前言:
AnsibleWorks成立于2012年,由自动化工具Cobbler及Func的开发者Michael DeHaan创建。其Ansible平台是一个开源的配置及计算机管理平台。可实现多节点的软件部署,执行特定任务并进行配置管理。
Ansible 跟其他IT自动化技术的区别在于其关注点并非配置管理、应用部署或IT流程工作流,而是提供一个统一的界面来协调所有的IT自动化功能,因此 Ansible的系统更加易用,部署更快。受管理的节点无需安装额外的远程控制软件,由平台通过SSH(Secure SHell)对其进行管理,因此十分方便。其模块支持JSON等标准输出格式,可采用任何编程语言重写。
Ansible可以让用户避免编写脚本或代码来管理应用,同时还能搭建工作流实现IT任务的自动化执行。IT自动化可以降低技术门槛及对传统IT的依赖,从而加快项目的交付速度。
ansible有如下优点:
1、轻量级,他不需要去客户端安装agent,更新时,只需要在操作机上进行一次更新即可
2、批量任务执行可以写成脚本,而且不用分发到远程就可以执行
3、使用python编写的,维护更简单
4、支持sudo
——安装ansible
1)创建ansible用户
[root@node1 ~]# useradd ansible
[root@node1 ~]# passwd ansible
更改用户 ansible 的密码 。
新的 密码:
重新输入新的 密码:
passwd: 所有的身份验证令牌已经成功更新。
2)赋予root权限
[root@node1 ~]# vi /etc/sudoers
ansible ALL=(ALL) NOPASSWD:ALL
3)安装ansible
[root@node1 ~]# yum install PyYAML.x86_64 python-paramiko.noarch python-jinja2.x86_64 python-devel -y
[root@node1 ~]# wget https://pypi.python.org/packages/source/a/ansible/ansible-1.7.2.tar.gz
[root@node1 ~]#wget https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gz
[root@node1 ~]# tar zfxv setuptools-7.0.tar.gz
[root@node1 ~]# cd setuptools-7.0
[root@node1 setuptools-7.0]# python setup.py install
[root@node1 setuptools-7.0]# cd ..
[root@node1 ~]# tar fzvx ansible-1.7.2.tar.gz
[root@node1 ~]# cd ansible-1.7.2
[root@node1 ansible-1.7.2]# python setup.py build
[root@node1 ansible-1.7.2]# python setup.py install
[root@node1 ansible-1.7.2]# mkdir /etc/ansible
[root@node1 ansible-1.7.2]# cp examples/ansible.cfg /etc/ansible/
[root@node1 ansible-1.7.2]# cp examples/hosts /etc/ansible/
4)配置ansible
4)配置ansible
[root@node1 ansible-1.7.2]# vi /etc/ansible/ansible.cfg
hostfile = /etc/ansible/hosts
library = /usr/share/ansible
remote_tmp = $HOME/.ansible/tmp
pattern = *
forks = 5
poll_interval = 15
sudo_user = ansible
#ask_sudo_pass = True
#ask_pass = True
transport = smart
remote_port = 22
module_lang = C
[root@node1 ansible-1.7.2]# vi /etc/ansible/hosts
#server
[localhost]
127.0.0.1
#client
[client]
192.168.253.129
192.168.253.130
192.168.253.131
5)ssh互信
[root@node1 ansible-1.7.2]# su - ansible
[ansible@node1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
dc:c9:ac:d8:46:81:37:72:08:f3:77:06:98:33:cb:5f ansible@node1
The key's randomart image is:
+--[ RSA 2048]----+
| o o. |
| +=o . |
| .=+* o |
| o* OE. |
| .S.= |
| +.. |
| . + |
| . |
| |
+-----------------+
[ansible@node1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_dsa.
Your public key has been saved in /home/ansible/.ssh/id_dsa.pub.
The key fingerprint is:
b3:a6:94:bf:5c:21:a3:c5:8b:74:b8:a5:8c:62:34:d2 ansible@node1
The key's randomart image is:
+--[ DSA 1024]----+
| |
| |
| |
| . o |
|. E o S . |
| o . + X * . |
| o . O + . |
| . . . = . |
| . +. |
+-----------------+
[ansible@node1 ~]$ cd .ssh/
[ansible@node1 .ssh]$ cat *.pub > authorized_keys
[ansible@node1 .ssh]$ chmod -R 700 .
#测试本机互信
[ansible@node1 .ssh]$ ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is fa:73:59:f5:08:95:b2:2e:7f:3e:52:91:8a:e6:47:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
[ansible@node1 ~]$ exit
logout
Connection to 127.0.0.1 closed.
6)远程ssh互信配置以及测试
#复制公钥到client
[ansible@node1 .ssh]$ scp authorized_keys [email protected]:
The authenticity of host '192.168.253.129 (192.168.253.129)' can't be established.
