Ansible简介:
Ansible是一个简单高效的自动化运维管理工具,用Python开发,能大批量管理N多台机器,可以并发的在
多台机器上部署应用、安装软件、执行命令、配置和编排任务。
1 软件安装在服务器和客户端均安装python
实验环境:
westos1 172.25.254.11 ansible端,服务端
westos2 172.25.254.12 客户端
可以有多个客户端相同的方法安装即可:
Ansible是用Python开发的,使用ansible需要操作系统有Python,建议Python版本2.6以上。
Ansible安装所依赖插件较多,具体安装过程如下:
注:所有的软件包全部在/usr/local/目录下进行安装
基本安装
安装gcc,用于编译Python源码
yum install gcc
安装zlib(如果没安装,在安装setuptools时可能会出现的错误RuntimeError:Compression requires the (missing) zlib module)
yum install zlib zlib-devel -y
安装openssl(如果不安装,使用easy_install时可能会出现的错误:error:Could not find suitable distribution for Requirement.parse('jinja2'))
本实践未使用这种安装方式,就如下一个一个模块来安装(具体命令:easy_install pycrypto pyyaml jinja2 markupsafe ecdsa paramiko simplejson)
yum install openssl openssl-devel -y
python2.7安装
https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgz
# tar xvzf Python-2.7.8.tgz
# cd Python-2.7.8
# ./configure --prefix=/usr/local
# make
# make install
## 将python头文件拷贝到标准目录,以避免编译ansible时,找不到所需的头文件
# cd /usr/local/include/python2.7
# cp -a ./* /usr/local/include/
## 备份旧版本的python,并符号链接新版本的python
# cd /usr/bin
# mv python python.old
# ln -s /usr/local/bin/python2.7 /usr/local/bin/python
# rm -f /usr/bin/python && cp /usr/local/bin/python2.7 /usr/bin/python
这两条命令均执行不然后面测试会报错文件/usr/bin/python不存在
[root@localhost bin]# vim /usr/bin/yum
[root@localhost bin]# cat /usr/bin/yum | head -n 1
#!/usr/bin/python2.4
[root@localhost bin]# cd
[root@localhost ~]# ls
pycrypto-2.6.1.tar.gz Python-2.7.8 Python-2.7.8.tgz setuptools-7.0.tar.gz
[root@localhost ~]# tar zxf setuptools-7.0.tar.gz
[root@localhost ~]# cd setuptools-7.0
[root@localhost setuptools-7.0]# python setup.py install
[root@localhost setuptools-7.0]# ls
build launcher.c release.py
CHANGES (links).txt MANIFEST.in setup.cfg
CHANGES.txt _markerlib setup.py
DEVGUIDE.txt msvc-build-launcher.cmd setuptools
dist PKG-INFO setuptools.egg-info
docs pkg_resources.py tests
easy_install.py pkg_resources.pyc tox.ini
ez_setup.py README.txt
[root@localhost setuptools-7.0]# cd
[root@localhost ~]# ls
pycrypto-2.6.1.tar.gz Python-2.7.8.tgz setuptools-7.0.tar.gz
Python-2.7.8 setuptools-7.0
[root@localhost ~]# tar zxf pycrypto-2.6.1.tar.gz
[root@localhost ~]# cd pycrypto-2.6.1
[root@localhost pycrypto-2.6.1]# python setup.py install
[root@localhost ~]# ls
pycrypto-2.6.1 Python-2.7.8.tgz setuptools-7.0.tar.gz
pycrypto-2.6.1.tar.gz PyYAML-3.11(1).tar.gz
Python-2.7.8 setuptools-7.0
[root@localhost ~]# tar zxf PyYAML-3.11\(1\).tar.gz
[root@localhost ~]# cd PyYAML-3.11
[root@localhost PyYAML-3.11]# ls
CHANGES ext lib3 PKG-INFO setup.cfg tests
examples lib LICENSE README setup.py
[root@localhost PyYAML-3.11]# python setup.py install
[root@localhost ~]# ls
Jinja2-2.7.3.tar.gz Python-2.7.8 setuptools-7.0
MarkupSafe-0.9.3.tar.gz Python-2.7.8.tgz setuptools-7.0.tar.gz
pycrypto-2.6.1 PyYAML-3.11
pycrypto-2.6.1.tar.gz PyYAML-3.11(1).tar.gz
[root@localhost ~]# tar zxf MarkupSafe-0.9.3.tar.gz
[root@localhost ~]# cd MarkupSafe-0.9.3
[root@localhost MarkupSafe-0.9.3]# python setup.py install
[root@localhost ~]# ls
Jinja2-2.7.3.tar.gz pycrypto-2.6.1.tar.gz PyYAML-3.11(1).tar.gz
MarkupSafe-0.9.3 Python-2.7.8 setuptools-7.0
MarkupSafe-0.9.3.tar.gz Python-2.7.8.tgz setuptools-7.0.tar.gz
pycrypto-2.6.1 PyYAML-3.11
[root@localhost ~]# tar zxf Jinja2-2.7.3.tar.gz
[root@localhost ~]# cd Jinja2-2.7.3
[root@localhost Jinja2-2.7.3]# python setup.py install
[root@localhost ~]# ls
ecdsa-0.11.tar.gz paramiko-1.15.1.tar.gz PyYAML-3.11
