CentOS/Ubuntu安装配置集群管理工具Ansible

CentOS/Ubuntu安装配置集群管理工具Ansible的过程, 记录一下.

1, 安装

yum install ansible    #CentOS6请先安装epel

#Ubuntu的安装(从Ubuntu官方的源里安装的大概是1.4的版本,非常古老,这里我们启用其它的源)
sudo apt-get install software-properties-common
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible

2, 配置

vim ansible.cfg    #主配置文件, 修改如下选项
host_key_checking = False
#ask_sudo_pass = True      //每次在本机执行ansible命令是否询问ssh密码
#ask_pass      = True      //每次在本机执行ansible命令时是否询问sudo密码
log_path = /var/log/ansible.log
executable = /bin/bash
remote_tmp     = /tmp/.ansible/tmp

#如果远程调用的命令需要sudo命令提权,需要开启如下几项
#以下几项在ansible1.9版本以后才有,请先运行ansible --version确定下版本
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False


需要注意的是,ansible的配置文件并非只有这一个,ansible执行的时候会按照以下顺序查找配置项
ANSIBLE_CONFIG(环境变量)
ansible.cfg(位于当前目录中)
~/.ansible.cfg(位于家目录中)
/etc/ansible/ansible.cfg

3, 写入主机列表

vim /etc/ansible/hosts
[dev]
192.168.32.39 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.32.41 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.32.42 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.32.44 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.32.144 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD

[conv]
192.168.34.20 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.22 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.23 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.24 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.25 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.26 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.27 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.34 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.35 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.36 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.37 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.38 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
192.168.34.124 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD

4, 测试

然后可以调用一下ansible命令测试一下
ansible dev -m shell -a 'uptime'
ansible dev -m shell -a 'sudo uptime'

可能遇到的错误:
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host’s fingerprint to your known_hosts file to manage this host.

解决办法:
修改ansible.cfg, 找到host_key_checking项, 改成False, 或者在ssh_args配置项后面添加”-o StrictHostKeyChecking=no”.

可能遇到的错误:
failed to resolve remote temporary directory from ansible-tmp-1470207846.63-257290492417275: `( umask 77 && mkdir -p “` echo $HOME/.ansible/tmp/ansible-tmp-XXXXXXXXX `” )` returned empty string

解决办法:
使用本机的ssh登陆到第一个出错的server上再退出就好了.

5, 高级用法
假设只安装了ansible(即只运行了yum install ansible)的情况下, 手头有一批机器需要紧急处理, 怎么办呢? 我们不需要去执行本文中的第2步(即不需要对ansible进行任何配置), 即可以操作.
只有主机列表的情况下

cat host 
[list1]
192.168.121.128
192.168.121.135

使用方法

export ANSIBLE_HOST_KEY_CHECKING=False

ansible -i ./host list1 -m shell -e \
'ansible_connection=ssh ansible_user=root ansible_ssh_pass=111111' \
-a 'uptime'

ansible -i ./host list1 -m shell -e \
'ansible_connection=ssh ansible_user=bear ansible_ssh_pass=111111 \ 
ansible_become=true ansible_become_method=sudo ansible_sudo_user=root ansible_sudo_pass=111111' \
-a 'sudo uptime'

ansible -i ./host list1 -m shell -e \
'ansible_connection=ssh ansible_user=bear ansible_ssh_pass=111111 \
ansible_become=true ansible_become_method=su ansible_su_user=root ansible_su_pass=111111' \
-a 'sudo uptime'

推荐兼容又简单的写法:
ansible -i ./host list1 -m shell -e \
'ansible_connection=ssh ansible_user=bear ansible_ssh_pass=111111 \
ansible_become=true ansible_become_user=root ansible_become_pass=111111' \
-a 'sudo uptime'

参数解释(更多参考这里):
ansible_become: 等同于ansible_sudo或者ansible_su, 允许使用su或者sudo提升超级管理员权限;
ansible_become_method: 指定是使用su或者sudo,可以省略;
ansible_become_user: 等同于ansible_sudo_user或者ansible_su_user;
ansible_become_pass: 等同于ansible_sudo_pass或者ansible_su_pass;

附: Ansible常用命令

# 检查主机连接
ansible caoguo -m ping

# 执行远程命令
ansible caoguo -m command -a 'uptime'

# 执行主控端脚本
ansible caoguo -m script -a '/etc/ansible/script/test.sh'

# 执行远程主机的脚本
ansible caoguo -m shell -a 'ps aux|grep zabbix'

# 类似shell
ansible caoguo -m raw -a "ps aux|grep zabbix|awk '{print \$2}'"

# 创建软链接
# ansible caoguo -m file -a "src=/etc/resolv.conf dest=/tmp/resolv.conf state=link"

# 删除软链接
ansible caoguo -m file -a "path=/tmp/resolv.conf state=absent"

# 复制文件到远程服务器
ansible caoguo -m copy -a "src=/etc/ansible/ansible.cfg dest=/tmp/ansible.cfg owner=root group=root mode=0644"

参考文档:
http://www.tuicool.com/articles/AZVJ3qQ
http://www.361way.com/ansible-cfg/4401.html
http://www.361way.com/ansible-su/4882.html
http://qiita.com/toshiro3/items/e380ac6c4e31e7588e19
http://docs.ansible.com/ansible/intro_inventory.html

发表评论

您的电子邮箱地址不会被公开。