下面來看一下如何透過 Ansible 來做自動化部署,參考文章 – https://docs.ansible.com/ansible/latest/getting_started/get_started_ansible.html
測試環境 CentOS 9 Stream (虛擬機)
架構需求如下系統可以分為 Control node ( Ansible 控制端) 與 Managed nodes (被 Ansible 控制端)
- Control node ( Ansible 控制端) IP: 192.168.31.131
- Managed nodes (被 Ansible 控制端) IP: 192.168.31.178
Managed nodes
系統預設都安裝 Python 與 SSH-Server 就可以運作.
Control node
接下來所有設定皆是在 Control node 來設定.
- 安裝 Ansible
官網是用 pip 來安裝 Ansible.[root@localhost ~]# yum install pip [root@localhost ~]# pip install ansible [root@localhost ~]# pip install ansible-lint
建議安裝 ansible-lint 該程式可以幫忙檢查 Playbook 的 ymal 檔案是否正常.
- SSH 免密碼的登入方式
Control node 是透過 SSH 的方式去連到 Managed node 來工作,所以要先把 Control node 的 public SSH key 加到 Managed node 的 authorized_keys 檔案 (實現 SSH 免密碼的登入方式),更多關於 SSH 基於 Key 的驗證 請參考 – https://benjr.tw/106336產生 SSH Public / Private Key (如需輸入 SSH Private Key PassPhrase 時須使用 SSH_Agent 去避免輸入 PassPhase 的密碼)
[root@localhost ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:gDEFTV2X0g7/X3WiVNO0xYU57wUsPWwCqPzi4yMXmCo root@localhost.localdomain The key's randomart image is: +---[RSA 3072]----+ | +=o. ooo.= *=| | +. o o.= & =| | .... = = B | | o. + . =| | o .S . o o+| | o o . . . o| | . . o ..| |E . . = .| | . +.o | +----[SHA256]-----+
把 Control node 的 public SSH key 加到 Managed node 的 authorized_keys 檔案 .
[root@localhost ~]# ssh-copy-id root@192.168.31.178 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.31.178 (192.168.31.178)' can't be established. ED25519 key fingerprint is SHA256:PgFJeh+W+iNzarxpeUxtVg1ewnvb3GZTAt87Oxq260E. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.31.178's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.31.178'" and check to make sure that only the key(s) you wanted were added.
這樣就實現了 SSH 免密碼的登入方式,測試一下連線到 Managed nodes ( IP: 192.168.31.178 )
[root@localhost ~]# ssh root@192.168.31.178 Activate the web console with: systemctl enable --now cockpit.socket Last failed login: Thu May 16 17:31:43 CST 2024 from 192.168.31.131 on ssh:notty There was 1 failed login attempt since the last successful login. Last login: Thu May 16 17:20:50 2024 from 192.168.31.1 [root@localhost ~]# exit 登出 Connection to 192.168.31.178 closed.
準備工作完成.
- 建立一個測試用的資料夾
[root@localhost ~]# mkdir ansible_quickstart && cd ansible_quickstart [root@localhost ansible_quickstart]#
簡單測試一下 localhost 自己本身,並使用系統提供的 ping 模組(後面說明)
[root@localhost ansible_quickstart]# ansible localhost -m ping [WARNING]: No inventory was parsed, only implicit localhost is available localhost | SUCCESS => { "changed": false, "ping": "pong" } - Inventory
建立一個 Inventory 檔案 (測試時可以指定檔名) ,內容為 Managed nodes (被 Ansible 控制端) 的 IP address 或是 fully qualified domain name (FQDN)[root@localhost ansible_quickstart]# vi inventory.ini [myhosts] 192.168.31.178 [yourhosts] 192.168.31.179
驗證 inventory 檔案的正確與否.
[root@localhost ansible_quickstart]# ansible-inventory -i inventory.ini --list { "_meta": { "hostvars": {} }, "all": { "children": [ "ungrouped", "myhosts", "yourhosts" ] }, "myhosts": { "hosts": [ "192.168.31.178" ] }, "yourhosts": { "hosts": [ "192.168.31.179" ] } } - 操作模式
模式有 Ad-Hoc , Playbook 兩種.- Ad-Hoc command 的 指令操作模式
透過 Ansible 內建的 Ping 模組 來檢查 Hosts 的 python 與是否有在線上 (使用 指定的 inventory 檔案內的 myhosts 清單).[root@localhost ansible_quickstart]# ansible myhosts -m ping -i inventory.ini 192.168.31.178 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python3" }, "changed": false, "ping": "pong" }因為 yourhost 指定的 IP 機器不存在,所以會顯示錯誤.
[root@localhost ansible_quickstart]# ansible yourhosts -m ping -i inventory.ini 192.168.31.179 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.31.179 port 22: No route to host", "unreachable": true }透過 Ansible 內建的 debug 模組
[root@localhost ansible_quickstart]# ansible myhosts -m debug -i inventory.ini 192.168.31.178 | SUCCESS => { "msg": "Hello world!" }指定指令來執行
[root@localhost ansible_quickstart]# ansible myhosts -m command -a "echo Hello World" -i inventory.ini 192.168.31.178 | CHANGED | rc=0 >> Hello World
- Playbook 透過 劇本 (Playbooks) 來讓 Managed Nodes 進行指定的動作 (Plays) 和任務 (Tasks)
以上 Ad-Hoc commands 一次只能做一件事情, 依序做大量工作時需使用 Playbooks 的方式,以下定義了兩個 Task.[root@localhost ansible_quickstart]# vi playbook.yaml - name: My first play hosts: myhosts tasks: - name: Ping my hosts ansible.builtin.ping: - name: Print message ansible.builtin.debug: msg: Hello world透過程式去檢測 yaml 內容是否無誤.
[root@localhost ansible_quickstart]# ansible-lint playbook.yaml Passed: 0 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'production'. A new release of ansible-lint is available: 6.22.2 → 24.5.0
執行.
[root@localhost ansible_quickstart]# ansible-playbook -i inventory.ini playbook.yaml PLAY [My first play] *************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************* ok: [192.168.31.178] TASK [Ping my hosts] *************************************************************************************************** ok: [192.168.31.178] TASK [Print message] *************************************************************************************************** ok: [192.168.31.178] => { "msg": "Hello world" } PLAY RECAP ************************************************************************************************************* 192.168.31.178 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0執行結果.
TASK [Gathering Facts] 預設 Ansible 會收集有關在 playbook 中有使用的清單的資訊.TASK [Ping my hosts] TASK [Print message] 顯示為 ok 表示它運行成功.
PLAY RECAP
這邊會總結了每個主機的 Play 中所有 Task 任務的結果.
- Ad-Hoc command 的 指令操作模式
-
沒有解決問題,試試搜尋本站其他內容