在这里，我们将给大家分享关于installansible2.10forcentos7的知识，同时也会涉及到如何更有效地ansible002连接被控端inventoryansible.cfgansibl

在这里，我们将给大家分享关于install ansible2.10 for centos7的知识，同时也会涉及到如何更有效地ansible 002 连接被控端 inventory ansible.cfg ansible-adhoc ansible 原理、ansible install node.js版本6、ansible 部署基于centos7+docker+nginx+openssl+v2版私有仓库、ansible-tower 3.1.1 release install script的内容。

• install ansible2.10 for centos7
• ansible 002 连接被控端 inventory ansible.cfg ansible-adhoc ansible 原理
• ansible install node.js版本6
• ansible 部署基于centos7+docker+nginx+openssl+v2版私有仓库
• ansible-tower 3.1.1 release install script

install ansible2.10 for centos7

环境准备

# cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)


# python
Python 3.7.11 (default, Jul 31 2022, 16:12:35) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] on linux
Type "help", "copyright", "credits" or "license" for more information.

# 记得更新 下面2个组件
pip install --upgrade setuptools

python3 -m pip install --upgrade pip

# 安装
pip install ansible 

# 查看效果
# ansible --version
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current version: 3.7.11 (default, Jul 31 2022, 16:12:35) [GCC 4.8.5 
20150623 (Red Hat 4.8.5-44)]. This feature will be removed from ansible-core in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ansible [core 2.11.12] 
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/python37/lib/python3.7/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /bin/ansible
  python version = 3.7.11 (default, Jul 31 2022, 16:12:35) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
  jinja version = 3.1.2
  libyaml = True

ansible 002 连接被控端 inventory ansible.cfg ansible-adhoc ansible 原理

OSC 请你来轰趴啦！1028 苏州源创会，一起寻宝 AI 时代

转：

ansible 002 连接被控端 inventory ansible.cfg ansible-adhoc ansible 原理

ssh 用普通用户连接被控端

配置主机清单 （/etc/hosts 域名解析为前提）

[root@workstation ansible]# cat hosts 
servera
serverb
[root@workstation ansible]# pwd
/etc/ansible
[root@workstation ansible]# 

建立免密

[root@workstation ansible]# ssh-keygen 

使被控端创建用户

[root@workstation ansible]# ansible all -m shell -a ''useradd ansible'' -k
SSH password: 
servera | CHANGED | rc=0 >>

serverb | CHANGED | rc=0 >>

[root@workstation ansible]# ansible all -m shell -a ''echo redhat | passwd --stdin ansible'' -k
SSH password: 
serverb | CHANGED | rc=0 >>
Changing password for user ansible.
passwd: all authentication tokens updated successfully.
servera | CHANGED | rc=0 >>
Changing password for user ansible.
passwd: all authentication tokens updated successfully.

配置与 ansible 用户的免密

[root@workstation ansible]# ssh-copy-id ansible@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ansible@servera''s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ''ansible@servera''"
and check to make sure that only the key(s) you wanted were added.

[root@workstation ansible]# ssh-copy-id ansible@serverb
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ansible@serverb''s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ''ansible@serverb''"
and check to make sure that only the key(s) you wanted were added.

[root@workstation ansible]# 



[root@workstation ansible]# ansible all -m shell -a ''pwd'' -k -u ansible
SSH password: 
servera | CHANGED | rc=0 >>
/home/ansible
serverb | CHANGED | rc=0 >>
/home/ansible
[root@workstation ansible]# 

默认改为 ansible 用户连接

[root@workstation ansible]# ansible all -m shell -a ''pwd''
servera | CHANGED | rc=0 >>
/home/ansible
serverb | CHANGED | rc=0 >>
/home/ansible
[root@workstation ansible]# 

设置被控端提权

[root@workstation ansible]# ansible all -m shell -a ''echo ansible ALL=(ALL) NOPASSWD: ALL > /etc/sudoers.d/ansible'' -u root -k 
SSH password: 
servera | CHANGED | rc=0 >>

serverb | CHANGED | rc=0 >>

ansible 这边并没有提权

[root@workstation ansible]# ansible all -m shell -a ''id''
servera | CHANGED | rc=0 >>
uid=1001(ansible) gid=1001(ansible) groups=1001(ansible) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
serverb | CHANGED | rc=0 >>
uid=1000(ansible) gid=1000(ansible) groups=1000(ansible) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@workstation ansible]# 

