1、安装前检查

1.1检查防火墙状态

[root@localhost ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

selinux查看状态的方法:
除了查看配置文件还有:
[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

[root@localhost ~]# getenforce
Enforcing

以上几种方法均可以看到selinux的状态是开启的,修改配置文件 /etc/sysconfig/selinux,将状态改为SELINUX=disabled,使用setenforce 0 命令

这样会将enforcing模式修改为permissive变成宽容模式

[root@localhost ~]# setenforce 0
[root@localhost ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 




[root@localhost ~]# getenforce
Permissive
配置文件并没有被修改,但是状态被改变为permissive宽容模式了
注意的是,如果改变了政策则需要重新开机;如果由 enforcing 或 permissive 改成 disabled ,或由 disabled 改成其他两个,那也必须要重新开机。这是因为 SELinux 是整合到核心里面去的, 你只可以在 SELinux 运作下切换成为强制 (enforcing) 或宽容 (permissive) 模式,不能够直接关闭 SELinux 的! 

修改了配置文件selinux=disabled 因为没有重启主机,目前状态还是permissive


[root@localhost ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          disabled
Policy version:                 24
Policy from config file:        targeted

1.2配置免密登陆

ssh-keygen-t rsa  生成公钥
ssh-copy-id root@ip地址  
[root@master01 ~]# ssh-copy-id root@192.168.42.110

2、安装

2.1yum 安装

安装ansible:
[root@ansible ~]# yum list |grep ansible
ansible.noarch                            2.5.1-1.el7                  epel     
ansible-doc.noarch                        2.5.1-1.el7                  epel     
ansible-inventory-grapher.noarch          2.4.4-1.el7                  epel     
ansible-lint.noarch                       3.4.21-1.el7                 epel     
ansible-openstack-modules.noarch          0-20140902git79d751a.el7     epel     
ansible-review.noarch                     0.13.4-1.el7                 epel     
kubernetes-ansible.noarch                 0.6.0-0.1.gitd65ebd5.el7     epel     
python2-ansible-tower-cli.noarch          3.2.1-2.el7                  epel     
[root@ansible ~]# yum -y install ansible

查看安装状态:
[root@ansible ~]# ansible --version
ansible 2.5.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
[root@ansible ~]# python
Python 2.7.5 (default, Aug  4 2017, 00:39:18) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ansible
>>> exit()

2.2源码安装

安装包下载地址:https://releases.ansible.com/ansible/    

源码安装需要python2.6以上版本,其依赖模块paramiko,pyYAML,Jinja2,simplejson等

安装顺序

setuptools

pycrypto

ecdsa

paramiko(依赖于pycrypto)

pyYaml

httplib

simplejson

Jinjia

  1.  tar -xvzf setuptools-36.0.1
  2. # cd setuptools-36.0.1
  3. # python setup.py install 

接下来安装其他模块

[root@gbase06 opt]# yum install python-devel.x86_64
 [root@gbase06 opt]# rpm -qa | grep python-devel
[root@gbase06 opt]# yum list | grep python-devel
dbus-python-devel.x86_64                 0.83.0-6.1.el6                   CentOS
gstreamer-python-devel.x86_64            0.10.16-1.1.el6                  CentOS
python-devel.x86_64                      2.6.6-52.el6                     CentOS
[root@gbase06 opt]# yum install python-devel.x86_64
  cd setuptools-7.0/
  python setup.py install  
   cd pycrypto-2.6.1/
python setup.py install
报错:raise RuntimeError("autoconf error")
安装c的编译器  yum install gcc*
python setup.py install
没有报错
[root@gbase06 ansible]# cd ecdsa-0.11/
[root@gbase06 ecdsa-0.11]# python setup.py install
running install_egg_info
Writing /usr/lib/python2.6/site-packages/ecdsa-0.11-py2.6.egg-info

