--- tags: - Docker - Linux - 开源软件 - ansible 应用部署: Docker搭建部署 Time: 2025-07-07T10:04:00 --- ## 项目介绍说明 用于管理 Windows 系统的 Docker 镜像。 ### 官网 可以使用别人做好的 ansible 镜像: https://hub.docker.com/r/alpine/ansible ## 安装部署 ### 新建数据目录 ``` shell mkdir -p /data/ansible && cd /data/ansible ``` ### 构建容器镜像 #### Dockerfile ##### rockylinux ``` Dockerfile cat << 'EOF' > /data/ansible/Dockerfile # 使用 RockyLinux 10.0 最小化镜像 FROM rockylinux/rockylinux:10.0-minimal RUN microdnf install -y python3 python3-pip openssh-clients less && pip3 install --no-cache-dir ansible-core==2.19.0 pywinrm && ansible-galaxy collection install ansible.windows && microdnf clean all RUN mkdir -p /data/ansible WORKDIR /data/ansible # 默认启动命令(保持容器运行) CMD ["tail", "-f", "/dev/null"] EOF ``` ##### alpine ``` Dockerfile cat << 'EOF' > /data/ansible/Dockerfile # 使用 Alpine Linux 最新版 FROM alpine:3.22.1 # 安装基础依赖(Alpine 使用 apk) RUN apk add --no-cache python3 py3-pip openssh-client less # 创建虚拟环境 RUN python3 -m venv /opt/venv # 激活虚拟环境 ENV PATH="/opt/venv/bin:$PATH" # 安装 Ansible 和其他 Python 包 RUN pip3 install --no-cache-dir ansible-core==2.19.0 pywinrm && ansible-galaxy collection install ansible.windows # 创建工作目录 RUN mkdir -p /data/ansible WORKDIR /data/ansible # 默认启动命令(保持容器运行) CMD ["tail", "-f", "/dev/null"] EOF ``` #### 构建 Dockerfile ``` shell docker build -t ansible-rockylinux:2.19.0-10.0 . ``` #### 运行验证 ``` shell [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE ansible-alpine 2.19.0-3.22.1 847e34498130 2 hours ago 131MB ansible-rockylinux 2.19.0-10.0 f7d55dde0419 4 hours ago 247MB alpine 3.22.1 9234e8fb04c4 10 days ago 8.31MB rockylinux/rockylinux 10.0-minimal f444ac34e586 6 weeks ago 125MB [root@localhost ~]# docker run -it --rm ansible-rockylinux:2.19.0-10.0 ansible --version ansible [core 2.19.0] config file = None configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/local/lib/python3.12/site-packages/ansible ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections executable location = /usr/local/bin/ansible python version = 3.12.9 (main, Jun 20 2025, 00:00:00) [GCC 14.2.1 20250110 (Red Hat 14.2.1-7)] (/usr/bin/python3) jinja version = 3.1.6 pyyaml version = 6.0.2 (with libyaml v0.2.5) docker run -it --rm ansible-alpine:2.19.0-3.22.1 ansible --version docker run -idt --name ansible ansible-rockylinux:2.19.0-10.0 docker run -idt --name alpine_ansible ansible-alpine:2.19.0-3.22.1 ``` ### 设置 ansible 命令 #### 临时定义别名(重启失效) ``` shell alias ansible="docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible" alias ansible-playbook="docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-playbook" ``` #### 持久化别名 持久化别名,追加写入配置文件到 ~/.bashrc ##### ansible-rockylinux ``` shell echo -e "alias ansible=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible\"\nalias ansible-playbook=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-playbook\"\nalias ansible-doc=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-doc\"\nalias ansible-config=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-config\"\nalias ansible-console=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-console\"\nalias ansible-galaxy=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-galaxy\"\nalias ansible-inventory=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-inventory\"\nalias ansible-pull=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-pull\"\nalias ansible-test=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-test\"\nalias ansible-vault=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-vault\"" >> ~/.bashrc ``` ##### ansible-alpine ``` bash echo -e "alias ansible=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible\"\nalias ansible-playbook=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-playbook\"\nalias ansible-doc=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-doc\"\nalias ansible-config=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-config\"\nalias ansible-console=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-console\"\nalias ansible-galaxy=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-galaxy\"\nalias ansible-inventory=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-inventory\"\nalias ansible-pull=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-pull\"\nalias ansible-test=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-test\"\nalias ansible-vault=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-vault\"" >> ~/.bashrc ``` #### 重新加载配置文件 ``` shell source ~/.bashrc ``` ``` shell [root@localhost ~]# which ansible alias ansible=' docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible' /usr/bin/docker ``` ## 设置及使用 ### 使用 ansible ``` shell [root@localhost ansible]# cat /data/ansible/hosts [test] 10.1.74.23 ansible_connection=winrm ansible_port=5985 ansible_winrm_transport=ntlm ansible_user='snimay\011582' ansible_password='******' [root@localhost ansible]# ansible all -i hosts --list hosts (1): 10.1.74.23 [root@localhost ansible]# ansible all -i hosts -m win_ping 10.1.74.23 | SUCCESS => { "changed": false, "ping": "pong" } ``` ### 使用 playbook & roles #### 写入被管理的主机名到主机清单文件 ``` shell # 将所有以 `IT-` 开头的主机名统一替换为 IT-000826 sed -i '/^IT-/s/^IT-.