A box of chocolates

Life is like a box of chocolates, you never know what you are going to get.

Uncategorized

ansible小结(一)ansible的安装

By Vinny Wang

一、简介

Ansible 是一个配置管理和应用部署工具,功能类似于目前业界的配置管理工具 Chef,Puppet,Saltstack。Ansible 是通过 Python 语言开发。Ansible 平台由 Michael DeHaan 创建,他同时也是知名软件 Cobbler 与 Func 的作者。Ansible 的第一个版本发布于 2012 年 2 月。Ansible 默认通过 SSH 协议管理机器,所以 Ansible 不需要安装客户端程序在服务器上。您只需要将 Ansible 安装在一台服务器,在 Ansible 安装完后,您就可以去管理控制其它服务器。不需要为它配置数据库,Ansible 不会以 daemons 方式来启动或保持运行状态。Ansible 可以实现以下目标:

  • 自动化部署应用
  • 自动化管理配置
  • 自动化的持续交付
  • 自动化的(AWS)云服务管理。

根据 Ansible 官方提供的信息,当前使用 Ansible 的用户有:evernote、rackspace、NASA、Atlassian、twitter 等。

注:以上简介来自于ibm developerworks 中国的介绍。

二、Ansible的安装

1、yum源安装

以centos为例,默认在源里没有ansible,不过在fedora epel源里有ansible,配置完epel 源后,可以直接通过yum 进行安装。这里以centos6.8为例:

  1. # yum install http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
  2. # yum install ansible

2、apt-get安装

在ubuntu及其衍生版中,可以通过增加ppa源进行apt-get安装,具体如下:

  1. $ sudo aptget install softwarepropertiescommon
  2. $ sudo aptaddrepository ppa:ansible/ansible
  3. $ sudo aptget update
  4. $ sudo aptget install ansible

3、源码安装

源码安装需要python2.6以上版本,其依赖模块paramiko、PyYAML、Jinja2、httplib2、simplejson、pycrypto模块,以上模块可以通过pip或easy_install 进行安装,不过本部分既然提到的是源码安装,主要针对的无法上外网的情况下,可以通过pypi 站点搜索以上包,下载后通过python setup.py install 进行安装。

最后通过githubpypi上下载ansible源码包,通过python setup.py install 安装即可。由于安装过程相对简单,这里略过,主要介绍安装后,可能遇到的问题。

a、安装PyYAML时,报错如下:

  1. # python setup.py install
  2. libyaml is not found or a compiler error: forcing withoutlibyaml
  3. (if libyaml is installed correctly, you may need to
  4. specify the option includedirs or uncomment and
  5. modify the parameter include_dirs in setup.cfg)
  6. running install_lib
  7. running install_egg_info
  8. Removing /usr/lib64/python2.6/sitepackages/PyYAML3.11py2.6.egginfo
  9. Writing /usr/lib64/python2.6/sitepackages/PyYAML3.11py2.6.egginfo

在centos6.8系统中,可以通过yum -y install libyaml 包解决,或者从ISO文件中提供该包,通过rpm -ivh进行安装。

b、安装完ansible是,报错如下:

  1. [root@361way.com ansible1.9.1]# ansible -h
  2. Traceback (most recent call last):
  3. File “/usr/local/src/ansible-devel/bin/ansible”, line 36, in <module>
  4. from ansible.runner import Runner
  5. File “/usr/local/src/ansible-devel/lib/ansible/runner/__init__.py”, line 62, in <module>
  6. from Crypto.Random import atfork
  7. File “/usr/lib64/python2.6/site-packages/Crypto/Random/__init__.py”, line 29, in <module>
  8. from Crypto.Random import _UserFriendlyRNG
  9. File “/usr/lib64/python2.6/site-packages/Crypto/Random/_UserFriendlyRNG.py”, line 38, in <module>
  10. from Crypto.Random.Fortuna import FortunaAccumulator
  11. File “/usr/lib64/python2.6/site-packages/Crypto/Random/Fortuna/FortunaAccumulator.py”, line 39, in <module>
  12. import FortunaGenerator
  13. File “/usr/lib64/python2.6/site-packages/Crypto/Random/Fortuna/FortunaGenerator.py”, line 34, in <module>
  14. from Crypto.Util.number import ceil_shift, exact_log2, exact_div
  15. File “/usr/lib64/python2.6/site-packages/Crypto/Util/number.py”, line 56, in <module>
  16. if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:
  17. AttributeError: ‘module’ object has no attribute ‘HAVE_DECL_MPZ_POWM_SEC’

import paramiko包时,报错如下:

