2. 首页 > IT综合教程 > 正文

IT教程FG266-IT系统自动化与Ansible

教程整理:风哥教程  |  更新时间:2026-01-27  |  教程分类:IT综合教程  |  文档学习:13

1. Ansible概述

Ansible是一种开源的IT自动化工具,用于配置管理、应用部署、任务自动化等。它使用SSH协议进行通信,不需要在目标主机上安装代理,简化了部署和管理过程。更多学习教程www.fgedu.net.cn

# 检查Ansible版本
# ansible –version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/root/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]

# 测试Ansible连接
# ansible fgedudb -m ping
fgedudb | SUCCESS => {
“changed”: false,
“ping”: “pong”
}

Ansible特点:简单易用、无需代理、模块化设计、支持幂等性操作、丰富的模块库。

2. Ansible安装

Ansible可以通过多种方式安装,包括包管理器、源码安装等。学习交流加群风哥微信: itpux-com

# 使用yum安装Ansible
# yum install -y epel-release
# yum install -y ansible

# 验证安装
# ansible –version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u’/root/.ansible/plugins/modules’, u’/usr/share/ansible/plugins/modules’]
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]

# 使用pip安装Ansible
# pip install ansible
Collecting ansible
Downloading ansible-2.9.27.tar.gz (14.2 MB)
|████████████████████████████████| 14.2 MB 1.2 MB/s
Installing collected packages: ansible
Running setup.py install for ansible … done
Successfully installed ansible-2.9.27

3. Ansible配置

Ansible的配置文件位于/etc/ansible/ansible.cfg,可以根据需要进行修改。

# 查看默认配置文件
# cat /etc/ansible/ansible.cfg | grep -v “^#”

[defaults]
inventory = /etc/ansible/hosts
library = /usr/share/ansible
module_utils = /usr/lib/python2.7/site-packages/ansible/module_utils
remote_tmp = ~/.ansible/tmp
local_tmp = ~/.ansible/tmp
forks = 5
poll_interval = 15
sudo_user = root
ask_sudo_pass = True
ask_pass = True
remote_port = 22
module_lang = C
timeout = 10

# 自定义配置文件
# vi /etc/ansible/ansible.cfg

[defaults]
inventory = /etc/ansible/hosts
forks = 20
timeout = 30
remote_user = ansible
ask_pass = False
private_key_file = /home/ansible/.ssh/id_rsa

风哥风哥提示:建议创建专门的Ansible用户,并使用SSH密钥认证,提高安全性和自动化程度。

4. inventory配置

inventory文件用于定义Ansible管理的主机和主机组。

# 查看默认inventory文件
# cat /etc/ansible/hosts

# 自定义inventory文件
# vi /etc/ansible/hosts

[web]
web1 ansible_host=192.168.1.101 ansible_user=root
web2 ansible_host=192.168.1.102 ansible_user=root

[db]
db1 ansible_host=192.168.1.201 ansible_user=root
db2 ansible_host=192.168.1.202 ansible_user=root

[all:vars]
ansible_ssh_private_key_file=/root/.ssh/id_rsa

# 测试inventory配置
# ansible all -m ping
web1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
web2 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
db1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}
db2 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}

5. Playbook编写

Playbook是Ansible的核心组件,用于定义自动化任务的执行顺序和逻辑。

# 创建Playbook文件
# vi install_nginx.yml


– name: Install Nginx
hosts: web
become: yes
tasks:
– name: Update package cache
yum:
name: ‘*’
state: latest

– name: Install Nginx
yum:
name: nginx
state: present

– name: Start Nginx service
service:
name: nginx
state: started
enabled: yes

– name: Open firewall port
firewalld:
service: http
permanent: yes
state: enabled

– name: Reload firewall
service:
name: firewalld
state: reloaded

# 执行Playbook
# ansible-playbook install_nginx.yml

PLAY [Install Nginx] ************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************
ok: [web1]
ok: [web2]

TASK [Update package cache] *****************************************************************************************************************************
ok: [web1]
ok: [web2]

TASK [Install Nginx] ************************************************************************************************************************************
ok: [web1]
ok: [web2]

TASK [Start Nginx service] ******************************************************************************************************************************
ok: [web1]
ok: [web2]

TASK [Open firewall port] ********************************************************************************************************************************
ok: [web1]
ok: [web2]

TASK [Reload firewall] **********************************************************************************************************************************
ok: [web1]
ok: [web2]

PLAY RECAP **********************************************************************************************************************************************
web1 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web2 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

6. 模块使用

Ansible提供了丰富的模块,用于执行各种任务,如文件管理、包管理、服务管理等。

# 使用file模块创建文件
# ansible web -m file -a “path=/var/www/html/index.html state=touch”
web1 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“dest”: “/var/www/html/index.html”,
“gid”: 0,
“group”: “root”,
“mode”: “0644”,
“owner”: “root”,
“secontext”: “unconfined_u:object_r:httpd_sys_content_t:s0”,
“size”: 0,
“state”: “file”,
“uid”: 0
}

