開始日期是今天,我要開始學習使用Ansible
由于种种原因,决定开始使用Ansible。
1. 环境的准备 de
这次,在ConoHa云平台上准备了两台服务器。
一台是Ansible服务器,另一台是另外一台服务器。
2. 安装Ansible
学一出二的说。”
使用命令“yum install -y epel-release”安装EPEL软件包。
# yum install -y epel-release
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: ftp.jaist.ac.jp
* epel: ftp.jaist.ac.jp
* epel-debuginfo: ftp.jaist.ac.jp
* epel-source: ftp.jaist.ac.jp
* extras: ftp.jaist.ac.jp
* updates: ftp.jaist.ac.jp
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-9 will be updated
---> Package epel-release.noarch 0:7-11 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================
Package Arch Version Repository Size
======================================================================================================================
Updating:
epel-release noarch 7-11 epel 15 k
Transaction Summary
======================================================================================================================
Upgrade 1 Package
Total download size: 15 k
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/epel/packages/epel-release-7-11.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for epel-release-7-11.noarch.rpm is not installed
epel-release-7-11.noarch.rpm | 15 kB 00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
Userid : "Fedora EPEL (7) <epel@fedoraproject.org>"
Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
Package : epel-release-7-9.noarch (@extras)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : epel-release-7-11.noarch 1/2
warning: /etc/yum.repos.d/epel.repo created as /etc/yum.repos.d/epel.repo.rpmnew
Cleanup : epel-release-7-9.noarch 2/2
Verifying : epel-release-7-11.noarch 1/2
Verifying : epel-release-7-9.noarch 2/2
Updated:
epel-release.noarch 0:7-11
Complete!
接下来,使用yum命令安装sshpass,命令为: yum -y安装sshpass。
# yum install -y sshpass
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: ftp.jaist.ac.jp
* epel: ftp.jaist.ac.jp
* epel-debuginfo: ftp.jaist.ac.jp
* epel-source: ftp.jaist.ac.jp
* extras: ftp.jaist.ac.jp
* updates: ftp.jaist.ac.jp
Resolving Dependencies
--> Running transaction check
---> Package sshpass.x86_64 0:1.06-2.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================================================================
Package Arch Version Repository Size
======================================================================================================================
Installing:
sshpass x86_64 1.06-2.el7 extras 21 k
Transaction Summary
======================================================================================================================
Install 1 Package
Total download size: 21 k
Installed size: 38 k
Downloading packages:
sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : sshpass-1.06-2.el7.x86_64 1/1
Verifying : sshpass-1.06-2.el7.x86_64 1/1
Installed:
sshpass.x86_64 0:1.06-2.el7
Complete!
最后
# 使用yum安装ansible -y
[root@brighton001 ~]# yum install -y ansible
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: ftp.jaist.ac.jp
* epel: ftp.jaist.ac.jp
* epel-debuginfo: ftp.jaist.ac.jp
* epel-source: ftp.jaist.ac.jp
* extras: ftp.jaist.ac.jp
* updates: ftp.jaist.ac.jp
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.4.1.0-1.el7 will be installed
--> Processing Dependency: python2-jmespath for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-passlib for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-paramiko for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-jinja2 for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-httplib2 for package: ansible-2.4.1.0-1.el7.noarch
--> Processing Dependency: python-cryptography for package: ansible-2.4.1.0-1.el7.noarch
--> Running transaction check
---> Package python-httplib2.noarch 0:0.9.2-1.el7 will be installed
---> Package python-jinja2.noarch 0:2.7.2-2.el7 will be installed
--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-2.el7.noarch
--> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-2.el7.noarch
---> Package python-paramiko.noarch 0:2.1.1-2.el7 will be installed
---> Package python-passlib.noarch 0:1.6.5-2.el7 will be installed
---> Package python2-cryptography.x86_64 0:1.7.2-1.el7_4.1 will be installed
--> Processing Dependency: python-pyasn1 >= 0.1.8 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-ipaddress for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
--> Processing Dependency: libcrypto.so.10(OPENSSL_1.0.2)(64bit) for package: python2-cryptography-1.7.2-1.el7_4.1.x86_64
---> Package python2-jmespath.noarch 0:0.9.0-3.el7 will be installed
--> Running transaction check
---> Package openssl-libs.x86_64 1:1.0.1e-60.el7_3.1 will be updated
--> Processing Dependency: openssl-libs(x86-64) = 1:1.0.1e-60.el7_3.1 for package: 1:openssl-1.0.1e-60.el7_3.1.x86_64
---> Package openssl-libs.x86_64 1:1.0.2k-8.el7 will be an update
---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed
---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed
--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64
---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed
---> Package python-idna.noarch 0:2.4-1.el7 will be installed
---> Package python-ipaddress.noarch 0:1.0.16-2.el7 will be installed
---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed
---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed
--> Running transaction check
---> Package openssl.x86_64 1:1.0.1e-60.el7_3.1 will be updated
---> Package openssl.x86_64 1:1.0.2k-8.el7 will be an update
---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed
--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch
3. 创建用户/组
在Ansible服务器和目标节点上创建ansible用户/组。
# groupadd -g 9001 ansible
# useradd -g 9001 -u 9001 ansible
# passwd ansible
Changing password for user ansible.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
4. 编辑hosts文件
在Ansible服务器和目标节点的hosts文件中,分别填写IP地址和主机名。
5. 注册SSH公钥认证
1. 在Ansible服务器端执行
# su - ansible
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
14:00:ca:ee:e8:40:b1:97:0d:0f:0d:44:12:8a:53:55 ansible@brighton001
The key's randomart image is:
在目标节点上也执行
# su - ansible
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ansible/.ssh/id_rsa):
Created directory '/home/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ansible/.ssh/id_rsa.
Your public key has been saved in /home/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
14:00:ca:ee:e8:40:b1:97:0d:0f:0d:44:12:8a:53:55 ansible@brighton002
The key's randomart image is:
将Ansible服务器的id_rsa.pub文件的内容追加到目标节点的authorized_keys文件中。
6. Ansible主机的更改
在`/etc/ansible/hosts`文件中写入以下内容。
[root@brighton001 ansible]# cp -p hosts hosts.20171219
[root@brighton001 ansible]# ls -l
total 32
-rw-r--r-- 1 root root 19179 Nov 14 22:27 ansible.cfg
-rw-r--r-- 1 root root 1016 Nov 14 22:27 hosts
-rw-r--r-- 1 root root 1016 Nov 14 22:27 hosts.20171219
drwxr-xr-x 2 root root 4096 Nov 14 22:27 roles
[kobatest]
brighton002
7. Ansible测试
进行ansible测试。
[ansible@brighton001 ~]$ ansible kobatest -m ping
brighton002 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}
