本文参考 《Ansible 自动化运维和最佳实践》,这两天刚读这本书,写写总结。主控机环境是 centos 7,被控机均是 centos 6.8 。
确保 python 版本大于 2.6
[root@localhost ~]# python
Python 2.7.5 (default, Nov 20 2015, 02:00:19)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
1、源码安装
可以从 github 下载源码后安装
cd /data1 git clone git://github.com/ansible/ansible.git --recursive cd ./ansible easy_install pip yum -y install gcc gcc-c++ autoconf pip install paramiko PyYAML Jinja2 httplib2 six source ./hacking/env-setup
如果 github更新版本则需要更新 git 源码树和 git 中的 submodules,该模块是指向 Ansible 自身的模块
重启系统后可能会发现 ansible 命令出问题,这时候需要再次 source,暂时不知道怎么解决,推荐大家使用 yum 源安装。
2、yum 源安装 (推荐)
以下是 EPEL 的浙江大学 yum 源地址,经常更新,如果找不到则直接往上级目录找
- RHEL(centos 5)
rpm -Uvh http://mirrors.zju.edu.cn/epel/5/x86_64/epel-release-5-4.noarch.rpm
- RHEL(centos 6)
rpm -Uvh http://mirrors.zju.edu.cn/epel/6/x86_64/epel-release-6-8.noarch.rpm
- RHEL(centos 7)
rpm -Uvh http://mirrors.zju.edu.cn/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
# yum clean all
# yum update -y
yum install ansible -y
yum 源更新一般会比较久,请耐心等待,如果不更新可能会遇到其他问题。
如果 rpm 安装错了,例如 centos6 安装了 centos7 的 yum 源, 则会出现 Error: xz compression not available 的错误,需要先卸载
yum remove epel-release
rm -rf /var/cache/yum/x86_64/6/epel/
然后重新执行正确命令
yum 源安装可能会导致 ansible 安装的路径是在 python2.6 下,如果是这种情况则可以将 python2.6/site-packages/ 中的 ansible 和 ansible-2.2.1.0-py2.6.egg-info/ 复制到 python2.7/site-packages/ 目录下,并修改 /usr/bin/ansible* 的 python 路径为 2.7,删掉 2.6 下的原来目录即可
3、验证版本
[root@localhost ansible]# ansible --version
ansible 2.3.0 (devel 72c96b3ac3) last updated 2017/03/04 12:07:12 (GMT +800)
config file =
configured module search path = Default w/o overrides
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
4、配置文件 ansible.cfg
如果通过 yum 安装或者 pip 安装,那么 ansible.cfg 存放在 /etc/ansible 目录下,如果通过 github 安装则在仓库中的 examples 目录下找到 ansible.cfg 然后拷贝到 /etc/ansible 目录下即可
[defaults]
# some basic default values...
inventory = /etc/ansible/hosts
library = /usr/share/my_modules/
module_utils = /usr/share/my_module_utils/
remote_tmp = ~/.ansible/tmp
local_tmp = ~/.ansible/tmp
forks = 5
poll_interval = 15
sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
transport = smart
remote_port = 22
module_lang = C
module_set_locale = False
log_path = /var/log/ansible.log
host_key_checking = True
[root@localhost examples]# ansible --version
ansible 2.3.0 (devel 72c96b3ac3) last updated 2017/03/04 12:07:12 (GMT +800)
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/usr/share/my_modules/']
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
这时候发现 config file 已经有值了
5、配置 inventory
在步骤 [4] 中已经配置了 inventory = /etc/ansible/hosts,所以在主控机编写配置如下
[root@localhost ~]# vim /etc/ansible/hosts
[webserver]
192.168.34.129
192.168.34.130
6、配置 linux 主机 ssh 无密码访问
如果每台被控机密码都一样则没必要完成这一步,可以在命令行上增加 -k password 参数。
首先生成密钥对,然后将 id_rsa.pub 使用 ssh-copy-id 发送到所有的被控机即可。
ssh-keygen /usr/bin/ssh-copy-id [-h|-?|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname
[root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.34.129
The authenticity of host '192.168.34.129 (192.168.34.129)' can't be established.
RSA key fingerprint is 0e:a7:fc:55:fe:91:fa:e8:c5:b6:44:f2:d0:08:a1:8f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.34.129's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.34.129'"
and check to make sure that only the key(s) you wanted were added.