ansible作用、部署
- 一、ansible介绍
- 二、ansible安装部署
-
- 1、建议配置ssh免密
- 2、安装ansible
- [3、配置主机清单文件 /etc/ansible/hosts](#3、配置主机清单文件 /etc/ansible/hosts)
-
- [3.1 未分组的写法](#3.1 未分组的写法)
- [3.2 分组的写法](#3.2 分组的写法)
- 4、添加非免密的主机
一、ansible介绍
基于python语言开发的,自动化运维工具
作用:批量管控
1、ansible特性
轻易级工具, saltstack工具,重量级工具(分布式)
基于ssh协议设计
no server, no agent
提供丰富 API接口
二、ansible安装部署
1、建议配置ssh免密
bash
[root@zabbix_server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:G325RcbAufrnbbx71weubZvuHXYe4cLd6Y+0o5TRSKY root@zabbix_server.linux.com
The key's randomart image is:
+---[RSA 2048]----+
| ... |
| oo |
| o.+ |
| . +.* |
| S E.= o. |
| o...=+ +|
| . .++.X+|
| ..oOB@|
| oOXB%|
+----[SHA256]-----+
[root@zabbix_server ~]# ssh-copy-id root@192.168.140.11
[root@zabbix_server ~]# ssh-copy-id root@192.168.140.122、安装ansible
bash
[root@zabbix_server ~]# wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
[root@zabbix_server ~]# yum install -y ansible
[root@zabbix_server ~]# rpm -q ansible
ansible-2.9.27-1.el7.noarch3、配置主机清单文件 /etc/ansible/hosts
3.1 未分组的写法
bash
[root@zabbix_server ~]# vim /etc/ansible/hosts
192.168.140.11
192.168.140.12
bash
[root@zabbix_server ~]# ansible all -m ping
192.168.140.11 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.140.12 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}3.2 分组的写法
bash
[web]
192.168.140.11
192.168.140.12
[db]
192.168.140.12
bash
[root@zabbix_server ~]# ansible web -m ping
192.168.140.12 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.140.11 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@zabbix_server ~]# ansible db -m ping
192.168.140.12 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}4、添加非免密的主机
bash
[db]
192.168.140.12
192.168.140.13 ansible_ssh_user="root" ansible_ssh_pass="redhat" ansible_ssh_port=22
bash
ansible连接被管理机时,会在known_hosts文件中检测对方主机的key,如果检测没有对方主机的key,会出现如下错误提示,可修改配置文件取消该行为
[root@zabbix_server ~]# ansible db -m ping
192.168.140.13 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
[root@zabbix_server ~]# vim /etc/ansible/ansible.cfg
host_key_checking = False