學習記錄: 安裝配置自動化工具ansible
學習記錄: 安裝配置ansible
更新日期: 2016-11-30
系統環境 :centos6.5
本機ip :192.168.233.123
被管理機ip :192.168.233.124
—————————————————————————————————————
py版本 : 默認python2.6
ansible版本:ansible 1.7.2
ansible參數:
-m 模塊名(執行命令)
-a 模塊參數
-i 目錄清單(/etc/ansible/hosts)
ansible-doc -l 顯示所有自帶模塊
1.安裝相關模塊
(1)、setuptools模塊安裝
# wget https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gz --no-check-certificate
# tar zvxf setuptools-7.0.tar.gz
# cd setuptools-7.0
# python setup.py install
(2)、PyYAML模塊安裝
# wget http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gz
# tar zvxf yaml-0.1.5.tar.gz
# cd yaml-0.1.5
# ./configure --prefix=/usr/local/
# make && make install
# wget https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.11.tar.gz --no-check-certificate # tar zvxf PyYAML-3.11.tar.gz
# cd PyYAML-3.11
# python setup.py install
(3)、Jinja2模塊安裝
# wget https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.7.3.tar.gz --no-check-certificate
# tar zvxf Jinja2-2.7.3.tar.gz
# cd Jinja2-2.7.3
# python setup.py install
(4)、paramiko模塊安裝
# wget https://pypi.python.org/packages/source/p/paramiko/paramiko-1.15.1.tar.gz --no-check-certificate # tar zvxf paramiko-1.15.1.tar.gz
# cd paramiko-1.15.1
# python setup.py install
2.安裝ansible
# wget http://releases.ansible.com/ansible/ansible-1.7.2.tar.gz
# tar zvxf ansible-1.7.2.tar.gz# cd ansible-1.7.2/
# python setup.py install
3.配置免密鑰登錄
(1)生成秘鑰
[[email protected] ~]# cd ~/.ssh/
[[email protected] .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): (保存路徑空)
Enter passphrase (empty for no passphrase): (ssh密碼空)
Enter same passphrase again: (ssh密碼空)
(2)將公鑰傳輸到被管理機
[[email protected] .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
(3)測試免密鑰登錄
[[email protected] .ssh]# ssh [email protected] Last login: Wed Nov 23 10:09:58 2016 from 192.168.233.1
[[email protected] ~]# exit
logout
Connection to 192.168.233.124 closed.
4. 配置ansible
(1) 創建ansible目錄,將生成的ansible.cfg、hosts 文件拷貝到此目錄
[[email protected] ]# mkdir /etc/ansible/
[[email protected] ]# cd examples/
[[email protected] examples]# cp ansible.cfg hosts /etc/ansible/
(2)設置環境變量
[[email protected] examples]# export ANSIBLE_SUDO_USER=root
(3)修改配置文件相應參數
[[email protected] examples]# cd /etc/ansible/
[[email protected] ansible]# vim ansible.cfg
14 inventory = /etc/ansible/hosts
15 library = /usr/share/ansible
18 forks = 5
20 sudo_user = root
24 remote_port = 22
39 host_key_checking = False
48 timeout = 60
56 log_path = /var/log/ansible.log
(4)查看版本
[[email protected] ansible]# ansible --version
ansible 1.7.2
5. 添加主機並測試
(1) 添加host
[[email protected] ansible]# vim hosts ......省略以上
[test]
192.168.233.124
(2)測試主機連通性
[[email protected] ansible]# ansible test -m ping 192.168.233.124 | success >> {
"changed": false,
"ping": "pong"
}
shell模塊
[[email protected] ansible]# ansible test -m shell -a ‘/bin/echo hello ansible!‘ -i hosts 192.168.233.124 | success | rc=0 >>
hello ansible!
command模塊
[[email protected] ansible]# ansible test -m command -a ‘/bin/echo hello ansible!‘ -i hosts 192.168.233.124 | success | rc=0 >>
hello ansible!
