Ansible 自動化

下面來看一下如何透過 Ansible 來做自動化部署,參考文章 – https://docs.ansible.com/ansible/latest/getting_started/get_started_ansible.html

測試環境 CentOS 9 Stream (虛擬機)

架構需求如下系統可以分為 Control node ( Ansible 控制端) 與 Managed nodes (被 Ansible 控制端)

• Control node ( Ansible 控制端) IP: 192.168.31.131
• Managed nodes (被 Ansible 控制端) IP: 192.168.31.178

Managed nodes

系統預設都安裝 Python 與 SSH-Server 就可以運作.

Control node

接下來所有設定皆是在 Control node 來設定.

• 安裝 Ansible
  官網是用 pip 來安裝 Ansible.

  [root@localhost ~]# yum install pip
  [root@localhost ~]# pip install ansible
  [root@localhost ~]# pip install ansible-lint
  

  建議安裝 ansible-lint 該程式可以幫忙檢查 Playbook 的 ymal 檔案是否正常.

• SSH 免密碼的登入方式
  Control node 是透過 SSH 的方式去連到 Managed node 來工作,所以要先把 Control node 的 public SSH key 加到 Managed node 的 authorized_keys 檔案 (實現 SSH 免密碼的登入方式),更多關於 SSH 基於 Key 的驗證 請參考 – https://benjr.tw/106336

  產生 SSH Public / Private Key (如需輸入 SSH Private Key PassPhrase 時須使用 SSH_Agent 去避免輸入 PassPhase 的密碼)

  [root@localhost ~]# ssh-keygen
  Generating public/private rsa key pair.
  Enter file in which to save the key (/root/.ssh/id_rsa):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /root/.ssh/id_rsa
  Your public key has been saved in /root/.ssh/id_rsa.pub
  The key fingerprint is:
  SHA256:gDEFTV2X0g7/X3WiVNO0xYU57wUsPWwCqPzi4yMXmCo root@localhost.localdomain
  The key's randomart image is:
  +---[RSA 3072]----+
  |    +=o. ooo.= *=|
  |     +. o o.= & =|
  |    ....   = = B |
  |      o.    + . =|
  |     o .S  . o o+|
  |    o o .   . . o|
  |   . . o       ..|
  |E . . =         .|
  | .   +.o         |
  +----[SHA256]-----+
  

  把 Control node 的 public SSH key 加到 Managed node 的 authorized_keys 檔案 .

  [root@localhost ~]# ssh-copy-id root@192.168.31.178
  /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
  The authenticity of host '192.168.31.178 (192.168.31.178)' can't be established.
  ED25519 key fingerprint is SHA256:PgFJeh+W+iNzarxpeUxtVg1ewnvb3GZTAt87Oxq260E.
  This key is not known by any other names
  Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
  /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
  /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
  root@192.168.31.178's password:
  
  Number of key(s) added: 1
  
  Now try logging into the machine, with:   "ssh 'root@192.168.31.178'"
  and check to make sure that only the key(s) you wanted were added.
  

  這樣就實現了 SSH 免密碼的登入方式,測試一下連線到 Managed nodes ( IP: 192.168.31.178 )

  [root@localhost ~]# ssh root@192.168.31.178
  Activate the web console with: systemctl enable --now cockpit.socket
  
  Last failed login: Thu May 16 17:31:43 CST 2024 from 192.168.31.131 on ssh:notty
  There was 1 failed login attempt since the last successful login.
  Last login: Thu May 16 17:20:50 2024 from 192.168.31.1
  [root@localhost ~]# exit
  登出
  Connection to 192.168.31.178 closed.
  

  準備工作完成.

