cryptography x86_64 1.7.2-2.el7 base 502 k

python2-httplib2 noarch 0.18.1-3.el7 epel 125 k

python2-jmespath noarch 0.9.4-2.el7 epel 41 k

python2-pyasn1 noarch 0.1.9-7.el7 base 100 k

sshpass x86_64 1.06-2.el7 extras 21 k

Transaction Summary

Install 1 Package (+16 Dependent packages)

Total download size: 21 M

Installed size: 122 M

Is this ok [y/d/N]: y

Downloading packages:

(1/17): PyYAML-3.10-11.el7.x86_64.rpm | 153 kB 00:00:00

(2/17): libyaml-0.1.4-11.el7_0.x86_64.rpm | 55 kB 00:00:00

(3/17): python-cffi-1.6.0-5.el7.x86_64.rpm | 218 kB 00:00:00

(4/17): python-enum34-1.0.4-1.el7.noarch.rpm | 52 kB 00:00:00

(5/17): python-idna-2.4-1.el7.noarch.rpm | 94 kB 00:00:00

(6/17): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:00

(7/17): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:00

(8/17): python-jinja2-2.7.2-4.el7.noarch.rpm | 519 kB 00:00:00

(9/17): python-paramiko-2.1.1-9.el7.noarch.rpm | 269 kB 00:00:00

(10/17): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00:00

(11/17): python-pycparser-2.14-1.el7.noarch.rpm | 104 kB 00:00:00

(12/17): python2-cryptography-1.7.2-2.el7.x86_64.rpm | 502 kB 00:00:00

(13/17): python2-httplib2-0.18.1-3.el7.noarch.rpm | 125 kB 00:00:00

(14/17): python2-jmespath-0.9.4-2.el7.noarch.rpm | 41 kB 00:00:00

(15/17): ansible-2.9.16-1.el7.noarch.rpm | 17 MB 00:00:00

(16/17): python2-pyasn1-0.1.9-7.el7.noarch.rpm | 100 kB 00:00:00

(17/17): sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Total 79 MB/s | 21 MB 00:00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : python2-pyasn1-0.1.9-7.el7.noarch 1/17

Installing : python-markupsafe-0.11-10.el7.x86_64 2/17

Installing : sshpass-1.06-2.el7.x86_64 3/17

Installing : python2-httplib2-0.18.1-3.el7.noarch 4/17

Installing : python-babel-0.9.6-8.el7.noarch 5/17

Installing : python-jinja2-2.7.2-4.el7.noarch 6/17

Installing : python2-jmespath-0.9.4-2.el7.noarch 7/17

Installing : python-enum34-1.0.4-1.el7.noarch 8/17

Installing : python-ply-3.4-11.el7.noarch 9/17

Installing : python-pycparser-2.14-1.el7.noarch 10/17

Installing : python-cffi-1.6.0-5.el7.x86_64 11/17

Installing : libyaml-0.1.4-11.el7_0.x86_64 12/17

Installing : PyYAML-3.10-11.el7.x86_64 13/17

Installing : python-idna-2.4-1.el7.noarch 14/17

Installing : python2-cryptography-1.7.2-2.el7.x86_64 15/17

Installing : python-paramiko-2.1.1-9.el7.noarch 16/17

Installing : ansible-2.9.16-1.el7.noarch 17/17

Verifying : python-idna-2.4-1.el7.noarch 1/17

Verifying : libyaml-0.1.4-11.el7_0.x86_64 2/17

Verifying : python-ply-3.4-11.el7.noarch 3/17

Verifying : python-enum34-1.0.4-1.el7.noarch 4/17

Verifying : python-paramiko-2.1.1-9.el7.noarch 5/17

Verifying : python2-jmespath-0.9.4-2.el7.noarch 6/17

Verifying : python-babel-0.9.6-8.el7.noarch 7/17

Verifying : ansible-2.9.16-1.el7.noarch 8/17

Verifying : python2-httplib2-0.18.1-3.el7.noarch 9/17

Verifying : python-cffi-1.6.0-5.el7.x86_64 10/17

Verifying : sshpass-1.06-2.el7.x86_64 11/17

Verifying : python-jinja2-2.7.2-4.el7.noarch 12/17

Verifying : python2-pyasn1-0.1.9-7.el7.noarch 13/17

Verifying : PyYAML-3.10-11.el7.x86_64 14/17

Verifying : python-pycparser-2.14-1.el7.noarch 15/17

Verifying : python-markupsafe-0.11-10.el7.x86_64 16/17

Verifying : python2-cryptography-1.7.2-2.el7.x86_64 17/17

Installed:

ansible.noarch 0:2.9.16-1.el7

Dependency Installed:

PyYAML.x86_64 0:3.10-11.el7 libyaml.x86_64 0:0.1.4-11.el7_0 python-babel.noarch 0:0.9.6-8.el7 python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7

python-idna.noarch 0:2.4-1.el7 python-jinja2.noarch 0:2.7.2-4.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-paramiko.noarch 0:2.1.1-9.el7 python-ply.noarch 0:3.4-11.el7

python-pycparser.noarch 0:2.14-1.el7 python2-cryptography.x86_64 0:1.7.2-2.el7 python2-httplib2.noarch 0:0.18.1-3.el7 python2-jmespath.noarch 0:0.9.4-2.el7 python2-pyasn1.noarch 0:0.1.9-7.el7

sshpass.x86_64 0:1.06-2.el7

Complete!

