当前位置:首页 > 行业动态 > 正文

linux如何使用Ansible让系统管理自动化

Ansible简介

Ansible是一个开源的IT自动化工具,用于配置管理、应用部署、任务执行和多节点协调,通过SSH协议,可以在远程服务器上以安全的方式执行命令,实现对系统资源的管理,Ansible使用YAML语言编写的Playbook来描述任务流程,可以轻松地将任务模块化、可重复使用和可扩展。

Ansible安装与配置

1、安装Ansible

在Linux系统中,可以通过以下命令安装Ansible:

sudo apt-get update
sudo apt-get install software-properties-common
sudo apt-add-repository --yes --update ppa:ansible/ansible
sudo apt-get install ansible

2、配置Ansible

在安装完成后,需要对Ansible进行基本配置,编辑/etc/ansible/ansible.cfg文件,设置以下参数:

[defaults]
inventory = /etc/ansible/hosts
remote_user = root
private_key_file = ~/.ssh/id_rsa

3、创建主机清单文件

在/etc/ansible/hosts文件中,添加主机信息。

[group1]
host1 ansible_host=192.168.1.1 ansible_user=root ansible_connection=local
host2 ansible_host=192.168.1.2 ansible_user=root ansible_connection=local
[group2]
host3 ansible_host=192.168.1.3 ansible_user=root ansible_connection=local
host4 ansible_host=192.168.1.4 ansible_user=root ansible_connection=local

使用Ansible编写Playbook

1、创建Playbook文件

使用文本编辑器创建一个名为example.yml的Playbook文件,编写以下内容:


name: Install Nginx
  hosts: all
  tasks:
    name: Update package list
      apt:
        name: "{{ item }}" state=present update_cache=yes
      with_items:
        nginx
        php-fpm php-mysqlnd php-gd php-xml php-mbstring php-curl php-bcmath php-ldap php-json php-tokenizer php-mcrypt php-apcu php-intl php-soap curl php-dev libxml2 zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev wget git libc6 libncurses5-dev unzip automake libtool bison subversion python3 python3-pip python3-dev python3-venv zip g++ make cmake libboost-all-dev libbz2-dev libffi-dev libpq-dev nodejs npm supervisor virtualenv python3-venv python3-setuptools pip xz-utils tar git mercurial orwpan emacs emacs24 m4 libgtk2.0-dev libwebkitgtk-dev libnotify-dev libnss3-dev libxslt1.1 libxml2-dev libxsltproc-dev libgconf2-dev libgdk-pixbuf2.0-dev libpangocairo-1.0-0 libatk1.0-0 libatkmm1.6-1 libgtk2.0-0 libpcre3-dev libjpeg62 libcap2-bin zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc zlib1g zlibc --with-openssl --with-python --with-python3 --with-systemd --with-systemdsystemunitdir=/usr/share/systemd/system --with-selinux --with-selinuxtypes --with-cacertdir=/etc/ssl/certs --with-cacert=/etc/ssl/certs/cacert.pem --with-validationchecksum true 
      git clone https://github.com/ansible/ansible.git $HOME/ansible 
      cd $HOME/ansible && git checkout release/2.9 
      cd $HOME/ansible && git pull origin master 
      cd $HOME/ansible && make && make install 
      mkdir ~/.ansible 
      cp ~/.vimrc ~/.emacs ~/.inputrc ~/.profile ~/.bashrc ~/.bash_profile ~/.bash_login ~/.config/fish/config.fish ~/.config/polybar/launch.sh ~ 
      chown root:root * 
      chmod go+rwx * 
"
     become: yes become_method: sudo 
     become_user: root 
     when: "'group1|group2' in groupnames" 
     become_ask_pass: yes
     become_pass: "{{ lookup('passwordfile', 'admin') | b64decode('utf-8') }}
"
     notify:
         Reload Nginx
         Run Service
         SSH Reconnect
     tasks:
        -
            ping:
                host: localhost
                register: result
                ignore_errors: yes
            Debug:
                var: result.stdout_lines
        name: Install Nginx
          nginx:
            enabled: yes
            state: present
            update_cache: yes
            enablerepo: extras
            docroot: /var/www/html
            errorlog: /var/log/nginx/error.log
            accesslog: /var/log/nginx/access.log
            http_proxy: http://{{ inventory_hostname }}
            https_proxy: https://{{ inventory_hostname }}
            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/htpasswd;
            keepalive_timeout 65;
            listen [::]:80 default_server;
            listen [::]:443 default_server {
                return ("HTTPS required")
            }
         notify:
             Reload Nginx
         runservice:
             name: service apache2 restart
pip install requests==2.25.1
pip freeze > requirements.txt
cd ~ && git clone https://github.com/jakevdp/
gitbucket gitbucket
cd gitbucket && git remote add upstream https://github.com/jakevdp/
gitbucket && git fetch upstream && git rebase upstream/master --autostash --keep-index && git push origin master --force --quiet --set-upstream origin master && cd ~ && pip install dist/*whl >> requirements.txt
cd $HOME && git add requirements.txt && git commit -
adcommit message="Upgrade dependencies" && git push origin master --force --quiet --set-upstream origin master && cd ~ && pip install virtualenvwrapper >> requirements.txt && echo export WORKON_HOME=$HOME >> ~.bashrc && echo export VIRTUALENVWRAPPER_PYTHON=python3 >> ~.bashrc && source ~.bashrc && workon venv && cd venv && source bin/activate && pip install wheel >> requirements.txt && pip wheel * >> requirements.txt && deactivate
noopierun pip install --requirement
0