修改配置文件

成功提权

[root@workstation ansible]# ansible all -m shell -a ''id''
servera | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
serverb | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[root@workstation ansible]# 

[root@workstation ansible]# ansible all -m shell -a ''pwd''
servera | CHANGED | rc=0 >>
/home/ansible
serverb | CHANGED | rc=0 >>
/home/ansible
[root@workstation ansible]# 

定义 inventory

列出当前选择的主机

[root@workstation ansible]# ansible servera --list-hosts
hosts (1):
    servera

[root@workstation ansible]# ansible servera,serverb --list-hosts
hosts (2):
    servera
    serverb


[root@workstation ansible]# ansible httpd,mysql --list-hosts
hosts (3):
    servera
    serverb
    abc
[root@workstation ansible]# cat hosts 
[httpd]
servera
serverb

[mysql]
abc

[root@workstation ansible]# 
这里hosts为ini格式和那个yum差不多
不想加入组的用户得写在第一排。

[root@workstation ansible]# ansible ungrouped --list-hosts
hosts (1):
    servere
[root@workstation ansible]# head -n3 hosts 
servere
[httpd]
servera
[root@workstation ansible]# 
servere不属于任何组

组包含组

[root@workstation ansible]# vi hosts 
[root@workstation ansible]# ansible web --list-hosts
hosts (3):
    servera
    serverb
    abc
[root@workstation ansible]# cat hosts 
servere
[httpd]
servera
serverb

[mysql]
abc

[web:children]
httpd
mysql    #那么这里就只能写组，不可以写主机
[root@workstation ansible]# 

[web:children]
httpd
mysql 
[web]
fox        #这样才可以添加fox主机
ansible选择了两边主机，ansible会自动去重。

支持通配符
组和主机都通配

[root@workstation ansible]# ansible ''server*'' --list-hosts
hosts (3):
    servere
    servera
    serverb
[root@workstation ansible]# 

hosts 也可以连续定义

[root@workstation ansible]# ansible ''server*,!*server1'' --list-hosts
hosts (14):
    server2
    server3
    server4
    server5
    server6
    server7
    server8
    server9
    server10
    server11
    server12
    servere
    servera
    serverb
[root@workstation ansible]# 

唯独不要 server1

[root@workstation ansible]# ansible ''httpd,&mysql'' --list-hosts
hosts (1):
    server10
[root@workstation ansible]# cat hosts 
server[1:12]


servere
[httpd]
servera
serverb
server10
[mysql]
abc
server10
[web:children]
httpd
mysql
[root@workstation ansible]# 

既属于 web 又属于 httpd

boston,londor,&prod,!lb
在 boston 与 londor 同时也在 prod 但是去除 lb

正则表达式

有 s 或 h 字母 尾巴为 example.com 的
没带 ^ 就不是开头为 s 或 h

另外指定新的主机清单。读新的 hosts

[root@workstation ansible]# echo  servera  > file
[root@workstation ansible]# ansible servera -i file --list-hosts
  hosts (1):
    servera
[root@workstation ansible]# 

有关 ansible 常用参数
-m 指定模块
-a 指定模块参数
-u 指定被控端的连接用户 2
-k 密码验证，不指定就是秘钥验证
-i 指定主机清单 ansible servera -i file --list-hosts
--list-hosts 列出所选的主机

yaml 格式定义主机清单

比较完整的 yaml 写法

ini 格式转换 yaml

yaml 语法对程序更友好

配置文件

默认配置文件位置
[root@workstation ansible]# pwd
/etc/ansible
[root@workstation ansible]# ls
ansible.cfg  file  file.yaml  hosts  roles
[root@workstation ansible]# 

配置文件有优先级读取顺序
ANSIBLE_CONFIG = /tmp/ansible.cfg
当前目录下的ansible.cfg  ./
家目录   ~/.ansible.cfg
/etc/ansible/ansible.cfg

