1、SSH分发 ansible自动化部署条件 1.建议基于ssh密钥方式建立远程连接 2.基于ssh口令方式建立远程连接(不建议) 在部署之前需要保证管理主机和受控主机能够基于ssh密钥的方式进行远程连接 管理主机生成SSH密钥(私钥和公钥),分发公钥到每台受控主机: 1.安装sshpass [root@m01 ~]# yum install sshpass -y 2.生成密钥 // 直接生成密钥 [root@m01 ~]# ssh-keygen -t dsa -f /root/.ssh/id_dsa -N "" Generating public/private dsa key pair. Created directory '/root/.ssh'. Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: SHA256:gfr8/bG2IAzxNJiom7WGwba8G26BZ5yfxJMp6O3Ouh4 root@m01 The key's randomart image is: +---[DSA 1024]----+ | | | . + | | . = + | | . . . + o | | +=ooo. S | |ooBB*+ o | |.EO=ooo o . . | | o+=o . o ..o | |.=O= . .o+. | +----[SHA256]-----+ 3.分发密钥 // 免交互式批量分发公钥脚本 [root@m01 ~]# vim ~/ssh-fenfa.sh #!/bin/bash rm -f /root/.ssh/id_dsa ssh-keygen -t dsa -f /root/.ssh/id_dsa -N "" for ip in 7 8 do sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no" 10.4.7.$ip done // 执行脚本 [root@m01 ~]# sh ~/ssh-fenfa.sh 4.一键ssh登录测试for循环 [root@m01 ~]# for i in 7 8 ;do ssh 10.4.7.$i date ;done Mon Feb 3 17:23:50 CST 2020 Mon Feb 3 17:23:50 CST 2020 2、安装Ansible 安装方法有很多,这里仅仅以Centos7 yum安装为例。 Ansible软件默认不在标准仓库中,需要用到repo源。 1.需在管理机器上安装: // 添加repo [root@m01 ~]# yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm // yum安装ansilbe [root@m01 ~]# yum install ansible -y [root@m01 ~]# rpm -qa ansible // 检查ansible版本 [root@m01 ~]# ansible --version ansible 2.9.2 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] 2.添加主机清单 [root@m01 ~]# vim /etc/ansible/hosts [app] 10.4.7.7 10.4.7.8 [sa] 分组下添加了两个hosts 3、测试ansible ping模块用于测试ansible与被受控端的连通性 [root@m01 ~]# ansible sa -m ping 10.4.7.8 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 10.4.7.7 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 3、Ansible清单管理 主机清单路径:/etc/ansible/hosts /etc/ansible/hosts主机资产清单文件,用于定义被管理主机的认证信息, 例如ssh登录用户名、密码以及key相关信息。如何配置Inventory文件 主机可以是IP地址形式出现也可以是主机名的形式出现,但是以主机名形式出现就必须要在ansible机器上有对应主机名和IP地址的hosts解析 主机: 1.主机支持主机名通配以及正则表达式,例如web[1:3].jason.com代表三台主机 2.主机支持基于非标准的ssh端口,例如web1.jason.com:6666 3.主机支持指定变量,可对个别主机的特殊配置,如登陆用户,密码 4.主机组支持指定变量[group_name:vars],同时支持嵌套组[game:children] 主机组: 1.支持嵌套组,例如[game:children],那么在game模块下面的组都会被game所包含 2.支持指定变量,例如[game:vars]在下面指定变量
编写playbook的tomcat安装配置 [root@jenkins tomcat]# cat tomcat.yaml
- hosts: app remote_user: root vars: tomcat_version: 8.5.5 tomcat_install_dir: /usr/local/
tasks: - name: Install jdk1.8 yum: name: java-1.8.0-openjdk state: present - name: Download tomcat get_url: url: http://archive.apache.org/dist/tomcat/tomcat-8/v8.5.5/bin/apache-tomcat-8.5.5.tar.gz dest: /tmp - name: Unarchive tomcat unarchive: src: /tmp/apache-tomcat-{{tomcat_version}}.tar.gz dest: "{{tomcat_install_dir}}/" copy: no - name: Start tomcat shell: cd {{tomcat_install_dir}} && mv apache-tomcat-{{tomcat_version}} tomcat8 && cd tomcat8/bin && nohup ./startup.sh &