  1. >>> import paramiko
  2. Traceback (most recent call last):
  3. File “<stdin>”, line 1, in <module>
  4. File “/usr/lib/python2.6/site-packages/paramiko/__init__.py”, line 69, in <module>
  5. from transport import randpool, SecurityOptions, Transport
  6. File “/usr/lib/python2.6/site-packages/paramiko/transport.py”, line 32, in <module>
  7. from paramiko import util
  8. File “/usr/lib/python2.6/site-packages/paramiko/util.py”, line 32, in <module>
  9. from paramiko.common import *
  10. File “/usr/lib/python2.6/site-packages/paramiko/common.py”, line 98, in <module>
  11. from rng import StrongLockingRandomPool
  12. File “/usr/lib/python2.6/site-packages/paramiko/rng.py”, line 22, in <module>
  13. from Crypto.Util.randpool import RandomPool as _RandomPool
  14. File “/usr/lib64/python2.6/site-packages/Crypto/Util/randpool.py”, line 30, in <module>
  15. import Crypto.Random
  16. File “/usr/lib64/python2.6/site-packages/Crypto/Random/__init__.py”, line 29, in <module>
  17. from Crypto.Random import _UserFriendlyRNG
  18. File “/usr/lib64/python2.6/site-packages/Crypto/Random/_UserFriendlyRNG.py”, line 38, in <module>
  19. from Crypto.Random.Fortuna import FortunaAccumulator
  20. File “/usr/lib64/python2.6/site-packages/Crypto/Random/Fortuna/FortunaAccumulator.py”, line 39, in <module>
  21. import FortunaGenerator
  22. File “/usr/lib64/python2.6/site-packages/Crypto/Random/Fortuna/FortunaGenerator.py”, line 34, in <module>
  23. from Crypto.Util.number import ceil_shift, exact_log2, exact_div
  24. File “/usr/lib64/python2.6/site-packages/Crypto/Util/number.py”, line 56, in <module>
  25. if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:
  26. AttributeError: ‘module’ object has no attribute ‘HAVE_DECL_MPZ_POWM_SEC’

经网上查找,确认为pycrypto包安装时依赖的GMP版本不对的问题,具体可以通过以下步骤验证:

  1. [root@361way.com pycrypto2.6.1]# python setup.py build
  2. running build
  3. running build_py
  4. running build_ext
  5. running build_configure
  6. warning: GMP or MPIR library not found; Not building Crypto.PublicKey._fastmath.

解决方法:

打开 /usr/lib64/python2.6/site-packages/Crypto/Util/number.py 文件,可以 看到 56 行上的注释说明,要求 libgmp 为 v5 以上版本。而系统现有版本为 4.1.4,把以下两行暂时注释掉,Ansible 执行正常。

  1. if _fastmath is not None and not _fastmath.HAVE_DECL_MPZ_POWM_SEC:
  2. _warn(“Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.”, PowmInsecureWarning)

不过,此方法只是临时加以解决,更好的方式是去将 libgmp 升级到符合要求的版本。

c、执行时报错

  1. [root@361way.com src]# ansible test -m raw -a ‘uptime’
  2. 10.212.52.14 | FAILED => to use the ‘ssh’ connection type with passwords, you must install the sshpass program
  3. 10.212.52.16 | FAILED => to use the ‘ssh’ connection type with passwords, you must install the sshpass program

安装sshpass程序。默认源里没有,我这里选择直接从sohu源里下载安装。

三、Ansible的配置与验证

这里以pypi上下载的源码内有一个examles包,可以将使用该示例文件做为默认配置,具体如下:

  1. [root@361way.com ansible1.9.1]# mkdir -p /etc/ansible
  2. [root@361way.com ansible1.9.1]# cp -rp examples/* /etc/ansible/
  3. [root@361way.com ansible1.9.1]# cd /etc/ansible/

使用默认示例配置文件后,编辑/etc/ansible/hosts文件,通过以下方式验证ansible是否可用:

  1. [root@361way.com ~]# cat /etc/ansible/hosts
  2. [test]
  3. 10.212.52.252 ansible_ssh_user=root ansible_ssh_pass=361way.com
  4. 10.212.52.14 ansible_ssh_user=root ansible_ssh_pass=abc123
  5. 10.212.52.16 ansible_ssh_user=root ansible_ssh_pass=91it.org

以上的配置中,我配置了一个test组,该组下有三台主机,三台都使用root验证,三台的密码分别是361way.com、abc123、91it.org 。

注:后面的用户和密码项是非必须的,在配置key认证的情况下,不使用密码也可以直接操作 。未使用key的,也可以在ansible通过 -k参数在操作前询问手动输入密码。

  1. [root@361way.com ~]# ansible test -a ‘uptime’
  2. 10.212.52.252 | success | rc=0 >>
  3. 18:01pm up 21 days 3:24, 3 users, load average: 0.39, 0.38, 0.35
  4. 10.212.52.16 | success | rc=0 >>
  5. 18:09pm up 329 days 1:01, 2 users, load average: 0.08, 0.03, 0.05
  6. 10.212.52.14 | success | rc=0 >>
  7. 18:08pm up 329 days 0:23, 2 users, load average: 0.06, 0.06, 0.05

执行以上指令后,有结果输出,证明安装成功。

By Vinny Wang

Related Post

Uncategorized

html:table属性以及html简单合并单元格应用

Vinny Wang
Uncategorized

处理nginx启动错误Failed to read PID from file /run/nginx.pid

Vinny Wang
Uncategorized

Systemd 入门教程:命令篇

Vinny Wang

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

Uncategorized

html:table属性以及html简单合并单元格应用

Uncategorized

处理nginx启动错误Failed to read PID from file /run/nginx.pid

Uncategorized

Systemd 入门教程:命令篇

Uncategorized

Centos安装supervisor,守护Redis进程