ansible参考
第一步:如果中控机使用的是 CentOS 7 系统,执行以下命令:
yum -y install epel-release git curl sshpass && \
yum -y install python2-pip
注:如果需要根据创建的用户进行免密可执行以下操作1~4,如果只是root用户可跳过直接执行后面的 以 root 用户登录中控机,执行以下步骤: 1、创建 tidb 用户。
useradd -m -d /home/tidb tidb
2、设置 tidb 用户密码。
passwd tidb
3、配置 tidb 用户 sudo 免密码,将 tidb ALL=(ALL) NOPASSWD: ALL 添加到文件末尾即可。
visudo
tidb ALL=(ALL) NOPASSWD: ALL
4、生成 SSH key。
执行 su 命令,从 root 用户切换到 tidb 用户下。
su - tidb
第二步:创建用户 SSH key
提示 Enter passphrase 时直接回车即可。执行成功后,SSH 私钥文件为 /home/tidb/.ssh/id_rsa,SSH 公钥文件为 /home/tidb/.ssh/id_rsa.pub。
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tidb/.ssh/id_rsa):
Created directory '/home/tidb/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/tidb/.ssh/id_rsa.
Your public key has been saved in /home/tidb/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:eIBykszR1KyECA/h0d7PRKz4fhAeli7IrVphhte7/So tidb@172.16.10.49
The key's randomart image is:
+---[RSA 2048]----+
|=+o+.o. |
|o=o+o.oo |
| .O.=.= |
| . B.B + |
|o B * B S |
| * + * + |
| o + . |
| o E+ . |
|o ..+o. |
+----[SHA256]-----+
第三步:在中控机器上安装 Ansible 及其依赖
[tidb@dev10 tidb-ansible]$ vim requirements.txt
[tidb@dev10 tidb-ansible]$ cat requirements.txt
ansible==2.7.11
jinja2>=2.9.6
jmespath>=0.9.0
以 tidb 用户登录中控机,请务必按以下方式通过 pip 安装 Ansible 及其相关依赖的指定版本,否则会有兼容问题。目前,TiDB release-2.0、release-2.1、release-3.0 及最新开发版本兼容 Ansible 2.4 ~ 2.7.11 (2.4 ≤ Ansible ≤ 2.7.11)。
在中控机器上安装 Ansible 及其依赖。
cd /home/tidb/tidb-ansible && \
sudo pip install -r ./requirements.txt
如果报错:
……
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-DS7hbY/ansible/
解决方案:
sudo python -m pip install --upgrade --force pip
sudo pip install setuptools==33.1.1
查看 Ansible 的版本。
ansible --version
第四步:在中控机上配置部署机器 SSH 互信及 sudo 规则
以 tidb 用户登录中控机,然后执行以下步骤:
1、将你的部署目标机器 IP 添加到 hosts.ini 文件的 [servers] 区块下。 username = tidb 根据自身创建的用户修改
cd /home/tidb/tidb-ansible && \
vi hosts.ini
[servers]
172.16.10.1
172.16.10.2
172.16.10.3
172.16.10.4
172.16.10.5
172.16.10.6
[all:vars]
username = tidb
ntp_server = pool.ntp.org
ansible-playbook脚本文件create_users.yml tidb用户所用create_users.yml
[tidb@dev10 tidb-ansible]$ vim create_users.yml
[tidb@dev10 tidb-ansible]$ cat create_users.yml
---
- hosts: all
tasks:
- name: create user
user: name={{ username }} shell=/bin/bash createhome=yes
- name: set authorized key
authorized_key:
user: "{{ username }}"
key: "{{ lookup('file', '/home/{{ username }}/.ssh/id_rsa.pub') }}"
state: present
- name: update sudoers file
lineinfile:
dest: /etc/sudoers
insertafter: EOF
line: '{{ username }} ALL=(ALL) NOPASSWD: ALL'
regexp: '^{{ username }} .*'
state: present
root用户所用create_users.yml
---
- hosts: all
tasks:
- name: create user
user: name={{ username }} shell=/bin/bash createhome=yes
- name: set authorized key
authorized_key:
user: "{{ username }}"
key: "{{ lookup('file', '/{{ username }}/.ssh/id_rsa.pub') }}"
state: present
- name: update sudoers file
lineinfile:
dest: /etc/sudoers
insertafter: EOF
line: '{{ username }} ALL=(ALL) NOPASSWD: ALL'
regexp: '^{{ username }} .*'
state: present
2、执行以下命令,按提示输入部署目标机器的 root 用户密码。
ansible-playbook -i hosts.ini create_users.yml -u root -k
该步骤将在部署目标机器上创建 tidb 用户,并配置 sudo 规则,配置中控机与部署目标机器之间的 SSH 互信。
报错:
