這是本文件的舊版!
運用 Ansible 進行多主機管理
- 管理端環境 :
- CT - Ubuntu 20.04 LTS (2 vCore/ 2G RAM / 20G SSD)
- 預計使用 git 管理 ansible 的定義檔
安裝程序
sudo apt install ansible git sshpass確認版本
jonathan@ct-ansible:~$ ansible --version ansible 2.9.6 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/jonathan/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible python version = 3.8.10 (default, May 26 2023, 14:05:08) [GCC 9.4.0]
- 設定自動寫入第一次 ssh 登入主機的 host key
sudo vi /etc/ansible/ansible.cfg[defaults] : : # uncomment this to disable SSH key host checking #host_key_checking = False host_key_checking = False :
建立主機清單檔 inventory.yaml
- Exp.
servers: hosts: aac: ansible_host: 192.168.11.249 ansible_port: 22 ansible_user: root ansible_ssh_pass: "mypassword" h470: ansible_host: 192.168.11.252 ansible_port: 22 ansible_connection: ssh ansible_user: root ansible_ssh_pass: "mypassword" - 簡單驗證
$ ansible all -i inventory.yaml --list-hosts hosts (2): aac h470
撰寫 playbook
1. upgrade.yaml
- 對 servers 群組主機指定安裝套件, 並針對以安裝套件進行更新, 如果有更新 Kernel 更新後自動重新開機
- hosts: servers become: true become_user: root tasks: - name: Ansible apt to install multiple packages - LAMP register: updatesys apt: update_cache: yes name: - python3-apt - snmp - libsasl2-modules state: present - name: Update apt repo and cache on all Debian/Ubuntu boxes apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 - name: Upgrade all packages on servers apt: upgrade=dist force_apt_get=yes - name: Check if a reboot is needed on all servers register: reboot_required_file stat: path=/var/run/reboot-required get_md5=no - name: Reboot the box if kernel updated reboot: msg: "Reboot initiated by Ansible for kernel updates" connect_timeout: 5 reboot_timeout: 300 pre_reboot_delay: 0 post_reboot_delay: 30 test_command: uptime when: reboot_required_file.stat.exists - 驗證執行命令(加上 –check)
ansible-playbook -i inventory.yaml upgrade.yaml -e ansible_python_interpreter=/usr/bin/python --check執行結果
$ ansible-playbook -i inventory.yaml upgrade.yaml -e ansible_python_interpreter=/usr/bin/python --check PLAY [servers] ****************************************************************************************************************************************************************************** TASK [Gathering Facts] ********************************************************************************************************************************************************************** ok: [aac] ok: [h470] TASK [Ansible apt to install multiple packages - LAMP] ************************************************************************************************************************************** changed: [h470] changed: [aac] TASK [Update apt repo and cache on all Debian/Ubuntu boxes] ********************************************************************************************************************************* ok: [h470] ok: [aac] TASK [Upgrade all packages on servers] ****************************************************************************************************************************************************** ok: [h470] ok: [aac] TASK [Check if a reboot is needed on all servers] ******************************************************************************************************************************************* ok: [h470] ok: [aac] TASK [Reboot the box if kernel updated] ***************************************************************************************************************************************************** skipping: [aac] skipping: [h470] PLAY RECAP ********************************************************************************************************************************************************************************** aac : ok=5 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 h470 : ok=5 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0