junlan/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2cbc7114ef0447364faa69552e31eae31ac4a840
ansible/README.md
junlan 2cbc7114ef 首次提交,用于实现安装VNCServer
2025-07-26 16:37:12 +08:00

218 lines
12 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
tags:
- Docker
- Linux
- 开源软件
- ansible
应用部署: Docker搭建部署
Time: 2025-07-07T10:04:00
---
## 项目介绍说明
用于部署管理 Windows 系统的 Docker 镜像。
### 官网
可以使用别人作用的 ansible 镜像:
https://hub.docker.com/r/alpine/ansible
## 安装部署
### 新建数据目录
``` shell
mkdir -p /data/ansible && cd /data/ansible
```
### 构建容器镜像
#### Dockerfile
##### rockylinux
``` Dockerfile
cat << 'EOF' > /data/ansible/Dockerfile
# 使用 RockyLinux 10.0 最小化镜像
FROM rockylinux/rockylinux:10.0-minimal
RUN microdnf install -y python3 python3-pip openssh-clients less && pip3 install --no-cache-dir ansible-core==2.19.0 pywinrm && ansible-galaxy collection install ansible.windows && microdnf clean all
RUN mkdir -p /data/ansible
WORKDIR /data/ansible
# 默认启动命令(保持容器运行)
CMD ["tail", "-f", "/dev/null"]
EOF
```
##### alpine
``` Dockerfile
cat << 'EOF' > /data/ansible/Dockerfile
# 使用 Alpine Linux 最新版
FROM alpine:3.22.1
# 安装基础依赖Alpine 使用 apk
RUN apk add --no-cache python3 py3-pip openssh-client less
# 创建虚拟环境
RUN python3 -m venv /opt/venv
# 激活虚拟环境
ENV PATH="/opt/venv/bin:$PATH"
# 安装 Ansible 和其他 Python 包
RUN pip3 install --no-cache-dir ansible-core==2.19.0 pywinrm && ansible-galaxy collection install ansible.windows
# 创建工作目录
RUN mkdir -p /data/ansible
WORKDIR /data/ansible
# 默认启动命令(保持容器运行)
CMD ["tail", "-f", "/dev/null"]
EOF
```
#### 构建 Dockerfile
``` shell
docker build -t ansible-rockylinux:2.19.0-10.0 .
```
#### 运行验证
``` shell
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ansible-alpine 2.19.0-3.22.1 847e34498130 2 hours ago 131MB
ansible-rockylinux 2.19.0-10.0 f7d55dde0419 4 hours ago 247MB
alpine 3.22.1 9234e8fb04c4 10 days ago 8.31MB
rockylinux/rockylinux 10.0-minimal f444ac34e586 6 weeks ago 125MB
[root@localhost ~]# docker run -it --rm ansible-rockylinux:2.19.0-10.0 ansible --version
ansible [core 2.19.0]
config file = None
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.12/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.12.9 (main, Jun 20 2025, 00:00:00) [GCC 14.2.1 20250110 (Red Hat 14.2.1-7)] (/usr/bin/python3)
jinja version = 3.1.6
pyyaml version = 6.0.2 (with libyaml v0.2.5)
docker run -it --rm ansible-alpine:2.19.0-3.22.1 ansible --version
docker run -idt --name ansible ansible-rockylinux:2.19.0-10.0
docker run -idt --name alpine_ansible ansible-alpine:2.19.0-3.22.1
```
### 设置 ansible 命令
#### 临时定义别名(重启失效)
``` shell
alias ansible="docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible"
alias ansible-playbook="docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-playbook"
```
#### 持久化别名
持久化别名,追加写入配置文件到 ~/.bashrc
##### ansible-rockylinux
``` shell
echo -e "alias ansible=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible\"\nalias ansible-playbook=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-playbook\"\nalias ansible-doc=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-doc\"\nalias ansible-config=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-config\"\nalias ansible-console=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-console\"\nalias ansible-galaxy=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-galaxy\"\nalias ansible-inventory=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-inventory\"\nalias ansible-pull=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-pull\"\nalias ansible-test=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-test\"\nalias ansible-vault=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible-vault\"" >> ~/.bashrc
```
##### ansible-alpine
``` bash
echo -e "alias ansible=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible\"\nalias ansible-playbook=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-playbook\"\nalias ansible-doc=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-doc\"\nalias ansible-config=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-config\"\nalias ansible-console=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-console\"\nalias ansible-galaxy=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-galaxy\"\nalias ansible-inventory=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-inventory\"\nalias ansible-pull=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-pull\"\nalias ansible-test=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-test\"\nalias ansible-vault=\" docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-alpine:2.19.0-3.22.1 ansible-vault\"" >> ~/.bashrc
```
#### 重新加载配置文件
``` shell
source ~/.bashrc
```
``` shell
[root@localhost ~]# which ansible
alias ansible=' docker run -ti --rm -v ~/.ssh:/root/.ssh -v ~/.aws:/root/.aws -v /data/ansible:/data/ansible -w /data/ansible ansible-rockylinux:2.19.0-10.0 ansible'
