Installation Ansible-2.9.27 Inventory Use on openEuler
一、Installation Ansible-2.9.27 Inventory Use on openEuler
1 地址
2 环境
[root@manage ~]# python3
Python 3.10.2 (main, Sep 8 2022, 00:00:00) [GCC 10.3.1] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> exit
Use exit() or Ctrl-D (i.e. EOF) to exit3 安装
###
dnf search ansible
###
dnf install -y ansible
###
[root@manage ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.10/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.10.2 (main, Sep 8 2022, 00:00:00) [GCC 10.3.1]4 参数详情
- ## ansible --help
- ## -v, --verbose 表示:verbose mode (-vvv for more, -vvvv to enable connection debugging)
- ## -i 表示:主机清单文件路径,默认在 /etc/ansible/ansible.cfg
- ## -m 表示:模块名称,默认使用command模块
- ## -a 表示:模块动作,执行的命令
- ## -k 表示:ssh密码
- ## -C 表示:不对目标主机做任何修改,只测试并返回结果
- ## -T 表示:连接远程主机的最大超时,单位为秒
- ## --list-hosts 表示:列出符合条件的主机列表,不执行任何命令
二、Ansible 配置文件
1 Ansible 配置文件 查找顺序
- ANSIBLE_CONFIG:Ansible 命令会检查环境 $ANSIBLE_CONFIG 变量
- ./ansible.cfg:查找当前目录下的 ansible.cfg配置文件
- ~/.ansible.cfg:查找用户目录下的 ansible.cfg配置文件
- /etc/ansible/ansible.cfg:安装Ansible时自动产生的配置文件
### 修改配置
vim /etc/ansible/ansible.cfg
### 跳过检查主机 也就是第一次ssh连接要输入: yes/no
71 host_key_checking = False
111 log_path = /var/log/ansible.log
### 查看默认 defaults 配置
[root@manage ~]# cat /etc/ansible/ansible.cfg
10 [defaults]
11
12 # some basic default values...
13
14 #inventory = /etc/ansible/hosts
15 #library = /usr/share/my_modules/
16 #module_utils = /usr/share/my_module_utils/
17 #remote_tmp = ~/.ansible/tmp
18 #local_tmp = ~/.ansible/tmp
19 #plugin_filters_cfg = /etc/ansible/plugin_filters.yml
20 #forks = 5
21 #poll_interval = 15
22 #sudo_user = root
23 #ask_sudo_pass = True
24 #ask_pass = True
25 #transport = smart
26 #remote_port = 22
27 #module_lang = C
28 #module_set_locale = False
### 查询非注释的,都是些模块
[root@manage ~]# egrep -v '#|^$' /etc/ansible/ansible.cfg
[defaults]
host_key_checking = False
log_path = /var/log/ansible.log
[inventory]
### 是非root用户需要配置提权
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
[persistent_connection]
[accelerate]
[selinux]
[colors]
[diff]
三、Ansible Inventory
Inventory文件是管理主机与主机组信息。
官方链接:https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html
主机清单配置文件
### 默认配置文件,示例文件[各种例子]
cat /etc/ansible/hosts
### 基于密码连接
vim /etc/ansible/hosts
### xyz 自定义模块名称
### 用户名 密码 端口
[xyz]
10.0.1.51 ansible_ssh_user=root ansible_ssh_pass='xxx' ansible_ssh_port=22
10.0.1.55 ansible_ssh_user=root ansible_ssh_pass='xxx' ansible_ssh_port=22
##
ansible xyz -a 'cat /etc/openEuler-release'1 基于密码连接
vim /etc/ansible/hosts
### xyz 自定义模块名称
### 用户名 密码 端口
[xyz]
10.0.1.51 ansible_ssh_user=root ansible_ssh_pass='xxx' ansible_ssh_port=22
10.0.1.55 ansible_ssh_user=root ansible_ssh_pass='xxx' ansible_ssh_port=22
###
ansible xyz -a 'cat /etc/openEuler-release'
2 基于域名连接
vi /etc/hosts
10.0.1.51 web01.iyuyi.xyz
10.0.1.55 web02.iyuyi.xyz
vim /etc/ansible/hosts
[web]
web0[1:2].iyuyi.xyz ansible_ssh_pass='xxx'
### 测试通不通
[root@manage ~]# ansible web -m ping
[WARNING]: Platform linux on host web02.iyuyi.xyz is using the discovered Python interpreter
at /usr/bin/python3, but future installation of another Python interpreter could change this.
