内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
风哥提示:
本文档介绍主流配置管理工具的对比和选择。
Part01-Ansible配置管理
1.1 Ansible基础操作
[root@ansible-control ~]# dnf install -y ansible
Updating Subscription Management repositories.
Last metadata expiration check: 0:05:23 ago on Fri Apr 4 13:55:00 2026.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
ansible noarch 7.3.0-1.el9 appstream 25 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 25 M
Installed size: 200 M
Downloading Packages:
ansible-7.3.0-1.el9.noarch.rpm 10 MB/s | 25 MB 00:02
——————————————————————————–
Total 10 MB/s | 25 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : ansible-7.3.from PG视频:www.itpux.com0-1.el9.noarch 1/1
Running scriptlet: ansible-7.3.0-1.el9.noarch 1/1
Verifying : ansible-7.3.0-1.el9.noarch 1/1
Installed:
ansible-7.3.0-1.el9.noarch
Complete!
# 查看Ansible版本
[root@ansible-control ~]# ansible –version
ansible [core 2.14.3]
config file = /etc/ansible/ansible.cfg
configured module search path = [‘/root/.ansible/plugins/modules’, ‘/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.9.14 (main, Jan 1 2026, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)]
jinja version = 3.1.2
libyaml = True
# 配置主机清单
[root@ansible-control ~]# cat > /etc/ansible/hosts << 'EOF'
[webservers]
web1.fgedu.net.cn ansible_host=192.168.1.101
web2.fgedu.net.cn ansible_host=192.168.1.102
[dbservers]
db1.fgedu.net.cn ansible_host=192.168.1.103
db2.fgedu.net.cn ansible_host=192.168.1.104
[all:vars]
ansible_user=root
ansible_ssh_private_key_file=/root/.ssh/id_rsa
EOF
# 测试连接
[root@ansible-control ~]# ansible all -m ping
web1.fgedu.net.cn | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,
“ping”: “pong”
}
web2.fgedu.net.cn | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,
“ping”: “pong”
}
db1.fgedu.net.cn | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,
“ping”: “pong”
}
db2.fgedu.net.cn | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,学习交流加群风哥QQ113257174
“ping”: “pong”
}
1.2 Ansible Playbook示例
[root@ansible-control ~]# cat > site.yml << 'EOF' --- - name: Configure web servers hosts: webservers become: yes tasks: - name: Install nginx dnf: name: nginx state: present - name: Start nginx service systemd: name: nginx state: started enabled: yes - name: Configure firewall firewalld: service: http permanent: yes state: enabled immediate: yes - name: Configure database servers hosts: dbservers become: yes tasks: - name: Install MariaDB dnf: name: - mariadb-server - mariadb state: present - name: Start MariaDB service systemd: name: mariadb state: started enabled: yes EOF # 执行Playbook [root@ansible-control ~]# ansible-playbook site.yml PLAY [Configure web servers] *************************************************** TASK [Gathering Facts] ********************************************************* ok: [web1.fgedu.net.cn] ok: [web2.fgedu.net.学习交流加群风哥微信: itpux-comcn] TASK [Install nginx] *********************************************************** changed: [web1.fgedu.net.cn] changed: [web2.fgedu.net.cn] TASK [Start nginx service] ***************************************************** changed: [web1.fgedu.net.cn] changed: [web2.fgedu.net.cn] TASK [Configure firewall] ****************************************************** changed: [web1.fgedu.net.cn] changed: [web2.fgedu.net.cn] PLAY [Configure database servers] ********************************************** TASK [Gathering Facts] ********************************************************* ok: [db1.fgedu.net.cn] ok: [db2.fgedu.net.cn] TASK [Install MariaDB] ********************************************************* changed: [db1.fgedu.net.cn] changed: [db2.fgedu.net.cn] TASK [Start MariaDB service] *************************************************** changed: [db1.fgedu.net.cn] changed: [db2.fgedu.net.cn] PLAY RECAP ********************************************************************* db1.fgedu.net.cn : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 db2.fgedu.net.cn : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 web1.fgedu.net.cn : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 web2.fgedu.net.cn : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Part02-Puppet配置管理
2.1 Puppet基础操作
[root@puppet-master ~]# dnf install -y puppetserver
Updating Subscription Management repositories.
Last metadata expiration check: 0:05:23 ago on Fri Apr 4 14:00:00 2026.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
puppetserver noarch 7.9.2-1.el9 puppet 50 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 50 M
Installed size: 100 M
Downloading Packages:
puppetserver-7.9.2-1.el9.noarch.rpm 20 MB/s | 50 MB 00:02
——————————————————————————–
Total 20 MB/s | 50 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
更多学习教程公众号风哥教程itpux_comInstalling : puppetserver-7.9.2-1.el9.noarch 1/1
Running scriptlet: puppetserver-7.9.2-1.el9.noarch 1/1
Verifying : puppetserver-7.9.2-1.el9.noarch 1/1
Installed:
puppetserver-7.9.2-1.el9.noarch
Complete!
# 启动Puppet Server
[root@puppet-master ~]# systemctl enable –now puppetserver
Created symlink /etc/systemd/system/multi-user.target.wants/puppetserver.service → /usr/lib/systemd/system/puppetserver.service.
# 安装Puppet Agent
[root@puppet-agent ~]# dnf install -y puppet-agent
Updating Subscription Management repositories.
Last metadata expiration check: 0:05:23 ago on Fri Apr 4 14:00:00 2026.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
puppet-agent x86_64 7.23.0-1.el9 puppet 30 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 30 M
Installed size: 80 M
Downloading Packages:
puppet-agent-7.23.0-1.更多视频教程www.fgedu.net.cnel9.x86_64.rpm 15 MB/s | 30 MB 00:02
——————————————————————————–
Total 15 MB/s | 30 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : puppet-agent-7.23.0-1.el9.x86_64 1/1
Running scriptlet: puppet-agent-7.23.0-1.el9.x86_64 1/1
Verifying : puppet-agent-7.23.0-1.el9.x86_64 1/1
Installed:
puppet-agent-7.23.0-1.el9.x86_64
Complete!
