内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档介绍Ans
风哥提示:
ible自动化运维工具的基础知识和安装配置方法。
Part01-Ansible概述
1.1 Ansible简介
[root@ansible ~]# cat > /root/ansible-intro.txt << 'EOF' Ansible核心特点 ============== 1. 无代理架构 - 不需要在被管理节点安装客户端 - 通过SSH进行通信 - 降低运维复杂度 2. 幂等性 - 多次执行结果相同 - 避免重复操作 - 确保状态一致 3. 模块化设计 - 丰富的内置模块 - 支持自定义模块 - 易于扩展 4. YAML语法 - 简单易读 - 易于维护 - 版本控制友好 5. 推送模式 - 控制节点主动推送 - 无需被管节点轮询 - 实时性强 EOF # 安装Ansible [root@ansible ~]# dnf install -y ansible # 查看版本 [root@ansible ~]# ansible --version ansible [core 2.14.2] config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.9.16 (main, Dec 8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] jinja version = 3.1.2 libyaml = True # 查看配置文件 [root@ansible ~]# cat /etc/ansible/ansible.cfg | grep -v "^#" | grep -v "^$" [defaults] inventory = /etc/ansible/hosts remote_tmp = /tmp/.ansible/tmp local_tmp = /tmp/.ansible/tmp forks = 5 poll_interval = 15 sudo_user = root ask_sudo_pass = True ask_pass = True transport = smart gathering = implicit host_key_checking = False
Part02-主机清单配置
2.1 配置Inventory
[root@ansible ~]# cat > /etc/ansible/hosts << 'EOF' # Web服务器组 [webservers] web1.fgedu.net.cn ansible_host=192.168.1.20 web2.fgedu.net.cn ansible_host=192.168.1.21 web3.fgedu.net.cn ansible_host=192.168.1.22 # 数据库服务器组 [dbservers] db1.fgedu.net.cn ansible_host=192.168.1.30 db2.fgedu.net.cn ansible_host=192.168.1.31 # 缓存服务器组 [cacheservers] cache1.fgedu.net.cn ansible_host=192.168.1.40 cache2.fgedu.net.cn ansible_host=192.168.1.41 # 生产环境组 [production:children] webservers dbservers cacheservers # 主机变量 [webservers:vars] ansible_user=root ansible_ssh_pass=Password@123 [dbservers:vars] ansible_user=root ansible_ssh_private_key_file=/root/.ssh/id_rsa # 全局变量 [all:vars] ansible_python_interpreter=/usr/bin/python3 ansible_ssh_common_args='-o StrictHostKeyChecking=no' EOF # 查看主机清单 [root@ansible ~]# ansible all --list-hosts hosts (7): web1.fgedu.net.cn web2.fgedu.net.cn web3.fgedu.net.cn db1.fgedu.net.cn db2.fgedu.net.cn cache1.fgedu.net.cn cache2.fgedu.net.cn # 查看指定组的主机 [root@ansible ~]# ansible webservers --lisfrom PG视频:www.itpux.comt-hosts hosts (3): web1.fgedu.net.cn web2.fgedu.net.cn web3.fgedu.net.cn # 查看主机组 [root@ansible ~]# ansible localhost -m debug -a "var=groups" localhost | SUCCESS => {
“groups”: {
“all”: [“web1.fgedu.net.cn”, “web2.fgedu.net.cn”, “web3.fgedu.net.cn”, “db1.fgedu.net.cn”, “db2.fgedu.net.cn”, “cache1.fgedu.net.cn”, “cache2.fgedu.net.cn”],
“cacheservers”: [“cache1.fgedu.net.cn”, “cache2.fgedu.net.cn”],
“dbservers”: [“db1.fgedu.net.cn”, “db2.fgedu.net.cn”],
“production”: [“web1.fgedu.net.cn”, “web2.fgedu.net.cn”, “web3.fgedu.net.cn”, “db1.fgedu.net.cn”, “db2.fgedu.net.cn”, “cache1.fgedu.net.cn”, “cache2.fgedu.net.cn”],
“ungrouped”: [],
“webservers”: [“web1.fgedu.net.cn”, “web2.fgedu.net.cn”, “web3.fgedu.net.cn”]
}
}
Part03-Ad-hoc命令
3.1 基础命令操作
[root@ansible ~]# ansible all -m ping
web1.fgedu.net.cn | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,
“ping”: “pong”
}
