Ansible 2019(1)Introduction and Installation on Ubuntu and CentOS
程序员文章站
2022-03-30 19:23:04
...
Ansible 2019(1)Introduction and Installation on Ubuntu and CentOS
Ansible is using SSH, it can execute the shell commands.
Install Ansible on Ubuntu
> sudo apt-add-repository -y ppa:ansible/ansible
> sudo apt-get update
> sudo apt-get install ansible
> ansible --version
ansible 2.8.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/carl/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15+ (default, Oct 7 2019, 17:39:04) [GCC 7.4.0]
Prepare 2 workers machines for ubuntu latest version
> wget http://mirror.lstn.net/ubuntu-releases/19.04/ubuntu-19.04-live-server-amd64.iso
Set Up Clean 19.04 Ubuntu Machines
Set Up Root Password
> sudo passwd root
Set Up IP information
> cd /etc/netplan/
> sudo vi 50-cloud-init.yaml
network:
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: no
addresses: [192.168.56.102/24]
gateway4: 192.168.56.0
nameservers:
addresses: [8.8.8.8,8.8.4.4]
version: 2
> sudo netplan apply
I try to verify on ubuntu-master, ubuntu-worker1, ubuntu-worker2, so the hosts file will be like this
> cat /etc/hosts
192.168.56.101 ubuntu-master
192.168.56.102 ubuntu-worker1
192.168.56.103 ubuntu-worker2
On the master machine, ubuntu-master, copy the keys to workers
> ssh-copy-id -i ~/.ssh/id_rsa.pub carl@ubuntu-worker1
> ssh-copy-id -i ~/.ssh/id_rsa.pub carl@ubuntu-worker2
Need to make the user execute sudo without password on all the workers
> sudo visudo
carl ALL=(ALL) NOPASSWD:ALL
Check workers list
> sudo vi /etc/ansible/hosts
ubuntu-master
[workers]
ubuntu-worker1
ubuntu-worker2
Try some commands and it works well
> ansible workers -u carl -a "df -h"
Promote password
> ansible workers -b -K -u carl -a "apt update"
No Password
>ansible workers -b -u carl -a "apt update"
Not working on ubuntu 19.04?
Solution:
https://askubuntu.com/questions/504652/adding-nopasswd-in-etc-sudoers-doesnt-work
https://www.tecrobust.com/run-sudo-command-without-password-in-ubuntu/
Need to add this line to the end of the file
carl ALL=(ALL) NOPASSWD:ALL
After that, these commands works
> ansible workers -b -u carl -a "apt update"
Playbook
> cat playbook.yml
---
- hosts: workers
become: true
become_user: carl
tasks:
- name: check disk
command: df -h
> ansible-playbook -u carl playbook.yml
Update the softwares there
> cat playbook.yml
---
- hosts: workers
become: true
become_user: carl
tasks:
- name: update
command: apt update
become_user: root
become_method: sudo
- name: install
command: apt dist-upgrade
become_user: root
become_method: sudo
Shutdown all the workers
> ansible workers -b -u carl -a "shutdown -h now"
Install on CentOS
> sudo yum install ansible
Check the version
> ansible --version
ansible 2.8.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/carl/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Generate SSH Key On CentOS
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-centos7
> ssh-keygen
Copy the keys to workers
> ssh-copy-id -i ~/.ssh/id_rsa.pub rancher-worker1
> ssh-copy-id -i ~/.ssh/id_rsa.pub rancher-worker2
No password to execute sudo command
> sudo visudo
%wheel ALL=(ALL) NOPASSWD: ALL
Check workers list
> sudo vi /etc/ansible/hosts
rancher-home
[workers]
rancher-worker1
rancher-worker2
Try some commands and it works well
> ansible workers -u carl -a "df -h"
Promote password
> ansible workers -b -K -u carl -a 'yum update'
No Password
> ansible workers -b -u carl -a 'yum update'
It can be more complex if we need it to be
---
- hosts: sillycat-redis:sillycat-db:sillycat-els
remote_user: centos
