Ansible自动化安装软件操作指南
•软件实施
Ansible自动化安装软件操作指南
Ansible是一款开源的配置管理和自动化工具,无需在目标主机安装Agent即可实现大规模服务器的自动化管理。本文将详细介绍Ansible在软件实施中的应用。
一、Ansible概述
1. 什么是Ansible
Ansible是一款基于Python开发的自动化运维工具,主要用于:
- 配置管理:统一管理服务器配置
- 软件部署:自动化安装软件
- 任务编排:按顺序执行一系列任务
- 应用发布:实现自动化应用发布
2. Ansible特点
| 特点 | 说明 | |------|------| | 无Agent | 不需要在被控主机安装Agent | | 简单易用 | 基于YAML语言,易读易写 | | 强大灵活 | 支持多种模块、Playbook | | 跨平台 | 支持Linux、Windows、网络设备 |
二、安装Ansible
1. 在Ubuntu/Debian上安装
# 更新软件包
sudo apt update
# 安装Ansible
sudo apt install -y ansible
# 验证安装
ansible --version
2. 在CentOS/RHEL上安装
# 安装EPEL仓库
sudo yum install -y epel-release
# 安装Ansible
sudo yum install -y ansible
# 验证安装
ansible --version
3. 使用Python pip安装
# 安装pip(如果未安装)
sudo apt install -y python3-pip
# 安装Ansible
pip3 install ansible
# 验证安装
ansible --version
三、基础配置
1. 配置Inventory文件
# 编辑主机清单文件
sudo vim /etc/ansible/hosts
添加以下内容:
# 主机分组
[web_servers]
web01 ansible_host=192.168.1.10 ansible_user=admin
web02 ansible_host=192.168.1.11 ansible_user=admin
[db_servers]
db01 ansible_host=192.168.1.20 ansible_user=admin
[all_servers:children]
web_servers
db_servers
# 组变量
[web_servers:vars]
ansible_ssh_private_key_file=~/.ssh/id_rsa
[all_servers:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
2. 配置SSH免密登录
# 生成SSH密钥
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""
# 复制公钥到目标主机
ssh-copy-id admin@192.168.1.10
ssh-copy-id admin@192.168.1.11
ssh-copy-id admin@192.168.1.20
3. 配置Ansible.cfg
# 编辑主配置文件
sudo vim /etc/ansible/ansible.cfg
常用配置:
[defaults]
# 主机清单文件
inventory = /etc/ansible/hosts
# 并发连接数
forks = 10
# 禁用主机密钥检查
host_key_checking = False
# 超时时间
timeout = 30
# Playbook默认路径
roles_path = /etc/ansible/roles
# 日志文件
log_path = /var/log/ansible.log
[privilege_escalation]
# 启用sudo
become = True
# sudo方式
become_method = sudo
# sudo用户
become_user = root
# 不需要密码
become_ask_pass = False
4. 测试连接
# 测试所有主机连接
ansible all -m ping
# 测试特定主机组
ansible web_servers -m ping
# 测试单个主机
ansible web01 -m ping
四、常用模块介绍
1. 命令执行模块
command模块:
# 执行简单命令
ansible web01 -m command -a "uptime"
# 创建目录
ansible web01 -m command -a "mkdir -p /data/temp"
shell模块(支持管道和重定向):
# 执行复杂命令
ansible web01 -m shell -a "ps aux | grep nginx"
# 查看磁盘空间
ansible all -m shell -a "df -h"
script模块(执行本地脚本):
# 在远程主机执行本地脚本
ansible web_servers -m script -a "/path/to/local/script.sh"
2. 文件操作模块
copy模块(复制文件):
# 复制本地文件到远程
ansible web01 -m copy -a "src=/local/path/file.conf dest=/etc/nginx/conf.d/ mode=0644"
# 复制目录
ansible web01 -m copy -a "src=/local/path/conf.d/ dest=/etc/nginx/conf.d/"
file模块(文件操作):
# 创建目录
ansible web01 -m file -a "path=/data/app state=directory mode=0755"
# 创建软链接
ansible web01 -m file -a "src=/data/app/current dest=/data/app/latest state=link"
# 删除文件
ansible web01 -m file -a "path=/tmp/test.txt state=absent"
3. 包管理模块
apt模块(Debian/Ubuntu):
# 更新软件包缓存
ansible web_servers -m apt -a "update_cache=yes"
# 安装软件
ansible web_servers -m apt -a "name=nginx state=present"
# 安装多个软件
ansible web_servers -m apt -a "name=['nginx','git','vim'] state=present"
# 卸载软件
ansible web_servers -m apt -a "name=apache2 state=absent"
yum/dnf模块(CentOS/RHEL):
