了解Ansible:
Ansible是一个配置管理和应用部署工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric、SaltStack )的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
Ansible可以去对服务器上(1-N台)的一些系统应用进行配置管理,更该部分参数。
Ansible可以去安装一个新的软件应用,或者是一组软件应用。
Ansible优点:
理解Ansible架构与大体执行过程:
Ansible配置以ini格式存储配置数据,在Ansible中⼏乎所有配置都可以通过Ansible的Playbook或环境变量来重新赋值。在运⾏Ansible命令时,命令将会按照以下顺序查找配置⽂件。
ANSIBLE_CONFIG:⾸先,Ansible命令会检查环境变量,及这个环境变量指向的配置⽂件。
./ansible.cfg:其次,将会检查当前⽬录下的ansible.cf g配置⽂件。
~/.ansible.cfg:再次,将会检查当前⽤户home⽬录下的.ansible.cf g配置⽂件。
/etc/ansible/ansible.cfg:最后,将会检查在⽤软件包管理⼯具安装Ansible时⾃动产⽣的配置⽂件。
环境介绍:
管理主机 k8s_master1 192.168.1.18
被托管主机 k8s_node1 192.168.1.19
被托管主机 K8S_node2 192.168.1.20
操作系统 Centos 7.5
环境准备:
1.生成ansible管理主机公钥,来免密登录其他被托管主机
[root@k8s_master1 ~]# ssh-keygen -t rsa -f /root/.ssh/id_rsa -N '' Generating public/private rsa key pair. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:C83s9W2AFEOhYsFt3ZDlsKtQcTBbqG7jehzG7LMHG+g root@k8s_master1 The key's randomart image is: +---[RSA 2048]----+ | ...+=X*. | | ..+Bo*. | | oo+ o . | | ..* . o | | =o S + . | | . @+ + . o | | . * *+ . o | | E B . . | | .o.+ | +----[SHA256]-----+
2.将ansible管理主机的ssh公钥发至其他被托管主机上
[root@k8s_master1 ~]# for i in 19 20 > do > ssh-copy-id root@192.168.1.$i > done /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.1.19's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.1.19'" and check to make sure that only the key(s) you wanted were added. /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.1.20 (192.168.1.20)' can't be established. ECDSA key fingerprint is SHA256:DI9rx0dRdCTu6Cl7zRfi7873nsD/quehEO+m/BNxZwM. ECDSA key fingerprint is MD5:8a:9f:cb:c8:b0:38:23:c6:95:7e:72:97:f2:d0:33:7b. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.1.20's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.1.20'" and check to make sure that only the key(s) you wanted were added.
3.被托管主机上查看公钥发送情况
[root@k8s_node1 ~]# ll /root/.ssh/ 总用量 4 -rw------- 1 root root 398 8月 9 17:49 authorized_keys [root@k8s_node2 ~]# ll /root/.ssh/ 总用量 4 -rw------- 1 root root 398 8月 9 17:49 authorized_keys
4.测试ansible管理主机免密登录被托管主机
[root@k8s_master1 ~]# ssh root@192.168.1.19 Last login: Mon Aug 9 17:53:32 2021 from 192.168.1.18 [root@k8s_node1 ~]# 登出 Connection to 192.168.1.19 closed. [root@k8s_master1 ~]# ssh root@192.168.1.20 Last login: Mon Aug 9 17:53:29 2021 from 192.168.1.18 [root@k8s_node2 ~]# 登出 Connection to 192.168.1.20 closed.
