首页 > 代码库 > 学习记录: 安装配置自动化工具ansible
学习记录: 安装配置自动化工具ansible
学习记录: 安装配置ansible
更新日期: 2016-11-30
系统环境 :centos6.5
本机ip :192.168.233.123
被管理机ip :192.168.233.124
—————————————————————————————————————
py版本 : 默认python2.6
ansible版本:ansible 1.7.2
ansible参数:
-m 模块名(执行命令)
-a 模块参数
-i 目录清单(/etc/ansible/hosts)
ansible-doc -l 显示所有自带模块
1.安装相关模块
(1)、setuptools模块安装
# wget https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gz --no-check-certificate
# tar zvxf setuptools-7.0.tar.gz
# cd setuptools-7.0
# python setup.py install
(2)、PyYAML模块安装
# wget http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gz
# tar zvxf yaml-0.1.5.tar.gz
# cd yaml-0.1.5
# ./configure --prefix=/usr/local/
# make && make install
# wget https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.11.tar.gz --no-check-certificate # tar zvxf PyYAML-3.11.tar.gz
# cd PyYAML-3.11
# python setup.py install
(3)、Jinja2模块安装
# wget https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.7.3.tar.gz --no-check-certificate
# tar zvxf Jinja2-2.7.3.tar.gz
# cd Jinja2-2.7.3
# python setup.py install
(4)、paramiko模块安装
# wget https://pypi.python.org/packages/source/p/paramiko/paramiko-1.15.1.tar.gz --no-check-certificate # tar zvxf paramiko-1.15.1.tar.gz
# cd paramiko-1.15.1
# python setup.py install
2.安装ansible
# wget http://releases.ansible.com/ansible/ansible-1.7.2.tar.gz
# tar zvxf ansible-1.7.2.tar.gz# cd ansible-1.7.2/
# python setup.py install
3.配置免密钥登录
(1)生成秘钥
[root@zhaojia ~]# cd ~/.ssh/
[root@zhaojia .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): (保存路径空)
Enter passphrase (empty for no passphrase): (ssh密码空)
Enter same passphrase again: (ssh密码空)
(2)将公钥传输到被管理机
[root@zhaojia .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.233.124
(3)测试免密钥登录
[root@zhaojia .ssh]# ssh root@192.168.233.124 Last login: Wed Nov 23 10:09:58 2016 from 192.168.233.1
[root@zhaojia ~]# exit
logout
Connection to 192.168.233.124 closed.
4. 配置ansible
(1) 创建ansible目录,将生成的ansible.cfg、hosts 文件拷贝到此目录
[root@zhaojia ]# mkdir /etc/ansible/
[root@zhaojia ]# cd examples/
[root@zhaojia examples]# cp ansible.cfg hosts /etc/ansible/
(2)设置环境变量
[root@zhaojia examples]# export ANSIBLE_SUDO_USER=root
(3)修改配置文件相应参数
[root@zhaojia examples]# cd /etc/ansible/
[root@zhaojia ansible]# vim ansible.cfg
14 inventory = /etc/ansible/hosts
15 library = /usr/share/ansible
18 forks = 5
20 sudo_user = root
24 remote_port = 22
39 host_key_checking = False
48 timeout = 60
56 log_path = /var/log/ansible.log
(4)查看版本
[root@zhaojia ansible]# ansible --version
ansible 1.7.2
5. 添加主机并测试
(1) 添加host
[root@zhaojia ansible]# vim hosts ......省略以上
[test]
192.168.233.124
(2)测试主机连通性
[root@zhaojia ansible]# ansible test -m ping 192.168.233.124 | success >> {
"changed": false,
"ping": "pong"
}
shell模块
[root@zhaojia ansible]# ansible test -m shell -a ‘/bin/echo hello ansible!‘ -i hosts 192.168.233.124 | success | rc=0 >>
hello ansible!
command模块
[root@zhaojia ansible]# ansible test -m command -a ‘/bin/echo hello ansible!‘ -i hosts 192.168.233.124 | success | rc=0 >>
hello ansible!
copy文件到.124主机
[root@zhaojia ansible]# ansible test -m copy -a "src=http://www.mamicode.com/root/history dest=/root mode=655" 192.168.233.124 | success >> {
"changed": true,
"dest": "/root/history",
"gid": 0,
"group": "root",
"md5sum": "2e88c32c0c8c54869253563dfcfb90e9",
"mode": "0655",
"owner": "root",
"path": "/root/history",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 78415,
"state": "file",
"uid": 0
}
修改所传文件history所属主
[root@zhaojia ansible]# ansible test -m file -a "path=/root/history owner=centos"
192.168.233.124 | success >> {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0655",
"owner": "centos",
"path": "/root/history",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 78415,
"state": "file",
"uid": 1001
}
————————————————————————————————————
被管理机:192.168.233.124
[root@server ~]# ls -l
-rw-------. 1 root root 1263 8月 9 18:01 anaconda-ks.cfg
-rw-r-xr-x. 1 centos root 78415 11月 28 14:38 history
在存在的目录/test下创建新文件1.txt [state 定义目标状态]
[root@zhaojia ansible]# ansible test -m file -a "path=/test/1.txt state=directory" 192.168.233.124 | success >> {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/test/1.txt",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
每五分钟同步一次时间
[root@zhaojia ansible]# ansible test -m cron -a "minute=‘*/5‘
job=‘/usr/sbin/ntpdate 192.168.233.123 &> /dev/null‘ name=‘sync time‘"
192.168.233.124 | success >> {
"changed": true,
"jobs": [
"sync time"
]
}
—————————————————————————————————————
被管理机:192.168.233.124
[root@server test]# crontab -l
#Ansible: sync time
*/5 * * * * /usr/sbin/ntpdate 192.168.233.123 &> /dev/null
6. 初写playbook
(1) playbook都以.yaml结尾
[root@zhaojia ~]# vim test.yaml
- hosts: test
remote_user: root
tasks:
- name: copy authorized_keys
copy: src=http://www.mamicode.com/root/.ssh/id_rsa.pub dest=/root/.ssh/authorized_keys
- name: restart iptables
service: name=iptables state=restarted
- name: iptables
shell: iptables -A INPUT -p icmp -j REJECT
- name: iptables
shell: iptables -A INPUT -p tcp -s 192.168.100.1 --dport 22 -j ACCEPT
(2) ansible-playbook 加上文件即可执行
[root@zhaojia ~]# ansible-playbook test.yaml
PLAY [test] *******************************************************************
GATHERING FACTS ***************************************************************
ok: [192.168.233.124]
TASK: [copy authorized_keys] **************************************************
changed: [192.168.233.124]
TASK: [restart iptables] ******************************************************
changed: [192.168.233.124]
TASK: [iptables] **************************************************************
changed: [192.168.233.124]
TASK: [iptables] **************************************************************
changed: [192.168.233.124]
7. 使用playbook安装salt-minion
- hosts: test
remote_user: root
tasks:
- name: copy authorized_keys
template: src=http://www.mamicode.com/~/.ssh/id_rsa.pub
dest=/root/.ssh/authorized_keys
# - name: iptables ##将iptables11行对应内容替换
# shell: sed -i ‘11s/REJECT/ACCEPT/‘ /etc/sysconfig/iptables
- name: backup
shell: cd /etc/yum.repos.d/ && mkdir bak && mv epel.repo yum.repo bak/
- name: Download epel
get_url: url=https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el6.noarch.rpm dest=/etc/yum.repos.d/salt-repo-latest-1.el6.noarch.rpm
- name: Install epel
shell: rpm -ivh /etc/yum.repos.d/salt-repo-latest-1.el6.noarch.rpm creates=/etc/yum.repos.d/salt.repo
- name: Clean cache
shell: yum clean all
- name:
shell: yum makecache
- name: Install salt-minion
yum: name=salt-minion state=latest
- name: copy salt conf file (##拷贝的文件在本机创建好,并改好配置)
copy: src=http://www.mamicode.com/etc/ansible/files/minion dest=/etc/salt/minion
## ALLOW RELATED,ESTABLISHED
- iptables: chain=INPUT ctstate=RELATED,ESTABLISHED jump=ACCEPT
## ALLOW IP
- iptables: chain=INPUT in_interface=eth0 protocol=tcp match=tcp source=192.168.233.124 destination_port=22 jump=ACCEPT
## REJECT icmp
- iptables: chain=INPUT in_interface=eth0 protocol=icmp jump=REJECT
- iptables: chain=FORWARD in_interface=eth0 protocol=icmp jump=REJECT
## REJECT lo
- iptables: chain=INPUT in_interface=lo jump=ACCEPT
- name: save iptables
command: service iptables save
- name: iptables restart
shell: /etc/init.d/iptables restart
可登录到被管理机验证。
本文出自 “一个Linux小白-学习运维” 博客,请务必保留此出处http://zhaojia.blog.51cto.com/12886290/1923407
学习记录: 安装配置自动化工具ansible