部署ansible
教学案例
1台ansible,管理互联网内的所有设备
电脑如果无法运行三个机器,那么就打开两个
------------------------------------------
192.168.92.19 ansible节点(Ansible主机)
192.168.92.20 web20节点(网络主机)。基础环境准备
。开启2台虚拟机,配置IP保证可以正常连接外网
。关闭防火墙、内核
[root@localhost ~]# sudo systemctl stop firewalld
[root@localhost ~]# sudo systemctl disable firewalld
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service"
[root@localhost ~]# sudo systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled;>
Active: inactive (dead)
Docs: man:firewalld(1)
Mar 25 20:48:09 localhost systemd[1]: Starting firewalld - dynamic firewa>
Mar 25 20:48:09 localhost systemd[1]: Started firewalld - dynamic firewal>
Mar 25 20:54:27 localhost.localdomain systemd[1]: Stopping firewalld - dy>
Mar 25 20:54:27 localhost.localdomain systemd[1]: firewalld.service: Deac>
Mar 25 20:54:27 localhost.localdomain systemd[1]: Stopped firewalld - dyn>
Mar 25 20:54:27 localhost.localdomain systemd[1]: firewalld.service: Cons>.
[root@localhost ~]# sudo vi /etc/selinux/config
# 修改为以下内容
SELINUX=disabled
# 重启系统使配置生效
sudo reboot安装基础软件(这里只在ansible 192.168.92.19 节点上执行)
#配置rockylinux9.6的yum源
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^#baseurl=http://dl.rockylinux.org/$contentdir|baseurl=https://mirrors.aliyun.com/rockylinux|g' \
-i.bak \
/etc/yum.repos.d/rocky*.repo
dnf makecache
#配置安装源
yum -y install epel-release
#配置Ansible
yum -y install ansible这里暂时只设置了ansible主节点,想要通过ansible正常的去管理被控制端(192.168.92.20),还需要继续配置
=========================================================================
Ansible配置说明
配置文件说明
[root@ansible ~]# ls /etc/ansible/
ansible.cfg hosts roles| 路径 | 说明 |
|---|---|
| /etc/ansible/ansible.cfg | 主配置文件,辅助ansible的工作特性 |
| /etc/ansible/hosts | 配置主机清单的文件 |
| /etc/ansible/roles | 存放ansible角色的文件 |
ansible配置优先级
·首先查找:$ANSIBLE_CONFIG变量,获取软件配置文件目录
·然后查找当前目录下的:ansible.cfg
·接着再去安装目录:ansible.cfg
·最后查找:/etc/ansible/ansible.cfg
Inventory
Inventory概念
·主要用来填写被管理的主机信息
·默认文件:/etc/ansible/hosts
配置密钥连接
· ansible(192.168.92.19):配置IP地址清单
[root@ansible ansible]# cp hosts{,.bak}
[root@ansible ansible]# ls
ansible.cfg hosts hosts.bak roles
[root@ansible ansible]# vi hosts
#20行左右,系统是通过了参考模块,可以修改模板,也可以自己编辑
[webservers] #主机组的名字可以自定义
192.168.92.20 #被管理的主机的IP设置密钥,生成密钥,将本地的密钥推送,推送到远程的192.168.92.20机器
[root@ansible ansible]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:7s9kzTS3csm7CoOX84urJrePTUxY4LbAuIsjdeIovHE root@ansible
The key's randomart image is:
+---[RSA 3072]----+
| . |
| o . . |
| . o o . |
| . o + |
| o o S . o . |
|.+ + . . + = + o |
|+o+E. o @ + = |
|..+. ..oO * o . |
| . +==B.+oo. |
+----[SHA256]-----+
[root@ansible ansible]# ssh-copy-id root@192.168.92.20 #这里是推公钥到被管理节点,这里什么都不指定,也是默认推公钥
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.92.20 (192.168.92.20)' can't be established.
ED25519 key fingerprint is SHA256:TtJq+VxSoGlLTkPvOJuAU+TJ+MZsYo6TuFHufmCOTeI.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.92.20's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.92.20'"
and check to make sure that only the key(s) you wanted were added.是否连接成功测试
[root@ansible ansible]# ansible webservers -m ping
192.168.92.20 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}证明了被管理节点可以被控制节点正常管理。
ansible配置(搭建)完成!