https://galaxy.ansible.com/ 在线playbook分享平台 安装控制机准备: python2.6或者以上 paramiko模块 PyYAML Jinja2 httplib2 控制机的系统版本可以是:RedHat Debian CentOS OSX BSD等 查看被管节点如果类UNIX系统,则需要Python2.4或者以上版本 如果是windows ,则需要PowerShell3.0并且授权远程管理 安装Ansible 1.从GItHUb安装 提取Ansible代码 git clone git://gihub.com/ansible/ansible.git --recursive cd ./ansible sourece ./hacking/env-setup -q 2.若没有安装pip,先安装对应python版本的pip sudo easy_install pip 3.安装Ansible控制机需要的python模块 sudo pip install paramiko PyYAML Jinja2 httplib2 six 4.当更新Ansible版本时候,不但要更新git的源码树,还要更新git中指向Ansible自身的模块,称为submoudles git pull --rebase git submoduble update --init --recursive 5.一旦运行env-setup 脚本,就意味着Ansible从源码中运行起来了!默认的资源清单inventory文件是/etc/ansible/hosts 这样,Ansible系统就安装完成了。 Tar包安装方式跟源码安装一样,只是源代码获取方式不同 制作rpm包安装 git clone git://gihub.com/ansible/ansible.git cd ./ansible make rpm sudo rpm -Uvh ~ /rpmbuild/ansible-*.noarch.rpm Yum安装方式 rpm -Uvh http://mirrors.zju.edu.cn/epel/6/i386/epel-release-6-8.noarch.rpm rpm -Uvh http://mirrors.zju.edu.cn/epel/6/x86_64/epel-release-6-8.noarch.rpm sudo yum install ansible pip方式安装 sudo easy_install pip sudo pip install ansible 配置Ansbile环境、 使用环境变量方式配置 export ANSIBLE_SUDO_USER=root 设置ansible.cfg配置参数 inventory=/etc/ansible/hosts library=/usr/share/ansible forks=5 sudo_user=root remote_port=22 host_key_checking=false 是否用公钥认证 timeout=60 log_path=/var/log/ansible.log/ansible 配置Linux主机ssh无密码访问 在控制机上创建密钥,执行ssh-keygen -t rsa 有询问直接按”回车“,将在/root/.ssh下面生成一对密钥。 其中id_rsa为私钥,id_rsa.pub为公钥 代码如下: # ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory ‘/root/.ssh‘. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: e0:54:fa:ad:ef:7a:a6:03:8e:3a:b8:96:af:3d:36:38 root@Server128 The key‘s randomart image is: +--[ RSA 2048]----+ | . | | o | | + | | o o . | | . S . | | . . | | .o o .. | |.Eo+. . ..o | |oo*=o oBo | +-----------------+ 把id_rsa.pub发到被管节点上用户下的.ssh目录,并且重命名authorized_keys,权限为400 # ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.37.128 The authenticity of host ‘192.168.37.128 (192.168.37.128)‘ can‘t be established. RSA key fingerprint is 3b:3e:2c:83:d1:cc:0e:6f:da:85:d6:fb:35:08:02:cb. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘192.168.37.128‘ (RSA) to the list of known hosts. root@192.168.37.129‘s password: Now try logging into the machine, with "ssh ‘root@192.168.37.129‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. SSH登录结果: # ssh root@192.168.37.128 Last login: Fri Dec 16 22:06:42 2016 from 192.168.37.1 查看ansible版本 [root@Agent129 ~]# ansible --version ansible 2.2.0.0 config file = /etc/ansible/ansible.cfg configured module search path = Default w/o overrides 主机连通测试 1.修改/etc/ansible/hosts,格式为ini 添加agent129的IP,同时定义一个webservers组包含这个IP ## green.example.com 192.168.37.128 # Ex 2: A collection of hosts belonging to the ‘webservers‘ group [webservers] 192.168.37.128 然后用ping模块对主机ping [root@Server129 ~]# ansible 192.168.37.128 -m ping 192.168.37.128 | SUCCESS => { "changed": false, "ping": "pong" } 主机连通成功 在被管节点上批量执行命令 用Ansible的shell模块中webservers的各服务器上显示”hello world“ [root@Server129 ~]# ansible webservers -m shell -a ‘/bin/echo hello world‘ -i /etc/ansible/hosts 192.168.37.128 | SUCCESS | rc=0 >> hello world 也可以自己建一个资源清单文件:inventory.cfg [root@Server129 ansible]# ansible webservers -m shell -a ‘/bin/echo hello world‘ -i /etc/ansible/hosts 192.168.37.128 | SUCCESS | rc=0 >> hello world [root@Server129 ansible]# ansible webservers -m command -a ‘/bin/echo hello world‘ -i /etc/ansible/hosts 192.168.37.128 | SUCCESS | rc=0 >> hello world 获取帮助信息 [root@Server129 ansible]# ansible-doc -h Usage: ansible-doc [options] [module...] Options: -h, --help show this help message and exit -l, --list List available modules -M MODULE_PATH, --module-path=MODULE_PATH specify path(s) to module library (default=None) -s, --snippet Show playbook snippet for specified module(s) -v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging) --version show program‘s version number and exit [root@Server129 ansible]# ansible-doc -l [DEPRECATION WARNING]: docker is kept for backwards compatibility but usage is discouraged. The module documentation details page may explain more about this rationale.. This feature will be removed in a future release. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [ERROR]: unable to parse /usr/lib/python2.6/site-packages/ansible/modules/extras/cloud/misc/rhevm.py ERROR! module rhevm has a documentation error formatting or is missing documentation 解决方法: [root@Server129 ansible]# sed -i ‘s/^#deprecation_warnings = True/deprecation_warnings = False/‘ /etc/ansible/ansible.cfg [root@Server129 ansible]# rm -f /usr/lib/python2.6/site-packages/ansible/modules/extras/cloud/misc/rhevm.py Ansible调试获取执行过程详细信息 [root@Server129 ansible]# ansible webservers -i inventory.cfg -m ping -vvv Using /etc/ansible/ansible.cfg as config file Using module file /usr/lib/python2.6/site-packages/ansible/modules/core/system/ping.py <192.168.37.128> ESTABLISH CONNECTION FOR USER: None on PORT 22 TO 192.168.37.128 <192.168.37.128> EXEC /bin/sh -c ‘( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1481957126.9-135770071402856 `" && echo ansible-tmp-1481957126.9-135770071402856="` echo $HOME/.ansible/tmp/ansible-tmp-1481957126.9-135770071402856 `" ) && sleep 0‘ <192.168.37.128> PUT /tmp/tmpnPQrrc TO /root/.ansible/tmp/ansible-tmp-1481957126.9-135770071402856/ping.py <192.168.37.128> EXEC /bin/sh -c ‘chmod u+x /root/.ansible/tmp/ansible-tmp-1481957126.9-135770071402856/ /root/.ansible/tmp/ansible-tmp-1481957126.9-135770071402856/ping.py && sleep 0‘ <192.168.37.128> EXEC /bin/sh -c ‘/usr/bin/python /root/.ansible/tmp/ansible-tmp-1481957126.9-135770071402856/ping.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1481957126.9-135770071402856/" > /dev/null 2>&1 && sleep 0‘ 192.168.37.128 | SUCCESS => { "changed": false, "invocation": { "module_args": { "data": null }, "module_name": "ping" }, "ping": "pong" }
原文:http://liangey.blog.51cto.com/9097868/1883602