使用源码搭建部署开发版本Ansible自动化运维工具,源码ansible


概述+重点

因为Ansible可以很简单的从源码运行,且不必在远程被管理机器上安装任何软件,很多Ansible用户会跟进使用开发版本。

1.Ansible对主机的要求:

目前,只要机器上安装了Python 2.6或Python 2.7(windows系统不可以做控制主机),都可以运行Ansible。

主机的系统可以是Red Hat,Debian,CentOS,OS X,BSD的各种版本,等等。

自2.0版本开始,ansible使用了更多句柄来管理它的子进程,对于OS X系统,你需要增加ulimit值才能使用15个以上子进程,方法sudo launchctl limit maxfiles 1024 2048,否则你可能会看见“太多打开文件“的错误提示。

2.托管对节点的要求

通常我们使用ssh与托管节点通信,默认使用sftp。如果sftp不可用,可在ansible.cfg配置文件中配置成scp的方式。在托管节点上也需要安装Python 2.4或以上的版本。如果版本低于Python 2.5,还需要额外安装一个模块: 

python-simplejson

一、基于源码安装自动化运维管理工具ansible

注意:首先在安装ansible之前检查一下主机是否安装python环境了,如果没有请安装

[root@localhost ~]# python -V
Python 2.7.5
[root@localhost ~]#

1.在Git仓库下载ansible

[root@localhost ~]# git clone git://github.com/ansible/ansible.git --recursive

执行内容:

[root@localhost ~]# git clone git://github.com/ansible/ansible.git --recursive
正克隆到 'ansible'...
remote: Counting objects: 354177, done.
remote: Compressing objects: 100% (103/103), done.
remote: Total 354177 (delta 79), reused 16 (delta 15), pack-reused 354059
接收对象中: 100% (354177/354177), 128.21 MiB | 2.04 MiB/s, done.
处理 delta 中: 100% (224571/224571), done.
Checking out files: 100% (11018/11018), done.
[root@localhost ~]#

2.源码安装ansible

[root@192 ~]# cd ./ansible/
[root@192 ansible]# source ./hacking/env-setup

执行内容:

[root@192 ansible]# source ./hacking/env-setup
running egg_info
creating lib/ansible.egg-info
writing requirements to lib/ansible.egg-info/requires.txt
writing lib/ansible.egg-info/PKG-INFO
writing top-level names to lib/ansible.egg-info/top_level.txt
writing dependency_links to lib/ansible.egg-info/dependency_links.txt
writing manifest file 'lib/ansible.egg-info/SOURCES.txt'
reading manifest file 'lib/ansible.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
no previously-included directories found matching 'hacking'
warning: no files found matching 'SYMLINK_CACHE.json'
writing manifest file 'lib/ansible.egg-info/SOURCES.txt'

Setting up Ansible to run out of checkout...

PATH=/root/ansible/bin:/root/ansible/test/runner:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
PYTHONPATH=/root/ansible/lib
MANPATH=/root/ansible/docs/man

Remember, you may wish to specify your host file with -i

Done!

如果要抑制虚假警告/错误,请使用:

[root@192 ansible]# source ./hacking/env-setup -q

如果没有安装pip,请先安装对应于你的Python版本的pip:

[root@192 ansible]# sudo easy_install pip

安装内容:

[root@192 ansible]# sudo easy_install pip
Searching for pip
Reading https://pypi.python.org/simple/pip/
Best match: pip 18.0
Downloading https://files.pythonhosted.org/packages/69/81/52b68d0a4de760a2f1979b0931ba7889202f302072cc7a0d614211bc7579/pip-18.0.tar.gz#sha256=a0e11645ee37c90b40c46d607070c4fd583e2cd46231b1c06e389c5e814eed76
Processing pip-18.0.tar.gz
Writing /tmp/easy_install-mEv5bK/pip-18.0/setup.cfg
Running pip-18.0/setup.py -q bdist_egg --dist-dir /tmp/easy_install-mEv5bK/pip-18.0/egg-dist-tmp-k2KJA5
/usr/lib64/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'python_requires'
  warnings.warn(msg)
warning: no previously-included files found matching '.coveragerc'
warning: no previously-included files found matching '.mailmap'
warning: no previously-included files found matching '.travis.yml'
warning: no previously-included files found matching 'tox.ini'
warning: no previously-included files found matching 'appveyor.yml'
warning: no previously-included files found matching 'src/pip/_vendor/six'
warning: no previously-included files found matching 'src/pip/_vendor/six/moves'
warning: no previously-included files matching '*.pyi' found under directory 'src/pip/_vendor'
no previously-included directories found matching '.github'
no previously-included directories found matching 'docs/build'
no previously-included directories found matching 'news'
no previously-included directories found matching 'tasks'
no previously-included directories found matching 'tests'
no previously-included directories found matching 'tools'
Adding pip 18.0 to easy-install.pth file
Installing pip script to /usr/bin
Installing pip2.7 script to /usr/bin
Installing pip2 script to /usr/bin

