自动化运维工具Ansible的安装与部署

Ansible简介:

Ansible是一个简单高效的自动化运维管理工具,用Python开发,能大批量管理N多台机器,可以并发的在
多台机器上部署应用、安装软件、执行命令、配置和编排任务。

1 软件安装在服务器和客户端均安装python
实验环境:

westos1 172.25.254.11 ansible端,服务端
westos2 172.25.254.12 客户端

可以有多个客户端相同的方法安装即可:

Ansible是用Python开发的,使用ansible需要操作系统有Python,建议Python版本2.6以上。
Ansible安装所依赖插件较多,具体安装过程如下:
注:所有的软件包全部在/usr/local/目录下进行安装 
基本安装
安装gcc,用于编译Python源码
yum install gcc
安装zlib(如果没安装,在安装setuptools时可能会出现的错误RuntimeError:Compression requires the (missing) zlib module)
yum install zlib zlib-devel -y
安装openssl(如果不安装,使用easy_install时可能会出现的错误:error:Could not find suitable distribution for Requirement.parse('jinja2'))
本实践未使用这种安装方式,就如下一个一个模块来安装(具体命令:easy_install pycrypto pyyaml jinja2 markupsafe ecdsa paramiko simplejson)
yum install openssl openssl-devel -y

这里写图片描述

python2.7安装
https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgz
# tar xvzf Python-2.7.8.tgz
# cd Python-2.7.8
# ./configure --prefix=/usr/local
# make
# make install

这里写图片描述

## 将python头文件拷贝到标准目录,以避免编译ansible时,找不到所需的头文件
# cd /usr/local/include/python2.7
# cp -a ./* /usr/local/include/

## 备份旧版本的python,并符号链接新版本的python
# cd /usr/bin
# mv python python.old
# ln -s /usr/local/bin/python2.7 /usr/local/bin/python
# rm -f /usr/bin/python && cp /usr/local/bin/python2.7 /usr/bin/python
这两条命令均执行不然后面测试会报错文件/usr/bin/python不存在

这里写图片描述
以下仅仅在服务器做即可:
setuptools模块安装

[root@localhost bin]# vim /usr/bin/yum 
[root@localhost bin]# cat /usr/bin/yum | head -n 1
#!/usr/bin/python2.4
[root@localhost bin]# cd
[root@localhost ~]# ls
pycrypto-2.6.1.tar.gz  Python-2.7.8  Python-2.7.8.tgz  setuptools-7.0.tar.gz
[root@localhost ~]# tar zxf setuptools-7.0.tar.gz 
[root@localhost ~]# cd setuptools-7.0
[root@localhost setuptools-7.0]# python setup.py install

自动化运维工具Ansible的安装与部署_第1张图片
pycrypto模块安装:

[root@localhost setuptools-7.0]# ls
build                launcher.c               release.py
CHANGES (links).txt  MANIFEST.in              setup.cfg
CHANGES.txt          _markerlib               setup.py
DEVGUIDE.txt         msvc-build-launcher.cmd  setuptools
dist                 PKG-INFO                 setuptools.egg-info
docs                 pkg_resources.py         tests
easy_install.py      pkg_resources.pyc        tox.ini
ez_setup.py          README.txt
[root@localhost setuptools-7.0]# cd
[root@localhost ~]# ls
pycrypto-2.6.1.tar.gz  Python-2.7.8.tgz  setuptools-7.0.tar.gz
Python-2.7.8           setuptools-7.0
[root@localhost ~]# tar zxf pycrypto-2.6.1.tar.gz 
[root@localhost ~]# cd pycrypto-2.6.1
[root@localhost pycrypto-2.6.1]# python setup.py install

自动化运维工具Ansible的安装与部署_第2张图片
PyYAML模块安装:

[root@localhost ~]# ls
pycrypto-2.6.1         Python-2.7.8.tgz       setuptools-7.0.tar.gz
pycrypto-2.6.1.tar.gz  PyYAML-3.11(1).tar.gz
Python-2.7.8           setuptools-7.0
[root@localhost ~]# tar zxf PyYAML-3.11\(1\).tar.gz 
[root@localhost ~]# cd PyYAML-3.11
[root@localhost PyYAML-3.11]# ls
CHANGES   ext  lib3     PKG-INFO  setup.cfg  tests
examples  lib  LICENSE  README    setup.py
[root@localhost PyYAML-3.11]# python setup.py install