Jinja2-2.7.3 pycrypto-2.6.1 PyYAML-3.11(1).tar.gz
Jinja2-2.7.3.tar.gz pycrypto-2.6.1.tar.gz setuptools-7.0
MarkupSafe-0.9.3 Python-2.7.8 setuptools-7.0.tar.gz
MarkupSafe-0.9.3.tar.gz Python-2.7.8.tgz
[root@localhost ~]# tar zxf ecdsa-0.11.tar.gz
[root@localhost ~]# cd ecdsa-0.11
[root@localhost ecdsa-0.11]# python setup.py install
[root@localhost ~]# ls
ecdsa-0.11 MarkupSafe-0.9.3.tar.gz Python-2.7.8.tgz
ecdsa-0.11.tar.gz paramiko-1.15.1.tar.gz PyYAML-3.11
Jinja2-2.7.3 pycrypto-2.6.1 PyYAML-3.11(1).tar.gz
Jinja2-2.7.3.tar.gz pycrypto-2.6.1.tar.gz setuptools-7.0
MarkupSafe-0.9.3 Python-2.7.8 setuptools-7.0.tar.gz
[root@localhost ~]# tar zxf paramiko-1.15.1.tar.gz
[root@localhost ~]# cd paramiko-1.15.1
[root@localhost paramiko-1.15.1]# python setup.py install
[root@localhost ~]# ls
ecdsa-0.11 paramiko-1.15.1 PyYAML-3.11
ecdsa-0.11.tar.gz paramiko-1.15.1.tar.gz PyYAML-3.11(1).tar.gz
Jinja2-2.7.3 pycrypto-2.6.1 setuptools-7.0
Jinja2-2.7.3.tar.gz pycrypto-2.6.1.tar.gz setuptools-7.0.tar.gz
MarkupSafe-0.9.3 Python-2.7.8 simplejson-3.6.5.tar.gz
MarkupSafe-0.9.3.tar.gz Python-2.7.8.tgz
[root@localhost ~]# tar zxf simplejson-3.6.5.tar.gz
[root@localhost ~]# cd simplejson-3.6.5
[root@localhost simplejson-3.6.5]# python setup.py install
[root@localhost ~]# ls
ansible-1.7.2.tar.gz paramiko-1.15.1 PyYAML-3.11(1).tar.gz
ecdsa-0.11 paramiko-1.15.1.tar.gz setuptools-7.0
ecdsa-0.11.tar.gz pycrypto-2.6.1 setuptools-7.0.tar.gz
Jinja2-2.7.3 pycrypto-2.6.1.tar.gz simplejson-3.6.5
Jinja2-2.7.3.tar.gz Python-2.7.8 simplejson-3.6.5.tar.gz
MarkupSafe-0.9.3 Python-2.7.8.tgz
MarkupSafe-0.9.3.tar.gz PyYAML-3.11
[root@localhost ~]# tar zxf ansible-1.7.2.tar.gz
[root@localhost ~]# cd ansible-1.7.2
[root@localhost ansible-1.7.2]# python setup.py install
[root@localhost ansible-1.7.2]# ls
ansible.egg-info CONTRIBUTING.md examples Makefile RELEASES.txt
bin COPYING hacking MANIFEST.in setup.py
build dist legacy packaging test
CHANGELOG.md docs lib plugins ticket_stubs
CODING_GUIDELINES.md docsite library README.md VERSION
[root@localhost ansible-1.7.2]# cd examples/
[root@localhost examples]# ls
ansible.cfg DOCUMENTATION.yml hosts issues playbooks scripts
[root@localhost examples]# mkdir /etc/ansible
[root@localhost examples]# cp hosts ansible.cfg /etc/ansible/
[root@localhost examples]# ls -l /etc/ansible/
total 12
-rw-r--r-- 1 root root 7172 Aug 16 15:50 ansible.cfg
-rw-r--r-- 1 root root 965 Aug 16 15:50 hosts
默认配置文件位置为/etc/ansible/ansilble.cfg,配置文件位置可以修改。
Ansible 按照如下位置和顺序来查找ansible.cfg 文件:
1.ANSIBLE_CONFIG 环境变量所指定的文件。
2../ansible.cfg(当前目录下的ansible.cfg)。
3.~/.ansible.cfg(家目录下的.ansible.cfg)。
4./etc/ansible/ansible.cfg。
配置免密连接:
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
89:18:6d:6c:02:cc:fa:b1:42:ff:2b:1b:03:1a:20:64 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| E. |
|o o. o |
|o. o = |
|+.. * . . |
|oo.o. . S |
|o.+. |
|.. o. |
| .o. |
| .o.. |
+-----------------+
[root@localhost ~]# hostname westos1
[root@localhost ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.11 westos1
172.25.254.12 westos2
172.25.254.13 westos3
172.25.254.14 westos4
172.25.254.15 westos5
172.25.254.16 westos6
172.25.254.17 westos7
172.25.254.3 server3
[root@localhost ~]# ssh-copy-id westos1 确保服务端和客户端之间可以相互免密连接,不然在后面的测试会报错
[root@localhost ~]# scp -r .ssh/ westos2:/root/ 建立免密连接
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'westos2,172.25.254.12' (ECDSA) to the list of known hosts.