Installed /usr/lib/python2.7/site-packages/pip-18.0-py2.7.egg
Processing dependencies for pip
Finished processing dependencies for pip

以下的Python的模块也需要安装 :

[root@192 ansible]# sudo pip install paramiko PyYAML Jinja2 httplib2

 安装内容:

[root@192 ansible]# sudo pip install paramiko PyYAML Jinja2 httplib2
Collecting paramiko
  Downloading https://files.pythonhosted.org/packages/3e/db/cb7b6656e0e7387637ce850689084dc0b94b44df31cc52e5fc5c2c4fd2c1/paramiko-2.4.1-py2.py3-none-any.whl (194kB)
    100% |████████████████████████████████| 194kB 1.7MB/s 
Collecting PyYAML
  Downloading https://files.pythonhosted.org/packages/9e/a3/1d13970c3f36777c583f136c136f804d70f500168edc1edea6daa7200769/PyYAML-3.13.tar.gz (270kB)
    100% |████████████████████████████████| 276kB 2.0MB/s 
Collecting Jinja2
  Downloading https://files.pythonhosted.org/packages/7f/ff/ae64bacdfc95f27a016a7bed8e8686763ba4d277a78ca76f32659220a731/Jinja2-2.10-py2.py3-none-any.whl (126kB)
    100% |████████████████████████████████| 133kB 12.8MB/s 
Collecting httplib2
  Downloading https://files.pythonhosted.org/packages/fd/ce/aa4a385e3e9fd351737fd2b07edaa56e7a730448465aceda6b35086a0d9b/httplib2-0.11.3.tar.gz (215kB)
    100% |████████████████████████████████| 225kB 10.8MB/s 
Collecting pyasn1>=0.1.7 (from paramiko)
  Downloading https://files.pythonhosted.org/packages/d1/a1/7790cc85db38daa874f6a2e6308131b9953feb1367f2ae2d1123bb93a9f5/pyasn1-0.4.4-py2.py3-none-any.whl (72kB)
    100% |████████████████████████████████| 81kB 17.0MB/s 
Collecting bcrypt>=3.1.3 (from paramiko)
  Downloading https://files.pythonhosted.org/packages/2e/5a/2abeae20ce294fe6bf63da0e0b5a885c788e1360bbd124edcc0429678a59/bcrypt-3.1.4-cp27-cp27mu-manylinux1_x86_64.whl (57kB)
    100% |████████████████████████████████| 61kB 8.8MB/s 
Collecting cryptography>=1.5 (from paramiko)
  Downloading https://files.pythonhosted.org/packages/87/e6/915a482dbfef98bbdce6be1e31825f591fc67038d4ee09864c1d2c3db371/cryptography-2.3.1-cp27-cp27mu-manylinux1_x86_64.whl (2.1MB)
    100% |████████████████████████████████| 2.1MB 7.3MB/s 
Collecting pynacl>=1.0.1 (from paramiko)
  Downloading https://files.pythonhosted.org/packages/80/3d/d709b9fbd69e21dd3a4d34eb690c5484094699e03b7447bc7eb173cfd7b6/PyNaCl-1.2.1-cp27-cp27mu-manylinux1_x86_64.whl (696kB)
    100% |████████████████████████████████| 706kB 10.1MB/s 
Collecting MarkupSafe>=0.23 (from Jinja2)