自动化运维工具Ansible的安装与部署_第3张图片
Jinja2模块安装:

[root@localhost ~]# ls
Jinja2-2.7.3.tar.gz      Python-2.7.8           setuptools-7.0
MarkupSafe-0.9.3.tar.gz  Python-2.7.8.tgz       setuptools-7.0.tar.gz
pycrypto-2.6.1           PyYAML-3.11
pycrypto-2.6.1.tar.gz    PyYAML-3.11(1).tar.gz
[root@localhost ~]# tar zxf MarkupSafe-0.9.3.tar.gz 
[root@localhost ~]# cd MarkupSafe-0.9.3
[root@localhost MarkupSafe-0.9.3]# python setup.py install

自动化运维工具Ansible的安装与部署_第4张图片

[root@localhost ~]# ls
Jinja2-2.7.3.tar.gz      pycrypto-2.6.1.tar.gz  PyYAML-3.11(1).tar.gz
MarkupSafe-0.9.3         Python-2.7.8           setuptools-7.0
MarkupSafe-0.9.3.tar.gz  Python-2.7.8.tgz       setuptools-7.0.tar.gz
pycrypto-2.6.1           PyYAML-3.11
[root@localhost ~]# tar zxf Jinja2-2.7.3.tar.gz 
[root@localhost ~]# cd Jinja2-2.7.3
[root@localhost Jinja2-2.7.3]# python setup.py install

自动化运维工具Ansible的安装与部署_第5张图片
paramiko模块安装:

[root@localhost ~]# ls
ecdsa-0.11.tar.gz        paramiko-1.15.1.tar.gz  PyYAML-3.11
Jinja2-2.7.3             pycrypto-2.6.1          PyYAML-3.11(1).tar.gz
Jinja2-2.7.3.tar.gz      pycrypto-2.6.1.tar.gz   setuptools-7.0
MarkupSafe-0.9.3         Python-2.7.8            setuptools-7.0.tar.gz
MarkupSafe-0.9.3.tar.gz  Python-2.7.8.tgz
[root@localhost ~]# tar zxf ecdsa-0.11.tar.gz 
[root@localhost ~]# cd ecdsa-0.11
[root@localhost ecdsa-0.11]# python setup.py install

自动化运维工具Ansible的安装与部署_第6张图片

[root@localhost ~]# ls
ecdsa-0.11           MarkupSafe-0.9.3.tar.gz  Python-2.7.8.tgz
ecdsa-0.11.tar.gz    paramiko-1.15.1.tar.gz   PyYAML-3.11
Jinja2-2.7.3         pycrypto-2.6.1           PyYAML-3.11(1).tar.gz
Jinja2-2.7.3.tar.gz  pycrypto-2.6.1.tar.gz    setuptools-7.0
MarkupSafe-0.9.3     Python-2.7.8             setuptools-7.0.tar.gz
[root@localhost ~]# tar zxf paramiko-1.15.1.tar.gz 
[root@localhost ~]# cd paramiko-1.15.1
[root@localhost paramiko-1.15.1]# python setup.py install

自动化运维工具Ansible的安装与部署_第7张图片
simplejson模块安装

[root@localhost ~]# ls
ecdsa-0.11               paramiko-1.15.1         PyYAML-3.11
ecdsa-0.11.tar.gz        paramiko-1.15.1.tar.gz  PyYAML-3.11(1).tar.gz
Jinja2-2.7.3             pycrypto-2.6.1          setuptools-7.0
Jinja2-2.7.3.tar.gz      pycrypto-2.6.1.tar.gz   setuptools-7.0.tar.gz
MarkupSafe-0.9.3         Python-2.7.8            simplejson-3.6.5.tar.gz
MarkupSafe-0.9.3.tar.gz  Python-2.7.8.tgz
[root@localhost ~]# tar zxf simplejson-3.6.5.tar.gz 
[root@localhost ~]# cd simplejson-3.6.5
[root@localhost simplejson-3.6.5]# python setup.py install