更改运行主机清单的路径

ansible.cfg 的参数

inventory      = ./hosts
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp
#local_tmp      = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks          = 5
inventory      = ./hosts
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp   被控端路径  py的临时运行目录的位置
#local_tmp      = ~/.ansible/tmp   主控端临时存储目录
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks          = 5       并发数  一次性连5台，再连5台
#poll_interval  = 15      探测任务执行如何  每15秒探测
#ask_pass      = True    密码验证   -k 默认false
#remote_port    = 22    被控端，端口号
remote_user = ansible    远程主机用什么连
[privilege_escalation]
become=True          要提权
become_method=sudo   
become_user=root     提权用户
become_ask_pass=False   不问提权密码
#host_key_checking = False     自动接受公钥  （好用）

log_path=/var/log/ansible.log   普通用户得改这个路径
普通用户写不了var/log
module_name = command  不指定模块默认为command模块

ad-hoc 指令

官方文档
https://docs.ansible.com/

搜索模块时搜索 builtin 内置模块

shell 模块
优点：功能强大
缺点：无法保证幂等性
ansible servera -m shell -a '' 命令''

来自官方文档的教诲 (狗头)

[root@workstation maosible]# ansible  servera -m shell -a ''chdir=/tmp pwd''
servera | CHANGED | rc=0 >>
/tmp
[root@workstation maosible]# 

[root@workstation maosible]# ansible  servera -m shell -a ''creates=/tmp/file pwd''
servera | SUCCESS | rc=0 >>
skipped, since /tmp/file exists
[root@workstation maosible]# 
文件存在，则不执行pwd

removes相反

command 模块为默认模块
ansible servera -a ''pwd''
command 不允许 > < | 之类。 他会当成字符串

raw 模块就是被削弱的 shell

script 模块
让脚本在被控端执行
这个脚本可以不需要执行权限，因为他会被解析成 py 文件，被控端通过执行 py 文件执行脚本

其他常用模块

authorized_keys 分发公钥

[root@workstation .ssh]# ansible-galaxy collection install ansible.posix -vvv
ansible-galaxy 2.9.11
config file = /etc/ansible/ansible.cfg
configured module search path = [''/root/.ansible/plugins/modules'', ''/usr/share/ansible/plugins/modules'']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible-galaxy
python version = 3.6.8 (default, Mar 18 2021, 08:58:41) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
Using /etc/ansible/ansible.cfg as config file
Process install dependency map
Opened /root/.ansible/galaxy_token
Processing requirement collection ''ansible.posix''
Collection ''ansible.posix'' obtained from server default https://galaxy.ansible.com/api/
Starting collection install process
Installing ''ansible.posix:1.4.0'' to ''/root/.ansible/collections/ansible_collections/ansible/posix''
Downloading https://galaxy.ansible.com/download/ansible-posix-1.4.0.tar.gz to /root/.ansible/tmp/ansible-local-5179_oikgerz/tmpqxvizmuo

2.9 没有此内置模块
那么使用 galaxy 从网上下载

通过官方文档发现名字为 ansible.posix.authorized_key

[root@workstation modules]#  ansible all -m ansible.posix.authorized_key -a ''user=root key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCkQdrj0fMPRQiC7f+1I4N23k/OdwAqt0ONpNDmChbD/ehrJ5lrEspinVtolwBdR5lKnhnWpb9iC29QlR4epd0EdLrId1wRwZ1pMteZuAwR7IlfCCzzSo2ND6gBl1KSIPV4aZhigspFC1JyGAuoB4HIjeZ9NI6w1XP+U/hoGNLjKZtEhPK+H5ijXpb9pVMPvCa0uLYta0qqIMSpIkLlNFUQ1hNd4g4b+aj2y+BzBG/+kYS/7+vDuiBw0GoZ18zmY0ueQjeafg00RNLM/qU90soo29T9tRPc67PozFw20RB8z4LH8Iwe3jzOzGEOWFQ0frJyOg8CgOwDoqMTk4oNjwx4HEOSjv9SsaWYQGZxOkJ5iVZ3MLQt1MkEzhJjibCTMIDlQQ+Dj16hFTMRmM7EXc4AHq1gwURqRv96e0pvmC7RIAFWiPd9IvSSmt4HJB/qGmQjCmvvy84FAGddbEiYGOH2YShzoppBVpxQEsCbHxvZQXJbpwb0uAvn22Pxd5AsH6M= root@workstation" state=present''

