Ansible环境部署 | 概述
2023-02-18 16:38:31 时间
文章目录
- 介绍ansible
- 部署ansible
- RHCA-高级 CourseContentCL210红帽 OpenStack 管理二:云管理员应了解的基础架构配置DO280红帽 OpenShift 管理二:操作生产性 Kubernetes 集群DO447高级自动化:Ansible 最佳实践RH236红帽 Gluster 存储管理RH358红帽服务管理与自动化
- RHCE-中级 系统管理 III CourseContentVerTimeRH294ansible 2.8(Linux)RHCE8.04 DaysRH254security + serviceRHCE74 Days
- RHCSA-初级 系统管理I, II CourseContentVerTimeRH134systemRHCSA8.25 DaysRH124basicRHCSA8.25 Days
环境做准备
ID | |
---|---|
硬件 | cpu: VT-X、mem: 4GB、disk:80GB |
软件 | OS:x64、APP:VMware (workstation|fustion)| player |
文件 | folder: rh294/*.vmx |
Hint - 提示 解压缩7z/windows、keka/macos
线下环境
Machine | VM | 必须启动 | |
---|---|---|---|
VMware | foundation | 平台 | * |
KVM | classroom | dns, yum repo, rc.local… | * |
KVM | bastion | Gateway system(router) | * |
KVM | utility | podman Server | |
KVM | workstation | Client - GUI | |
KVM | servera | Client - CLI | * |
KVM | server{b-e} | Client - CLI |
环境使用
[kiosk@foundation0 ~]$ cat /etc/rht //查看环境是哪门课程
[kiosk@foundation0 ~]$ rht-clearcourse 0 //课程清零
[kiosk@foundation0 ~]$ rht-setcourse rh294 //设置成294课程
开机顺序
[kiosk@foundation0 ~]$ rht-vmctl start classroom
[kiosk@foundation0 ~]$ rht-vmctl start bastion
[kiosk@foundation0 ~]$ rht-vmctl start workstation
[kiosk@foundation0 ~]$ rht-vmctl start servera
[kiosk@foundation0 ~]$ rht-vmview view workstation
介绍ansible
1.官方文档
www.absible.com
2.官方帮助文档
docs.ansible.com
3.安装文档
https://docs.ansible.com/ansible/2.9/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora
部署ansible
servera上网
1.连接网络适配器
2.启用ens192网卡
[kiosk@foundation0 ~]$ nmcli connection up ens192
f0能够ping百度
3.让servera上外网
[kiosk@foundation0 ~]$ rht-external --configure ens192
servera安装ansible
workstation已经安装了ansible
[root@workstation ~]# yum search ansible
[root@workstation ~]# rpm -q ansible
ansible-2.9.21-1.el8ae.noarch
servera安装
基于epel扩展包的仓库
[root@servera ~]# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
[root@servera ~]# yum install -y ansible.noarch
用workstation完成实验
1.用普通用户devops连接到workstation
[kiosk@foundation0 ~]$ ssh devops@workstation
2.创建相应的目录并进入
[devops@workstation ~]$ mkdir ansible
[devops@workstation ~]$ cd ansible/
[devops@workstation ansible]$ rpm -qc ansible //查看ansible配置主文件
/etc/ansible/ansible.cfg //主配置文件
/etc/ansible/hosts //清单文件
优先级
4 # nearly all parameters can be overridden in ansible-playbook
5 # or with command line flags. ansible will read ANSIBLE_CONFIG,
6 # ansible.cfg in the current working directory, .ansible.cfg in
7 # the home directory or /etc/ansible/ansible.cfg, whichever it
8 # finds first
9
1)ANSIBLE_CONFIG:首先,Ansible命令会检查环境变量,及这个环境变量将指向的配置文件
2)./ansible.cfg:其次,将会检查当前目录下的ansible.cfg配置文件
3)~/.ansible.cfg:再次,将会检查当前用户home目录下的.ansible.cfg配置文件
4)/etc/ansible/ansible.cfg:最后,将会检查在用软件包管理工具安装Ansible时自动产生的配置文件
[devops@workstation ansible]$ ansible --version
ansible 2.9.21
config file = /etc/ansible/ansible.cfg
[devops@workstation ~]$ cp /etc/ansible/ansible.cfg ~/.ansible.cfg
[devops@workstation ~]$ ansible --version
ansible 2.9.21
config file = /home/devops/.ansible.cfg
[devops@workstation ~]$ cp /etc/ansible/ansible.cfg .