See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for
more information.
web02.iyuyi.xyz | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
[WARNING]: Platform linux on host web01.iyuyi.xyz is using the discovered Python interpreter
at /usr/bin/python3, but future installation of another Python interpreter could change this.
See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for
more information.
web01.iyuyi.xyz | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}3 基于密钥连接
### 创建公钥和私钥,分发节点被控端
ssh-keygen -t rsa
### 定义 master 列表
MASTER_LIST=(
10.0.1.51
10.0.1.55
)
### 配置免密登录
for i in ${MASTER_LIST[@]};do
ssh-copy-id -i /root/.ssh/id_rsa.pub root@$i
done
### 自定义hosts
### 10.0.1.40 没有这台机器
cat > /opt/hosts.txt << EOF
[backup]
10.0.1.51
[nfs]
10.0.1.55
[web]
10.0.1.40
EOF
### all 表示所有模块
### -i 指定自定义 hosts文件
[root@manage ~]# ansible all -i /opt/hosts.txt -e "ansible_python_interpreter=auto_legacy_silent" -m ping
10.0.1.55 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
10.0.1.51 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
10.0.1.40 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 10.0.1.40 port 22: No route to host",
"unreachable": true
}4 children 组
###
cat > /opt/data-children.txt << EOF
[backup]
10.0.1.51
[nfs]
10.0.1.55
[web]
10.0.1.40
[data:children]
backup
nfs
web
EOF
[root@manage ~]# ansible data -i /opt/data-children.txt -a 'cat /etc/openEuler-release'
[WARNING]: Platform linux on host 10.0.1.55 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change this.
See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for
more information.
10.0.1.55 | CHANGED | rc=0 >>
openEuler release 22.09
[WARNING]: Platform linux on host 10.0.1.51 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change this.
See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for
more information.
10.0.1.51 | CHANGED | rc=0 >>
openEuler release 22.09
10.0.1.40 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 10.0.1.40 port 22: No route to host",
"unreachable": true
}5 查询组中内容
###
ansible all -i /opt/data-children.txt --list-hosts
X、One Step Success
1 安装日志
2 帮助命令
查看代码
[root@manage ~]# ansible --help
usage: ansible [-h] [--version] [-v] [-b] [--become-method BECOME_METHOD]
[--become-user BECOME_USER] [-K] [-i INVENTORY] [--list-hosts] [-l SUBSET]
[-P POLL_INTERVAL] [-B SECONDS] [-o] [-t TREE] [-k]
[--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER] [-c CONNECTION]
[-T TIMEOUT] [--ssh-common-args SSH_COMMON_ARGS]
[--sftp-extra-args SFTP_EXTRA_ARGS] [--scp-extra-args SCP_EXTRA_ARGS]
[--ssh-extra-args SSH_EXTRA_ARGS] [-C] [--syntax-check] [-D]
[-e EXTRA_VARS] [--vault-id VAULT_IDS]
[--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES] [-f FORKS]
[-M MODULE_PATH] [--playbook-dir BASEDIR] [-a MODULE_ARGS] [-m MODULE_NAME]
pattern
Define and run a single task 'playbook' against a set of hosts
positional arguments:
pattern host pattern
options:
--ask-vault-pass ask for vault password
--list-hosts outputs a list of matching hosts; does not execute anything else
--playbook-dir BASEDIR
Since this tool does not use playbooks, use this as a substitute
playbook directory.This sets the relative path for many features
including roles/ group_vars/ etc.
--syntax-check perform a syntax check on the playbook, but do not execute it
--vault-id VAULT_IDS the vault identity to use
--vault-password-file VAULT_PASSWORD_FILES
vault password file
--version show program's version number, config file location, configured
module search path, module location, executable location and exit
-B SECONDS, --background SECONDS
run asynchronously, failing after X seconds (default=N/A)
-C, --check don't make any changes; instead, try to predict some of the
changes that may occur
-D, --diff when changing (small) files and templates, show the differences in
those files; works great with --check
-M MODULE_PATH, --module-path MODULE_PATH
prepend colon-separated path(s) to module library (default=~/.ansi
ble/plugins/modules:/usr/share/ansible/plugins/modules)
-P POLL_INTERVAL, --poll POLL_INTERVAL
set the poll interval if using -B (default=15)
-a MODULE_ARGS, --args MODULE_ARGS
module arguments
-e EXTRA_VARS, --extra-vars EXTRA_VARS
set additional variables as key=value or YAML/JSON, if filename
prepend with @
-f FORKS, --forks FORKS
specify number of parallel processes to use (default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory INVENTORY, --inventory-file INVENTORY
specify inventory host path or comma separated host list.
