如何在Ubuntu 18.04上安装Ansible以实现IT自动化
时间:2020-01-09 10:39:18 来源:igfitidea点击:
如何在Ubuntu 18.04工作站上安装Ansible?
如何使用Ubuntu Linux桌面设置和测试Ansible剧本(Playbook)?
Ansible是一个开源和免费的配置管理IT工具。
它类似于Chef或Puppet。
它可以在基于SSH的会话上运行,并且在远程Unix服务器上不需要任何软件或客户端代理。
可以使用Ansible管理Linux,Unix,macOS和* BSD系列操作系统。
本教程显示如何在Ubuntu Linux 18.04上安装ansible并设置您的第一个Ansible剧本(Playbook)。
在Ubuntu 18.04上安装Ansible的过程
- 更新您的Ubuntu 18.04 LTS系统,运行:
sudo apt update && sudo apt upgrade - 在Ubuntu 18.04上安装Ansible,运行:
sudo apt install ansible - 要在Ubuntu 18.04上升级Ansible,请执行以下命令:
sudo apt upgrade ansible - 设置基于ssh密钥的身份验证
- 测试Ansible并编写您的剧本(Playbook)以实现自动化
步骤1. Ubuntu Linux安装Ansible
执行以下apt命令以更新Ubuntu框:
{Hyman@ubuntu:~}$ sudo apt update
应用任何未决的更新,运行:
{Hyman@ubuntu:~}$ sudo apt upgrade
搜索Ansbile软件包,执行:
{Hyman@ubuntu:~}$ apt search ansible
或者
{Hyman@ubuntu:~}$ apt-cache search ansible
查找有关Ansible软件包的信息,运行:
{Hyman@ubuntu:~}$ apt show ansible
输出示例:
Package: ansible Version: 2.5.1+dfsg-1 Priority: optional Section: universe/admin Origin: Ubuntu Maintainer: Ubuntu Developers <[email protected]> Original-Maintainer: Harlan Lieberman-Berg <[email protected]> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Installed-Size: 26.9 MB Depends: python-cryptography, python-jinja2, python-paramiko, python-pkg-resources, python-yaml, python:any (<< 2.8), python:any (>= 2.7.5-5~), python-crypto, python-httplib2, python-netaddr Recommends: python-jmespath, python-kerberos, python-libcloud, python-selinux, python-winrm (>= 0.1.1), python-xmltodict Suggests: cowsay, sshpass Homepage: https://www.ansible.com Download-Size: 3,197 kB APT-Sources: http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages Description: Configuration management, deployment, and task execution system Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
在Ubuntu Linux上安装Ansbile
最后,执行以下apt命令以安装相同的命令:
{Hyman@ubuntu:~}$ sudo apt install ansible
查找Ansible版本
我们可以通过运行以下命令来验证Ansible版本:
{Hyman@ubuntu:~}$ ansible --version ## ubuntu install ansible and verify it ##
输出示例:
ansible 2.5.1 config file = /etc/ansible/ansible.cfg configured module search path = [u'/home/Hyman/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/dist-packages/ansible executable location = /usr/bin/ansible python version = 2.7.15rc1 (default, Nov 12 2015, 14:31:15) [GCC 7.3.0]
步骤2.在Linux或Unix上设置ssh密钥
首先,在Ubuntu Linux桌面/工作站上使用ssh-keygen命令创建密钥对:
{Hyman@ubuntu:~}$ ssh-keygen -t ed25519 -C "Desktop ssh key"
接下来,使用ssh-copy-id命令将公钥复制并安装在远程Linux/Unix/BSD服务器中:
{Hyman@ubuntu:~}$ ssh-copy-id -i $HOME/.ssh/id_ed25519.pub user@ubuntu-server-ec2
{Hyman@ubuntu:~}$ ssh-copy-id -i $HOME/.ssh/id_ed25519.pub ec2-user@freebsd-server-lightsail
{Hyman@ubuntu:~}$ ssh-copy-id -i $HOME/.ssh/id_ed25519.pub Hyman@centos-server-linode
使用ssh命令测试较少的密码登录:
{Hyman@ubuntu:~}$ ssh Hyman@centos-server-linode
{Hyman@ubuntu:~}$ ssh ec2-user@freebsd-server-lightsail
步骤3.测试Ansible
我们的示例Ansible设置
首先在控制计算机上创建列表文件,如下所示:
{Hyman@ubuntu:~}$ vi inventory
添加所有远程Linux/* BSD服务器的主机名/IP地址:
## my vms/server hosted locally ## [lanhosts] 192.168.1.203 192.168.1.207 ## my vms/servers hosted by AWS (EC2/Lightsail) ## [awshosts] vm1.theitroad.local ## my Linode VMs ## [linodehosts] vm2.theitroad.local
接下来在我局域网中的两台主机(即lanhosts组)上以用户Hyman的身份运行uptime命令和lsb_release命令:
{Hyman@ubuntu:~}$ ansible -u Hyman -i inventory -m raw -a 'uptime' lanhosts
{Hyman@ubuntu:~}$ ansible -u Hyman -i inventory -m raw -a 'lsb_release -a' lanhosts
步骤4.编写您的第一本Ansible剧本(Playbook)来管理Linux/Unix服务器
首先,更新列表文件以指示在远程服务器上成为sudo的用户名和方法。
这是用cat命令显示的更新后的主机文件:
cat inventory
示例配置文件:
[all:vars] ansible_user='Hyman' # Username for ssh connection ansible_become='yes' # Run commands as root user? ansible_become_pass='PasswordForHymanUser' # Password for sudo user i.e. ansible_user password ansible_become_method='sudo' # How do I become root user? Use sudo. ## my vms/server hosted locally ## ## Setup python path on remote server ansible_python_interpreter ## [lanhosts] 192.168.1.203 ansible_python_interpreter='/usr/bin/python2' 192.168.1.207 ansible_python_interpreter='/usr/bin/python3' ## my vms/servers hosted by AWS (EC2/Lightsail) ## [awshosts] vm1.theitroad.local ## my Linode VMs ## [linodehosts] vm2.theitroad.local
剧本(Playbook)不过是在控制服务器上执行的脚本/命令而已。
使用文本编辑器(例如vim命令/nano命令),如下创建一个名为date.yml的剧本(Playbook):
vim date.yml
追加以下代码:
--
- hosts: lanhosts
tasks:
- name: Get date for testing purpose
command: /bin/date
changed_when: False
register: date
- debug: var={{ item }}
with_items:
- date.stdout
Ansible中的剧本(Playbook)使用Yaml。
接下来,在Ubuntu Linux工作站/控制机上按以下方式运行它:
{Hyman@ubuntu:~}$ ansible-playbook -i inventory date.yml
有关以不安全格式存储的密码的说明
仔细查看列表文件中的以下配置目录:
ansible_become_pass='PasswordForHymanUser'
以明文形式存储密码和其他敏感信息是一个坏主意。
让我们解决这个问题:
{Hyman@ubuntu:~}$ vim inventory
将
ansible_become_pass='PasswordForHymanUser'
更换为:
ansible_become_pass='{{ my_user_password }}'
保存并关闭文件。
接下来创建一个名为passwords.yml的新加密数据文件,运行以下命令:
{Hyman@ubuntu:~}$ ansible-vault create passwords.yml
设置库的密码。
提供密码后,该工具将启动您使用$EDITOR定义的任何编辑器。
追加以下内容:
my_user_password: your_password_for_ansible_user
保存并关闭文件。
如下运行:
{Hyman@ubuntu:~}$ ansible-playbook -i inventory --ask-vault-pass --extra-vars '@passwords.yml' date.yml
使用Ansible剧本(Playbook)添加用户
假设您需要在Lanhosts组中添加一个名为tom all hosts的新用户。
创建一个名为add-tom-user.yml的新剧本(Playbook):
--
- hosts: lanhosts
tasks:
- name: Add a new user to my Linux VMs with password disabled but allow ssh log in
user:
name: tom
comment: "Tom Cat"
shell: /bin/bash
groups: sudo
append: yes
password: *
- name: Upload ssh key for user tom for log in purpose
authorized_key:
user: Hyman
state: present
manage_dir: yes
key: "{{ lookup('file', '/home/Hyman/.ssh/tom_id_ed25519.pub') }}"
如下运行:
{Hyman@ubuntu:~}$ ansible-playbook -i inventory --ask-vault-pass --extra-vars '@passwords.yml' add-tom-user.yml
如何添加和删除软件包
在此示例中,我们将使用apt命令为linodehosts组中的所有主机添加和删除软件包。
创建一个名为software.yml的文件:
--
- hosts: linodehosts
tasks:
- name: Add a list of software on Linode VMs ...
apt:
name: "{{ packages }}"
state: present
vars:
packages:
- nginx
- php7
- htop
- iotop
- nicstat
- vnstat
- name: Delete a list of software from Linode VMs ...
apt:
name: "{{ packages }}"
state: absent
vars:
packages:
- nano
- apache2
再次运行,如下所示:
{Hyman@ubuntu:~}$ ansible-playbook -i inventory --ask-vault-pass --extra-vars '@passwords.yml' software.yml