  Downloading https://files.pythonhosted.org/packages/4d/de/32d741db316d8fdb7680822dd37001ef7a448255de9699ab4bfcbdf4172b/MarkupSafe-1.0.tar.gz
Requirement already satisfied: six>=1.4.1 in /usr/lib/python2.7/site-packages (from bcrypt>=3.1.3->paramiko) (1.9.0)
Collecting cffi>=1.1 (from bcrypt>=3.1.3->paramiko)
  Downloading https://files.pythonhosted.org/packages/14/dd/3e7a1e1280e7d767bd3fa15791759c91ec19058ebe31217fe66f3e9a8c49/cffi-1.11.5-cp27-cp27mu-manylinux1_x86_64.whl (407kB)
    100% |████████████████████████████████| 409kB 18.5MB/s 
Collecting idna>=2.1 (from cryptography>=1.5->paramiko)
  Downloading https://files.pythonhosted.org/packages/4b/2a/0276479a4b3caeb8a8c1af2f8e4355746a97fab05a372e4a2c6a6b876165/idna-2.7-py2.py3-none-any.whl (58kB)
    100% |████████████████████████████████| 61kB 8.6MB/s 
Collecting enum34; python_version < "3" (from cryptography>=1.5->paramiko)
  Downloading https://files.pythonhosted.org/packages/c5/db/e56e6b4bbac7c4a06de1c50de6fe1ef3810018ae11732a50f15f62c7d050/enum34-1.1.6-py2-none-any.whl
Collecting ipaddress; python_version < "3" (from cryptography>=1.5->paramiko)
  Downloading https://files.pythonhosted.org/packages/fc/d0/7fc3a811e011d4b388be48a0e381db8d990042df54aa4ef4599a31d39853/ipaddress-1.0.22-py2.py3-none-any.whl
Collecting asn1crypto>=0.21.0 (from cryptography>=1.5->paramiko)
  Downloading https://files.pythonhosted.org/packages/ea/cd/35485615f45f30a510576f1a56d1e0a7ad7bd8ab5ed7cdc600ef7cd06222/asn1crypto-0.24.0-py2.py3-none-any.whl (101kB)
    100% |████████████████████████████████| 102kB 8.0MB/s 
Collecting pycparser (from cffi>=1.1->bcrypt>=3.1.3->paramiko)
  Downloading https://files.pythonhosted.org/packages/8c/2d/aad7f16146f4197a11f8e91fb81df177adcc2073d36a17b1491fd09df6ed/pycparser-2.18.tar.gz (245kB)
    100% |████████████████████████████████| 256kB 11.6MB/s 
Installing collected packages: pyasn1, pycparser, cffi, bcrypt, idna, enum34, ipaddress, asn1crypto, cryptography, pynacl, paramiko, PyYAML, MarkupSafe, Jinja2, httplib2
  Running setup.py install for pycparser ... done
  Running setup.py install for PyYAML ... done
  Running setup.py install for MarkupSafe ... done
  Running setup.py install for httplib2 ... done
Successfully installed Jinja2-2.10 MarkupSafe-1.0 PyYAML-3.13 asn1crypto-0.24.0 bcrypt-3.1.4 cffi-1.11.5 cryptography-2.3.1 enum34-1.1.6 httplib2-0.11.3 idna-2.7 ipaddress-1.0.22 paramiko-2.4.1 pyasn1-0.4.4 pycparser-2.18 pynacl-1.2.1

注意,当更新ansible版本时,不只要更新git的源码树,也要更新git中指向Ansible自身模块的“submodules”(不是同一种模块)

[root@192 ansible]# git pull --rebase
当前分支 devel 是最新的。
[root@192 ansible]# git submodule update --init --recursive
[root@192 ansible]#

一旦运行env-setup脚本,就意味着Ansible从源码中运行起来了。默认的库存文件是/etc/ansible/hosts.inventory文件也可以另行指定:

[root@192 ansible]# echo "127.0.0.1" > ~/ansible_hosts
[root@192 ansible]# export ANSIBLE_HOSTS

接下来测试一下ping命令:

[root@192 ansible]# ansible all -m ping --ask-pass

3.你的第一条命令

现在你已经安装了Ansible,是时候从一些基本知识开始了. 编辑(或创建)/etc/ansible/hosts 并在其中加入一个或多个远程系统.你的public SSH key必须在这些系统的``authorized_keys``中:

[root@192 ansible]# mkdir -p /etc/ansible/hosts
192.168.1.17
192.168.1.18

使用SSH Key来授权.

[root@192 ~]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a3:dc:b0:2b:81:a6:ec:5f:0e:e9:04:16:6f:5b:7e:84 root@192.168.1.13
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
| .               |
|  o   .          |
| o + E..S        |
|. = *..= .       |
|.o = ++..        |
|..o = ..         |
|...o o.          |
+-----------------+
[root@192 ~]# cd /root/.ssh/
[root@192 .ssh]# ls
id_rsa  id_rsa.pub

接下来将public key 添加到 Authorized_keys文件中:

[root@192 .ssh]# cd /root/.ssh/
[root@192 .ssh]# ls
id_rsa  id_rsa.pub  
[root@192 .ssh]# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
[root@192 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

将上述的public key发布到所有节点主机上面去:

[root@192 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts
[root@192 .ssh]# scp authorized_keys root@192.168.1.17:/root/.ssh/
root@192.168.1.17's password: 
authorized_keys                                                                               100%  399     0.4KB/s   00:00    
[root@192 .ssh]# scp authorized_keys root@192.168.1.18:/root/.ssh/
The authenticity of host '192.168.1.18 (192.168.1.18)' can't be established.
ECDSA key fingerprint is 37:8f:0c:17:94:47:51:eb:82:38:47:01:89:f0:ff:5c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.18' (ECDSA) to the list of known hosts.
root@192.168.1.18's password: 
authorized_keys                                                                               100%  399     0.4KB/s   00:00

为了避免在建立SSH连接时,重复输入密码你可以这么 做:

[root@192 .ssh]# ssh-agent bash
[root@192 .ssh]# ssh-add ~/.ssh/id_rsa

根据你的建立方式,你也许希望使用Ansible的 --private-key 选项,通过指定pem文件来代替SSH Key来授权, 现在ping 你的所有主机节点:

[root@192 .ssh]# ansible all -m ping

通信结果:

[root@192 .ssh]# ansible all -m ping
192.168.1.17 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.1.18 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

Ansible会像SSH那样试图用你的当前用户名来连接你的远程机器.要覆写远程用户名,只需使用’-u’参数. 如果你想访问 sudo模式,这里也有标识(flags)来实现:

[root@192 .ssh]# ansible all -m ping -u bruce
[root@192 .ssh]# ansible all -m ping -u bruce --sudo
[root@192 .ssh]# ansible all -m ping -u bruce --sudo --sudo-user batman

如果你碰巧想要使用其他sudo的实现方式,你可以通过修改Ansible的配置文件来实现.也可以通过传递标识给sudo(如-H)来设置.

现在对你的所有节点运行一个命令:

[root@192 ~]# ansible all -a "/bin/echo hello"

输出结果:

[root@192 ~]# ansible all -a "/bin/echo hello"
192.168.1.17 | CHANGED | rc=0 >>
hello
192.168.1.18 | CHANGED | rc=0 >>
hello

恭喜你!你刚刚通过Ansible连接了你的所有节点.很快你就会阅读更多的关于现实案例 Introduction To Ad-Hoc Commands 并探索可以通过不同的模块做什么以及研究Ansible的playbook语言

Playbooks .Ansible不只是能运行命令,它同样也拥有强大的配置管理和部署特性.虽然还有更多内容等待你的探索,但你基础设施已经能完全工作了!

注意:

公钥认证

Ansible1.2.1及其之后的版本都会默认启用公钥认证.

如果有个主机重新安装并在“known_hosts”中有了不同的key,这会提示一个错误信息直到被纠正为止.在使用Ansible时,你可能不想遇到这样的情况:如果有个主机没有在“known_hosts”中被初始化将会导致在交互使用Ansible或定时执行Ansible时对key信息的确认提示.

如果你想禁用此项行为并明白其含义,你能够通过编辑 /etc/ansible/ansible.cfg or ~/.ansible.cfg来实现:

[defaults]
host_key_checking = False

或者你也可以通过设置环境变量来实现:

export ANSIBLE_HOST_KEY_CHECKING=False

同样注意在paramiko 模式中 公钥认证 相当的慢.因此,当使用这项特性时,切换至’SSH’是推荐做法.

Ansible将会对远程系统模块参数记录在远程的syslog中,除非一个任务或者play被标记了“no_log: True”属性,稍后解释. 在主控机上启用基本的日志功能参见 Ansible的配置文件 文档 并 在配置文件中设置’log_path’.企业用户可能也对 Ansible Tower 感兴趣.哦!!!!!!!

 

 

 

 

 

 

 

 

相关内容

    暂无相关文章