tasks:
- name: curl
shell: 'curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.2.1-x86_64.rpm'
- name: rpm
shell: 'rpm -vi metricbeat-7.2.1-x86_64.rpm'
become: yes
become_user: root
become_method: sudo
- name: copy
copy: src=./etc/metricbeat.yml dest=/etc/metricbeat/metricbeat.yml
become: yes
become_user: root
become_method: sudo
- name: enable
shell: 'metricbeat modules enable system'
become: yes
become_user: root
become_method: sudo
- name: setup
shell: 'metricbeat setup'
become: yes
become_user: root
become_method: sudo
- name: start
shell: 'service metricbeat start'
become: yes
become_user: root
become_method: sudo
- name: auto start
shell: 'systemctl enable metricbeat'
become: yes
become_user: root
become_method: sudo
- name: rm install file
shell: 'rm -f metricbeat-7.2.1-x86_64.rpm'
- hosts: sillycat-redis
remote_user: centos
tasks:
- name: enable
shell: 'metricbeat modules enable redis'
become: yes
become_user: root
become_method: sudo
- name: restart
shell: 'systemctl restart metricbeat'
become: yes
become_user: root
become_method: sudo
- hosts: sillycat-db
remote_user: centos
tasks:
- name: enable
shell: 'metricbeat modules enable mysql'
become: yes
become_user: root
become_method: sudo
- name: restart
shell: 'systemctl restart metricbeat'
become: yes
become_user: root
become_method: sudo
- hosts: sillycat-els
remote_user: centos
tasks:
- name: enable
shell: 'metricbeat modules enable elasticsearch'
become: yes
become_user: root
become_method: sudo
- name: restart
shell: 'systemctl restart metricbeat'
become: yes
become_user: root
become_method: sudo
References:
https://www.cnblogs.com/sparkdev/p/9905290.html
https://www.ansible.com/
https://github.com/ansible/ansible
https://docs.ansible.com/ansible/latest/index.html
https://*.com/questions/25582740/missing-sudo-password-in-ansible
https://askubuntu.com/questions/504652/adding-nopasswd-in-etc-sudoers-doesnt-work
Ansible is using SSH, it can execute the shell commands.
Install Ansible on Ubuntu
> sudo apt-add-repository -y ppa:ansible/ansible
> sudo apt-get update
> sudo apt-get install ansible
> ansible --version
ansible 2.8.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/carl/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15+ (default, Oct 7 2019, 17:39:04) [GCC 7.4.0]
Prepare 2 workers machines for ubuntu latest version
> wget http://mirror.lstn.net/ubuntu-releases/19.04/ubuntu-19.04-live-server-amd64.iso
Set Up Clean 19.04 Ubuntu Machines
Set Up Root Password
> sudo passwd root
Set Up IP information
> cd /etc/netplan/
> sudo vi 50-cloud-init.yaml
network:
ethernets:
enp0s3:
dhcp4: true
enp0s8:
dhcp4: no
addresses: [192.168.56.102/24]
gateway4: 192.168.56.0
nameservers:
addresses: [8.8.8.8,8.8.4.4]
version: 2
> sudo netplan apply
I try to verify on ubuntu-master, ubuntu-worker1, ubuntu-worker2, so the hosts file will be like this
> cat /etc/hosts
192.168.56.101 ubuntu-master
192.168.56.102 ubuntu-worker1
192.168.56.103 ubuntu-worker2
On the master machine, ubuntu-master, copy the keys to workers
> ssh-copy-id -i ~/.ssh/id_rsa.pub carl@ubuntu-worker1
> ssh-copy-id -i ~/.ssh/id_rsa.pub carl@ubuntu-worker2
Need to make the user execute sudo without password on all the workers
> sudo visudo
carl ALL=(ALL) NOPASSWD:ALL
Check workers list
> sudo vi /etc/ansible/hosts
ubuntu-master
[workers]
ubuntu-worker1
ubuntu-worker2
Try some commands and it works well
> ansible workers -u carl -a "df -h"
Promote password
> ansible workers -b -K -u carl -a "apt update"
No Password
>ansible workers -b -u carl -a "apt update"
Not working on ubuntu 19.04?