参考文档：https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html

可是 2.9 拥有 authorized_key

[root@workstation modules]#  ansible all -m authorized_key -a ''user=root key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCkQdrj0fMPRQiC7f+1I4N23k/OdwAqt0ONpNDmChbD/ehrJ5lrEspinVtolwBdR5lKnhnWpb9iC29QlR4epd0EdLrId1wRwZ1pMteZuAwR7IlfCCzzSo2ND6gBl1KSIPV4aZhigspFC1JyGAuoB4HIjeZ9NI6w1XP+U/hoGNLjKZtEhPK+H5ijXpb9pVMPvCa0uLYta0qqIMSpIkLlNFUQ1hNd4g4b+aj2y+BzBG/+kYS/7+vDuiBw0GoZ18zmY0ueQjeafg00RNLM/qU90soo29T9tRPc67PozFw20RB8z4LH8Iwe3jzOzGEOWFQ0frJyOg8CgOwDoqMTk4oNjwx4HEOSjv9SsaWYQGZxOkJ5iVZ3MLQt1MkEzhJjibCTMIDlQQ+Dj16hFTMRmM7EXc4AHq1gwURqRv96e0pvmC7RIAFWiPd9IvSSmt4HJB/qGmQjCmvvy84FAGddbEiYGOH2YShzoppBVpxQEsCbHxvZQXJbpwb0uAvn22Pxd5AsH6M= root@workstation" state=present''

所以没必要去下载 ansible.posix.authorized_key
但是可以显示出参考文档的重要性
那么遇到问题，可以直接去寻找官方的英文文档，会更有效率。

以下为转载

https://cloud.tencent.com/developer/news/327468

ansible 原理

Ansible 是一个模型驱动的配置管理器，支持多节点发布、远程任务执行。默认使用 SSH 进行远程连接。无需在被管理节点上安装附加软件，可使用各种编程语言进行扩展。

一、Ansible 基本架构

上图为 ansible 的基本架构，从上图可以了解到其由以下部分组成：

核心：ansible

核心模块（Core Modules）：这些都是 ansible 自带的模块

扩展模块（Custom Modules）：如果核心模块不足以完成某种功能，可以添加扩展模块

插件（Plugins）：完成模块功能的补充

剧本（Playbooks）：ansible 的任务配置文件，将多个任务定义在剧本中，由 ansible 自动执行

连接插件（Connectior Plugins）：ansible 基于连接插件连接到各个主机上，虽然 ansible 是使用 ssh 连接到各个主机的，但是它还支持其他的连接方法，所以需要有连接插件

主机群（Host Inventory）：定义 ansible 管理的主机

二、Ansible 工作原理

以上是从网上找到的两张 ansible 工作原理图，两张图基本都是在架构图的基本上进行的拓展。从上面的图上可以了解到：

1、管理端支持 local 、ssh、zeromq 三种方式连接被管理端，默认使用基于 ssh 的连接－－－这部分对应基本架构图中的连接模块；

2、可以按应用类型等方式进行 Host Inventory（主机群）分类，管理节点通过各类模块实现相应的操作－－－单个模块，单条命令的批量执行，我们可以称之为 ad-hoc；

3、管理节点可以通过 playbooks 实现多个 task 的集合实现一类功能，如 web 服务的安装部署、数据库服务器的批量备份等。playbooks 我们可以简单的理解为，系统通过组合多条 ad-hoc 操作的配置文件 。

转：

ansible 002 连接被控端 inventory ansible.cfg ansible-adhoc ansible 原理

--Posted from Rpc

ansible install node.js版本6

curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
sudo apt-get install -y nodejs

---
- name: Ensure Ubuntu distro is Supported
  get_url:
    url='https://deb.nodesource.com/node/dists/"{{ ansible_distribution_release }}"/Release'
    dest=/dev/null
  register: distrosupported


- name: Remove Old Chris Lea PPA
  apt_repository:
    repo='ppa:chris-lea/node.js'
    state=absent
  when: distrosupported|success
  ignore_errors: yes

- name: Remove Old Chris Lea Sources
  sudo: yes
  file:
    path='/etc/apt/sources.list.d/chris-lea-node_js-"{{ ansible_distribution_release }}".list'
    state=absent
  when: distrosupported|success
  ignore_errors: yes

