原

Ansible 安装与简介

355人阅读 2021/3/15 13:52 总访问：273134 评论:0 手机收藏

分类: Ansible

![ansible](https://img.tnblog.net/arcimg/hb/e283c36cf43847558bcb2c8461e20850.jpg "ansible")
># Ansible 安装与简介
[TOC]


Ansible简介
------------

tn>Ansible是您安装在控制节点上的无代理自动化工具。Ansible从控制节点远程管理计算机和其他设备（默认情况下，通过SSH协议）。


Ansible安装
------------
### 环境

![](https://img.tnblog.net/arcimg/hb/8900e305b5264145b5bbf2bbbcf6e569.png)


### rpm包安装

```bash
# 在Master上安装ansible
yum install ansible -y
# 查看ansible的相关文件
rpm -ql ansible
```

### 编译安装

```bash
#下载到本地(当前最新版本ansible-2.9.13.tar.gz)
wget -O ansible-2.9.13.tar.gz https://files.pythonhosted.org/packages/32/62/eec759cd8ac89a866df1aba91abf785486fed7774188a41f42f5c7326dcb/ansible-2.9.13.tar.gz
#解压
tar -xzvf ansible-2.9.13.tar.gz
#进入更新目录
cd ansible-2.9.13/
#更新
python setup.py install
```

相关文件
------------

### 配置文件

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
/etc/ansible/ansible.cfg 主配置文件，配置ansible工作特性
/etc/ansible/hosts 主机清单
/etc/ansible/roles 存放角色的目录


### 程序应用文件

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
/usr/bin/ansible 主程序，临时命令执行工具
/usr/bin/ansible-doc 查看配置文档，模块功能查看工具
/usr/bin/ansible-galaxy 下载/上传优秀代码或Roles模块的官方平台
/usr/bin/ansible-playbook 定制自动化任务，编排剧本工具/usr/bin/ansible-pull远程执行命令的工具
/usr/bin/ansible-vault 文件加密工具
/usr/bin/ansible-console 基于Console界面与用户交互的执行工具


主机清单inventory
------------

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
ansible的主要功用在与批量主机操作，为了便捷地使用其中的部分主机，可以在inventory file中将其分组命名
默认的inventory file为/etc/ansible/hosts
inventory file可以有多个，且也可以通过Dynamic Inventory来动态生成


### 运用ping模块进行测试

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
运用ping模块去ping子机


```bash
# ansible 10.211.55.5 -m ping
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match
'all'
[WARNING]: Could not match supplied host pattern, ignoring: 10.211.55.5
```

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
我们发现它在清单文件中并没有找到该IP，所以我们需要通过`/etc/ansible`与`vim /etc/ansible/hosts`命令去添加我们的IP地址，这里我们把2个子节点都添加上。然后再次尝试


```bash
10.211.55.5
10.211.55.6
```

```bash
# ansible 10.211.55.5 -m ping
The authenticity of host '10.211.55.5 (10.211.55.5)' can't be established.
ECDSA key fingerprint is SHA256:zgJwK5DOvrR+/ntWGo5SgKXfoqFfyM5Y6ISCyGKmYwM.
ECDSA key fingerprint is MD5:da:99:9f:63:09:3d:d3:b7:a1:80:f5:ca:d1:80:d6:7c.
Are you sure you want to continue connecting (yes/no)? yes
10.211.55.5 | UNREACHABLE! => {
 "changed": false, 
 "msg": "Failed to connect to the host via ssh: Warning: Permanently added '10.211.55.5' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
 "unreachable": true
}
```
<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
显然我们可以直观的看到走的是SSH的方式，可是为什么还是报错呢？
因为你通过SSH的方式去走一般都需要输入密码所以加上`-k`参数可以按照常规方式执行模块


```bash
# ansible 10.211.55.5 -m ping -k
SSH password:
10.211.55.5 | FAILED! => {
 "msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"
}
```

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
这样走是可以的，但我们还是要更具它的指示去安装对应`sshpass`软件,最后成功调用到了我们的模块


```bash
# yum install sshpass -y
...
# ansible 10.211.55.5 -m ping -k
SSH password: 
10.211.55.5 | SUCCESS => {
 "ansible_facts": {
 "discovered_interpreter_python": "/usr/bin/python"
 }, 
 "changed": false, 
 "ping": "pong"
}
```

### 运用ping模块进行多主机测试


<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
我们继续来通过master主机对多个子机进行ping操作


```bash
# ansible 10.211.55.5,10.211.55.6 -m ping -k
SSH password: 
10.211.55.6 | FAILED! => {
 "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
10.211.55.5 | SUCCESS => {
 "ansible_facts": {
 "discovered_interpreter_python": "/usr/bin/python"
 }, 
 "changed": false, 
 "ping": "pong"
}
```

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
我们发现它有三个问题：
1. 访问次序与我们预期的次序有所不同
2. 两台子机器密码一样却还是访问不了
3. 如果密码不一样不可能一条一条的输入密码吧

第一和第二个问题是因为本地没有`10.211.55.6`的ssh所以我们先单个访问在一同访问

```bash
# ssh 10.211.55.6
# exit
# ansible 10.211.55.5,10.211.55.6 -m ping -k
SSH password: 
10.211.55.5 | SUCCESS => {
 "ansible_facts": {
 "discovered_interpreter_python": "/usr/bin/python"
 }, 
 "changed": false, 
 "ping": "pong"
}
10.211.55.6 | SUCCESS => {
 "ansible_facts": {
 "discovered_interpreter_python": "/usr/bin/python"
 }, 
 "changed": false, 
 "ping": "pong"
}
```

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
如果想对所有对的host主机进行执行ping模块可以直接通过`all`的方式进行执行


```bash
# ansible all -m ping -k
SSH password:
10.211.55.5 | SUCCESS => {
 "ansible_facts": {
 "discovered_interpreter_python": "/usr/bin/python"
 }, 
 "changed": false,
 "ping": "pong"
}
10.211.55.6 | SUCCESS => {
 "ansible_facts": {
 "discovered_interpreter_python": "/usr/bin/python"
 },
 "changed": false,
 "ping": "pong"
}
```

### Host分组

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
inventory文件遵循INI文件风格，中括号中的字符为组名。可以将同一个主机同时归并到多个不同的组中；此外，当目标主机使用了非默认的SSH端口，还可以在主机名称之后使用冒号加端口号来标明.
接下来我们来举例（将ip分为两个组）：


```bash
# vim /etc/ansible/hosts
[webserver]
10.211.55.5
10.211.55.6

[dbserver]
10.211.55.5
```
<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
我们也可以通过指定几到几到方式进行创建组（比如1-10，这里只有5与6所以我这里就写5-6的式例）


```bash
# vim /etc/ansible/hosts
[apiserver]
10.211.55.[5:6]
```
<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
域名的方式同样可行，我这里的域名如下，如果我们需要配置子机可以按照如下配置


![](https://img.tnblog.net/arcimg/hb/44c1a4af4759435aac9f3594c363668d.png)

```bash
# vim /etc/ansible/hosts
[domainserver]
rabbitmqslave[1:2]
```

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
如果端口号有细微的变动，比如ssh默认是22的，现在改成了2222，我们直接在后面添加2222端口就可以了


```bash
# vim /etc/ansible/hosts
[domainserver]
rabbitmqslave[1:2]:2222
```

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
除了`1-10`数字可以写成`[1:10]`之外，`a-f`字母可以写成`[a:f]`


### 按组访问

<p style="
font-weight: 400;
line-height: 1.5;
color: #212529;
-webkit-tap-highlight-color: transparent;
box-sizing: border-box;
padding: 0px 20px 20px 20px;
border: 1px solid #e9ecef;
border-left-width: .25rem;
border-radius: .25rem;
display: block;
border-left-color: #5bc0de;">
我们可以通过如下命令按照我们创建的组进行访问（这里我们访问 **webserver** 组）


```bash
# ansible webserver -m ping -k
SSH password: 
10.211.55.5 | SUCCESS => {
 "ansible_facts": {
 "discovered_interpreter_python": "/usr/bin/python"
 }, 
 "changed": false, 
 "ping": "pong"
}
10.211.55.6 | SUCCESS => {
 "ansible_facts": {
 "discovered_interpreter_python": "/usr/bin/python"
 }, 
 "changed": false, 
 "ping": "pong"
}
```

欢迎加群讨论技术，群号：677373950

评价

尘叶心繁

这一世以无限游戏为使命！

博主信息

排名

文章

粉丝

文章类别

.net后台框架 133篇

linux 12篇

linux中cve 1篇

windows中cve 0篇

资源分享 8篇

Win32 3篇

前端 25篇

传说中的c 4篇

Xamarin 1篇

docker 7篇

容器编排 33篇

grpc 4篇

Go 15篇

yaml模板 1篇

理论 1篇

Ansible 安装与简介

{{titleitem}} {{titleitem}}

{{titleitem}} {{titleitem}}