自动化运维工具Ansible的安装与部署_第8张图片
ansible安装

[root@localhost ~]# ls
ansible-1.7.2.tar.gz     paramiko-1.15.1         PyYAML-3.11(1).tar.gz
ecdsa-0.11               paramiko-1.15.1.tar.gz  setuptools-7.0
ecdsa-0.11.tar.gz        pycrypto-2.6.1          setuptools-7.0.tar.gz
Jinja2-2.7.3             pycrypto-2.6.1.tar.gz   simplejson-3.6.5
Jinja2-2.7.3.tar.gz      Python-2.7.8            simplejson-3.6.5.tar.gz
MarkupSafe-0.9.3         Python-2.7.8.tgz
MarkupSafe-0.9.3.tar.gz  PyYAML-3.11
[root@localhost ~]# tar zxf ansible-1.7.2.tar.gz 
[root@localhost ~]# cd ansible-1.7.2
[root@localhost ansible-1.7.2]# python setup.py install

自动化运维工具Ansible的安装与部署_第9张图片
ansible的基础配置:

[root@localhost ansible-1.7.2]# ls
ansible.egg-info      CONTRIBUTING.md  examples  Makefile     RELEASES.txt
bin                   COPYING          hacking   MANIFEST.in  setup.py
build                 dist             legacy    packaging    test
CHANGELOG.md          docs             lib       plugins      ticket_stubs
CODING_GUIDELINES.md  docsite          library   README.md    VERSION
[root@localhost ansible-1.7.2]# cd examples/
[root@localhost examples]# ls
ansible.cfg  DOCUMENTATION.yml  hosts  issues  playbooks  scripts
[root@localhost examples]# mkdir /etc/ansible
[root@localhost examples]# cp hosts ansible.cfg /etc/ansible/
[root@localhost examples]# ls -l /etc/ansible/
total 12
-rw-r--r-- 1 root root 7172 Aug 16 15:50 ansible.cfg
-rw-r--r-- 1 root root  965 Aug 16 15:50 hosts

自动化运维工具Ansible的安装与部署_第10张图片

默认配置文件位置为/etc/ansible/ansilble.cfg,配置文件位置可以修改。
Ansible 按照如下位置和顺序来查找ansible.cfg 文件:
1.ANSIBLE_CONFIG 环境变量所指定的文件。
2../ansible.cfg(当前目录下的ansible.cfg)。
3.~/.ansible.cfg(家目录下的.ansible.cfg)。
4./etc/ansible/ansible.cfg

配置免密连接:

[root@localhost ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
89:18:6d:6c:02:cc:fa:b1:42:ff:2b:1b:03:1a:20:64 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| E.              |
|o o. o           |
|o.  o =          |
|+..  * . .       |
|oo.o. . S        |
|o.+.             |
|.. o.            |
|   .o.           |
|   .o..          |
+-----------------+
[root@localhost ~]# hostname westos1

自动化运维工具Ansible的安装与部署_第11张图片

[root@localhost ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.11 westos1
172.25.254.12 westos2
172.25.254.13 westos3
172.25.254.14 westos4
172.25.254.15 westos5
172.25.254.16 westos6
172.25.254.17 westos7
172.25.254.3 server3 
[root@localhost ~]# ssh-copy-id westos1  确保服务端和客户端之间可以相互免密连接,不然在后面的测试会报错
[root@localhost ~]# scp -r .ssh/ westos2:/root/  建立免密连接
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'westos2,172.25.254.12' (ECDSA) to the list of known hosts.
root@westos2's password: 
id_rsa                                        100% 1675     1.6KB/s   00:00    
id_rsa.pub                                    100%  408     0.4KB/s   00:00    
known_hosts                                   100%  366     0.4KB/s   00:00    
authorized_keys                               100%  408     0.4KB/s   00:00    
[root@localhost ~]# getenforce 
Disabled
[root@localhost ~]# ssh 172.25.254.12  可以免密连接
Last login: Thu Aug 16 13:38:37 2018 from 172.25.254.84
[root@westos2 ~]# exit
logout
Connection to 172.25.254.12 closed.

