Brief description:
Ansible is an excellent automated IT operation and maintenance tool with remote installation, remote deployment of applications, and remote management capabilities, and supports Windows, Linux, Unix, macOS, and mainframe operating systems.
The following uses CentOS 7.6 as the host operating system to demonstrate the process of installing the Ansible tool, install a local application example to the remote host, and run the application on the remote host.
1. Environmental preparation
To complete this example, at least two hosts are required, one is installed with the Ansible operation and maintenance tool itself, and is used as a management host, and the other is used as a remote target host.
Both hosts come pre-installed with the CentOS 7.6 operating system.
# Ansible management host
10.72.8.118 push@hwcloud-bj4-1-lead-server03-8118
# remote target host
10.72.11.183 push@hwcloud-bj4-1-lead-server04-11183
2. Install Ansible operation and maintenance tools
Log in to the host where Ansible is to be installed using SSH.
- Run the install command
The installation process of Ansible is very simple, only one yum command is required.
Use the CentOS built-in tool yum to automatically download and install Ansible. Ansible depends on the Python language, and the Python language package will be downloaded and installed automatically when Ansible is installed.
During the installation process, you will be prompted whether to install dependent software packages, select y for all.
| @hwcloud-bj4-1-lead-server03-8118 ~]$ sudo yum install ansible Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile base | 3.6 kB 00:00:00 cloudera-cdh5 | 2.9 kB 00:00:00 cloudera-cm5 | 2.9 kB 00:00:00 warm | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 kubernetes | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/3): warm/x86_64/updateinfo | 1.0 MB 00:00:00 (2/3): updates/7/x86_64/primary_db | 4.7 MB 00:00:00 (3/3): epel/x86_64/primary_db | 6.9 MB 00:00:00 60 packages excluded due to repository priority protections Resolving Dependencies --> Running transaction check ---> Package ansible.noarch 0:2.9.16-1.el7 will be installed --> Processing Dependency: PyYAML for package: ansible-2.9.16-1.el7.noarch --> Processing Dependency: python-httplib2 for package: ansible-2.9.16-1.el7.noarch --> Processing Dependency: python-jinja2 for package: ansible-2.9.16-1.el7.noarch --> Processing Dependency: python-paramiko for package: ansible-2.9.16-1.el7.noarch --> Processing Dependency: python2-cryptography for package: ansible-2.9.16-1.el7.noarch --> Processing Dependency: python2-jmespath for package: ansible-2.9.16-1.el7.noarch --> Processing Dependency: sshpass for package: ansible-2.9.16-1.el7.noarch --> Running transaction check ---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed --> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.el7.x86_64 ---> Package python-jinja2.noarch 0:2.7.2-4.el7 will be installed --> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-4.el7.noarch --> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-4.el7.noarch ---> Package python-paramiko.noarch 0:2.1.1-9.el7 will be installed --> Processing Dependency: python2-pyasn1 for package: python-paramiko-2.1.1-9.el7.noarch ---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed --> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64 --> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64 --> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64 ---> Package python2-httplib2.noarch 0:0.18.1-3.el7 will be installed ---> Package python2-jmespath.noarch 0:0.9.4-2.el7 will be installed ---> Package sshpass.x86_64 0:1.06-2.el7 will be installed --> Running transaction check ---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed ---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed ---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed --> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64 ---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed ---> Package python-idna.noarch 0:2.4-1.el7 will be installed ---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed ---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed --> Running transaction check ---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed --> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch --> Running transaction check ---> Package python-ply.noarch 0:3.4-11.el7 will be installed --> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================================================================ Installing: ansible noarch 2.9.16-1.el7 epel 17 M Installing for dependencies: PyYAML x86_64 3.10-11.el7 base 153 k libyaml x86_64 0.1.4-11.el7_0 base 55 k python-babel noarch 0.9.6-8.el7 base 1.4 M python-cffi x86_64 1.6.0-5.el7 base 218 k python-enum34 noarch 1.0.4-1.el7 base 52 k python-idna noarch 2.4-1.el7 base 94 k python-jinja2 noarch 2.7.2-4.el7 base 519 k python-markupsafe x86_64 0.11-10.el7 base 25 k python-paramiko noarch 2.1.1-9.el7 base 269 k python-ply noarch 3.4-11.el7 base 123 k python-pycparser noarch 2.14-1.el7 base 104 k python2-cryptography x86_64 1.7.2-2.el7 base 502 k python2-httplib2 noarch 0.18.1-3.el7 epel 125 k python2-jmespath noarch 0.9.4-2.el7 epel 41 k python2-pyasn1 noarch 0.1.9-7.el7 base 100 k sshpass x86_64 1.06-2.el7 extras 21 k
Transaction Summary ============================================================================================================================================================================================================ Install 1 Package (+16 Dependent packages)
Total download size: 21 M Installed size: 122 M Is this ok [y/d/N]: y Downloading packages: (1/17): PyYAML-3.10-11.el7.x86_64.rpm | 153 kB 00:00:00 (2/17): libyaml-0.1.4-11.el7_0.x86_64.rpm | 55 kB 00:00:00 (3/17): python-cffi-1.6.0-5.el7.x86_64.rpm | 218 kB 00:00:00 (4/17): python-enum34-1.0.4-1.el7.noarch.rpm | 52 kB 00:00:00 (5/17): python-idna-2.4-1.el7.noarch.rpm | 94 kB 00:00:00 (6/17): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:00 (7/17): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:00 (8/17): python-jinja2-2.7.2-4.el7.noarch.rpm | 519 kB 00:00:00 (9/17): python-paramiko-2.1.1-9.el7.noarch.rpm | 269 kB 00:00:00 (10/17): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00:00 (11/17): python-pycparser-2.14-1.el7.noarch.rpm | 104 kB 00:00:00 (12/17): python2-cryptography-1.7.2-2.el7.x86_64.rpm | 502 kB 00:00:00 (13/17): python2-httplib2-0.18.1-3.el7.noarch.rpm | 125 kB 00:00:00 (14/17): python2-jmespath-0.9.4-2.el7.noarch.rpm | 41 kB 00:00:00 (15/17): ansible-2.9.16-1.el7.noarch.rpm | 17 MB 00:00:00 (16/17): python2-pyasn1-0.1.9-7.el7.noarch.rpm | 100 kB 00:00:00 (17/17): sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00 ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Total 79 MB/s | 21 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : python2-pyasn1-0.1.9-7.el7.noarch 1/17 Installing : python-markupsafe-0.11-10.el7.x86_64 2/17 Installing : sshpass-1.06-2.el7.x86_64 3/17 Installing : python2-httplib2-0.18.1-3.el7.noarch 4/17 Installing : python-babel-0.9.6-8.el7.noarch 5/17 Installing : python-jinja2-2.7.2-4.el7.noarch 6/17 Installing : python2-jmespath-0.9.4-2.el7.noarch 7/17 Installing : python-enum34-1.0.4-1.el7.noarch 8/17 Installing : python-ply-3.4-11.el7.noarch 9/17 Installing : python-pycparser-2.14-1.el7.noarch 10/17 Installing : python-cffi-1.6.0-5.el7.x86_64 11/17 Installing : libyaml-0.1.4-11.el7_0.x86_64 12/17 Installing : PyYAML-3.10-11.el7.x86_64 13/17 Installing : python-idna-2.4-1.el7.noarch 14/17 Installing : python2-cryptography-1.7.2-2.el7.x86_64 15/17 Installing : python-paramiko-2.1.1-9.el7.noarch 16/17 Installing : ansible-2.9.16-1.el7.noarch 17/17 Verifying : python-idna-2.4-1.el7.noarch 1/17 Verifying : libyaml-0.1.4-11.el7_0.x86_64 2/17 Verifying : python-ply-3.4-11.el7.noarch 3/17 Verifying : python-enum34-1.0.4-1.el7.noarch 4/17 Verifying : python-paramiko-2.1.1-9.el7.noarch 5/17 Verifying : python2-jmespath-0.9.4-2.el7.noarch 6/17 Verifying : python-babel-0.9.6-8.el7.noarch 7/17 Verifying : ansible-2.9.16-1.el7.noarch 8/17 Verifying : python2-httplib2-0.18.1-3.el7.noarch 9/17 Verifying : python-cffi-1.6.0-5.el7.x86_64 10/17 Verifying : sshpass-1.06-2.el7.x86_64 11/17 Verifying : python-jinja2-2.7.2-4.el7.noarch 12/17 Verifying : python2-pyasn1-0.1.9-7.el7.noarch 13/17 Verifying : PyYAML-3.10-11.el7.x86_64 14/17 Verifying : python-pycparser-2.14-1.el7.noarch 15/17 Verifying : python-markupsafe-0.11-10.el7.x86_64 16/17 Verifying : python2-cryptography-1.7.2-2.el7.x86_64 17/17