# 安装软件
ansible db_servers -m yum -a "name=mysql-server state=present"
# 启用EPEL
ansible db_servers -m yum -a "name=epel-release state=present"
4. 服务管理模块
service/systemd模块:
# 启动服务
ansible web01 -m service -a "name=nginx state=started"
# 停止服务
ansible web01 -m service -a "name=nginx state=stopped"
# 重启服务
ansible web01 -m service -a "name=nginx state=restarted"
# 重新加载配置
ansible web01 -m service -a "name=nginx state=reloaded"
# 设置开机自启
ansible web01 -m service -a "name=nginx enabled=yes"
5. 用户管理模块
user模块:
# 创建用户
ansible all -m user -a "name=deploy shell=/bin/bash home=/home/deploy"
# 删除用户
ansible all -m user -a "name=olduser state=absent remove=yes"
# 设置密码(使用加密密码)
ansible all -m user -a "name=deploy password='$6$encrypted_hash'"
五、Playbook实战
1. Playbook基础结构
创建第一个Playbook:
# 创建Playbook文件
vim install_nginx.yml
---
- name: 安装和配置Nginx
hosts: web_servers
become: yes
tasks:
- name: 安装Nginx
apt:
name: nginx
state: present
update_cache: yes
- name: 启动并启用Nginx
service:
name: nginx
state: started
enabled: yes
- name: 复制Nginx配置文件
copy:
src: files/nginx.conf
dest: /etc/nginx/nginx.conf
mode: '0644'
notify: 重启Nginx
handlers:
- name: 重启Nginx
service:
name: nginx
state: restarted
2. 执行Playbook
# 检查Playbook语法
ansible-playbook --syntax-check install_nginx.yml
# 模拟执行(不实际修改)
ansible-playbook --check install_nginx.yml
# 正式执行
ansible-playbook install_nginx.yml
# 执行并显示详细信息
ansible-playbook -v install_nginx.yml
3. 使用变量
创建变量文件:
vim vars/main.yml
---
# 软件包列表
web_packages:
- nginx
- git
- vim
- curl
# 应用配置
app_name: myapp
app_path: "/data/{{ app_name }}"
app_user: deploy
在Playbook中使用变量:
---
- name: 使用变量安装软件
hosts: web_servers
become: yes
vars_files:
- vars/main.yml
tasks:
- name: 安装基础软件包
apt:
name: "{{ web_packages }}"
state: present
- name: 创建应用目录
file:
path: "{{ app_path }}"
state: directory
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: '0755'
4. 使用条件判断
---
- name: 根据系统类型安装软件
hosts: all
become: yes
tasks:
- name: 在Debian/Ubuntu上安装软件
apt:
name: nginx
state: present
when: ansible_os_family == "Debian"
- name: 在CentOS/RHEL上安装软件
yum:
name: nginx
state: present
when: ansible_os_family == "RedHat"
5. 使用循环
---
- name: 批量创建用户
hosts: all
become: yes
vars:
users:
- name: user1
shell: /bin/bash
- name: user2
shell: /bin/bash
- name: user3
shell: /sbin/nologin
tasks:
- name: 创建用户
user:
name: "{{ item.name }}"
shell: "{{ item.shell }}"
state: present
loop: "{{ users }}"
六、实战案例:完整的软件部署
1. 部署Nginx + PHP + MySQL
创建完整的部署Playbook:
vim deploy_web_stack.yml
---
- name: 部署Web服务器栈
hosts: web_servers
become: yes
vars:
mysql_root_password: "your_strong_password"
mysql_db_name: "app_db"
mysql_db_user: "app_user"
mysql_db_password: "app_password"
tasks:
- name: 更新APT缓存
apt:
update_cache: yes
cache_valid_time: 3600
- name: 安装Nginx
apt:
name: nginx
state: present
- name: 安装PHP及扩展
apt:
name:
- php
- php-fpm
- php-mysql
- php-curl
- php-gd
state: present
- name: 安装MySQL
apt:
name:
- mysql-server
- python3-pymysql
state: present
- name: 启动并启用服务
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- nginx
- php8.2-fpm
- mysql
- name: 配置MySQL root密码
