CentOS/Ubuntu安装配置集群管理工具Ansible的过程, 记录一下.
1, 安装
yum install ansible #CentOS6请先安装epel #Ubuntu的安装(从Ubuntu官方的源里安装的大概是1.4的版本,非常古老,这里我们启用其它的源) sudo apt-get install software-properties-common sudo apt-add-repository ppa:ansible/ansible sudo apt-get update sudo apt-get install ansible
2, 配置
vim ansible.cfg #主配置文件, 修改如下选项 host_key_checking = False #ask_sudo_pass = True //每次在本机执行ansible命令是否询问ssh密码 #ask_pass = True //每次在本机执行ansible命令时是否询问sudo密码 log_path = /var/log/ansible.log executable = /bin/bash remote_tmp = /tmp/.ansible/tmp #如果远程调用的命令需要sudo命令提权,需要开启如下几项 #以下几项在ansible1.9版本以后才有,请先运行ansible --version确定下版本 [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False
需要注意的是,ansible的配置文件并非只有这一个,ansible执行的时候会按照以下顺序查找配置项
ANSIBLE_CONFIG(环境变量)
ansible.cfg(位于当前目录中)
~/.ansible.cfg(位于家目录中)
/etc/ansible/ansible.cfg
3, 写入主机列表
vim /etc/ansible/hosts [dev] 192.168.32.39 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.32.41 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.32.42 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.32.44 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.32.144 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD [conv] 192.168.34.20 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.22 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.23 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.24 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.25 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.26 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.27 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.34 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.35 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.36 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.37 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.38 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD 192.168.34.124 ansible_ssh_user=USERNAME ansible_ssh_pass=PASSWORD ansible_sudo_pass=PASSWORD
4, 测试
然后可以调用一下ansible命令测试一下 ansible dev -m shell -a 'uptime' ansible dev -m shell -a 'sudo uptime'
可能遇到的错误:
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host’s fingerprint to your known_hosts file to manage this host.
解决办法:
修改ansible.cfg, 找到host_key_checking项, 改成False, 或者在ssh_args配置项后面添加”-o StrictHostKeyChecking=no”.
可能遇到的错误:
failed to resolve remote temporary directory from ansible-tmp-1470207846.63-257290492417275: `( umask 77 && mkdir -p “` echo $HOME/.ansible/tmp/ansible-tmp-XXXXXXXXX `” )` returned empty string
解决办法:
使用本机的ssh登陆到第一个出错的server上再退出就好了.
5, 高级用法
假设只安装了ansible(即只运行了yum install ansible)的情况下, 手头有一批机器需要紧急处理, 怎么办呢? 我们不需要去执行本文中的第2步(即不需要对ansible进行任何配置), 即可以操作.
只有主机列表的情况下
cat host [list1] 192.168.121.128 192.168.121.135
使用方法
export ANSIBLE_HOST_KEY_CHECKING=False ansible -i ./host list1 -m shell -e \ 'ansible_connection=ssh ansible_user=root ansible_ssh_pass=111111' \ -a 'uptime' ansible -i ./host list1 -m shell -e \ 'ansible_connection=ssh ansible_user=bear ansible_ssh_pass=111111 \ ansible_become=true ansible_become_method=sudo ansible_sudo_user=root ansible_sudo_pass=111111' \ -a 'sudo uptime' ansible -i ./host list1 -m shell -e \ 'ansible_connection=ssh ansible_user=bear ansible_ssh_pass=111111 \ ansible_become=true ansible_become_method=su ansible_su_user=root ansible_su_pass=111111' \ -a 'sudo uptime' 推荐兼容又简单的写法: ansible -i ./host list1 -m shell -e \ 'ansible_connection=ssh ansible_user=bear ansible_ssh_pass=111111 \ ansible_become=true ansible_become_user=root ansible_become_pass=111111' \ -a 'sudo uptime'
参数解释(更多参考这里):
ansible_become: 等同于ansible_sudo或者ansible_su, 允许使用su或者sudo提升超级管理员权限;
ansible_become_method: 指定是使用su或者sudo,可以省略;
ansible_become_user: 等同于ansible_sudo_user或者ansible_su_user;
ansible_become_pass: 等同于ansible_sudo_pass或者ansible_su_pass;
附: Ansible常用命令
# 检查主机连接 ansible caoguo -m ping # 执行远程命令 ansible caoguo -m command -a 'uptime' # 执行主控端脚本 ansible caoguo -m script -a '/etc/ansible/script/test.sh' # 执行远程主机的脚本 ansible caoguo -m shell -a 'ps aux|grep zabbix' # 类似shell ansible caoguo -m raw -a "ps aux|grep zabbix|awk '{print \$2}'" # 创建软链接 # ansible caoguo -m file -a "src=/etc/resolv.conf dest=/tmp/resolv.conf state=link" # 删除软链接 ansible caoguo -m file -a "path=/tmp/resolv.conf state=absent" # 复制文件到远程服务器 ansible caoguo -m copy -a "src=/etc/ansible/ansible.cfg dest=/tmp/ansible.cfg owner=root group=root mode=0644"
参考文档:
http://www.tuicool.com/articles/AZVJ3qQ
http://www.361way.com/ansible-cfg/4401.html
http://www.361way.com/ansible-su/4882.html
http://qiita.com/toshiro3/items/e380ac6c4e31e7588e19
http://docs.ansible.com/ansible/intro_inventory.html