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
解决:
export ANSIBLE_HOST_KEY_CHECKING=False
在部署目标机器上安装 NTP(时区同步) 服务
注意:
如果你的部署目标机器时间、时区设置一致,已开启 NTP 服务且在正常同步时间,此步骤可忽略。 执行文件 deploy_ntp.yml
---
- hosts: all
tasks:
- name: get facts
setup:
- name: RedHat family Linux distribution - make sure ntp, ntpstat have been installed
yum:
name: "{{ item }}"
state: present
with_items:
- ntp
when:
- ansible_os_family == "RedHat"
- name: RedHat family Linux distribution - make sure ntpdate have been installed
yum:
name: "{{ item }}"
state: present
with_items:
- ntpdate
when:
- ansible_os_family == "RedHat"
- ntp_server is defined
- name: Debian family Linux distribution - make sure ntp, ntpstat have been installed
apt:
name: "{{ item }}"
state: present
with_items:
- ntp
- ntpstat
when:
- ansible_os_family == "Debian"
- name: Debian family Linux distribution - make sure ntpdate have been installed
apt:
name: "{{ item }}"
state: present
with_items:
- ntpdate
when:
- ansible_os_family == "Debian"
- ntp_server is defined
- name: RedHat family Linux distribution - make sure ntpd service has been stopped
service:
name: ntpd
state: stopped
when:
- ansible_os_family == "RedHat"
- ntp_server is defined
- name: Debian family Linux distribution - make sure ntp service has been stopped
service:
name: ntp
state: stopped
when:
- ansible_os_family == "Debian"
- ntp_server is defined
- name: Adjust Time | start to adjust time with {{ ntp_server }}
shell: ntpdate {{ ntp_server }}
when: ntp_server is defined
- name: RedHat family Linux distribution - make sure ntpd service has been started
service:
name: ntpd
state: started
when:
- ansible_os_family == "RedHat"
- name: Debian family Linux distribution - Make sure ntp service has been started
service:
name: ntp
state: started
when:
- ansible_os_family == "Debian"
以 tidb 用户登录中控机,执行以下命令:
cd /home/tidb/tidb-ansible && \
ansible-playbook -i hosts.ini deploy_ntp.yml -u tidb -b
该步骤将在部署目标机器上使用系统自带软件源联网安装并启动 NTP 服务,服务使用安装包默认的 NTP server 列表,见配置文件 /etc/ntp.conf 中 server 参数。如果使用默认的 NTP server,你的机器需要连接外网。
为了让 NTP 尽快开始同步,启动 NTP 服务前,系统会执行 ntpdate 命令,与用户在 hosts.ini 文件中指定的 ntp_server 同步日期与时间。默认的服务器为 pool.ntp.org,也可替换为你的 NTP server。
检测 NTP 服务是否正常
[tidb@dev10 tidb-ansible]$ ansible -i hosts.ini all -m shell -a 'systemctl status ntpd.service'
172.160.180.52 | CHANGED | rc=0 >>
● ntpd.service - Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disabled)
Active: active (running) since 三 2019-10-16 08:58:05 CST; 9min ago
Process: 1767 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1768 (ntpd)
Tasks: 1
Memory: 1.3M
CGroup: /system.slice/ntpd.service
└─1768 /usr/sbin/ntpd -u ntp:ntp -g
......
执行如下命令所有节点都提示 synchronised to NTP server 服务表示同步成功
[tidb@dev10 tidb-ansible]$ ansible -i hosts.ini all -m shell -a 'ntpstat'
172.160.180.52 | CHANGED | rc=0 >>
synchronised to NTP server (193.182.111.141) at stratum 3
time correct to within 179 ms
polling server every 1024 s
......
NTP开机自启动
[tidb@dev10 tidb-ansible]$ ansible -i hosts.ini all -m shell -a 'systemctl enable ntpd.service && systemctl start ntpd.service' -b
yum安装ansible
CentOS用户,需要 配置 EPEL
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install ansible
ansible