Automated installation and deployment of the operation and maintenance Ansible

1, SSH distribution

ansible automated deployment conditions
1. The recommendation is based on ssh key ways to establish a remote connection
2. Establish a remote connection (not recommended) way of password-based ssh

Before deploying the need to ensure 管理主机and 受控主机can be based on ssh密钥the way远程连接

管理主机Generate SSH keys (private and public), public key distribution to each 受控主机:

1. Install sshpass

[root@m01 ~]# yum install sshpass -y

2. Generate Key

//  直接生成密钥
[root@m01 ~]# ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""
Generating public/private dsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:gfr8/bG2IAzxNJiom7WGwba8G26BZ5yfxJMp6O3Ouh4 root@m01
The key's randomart image is:
+---[DSA 1024]----+
|                 |
|     . +         |
|    . = +        |
| . . . + o       |
| +=ooo. S        |
|ooBB*+ o         |
|.EO=ooo o . .    |
| o+=o  . o ..o   |
|.=O=    . .o+.   |
+----[SHA256]-----+

3. Key Distribution

//  免交互式批量分发公钥脚本
[root@m01 ~]# vim ~/ssh-fenfa.sh
#!/bin/bash
rm -f /root/.ssh/id_dsa 
ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""
  for ip in 7 8 
do
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no" 10.4.7.$ip
done

// 执行脚本
[root@m01 ~]# sh ~/ssh-fenfa.sh

4. ssh to log a key test for loop

[root@m01 ~]# for i in 7 8 ;do ssh 10.4.7.$i  date ;done
Mon Feb  3 17:23:50 CST 2020
Mon Feb  3 17:23:50 CST 2020

2, installation Ansible

There are many installation methods, here only to Centos7 yum install example.

Ansible not in the standard default software repository, need to use the repo source.

1. In the management machine to be installed:

// 添加repo
[root@m01 ~]# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

// yum安装ansilbe
[root@m01 ~]# yum install ansible -y
[root@m01 ~]# rpm -qa ansible

// 检查ansible版本
[root@m01 ~]# ansible --version
ansible 2.9.2
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

2. Add the list of host

[root@m01 ~]# vim /etc/ansible/hosts
[sa]
10.4.7.7
10.4.7.8

Added next two hosts [SA] Packet

3, the test ansible

ping test ansible means for communicating with the controlled end of the

[root@m01 ~]# ansible sa -m ping
10.4.7.8 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}
10.4.7.7 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"
}

3, Ansible inventory management

Host list Path: / etc / ansible / hosts
/ etc / ansible / hosts host asset manifest file that defines the managed host authentication information, such as ssh login user name, password, and key related information. How to configure Inventory File

The host can be the IP address of the form may be in the form of a host name appears, but appears in the form of a host name must resolve hosts to have a corresponding host name and IP address of the machine on the ansible

Host:
1. Host support wildcard host name and a regular expression, e.g. web [1: 3] .jason.com representative of three hosts
2. ssh host supports non-standard port, for example web1.jason.com:6666
. 3 host supports the specified variables, special configuration may be an individual host, such as user login, password
4. support host group specified variable [group_name: vars], supports nested group [game: children]

Host Group:
1. Support nested groups, e.g. [game: Children], then the game will be set below the module included in game
2. Support the specified variable, e.g. [game: VARS] Specify the following variables

• Based password to connect

[root@m01 ~]# cat /etc/ansible/hosts

// 方式一、主机+端口+密码
[webservers]
10.0.0.31 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'
10.0.0.41 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='123456'

// 方式二、主机+端口+密码
[webservers]
web[1:2].jason.com ansible_ssh_pass='123456'

// 方式三、主机+端口+密码
// 添加三台主机至webserver【low版】
[webservers]
web1.jason.com
web2.jason.com
web3.jason.com

// 添加三台主机至webserver【改良版】
[webservers]
web[1:3].jason.com

// 添加三台主机至webserver【密码版】
[webservers]
web1.jason.com ansible_ssh_pass='123456'
web2.jason.com ansible_ssh_pass='123456'
web3.jason.com ansible_ssh_pass='123456'

// 添加三台主机至webserver【密码改良版】
[webservers]
web[1:3].jason.com ansible_ssh_pass='123456'

// 添加三台主机至webserver【密码拆分版】
[webservers]
web1.jason.com
web2.jason.com
web3.jason.com
[webservers:vars]
ansible_ssh_pass='123456'

• Key-based connection, you need to create a public and private key and a public key issued to the host

// 利用非交换式工具实现批量分发公钥与批量管理服务器
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

// 方式一、主机+端口+密钥
[group_name]
10.0.0.31:22
10.0.0.41

// 方式二、别名+主机+端口+密钥
[group_name]
nfs-node1 ansible_ssh_host=10.0.0.31 ansible_ssh_port=22

• Host group use

// 方式一、主机组变量+主机+密码
[apache]
web1.jason.com
web2.jason.com
web3.jason.com
[apache:vars]
ansible_ssh_pass='123456'

// 方式二、主机组变量+主机+密钥
[nginx]
10.0.0.7
10.0.0.8

// 定义多组，多组汇总整合
// webservers组包括两个子组[apapche,nginx]
[webservers:children]
[group_name1]
[nginx]

• ansible [Host Module Name] --list-hosts

//  查看该主机模块中所定义的主机的IP地址
[root@m01 ~]# ansible nginx --list-hosts
 hosts (2):
  10.0.0.7
  10.0.0.8