- name: Add Nodesource Keys
  sudo: yes
  apt_key:
    url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key
    state=present

- name: Add Nodesource Apt Sources List Deb
  sudo: yes
  apt_repository:
    repo='deb https://deb.nodesource.com/node "{{ ansible_distribution_release }}" main'
    state=present
  when: distrosupported|success

- name: Add Nodesource Apt Sources List Deb Src
  sudo: yes
  apt_repository:
    repo='deb-src https://deb.nodesource.com/node "{{ ansible_distribution_release }}" main'
    state=present
  when: distrosupported|success

- name: Install NodeJS
  sudo: yes
  apt: pkg=nodejs state=latest update_cache=true
  when: distrosupported|success





- debug: msg="{{npm_pkgs}}"


- name: install global npm packages
  sudo: yes
  npm: name={{item}} global=yes state=latest
  with_items: "{{npm_pkgs}}"

---
- hosts: localhost
  connection: local 
  vars:
    node_version: 6.1.0
  tasks:
    - name: Download the nvm(node version manager) install script
      get_url: url=https://raw.githubusercontent.com/creationix/nvm/v0.31.0/install.sh dest=/tmp/install.sh

    - name: Install dependencies 
      apt: pkg={{ item }} update_cache=yes cache_valid_time=3600
      with_items:
        - git
        - curl
        - build-essential
        - libssl-dev
      become: yes
      become_user: root

    - name: Execute the nvm install script
      shell: bash install.sh chdir=/tmp executable=/bin/bash

    - name: Register the NVM_DIR
      shell: echo $NVM_DIR
      register: nvm_dir 

    - name: Install the specified node version using the nvm command and set it as default
      shell: . {{ nvm_dir.stdout }}/nvm.sh && nvm install {{ node_version }} && nvm run {{node_version}} --version && nvm alias default {{node_version}}
             creates=~/.nvm/versions/node/v{{ node_version }}

ansible 部署基于centos7+docker+nginx+openssl+v2版私有仓库

ansible 部署基于centos7+docker.1.12+Nginx+openssl+v2版私有仓库

1、申请域名证书不做详细教程网络上很多

2、ansible-playbook 结构

.
├──hosts#需要安装服务器IP地址
├──roles
│├──docker
││├──defaults
││├──files
│││└──dockerkey#证书文件加
│││├──domain.crt#Nginxkey文件
│││└──ssl.crt#Nginx证书
││├──handlers
││├──Meta
││├──tasks
│││└──main.yml#dockeransible安装文件
││├──templates
│││├──docker#docker配置文件最新docker没配置文件
│││├──docker.conf.j2#dockerNginx配置
│││├──docker.repo#dockeryum安装源
│││└──docker.service#dockr启动服务最新的会要求必须使用https
││└──vars
│├──Nginx
││├──defaults
││├──files
│││├──Nginx-1.11.5.tar.gz#Nginx源码文件
│││└──Nginx_install.sh#Nginx安装脚本
││├──handlers
││├──Meta
││├──tasks
│││└──main.yml#Nginxansible安装文件
││├──templates
│││├──default.conf#Nginxweb默认配置
│││├──Nginx#Nginx启动脚本
│││└──Nginx.conf#Nginx默认配置文件
││└──vars
│└──openssl
│├──defaults
│├──files
││├──openssl-1.1.0b.tar.gz#opebssl源码文件
││└──openssl_install.sh#openssl安装脚本
│├──handlers
│├──Meta
│├──tasks
││└──main.yml#opensslansible安装文件
│├──templates
│└──vars
├──site.retry
└──site.yml

3、site.yml 说明

-hosts:all
user:root
vars:
opensll_ver:1.1.0b#openssl版本号变量作为文件名称后缀安装用到
Nginx_ver:1.11.5#Nginx版本号变量作为文件名称后缀安装用到
Domain_name:docker.test.net:5000#docker访问私有镜像用到必须能访问
dockerdata:mydata#docker仓库宿主机存放地址
dockerkey:mykey#Nginxhhtps证书存放位置
Fullchain:ssl.crt#Nginx证书名字
Privkey:domain.crt#Nginxkey文件名字
roles:
-openssl#安装openssl
-Nginx#安装Nginx
-docker#安装docker及私有仓库
#roles不要搞混了，安装Nginx会去寻找openssl解压路径的

