Ansible部署
一、部署环境及前置操作
1、测试环境
注:主机复用原测试环境,主机hostname根据需求调整
硬件环境:N100 x86主机 Proxmox系统
软件环境:Ubuntu 22.04.3 LTS
软件版本:redis-7.4.0.tar.gz
主机环境:主机IP 主机名
192.168.0.150 node1 #Ansible管理节点
192.168.0.151 node2 #测试节点
192.168.0.152 node3 #测试节点
2、主机IP及主机名调整
#配置静态IP
vi /etc/netplan/00-installer-config.yaml
#添加以下内容,静态IP根据个人需求调整
network:
version: 2
renderer: networkd
ethernets:
ens18:
addresses: [192.168.0.150/24] # 静态 IP 和子网掩码
dhcp4: false # 关闭 DHCP
routes:
- to: default # 默认路由
via: 192.168.0.1 # 网关地址
nameservers:
addresses: [192.168.0.1, 114.114.114.114] # DNS 服务器
#生效配置
netplan apply
#主机复用原测试环境,主机hostname根据需求调整
#节点1:192.168.0.150 node1
hostnamectl set-hostname node1
#节点2:192.168.0.151 node2
hostnamectl set-hostname node2
#节点3:192.168.0.152 node3
hostnamectl set-hostname node3
3、调整hosts及时间同步
#添加host配置
cat >> /etc/hosts << EOF
192.168.0.150 node1
192.168.0.151 node2
192.168.0.152 node3
EOF
#node节点主机如果是使用其他主机克隆时,注意调整/etc/hosts中127.0.1.1配置,克隆主机默认为原始主机配置
#调整系统时区配置
timedatectl set-timezone Asia/Shanghai
#安装时间同步工具chrony
apt install chrony -y
#添加时间同步源/etc/chrony/chrony.conf
echo "server time1.aliyun.com iburst" >> /etc/chrony/chrony.conf
#启动服务
systemctl start chrony
systemctl enable chrony
#检查运行状态
chronyc sources -v
4、配置免密登录
#192.168.0.150主机执行
root@node1:/etc/ansible# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:40g2VL66TKcfb0X5l3alhHZscxP2mgOhL075cocK4iA root@node1
The key's randomart image is:
+---[RSA 3072]----+
| . |
| o . o |
| . . . =. o|
| . .. * *.+|
| + S = * *+|
| o = .+ o *oo|
| E . = =o + ..o.|
| . = = ++ + . |
| =...o+ . |
+----[SHA256]-----+
#首次配置免密需要手动输入密码
root@node1:/etc/ansible# ssh-copy-id test@192.168.0.151
root@node1:/etc/ansible# ssh-copy-id test@192.168.0.152
二、Ansible部署
1、Ansible安装
Ansible安装方式有2种,具体安装方式如下:
1.1、使用apt安装
在线安装:
#联网情况下
apt update
apt install ansible -y
离线安装:
#离线环境
#在可联网主机创建相同环境架构本地环境/虚拟机下载安装包及依赖
mkdir -p /data/ansible_download/ #目录根据实际进行调整
cd /data/ansible_download/
#下载软件包及依赖
apt download ansible $(apt-rdepends ansible | grep -v "^ " | grep -v "^lib")
root@node1:/data/ansible_download# ll
total 17128
drwxr-xr-x 2 root root 4096 Jun 3 22:13 ./
drwxr-xr-x 3 root root 4096 Jun 3 22:13 ../
-rw-r--r-- 1 root root 17530700 Apr 29 2021 ansible_2.10.7+merged+base+2.10.8+dfsg-1_all.deb
#安装,如果有其他deb安装包,添加到命令
apt install ./ansible_2.10.7+merged+base+2.10.8+dfsg-1_all.deb -y
安装验证:
#安装验证
root@node1:/data/ansible_download# ansible --version
ansible 2.10.8
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 3.10.12 (main, Feb 4 2025, 14:57:36) [GCC 11.4.0]
1.2、使用pip安装
在线安装:
#联网情况下
apt update
apt install python3-pip -y
pip3 install ansible
#默认源安装较慢时
pip3 install ansible --index-url https://pypi.tuna.tsinghua.edu.cn/simple
离线安装:
#离线环境
#在可联网主机创建相同环境架构本地环境/虚拟机下载安装包及依赖
mkdir -p /data/ansible_download/ #目录根据实际进行调整
cd /data/ansible_download/
#下载软件包
pip3 download ansible
#如果默认源下载较慢,可以使用
#国内常用镜像源
#清华:https://pypi.tuna.tsinghua.edu.cn/simple
#阿里云:https://mirrors.aliyun.com/pypi/simple/
#腾讯云:https://mirrors.cloud.tencent.com/pypi/simple
#华为云:https://repo.huaweicloud.com/repository/pypi/simple
pip3 download ansible --index-url https://pypi.tuna.tsinghua.edu.cn/simple
#安装
pip3 install --no-index --find-links=./ ansible
安装验证:
#安装验证
root@node1:/data/ansible_download# ansible --version
ansible [core 2.17.12]
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.12 (main, Feb 4 2025, 14:57:36) [GCC 11.4.0] (/usr/bin/python3)
jinja version = 3.0.3
libyaml = True
2、Ansible配置文件
2.1、主配置文件
位置(按优先级从高到低):
-
当前目录下的 ./ansible.cfg
-
用户家目录下的 ~/.ansible.cfg
-
系统全局的 /etc/ansible/ansible.cfg
创建方法:
# 创建默认配置文件
mkdir -p /etc/ansible/
mkdir -p /etc/ansible/{inventory,group_vars,host_vars,roles,files,templates}
touch /etc/ansible/ansible.cfg
#生成默认配置(配置较多,使用常用配置项即可)
ansible-config init --disabled > /etc/ansible/ansible.cfg
常用配置内容:
[defaults]
# 安全设置
# 禁用SSH主机密钥检查(测试环境用)
host_key_checking = False