[devops@workstation ~]$ ansible --version
ansible 2.9.21
config file = /home/devops/ansible.cfg
[devops@workstation ~]$ cp /etc/ansible/ansible.cfg /home/devops/ansible/
[devops@workstation ~]$ ansible --version
ansible 2.9.21
config file = /home/devops/ansible.cfg
[devops@workstation ~]$ export ANSIBLE_CONFIG=/home/devops/ansible/ansible.cfg
[devops@workstation ~]$ echo $ANSIBLE_CONFIG
/home/devops/ansible/ansible.cfg
[devops@workstation ~]$ ansible --version
ansible 2.9.21
config file = /home/devops/ansible/ansible.cfg
环境默认主机清单
[devops@workstation ansible]$ ansible --version
ansible 2.9.21
config file = /home/devops/ansible/ansible.cfg
[devops@workstation ansible]$ vim /home/devops/ansible/ansible.cfg
14 inventory = /home/devops/ansible/inventory
15 #inventory = /etc/ansible/hosts
[devops@workstation ansible]$ vim /home/devops/ansible/inventory
1 # Ex 1: Ungrouped hosts, specify before any group headers.
2 green.example.com
3 blue.example.com
4 192.168.100.1
5 192.168.100.10
6
7 # Ex 2: A collection of hosts belonging to the 'webservers' group
8
9 [webservers]
10 alpha.example.org
11 beta.example.org
12 192.168.1.100
13 192.168.1.110
14
15
16 www[001:006].example.com
17
18 # Ex 3: A collection of database servers in the 'dbservers' group
19
20 [dbservers]
21
22 db01.intranet.mydomain.net
23 db02.intranet.mydomain.net
24 10.25.1.56
25 10.25.1.57
26
27
28 db-[99:101]-node.example.com
[devops@workstation ansible]$ ansible-inventory --graph //查看主机清单树
[devops@workstation ansible]$ ansible-inventory --graph
@all:
|--@dbservers:
| |--10.25.1.56
| |--10.25.1.57
| |--db-100-node.example.com
| |--db-101-node.example.com
| |--db-99-node.example.com
| |--db01.intranet.mydomain.net
| |--db02.intranet.mydomain.net
[devops@workstation ansible]$ ansible webservers --list-hosts
hosts (10):
alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110
www001.example.com
www002.example.com
www003.example.com
www004.example.com
www005.example.com
www006.example.com
作业
1.部署RHCE/RH294环境---还原INIT快照
2.查看课程是否为rh294
3.开机4台---开机顺序见上
4.用devops用户连接到workstation上
ssh devops@workstation
5.查看ansible是否安装
rpm -q ansible
6.创建ansible目录
mkdir ansible
7.练习ansible.cfg优先级顺序
8.将配置文件中的清单文件改为/home/devops/ansible/inventory
9.修改清单文件内容(内容随意),列出清单文件树即可
检查
1.配置文件优先级
ansible --version
2.查看清单是否正确
ansible-inventory --graph
还原init之后
1.连接workstation
ssh devops@workstation
2.创建目录
mkdir ansible
3.进入目录
cd ansible
4.复制主配置文件到当前文件
cp /etc/ansible/absible.cfg .
自定义主机清单
-file
在主配置文件中定义清单文件
[devops@workstation ansible]$ vim ansible.cfg
14 inventory = /home/devops/ansible/inventory
15 #inventory = /etc/ansible/hosts
编写清单文件内容
[devops@workstation ansible]$ vim /home/devops/ansible/inventory
[test]
servera
[dev]
bastion
查看清单文件树
[devops@workstation ansible]$ ansible-inventory --graph
@all:
|--@dev:
| |--bastion
|--@test:
| |--servera
|--@ungrouped:
-directory
[devops@workstation ansible]$ mkdir test
[devops@workstation ansible]$ vim ansible.cfg
14 inventory = test
15 #inventory = /etc/ansible/hosts
[devops@workstation ansible]$ cp inventory test
[devops@workstation ansible]$ ansible-inventory --graph
@all:
|--@dev:
| |--bastion
|--@test:
| |--servera
|--@ungrouped:
主机组中包含主机组
ad-hoc
命令格式:ansible 主机/主机组 [模块] 参数
[devops@workstation ansible]$ ansible qq -a "ls"
The authenticity of host 'servera (172.25.250.10)' can't be established.
