前言:
AnsibleWorks成立于2012年,由自动化工具Cobbler及Func的开发者Michael DeHaan创建。其Ansible平台是一个开源的配置及计算机管理平台。可实现多节点的软件部署,执行特定任务并进行配置管理。
Ansible 跟其他IT自动化技术的区别在于其关注点并非配置管理、应用部署或IT流程工作流,而是提供一个统一的界面来协调所有的IT自动化功能,因此 Ansible的系统更加易用,部署更快。受管理的节点无需安装额外的远程控制软件,由平台通过SSH(Secure SHell)对其进行管理,因此十分方便。其模块支持JSON等标准输出格式,可采用任何编程语言重写。
Ansible可以让用户避免编写脚本或代码来管理应用,同时还能搭建工作流实现IT任务的自动化执行。IT自动化可以降低技术门槛及对传统IT的依赖,从而加快项目的交付速度。
ansible有如下优点:
1、轻量级,他不需要去客户端安装agent,更新时,只需要在操作机上进行一次更新即可
2、批量任务执行可以写成脚本,而且不用分发到远程就可以执行
3、使用Python编写的,维护更简单
4、支持sudo
——安装ansible
1)创建ansible用户
[root@node1 ~]# useradd ansible
[root@node1 ~]# passwd ansible
更改用户 ansible 的密码 。
新的 密码:
重新输入新的 密码:
passwd: 所有的身份验证令牌已经成功更新。
2)赋予root权限
[root@node1 ~]# vi /etc/sudoers
ansible ALL=(ALL) NOPASSWD:ALL
3)安装ansible
[root@node1 ~]# yum install PyYAML.x86_64 python-paramiko.noarch python-jinja2.x86_64 python-devel -y
[root@node1 ~]# wget https://pypi.python.org/packages/source/a/ansible/ansible-1.7.2.tar.gz
[root@node1 ~]#wget https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gz
[root@node1 ~]# tar zfxv setuptools-7.0.tar.gz
[root@node1 ~]# cd setuptools-7.0
[root@node1 setuptools-7.0]# python setup.py install
[root@node1 setuptools-7.0]# cd ..
[root@node1 ~]# tar fzvx ansible-1.7.2.tar.gz
[root@node1 ~]# cd ansible-1.7.2
[root@node1 ansible-1.7.2]# python setup.py build
[root@node1 ansible-1.7.2]# python setup.py install
[root@node1 ansible-1.7.2]# mkdir /etc/ansible
[root@node1 ansible-1.7.2]# cp examples/ansible.cfg /etc/ansible/
[root@node1 ansible-1.7.2]# cp examples/hosts /etc/ansible/
4)配置ansible
4)配置ansible
[root@node1 ansible-1.7.2]# vi /etc/ansible/ansible.cfg
hostfile = /etc/ansible/hosts
library = /usr/share/ansible
remote_tmp = $HOME/.ansible/tmp
pattern = *
forks = 5
poll_interval = 15
sudo_user = ansible
#ask_sudo_pass = True
#ask_pass = True
transport = smart
remote_port = 22
module_lang = C
[root@node1 ansible-1.7.2]# vi /etc/ansible/hosts
#server
[localhost]
127.0.0.1
#client
[client]
192.168.253.129
192.168.253.130
192.168.253.131
5)ssh互信
[root@node1 ansible-1.7.2]# su - ansible
[ansible@node1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
dc:c9:ac:d8:46:81:37:72:08:f3:77:06:98:33:cb:5f ansible@node1
The key's randomart image is:
+--[ RSA 2048]----+
| o o. |
| +=o . |
| .=+* o |
| o* OE. |
| .S.= |
| +.. |
| . + |
| . |
| |
+-----------------+
[ansible@node1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_dsa.
Your public key has been saved in /home/ansible/.ssh/id_dsa.pub.
The key fingerprint is:
b3:a6:94:bf:5c:21:a3:c5:8b:74:b8:a5:8c:62:34:d2 ansible@node1
The key's randomart image is:
+--[ DSA 1024]----+
| |
| |
| |
| . o |
|. E o S . |
| o . + X * . |
| o . O + . |
| . . . = . |
| . +. |
+-----------------+
[ansible@node1 ~]$ cd .ssh/
[ansible@node1 .ssh]$ cat *.pub > authorized_keys
[ansible@node1 .ssh]$ chmod -R 700 .
#测试本机互信
[ansible@node1 .ssh]$ ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is fa:73:59:f5:08:95:b2:2e:7f:3e:52:91:8a:e6:47:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.
[ansible@node1 ~]$ exit
logout
Connection to 127.0.0.1 closed.