root@westos2's password:
id_rsa 100% 1675 1.6KB/s 00:00
id_rsa.pub 100% 408 0.4KB/s 00:00
known_hosts 100% 366 0.4KB/s 00:00
authorized_keys 100% 408 0.4KB/s 00:00
[root@localhost ~]# getenforce
Disabled
[root@localhost ~]# ssh 172.25.254.12 可以免密连接
Last login: Thu Aug 16 13:38:37 2018 from 172.25.254.84
[root@westos2 ~]# exit
logout
Connection to 172.25.254.12 closed.
[root@localhost ~]# hostname westos2
[root@localhost ~]# getenforce 关闭selinux
Disabled
[root@localhost ~]# ssh [email protected] 可以免密连接服务端
Last failed login: Thu Aug 16 16:02:31 CST 2018 from westos1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Aug 16 13:38:09 2018 from 172.25.254.84
[root@westos1 ~]# exit
logout
Connection to 172.25.254.11 closed.
[root@localhost ~]#
修改ansible的hosts文件,如果文件中写的是名字得添加解析/etc/hosts
# vim /etc/ansible/hosts在末尾添加:
[root@localhost ansible]# ansible all -m ping
172.25.254.12 | success >> {
"changed": false,
"ping": "pong"
}
vim /etc/ansible/ansible.cfg
1> 禁用每次执行ansbile命令检查ssh key host
host_key_checking = False
2> 开启日志记录
log_path = /var/log/ansible.log
3> ansible连接加速配置
[accelerate]
#accelerate_port = 5099
accelerate_port = 10000
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
accelerate_multi_key = yes
# ansible testhosts -m command -a ‘w‘
[root@localhost bin]# vim /etc/ansible/hosts
[root@localhost bin]# ansible testhosts -m command -a 'w' 这个命令必须保证文件中所写的客户端均安装python不然会报错
127.0.0.1 | success | rc=0 >>
17:46:12 up 4:09, 2 users, load average: 0.21, 0.16, 0.15
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 13:37 4.00s 0.28s 0.00s ssh -C -tt -q -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 172.25.254.12 /bin/sh -c 'LANG=C LC_CTYPE=C /usr/bin/python /root/.ansible/tmp/ansible-tmp-1534412772.65-135276469465063/command; rm -rf /root/.ansibl
root pts/2 17:46 0.00s 0.02s 0.00s w
172.25.254.12 | success | rc=0 >>
17:46:12 up 4:09, 3 users, load average: 0.00, 0.01, 0.08
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 13:38 19:40 0.12s 0.11s ssh [email protected]
root pts/1 17:16 19:40 0.00s 0.00s -bash
root pts/2 17:46 0.00s 0.03s 0.00s w
利用ansible可以方便地将本地的目录或者文件同步到远程服务器
[root@localhost bin]# vim /tmp/test.sh
[root@westos1 ~]# cat /tmp/test.sh
#!/bin/bash
echo `date` > /tmp/ansible_test.txt
[root@westos1 ~]# ansible testhosts -s -m copy -a 'src=/tmp/test.sh dest=/tmp/test.sh mode=0755'
127.0.0.1 | success >> {
"changed": false,
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "edfaa4371316af8c5ba354e708fe8a97",
"mode": "0755",
"owner": "root",
"path": "/tmp/test.sh",
"size": 48,
"state": "file",
"uid": 0
}
172.25.254.12 | success >> {
"changed": false,
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "edfaa4371316af8c5ba354e708fe8a97",
"mode": "0755",
"owner": "root",
"path": "/tmp/test.sh",
"size": 48,
"state": "file",
"uid": 0
}
[root@westos1 ~]# ansible testhosts -m shell -a '/tmp/test.sh'
127.0.0.1 | success | rc=0 >>
172.25.254.12 | success | rc=0 >>