结果表明，Ansible已经正确安装。

查看Ansible版本号

d-server03-8118 ~]$ ansible --version

ansible 2.9.16

config file = /etc/ansible/ansible.cfg

configured module search path = [u'/home/duanyp/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

ansible python module location = /usr/lib/python2.7/site-packages/ansible

executable location = /usr/bin/ansible

python version = 2.7.5 (default, Nov 16 2020, 22:23:17) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]

安装Ansible不是目的，Ansible的强大功能是自动化安装、部署和运行。下面以一个小例子来演示Ansible的IT运维能力。安装Ansible不是目的，Ansible的强大功能是自动化安装、部署和运行。下面以一个小例子来演示Ansible的IT运维能力。

三、建立主机信任关系

Ansible是基于SSH来管理远程主机的，为了能自动化运行，需要在Ansible管理主机与远程目标主机之间建立SSH信任关系。

信任关系建立后，Ansible就可以自由访问目标主机。
从Ansible管理主机远程登录到目标主机：
在Ansible管理主机生成RSA密钥对（公钥/私钥）

[push@hwcloud-bj4-1-lead-server03-8118 ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/push/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Saving key "/home/push/.ssh/id_rsa" failed: passphrase is too short (minimum five characters)

[push@hwcloud-bj4-1-lead-server03-8118 ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/push/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/push/.ssh/id_rsa.

Your public key has been saved in /home/push/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:MbcAtCdTpiV9nocWr6mX6witOcF0L1IgKg3M1X1VgUg [email protected]

The key's randomart image is:

+---[RSA 2048]----+

|o ....=.=Eo.oo. |

|.o ...X.oo. |

| o . .=.*o.= |

|. o .+o==.o |

| . o oSo.+ |

| +.. + |

| .o.o . |

| .+..o |

| o..oo. |

+----[SHA256]-----+

[push@hwcloud-bj4-1-lead-server03-8118 ~]$ ls -l -a .ssh

total 20

drwxr-xr-x 2 push users 4096 Jan 28 14:02 .

drwx------ 6 push users 4096 Jan 28 11:51 ..

-rw-r--r-- 1 push users 407 Jan 26 17:20 authorized_keys

-rw------- 1 push users 1766 Jan 28 14:02 id_rsa

-rw-r--r-- 1 push users 431 Jan 28 14:02 id_rsa.pub

复制Ansible管理主机的公钥到远程目标主机

[push@hwcloud-bj4-1-lead-server03-8118 ~]$ scp -p ~/.ssh/id_rsa.pub [email protected]:/home/push/.ssh/authorized_keys
[email protected]'s password: 
         100%  405   605.6KB/s   00:00 
id_rsa.pub

再次验证SSH登录
新建Shell脚本
从Ansible主机SSH登录到目标主机：

[push@hwcloud-bj4-1-lead-server03-8118 ansible]$ ssh 10.72.11.183

Last login: Thu Jan 28 15:15:33 2021 from 10.72.8.118

Welcome to Huawei Cloud Service

[push@hwcloud-bj4-1-lead-server04-11183 ~]$

结果显示，可以免密码登录了。

配置主机信任的过程有点麻烦，但是配置一次就可以永久免密登录，比起每次登录输入密码还是值得的。

四、配置Ansible环境
查看Ansible配置目录

[push@hwcloud-bj4-1-lead-server03-8118 ansible]$ ls -ln /etc/ansible/

total 28

-rw-r--r-- 1 0 0 19985 Dec 19 01:50 ansible.cfg

-rw-r--r-- 1 0 0 1016 Dec 19 01:50 hosts

drwxr-xr-x 2 0 0 4096 Dec 19 01:50 roles

[push@hwcloud-bj4-1-lead-server03-8118 ansible]$ cat /etc/ansible/hosts

修改/etc/ansible/hosts文件

修改hosts文件，在文件最后添加主机组k3s-node以及组内主机IP：

[node-8118]

10.72.8.118

[node-11183]

10.72.11.183

测试远程主机的连通性

[push@hwcloud-bj4-1-lead-server03-8118 .ssh]$ ansible node-8118 -m ping

[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details

10.72.8.118 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

[push@hwcloud-bj4-1-lead-server03-8118 .ssh]$ ansible node-11183 -m ping

[WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details

10.72.11.183 | SUCCESS => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

"changed": false,

"ping": "pong"

}

五、编写playbook剧本文件

playbook是预先编写的描述性剧本，ansible会逐个执行playbook剧本内的命令。

编写playbook文件
playbook文件是yaml语言格式描述的。

引入别人例子：

# cat show_hosts.yaml 
- name: a sample for show /etc/hosts
  hosts: k3s-node
  remote_user: root
  tasks:
  - name: copy show_hosts shell
    file:
      src: '{
       
       { item.src }}'
      dest: '{
       
       { item.dest }}'
      mode: 755
    with_items:
    - { src: '/root/ansible/show_hosts.sh', dest: '/usr/local/bin/'}

  - name: run shell
    shell: |
      /usr/local/bin/show_hosts.sh; sleep 3;

  - name: delete shell
    file:
      src: '{
       
       { item.src }}'
      dest: '{
       
       { item.dest }}'
      state: '{
       
       { item.state }}'
    with_items:
       - { src: '', dest: '/usr/local/bin/show_hosts.sh', state: 'absent' }

在CentOS上安装自动化运维工具Ansible

猜你喜欢