*$/IT-000826/g' /data/ansible/roles/vnc_server/inventory/hosts ``` ``` shell # alpine 需要使用域名后缀才能正常解析地址 sed -i '/^IT-/s/^IT-.*$/IT-000182.snimay.com/g' /data/ansible/roles/vnc_server/inventory/hosts ``` #### 执行 playbook ``` shell ansible-playbook -i roles/vnc_server/inventory/hosts ./install-vnc_server.yaml --vault-id vnc_vault ``` ``` bash PLAY [部署 VNC Server] *************************************************************************************************************************************************************************************** TASK [Gathering Facts] *************************************************************************************************************************************************************************************** [WARNING]: Error during machine sid retrieval: 使用“2”个参数调用“.ctor”时发生异常:“没有启动服务器服务。 ” ok: [IT-000826] TASK [vnc_server : include_tasks] **************************************************************************************************************************************************************************** included: /data/ansible/roles/vnc_server/tasks/install.yaml for IT-000826 TASK [vnc_server : 确保目标目录存在] ************************************************************************************************************************************************************************* ok: [IT-000826] TASK [vnc_server : 复制安装包(控制机→目标机)] ************************************************************************************************************************************************************** ok: [IT-000826] TASK [vnc_server : 安装 VNC Server] ************************************************************************************************************************************************************************** ok: [IT-000826] TASK [vnc_server : 显示安装结果] ***************************************************************************************************************************************************************************** ok: [IT-000826] => { "install_result": { "changed": false, "failed": false, "rc": 0, "reboot_required": false } } TASK [vnc_server : include_tasks] **************************************************************************************************************************************************************************** included: /data/ansible/roles/vnc_server/tasks/stop_service.yaml for IT-000826 TASK [vnc_server : 停止 VNC Server 服务] ********************************************************************************************************************************************************************* changed: [IT-000826] TASK [vnc_server : include_tasks] **************************************************************************************************************************************************************************** included: /data/ansible/roles/vnc_server/tasks/copy_files.yaml for IT-000826 TASK [vnc_server : 复制替换文件到 VNC 安装目录] ************************************************************************************************************************************************************** ok: [IT-000826] => (item={'src': '/data/ansible/roles/vnc_server/files/vnclicense.exe', 'dest': 'C:\\Program Files\\RealVNC\\VNC Server\\vnclicense.exe'}) ok: [IT-000826] => (item={'src': '/data/ansible/roles/vnc_server/files/vnclicensewiz.exe', 'dest': 'C:\\Program Files\\RealVNC\\VNC Server\\vnclicensewiz.exe'}) ok: [IT-000826] => (item={'src': '/data/ansible/roles/vnc_server/files/vncserver.exe', 'dest': 'C:\\Program Files\\RealVNC\\VNC Server\\vncserver.exe'}) TASK [vnc_server : include_tasks] **************************************************************************************************************************************************************************** included: /data/ansible/roles/vnc_server/tasks/start_service.yaml for IT-000826 TASK [vnc_server : 启动 VNC Server 服务] ********************************************************************************************************************************************************************* changed: [IT-000826] PLAY RECAP *************************************************************************************************************************************************************************************************** IT-000826 : ok=12 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ```