1. ansible作用、部署

ansible作用、部署

• 一、ansible介绍
• • 1、ansible特性
• 二、ansible安装部署
• • 1、建议配置ssh免密
  • 2、安装ansible
  • [3、配置主机清单文件 /etc/ansible/hosts](#3、配置主机清单文件 /etc/ansible/hosts)
  • • [3.1 未分组的写法](#3.1 未分组的写法)
    • [3.2 分组的写法](#3.2 分组的写法)
  • 4、添加非免密的主机

一、ansible介绍

基于python语言开发的，自动化运维工具

作用：批量管控

1、ansible特性

轻易级工具， saltstack工具，重量级工具(分布式)

基于ssh协议设计

no server, no agent

提供丰富 API接口

二、ansible安装部署

1、建议配置ssh免密

[root@zabbix_server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:G325RcbAufrnbbx71weubZvuHXYe4cLd6Y+0o5TRSKY root@zabbix_server.linux.com
The key's randomart image is:
+---[RSA 2048]----+
|           ...   |
|            oo   |
|            o.+  |
|         . +.*   |
|        S E.= o. |
|         o...=+ +|
|        .  .++.X+|
|           ..oOB@|
|            oOXB%|
+----[SHA256]-----+

[root@zabbix_server ~]# ssh-copy-id root@192.168.140.11
[root@zabbix_server ~]# ssh-copy-id root@192.168.140.12

2、安装ansible

[root@zabbix_server ~]# wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
[root@zabbix_server ~]# yum install -y ansible

[root@zabbix_server ~]# rpm -q ansible
ansible-2.9.27-1.el7.noarch

3、配置主机清单文件 /etc/ansible/hosts

3.1 未分组的写法

[root@zabbix_server ~]# vim /etc/ansible/hosts 
192.168.140.11
192.168.140.12

[root@zabbix_server ~]# ansible all -m ping 
192.168.140.11 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.140.12 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

3.2 分组的写法

[web]
192.168.140.11
192.168.140.12

[db]
192.168.140.12

[root@zabbix_server ~]# ansible web -m ping
192.168.140.12 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.140.11 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
[root@zabbix_server ~]# ansible db -m ping
192.168.140.12 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

4、添加非免密的主机

[db]
192.168.140.12
192.168.140.13 ansible_ssh_user="root" ansible_ssh_pass="redhat" ansible_ssh_port=22

ansible连接被管理机时，会在known_hosts文件中检测对方主机的key，如果检测没有对方主机的key，会出现如下错误提示，可修改配置文件取消该行为

[root@zabbix_server ~]# ansible db -m ping 
192.168.140.13 | FAILED! => {
    "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."
}


[root@zabbix_server ~]# vim /etc/ansible/ansible.cfg 
host_key_checking = False