Solution:
https://askubuntu.com/questions/504652/adding-nopasswd-in-etc-sudoers-doesnt-work
https://www.tecrobust.com/run-sudo-command-without-password-in-ubuntu/
Need to add this line to the end of the file
carl ALL=(ALL) NOPASSWD:ALL
After that, these commands works
> ansible workers -b -u carl -a "apt update"
Playbook
> cat playbook.yml
---
- hosts: workers
become: true
become_user: carl
tasks:
- name: check disk
command: df -h
> ansible-playbook -u carl playbook.yml
Update the softwares there
> cat playbook.yml
---
- hosts: workers
become: true
become_user: carl
tasks:
- name: update
command: apt update
become_user: root
become_method: sudo
- name: install
command: apt dist-upgrade
become_user: root
become_method: sudo
Shutdown all the workers
> ansible workers -b -u carl -a "shutdown -h now"
Install on CentOS
> sudo yum install ansible
Check the version
> ansible --version
ansible 2.8.5
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/carl/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
Generate SSH Key On CentOS
https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-centos7
> ssh-keygen
Copy the keys to workers
> ssh-copy-id -i ~/.ssh/id_rsa.pub rancher-worker1
> ssh-copy-id -i ~/.ssh/id_rsa.pub rancher-worker2
No password to execute sudo command
> sudo visudo
%wheel ALL=(ALL) NOPASSWD: ALL
Check workers list
> sudo vi /etc/ansible/hosts
rancher-home
[workers]
rancher-worker1
rancher-worker2
Try some commands and it works well
> ansible workers -u carl -a "df -h"
Promote password
> ansible workers -b -K -u carl -a 'yum update'
No Password
> ansible workers -b -u carl -a 'yum update'
It can be more complex if we need it to be
---
- hosts: sillycat-redis:sillycat-db:sillycat-els
remote_user: centos
tasks:
- name: curl
shell: 'curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.2.1-x86_64.rpm'
- name: rpm
shell: 'rpm -vi metricbeat-7.2.1-x86_64.rpm'
become: yes
become_user: root
become_method: sudo
- name: copy
copy: src=./etc/metricbeat.yml dest=/etc/metricbeat/metricbeat.yml
become: yes
become_user: root
become_method: sudo
- name: enable
shell: 'metricbeat modules enable system'
become: yes
become_user: root
become_method: sudo
- name: setup
shell: 'metricbeat setup'
become: yes
become_user: root
become_method: sudo
- name: start
shell: 'service metricbeat start'
become: yes
become_user: root
become_method: sudo
- name: auto start
shell: 'systemctl enable metricbeat'
become: yes
become_user: root
become_method: sudo
- name: rm install file
shell: 'rm -f metricbeat-7.2.1-x86_64.rpm'
- hosts: sillycat-redis
remote_user: centos
tasks:
- name: enable
shell: 'metricbeat modules enable redis'
become: yes
become_user: root
become_method: sudo
- name: restart
shell: 'systemctl restart metricbeat'
become: yes
become_user: root
become_method: sudo
- hosts: sillycat-db
remote_user: centos
tasks:
- name: enable
shell: 'metricbeat modules enable mysql'
become: yes
become_user: root
become_method: sudo
- name: restart
shell: 'systemctl restart metricbeat'
become: yes
become_user: root
become_method: sudo
- hosts: sillycat-els
remote_user: centos
tasks:
- name: enable
shell: 'metricbeat modules enable elasticsearch'
become: yes
become_user: root
become_method: sudo
- name: restart
shell: 'systemctl restart metricbeat'
become: yes
become_user: root
become_method: sudo
References:
https://www.cnblogs.com/sparkdev/p/9905290.html
https://www.ansible.com/
https://github.com/ansible/ansible
https://docs.ansible.com/ansible/latest/index.html
https://*.com/questions/25582740/missing-sudo-password-in-ansible
https://askubuntu.com/questions/504652/adding-nopasswd-in-etc-sudoers-doesnt-work