Ansible的介绍+ansible平台部署

发布于:2025-08-31 ⋅ 阅读:(15) ⋅ 点赞:(0)

Ansible的介绍+ansible平台部署

Ansible 是一款由 Michael DeHaan 开发、后被 Red Hat 收购的开源自动化运维工具,基于 Python 语言构建,主要用于实现 IT 基础设施的自动化管理,是 DevOps 领域的核心工具之一

核心特性

  • 无代理架构:区别于需要在被管理节点安装客户端(Agent)的工具(如 Puppet、SaltStack),Ansible 通过 SSH 协议(默认)与被管理节点通信,无需在目标节点部署额外软件,极大降低了部署和维护成本
  • 声明式配置:通过 YAML 格式的 “Playbook(剧本)” 定义目标状态,而非复杂的脚本逻辑,语法简洁易懂,便于人类阅读和团队协作
  • 模块化设计:内置数千个功能模块(如文件操作、软件安装、服务管理、云资源操作等),覆盖绝大多数运维场景,同时支持自定义模块扩展
  • 批量与分组管理:通过 “inventory( inventory 文件)” 定义被管理节点的 IP / 主机名及分组,可灵活对单节点、多节点或特定分组执行统一任务
  • 幂等性保障:任务执行具有幂等性(多次执行结果一致),避免重复操作导致的意外问题,确保系统状态稳定

主要功能

  • 批量配置管理:统一设置服务器参数、配置文件、系统环境等
  • 应用部署自动化:从代码拉取、编译到服务启动的全流程自动化
  • 任务执行:批量运行命令、脚本,或执行定时任务(结合 crontab 等)
  • 基础设施编排:协调多节点、多服务的部署与联动(如分布式集群搭建)
  • 云与容器管理:支持 AWS、Azure、Kubernetes 等云平台和容器环境的资源操作

应用场景

广泛应用于服务器集群运维、云环境管理、微服务部署、灾备自动化等场景,帮助运维人员从重复的手动操作中解放出来,提升工作效率和操作一致性

简单来说,Ansible 的核心价值在于:用最少的依赖、最简单的语法,实现复杂 IT 环境的自动化管理

ansible 工作流程:

1、ansible命令执行

2、读取ansible.cfg配置文件

3、通过规程过滤inventory中定义的主机列表

4、加载task对应的模块文件

5、通过ansible core将模块或者命令打包成Python脚本文件

6、将临时脚本文件传输至目标主机

7、对应执行用户的家目录’.ansible/tmp/xxx/xxx/.py’文件

8、给文件加执行权限

9、执行py文件并返回结果

10、删除文件退出

ansible平台部署(已提前关闭防火墙和selinux):

安装RHEL9版本虚拟机及配置IP信息略

配置本地yum源:

[root@ansible ~]# cd /etc/yum.repos.d/
[root@ansible yum.repos.d]# ls
redhat.repo  syf.repo
[root@ansible yum.repos.d]# cat syf.repo
[aa]
name=aa1
baseurl=file:///mnt/BaseOS
enabled=1
gpgcheck=0

[dd]
name=dd1
baseurl=file:///mnt/AppStream
enabled=1
gpgcheck=0

安装软件包组:

[root@ansible ~]# yum -y group install "Virtualization Client" "Virtualization Hypervisor" "Virtualization Tools"

重启libvirtd服务,并设置下次启动生效:

[root@ansible ~]# systemctl restart libvirtd
[root@ansible ~]# systemctl enable libvirtd

将本地RHEL9.2镜像上传到虚拟机:略

virt-manager打开虚拟监视器进行安装系统

克隆出来5台受控主机加上安装的一台,6台主机

192.168.122.100 master.example.com

192.168.122.10 node1.example.com

192.168.122.20 node2.example.com

192.168.122.30 node3.example.com

192.168.122.40 node4.example.com

192.168.122.50 node5.example.com

克隆出来的5台主机,删除网卡配置文件的UUID加修改IP

所有主机,编辑/etc/hosts

192.168.122.1 ansible.example.com ansible

192.168.122.100 master.example.com master

192.168.122.10 node1.example.com node1

192.168.122.20 node2.example.com node2

192.168.122.30 node3.example.com node3

192.168.122.40 node4.example.com node4

192.168.122.50 node5.example.com node5

配置master主机的免密钥登录:

分别用root用户和student用户操作:

[root@master ~]# ssh-keygen         // 一直回车到结束

root用户:

[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node2
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node3
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node4
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node5

student用户:

[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub student@node1
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub student@node2
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub student@node3
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub student@node4
[root@master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub student@node5

切换student用户(生成公钥和私钥):

[root@master ~]# su - student
Last login: Tue Aug 26 00:27:02 CST 2025 on pts/1
[student@master ~]$ ssh-keygen 