• 建立一個測試用的資料夾

  [root@localhost ~]# mkdir ansible_quickstart && cd ansible_quickstart
  [root@localhost ansible_quickstart]#
  

  簡單測試一下 localhost 自己本身,並使用系統提供的 ping 模組(後面說明)

  [root@localhost ansible_quickstart]# ansible localhost -m ping
  [WARNING]: No inventory was parsed, only implicit localhost is available
  localhost | SUCCESS => {
      "changed": false,
      "ping": "pong"
  }
  

• Inventory
  建立一個 Inventory 檔案 (測試時可以指定檔名) ,內容為 Managed nodes (被 Ansible 控制端) 的 IP address 或是 fully qualified domain name (FQDN)

  [root@localhost ansible_quickstart]# vi inventory.ini
  [myhosts]
  192.168.31.178
  
  [yourhosts]
  192.168.31.179
  

  驗證 inventory 檔案的正確與否.

  [root@localhost ansible_quickstart]# ansible-inventory -i inventory.ini --list
  {
      "_meta": {
          "hostvars": {}
      },
      "all": {
          "children": [
              "ungrouped",
              "myhosts",
              "yourhosts"
          ]
      },
      "myhosts": {
          "hosts": [
              "192.168.31.178"
          ]
      },
      "yourhosts": {
          "hosts": [
              "192.168.31.179"
          ]
      }
  }
  

• 操作模式
  模式有 Ad-Hoc , Playbook 兩種.
  • Ad-Hoc command 的 指令操作模式
    透過 Ansible 內建的 Ping 模組 來檢查 Hosts 的 python 與是否有在線上 (使用 指定的 inventory 檔案內的 myhosts 清單).

    [root@localhost ansible_quickstart]# ansible myhosts -m ping -i inventory.ini
    192.168.31.178 | SUCCESS => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python3"
        },
        "changed": false,
        "ping": "pong"
    }
    

    因為 yourhost 指定的 IP 機器不存在,所以會顯示錯誤.

    [root@localhost ansible_quickstart]# ansible yourhosts -m ping -i inventory.ini
    192.168.31.179 | UNREACHABLE! => {
        "changed": false,
        "msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.31.179 port 22: No route to host",
        "unreachable": true
    }
    

    透過 Ansible 內建的 debug 模組

    [root@localhost ansible_quickstart]# ansible myhosts -m debug -i inventory.ini
    192.168.31.178 | SUCCESS => {
        "msg": "Hello world!"
    }
    

    指定指令來執行

    [root@localhost ansible_quickstart]# ansible myhosts -m command -a "echo Hello World" -i inventory.ini
    192.168.31.178 | CHANGED | rc=0 >>
    Hello World
    

  • Playbook 透過 劇本 (Playbooks) 來讓 Managed Nodes 進行指定的動作 (Plays) 和任務 (Tasks)
    以上 Ad-Hoc commands 一次只能做一件事情, 依序做大量工作時需使用 Playbooks 的方式,以下定義了兩個 Task.

    [root@localhost ansible_quickstart]# vi playbook.yaml
    - name: My first play
      hosts: myhosts
      tasks:
       - name: Ping my hosts
         ansible.builtin.ping:
    
       - name: Print message
         ansible.builtin.debug:
          msg: Hello world
    

    透過程式去檢測 yaml 內容是否無誤.

    [root@localhost ansible_quickstart]# ansible-lint playbook.yaml
    
    Passed: 0 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'production'.
    A new release of ansible-lint is available: 6.22.2 → 24.5.0
    

    執行.

    [root@localhost ansible_quickstart]# ansible-playbook -i inventory.ini playbook.yaml
    
    PLAY [My first play] ***************************************************************************************************
    
    TASK [Gathering Facts] *************************************************************************************************
    ok: [192.168.31.178]
    
    TASK [Ping my hosts] ***************************************************************************************************
    ok: [192.168.31.178]
    
    TASK [Print message] ***************************************************************************************************
    ok: [192.168.31.178] => {
        "msg": "Hello world"
    }
    
    PLAY RECAP *************************************************************************************************************
    192.168.31.178             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
    

    執行結果.
    TASK [Gathering Facts] 預設 Ansible 會收集有關在 playbook 中有使用的清單的資訊.

    TASK [Ping my hosts] TASK [Print message] 顯示為 ok 表示它運行成功.

    PLAY RECAP
    這邊會總結了每個主機的 Play 中所有 Task 任務的結果.

• 沒有解決問題,試試搜尋本站其他內容