web2.fgedu.net.cn | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,
“ping”: “pong”
}
# 执行命令
[root@ansible ~]# ansible webservers -m command -a “uptime”
web1.fgedu.net.cn | CHANGED | rc=0 >>
01:45:00 up 10 days, 2:30, 1 user, load average: 0.00, 0.01, 0.05
web2.fgedu.net.cn | CHANGED | rc=0 >>
01:45:00 up 5 days, 1:20, 1 user, load average: 0.01, 0.02, 0.05
# 使用shell模块
[root@ansible ~]# ansible webservers -m shell -a “df -h | grep -E ‘^/dev'”
web1.fgedu.net.cn | CHANGED | rc=0 >>
/dev/mapper/centos-root 50G 5.0G 45G 10% /
/dev/s更多学习教程公众号风哥教程itpux_comda1 1014M 150M 865M 15% /boot
web2.fgedu.net.cn | CHANGED | rc=0 >>
/dev/mapper/centos-root 50G 8.0G 42G 16% /
/dev/sda1 1014M 150M 865M 15% /boot
# 复制文件
[root@ansible ~]# ansible webservers -m copy -a “src=/etc/hosts dest=/tmp/hosts owner=root group=root mode=0644”
web1.fgedu.net.cn | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: true,
“checksum”: “abc123def456”,
“dest”: “/tmp/hosts”,
“gid”: 0,
“group”: “root”,
“md5sum”: “abc123def456”,
“mode”: “0644”,
“owner”: “root”,
“size”: 158,
“src”: “/root/.ansible/tmp/ansible-tmp-1234567890.12-123-123456789012345/source”,
“state”: “file”,
“uid”: 0
}
# 安装软件包
[root@ansible ~]# ansible webservers -m dnf -a “name=nginx state=present”
web1.fgedu.net.cn | SUCCESS => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: false,
“msg”: “”,
“rc”: 0,
“results”: []
}
# 启动服务
[root@ansible ~]# ansible webservers -m service -a “name=nginx state=started enabled=yes”
web1.fgedu.net.cn | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: true,
“enabled”: true,
“name”: “nginx”,
“state”: “started”,
“status”: {
“ActiveState”: “active”,
“SubState”: “running”
}
}
# 创建用户
[root@ansible ~]# ansible webservers -m user -a “name=fgedu shell=/bin/bash groups=wheel append=yes”
web1.fgedu.net.cn | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python3”
},
“changed”: true,
“comment”: “”,
“create_home”: true,
“group”: 1001,
“groups”: “wheel”,
“home”: “/home/fgedu”,
“name”: “fgedu”,
“shell”: “/bin/bash”,
“state”: “present”,
“system”: false,
“uid”: 1001
}
# 收集信息
[root@ansible ~]# ansible webservers -m setup | head -50
web1.fgedu.net.cn | SUCCESS => {
“ansible_facts”: {
“ansible_all_ipv4_addresses”: [“192.168.1.20”],
“ansible_all_ipv6_addresses”: [“fe80::20c:29ff:fe12:3456”],
“ansible_apparmor”: {
“status”: “disabled”
},
“ansible_architecture”: “x86_64”,
“ansible_bios_date”: “01/01/2020”,
“ansible_bios_version”: “1.0.0”,
“ansible_cmdline”: {
“BOOT_IMAGE”: “/vmlinuz-5.14.0-284.11.1.el9_2.x86_64”,
“quiet”: true,
“rhgb”: true,
“ro”: true,
“root”: “/dev/mapper/centos-root”
},
“ansible_date_time”: {
“date”: “2026-04-04”,
“day”: “04”,
“epoch”: “1712187900”,
“hour”: “01”,
“iso8601”: “2026-04-04T01:45:00Z”,
“iso8601_basic”: “20260404T014500000000”,
“minute”: “45”,
“month”: “04”,
“second”: “00”,
“time”: “01:45:00”,
“year”: “2026”
}
}
}
- 使用SSH密钥认证提高安全性
- 合理组织主机清单结构
- 使用变量管理配置差异
- 先测试再批量执行
- 记录操作日志便于审计
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