--inventory-file is deprecated
-l SUBSET, --limit SUBSET
further limit selected hosts to an additional pattern
-m MODULE_NAME, --module-name MODULE_NAME
module name to execute (default=command)
-o, --one-line condense output
-t TREE, --tree TREE log output to this directory
-v, --verbose verbose mode (-vvv for more, -vvvv to enable connection debugging)
Privilege Escalation Options:
control how and which user you become as on target hosts
--become-method BECOME_METHOD
privilege escalation method to use (default=sudo), use `ansible-
doc -t become -l` to list valid choices.
--become-user BECOME_USER
run operations as this user (default=root)
-K, --ask-become-pass
ask for privilege escalation password
-b, --become run operations with become (does not imply password prompting)
Connection Options:
control as whom and how to connect to hosts
--private-key PRIVATE_KEY_FILE, --key-file PRIVATE_KEY_FILE
use this file to authenticate the connection
--scp-extra-args SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--sftp-extra-args SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f, -l)
--ssh-common-args SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
--ssh-extra-args SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
-T TIMEOUT, --timeout TIMEOUT
override the connection timeout in seconds (default=10)
-c CONNECTION, --connection CONNECTION
connection type to use (default=smart)
-k, --ask-pass ask for connection password
-u REMOTE_USER, --user REMOTE_USER
connect as this user (default=None)
Some modules do not make sense in Ad-Hoc (include, meta, etc)
Y、Error message
1 python3-babel-2.10.3-1.oe2209.noarch: Cannot download
[MIRROR] python3-babel-2.10.3-1.oe2209.noarch.rpm: Curl error (28): Timeout was reached for http://repo.openeuler.org/openEuler-22.09/OS/x86_64/Packages/python3-babel-2.10.3-1.oe2209.noarch.rpm [Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds]
[MIRROR] python3-babel-2.10.3-1.oe2209.noarch.rpm: Curl error (28): Timeout was reached for http://repo.openeuler.org/openEuler-22.09/OS/x86_64/Packages/python3-babel-2.10.3-1.oe2209.noarch.rpm [Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds]
[MIRROR] python3-babel-2.10.3-1.oe2209.noarch.rpm: Curl error (7): Couldn't connect to server for http://repo.openeuler.org/openEuler-22.09/OS/x86_64/Packages/python3-babel-2.10.3-1.oe2209.noarch.rpm [Failed to connect to repo.openeuler.org port 80 after 21015 ms: Connection refused]
[MIRROR] python3-babel-2.10.3-1.oe2209.noarch.rpm: Curl error (6): Couldn't resolve host name for http://repo.openeuler.org/openEuler-22.09/OS/x86_64/Packages/python3-babel-2.10.3-1.oe2209.noarch.rpm [Could not resolve host: repo.openeuler.org]
[FAILED] python3-babel-2.10.3-1.oe2209.noarch.rpm: No more mirrors to try - All mirrors were already tried without success
(19/19): ansible-2.9.27-3. 45% [===========- ] 1.4 MB/s | 13 MB 00:11 ETA
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Error downloading packages:
python3-babel-2.10.3-1.oe2209.noarch: Cannot download, all mirrors were already tried without success解决
### 下载慢,或失败,单独下载此rpm包
mkdir /opt/software;cd /opt/software
wget https://repo.openeuler.org/openEuler-22.09/OS/x86_64/Packages/python3-babel-2.10.3-1.oe2209.noarch.rpm
[root@manage ~]# rpm -ivh /opt/software/python3-babel-2.10.3-1.oe2209.noarch.rpm --nodeps
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:python3-babel-2.10.3-1.oe2209 ################################# [100%]
### 在进行安装
dnf install -y ansible觉得不行的话,可以使用自定义配置YUM和 Everything 20G安装
2 ansible的报警提示,影响查看结果
[WARNING]: Platform linux on host 10.0.1.55 is using the discovered Python interpreter at
/usr/bin/python3, but future installation of another Python interpreter could change this.
See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for
more information.解决
### 添加 ansible_python_interpreter 参数
ansible all -e "ansible_python_interpreter=auto_legacy_silent" -m ping
### 全局配置
### 在 /etc/ansible/ansible.cfg 的 [defaults] 部分添加配置
vim /etc/ansible/ansible.cfg
interpreter_python = auto_legacy_silent
Z、Related Links
openEuler-22.09 Configures YUM Local Source Everything:https://www.cnblogs.com/huaxiayuyi/p/16915987.html
