1. 简介
1.1. 公司环境使用的puppet,但是我更喜欢ansible,原因有二,第一,我是红帽的忠粉:),第二,我对python比较熟悉
1.2. ansible官方网站:https://www.ansible.com/
1.3. ansible中文文档网站:http://www.ansible.com.cn/
2. 环境
2.1. ansible:ansible-2.4.2.0-1.el7
3. 安装
3.1. 直接yum就好
yum install ansible
4. 配置
4.1. 生成ssh key
ssh-keygen -t rsa
4.2. /etc/hosts
10.210.55.220 service. service 10.210.55.221 master1. master1 10.210.55.222 master2. master2 10.210.55.223 master3. master3 10.210.55.224 node1. node1 10.210.55.225 node2. node2 10.210.55.226 block1. block1 10.210.55.227 block2. block2 10.210.55.228 nginx1. nginx1 10.210.55.229 nginx2. nginx2
4.3. 把上一步输出的机器列表粘贴在/etc/ansible/hosts里面,定义好各个组
[all] service ansible_host=10.210.55.220 hostname=service master1 ansible_host=10.210.55.221 hostname=master1 master2 ansible_host=10.210.55.222 hostname=master2 master3 ansible_host=10.210.55.223 hostname=master3 node1 ansible_host=10.210.55.224 hostname=node1 node2 ansible_host=10.210.55.225 hostname=node2 block1 ansible_host=10.210.55.226 hostname=block1 block2 ansible_host=10.210.55.227 hostname=block2 nginx1 ansible_host=10.210.55.228 hostname=nginx1 nginx2 ansible_host=10.210.55.229 hostname=nginx2 [master] master1 master2 master3 [etcd] master1 master2 master3 [worker] node1 node2 [block] block1 block2 [kube-master:children] master [kube-node:children] worker [k8s-cluster:children] kube-master kube-node
4.4. 吧ssh-key拷贝的目标主机上实现免密码登录
for i in $(grep hctj /etc/ansible/hosts |grep -o "#.*"|cut -d# -f2); do ssh-copy-id $i; done
4.5. 在/etc/ansible下吧架构搭起来
[root@services ~]# mkdir -p /etc/ansible/roles/{all,master,etcd,worker,block}/{files,templetes,tasks,handlers,vars,meta}
[root@services ~]# touch /etc/ansible/roles/{all,master,etcd,worker,block}/{tasks,handlers,vars,meta}/main.yml
[root@services ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg
├── hosts
└── roles
├── all
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templetes
│ └── vars
│ └── main.yml
├── block
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templetes
│ └── vars
│ └── main.yml
├── etcd
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templetes
│ └── vars
│ └── main.yml
├── master
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templetes
│ └── vars
│ └── main.yml
└── worker
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
├── templetes
└── vars
└── main.yml
36 directories, 22 files
4.6. 配置文件/etc/ansible/start.yml
- hosts: all
name: playbook of all servers
remote_user: root
roles:
- all
- hosts: master
name: playbook of master
remote_user: root
roles:
- master
- hosts: etcd
name: playbook of master
remote_user: root
roles:
- master
- hosts: worker
name: playbook of worker
remote_user: root
roles:
- worker
- hosts: block
name: playbook of block
remote_user: root
roles:
- block
#定义角色的时候还可以同时传入变量或者添加条件
##- host: mysql
## name: mysql
## roles:
## - {role: mysql, username: dbuser}
## - {role: mysql, when: "ansible_distribution_major_version == '7' "}
4.7. 添加all角色/etc/ansible/roles/all/tasks/main.yml
# 一些静态配置文件
- name: Change resolve.conf
copy: src=hosts dest=/etc/hosts
- name: Yum repo
copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo
#系统默认安装后需要安装的软件都写这下面,我就用tree和htop做了一个例子
- name: Tools after server installed
when: ansible_distribution_major_version == "7"
yum: name={{ item }} state=present disable_gpg_check=yes
with_items:
- tree
- htop
- net-tools
- vim
- bind-utils
#系统默认安装后其他需要安装的软件
- name: Extra services after server is basic installed
when: ansible_distribution_major_version == "7"
yum: name={{ item.name }} state={{ item.state }}
with_items:
- { name: 'chrony', state: 'present' }
#定义系统服务启动级别
- name: Enable/Disable services when server boot
service: name={{ item.name }} enabled={{ item.enabled }}
with_items:
- {name: 'chronyd', enabled: 'true'}
- {name: 'NetworkManager', enabled: 'false'}
4.8. 此时的ansible目录结构如下
/etc/ansible/ ├── ansible.cfg ├── hosts ├── roles │ ├── cache │ │ ├── files │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templetes │ │ └── vars │ │ └── main.yml │ ├── ceph │ │ ├── files │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templetes │ │ └── vars │ │ └── main.yml │ ├── default │ │ ├── files │ │ │ ├── chrony.conf │ │ │ ├── resolv.conf │ │ │ └── rhel7-actual-x86_64.repo │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templetes │ │ └── vars │ │ └── main.yml │ ├── dr │ │ ├── files │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templetes │ │ └── vars │ │ └── main.yml │ ├── etcd │ │ ├── files │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templetes │ │ └── vars │ │ └── main.yml │ ├── k8s │ │ ├── files │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ └── main.yml │ │ ├── templetes │ │ └── vars │ │ └── main.yml │ └── mysql │ ├── files │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templetes │ └── vars │ └── main.yml ├── start.retry └── start.yml 50 directories, 35 files
4.9. 一些常用的命令组合
ansible-doc -l ansible-doc -s MODULE_NAME ansible GROUP_NAME -s MODULE_NAME -a ARGVS