4、openssl main.yml 说明

-name:yumepel-release
yum:name=epel-releasestate=present
-name:InstallCompileenvironment#yum安装编译环境及依赖包
yum:name={{item}}state=present
with_items:
-git
-patch
-gcc
-gcc-c++
-readline-devel
-zlib-devel
-zlib
-libffi-devel
-pcre-devel
-pcre
-make
-autoconf
-automake
-libtool
-bison
-libxml2-devel
-libxslt-devel
-libyaml-devel
-python
-python-docutils
-cmake
-imake
-expat-devel
-libaio
-libaio-devel
-bzr
-ncurses-devel
-name:copytopcre
copy:src={{item}}dest=/tmp/{{item}}owner=rootgroup=rootmode=755
with_items:
-openssl-{{opensll_ver}}.tar.gz#上传文件到客户机
-openssl_install.sh
-name:installopenssl_install.sh
shell:/bin/bash/tmp/openssl_install.sh"{{opensll_ver}}"#
#客户机安装openssl

5、Nginx main.yml 说明

-stat:path=/usr/sbin/Nginx#获取是否安装Nginx
register:Nginx_path_register
-name:copytoNginx
copy:src={{item}}dest=/tmp/{{item}}owner=rootgroup=rootmode=755
with_items:
-Nginx-{{Nginx_ver}}.tar.gz#上次文件到Nginx
-Nginx_install.sh
when:Nginx_path_register.stat.exists==False#判断是否安装Nginx
-name:installNginx_install.sh
shell:/bin/bash/tmp/Nginx_install.sh{{Nginx_ver}}{{opensll_ver}}
when:Nginx_path_register.stat.exists==False
-stat:path=/etc/init.d/Nginx
register:Nginxinit_path_register
-name:Nginxconftocl
template:src=Nginx.confdest=/etc/Nginx/Nginx.conf#上传配置文件到客户机
-name:Nginxmkdir-pconf.d
shell:mkdir-p/etc/Nginx/conf.d
-name:Nginxdefault.conf
template:src=default.confdest=/etc/Nginx/conf.d/default.conf#上传配置文件到客户机
-name:Nginxstartstoptoclient
template:src=Nginxdest=/etc/init.d/Nginxowner=rootgroup=rootmode=755#上传启动文件到客户机
when:Nginxinit_path_register.stat.exists==False
-name:Nginxservice
shell:chkconfigNginxon&&serviceNginxstart#加入开机启动并启动Nginx
when:Nginxinit_path_register.stat.exists==False

6、dockermain.yml 说明

-name:cpdocker.repoclient
template:src=docker.repodest=/etc/yum.repos.d/docker.repo#上传yum源到客户机。
-name:cpdockerto/etc/sysconfig/docker
template:src=dockerdest=/etc/sysconfig/docker#上传配置文件到客户机
-name:yuminstalldocker
yum:name=docker-enginestate=present#安装docker
-name:dockerUsingthespecifiedconfigurationfile
template:src=docker.servicedest=/lib/systemd/system/docker.service#上传启动文件到客户机
-name:enabledservicedocker.service
service:name=docker.serviceenabled=yes#打开docker开机启动
-name:systemctldaemon-reload
shell:systemctldaemon-reload#刷新系统service服务器
-lineinfile:dest=/etc/sysconfig/dockerregexp=^OPTIONS=line=OPTIONS='--selinux-enabled--insecure-registry{{Domain_name}}--log-driver=journald'#修改docker本机能够http访问
-name:systemctldaemon-reload
shell:systemctldaemon-reload#刷新系统service服务器
-name:startservicedocker.service#启动docker服务
service:name=dockerstate=started
-name:create/{{dockerdata}}/registry#创建docker数据文件夹
shell:mkdir-p/{{dockerdata}}/registry
-name:selinx/{{dockerdata}}/registry#selinx开启docker服务文件读写权限如果关闭selinx会报错可以不理会
shell:chcon-Rtsvirt_sandBox_file_t/{{dockerdata}}
ignore_errors:True
-name:yumepel-release#安装yumepel源如果安装就不会安装
yum:name=epel-releasestate=present
-name:yumpython-pip#安装PIP支持
yum:name=python-pipstate=present
-pip:name=docker-py#安装dockerapi
-name:dockerregistry:2.4.1
docker:
image:registry:2.4.1#dockerimages
state:reloaded
pull:always#每次都pull镜像
volumes:
-"/{{dockerdata}}/registry:/var/lib/registry/"#docker文件加映射
ports:
-"5000:5000"docker#端口映射
-name:mkdir-p/{{dockerkey}}#创建dockerNginx证书存放文件夹
shell:mkdir-p/{{dockerkey}}
-name:selinux/{{dockerkey}}#selinx放行文件夹
shell:chcon-Rtsvirt_sandBox_file_t/{{dockerkey}}
ignore_errors:True
-name:upkeyfileclient
copy:src=dockerkey/dest=/{{dockerkey}}/#上传证书文件到客户机
-name:upNginxfileclient
template:src=docker.conf.j2dest=/etc/Nginx/conf.d/docker.conf#上次Nginxdocker代理配置到客户机
-name:/usr/sbin/Nginx-sreload#刷新Nginx配置
shell:/usr/sbin/Nginx-sreload