RSA key fingerprint is fa:73:59:f5:08:95:b2:2e:7f:3e:52:91:8a:e6:47:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.253.129' (RSA) to the list of known hosts.
[email protected]'s password:
authorized_keys 100% 998 1.0KB/s 00:00
[ansible@node1 .ssh]$ scp authorized_keys [email protected]:
The authenticity of host '192.168.253.130 (192.168.253.130)' can't be established.
RSA key fingerprint is fa:73:59:f5:08:95:b2:2e:7f:3e:52:91:8a:e6:47:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.253.130' (RSA) to the list of known hosts.
[email protected]'s password:
authorized_keys 100% 998 1.0KB/s 00:00
[ansible@node1 .ssh]$ scp authorized_keys [email protected]:
The authenticity of host '192.168.253.131 (192.168.253.131)' can't be established.
RSA key fingerprint is fa:73:59:f5:08:95:b2:2e:7f:3e:52:91:8a:e6:47:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.253.131' (RSA) to the list of known hosts.
[email protected]'s password:
authorized_keys 100% 998 1.0KB/s 00:00
#测试是否互信成功
[ansible@node1 .ssh]$ ssh 192.168.253.129
[ansible@node2 ~]$ mkdir .ssh
[ansible@node2 ~]$ mv authorized_keys .ssh/
[ansible@node2 ~]$ chmod -R 700 .ssh/
[ansible@node1 .ssh]$ ssh 192.168.253.130
[ansible@node3 ~]$ mkdir .ssh
[ansible@node3 ~]$ mv authorized_keys .ssh/
[ansible@node3 ~]$ chmod -R 700 .ssh/
[ansible@node1 .ssh]$ ssh 192.168.253.131
[ansible@node3 ~]$ mkdir .ssh
[ansible@node3 ~]$ mv authorized_keys .ssh/
[ansible@node3 ~]$ chmod -R 700 .ssh/
[ansible@node1 .ssh]$ ssh 192.168.253.129
[ansible@node2 ~]$ exit
logout
Connection to 192.168.253.129 closed.
[ansible@node1 .ssh]$ ssh 192.168.253.130
[ansible@node3 ~]$ exir
-bash: exir: command not found
[ansible@node3 ~]$ exit
logout
Connection to 192.168.253.130 closed.
[ansible@node1 .ssh]$ ssh 192.168.253.131
[ansible@node4 ~]$ exit
logout
Connection to 192.168.253.131 closed.
——使用ansible
1)使用ping模块测试是否成功
[ansible@node1 ~]$ chmod g-wx,o-wx .python-eggs/
[ansible@node1 ~]$ ansible all -m ping
192.168.253.131 | success >> {
"changed": false,
"ping": "pong"
}
192.168.253.129 | success >> {
"changed": false,
"ping": "pong"
}
192.168.253.130 | success >> {
"changed": false,
"ping": "pong"
}
127.0.0.1 | success >> {
"changed": false,
"ping": "pong"
}
2)查看时间
[ansible@node1 ~]$ ansible all -m command -a "sudo date"
192.168.253.131 | success | rc=0 >>
Thu Nov 20 17:50:09 CST 2014
192.168.253.129 | success | rc=0 >>
Thu Nov 20 17:50:09 CST 2014
192.168.253.130 | success | rc=0 >>
Thu Nov 20 17:50:09 CST 2014
127.0.0.1 | success | rc=0 >>
Thu Nov 20 17:50:09 CST 2014
3)安装软件
#使用yum安装软件
[ansible@node1 ~]$ ansible all -m command -a "sudo yum install zip unzip -y"
192.168.253.131 | success | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
Setting up Install Process
Package zip-3.0-1.el6.x86_64 already installed and latest version
Package unzip-6.0-1.el6.x86_64 already installed and latest version
Nothing to do
#说明��软件之前在每台服务器都已经装过了
192.168.253.129 | success | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.btte.net
* extras: mirrors.btte.net
* updates: mirrors.yun-idc.com
Setting up Install Process
Package zip-3.0-1.el6.x86_64 already installed and latest version
Package unzip-6.0-1.el6.x86_64 already installed and latest version
Nothing to do
192.168.253.130 | success | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
Setting up Install Process
Package zip-3.0-1.el6.x86_64 already installed and latest version
Package unzip-6.0-1.el6.x86_64 already installed and latest version
Nothing to do
127.0.0.1 | success | rc=0 >>
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.yun-idc.com
* extras: mirrors.yun-idc.com
* updates: mirrors.yun-idc.com
Setting up Install Process
Package zip-3.0-1.el6.x86_64 already installed and latest version
Package unzip-6.0-1.el6.x86_64 already installed and latest version
Nothing to do