注意:
由于我们只是在ansible管理主机上生成了公钥,并且只是单向的将ansible管理主机的公钥分别传给另外两台被托管主机,所以免密登录只能是ansible管理主机免密登录另外两台被托管主机,他们三台主机之间并不能互相免密登录。(要实现三台主机互相免密登录,需要分别在三台主机上都生成各自的公钥,并且三台主机还需要把自己的公钥在三台主机中相互发送,这样三台主机就可以实现相互免密登录了。)
修改/etc/hosts:
修改/etc/hosts项不是必须,只是为了后续使用方便(如更快解析主机名与IP)。在此之前,请提前修改主机名。临时修改主机名:hostname ‘主机名’永久修改主机名:‘修改/etc/hostname文件’,重启生效。
[root@k8s_master1 ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.18 k8s_master1 //管理主机 192.168.1.19 k8s_node1 //被托管主机1 192.168.1.20 k8s_node2 //被托管主机2 --发送修改好的/etc/hosts文件至另外两台被托管主机,就不用手动添加-- [root@k8s_master1 ~]# for i in 19 20 > do > scp /etc/hosts root@192.168.1.$i:/etc/ > done --验证发送情况-- [root@k8s_node1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.18 k8s_master1 192.168.1.19 k8s_node1 192.168.1.20 k8s_node2 [root@k8s_node2 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.18 k8s_master1 192.168.1.19 k8s_node1 192.168.1.20 k8s_node2
安装Ansible:
- 对管理主机
- 要求Python 2.6或2.7及以上
- Ansible使用以下模块,都需要安装
- paramiko
- PyYAML
- Jinja2
- httplib2
- six
- 对被托管主机
- ansible默认通过SSH协议管理机器
- 被管理主机要开启ssh服务,允许ansible主机登录
- 在托管节点上也需要安装Python2.5或以上的版本
- 如果托管节点上开启了SElinux,需要安装libselinux-python
1.配置epel源
[root@k8s_master1 ~]# cat >> /etc/yum.repos.d/my.repo << EOF > [epel] > name=epel > baseurl=http://mirrors.aliyun.com/epel/7Server/x86_64/ > enable=1 > gpgcheck=0 > EOF [root@k8s_master1 ~]# cat /etc/yum.repos.d/my.repo [epel] name=epel baseurl=http://mirrors.aliyun.com/epel/7Server/x86_64/ enable=1 gpgcheck=0
2.加载epel源
[root@k8s_master1 ~]# yum clean all [root@k8s_master1 ~]# yum repolist 已加载插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.ustc.edu.cn * extras: mirrors.ustc.edu.cn * updates: mirrors.ustc.edu.cn base | 3.6 kB 00:00:00 docker-ce-stable | 3.5 kB 00:00:00 epel | 4.7 kB 00:00:00 extras | 2.9 kB 00:00:00 updates | 2.9 kB 00:00:00 (1/6): epel/group_gz | 96 kB 00:00:00 (2/6): epel/updateinfo | 1.0 MB 00:00:00 (3/6): extras/7/x86_64/primary_db | 242 kB 00:00:00 (4/6): epel/primary_db | 6.9 MB 00:00:00 (5/6): docker-ce-stable/7/x86_64/primary_db | 63 kB 00:00:01 (6/6): updates/7/x86_64/primary_db | 9.5 MB 00:00:01 源标识 源名称 状态 base/7/x86_64 CentOS-7 - Base 10,072 docker-ce-stable/7/x86_64 Docker CE Stable - x86_64 122 epel epel 13,625 extras/7/x86_64 CentOS-7 - Extras 498 updates/7/x86_64 CentOS-7 - Updates 2,552 repolist: 26,869
3.管理主机安装ansible
[root@k8s_master1 ~]# yum -y install ansible ...... ====================================================================================================================== 正在安装: ansible noarch 2.9.23-1.el7 epel 17 M 为依赖而安装: PyYAML x86_64 3.10-11.el7 base 153 k libyaml x86_64 0.1.4-11.el7_0 base 55 k python-babel noarch 0.9.6-8.el7 base 1.4 M python-backports x86_64 1.0-8.el7 base 5.8 k python-backports-ssl_match_hostname noarch 3.5.0.1-1.el7 base 13 k python-cffi x86_64 1.6.0-5.el7 base 218 k python-enum34 noarch 1.0.4-1.el7 base 52 k python-idna noarch 2.4-1.el7 base 94 k python-ipaddress noarch 1.0.16-2.el7 base 34 k python-jinja2 noarch 2.7.2-4.el7 base 519 k python-markupsafe x86_64 0.11-10.el7 base 25 k python-paramiko noarch 2.1.1-9.el7 base 269 k python-ply noarch 3.4-11.el7 base 123 k python-pycparser noarch 2.14-1.el7 base 104 k python-setuptools noarch 0.9.8-7.el7 base 397 k python-six noarch 1.9.0-2.el7 base 29 k python2-cryptography x86_64 1.7.2-2.el7 base 502 k python2-httplib2 noarch 0.18.1-3.el7 epel 125 k python2-jmespath noarch 0.9.4-2.el7 epel 41 k python2-pyasn1 noarch 0.1.9-7.el7 base 100 k sshpass x86_64 1.06-2.el7 extras 21 k ...... 已安装: ansible.noarch 0:2.9.23-1.el7 作为依赖被安装: PyYAML.x86_64 0:3.10-11.el7 libyaml.x86_64 0:0.1.4-11.el7_0 python-babel.noarch 0:0.9.6-8.el7 python-backports.x86_64 0:1.0-8.el7 python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7 python-idna.noarch 0:2.4-1.el7 python-ipaddress.noarch 0:1.0.16-2.el7 python-jinja2.noarch 0:2.7.2-4.el7 python-markupsafe.x86_64 0:0.11-10.el7 python-paramiko.noarch 0:2.1.1-9.el7 python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7 python-setuptools.noarch 0:0.9.8-7.el7 python-six.noarch 0:1.9.0-2.el7 python2-cryptography.x86_64 0:1.7.2-2.el7 python2-httplib2.noarch 0:0.18.1-3.el7 python2-jmespath.noarch 0:0.9.4-2.el7 python2-pyasn1.noarch 0:0.1.9-7.el7 sshpass.x86_64 0:1.06-2.el7 完毕!
验证:
[root@k8s_master1 ~]# ansible --version ansible 2.9.23 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5
