- A+
Ansible基于python开发,集合了众多优秀运维工具的优点,实现了批量运行命令、部署程序、配置系统等功能。默认通过SSH协议进行远程命令执行或下发配置,无需部署任何客户端代理软件,从而使得自动化环境部署变得更加简单。可同时支持多台主机并进行管理,使得管理主机更加便捷。
一.升级python版本
1.查看当前版本
- [root@localhost ~]# python -V
- Python 2.7.5
- [root@localhost ~]#
2.启用EPEL和SCL存储库
- [root@localhost ~]# yum install epel-release centos-release-scl
- 已加载插件:fastestmirror, langpacks
- Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
- Determining fastest mirrors
- epel/x86_64/metalink
- ……
3.安装Python 3.6
- [root@localhost ~]# yum install rh-python36 git gcc wget nodejs-less libxslt-devel bzip2-devel openldap-devel libjpeg-devel freetype-devel
- 已加载插件:fastestmirror, langpacks
- Loading mirror speeds from cached hostfile
- * base: mirrors.aliyun.com
- * centos-sclo-rh: mirrors.huaweicloud.com
- * centos-sclo-sclo: mirrors.huaweicloud.com
- * epel: d2lzkl7pfhq30w.cloudfront.net
- * extras: mirrors.bfsu.edu.cn
- * updates: mirrors.huaweicloud.com
- centos-sclo-rh | 3.0 kB 00:00:00
- centos-sclo-sclo
- ……
- [root@localhost ~]# scl enable rh-python36 bash
- [root@localhost ~]#
5.查看升级后的版本
- [root@localhost ~]# python -V
- Python 3.6.9
二.安装ansible
1.采用软件源安装
- [root@localhost ~]# yum install epel-release && yum install ansible
- 已加载插件:fastestmirror, langpacks
- Loading mirror speeds from cached hostfile
它的优点如下:
简单、快速、跨平台。
2.pip安装
- [root@localhost ~]# pip install ansible
- Collecting ansible
- Downloading https://files.pythonhosted.org/packages/4a/0b/44b586965bd51135d3915a02d1327fb392843630435cd41d6c89898c5f24/ansible-2.10.0.tar.gz (25.5MB)
- 100% |████████████████████████████████| 25.5MB 15kB/s
- Collecting ansible-base<2.11,>=2.10.1 (from ansible)
3.Ansible版本查看
- [root@localhost ~]# ansible --version
- ansible 2.10.1
- config file = /etc/ansible/ansible.cfg
- configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
- ansible python module location = /opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/ansible
- executable location = /opt/rh/rh-python36/root/usr/bin/ansible
- python version = 3.6.9 (default, Nov 11 2019, 11:24:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
- [root@localhost ~]#
三.配置Ansible并做测试
主要思路:配置host-->配置ssh-->连通测试
1.host文件配置.
这里添加要管理的主机IP信息,如下:
192.168.150.121
192.168.150.71
- /etc/ansible/hosts
- ## db-[99:101]-node.example.com
- [mytest]
- 192.168.150.121
- 192.168.150.71
- [root@localhost ansible]#
2.配置远程登录
这里我们在管理端,生成密钥对并将公钥推送给被管理端。
- [root@localhost /]# ssh-keygen -t rsa
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa):
- Created directory '/root/.ssh'.
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
- Your identification has been saved in /root/.ssh/id_rsa.
- Your public key has been saved in /root/.ssh/id_rsa.pub.
- The key fingerprint is:
- ab:9f:ba:5d:39:33:ae:a4:5a:13:4e:9e:79:33:3e:3e root@localhost.localdomain
- The key's randomart image is:
- +--[ RSA 2048]----+
- | |
- | |
- | |
- | |
- | o S |
- | + + . . |
- | B * * |
- | . OE* + |
- | ..==B+. |
- +-----------------+
- [root@localhost /]#
3.将管理机上生成的秘钥发送到被管理机
- [root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.150.71
- The authenticity of host '192.168.150.71 (192.168.150.71)' can't be established.
- ECDSA key fingerprint is 10:15:bf:ca:b5:aa:b5:74:23:68:24:1e:e0:91:0c:fa.
- Are you sure you want to continue connecting (yes/no)? yes
- /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
- /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
- root@192.168.150.71's password:
- Number of key(s) added: 1
- Now try logging into the machine, with: "ssh 'root@192.168.150.71'"
- and check to make sure that only the key(s) you wanted were added.
- [root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.150.121
- The authenticity of host '192.168.150.121 (192.168.150.121)' can't be established.
- ECDSA key fingerprint is cd:09:1a:1a:4d:a9:d0:4d:d0:29:45:c4:6f:84:fd:14.
- Are you sure you want to continue connecting (yes/no)? yes
- /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
- /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
- root@192.168.150.121's password:
- Number of key(s) added: 1
- Now try logging into the machine, with: "ssh 'root@192.168.150.121'"
- and check to make sure that only the key(s) you wanted were added.
- [root@localhost ~]#
4.测试登录被管理主机
我们先做SSH登录测试
- [root@localhost ~]# ssh root@192.168.150.71
- Last login: Thu Sep 24 11:19:21 2020 from 10.128.25.130
- [root@node01 ~]#
- [root@node01 ~]# exit
- 登出
- Connection to 192.168.150.71 closed.
- [root@localhost ~]# ssh root@192.168.150.121
- Last login: Thu Sep 24 11:19:21 2020 from 10.128.25.130
- [root@yunkzbd ~]#
上面两个都登录成功,接着进行ansible登录测试,登录时指定用户
- [root@localhost ~]# ansible 192.168.150.71 -m ping --user=root
- 192.168.150.71 | SUCCESS => {
- "ansible_facts": {
- "discovered_interpreter_python": "/usr/bin/python"
- },
- "changed": false,
- "ping": "pong"
- }
- [root@localhost ~]#
#
连通成功,返回一个pong。
四.Ansible命令执行方式
有两种:
ad-hoc:主要用于临时命令的执行
ansible-playbook:是ad-hoc命令的集合,通过一定的规划编排在一起,实现一个完整的功能。这也是我的常用方法。
