Chinaunix首页 | 论坛 | 博客

hyunmin

首页 |  博文目录 |  关于我

sxm5211258

  • 博客访问: 402067
  • 博文数量: 112
  • 博客积分: 10
  • 博客等级: 民兵
  • 技术积分: 800
  • 用 户 组: 普通用户
  • 注册时间: 2010-12-29 13:41
文章分类

全部博文(112)

文章存档

2020年(1)

2018年(10)

2017年(27)

2016年(18)

2015年(31)

2014年(25)

我的朋友
最近访客
推荐博文
相关博文
自动化运维工具ansible之安装(一)

分类: 系统运维

2016-05-05 00:05:19

一、ansible介绍:
ansible是基于python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的事ansible所运行的模块,ansible只是提供了一种框架。
 主要包括:
1、链接插件connection plugins:负责和被监控端实现通信;
2、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
3、模块:core modules、command模块、自定义模块;
4、plugins(email,logging,other):借助于插件完成记录日志邮件等功能;
5、playbooks:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
如图:
       

特点:
1、不需要再被监控主机上安装任何客户端;
2、无服务器端,使用时直接运行命令即可;
3、基于模块工作,可使用任意语言开发模块;
4、使用yaml语言定制剧本playbook;
5、基于ssh工作;
6、可实现多级指挥。

优点:
1、轻量级,安装简便,更新时,只需在操作机上进行一次更新即可;
2、批量任务执行可写成脚本,而且不用分发到远程就可执行;
3、使用python编写,维护简单;
4、支持sudo。

工作流程:
 

二、ansible安装
1、安装环境:
    系统:CentOS release 6.5 and ubuntu  16.04.1
    内核:Linux 2.6.32-431.el6.x86_64
   Python:2.6或2.7
    主机ip:192.168.1.123
    被控机ip:192.168.1.124
2、安装方法:
    2.1、pip安装:
            #yum install python-pip python-devel -y
            #pip install ansible --upgrade
    2.2、source安装:
            #git clone git://github.com/ansible/ansible.git --recursive
            #cd ./ansible
            #source ./hacking/env-setup
    2.3、apt-get安装:
            #apt-get install software-properties-common
            #apt-add-repository ppa:ansible/ansible
            #apt-get update
            #apt-get install ansible
   2.4、yum安装:
            
yum安装ansible
      说明:ansible YAML格式,无client,去中心化;安装只依赖ssh,python;控制服务器(Master)需要安装Python2.6/7,windows无法安装ansible。被管理的服务器(Managed Node)需要安装Python2.4以上的版本,如低于2.5,需安装python-simplejson。

点击(此处)折叠或打开

  1. python版本
  2. # python -V
  3. Python 2.6.6
  4. 配置epel(企业版 Linux 附加软件包)
  5. #wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
  7. #rpm -Uvh 
  8. #rpm -Uvh 
  9. #rpm -Uvh http://mirror-fpt-telecom.fpt.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
  10. #rpm -Uvh 
  11. #rpm -Uvh 
  12. #yum install -y ansible

  14. Loaded plugins: fastestmirror, security
  15. Loading mirror speeds from cached hostfile
  16.  * epel: mirrors.aliyun.com
  17. base | 3.7 kB 00:00
  18. epel | 4.3 kB 00:00
  19. epel/primary_db | 5.9 MB 00:09
  20. extras | 3.4 kB 00:00
  21. updates | 3.4 kB 00:00
  22. updates/primary_db | 4.7 MB 00:08
  23. Setting up Install Process
  24. Resolving Dependencies
  25. --> Running transaction check
  26. ---> Package ansible.noarch 0:2.0.1.0-2.el6 will be installed
  27. --> Processing Dependency: sshpass for package: ansible-2.0.1.0-2.el6.noarch
  28. --> Processing Dependency: python-six for package: ansible-2.0.1.0-2.el6.noarch
  29. --> Processing Dependency: python-simplejson for package: ansible-2.0.1.0-2.el6.noarch
  30. --> Processing Dependency: python-keyczar for package: ansible-2.0.1.0-2.el6.noarch
  31. --> Processing Dependency: python-jinja2-26 for package: ansible-2.0.1.0-2.el6.noarch
  32. --> Processing Dependency: python-httplib2 for package: ansible-2.0.1.0-2.el6.noarch
  33. --> Processing Dependency: python-crypto2.6 for package: ansible-2.0.1.0-2.el6.noarch
  34. --> Processing Dependency: PyYAML for package: ansible-2.0.1.0-2.el6.noarch
  35. --> Running transaction check
  36. ---> Package PyYAML.x86_64 0:3.10-3.1.el6 will be installed
  37. --> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-3.1.el6.x86_64
  38. ---> Package python-crypto2.6.x86_64 0:2.6.1-2.el6 will be installed
  39. ---> Package python-httplib2.noarch 0:0.7.7-1.el6 will be installed
  40. ---> Package python-jinja2-26.noarch 0:2.6-3.el6 will be installed
  41. --> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-26-2.6-3.el6.noarch
  42. --> Processing Dependency: python-markupsafe for package: python-jinja2-26-2.6-3.el6.noarch
  43. ---> Package python-keyczar.noarch 0:0.71c-1.el6 will be installed
  44. --> Processing Dependency: python-pyasn1 for package: python-keyczar-0.71c-1.el6.noarch
  45. ---> Package python-simplejson.x86_64 0:2.0.9-3.1.el6 will be installed
  46. ---> Package python-six.noarch 0:1.9.0-2.el6 will be installed
  47. ---> Package sshpass.x86_64 0:1.05-1.el6 will be installed
  48. --> Running transaction check
  49. ---> Package libyaml.x86_64 0:0.1.3-4.el6_6 will be installed
  50. ---> Package python-babel.noarch 0:0.9.4-5.1.el6 will be installed
  51. ---> Package python-markupsafe.x86_64 0:0.9.2-4.el6 will be installed
  52. ---> Package python-pyasn1.noarch 0:0.0.12a-1.el6 will be installed
  53. --> Finished Dependency Resolution

  55. Dependencies Resolved

  57. =====================================================================================================================
  58.  Package Arch Version Repository Size
  59. =====================================================================================================================
  60. Installing:
  61.  ansible noarch 2.0.1.0-2.el6 epel 2.9 M
  62. Installing for dependencies:
  63.  PyYAML x86_64 3.10-3.1.el6 base 157 k
  64.  libyaml x86_64 0.1.3-4.el6_6 base 52 k
  65.  python-babel noarch 0.9.4-5.1.el6 base 1.4 M
  66.  python-crypto2.6 x86_64 2.6.1-2.el6 epel 513 k
  67.  python-httplib2 noarch 0.7.7-1.el6 epel 70 k
  68.  python-jinja2-26 noarch 2.6-3.el6 epel 527 k
  69.  python-keyczar noarch 0.71c-1.el6 epel 219 k
  70.  python-markupsafe x86_64 0.9.2-4.el6 base 22 k
  71.  python-pyasn1 noarch 0.0.12a-1.el6 base 70 k
  72.  python-simplejson x86_64 2.0.9-3.1.el6 base 126 k
  73.  python-six noarch 1.9.0-2.el6 base 28 k
  74.  sshpass x86_64 1.05-1.el6 epel 19 k

  76. Transaction Summary
  77. =====================================================================================================================
  78. Install 13 Package(s)

  80. Total download size: 6.1 M
  81. Installed size: 25 M
  82. Downloading Packages:
  83. (1/13): PyYAML-3.10-3.1.el6.x86_64.rpm | 157 kB 00:00
  84. (2/13): ansible-2.0.1.0-2.el6.noarch.rpm | 2.9 MB 00:04
  85. (3/13): libyaml-0.1.3-4.el6_6.x86_64.rpm | 52 kB 00:00
  86. (4/13): python-babel-0.9.4-5.1.el6.noarch.rpm | 1.4 MB 00:02
  87. (5/13): python-crypto2.6-2.6.1-2.el6.x86_64.rpm | 513 kB 00:00
  88. (6/13): python-httplib2-0.7.7-1.el6.noarch.rpm | 70 kB 00:00
  89. (7/13): python-jinja2-26-2.6-3.el6.noarch.rpm | 527 kB 00:00
  90. (8/13): python-keyczar-0.71c-1.el6.noarch.rpm | 219 kB 00:00
  91. (9/13): python-markupsafe-0.9.2-4.el6.x86_64.rpm | 22 kB 00:00
  92. (10/13): python-pyasn1-0.0.12a-1.el6.noarch.rpm | 70 kB 00:00
  93. (11/13): python-simplejson-2.0.9-3.1.el6.x86_64.rpm | 126 kB 00:00
  94. (12/13): python-six-1.9.0-2.el6.noarch.rpm | 28 kB 00:00
  95. (13/13): sshpass-1.05-1.el6.x86_64.rpm | 19 kB 00:00
  96. ---------------------------------------------------------------------------------------------------------------------
  97. Total 105 kB/s | 6.1 MB 00:59
  98. Running rpm_check_debug
  99. Running Transaction Test
  100. Transaction Test Succeeded
  101. Running Transaction
  102.   Installing : python-markupsafe-0.9.2-4.el6.x86_64 1/13
  103.   Installing : sshpass-1.05-1.el6.x86_64 2/13
  104.   Installing : python-crypto2.6-2.6.1-2.el6.x86_64 3/13
  105.   Installing : python-simplejson-2.0.9-3.1.el6.x86_64 4/13
  106.   Installing : python-httplib2-0.7.7-1.el6.noarch 5/13
  107.   Installing : python-pyasn1-0.0.12a-1.el6.noarch 6/13
  108.   Installing : python-keyczar-0.71c-1.el6.noarch 7/13
  109.   Installing : libyaml-0.1.3-4.el6_6.x86_64 8/13
  110.   Installing : PyYAML-3.10-3.1.el6.x86_64 9/13
  111.   Installing : python-six-1.9.0-2.el6.noarch 10/13
  112.   Installing : python-babel-0.9.4-5.1.el6.noarch 11/13
  113.   Installing : python-jinja2-26-2.6-3.el6.noarch 12/13
  114.   Installing : ansible-2.0.1.0-2.el6.noarch 13/13
  115.   Verifying : PyYAML-3.10-3.1.el6.x86_64 1/13
  116.   Verifying : python-babel-0.9.4-5.1.el6.noarch 2/13
  117.   Verifying : python-six-1.9.0-2.el6.noarch 3/13
  118.   Verifying : python-keyczar-0.71c-1.el6.noarch 4/13
  119.   Verifying : libyaml-0.1.3-4.el6_6.x86_64 5/13
  120.   Verifying : python-pyasn1-0.0.12a-1.el6.noarch 6/13
  121.   Verifying : python-httplib2-0.7.7-1.el6.noarch 7/13
  122.   Verifying : python-simplejson-2.0.9-3.1.el6.x86_64 8/13
  123.   Verifying : python-jinja2-26-2.6-3.el6.noarch 9/13
  124.   Verifying : python-crypto2.6-2.6.1-2.el6.x86_64 10/13
  125.   Verifying : sshpass-1.05-1.el6.x86_64 11/13
  126.   Verifying : ansible-2.0.1.0-2.el6.noarch 12/13
  127.   Verifying : python-markupsafe-0.9.2-4.el6.x86_64 13/13

  129. Installed:
  130.   ansible.noarch 0:2.0.1.0-2.el6

  132. Dependency Installed:
  133.   PyYAML.x86_64 0:3.10-3.1.el6 libyaml.x86_64 0:0.1.3-4.el6_6
  134.   python-babel.noarch 0:0.9.4-5.1.el6 python-crypto2.6.x86_64 0:2.6.1-2.el6
  135.   python-httplib2.noarch 0:0.7.7-1.el6 python-jinja2-26.noarch 0:2.6-3.el6
  136.   python-keyczar.noarch 0:0.71c-1.el6 python-markupsafe.x86_64 0:0.9.2-4.el6
  137.   python-pyasn1.noarch 0:0.0.12a-1.el6 python-simplejson.x86_64 0:2.0.9-3.1.el6
  138.   python-six.noarch 0:1.9.0-2.el6 sshpass.x86_64 0:1.05-1.el6



  142. # ansible --version
  143. ansible 2.0.1.0
  144. 查看安装包列表
  145. rpm -ql ansible

  147. ansible安装完毕
3、ansible配置ssh无密码访问
 

点击(此处)折叠或打开

  1. 生成ssh公钥/私钥:ssh-keygen
  2. # ssh-keygen -t rsa -P ''
  3. Generating public/private rsa key pair.
  4. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa_ansible
  5. Your identification has been saved in /root/.ssh/id_rsa_ansible.
  6. Your public key has been saved in /root/.ssh/id_rsa_ansible.pub.
  7. The key fingerprint is:
  8. ae:89:e7:70:29:7e:af:6e:57:60:7b:b6:ad:fd:59:e8 root@web1
  9. The key's randomart image is:
  10. +--[ RSA 2048]----+
  11. | |
  12. | |
  13. | |
  14. | o |
  15. | .So |
  16. | o. + . |
  17. | o o .+ o . .|
  18. | . =+o. .... o |
  19. | o**+. ....E |
  20. +-----------------+
  22. # cat /root/.ssh/id_rsa_ansible.pub > /root/.ssh/authorized_keys
  23. # chmod 600 /root/.ssh/authorized_keys
  24. 将公钥分发到被控机
  25. #scp -P “端口号” /root/.ssh/authorized_keys root@192.168.1.124:/root/.ssh/
  27. #ssh-copy-id -i /root/.ssh/id_rsa_ansible.pub “-p “端口号” root@192.168.1.124”
  28. ssh报错1:
  29. # ssh -p 8020 root@192.168.1.124
    reverse mapping checking getaddrinfo for bogon [192.168.1.124] failed - POSSIBLE BREAK-IN ATTEMPT!


    root@192.168.1.124's password: 
    Permission denied, please try again.
    root@192.168.1.124's password: 
    解决办法:修改被控机/etc/ssh/sshd_config中”PermitRootLogin no“为”PermitRootLogin yes“,重启sshd服务。

  31. ssh报错2:
  32. # ssh -p 8020 root@192.168.1.124
    ssh_exchange_identification: Connection closed by remote host
    解决办法:修改/etc/hosts.allow 添加sshd:all 或者sshd:192.168.1.123

  34. 报错:

  35. 点击(此处)折叠或打开

    1. 192.168.3.72 | => {
    2.     "changed": false,
    3.     "msg": "Authentication failed.",
    4.     "unreachable": true
    5. }
  36. 解决办法修改ansible.cfg中remote_user = root
  37. #vim /etc/ansible/ansible.cfg
  38. remote_port    = 22   #远程被控机端口号
  39. ask_pass      = True    #默认ansible使用key验证,如果使用密码登陆的服务器,使用ansible命令取消注释ask_pass就不需要在命令执行的时候加上-k参数。
  40. private_key_file = /root/.ssh/id_rsa_ansible      #使用该私钥文件进行身份验证
  41. remote_user = ansible    #远程用户
  42. log_path = /var/log/ansible.log    #ansible日志
  43. remote_user = root    #设置远程用户为root

  45. 添加主机
  46. # vim /etc/ansible/hosts
  47. [web]
    192.168.1.123
    192.168.1.124
  48. 测试ansible
  49. 执行ansible报错:“FAILED => FAILED: not a valid DSA private key file
  50. 解决方法:在执行命令行最后加-k参数。如:ansible web -m command -a 'w' -k

  52. 利用comman模块敲命令
  53. #ansible web -m command -a 'w'
  54. 192.168.1.123 | SUCCESS | rc=0 >>
     22:56:33 up 1 day,  5:01,  3 users,  load average: 0.07, 0.02, 0.00
    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
    root     tty1     -                31Dec15 125days  0.13s  0.13s -bash
    root     pts/0    192.168.1.107    01Jan16  2.00s  2.11s  0.56s /usr/bin/python
    root     pts/1    192.168.1.123    22:56    0.00s  0.34s  0.00s /bin/sh -c LANG


    192.168.1.124 | SUCCESS | rc=0 >>
     01:49:54 up 18:39,  3 users,  load average: 0.00, 0.14, 0.12
    USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
    root     tty1     -                Thu07   18:35m  0.13s  0.13s -bash
    root     pts/0    192.168.1.107    01:42    3:50   0.14s  0.14s -bash
    root     pts/1    192.168.1.123    01:49    0.00s  0.51s  0.00s /bin/sh -c LANG
  55. 查看主机运行状态
  56. # ansible web -m ping
  57. 192.168.1.123 | SUCCESS => {
        "changed": false, 
        "ping": "pong"
    }
    192.168.1.124 | SUCCESS => {
        "changed": false, 
        "ping": "pong"
    }
  58. 查看远程主机基本信息
  59. # ansible web -m setup
  60. 192.168.1.124 | SUCCESS => {
        "ansible_facts": {
            "ansible_all_ipv4_addresses": [
                "192.168.1.121", 
                "192.168.1.124"
            ], 
            "ansible_all_ipv6_addresses": [
                "fe80::20c:29ff:fe58:77e6"
            ],

4、ansible模块:
ansible默认提供了很多模块来供我们使用。
 比较常见的模块:
 copy、file、cron、group、user、yum、service、script、ping、command、raw、get_url、synchronize

点击(此处)折叠或打开

  1. 查看当前ansible都支持哪些模块
  2. #ansible-doc -l
  3. 查看copy模块有哪些参数可以使用
  4. #ansible-doc -s copy


   参考:
           http://devopsh.com/537.html
            http://sofar.blog.51cto.com/353572/1579894/
            
           http://blog.csdn.net/iloveyin/article/details/46982023
           http://laowafang.blog.51cto.com/251518/1380909
阅读(1649) | 评论(0) | 转发(0) |
0

上一篇:深入理解Linux守护进程

下一篇:自动化运维工具之python多环境管理

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6