ansible部署笔记

一、yum方式部署

1、配置yum源

#备份mv/etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backupmv/etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backupmv/etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup#下载wget-O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repowget-O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo#清除、刷新缓存yum clean all yum makecache

安装ansible

yuminstall-y ansible

验证

[root@control2 yum.repos.d]# ansible --versionansible2.9.27 configfile=/etc/ansible/ansible.cfg configured module search path=[u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location=/usr/lib/python2.7/site-packages/ansible executable location=/usr/bin/ansible python version=2.7.5(default, Oct142020,14:45:30)[GCC4.8.520150623(Red Hat4.8.5-44)]

二、离线安装

1、下载ansible安装包

#配置yum源wget-O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repowget-O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo#清除、刷新缓存yum clean all yum makecache#安装yum-plugin-downloadonlyyuminstallyum-plugin-downloadonly#下载安装包及依赖yuminstall--downloadonly --downloaddir=./ansible-packages ansible#将下好的安装包传到内网服务器

安装ansible

cdansible-packages/ yum localinstall -y *.rpm##查看版本[root@conctol3 ansible-packages]# ansible --versionansible2.9.27 configfile=/etc/ansible/ansible.cfg configured module search path=[u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location=/usr/lib/python2.7/site-packages/ansible executable location=/usr/bin/ansible python version=2.7.5(default, Oct142020,14:45:30)[GCC4.8.520150623(Red Hat4.8.5-44)]

三、编译安装

1、下载、安装

#公网机器下载wgethttps://releases.ansible.com/ansible/ansible-2.9.27.tar.gz#内网机器需要有相应python依赖#挂载镜像配置本地YUM源mount/dev/sr0 /mnrvim/etc/yum.repos.d/localyum.repo[base]name=basebaseurl=file:///mntenabled=1gpgcheck=0yum -yinstallpython-jinja2 PyYAML python-paramiko python-babel python-cryptotarzxvf ansible-2.9.27.tar.gzcdansible-2.9.27 python setup.py build python setup.pyinstall[root@conctol3 ansible-2.9.27]# ansible --versionansible2.9.27 configfile=None configured module search path=[u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']ansible python module location=/usr/lib/python2.7/site-packages/ansible-2.9.27-py2.7.egg/ansible executable location=/usr/bin/ansible python version=2.7.5(default, Oct142020,14:45:30)[GCC4.8.520150623(Red Hat4.8.5-44)]

配置文件解释

ansible配置文件查找顺序： 首先检查ANSIBLE_CONFIG变量定义的配置文件 其次检查当前目录下./ansible.cfg文件 再次检查当前用户家目录下~/ansible.cfg文件 最后检查/etc/ansible/ansible.cfg文件 /etc/ansible/ansible.cfg ：主配置文件，配置ansible工作特性；（有那么几个选项不是固定死的） /etc/ansible/hosts ：主机清单文件，管理的目标主机地址清单；（根基ansible.cfg配置的位置） /etc/ansible/roles/ ：存放角色的目录。（根据ansible.cfg配置的位置）

进行配置：

#创建文件夹 mkdir -p /root/ansible/roles #切换工作目录 cd /root/ansible mkdir /root/ansible/mycollection #编辑配置文件 cat > /root/ansible/ansible.cfg << 'EOF' [defaults] # 指定 inventory 文件位置 inventory = /root/ansible/inventory # 禁用 SSH 主机密钥检查 host_key_checking = False # 设置默认远程用户 remote_user = root # 设置默认 SSH 私钥文件 private_key_file = ~/.ssh/id_rsa # 连接超时时间 timeout = 10 # 并发数 forks = 5 # 使用 gather_facts gathering = smart # 远程用户 remote_user = root [ssh_connection] # SSH 管道化，提高效率 pipelining = True # SSH 参数 ssh_args = -o ControlMaster=auto -o ControlPersist=60s # 控制路径 control_path = %(directory)s/%%h-%%r [privilege_escalation] # 提权设置 become = True become_method = sudo become_user = root become_ask_pass = False become_flags = -H -S EOF #确认配置文件生效 ansible --version

编写主机清单文件

vim/root/ansible/inventory[dev]node1#[test]#node2#[prod]#node3#node4#[balancers]#node5#[webservers:children]#prod

配置SSH免密登录

ssh-keygen -f /root/.ssh/id_rsa -N''#生成密钥 保存在.ssh目录下 名字叫id_rsa 不设置密钥密码echo'192.168.80.181 node1'>>/etc/hosts#具体IP为客户端IP#把密钥传到被控制端主机foriinnode1dossh-copy-id$idone

验证

# 验证： 如果可以ping通所有节,证明配置文件、账戶、清单都没有问题(必做操做)ansible-inventory --graph#图形结构的形式展示主机和组之间的关系ansible all -mping