需求描述:
管理具有特征性的集群服务器,50台左右,服务都是规划好的!为了更加有效地管理服务器,需要引入协助管理员关系的工具!ansible基于ssh通信不需要安装agent(agentless),使用简单!
有需求,动力就会诞生!为了更好地服务自己及他人,分享知识中的点点滴滴!
搭建环境:
Linux: Centos6.5x64
python:python2.6+
ansible: 2.6.3
相关资源:
libsodium-1.0.16.tar.gz
https://pan.baidu.com/s/10nwgFipRbxF5yoDpYiqGtg 密码: 9w9i
ansible2.6.3
https://pan.baidu.com/s/1ZwzdkuhVvjhzgp9gbJZLTw 密码: 4mjq
01、下载ansible
https://releases.ansible.com/ansible/ansible-2.6.3.tar.gz //发行
https://releases.ansible.com/ansible/rpm/release/epel-6-x86_64/ansible-2.6.3-1.el6.ans.noarch.rpm //rpm
02、下载依赖
https://pypi.org/ //官方库根据名字自己搜索,注意对python版本的依赖
https://pan.baidu.com/s/1ZwzdkuhVvjhzgp9gbJZLTw 密码: 4mjq //已经下载好的!
03、安装依赖
#yum安装
yum install -y python python-setuptools gcc gcc-c++ python-devel openssl-devel libffi-devel
#源码安装libsodium
https://github.com/jedisct1/libsodium/releases/download/1.0.16/libsodium-1.0.16.tar.gz
./configure
make
make install
/etc/ld.so.conf.d/libsodium.conf //添加到系统环境动态库
/usr/local/lib/
ldconfig
ldconfig -v |grep local //查看是否加载
#脚本自动安装
#!/bin/bash
#desc: auto setup ansible
#centos6.5+python2.6+ansible2.6.x
#解压
ls *.tar.gz |xargs -n1 tar zxf
cd MarkupSafe*
python setup.py install
cd ..
cd Jinja2*
python setup.py install
cd ..
cd PyYAML*
python setup.py install
cd ..
cd pyasn1*
python setup.py install
cd ..
cd pycparser*
python setup.py install
cd ..
cd cffi*
python setup.py install
cd ..
cd six*
python setup.py install
cd ..
cd PyNaCl*
python setup.py install
cd ..
cd ipaddress*
python setup.py install
cd ..
cd enum34*
python setup.py install
cd ..
cd asn1crypto*
python setup.py install
cd ..
cd idna*
python setup.py install
cd ..
cd cryptography*
python setup.py install
cd ..
cd bcrypt*
python setup.py install
cd ..
cd ordereddict*
python setup.py install
cd ..
#安装parmiko
cd paramiko*
python setup.py install
cd ..
#安装ansible
cd ansible*
python setup.py install
cd ..
echo "all is ok"
注意:注意安装中的报错要处理下!我测试没有问题的。。。
04、配置文件
find / -name ansible.cfg 2>/dev/null //查找ansible.cfg主配置
mkdir -p /etc/ansible/
cp /root/ansible-2.6.3/examples/ansible.cfg /etc/ansible
host_key_checking = False //对ansible.cfg的knows检测取消
05、测试
#测试ssh主机是否可用
[root@lab-110 ansible]# ansible local -m ping -k //-k 对root密码验证
SSH password:
172.24.0.110 | SUCCESS => {
"changed": false,
"ping": "pong"
}
#免密码通讯
ssh-keygen -t rsa //在control机器上生成密钥对 id_rsa 私钥 id_rsa.pub 公钥
利用ansible的authorized_key模块对远程主机分发公钥实现免密码登录
[root@lab-110 ansible]# ansible local -m authorized_key -a "user=root key='{{ lookup('file','/root/.ssh/id_rsa.pub') }}
'" -kSSH password:
172.24.0.110 | SUCCESS => {
"changed": true,
"comment": null,
"exclusive": false,
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAs81XUJHkBhwoAKU62ngLiGrR9yhLLAPPkNbnMYLnpwXXAqQFv8wcuZw4Q6C17bnHW+77XAk
/TOyWJhZ9yHEjs80louqtZlf4s/t2wwLjCTYLLVnxPcS0KgwSvRnah+w9z0wAy0VU5QwNH4W3ukUnVCHTVI8FhWwm8tssTD+APJ1HMeum/EATIa5eNw8TEtYFOYTKtDbnXQe7BWFKrblwALQwLxaaEASFLAVv5V5BOVhFLxCIi969pQ9G46ij9jyLo7Md8Zm1ggS3zQZL9oH5WVP5pyDEjXHTCopEgp3VIirNfDRI+RDU98+BlLk8T65Z9QFM8Kf0kHw928BETmiEiw== root@lab-110", "key_options": null,
"keyfile": "/root/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "root",
"validate_certs": true
}
[root@lab-110 ansible]# ansible all -m ping
172.24.0.110 | SUCCESS => {
"changed": false,
"ping": "pong"
}