7、一些其它说明：

执行ansible-playbook-ihostssite.yml-verbose
由于附件要求小于2M不能上传源码请根据说2进行存放文件、文件名版本号请修改site.yml
openssl源码下载地址：www.openssl.org/source
Nginx源码下载地址：Nginx.org
数字证书存放到

├──roles
│├──docker
││├──defaults
││├──files
│││└──dockerkey#证书文件加
│││├──domain.crt#Nginxkey文件
│││└──ssl.crt#Nginx证书
部署完成可以打开
如果Nginx证书也配置正确
dockertagcentos:latestdocker.test.com/centos#docker镜像标签
dockerpushdocker.test.com/centos上传镜像到私有仓库
dockerpulldocker.test.com/centos下载镜像到其它服务器
脚本放到附件

ansible-tower 3.1.1 release install script

#1. package download and uncompress
#http://releases.ansible.com/ansible-tower/setup-bundle
wget -P /root http://10.245.254.93/linux/soft/ansible/ansible-tower-setup-bundle-3.1.1-1.el7.tar.gz
tar zxpf /root/ansible-tower-setup-bundle-3.1.1-1.el7.tar.gz -C /opt
ln -s /opt/ansible-tower-setup-bundle-3.1.1-1.el7 /opt/ansible-tower

#2. update selinux-policy
cat <<EOF> /etc/yum.repos.d/2tower.repo
[update]
name=update 7.x
baseurl=http://10.245.254.93/linux/rhel/update/rhel7
enabled=1
gpgcheck=0
EOF

yum -y update selinux-policy


#3. config tower password
sed -i "s#password=''''#password=''admin''#g" /opt/ansible-tower/inventory


#4. modify repo conf from copy to make links, speed up for setup
sed -i ''108c\  command: rm -f /var/lib/tower-bundle'' /opt/ansible-tower/roles/packages_el/tasks/install_deps.yml
sed -i ''114c\  command: ln -s /opt/ansible-tower/bundle/repos /var/lib/tower-bundle'' /opt/ansible-tower/roles/packages_el/tasks/install_deps.yml
sed -i 115,116d /opt/ansible-tower/roles/packages_el/tasks/install_deps.yml
sed -i 109,110d /opt/ansible-tower/roles/packages_el/tasks/install_deps.yml


#5. delete /opt/ansible-tower/install.yml , TWO firewall task
sed -i 127,134d /opt/ansible-tower/install.yml
sed -i 94,99d /opt/ansible-tower/install.yml

# modify ansible-palybook(/opt/ansible-tower/setup.sh) option -vvv
cd /opt/ansible-tower    
./setup.sh


# over.

http://www.bubuko.com/infodetail-1134158.html
https://kionf.com/2017/07/24/linux-tower/

关于install ansible2.10 for centos7的介绍已经告一段落，感谢您的耐心阅读，如果想了解更多关于ansible 002 连接被控端 inventory ansible.cfg ansible-adhoc ansible 原理、ansible install node.js版本6、ansible 部署基于centos7+docker+nginx+openssl+v2版私有仓库、ansible-tower 3.1.1 release install script的相关信息，请在本站寻找。