Installed: ansible.noarch 0:2.9.16-1.el7
Dependency Installed: PyYAML.x86_64 0:3.10-11.el7 libyaml.x86_64 0:0.1.4-11.el7_0 python-babel.noarch 0:0.9.6-8.el7 python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7 python-idna.noarch 0:2.4-1.el7 python-jinja2.noarch 0:2.7.2-4.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-paramiko.noarch 0:2.1.1-9.el7 python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7 python2-cryptography.x86_64 0:1.7.2-2.el7 python2-httplib2.noarch 0:0.18.1-3.el7 python2-jmespath.noarch 0:0.9.4-2.el7 python2-pyasn1.noarch 0:0.1.9-7.el7 sshpass.x86_64 0:1.06-2.el7
Complete! |
结果表明,Ansible已经正确安装。
- 查看Ansible版本号
d-server03-8118 ~]$ ansible --version
ansible 2.9.16
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/duanyp/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 16 2020, 22:23:17) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
安装Ansible不是目的,Ansible的强大功能是自动化安装、部署和运行。下面以一个小例子来演示Ansible的IT运维能力。安装Ansible不是目的,Ansible的强大功能是自动化安装、部署和运行。下面以一个小例子来演示Ansible的IT运维能力。
三、建立主机信任关系
-
Ansible是基于SSH来管理远程主机的,为了能自动化运行,需要在Ansible管理主机与远程目标主机之间建立SSH信任关系。
信任关系建立后,Ansible就可以自由访问目标主机。
- 从Ansible管理主机远程登录到目标主机:
-
在Ansible管理主机生成RSA密钥对(公钥/私钥)
| [push@hwcloud-bj4-1-lead-server03-8118 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/push/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Saving key "/home/push/.ssh/id_rsa" failed: passphrase is too short (minimum five characters) [push@hwcloud-bj4-1-lead-server03-8118 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/push/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/push/.ssh/id_rsa. Your public key has been saved in /home/push/.ssh/id_rsa.pub. The key fingerprint is: SHA256:MbcAtCdTpiV9nocWr6mX6witOcF0L1IgKg3M1X1VgUg [email protected] The key's randomart image is: +---[RSA 2048]----+ |o ....=.=Eo.oo. | |.o ...X.oo. | | o . .=.*o.= | |. o .+o==.o | | . o oSo.+ | | +.. + | | .o.o . | | .+..o | | o..oo. | +----[SHA256]-----+ [push@hwcloud-bj4-1-lead-server03-8118 ~]$ ls -l -a .ssh total 20 drwxr-xr-x 2 push users 4096 Jan 28 14:02 . drwx------ 6 push users 4096 Jan 28 11:51 .. -rw-r--r-- 1 push users 407 Jan 26 17:20 authorized_keys -rw------- 1 push users 1766 Jan 28 14:02 id_rsa -rw-r--r-- 1 push users 431 Jan 28 14:02 id_rsa.pub |
- 复制Ansible管理主机的公钥到远程目标主机
[push@hwcloud-bj4-1-lead-server03-8118 ~]$ scp -p ~/.ssh/id_rsa.pub [email protected]:/home/push/.ssh/authorized_keys
[email protected]'s password:
100% 405 605.6KB/s 00:00
id_rsa.pub - 再次验证SSH登录
- 新建Shell脚本
-
从Ansible主机SSH登录到目标主机:
[push@hwcloud-bj4-1-lead-server03-8118 ansible]$ ssh 10.72.11.183
Last login: Thu Jan 28 15:15:33 2021 from 10.72.8.118
Welcome to Huawei Cloud Service
[push@hwcloud-bj4-1-lead-server04-11183 ~]$
结果显示,可以免密码登录了。
配置主机信任的过程有点麻烦,但是配置一次就可以永久免密登录,比起每次登录输入密码还是值得的。
四、配置Ansible环境
- 查看Ansible配置目录
| [push@hwcloud-bj4-1-lead-server03-8118 ansible]$ ls -ln /etc/ansible/ total 28 -rw-r--r-- 1 0 0 19985 Dec 19 01:50 ansible.cfg -rw-r--r-- 1 0 0 1016 Dec 19 01:50 hosts drwxr-xr-x 2 0 0 4096 Dec 19 01:50 roles [push@hwcloud-bj4-1-lead-server03-8118 ansible]$ cat /etc/ansible/hosts |
- 修改/etc/ansible/hosts文件
修改hosts文件,在文件最后添加主机组k3s-node以及组内主机IP:
[node-8118]
10.72.8.118
[node-11183]
10.72.11.183
- 测试远程主机的连通性
| [push@hwcloud-bj4-1-lead-server03-8118 .ssh]$ ansible node-8118 -m ping [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details 10.72.8.118 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } [push@hwcloud-bj4-1-lead-server03-8118 .ssh]$ ansible node-11183 -m ping [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details 10.72.11.183 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } |
五、编写playbook剧本文件
playbook是预先编写的描述性剧本,ansible会逐个执行playbook剧本内的命令。
- 编写playbook文件
-
playbook文件是yaml语言格式描述的。
|