ECDSA key fingerprint is SHA256:NJAyJMx8B2AeIYHRnVLAuJ1XZwblomyOKowyfTwGrTY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
servera | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added 'servera,172.25.250.10' (ECDSA) to the list of known hosts.\r\ndevops@servera: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
原因:没有免密
解决方法:
[devops@workstation ansible]$ ansible -h
[devops@workstation ansible]$ ansible qq -a "hostname" -k
SSH password: redhat
servera | CHANGED | rc=0 >>
servera.lab.example.com
-k 询问密码
当遇到普通用户不能执行的命令怎么办
现象:
[devops@workstation ansible]$ ansible qq -a "useradd user1" -k
SSH password: redhat
servera | FAILED | rc=1 >>
useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.non-zero return code
解决办法
[devops@workstation ansible]$ ansible qq -a "useradd user1" -k -u root
SSH password: redaht
servera | CHANGED | rc=0 >>
验证、检查
[devops@workstation ansible]$ ansible qq -a "grep user1 /etc/passwd" -k -u root
SSH password:
servera | CHANGED | rc=0 >>
user1:x:1002:1002::/home/user1:/bin/bash
[devops@workstation ansible]$ ansible qq -a "id user1" -k -u root
SSH password:
servera | CHANGED | rc=0 >>
uid=1002(user1) gid=1002(user1) groups=1002(user1)
command、shell
[devops@workstation ansible]$ ansible qq -a "useradd user2 && echo "mima" | passwd --stdin user2" -k -u root
SSH password:
servera | FAILED | rc=2 >>
useradd: unrecognized option '--stdin'
[devops@workstation ansible]$ ansible qq -m shell -a "useradd user2 && echo "mima" | passwd --stdin user2" -k -u root
SSH password:
servera | CHANGED | rc=0 >>
Changing password for user user2.
passwd: all authentication tokens updated successfully.
永久免密
方法一:
[devops@workstation ansible]$ vim ansible.cfg
72 host_key_checking = False
73 #host_key_checking = False
109 remote_user = root
110 #remote_user = root
[devops@workstation ansible]$ vim inventory
[all:vars]
ansible_password=redhat
[qq]
servera
[wx]
bastion
[webservers:children]
wx
验证
[devops@workstation ansible]$ ansible all -a "hostname"
servera | CHANGED | rc=0 >>
servera.lab.example.com
bastion | CHANGED | rc=0 >>
bastion.lab.example.com
方法二:
[devops@workstation ansible]$ vim inventory
[all:vars]
ansible_user=root
ansible_password=redhat
考试综合方法
[devops@workstation ansible]$ vim ansible.cfg
72 host_key_checking = False
73 #host_key_checking = False
109 remote_user = root
110 #remote_user = root
343 [privilege_escalation]
344 become=True
345 become_method=sudo
346 become_user=root
347 become_ask_pass=False
[devops@workstation ansible]$ vim inventory
[all:vars]
ansible_password=redhat
相关文章
- Chapter 1 - 可靠、可扩展与可维护的应用系统
- 工作中对溯源反制有帮助的两个小脚本
- 金融级漏洞挖掘思路总结
- 使用ADB链接夜神的方式与吐槽
- 斗象BAS DayBreak 破晓-自动化渗透测试工具
- 如何正确的中断线程?你的姿势是否正确
- 读书,找资料,我的 SOP
- 解锁火山引擎新一代边缘云,4大场景下的应用与实践
- 灵雀云ACP 斩获“2022金边奖-最佳云原生边缘云平台”
- 7X24高可用保障,火山引擎边缘函数为猿辅导在线教学业务保驾护航
- 云原生存储工具的选型和应用探讨
- 联通边缘AI:打造“职业技能”,助力行业高质量发展
- 亚马逊 CTO Werner Vogels:2023年及未来五大技术趋势预测
- 刘强东发布京东全员信:2000+位高管降薪,公司出资 100 亿提升 54 万员工福利!
- 我司也裁员了!!
- 创业一年半了!
- 羊了个养通关秘籍
- 账号被暂时禁用使用VScode不能上传代码的解决办法
- 智能柜台C端代码规范
- 【适老化专题】云闪付、中国工商银行、中国建设银行适老化实测体验