ansible--源码安装,ansible--源码
ansible--源码安装,ansible--源码
1、安装前检查
1.1检查防火墙状态
[root@localhost ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
selinux查看状态的方法:
除了查看配置文件还有:
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
[root@localhost ~]# getenforce
Enforcing
以上几种方法均可以看到selinux的状态是开启的,修改配置文件 /etc/sysconfig/selinux,将状态改为SELINUX=disabled,使用setenforce 0 命令
这样会将enforcing模式修改为permissive变成宽容模式
[root@localhost ~]# setenforce 0
[root@localhost ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@localhost ~]# getenforce
Permissive
配置文件并没有被修改,但是状态被改变为permissive宽容模式了
注意的是,如果改变了政策则需要重新开机;如果由 enforcing 或 permissive 改成 disabled ,或由 disabled 改成其他两个,那也必须要重新开机。这是因为 SELinux 是整合到核心里面去的, 你只可以在 SELinux 运作下切换成为强制 (enforcing) 或宽容 (permissive) 模式,不能够直接关闭 SELinux 的!
修改了配置文件selinux=disabled 因为没有重启主机,目前状态还是permissive
[root@localhost ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: disabled
Policy version: 24
Policy from config file: targeted
1.2配置免密登陆
ssh-keygen-t rsa 生成公钥
ssh-copy-id root@ip地址
[root@master01 ~]# ssh-copy-id root@192.168.42.110
2、安装
2.1yum 安装
安装ansible:
[root@ansible ~]# yum list |grep ansible
ansible.noarch 2.5.1-1.el7 epel
ansible-doc.noarch 2.5.1-1.el7 epel
ansible-inventory-grapher.noarch 2.4.4-1.el7 epel
ansible-lint.noarch 3.4.21-1.el7 epel
ansible-openstack-modules.noarch 0-20140902git79d751a.el7 epel
ansible-review.noarch 0.13.4-1.el7 epel
kubernetes-ansible.noarch 0.6.0-0.1.gitd65ebd5.el7 epel
python2-ansible-tower-cli.noarch 3.2.1-2.el7 epel
[root@ansible ~]# yum -y install ansible
查看安装状态:
[root@ansible ~]# ansible --version
ansible 2.5.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
[root@ansible ~]# python
Python 2.7.5 (default, Aug 4 2017, 00:39:18)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ansible
>>> exit()
2.2源码安装
安装包下载地址:https://releases.ansible.com/ansible/
源码安装需要python2.6以上版本,其依赖模块paramiko,pyYAML,Jinja2,simplejson等
安装顺序
setuptools
pycrypto
ecdsa
paramiko(依赖于pycrypto)
pyYaml
httplib
simplejson
Jinjia
接下来安装其他模块
[root@gbase06 opt]# yum install python-devel.x86_64
[root@gbase06 opt]# rpm -qa | grep python-devel
[root@gbase06 opt]# yum list | grep python-devel
dbus-python-devel.x86_64 0.83.0-6.1.el6 CentOS
gstreamer-python-devel.x86_64 0.10.16-1.1.el6 CentOS
python-devel.x86_64 2.6.6-52.el6 CentOS
[root@gbase06 opt]# yum install python-devel.x86_64
cd setuptools-7.0/
python setup.py install
cd pycrypto-2.6.1/
python setup.py install
报错:raise RuntimeError("autoconf error")
安装c的编译器 yum install gcc*
python setup.py install
没有报错
[root@gbase06 ansible]# cd ecdsa-0.11/
[root@gbase06 ecdsa-0.11]# python setup.py install
running install_egg_info
Writing /usr/lib/python2.6/site-packages/ecdsa-0.11-py2.6.egg-info
paramiko这个包依赖于pycrypto-2.6.1
[root@gbase06 ansible]# cd paramiko-1.15.1/
[root@gbase06 paramiko-1.15.1]# python setup.py install
[root@gbase06 ansible]# cd pycrypto-2.6.1/
[root@gbase06 pycrypto-2.6.1]# python setup.py install
Writing /usr/lib64/python2.6/site-packages/pycrypto-2.6.1-py2.6.egg-info
[root@gbase06 ansible]# cd PyYAML-3.11/
[root@gbase06 PyYAML-3.11]# python setup.py install
running install_egg_info
Writing /usr/lib64/python2.6/site-packages/PyYAML-3.11-py2.6.egg-info
[root@gbase06 ansible]# cd simplejson-3.6.5/
[root@gbase06 simplejson-3.6.5]# python setup.py install
Installed /usr/lib64/python2.6/site-packages/simplejson-3.6.5-py2.6-linux-x86_64.egg
Processing dependencies for simplejson==3.6.5
Finished processing dependencies for simplejson==3.6.5
[root@gbase06 ansible]# cd Jinja2-2.7.3/
[root@gbase06 Jinja2-2.7.3]# python setup.py install
安装cryptography-2.2.2(如果不安装ansible2.5x版本会报错)
报错要求setuptools18.5以上版本(重新安装setuptools要把所有模块重新安装一遍,不然找不到新版本的setuptools(同时要把/usr/lib/python2.6/site-packages中低版本的文件删除) )
依赖cffi,cffi依赖libffi(这个不是Python模块)
error: command 'gcc' failed with exit status 1
[root@gbase06 cffi-1.11.5]# yum install libffi*
依赖pycparser
3、安装问题及解决&配置
修改hosts文件(/opt/ansible/ansible-2.5.5/examples)
两个核心文件:ansible.cfg和hosts文件,默认都存放在/etc/ansible目录下。ansible.cfg:主要设置一些ansible初始化的信息,比如日志存放路径、模块、插件等配置信息
hosts:机器清单,进行分组管理
所以编译安装以后要把他们复制到/etc/ansible下面
1、修改主机清单
# Ex 2: A collection of hosts belonging to the 'webservers' group
[webservers] #监控的组名为webservers
## alpha.example.org
## beta.example.org # 把被监控节点加进去
192.168.119.88
192.168.119.89
192.168.119.90
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
2、修改配置文件
简要修改
[defaults] --->通用默认配置
inventory = /etc/ansible/hosts 这个是默认库文件位置,脚本,或者存放可通信主机的目录
forks = 10 在与主机通信时的默认并行进程数 ,默认是5d
host_key_checking = False检查主机密钥
log_path = /var/log/ansible.log 日志文件存放位置
module_name = command ansible命令执行默认的模块
private_key_file = /root/.ssh/id_rsa 私钥文件存储位置(配置免密跳转的时候设置的文件位置)
[inventory]
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]
[root@gbase06 pycrypto-2.6.1]# ansible webservers -m command -a'uptime'
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
192.168.119.88 | SUCCESS | rc=0 >>
17:19:40 up 535 days, 6:21, 2 users, load average: 0.00, 0.00, 0.00
192.168.119.89 | SUCCESS | rc=0 >>
17:09:57 up 535 days, 6:11, 1 user, load average: 0.00, 0.00, 0.00
192.168.119.90 | SUCCESS | rc=0 >>
17:42:30 up 535 days, 6:44, 2 users, load average: 0.08, 0.11, 0.04
首先这不算是一个报错信息,而是一个安全提示信息,是说系统自带的gmp库版本太低,容易遭受***,需要升级:
为此,我们必须从https://gmplib.org/download/gmp/gmp-6.1.2.tar.xz下载源代码
yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-devel openssl-devel zlib-devel bzip2-devel ncurses-devel
评论暂时关闭