# 配置Puppet Agent
[root@puppet-agent ~]# cat > /etc/puppetlabs/puppet/puppet.conf << 'EOF'
[main]
server = puppet-master.fgedu.net.cn
runinterval = 30m
EOF
# 启动Puppet Agent
[root@puppet-agent ~]# systemctl enable --now puppet
Created symlink /etc/systemd/system/multi-user.target.wants/puppet.service → /usr/lib/systemd/system/puppet.service.
# 签署证书
[root@puppet-master ~]# puppetserver ca list
Requested Certificates:
puppet-agent.fgedu.net.cn (SHA256) 12:34:56:78:90:AB:CD:EF:12:34:56:78:90:AB:CD:EF
[root@puppet-master ~]# puppetserver ca sign --certname puppet-agent.fgedu.net.cn
Successfully signed certificate request for puppet-agent.fgedu.net.cn
2.2 Puppet Manifest示例
[root@puppet-master ~]# cat > /etc/puppetlabs/code/environments/production/manifests/site.pp << 'EOF' # 配置Nginx class nginx { package { 'nginx': ensure => installed,
}
service { ‘nginx’:
ensure => running,
enable => true,
require => Package[‘nginx’],
}
firewalld_service { ‘http’:
ensure => present,
zone => ‘public’,
}
}
# 配置MariaDB
class mariadb {
package { [‘mariadb-server’, ‘mariadb’]:
ensure => installed,
}
service { ‘mariadb’:
ensure => running,
enable => true,
require => Package[‘mariadb-server’],
}
}
# 节点分类
node ‘web1.fgedu.net.cn’, ‘web2.fgedu.net.cn’ {
include nginx
}
node ‘db1.fgedu.net.cn’, ‘db2.fgedu.net.cn’ {
include mariadb
}
EOF
# 应用配置
[root@puppet-agent ~]# puppet agent -t
Info: Using configured environment ‘production’
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Retrieving locales
Info: Loading facts
Info: Caching catalog for puppet-agent.fgedu.net.cn
Info: Applying configuration version ‘1712203800’
Notice: /Stage[main]/Nginx/Package[nginx]/ensure: created
Notice: /Stage[main]/Nginx/Service[nginx]/ensure: ensure changed ‘stopped’ to ‘running’
Notice: Applied catalog in 10.50 seconds
Part03-SaltStack配置管理
3.1 SaltStack基础操作
[root@salt-master ~]# dnf install -y salt-master
Updating Subscription Management repositories.
Last metadata expiration check: 0:05:23 ago on Fri Apr 4 14:05:00 2026.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
salt-master noarch 3006.0-1.el9 saltstack 10 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 10 M
Installed size: 30 M
Downloading Packages:
salt-master-3006.0-1.el9.noarch.rpm 5.0 MB/s | 10 MB 00:02
——————————————————————————–
Total 5.0 MB/s | 10 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : salt-master-3006.0-1.el9.noarch 1/1
Running scriptlet: salt-master-3006.0-1.el9.noarch 1/1
Verifying : salt-master-3006.0-1.el9.noarch 1/1
Installed:
salt-master-3006.0-1.el9.noarch
Complete!
# 启动Salt Master
[root@salt-master ~]# systemctl enable –now salt-master
Created symlink /etc/systemd/system/multi-user.target.wants/salt-master.service → /usr/lib/systemd/system/salt-master.service.
# 安装Salt Minion
[root@salt-minion ~]# dnf install -y salt-minion
Updating Subscription Management repositories.
Last metadata expiration check: 0:05:23 ago on Fri Apr 4 14:05:00 2026.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
salt-minion noarch 3006.0-1.el9 saltstack 5 M
Transaction Summary
================================================================================
Install 1 Package
Total download size: 5 M
Installed size: 15 M
Downloading Packages:
salt-minion-3006.0-1.el9.noarch.rpm 2.5 MB/s | 5.0 MB 00:02
——————————————————————————–
Total 2.5 MB/s | 5.0 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : salt-minion-3006.0-1.el9.noarch 1/1
Running scriptlet: salt-minion-3006.0-1.el9.noarch 1/1
Verifying : salt-minion-3006.0-1.el9.noarch 1/1
Installed:
salt-minion-3006.0-1.el9.noarch
Complete!
# 配置Salt Minion
[root@salt-minion ~]# cat > /etc/salt/minion << 'EOF'
master: salt-master.fgedu.net.cn
id: salt-minion.fgedu.net.cn
EOF
# 启动Salt Minion
[root@salt-minion ~]# systemctl enable --now salt-minion
Created symlink /etc/systemd/system/multi-user.target.wants/salt-minion.service → /usr/lib/systemd/system/salt-minion.service.
# 接受Minion密钥
[root@salt-master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-minion.fgedu.net.cn
Rejected Keys:
[root@salt-master ~]# salt-key -a salt-minion.fgedu.net.cn
The following keys are going to be accepted:
Unaccepted Keys:
salt-minion.fgedu.net.cn
Proceed? [n/Y] y
Key for minion salt-minion.fgedu.net.cn accepted.
# 测试连接
[root@salt-master ~]# salt '*' test.ping
salt-minion.fgedu.net.cn:
True
- Ansible:简单易用,无代理架构
- Puppet:功能强大,适合大规模环境
- SaltStack:高性能,适合大规模部署
- 根据团队技能和需求选择
- 考虑学习曲线和维护成本
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