mysql_user:
name: root
password: "{{ mysql_root_password }}"
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 创建应用数据库
mysql_db:
name: "{{ mysql_db_name }}"
state: present
login_user: root
login_password: "{{ mysql_root_password }}"
- name: 创建数据库用户
mysql_user:
name: "{{ mysql_db_user }}"
password: "{{ mysql_db_password }}"
priv: "{{ mysql_db_name }}.*:ALL"
state: present
login_user: root
login_password: "{{ mysql_root_password }}"
- name: 复制Nginx虚拟主机配置
copy:
src: templates/nginx_vhost.conf
dest: /etc/nginx/sites-available/app.conf
mode: '0644'
- name: 启用站点
file:
src: /etc/nginx/sites-available/app.conf
dest: /etc/nginx/sites-enabled/app.conf
state: link
notify: 重启Nginx
handlers:
- name: 重启Nginx
service:
name: nginx
state: restarted
2. 使用Roles组织代码
创建Roles结构:
mkdir -p /etc/ansible/roles/nginx/{tasks,templates,handlers,vars}
mkdir -p /etc/ansible/roles/php/{tasks,vars}
mkdir -p /etc/ansible/roles/mysql/{tasks,vars}
创建nginx Role任务:
vim /etc/ansible/roles/nginx/tasks/main.yml
---
- name: 安装Nginx
apt:
name: nginx
state: present
- name: 配置Nginx
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: 重启Nginx
- name: 启动Nginx
service:
name: nginx
state: started
enabled: yes
创建主Playbook使用Roles:
vim deploy_with_roles.yml
---
- name: 使用Roles部署Web服务
hosts: web_servers
become: yes
roles:
- nginx
- php
- mysql
七、高级功能
1. 使用Templates
创建Jinja2模板文件:
vim templates/nginx_vhost.conf.j2
server {
listen 80;
server_name {{ server_name }};
root {{ document_root }};
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
在Playbook中使用:
- name: 配置Nginx虚拟主机
template:
src: templates/nginx_vhost.conf.j2
dest: /etc/nginx/sites-available/app.conf
vars:
server_name: example.com
document_root: /var/www/html
php_version: "8.2"
2. 使用Vault加密敏感信息
# 创建加密的变量文件
ansible-vault create vars/secrets.yml
# 编辑加密文件
ansible-vault edit vars/secrets.yml
# 加密现有文件
ansible-vault encrypt vars/secrets.yml
# 解密文件
ansible-vault decrypt vars/secrets.yml
# 执行Playbook时使用Vault
ansible-playbook --ask-vault-password site.yml
3. 并行执行与策略
---
- name: 并行部署示例
hosts: all
serial: 2 # 每批执行2台主机
strategy: linear # 线性执行
# strategy: free # 自由执行
tasks:
- name: 安装软件
apt:
name: nginx
state: present
八、最佳实践
1. 目录结构建议
/etc/ansible/
├── ansible.cfg # 主配置文件
├── hosts # 主机清单
├── playbooks/ # Playbook目录
│ ├── web.yml
│ └── db.yml
├── roles/ # Roles目录
│ ├── nginx/
│ ├── php/
│ └── mysql/
├── templates/ # 模板文件
├── files/ # 静态文件
├── vars/ # 变量文件
└── group_vars/ # 组变量
2. 常用管理命令
# 查看主机列表
ansible all --list-hosts
# 收集主机信息
ansible web01 -m setup
# 显示模块帮助
ansible-doc apt
# 查看Playbook执行计划
ansible-playbook --list-tasks site.yml
# 检查执行影响的主机
ansible-playbook --list-hosts site.yml
九、故障排查
1. 常见问题
问题1:SSH连接失败
# 检查SSH是否能正常连接
ssh admin@192.168.1.10
# 检查Ansible配置
ansible web01 -m ping -vvv
问题2:权限不足
# 在Playbook中使用become
- name: 安装软件
apt:
name: nginx
state: present
become: yes
问题3:模块未找到
# 检查Python版本
python3 --version
# 检查Ansible模块
ansible-doc -l
总结
Ansible是软件实施中不可或缺的自动化工具。通过本文的学习,你可以:
- 快速安装和配置Ansible
- 使用Ansible进行日常运维
- 编写Playbook实现自动化部署
- 使用Roles组织复杂项目
掌握Ansible将大幅提升软件实施的效率和标准化水平。