copy文件到.124主機
[[email protected] ansible]# ansible test -m copy -a "src=/root/history dest=/root mode=655" 192.168.233.124 | success >> {
"changed": true,
"dest": "/root/history",
"gid": 0,
"group": "root",
"md5sum": "2e88c32c0c8c54869253563dfcfb90e9",
"mode": "0655",
"owner": "root",
"path": "/root/history",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 78415,
"state": "file",
"uid": 0
}
修改所傳文件history所屬主
[[email protected] ansible]# ansible test -m file -a "path=/root/history owner=centos"
192.168.233.124 | success >> {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0655",
"owner": "centos",
"path": "/root/history",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 78415,
"state": "file",
"uid": 1001
}
————————————————————————————————————
被管理機:192.168.233.124
[[email protected] ~]# ls -l
-rw-------. 1 root root 1263 8月 9 18:01 anaconda-ks.cfg
-rw-r-xr-x. 1 centos root 78415 11月 28 14:38 history
在存在的目錄/test下創建新文件1.txt [state 定義目標狀態]
[[email protected] ansible]# ansible test -m file -a "path=/test/1.txt state=directory" 192.168.233.124 | success >> {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/test/1.txt",
"secontext": "unconfined_u:object_r:default_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
每五分鐘同步一次時間
[[email protected] ansible]# ansible test -m cron -a "minute=‘*/5‘
job=‘/usr/sbin/ntpdate 192.168.233.123 &> /dev/null‘ name=‘sync time‘"
192.168.233.124 | success >> {
"changed": true,
"jobs": [
"sync time"
]
}
—————————————————————————————————————
被管理機:192.168.233.124
[[email protected] test]# crontab -l
#Ansible: sync time
*/5 * * * * /usr/sbin/ntpdate 192.168.233.123 &> /dev/null
6. 初寫playbook
(1) playbook都以.yaml結尾
[[email protected] ~]# vim test.yaml
- hosts: test
remote_user: root
tasks:
- name: copy authorized_keys
copy: src=/root/.ssh/id_rsa.pub dest=/root/.ssh/authorized_keys
- name: restart iptables
service: name=iptables state=restarted
- name: iptables
shell: iptables -A INPUT -p icmp -j REJECT
- name: iptables
shell: iptables -A INPUT -p tcp -s 192.168.100.1 --dport 22 -j ACCEPT
(2) ansible-playbook 加上文件即可執行
[[email protected] ~]# ansible-playbook test.yaml
PLAY [test] *******************************************************************
GATHERING FACTS ***************************************************************
ok: [192.168.233.124]
TASK: [copy authorized_keys] **************************************************
changed: [192.168.233.124]
TASK: [restart iptables] ******************************************************
changed: [192.168.233.124]
TASK: [iptables] **************************************************************
changed: [192.168.233.124]
TASK: [iptables] **************************************************************
changed: [192.168.233.124]
7. 使用playbook安裝salt-minion
- hosts: test
remote_user: root
tasks:
- name: copy authorized_keys
template: src=~/.ssh/id_rsa.pub
dest=/root/.ssh/authorized_keys
# - name: iptables ##將iptables11行對應內容替換
# shell: sed -i ‘11s/REJECT/ACCEPT/‘ /etc/sysconfig/iptables
- name: backup
shell: cd /etc/yum.repos.d/ && mkdir bak && mv epel.repo yum.repo bak/
- name: Download epel
get_url: url=https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el6.noarch.rpm dest=/etc/yum.repos.d/salt-repo-latest-1.el6.noarch.rpm
- name: Install epel
shell: rpm -ivh /etc/yum.repos.d/salt-repo-latest-1.el6.noarch.rpm creates=/etc/yum.repos.d/salt.repo
- name: Clean cache
shell: yum clean all
- name:
shell: yum makecache
- name: Install salt-minion
yum: name=salt-minion state=latest
- name: copy salt conf file (##拷貝的文件在本機創建好,並改好配置)
copy: src=/etc/ansible/files/minion dest=/etc/salt/minion
## ALLOW RELATED,ESTABLISHED
- iptables: chain=INPUT ctstate=RELATED,ESTABLISHED jump=ACCEPT
## ALLOW IP
- iptables: chain=INPUT in_interface=eth0 protocol=tcp match=tcp source=192.168.233.124 destination_port=22 jump=ACCEPT
## REJECT icmp
- iptables: chain=INPUT in_interface=eth0 protocol=icmp jump=REJECT
- iptables: chain=FORWARD in_interface=eth0 protocol=icmp jump=REJECT
## REJECT lo
- iptables: chain=INPUT in_interface=lo jump=ACCEPT
- name: save iptables
command: service iptables save
- name: iptables restart
shell: /etc/init.d/iptables restart
可登錄到被管理機驗證。
本文出自 “一個Linux小白-學習運維” 博客,請務必保留此出處http://zhaojia.blog.51cto.com/12886290/1923407
學習記錄: 安裝配置自動化工具ansible