# 使用copy模块复制文件
# ansible web -m copy -a “src=/root/index.html dest=/var/www/html/index.html”
web1 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“checksum”: “da39a3ee5e6b4b0d3255bfef95601890afd80709”,
“dest”: “/var/www/html/index.html”,
“gid”: 0,
“group”: “root”,
“mode”: “0644”,
“owner”: “root”,
“secontext”: “unconfined_u:object_r:httpd_sys_content_t:s0”,
“size”: 0,
“src”: “/root/.ansible/tmp/ansible-tmp-1617147600.12-1234-1234567890123/source”,
“state”: “file”,
“uid”: 0
}

# 使用shell模块执行命令
# ansible web -m shell -a “echo ‘Hello World’ > /var/www/html/index.html”
web1 | CHANGED => {
“ansible_facts”: {
“discovered_interpreter_python”: “/usr/bin/python”
},
“changed”: true,
“cmd”: “echo ‘Hello World’ > /var/www/html/index.html”,
“delta”: “0:00:00.011345”,
“end”: “2026-03-30 10:00:00.123456”,
“rc”: 0,
“start”: “2026-03-30 10:00:00.112111”,
“stderr”: “”,
“stderr_lines”: [],
“stdout”: “”,
“stdout_lines”: []
}

7. 角色管理

角色是Ansible的一种组织方式,用于将相关的任务、变量、模板等组织在一起,提高代码的可重用性。

# 创建角色目录结构
# mkdir -p /etc/ansible/roles/nginx/{tasks,templates,files,vars,defaults,handlers}

# 创建tasks文件
# vi /etc/ansible/roles/nginx/tasks/main.yml


– name: Update package cache
yum:
name: ‘*’
state: latest

– name: Install Nginx
yum:
name: nginx
state: present

– name: Copy Nginx configuration
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: reload nginx

– name: Start Nginx service
service:
name: nginx
state: started
enabled: yes

# 创建handlers文件
# vi /etc/ansible/roles/nginx/handlers/main.yml


– name: reload nginx
service:
name: nginx
state: reloaded

# 使用角色
# vi deploy_nginx.yml


– name: Deploy Nginx
hosts: web
become: yes
roles:
– nginx

# 执行Playbook
# ansible-playbook deploy_nginx.yml

8. 变量管理

变量用于存储和传递数据,使Playbook更加灵活和可配置。

# 在Playbook中定义变量
# vi install_apache.yml


– name: Install Apache
hosts: web
become: yes
vars:
http_port: 80
https_port: 443
server_name: fgedu.net.cn
tasks:
– name: Install Apache
yum:
name: httpd
state: present

– name: Configure Apache
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify: reload httpd

– name: Start Apache service
service:
name: httpd
state: started
enabled: yes
handlers:
– name: reload httpd
service:
name: httpd
state: reloaded

# 创建模板文件
# vi httpd.conf.j2

Listen {{ http_port }}
ServerName {{ server_name }}

# 执行Playbook
# ansible-playbook install_apache.yml

9. 模板使用

模板用于生成配置文件,支持变量替换和逻辑控制。

# 创建模板文件
# vi nginx.conf.j2

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
worker_connections {{ worker_connections }};
use epoll;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout {{ keepalive_timeout }};

include /etc/nginx/conf.d/*.conf;
}

# 在Playbook中使用模板
# vi deploy_nginx.yml


– name: Deploy Nginx
hosts: web
become: yes
vars:
worker_connections: 65535
keepalive_timeout: 65
tasks:
– name: Copy Nginx configuration
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: reload nginx
handlers:
– name: reload nginx
service:
name: nginx
state: reloaded

# 执行Playbook
# ansible-playbook deploy_nginx.yml

10. Ansible最佳实践

遵循Ansible最佳实践可以提高自动化效率和代码质量。

# 目录结构最佳实践
# ls -la /etc/ansible/
total 40
drwxr-xr-x 5 root root 4096 Mar 30 10:00 .
drwxr-xr-x 143 root root 4096 Mar 30 10:00 ..
drwxr-xr-x 2 root root 4096 Mar 30 10:00 group_vars
drwxr-xr-x 2 root root 4096 Mar 30 10:00 host_vars
drwxr-xr-x 3 root root 4096 Mar 30 10:00 roles
-rw-r–r– 1 root root 1998 Mar 30 10:00 ansible.cfg
-rw-r–r– 1 root root 234 Mar 30 10:00 hosts

# 使用group_vars和host_vars
# cat /etc/ansible/group_vars/web.yml

http_port: 80
https_port: 443

# cat /etc/ansible/host_vars/web1.yml

server_name: web1.fgedu.net.cn

# 使用ansible-lint检查Playbook
# ansible-lint install_nginx.yml

# 使用–check模式测试Playbook
# ansible-playbook install_nginx.yml –check

# 使用–diff模式查看变更
# ansible-playbook install_nginx.yml –diff

Ansible最佳实践:使用角色组织代码,使用变量和模板提高灵活性,使用group_vars和host_vars管理配置,使用ansible-lint检查代码质量,使用–check模式测试Playbook。

本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html

相关推荐

联系我们

在线咨询:点击这里给我发消息

微信号:itpux-com

工作日:9:30-18:30,节假日休息