[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1
[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node2
[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node3
[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node4
[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node5

[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node1
[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node2
[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node3
[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node4
[student@master ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node5

hosts文件发送给每台受控主机:

[root@master ~]# for i in node{1..5}; do scp /etc/hosts root@$i:/etc/hosts; done
hosts                             100%  437   278.3KB/s   00:00    
hosts                             100%  437   222.9KB/s   00:00    
hosts                             100%  437   147.9KB/s   00:00    
hosts                             100%  437   313.1KB/s   00:00    
hosts                             100%  437   340.1KB/s   00:00   
[root@master ~]# ssh root@node1
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Tue Aug 26 00:02:06 2025 from 192.168.122.100
[root@node1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.122.1 ansible.example.com ansible
192.168.122.100 master.example.com master
192.168.122.10 node1.example.com node1
192.168.122.20 node1.example.com node2
192.168.122.30 node1.example.com node3
192.168.122.40 node1.example.com node4
192.168.122.50 node1.example.com node5

配置yum仓库:

在宿主机ansible中配置本地yum仓库,然后安装httpd服务:

将包文件上传到/var/www/html/目录下,然后重启httpd服务,并设置下次启动生效:

[root@ansible ~]# mount /dev/cdrom /mnt/
[root@ansible ~]# yum -y install httpd

在这里插入图片描述

[root@ansible ~]# cd /var/www/html/
[root@ansible html]# ls
ansible-automation-platform  materials  rhel9  roles
[root@ansible html]# systemctl restart httpd
[root@ansible html]# systemctl enable httpd
[root@ansible ~]# ssh root@master
root@master's password: 
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Wed Aug 27 10:54:43 2025 from 192.168.122.1
[root@master ~]# ping ansible.example.com
PING ansible.example.com (192.168.122.1) 56(84) bytes of data.
64 bytes from ansible.example.com (192.168.122.1): icmp_seq=1 ttl=64 time=0.895 ms
64 bytes from ansible.example.com (192.168.122.1): icmp_seq=2 ttl=64 time=1.41 ms
64 bytes from ansible.example.com (192.168.122.1): icmp_seq=3 ttl=64 time=0.412 ms
^C
--- ansible.example.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.412/0.904/1.405/0.405 ms

在master主机中部署yum仓库:

[root@master ~]# cd /etc/yum.repos.d/
[root@master yum.repos.d]# ls
redhat.repo  syf.repo
[root@master yum.repos.d]# cat syf.repo
[baseos]
name=aa1
baseurl=http://ansible.example.com/rhel9/BaseOS
enabled=1
gpgcheck=0

[appstream]
name=aa2
baseurl=http://ansible.example.com/rhel9/AppStream
enabled=1
gpgcheck=0

[ansible]
name=aa3
baseurl=http://ansible.example.com/ansible-automation-platform
enabled=1
gpgcheck=0

安装命令所需工具包:

[root@master ~]# yum -y install vim bash-completion net-tools
[root@master ~]# bash

student用户提权:

[root@master ~]# vim /etc/sudoers.d/student
student ALL=(ALL)    NOPASSWD: ALL
~   
[root@master ~]# for i in node{1..5}
> do scp /etc/sudoers.d/student root@$i:/etc/sudoers.d/
> done
student                           100%   35     3.1KB/s   00:00    
student                           100%   35     5.0KB/s   00:00    
student                           100%   35     3.1KB/s   00:00    
student                           100%   35     5.3KB/s   00:00    
student                           100%   35     4.5KB/s   00:00

安装ansible(切换到student用户):

[root@master ~]# su - student
Last login: Wed Aug 27 11:06:33 CST 2025 on pts/0
[student@master ~]$ sudo yum -y install ansible-core ansible-navigator

配置ansible:

在student用户家目录下新建ansible目录:

[student@master ~]$ mkdir ansible

定义主机清单位置:

[student@master ansible]$ vim /etc/ansible/ansible.cfg 
[student@master ansible]$ ansible-config init --disabled > ansible.cfg

写主机清单:

[student@master ansible]$ vim inventory 
node1
node2
node3
node4
node5
~

新建角色roles目录和collections目录:

[student@master ansible]$ mkdir roles
[student@master ansible]$ mkdir collections

改ansible配置文件:

[student@master ~]$ cd ansible/
[student@master ansible]$ vim ansible.cfg 
[defaults]
inventory=/home/student/ansible/inventory
remote_user=student         
roles_path=/home/student/ansible/roles    
host_key_checking=False
collections_path=/home/student/ansible/collections

[privilege_escalation]
become=True
become_ask_pass=False
become_method=sudo
become_user=root

测试:

[student@master ansible]$ ansible all -m ping
node5 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
node3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
node4 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布