1. ansible作用、部署

ansible作用、部署

一、ansible介绍
- 1、ansible特性
二、ansible安装部署
- 1、建议配置ssh免密
- 2、安装ansible
- 3、配置主机清单文件 /etc/ansible/hosts
- - 3.1 未分组的写法
  - 3.2 分组的写法
- 4、添加非免密的主机

一、ansible介绍

基于python语言开发的，自动化运维工具
作用：批量管控

1、ansible特性

轻易级工具， saltstack工具，重量级工具(分布式)
基于ssh协议设计
no server, no agent
提供丰富 API接口

二、ansible安装部署

1、建议配置ssh免密

[root@zabbix_server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:G325RcbAufrnbbx71weubZvuHXYe4cLd6Y+0o5TRSKY root@zabbix_server.linux.com
The key's randomart image is:
+---[RSA 2048]----+
|           ...   |
|            oo   |
|            o.+  |
|         . +.*   |
|        S E.= o. |
|         o...=+ +|
|        .  .++.X+|
|           ..oOB@|
|            oOXB%|
+----[SHA256]-----+[root@zabbix_server ~]# ssh-copy-id root@192.168.140.11
[root@zabbix_server ~]# ssh-copy-id root@192.168.140.12

2、安装ansible

[root@zabbix_server ~]# wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
[root@zabbix_server ~]# yum install -y ansible[root@zabbix_server ~]# rpm -q ansible
ansible-2.9.27-1.el7.noarch

3、配置主机清单文件 /etc/ansible/hosts

3.1 未分组的写法

[root@zabbix_server ~]# vim /etc/ansible/hosts 
192.168.140.11
192.168.140.12

[root@zabbix_server ~]# ansible all -m ping 
192.168.140.11 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
192.168.140.12 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}

3.2 分组的写法

[web]
192.168.140.11
192.168.140.12[db]
192.168.140.12

[root@zabbix_server ~]# ansible web -m ping
192.168.140.12 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
192.168.140.11 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}
[root@zabbix_server ~]# ansible db -m ping
192.168.140.12 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"
}

4、添加非免密的主机

[db]
192.168.140.12
192.168.140.13 ansible_ssh_user="root" ansible_ssh_pass="redhat" ansible_ssh_port=22

ansible连接被管理机时，会在known_hosts文件中检测对方主机的key，如果检测没有对方主机的key，会出现如下错误提示，可修改配置文件取消该行为[root@zabbix_server ~]# ansible db -m ping 
192.168.140.13 | FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."
}[root@zabbix_server ~]# vim /etc/ansible/ansible.cfg 
host_key_checking = False