/usr/bin/docker
```
## 设置及使用
### 使用 ansible
``` shell
[root@localhost ansible]# cat /data/ansible/hosts
[test]
10.1.74.23 ansible_connection=winrm ansible_port=5985 ansible_winrm_transport=ntlm ansible_user='snimay\011582' ansible_password='******'
[root@localhost ansible]# ansible all -i hosts --list
hosts (1):
10.1.74.23
[root@localhost ansible]# ansible all -i hosts -m win_ping
10.1.74.23 | SUCCESS => {
"changed": false,
"ping": "pong"
}
```
### 使用 playbook & roles
#### 写入被管理的主机名到主机清单文件
``` shell
# 将所有以 `IT-` 开头的主机名统一替换为 IT-000826
sed -i '/^IT-/s/^IT-.*$/IT-000826/g' /data/ansible/roles/vnc_server/inventory/hosts
```
``` shell
# alpine 需要使用域名后缀才能正常解析地址
sed -i '/^IT-/s/^IT-.*$/IT-000182.snimay.com/g' /data/ansible/roles/vnc_server/inventory/hosts
```
#### 执行 playbook
``` shell
ansible-playbook -i roles/vnc_server/inventory/hosts ./install-vnc_server.yaml --vault-id vnc_vault
```
``` bash
PLAY [部署 VNC Server] ***************************************************************************************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************************************************************************************
[WARNING]: Error during machine sid retrieval: 使用“2”个参数调用“.ctor”时发生异常:“没有启动服务器服务。
ok: [IT-000826]
TASK [vnc_server : include_tasks] ****************************************************************************************************************************************************************************
included: /data/ansible/roles/vnc_server/tasks/install.yaml for IT-000826
TASK [vnc_server : 确保目标目录存在] *************************************************************************************************************************************************************************
ok: [IT-000826]
TASK [vnc_server : 复制安装包(控制机→目标机)] **************************************************************************************************************************************************************
ok: [IT-000826]
TASK [vnc_server : 安装 VNC Server] **************************************************************************************************************************************************************************
ok: [IT-000826]
TASK [vnc_server : 显示安装结果] *****************************************************************************************************************************************************************************
ok: [IT-000826] => {
"install_result": {
"changed": false,
"failed": false,
"rc": 0,
"reboot_required": false
}
}
TASK [vnc_server : include_tasks] ****************************************************************************************************************************************************************************
included: /data/ansible/roles/vnc_server/tasks/stop_service.yaml for IT-000826
TASK [vnc_server : 停止 VNC Server 服务] *********************************************************************************************************************************************************************
changed: [IT-000826]
TASK [vnc_server : include_tasks] ****************************************************************************************************************************************************************************
included: /data/ansible/roles/vnc_server/tasks/copy_files.yaml for IT-000826
TASK [vnc_server : 复制替换文件到 VNC 安装目录] **************************************************************************************************************************************************************
ok: [IT-000826] => (item={'src': '/data/ansible/roles/vnc_server/files/vnclicense.exe', 'dest': 'C:\\Program Files\\RealVNC\\VNC Server\\vnclicense.exe'})
ok: [IT-000826] => (item={'src': '/data/ansible/roles/vnc_server/files/vnclicensewiz.exe', 'dest': 'C:\\Program Files\\RealVNC\\VNC Server\\vnclicensewiz.exe'})
ok: [IT-000826] => (item={'src': '/data/ansible/roles/vnc_server/files/vncserver.exe', 'dest': 'C:\\Program Files\\RealVNC\\VNC Server\\vncserver.exe'})
TASK [vnc_server : include_tasks] ****************************************************************************************************************************************************************************
included: /data/ansible/roles/vnc_server/tasks/start_service.yaml for IT-000826
TASK [vnc_server : 启动 VNC Server 服务] *********************************************************************************************************************************************************************
changed: [IT-000826]
PLAY RECAP ***************************************************************************************************************************************************************************************************
IT-000826 : ok=12 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
```
Reference in New Issue View Git Blame Copy Permalink