ansible安装配置及实例
一.简介Ansible(www.ansible.com)更加简洁的自动化运维工具,不需要在客户端上安装agent,基于Python开发。可以实现批量操作系统配置、批量程序的部署、批量运行命令。特点(1)、no agents:不需要在被管控主机上安装任何客户端;
(2)、no server:无服务器端,使用时直接运行命令即可;
(3)、modules in any languages:基于模块工作,可使用任意语言开发模块;
(4)、yaml,not code:使用yaml语言定制剧本playbook;
(5)、ssh by default:基于SSH工作;
(6)、strong multi-tier solution:可实现多级指挥。
优点
(1)、轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可;
(2)、批量任务执行可以写成脚本,而且不用分发到远程就可以执行;
(3)、使用python编写,维护更简单,ruby语法过于复杂;
(4)、支持sudo。二.安装准备
1.准备两台机器 Centos6.7_64,这两台机器都关闭 selinux,清空 iptables 规则并保存。web9:192.168.1.190web10:192.168.1.1912.设置 hostname
1
2
3
# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=web9.gz.com
1
2
3
# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=web10.gz.com
3.
编辑 hosts 文件两台都设置,若机器太多,可以通过搭建 DNS,则不用在每台机器上设置这个
1
2
172.7.15.106 web9.gz.com
172.7.15.111 web10.gz.com
重启一下,关闭防火墙
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# iptables -F
# service iptables save
iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定]
# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
主和从都清空iptables
# iptables -F
主和从都关闭 selinux
# setenforce 0
4.安装
1
2
# yum install -y epel-release
# yum install -y ansible
5、SSH密钥配置
1
2
3
# mkdir /root/.ssh
# chmod 700 /root/.ssh
# ssh-keygen -t rsa
注意:直接回车即可,不用设置密钥密码。这样会在 root 家目录下生成 .ssh 目录,这里面也会生成两个文件 id_rsa 和id_rsa.pub 。
1
2
3
4
5
6
# ls -la /root/.ssh/
总用量 16
drwx------. 2 root root 4096 4月21 23:29 .
dr-xr-x---. 4 root root 4096 4月21 23:29 ..
-rw-------. 1 root root 1671 4月21 23:29 id_rsa
-rw-r--r--. 1 root root398 4月21 23:29 id_rsa.pub
把公钥(id_rsa.pub)内容放到本机和远程客户机的 /root/.ssh/authorized_keys 里面
本机
1
2
3
4
5
# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtr/Fd8ksJQCSMy881mpSB6N7x1kEagF4DrelwK7lli+n w/NRTVXupqecKGLkZSueYLhNHxsVA+07Foopm43yydNijURS/jeMLNav06cKqz6cPx4sVTO7NvKNrkd8 tf7nZqVFxx/IPfTkJP+Ri0+DGQRKehjp3v7CmUAn51qSdZKRXOvPDoDAScZjGfmcEibPinyL8/MbGTRf UfNeFUlMeKcsurb8/AeI83eOIitnzKzHwBumcGFiwjQxo6MqSo03v6CbWbbRBhcimSPDi+LPiOMJK5p6 MfpTRvI6Rd7G0inPjuh4WZYUNZ3EZpV1zICoHpKqSF4rtWlEgPv8M/U6RQ== root@web9.gz.com
# mkdir /root/.ssh
# chmod 600 /root/.ssh
# vim /root/.ssh/authorized_keys
三.验证一下有没有成功
1
2
3
4
5
6
7
8
# ssh web9.gz.com
The authenticity of host 'web9.gz.com (172.7.15.106)' can't be established.
RSA key fingerprint is 67:31:c8:49:f6:17:59:88:e3:4a:61:a8:2b:44:20:55.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'web9.gz.com,172.7.15.106' (RSA) to the list of known hosts.
root@web9.gz.com's password:
Last login: Thu Apr 21 23:13:04 2016 from 172-7-15-100.lightspeed.chrlnc.sbcglobal.net
#
如果提示-bash:ssh:command not found 得安装 yum install -y openssh-clients
退出
1
2
# logout
Connection to web9.gz.com closed.
页:
[1]