# 禁用弃用警告
deprecation_warnings = False
# 性能优化
# 并发进程数
forks = 50
# 智能收集facts
gathering = smart
# 缓存facts加速后续执行
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_facts
# 缓存24小时
fact_caching_timeout = 86400
# 路径设置
# 默认库存文件
inventory = /etc/ansible/hosts
# 角色搜索路径
roles_path = /etc/ansible/roles
# 日志记录
log_path = /var/log/ansible.log
[privilege_escalation]
# 默认启用权限提升,根据需求配置
become = True
# 使用sudo
become_method = sudo
# 提升为root
become_user = root
# 不提示sudo密码
become_ask_pass = False
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# 启用管道加速
pipelining = True
2.2、库存文件 (Inventory File)
默认位置:/etc/ansible/hosts
创建方法:
#以自定义为例
mkdir -p /etc/ansible/
touch /etc/ansible/hosts
配置内容:
# 简单主机定义
[ubuntu_servers]
192.168.0.151
192.168.0.152 ansible_port=22 # 自定义SSH端口
2.3、主机变量文件
位置:通常在库存文件所在目录的 host_vars/ 和 group_vars/ 子目录中
创建方法:
mkdir -p /etc/ansible/{host_vars,group_vars}
示例:
# /etc/ansible/group_vars/all.yml
---
ansible_python_interpreter: /usr/bin/python3
timezone: UTC
# /etc/ansible/host_vars/web1.example.com.yml
---
http_port: 8080
max_clients: 200
2.4、Ansible Vault 密码文件(可选)
用于加密敏感数据:
#全局存储
echo "my_vault_password" > /etc/ansible/vault_pass.txt
chmod 600 /etc/ansible/vault_pass.txt
#用户级存储
#在用户目录下创建
mkdir -p ~/.ansible/
echo "your_vault_password" > ~/.ansible/vault_pass
chmod 600 ~/.ansible/vault_pass
2.5、配置文件优先级
Ansible 按以下顺序查找配置文件:
-
ANSIBLE_CONFIG 环境变量指定的文件
-
当前目录下的 ansible.cfg
-
用户家目录下的 ~/.ansible.cfg
-
/etc/ansible/ansible.cfg
推荐目录结构如下:
ansible_project/
├── ansible.cfg # 项目级配置
├── inventory/ # 库存目录
│ ├── hosts # 主库存文件
│ ├── host_vars/ # 主机变量
│ └── group_vars/ # 组变量
├── roles/ # 自定义角色
├── playbooks/ # playbook 文件
└── files/ # 文件资源
验证配置文件:
#测试配置文件目录结构如下
root@node1:/etc/ansible# tree /etc/ansible
/etc/ansible
├── ansible.cfg
├── files
├── group_vars
│ └── all.yml
├── hosts
├── host_vars
├── inventory
├── roles
└── templates
root@node1:/etc/ansible# ansible --version
ansible [core 2.17.12]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.12 (main, Feb 4 2025, 14:57:36) [GCC 11.4.0] (/usr/bin/python3)
jinja version = 3.0.3
libyaml = True
2.6、测试
#免密配置为test用户,直接执行ansible ubuntu_servers -m command -u test -a 'df -h'因配置开启权限提升,会出现执行失败情况,现象如下:
root@node1:/etc/ansible# ansible ubuntu_servers -m command -u test -a 'ls /tmp'
192.168.0.151 | FAILED | rc=-1 >>
Missing sudo password
192.168.0.152 | FAILED | rc=-1 >>
Missing sudo password
#处理方式1:可以通过-K参数手动输入密码
root@node1:/etc/ansible# ansible ubuntu_servers -m command -u test -a 'df -h' -K
BECOME password:
192.168.0.151 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
tmpfs 197M 1.1M 196M 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 15G 7.0G 7.0G 51% /
tmpfs 982M 0 982M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 252M 1.6G 14% /boot
tmpfs 197M 4.0K 197M 1% /run/user/1000
192.168.0.152 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
tmpfs 197M 1.1M 196M 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 15G 6.5G 7.5G 47% /
tmpfs 982M 0 982M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 252M 1.6G 14% /boot
tmpfs 197M 4.0K 197M 1% /run/user/1000
#方式2:关闭权限提升配置,编辑ansible.cfg配置,将become=true,改为become=false
root@node1:/etc/ansible# ansible ubuntu_servers -m command -u test -a 'df -h'
192.168.0.151 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
tmpfs 197M 1.1M 196M 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 15G 7.0G 7.0G 51% /
tmpfs 982M 0 982M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 252M 1.6G 14% /boot
tmpfs 197M 4.0K 197M 1% /run/user/1000
192.168.0.152 | CHANGED | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
tmpfs 197M 1.1M 196M 1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 15G 6.5G 7.5G 47% /
tmpfs 982M 0 982M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda2 2.0G 252M 1.6G 14% /boot
tmpfs 197M 4.0K 197M 1% /run/user/1000
扫一扫
3544
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