paramiko这个包依赖于pycrypto-2.6.1
[root@gbase06 ansible]# cd paramiko-1.15.1/
[root@gbase06 paramiko-1.15.1]# python setup.py install
 [root@gbase06 ansible]# cd pycrypto-2.6.1/
[root@gbase06 pycrypto-2.6.1]# python setup.py install
Writing /usr/lib64/python2.6/site-packages/pycrypto-2.6.1-py2.6.egg-info
[root@gbase06 ansible]# cd PyYAML-3.11/
 [root@gbase06 PyYAML-3.11]# python setup.py install
running install_egg_info
Writing /usr/lib64/python2.6/site-packages/PyYAML-3.11-py2.6.egg-info
[root@gbase06 ansible]# cd simplejson-3.6.5/
[root@gbase06 simplejson-3.6.5]# python setup.py install
Installed /usr/lib64/python2.6/site-packages/simplejson-3.6.5-py2.6-linux-x86_64.egg
Processing dependencies for simplejson==3.6.5
Finished processing dependencies for simplejson==3.6.5
[root@gbase06 ansible]# cd Jinja2-2.7.3/
[root@gbase06 Jinja2-2.7.3]# python setup.py install
安装cryptography-2.2.2(如果不安装ansible2.5x版本会报错)
报错要求setuptools18.5以上版本(重新安装setuptools要把所有模块重新安装一遍,不然找不到新版本的setuptools(同时要把/usr/lib/python2.6/site-packages中低版本的文件删除) )

ansible centos8源头 ansible源码安装_linux

依赖cffi,cffi依赖libffi(这个不是Python模块)

error: command 'gcc' failed with exit status 1

[root@gbase06 cffi-1.11.5]# yum install libffi*

依赖pycparser

ansible centos8源头 ansible源码安装_批处理_02

3、安装问题及解决&配置

修改hosts文件(/opt/ansible/ansible-2.5.5/examples)

两个核心文件:ansible.cfg和hosts文件,默认都存放在/etc/ansible目录下。ansible.cfg:主要设置一些ansible初始化的信息,比如日志存放路径、模块、插件等配置信息

hosts:机器清单,进行分组管理

所以编译安装以后要把他们复制到/etc/ansible下面

 

1、修改主机清单

# Ex 2: A collection of hosts belonging to the 'webservers' group

 

 [webservers] #监控的组名为webservers

## alpha.example.org

## beta.example.org  # 把被监控节点加进去

192.168.119.88

192.168.119.89

192.168.119.90

 

# If you have multiple hosts following a pattern you can specify

# them like this:

 

## www[001:006].example.com

 

# Ex 3: A collection of database servers in the 'dbservers' group

 

## [dbservers]

##

2、修改配置文件

简要修改

 [defaults]  --->通用默认配置

inventory      = /etc/ansible/hosts 这个是默认库文件位置,脚本,或者存放可通信主机的目录

forks          = 10 在与主机通信时的默认并行进程数 ,默认是5d

host_key_checking = False检查主机密钥

log_path = /var/log/ansible.log  日志文件存放位置

module_name = command ansible命令执行默认的模块

private_key_file = /root/.ssh/id_rsa  私钥文件存储位置(配置免密跳转的时候设置的文件位置)

[inventory]

[privilege_escalation]

[paramiko_connection]

[ssh_connection]

[persistent_connection]

[accelerate]

[selinux]

[colors]

[diff]

 

[root@gbase06 pycrypto-2.6.1]# ansible webservers -m command -a'uptime'

/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.

  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

192.168.119.88 | SUCCESS | rc=0 >>

 17:19:40 up 535 days,  6:21,  2 users,  load average: 0.00, 0.00, 0.00

192.168.119.89 | SUCCESS | rc=0 >>

 17:09:57 up 535 days,  6:11,  1 user,  load average: 0.00, 0.00, 0.00

192.168.119.90 | SUCCESS | rc=0 >>

 17:42:30 up 535 days,  6:44,  2 users,  load average: 0.08, 0.11, 0.04

 

首先这不算是一个报错信息,而是一个安全提示信息,是说系统自带的gmp库版本太低,容易遭受***,需要升级:

下载源代码

yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-devel openssl-devel zlib-devel bzip2-devel ncurses-devel