当前位置: 首页>前端>正文

创建 ansible 敏捷环境

一、安装

yum install ansible

二、配置文件

  • 优先使用 /etc/ansible/ansible.cfg
  • 其次,使用 ~/.ansible.cfg
  • 再其次,使用 ./ansible.cfg

如果在ansible命令执行的目录存在ansible.cfg文件,那么将使用该文件而不是用全局配置文件和用户配置文件。
这允许管理员根据不同的环境和项目,创建独立的目录,每个目录下都包含唯一的配置。

通过如下命令,可以查看使用的配置文件

ansible --version
ansible  all --list-hosts -v
  1. 创建用户 ansible
  2. 拷贝配置文件到 ansible 用户目录,并修改权限
cp -rf /etc/ansible/* /home/ansible/
chown -R ansible:ansible /home/ansible/
  1. 查看使用的配置文件
[ansible@VM-201-5-centos ~]$ pwd
/home/ansible
[ansible@VM-201-5-centos ~]$ ls
ansible.cfg  hosts  roles
[ansible@VM-201-5-centos ~]$ ansible --version
ansible 2.9.25
  config file = /home/ansible/ansible.cfg
  configured module search path = [u'/home/ansible/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /bin/ansible
  python version = 2.7.5 (default, Apr  2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
  1. 修改配置文件
    修改内容:
  • inventory 路径
  • roles_path 路径
  • 设置允许密码,不强制使用key
    cat ansible.cfg |grep -v '#' |sed '/^$/d'
[defaults]
inventory      = hosts
roles_path    = /opt/ansible-playbook
host_key_checking = False
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]

三、测试

  1. 测试执行命令
    修改当前目录hosts,添加 ip 10.99.201.11 。测试 ping:
[ansible@VM-201-5-centos ~]$ ansible all -m ping -u root -k 
SSH password: 
10.99.201.11 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
  1. 测试执行 ansible-playbook
[ansible@VM-201-5-centos ~]$ ansible-playbook /opt/ansible-playbook/ping_pong.yml -u root -k
SSH password: 

... 略
  1. 测试执行 roles

准备工作:下载自定义playbook到 /opt 目录

git clone https://git.xxx.com/awx/ansible-playbook.git
[root@VM-201-5-centos opt]# ls ansible-playbook/
01_passwd          02_lvm               03_3_jdk8       04_2_tomcat8             06_bareos_agent_install    >09_modifyfile         12_issueRsyslogAgent  ansible-manage-lvm-master.zip          Deploy_01_Core   ping_pong.yml
01_secure          03_1_jdk_with_shell  03_4_openjdk11  04_3_tomcat9             07_filebeat_agent_install  10_upgradeSudo        13_addAuditaccount    ansible-role-lvm-partition-master.zip  Deploy.xlsx      README.md
01_secure_analyze  03_2_jdk7            04_1_tomcat7    05_zabbix_agent_install  08_ignite                  11_upgradeOpenssh8.8  14_modifyfile         ansible-role-tomcat-master.zip         hello_world.yml  yum_install_暂未用

[root@VM-201-5-centos opt]# ls ansible-playbook/01_secure
group_vars  hardening.md.txt  roles  secure.yml  site.yml  加固说明.txt  加固说明.xlsx

[ansible@VM-201-5-centos ~]$ ansible-playbook /opt/ansible-playbook/01_secure/site.yml  -u root -k
SSH password: 

... 略
  1. 测试指定hosts的roles,并以sudo执行
    当前目录创建 hostdir/sales,将ip写入该文件

[ansible@VM-201-5-centos ~]$ ansible-playbook -i hostdir/sales /opt/ansible-playbook/03_3_jdk8/jdk-install.yml  -u sysadmin -k -b -K
SSH password: 
BECOME password[defaults to SSH password]: 

... 略

会输入两次密码,一次用于远程连接,一次用于sudo


https://www.xamrdz.com/web/2jy1995158.html

相关文章: