Ansible部署

Ansible部署

一、部署环境及前置操作

1、测试环境

注:主机复用原测试环境，主机hostname根据需求调整
硬件环境：N100 x86主机 Proxmox系统
软件环境：Ubuntu 22.04.3 LTS
软件版本：redis-7.4.0.tar.gz
主机环境：主机IP          主机名  
		192.168.0.150 node1	#Ansible管理节点
		192.168.0.151 node2	#测试节点
		192.168.0.152 node3	#测试节点

2、主机IP及主机名调整

#配置静态IP
vi /etc/netplan/00-installer-config.yaml 
#添加以下内容,静态IP根据个人需求调整
network:
  version: 2
  renderer: networkd
  ethernets:
    ens18:
      addresses: [192.168.0.150/24]   # 静态 IP 和子网掩码
      dhcp4: false                    # 关闭 DHCP
      routes:
        - to: default                 # 默认路由
          via: 192.168.0.1           # 网关地址
      nameservers:
        addresses: [192.168.0.1, 114.114.114.114]  # DNS 服务器
#生效配置
netplan apply     

#主机复用原测试环境，主机hostname根据需求调整
#节点1：192.168.0.150 node1
hostnamectl set-hostname node1
#节点2：192.168.0.151 node2
hostnamectl set-hostname node2
#节点3：192.168.0.152 node3
hostnamectl set-hostname node3

3、调整hosts及时间同步

#添加host配置
cat >> /etc/hosts << EOF
192.168.0.150 node1
192.168.0.151 node2
192.168.0.152 node3
EOF
#node节点主机如果是使用其他主机克隆时，注意调整/etc/hosts中127.0.1.1配置，克隆主机默认为原始主机配置

#调整系统时区配置
timedatectl set-timezone Asia/Shanghai

#安装时间同步工具chrony
apt install chrony -y

#添加时间同步源/etc/chrony/chrony.conf
echo "server time1.aliyun.com iburst" >> /etc/chrony/chrony.conf

#启动服务
systemctl start chrony
systemctl enable chrony

#检查运行状态
chronyc sources -v

4、配置免密登录

#192.168.0.150主机执行
root@node1:/etc/ansible# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:40g2VL66TKcfb0X5l3alhHZscxP2mgOhL075cocK4iA root@node1
The key's randomart image is:
+---[RSA 3072]----+
|        .        |
|       o    .  o |
|      . .  . =. o|
|     .   .. * *.+|
|      + S  = * *+|
|     o = .+ o *oo|
|  E . = =o + ..o.|
|   . = = ++ + .  |
|      =...o+ .   |
+----[SHA256]-----+
#首次配置免密需要手动输入密码
root@node1:/etc/ansible# ssh-copy-id test@192.168.0.151  
root@node1:/etc/ansible# ssh-copy-id test@192.168.0.152 

二、Ansible部署

1、Ansible安装

Ansible安装方式有2种，具体安装方式如下：

1.1、使用apt安装

在线安装：

#联网情况下
apt update
apt install ansible -y

离线安装：

#离线环境
#在可联网主机创建相同环境架构本地环境/虚拟机下载安装包及依赖
mkdir -p /data/ansible_download/ #目录根据实际进行调整
cd /data/ansible_download/
#下载软件包及依赖
apt download ansible $(apt-rdepends ansible | grep -v "^ " | grep -v "^lib")
root@node1:/data/ansible_download# ll
total 17128
drwxr-xr-x 2 root root     4096 Jun  3 22:13 ./
drwxr-xr-x 3 root root     4096 Jun  3 22:13 ../
-rw-r--r-- 1 root root 17530700 Apr 29  2021 ansible_2.10.7+merged+base+2.10.8+dfsg-1_all.deb
#安装,如果有其他deb安装包，添加到命令
apt install ./ansible_2.10.7+merged+base+2.10.8+dfsg-1_all.deb -y

安装验证：

#安装验证
root@node1:/data/ansible_download# ansible --version
ansible 2.10.8
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.10.12 (main, Feb  4 2025, 14:57:36) [GCC 11.4.0]

1.2、使用pip安装

在线安装：

#联网情况下
apt update
apt install python3-pip -y
pip3 install ansible
#默认源安装较慢时
pip3 install ansible --index-url https://pypi.tuna.tsinghua.edu.cn/simple

离线安装：

#离线环境
#在可联网主机创建相同环境架构本地环境/虚拟机下载安装包及依赖
mkdir -p /data/ansible_download/ #目录根据实际进行调整
cd /data/ansible_download/
#下载软件包
pip3 download ansible
#如果默认源下载较慢，可以使用
#国内常用镜像源
#清华：https://pypi.tuna.tsinghua.edu.cn/simple
#阿里云：https://mirrors.aliyun.com/pypi/simple/
#腾讯云：https://mirrors.cloud.tencent.com/pypi/simple
#华为云：https://repo.huaweicloud.com/repository/pypi/simple
pip3 download ansible --index-url https://pypi.tuna.tsinghua.edu.cn/simple
#安装
pip3 install --no-index --find-links=./ ansible

安装验证：

#安装验证
root@node1:/data/ansible_download# ansible --version
ansible [core 2.17.12]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.12 (main, Feb  4 2025, 14:57:36) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True

2、Ansible配置文件

2.1、主配置文件

位置（按优先级从高到低）：

• 当前目录下的 ./ansible.cfg

• 用户家目录下的 ~/.ansible.cfg

• 系统全局的 /etc/ansible/ansible.cfg

创建方法：

# 创建默认配置文件
mkdir -p /etc/ansible/
mkdir -p /etc/ansible/{inventory,group_vars,host_vars,roles,files,templates}
touch /etc/ansible/ansible.cfg

#生成默认配置（配置较多，使用常用配置项即可）
ansible-config init --disabled > /etc/ansible/ansible.cfg

常用配置内容：

[defaults]
# 安全设置
# 禁用SSH主机密钥检查(测试环境用)
host_key_checking = False

# 禁用弃用警告
deprecation_warnings = False

# 性能优化
# 并发进程数
forks = 50
# 智能收集facts
gathering = smart
# 缓存facts加速后续执行
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_facts
# 缓存24小时
fact_caching_timeout = 86400

# 路径设置
# 默认库存文件
inventory = /etc/ansible/hosts
# 角色搜索路径
roles_path = /etc/ansible/roles
# 日志记录
log_path = /var/log/ansible.log

[privilege_escalation]
# 默认启用权限提升,根据需求配置
become = True
# 使用sudo                 
become_method = sudo
# 提升为root
become_user = root
# 不提示sudo密码
become_ask_pass = False

[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
# 启用管道加速
pipelining = True

2.2、库存文件 (Inventory File)

默认位置：/etc/ansible/hosts

创建方法：

#以自定义为例
mkdir -p /etc/ansible/
touch /etc/ansible/hosts 

配置内容：

# 简单主机定义
[ubuntu_servers]
192.168.0.151
192.168.0.152 ansible_port=22  # 自定义SSH端口

2.3、主机变量文件

位置：通常在库存文件所在目录的 host_vars/ 和 group_vars/ 子目录中

创建方法：

mkdir -p /etc/ansible/{host_vars,group_vars}

示例：

# /etc/ansible/group_vars/all.yml
---
ansible_python_interpreter: /usr/bin/python3
timezone: UTC

# /etc/ansible/host_vars/web1.example.com.yml
---
http_port: 8080
max_clients: 200

2.4、Ansible Vault 密码文件（可选）

用于加密敏感数据：

#全局存储
echo "my_vault_password" > /etc/ansible/vault_pass.txt
chmod 600 /etc/ansible/vault_pass.txt

#用户级存储
#在用户目录下创建
mkdir -p ~/.ansible/
echo "your_vault_password" > ~/.ansible/vault_pass
chmod 600 ~/.ansible/vault_pass

2.5、配置文件优先级

Ansible 按以下顺序查找配置文件：

1. ANSIBLE_CONFIG 环境变量指定的文件

2. 当前目录下的 ansible.cfg

3. 用户家目录下的 ~/.ansible.cfg

4. /etc/ansible/ansible.cfg

推荐目录结构如下：

ansible_project/
├── ansible.cfg          # 项目级配置
├── inventory/           # 库存目录
│   ├── hosts            # 主库存文件
│   ├── host_vars/       # 主机变量
│   └── group_vars/      # 组变量
├── roles/               # 自定义角色
├── playbooks/           # playbook 文件
└── files/               # 文件资源

验证配置文件：

#测试配置文件目录结构如下
root@node1:/etc/ansible# tree /etc/ansible
/etc/ansible
├── ansible.cfg
├── files
├── group_vars
│   └── all.yml
├── hosts
├── host_vars
├── inventory
├── roles
└── templates
root@node1:/etc/ansible# ansible --version          
ansible [core 2.17.12]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.10/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.10.12 (main, Feb  4 2025, 14:57:36) [GCC 11.4.0] (/usr/bin/python3)
  jinja version = 3.0.3
  libyaml = True

2.6、测试

#免密配置为test用户，直接执行ansible ubuntu_servers -m command -u test -a 'df -h'因配置开启权限提升，会出现执行失败情况，现象如下：
root@node1:/etc/ansible# ansible ubuntu_servers -m command -u test -a 'ls /tmp'
192.168.0.151 | FAILED | rc=-1 >>
Missing sudo password
192.168.0.152 | FAILED | rc=-1 >>
Missing sudo password

#处理方式1：可以通过-K参数手动输入密码
root@node1:/etc/ansible# ansible ubuntu_servers -m command -u test -a 'df -h' -K
BECOME password: 
192.168.0.151 | CHANGED | rc=0 >>
Filesystem                         Size  Used Avail Use% Mounted on
tmpfs                              197M  1.1M  196M   1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv   15G  7.0G  7.0G  51% /
tmpfs                              982M     0  982M   0% /dev/shm
tmpfs                              5.0M     0  5.0M   0% /run/lock
/dev/sda2                          2.0G  252M  1.6G  14% /boot
tmpfs                              197M  4.0K  197M   1% /run/user/1000
192.168.0.152 | CHANGED | rc=0 >>
Filesystem                         Size  Used Avail Use% Mounted on
tmpfs                              197M  1.1M  196M   1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv   15G  6.5G  7.5G  47% /
tmpfs                              982M     0  982M   0% /dev/shm
tmpfs                              5.0M     0  5.0M   0% /run/lock
/dev/sda2                          2.0G  252M  1.6G  14% /boot
tmpfs                              197M  4.0K  197M   1% /run/user/1000

#方式2：关闭权限提升配置，编辑ansible.cfg配置，将become=true，改为become=false
root@node1:/etc/ansible# ansible ubuntu_servers -m command -u test -a 'df -h'
192.168.0.151 | CHANGED | rc=0 >>
Filesystem                         Size  Used Avail Use% Mounted on
tmpfs                              197M  1.1M  196M   1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv   15G  7.0G  7.0G  51% /
tmpfs                              982M     0  982M   0% /dev/shm
tmpfs                              5.0M     0  5.0M   0% /run/lock
/dev/sda2                          2.0G  252M  1.6G  14% /boot
tmpfs                              197M  4.0K  197M   1% /run/user/1000
192.168.0.152 | CHANGED | rc=0 >>
Filesystem                         Size  Used Avail Use% Mounted on
tmpfs                              197M  1.1M  196M   1% /run
/dev/mapper/ubuntu--vg-ubuntu--lv   15G  6.5G  7.5G  47% /
tmpfs                              982M     0  982M   0% /dev/shm
tmpfs                              5.0M     0  5.0M   0% /run/lock
/dev/sda2                          2.0G  252M  1.6G  14% /boot
tmpfs                              197M  4.0K  197M   1% /run/user/1000