Ansible
1、关于ansible
1)什么是ansible
Ansible是一个开源部署工具
开发语言:Python
特点:SSH协议通讯,全平台,无需编译,模块化部署管理
作用:推送Playbook进行远程节点快速部署
2)Ansible与Chef,Saltstack的不同
Chef
Ruby语言编写,C/S架构,配置需要Git依赖,Recipe脚本编写规范,需要编程经验;
Saltstack
Python语言编写,C/S架构,模块化配置管理,YAML脚本编写规范,适合大规模集群部署;
Ansible
Python语言编写,无Client(现在是openssh,以前是paramiko),模块化配置管理,Playbook脚本编写规范,易于上手,适合中小规模快速部署;
3)Ansible的优势和应用场景
轻量级无客户端(Agentless);
开源免费,学习成本低,快速上手;
使用Playbook作为核心配置架构,统一的脚本格式批量化部署;
完善的模块化扩展,支持目前主流的开发场景;
强大的稳定性和兼容性;
活跃的官方社区问题讨论,方便Trubleshooting与DEBUG问题;
2、Ansible配合virtualenv安装配置
Ansible的两种安装模式(CentOS7)
1.Yum包管理安装
#yum-y install ansible
2.Git源代码安装[推荐]
#git clone https://github.com/ansible/ansible.git
安装python3.5
tar xf Python-3.6.5.tar.xz cd Python-3.6.5 [root@ansible Python-3.6.5]# ./configure --prefix=/usr/local --with-ensurepip=install --enable-shared LDFLAGS="-Wl,-rpath /usr/local/lib" [root@ansible Python-3.6.5]# make && make altinstall [root@ansible Python-3.6.5]# which pip3.6 /usr/local/bin/pip3.6 [root@ansible Python-3.6.5]# ln -s /usr/local/bin/pip3.6 /usr/local/bin/pip
安装virtualenv和ansible:
[root@ansible Python-3.6.5]# pip install -i https://pypi.douban.com/simple virtualenv [root@ansible Python-3.6.5]# yum -y install git nss curl [root@ansible ~]# useradd deploy [root@ansible ~]# su - deploy [deploy@ansible ~]$ virtualenv -p /usr/local/bin/python3.6 .py3-a2.5-env [deploy@ansible ~]$ cd .py3-a2.5-env/ [deploy@ansible .py3-a2.5-env]$ git clone https://github.com/ansible/ansible.git [deploy@ansible .py3-a2.5-env]$ source /home/deploy/.py3-a2.5-env/bin/activate (.py3-a2.5-env) [deploy@ansible .py3-a2.5-env]$ pip install paramiko PyYAML jinja2 # 切换ansible版本到2.5 (.py3-a2.5-env) [deploy@ansible .py3-a2.5-env]$ cd ansible/ (.py3-a2.5-env) [deploy@ansible ansible]$ git checkout stable-2.5
上面这条命令如果报错了,就执行先下面两条命令,再执行git checkout:
(.py3-a2.5-env) [deploy@ansible ansible]$ git add .(.py3-a2.5-env) [deploy@ansible ansible]$ git stash
# 在虚拟环境下加载ansible2.5
(.py3-a2.5-env) [deploy@ansible ansible]$ source /home/deploy/.py3-a2.5-env/ansible/hacking/env-setup -q
#验证是否加载完成
(.py3-a2.5-env) [deploy@ansible ansible]$ ansible --version
3、Ansible playbooks入门和编写规范
1)Playbooks框架与格式
详细目录testenv
主任务文件main.yml
任务入口文件deploy.yml
2)ssh免密认证
Ansible服务器端创建SSH本地秘钥
#ssh-keygen-trsa
Ansible服务器端建立与目标部署机器的秘钥认证
#ssh-copy-id-i/home/deploy/.ssh/id_rsa.pub root@test.example.com
3)执行Playbooks
4、编写Ansible playbooks
test_playbooks
(.py3-a2.5-env) [deploy@ansible ~]$ pwd /home/deploy #-- (.py3-a2.5-env) [deploy@ansible ~]$ mkdir test_playbooks (.py3-a2.5-env) [deploy@ansible ~]$ cd test_playbooks/ (.py3-a2.5-env) [deploy@ansible test_playbooks]$ mkdir inventory (.py3-a2.5-env) [deploy@ansible test_playbooks]$ mkdir roles (.py3-a2.5-env) [deploy@ansible test_playbooks]$ cd inventory/ #-- (.py3-a2.5-env) [deploy@ansible inventory]$ vim testenv [testservers] test.example.com [testservers:vars] server_name=test.example.com user=root output=/root/test.txt #-- (.py3-a2.5-env) [deploy@ansible inventory]$ cd .. (.py3-a2.5-env) [deploy@ansible test_playbooks]$ cd roles/ (.py3-a2.5-env) [deploy@ansible roles]$ mkdir testbox (.py3-a2.5-env) [deploy@ansible roles]$ cd testbox/ (.py3-a2.5-env) [deploy@ansible testbox]$ mkdir tasks (.py3-a2.5-env) [deploy@ansible testbox]$ cd tasks/ #-- (.py3-a2.5-env) [deploy@ansible tasks]$ vim main.yml - name: Print server name and user to remote testbox shell: "echo 'Currently {{ user }} is logining {{ server_name }}' > {{ output }}" #-- (.py3-a2.5-env) [deploy@ansible test_playbooks]$ pwd /home/deploy/test_playbooks #-- (.py3-a2.5-env) [deploy@ansible test_playbooks]$ vim deploy.yml - hosts: "testservers" gather_facts: true remote_user: root roles: - testbox
5、ssh免密认证
这里是又新开了一台虚拟机:192.168.3.250
ansible主机是:192.168.3.201
在ansible主机上:
[root@ansible ~]# vim /etc/hosts 192.168.3.250 test.example.com
(.py3-a2.5-env) [deploy@ansible ~]$ ssh-keygen -t rsa (.py3-a2.5-env) [deploy@ansible ~]$ ssh-copy-id -i /home/deploy/.ssh/id_rsa.pub root@test.example.com
6、执行playbooks
(.py3-a2.5-env) [deploy@ansible test_playbooks]$ ansible-playbook -i inventory/testenv ./deploy.yml # 去测试机上查看 [root@localhost ~]# ls anaconda-ks.cfg test.txt [root@localhost ~]# cat test.txt Currently root is logining test.example.com