自动化运维工具Ansible的安装与部署_第12张图片
在客户端:

[root@localhost ~]# hostname westos2
[root@localhost ~]# getenforce 关闭selinux
Disabled
[root@localhost ~]# ssh [email protected] 可以免密连接服务端
Last failed login: Thu Aug 16 16:02:31 CST 2018 from westos1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Aug 16 13:38:09 2018 from 172.25.254.84
[root@westos1 ~]# exit
logout
Connection to 172.25.254.11 closed.
[root@localhost ~]# 

自动化运维工具Ansible的安装与部署_第13张图片
修改ansible的hosts文件,如果文件中写的是名字得添加解析/etc/hosts

#  vim  /etc/ansible/hosts在末尾添加:

自动化运维工具Ansible的安装与部署_第14张图片
进行测试可以Ping的通:

[root@localhost ansible]# ansible all -m ping
172.25.254.12 | success >> {
    "changed": false, 
    "ping": "pong"
}

自动化运维工具Ansible的安装与部署_第15张图片

vim /etc/ansible/ansible.cfg
1> 禁用每次执行ansbile命令检查ssh key host
host_key_checking = False
2> 开启日志记录
log_path = /var/log/ansible.log
3> ansible连接加速配置
[accelerate]
#accelerate_port = 5099
accelerate_port = 10000 
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0

# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
accelerate_multi_key = yes

自动化运维工具Ansible的安装与部署_第16张图片
自动化运维工具Ansible的安装与部署_第17张图片
执行w命令,查看服务器的状态:

#  ansible  testhosts  -m command -a  ‘w‘
[root@localhost bin]# vim /etc/ansible/hosts

这里写图片描述

[root@localhost bin]# ansible testhosts -m command -a 'w'  这个命令必须保证文件中所写的客户端均安装python不然会报错
127.0.0.1 | success | rc=0 >>
 17:46:12 up  4:09,  2 users,  load average: 0.21, 0.16, 0.15
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0     13:37    4.00s  0.28s  0.00s ssh -C -tt -q -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 172.25.254.12 /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python /root/.ansible/tmp/ansible-tmp-1534412772.65-135276469465063/command; rm -rf /root/.ansibl
root     pts/2     17:46    0.00s  0.02s  0.00s w

172.25.254.12 | success | rc=0 >>
 17:46:12 up  4:09,  3 users,  load average: 0.00, 0.01, 0.08
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0     13:38   19:40   0.12s  0.11s ssh [email protected]
root     pts/1     17:16   19:40   0.00s  0.00s -bash
root     pts/2     17:46    0.00s  0.03s  0.00s w

自动化运维工具Ansible的安装与部署_第18张图片
利用ansible可以方便地将本地的目录或者文件同步到远程服务器

[root@localhost bin]# vim /tmp/test.sh
[root@westos1 ~]# cat /tmp/test.sh 
#!/bin/bash
echo `date` > /tmp/ansible_test.txt
[root@westos1 ~]# ansible testhosts -s -m copy -a 'src=/tmp/test.sh dest=/tmp/test.sh mode=0755'
127.0.0.1 | success >> {
    "changed": false, 
    "dest": "/tmp/test.sh", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "edfaa4371316af8c5ba354e708fe8a97", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/test.sh", 
    "size": 48, 
    "state": "file", 
    "uid": 0
}

172.25.254.12 | success >> {
    "changed": false, 
    "dest": "/tmp/test.sh", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "edfaa4371316af8c5ba354e708fe8a97", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/test.sh", 
    "size": 48, 
    "state": "file", 
    "uid": 0
}

自动化运维工具Ansible的安装与部署_第19张图片
然后,可以批量执行该脚本:

[root@westos1 ~]# ansible testhosts -m shell -a '/tmp/test.sh'
127.0.0.1 | success | rc=0 >>


172.25.254.12 | success | rc=0 >>

自动化运维工具Ansible的安装与部署_第20张图片

你可能感兴趣的:(自动化运维工具Ansible的安装与部署)