Mac下Ansible初探
2017-10-28 本文已影响12人
MisterCH
安装环境
ansible需求python2.6以上,正好之前研究python的时候安装了2.7,省去了一个步骤。
ansible官方建议使用pip安装,对mac来说用Homebrew也行,命令行是:
$ brew install ansible
然后就报错了……
/usr/local/Homebrew/Library/Homebrew/brew.rb:12:in `<main>': Homebrew must be run under Ruby 2.3! You're running 2.0.0. (RuntimeError)
需求ruby2.3,可是机器里是2.0,我一度想去搜一下怎么升级ruby。然后意识到我去安装一下pip是不是更简单。。。
pip的安装方法:
$ sudo easy_install pip
然后安装ansible
$ sudo pip install ansible
Collecting ansible
Downloading ansible-2.4.1.0.tar.gz (6.7MB)
100% |████████████████████████████████| 6.7MB 15kB/s
Collecting jinja2 (from ansible)
Downloading Jinja2-2.9.6-py2.py3-none-any.whl (340kB)
100% |████████████████████████████████| 348kB 13kB/s
Collecting PyYAML (from ansible)
Downloading PyYAML-3.12.tar.gz (253kB)
100% |████████████████████████████████| 256kB 17kB/s
Collecting paramiko (from ansible)
Downloading paramiko-2.3.1-py2.py3-none-any.whl (182kB)
100% |████████████████████████████████| 184kB 20kB/s
Collecting cryptography (from ansible)
Downloading cryptography-2.1.2-cp27-cp27m-macosx_10_6_intel.whl (1.5MB)
100% |████████████████████████████████| 1.5MB 5.7kB/s
Requirement already satisfied: setuptools in /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python (from ansible)
Collecting MarkupSafe>=0.23 (from jinja2->ansible)
Downloading MarkupSafe-1.0.tar.gz
Collecting pynacl>=1.0.1 (from paramiko->ansible)
Downloading PyNaCl-1.1.2-cp27-cp27m-macosx_10_6_intel.whl (178kB)
100% |████████████████████████████████| 184kB 3.8kB/s
Collecting bcrypt>=3.1.3 (from paramiko->ansible)
Downloading bcrypt-3.1.4-cp27-cp27m-macosx_10_6_intel.whl (51kB)
100% |████████████████████████████████| 61kB 4.5kB/s
Collecting pyasn1>=0.1.7 (from paramiko->ansible)
Downloading pyasn1-0.3.7-py2.py3-none-any.whl (63kB)
100% |████████████████████████████████| 71kB 5.2kB/s
Collecting idna>=2.1 (from cryptography->ansible)
Downloading idna-2.6-py2.py3-none-any.whl (56kB)
100% |████████████████████████████████| 61kB 9.3kB/s
Collecting cffi>=1.7; platform_python_implementation != "PyPy" (from cryptography->ansible)
Downloading cffi-1.11.2-cp27-cp27m-macosx_10_6_intel.whl (238kB)
100% |████████████████████████████████| 245kB 2.3kB/s
Collecting enum34; python_version < "3" (from cryptography->ansible)
Downloading enum34-1.1.6-py2-none-any.whl
Requirement already satisfied: six>=1.4.1 in /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python (from cryptography->ansible)
Collecting asn1crypto>=0.21.0 (from cryptography->ansible)
Downloading asn1crypto-0.23.0-py2.py3-none-any.whl (99kB)
100% |████████████████████████████████| 102kB 1.4kB/s
Collecting ipaddress; python_version < "3" (from cryptography->ansible)
Downloading ipaddress-1.0.18-py2-none-any.whl
Collecting pycparser (from cffi>=1.7; platform_python_implementation != "PyPy"->cryptography->ansible)
Downloading pycparser-2.18.tar.gz (245kB)
100% |████████████████████████████████| 256kB 2.3kB/s
Installing collected packages: MarkupSafe, jinja2, PyYAML, pycparser, cffi, pynacl, idna, enum34, asn1crypto, ipaddress, cryptography, bcrypt, pyasn1, paramiko, ansible
Running setup.py install for MarkupSafe ... done
Running setup.py install for PyYAML ... done
Running setup.py install for pycparser ... done
Running setup.py install for ansible ... done
Successfully installed MarkupSafe-1.0 PyYAML-3.12 ansible-2.4.1.0 asn1crypto-0.23.0 bcrypt-3.1.4 cffi-1.11.2 cryptography-2.1.2 enum34-1.1.6 idna-2.6 ipaddress-1.0.18 jinja2-2.9.6 paramiko-2.3.1 pyasn1-0.3.7 pycparser-2.18 pynacl-1.1.2
自动下载并安装最新版本的ansible,2.4.1.0。
而后直接在命令行中写入ansible就可以看到帮助了。
$ ansible
Usage: ansible <host-pattern> [options]
Define and run a single task 'playbook' against a set of hosts
Options:
-a MODULE_ARGS, --args=MODULE_ARGS
module arguments
--ask-vault-pass ask for vault password
Usage: ansible <host-pattern> [options]
Define and run a single task 'playbook' against a set of hosts
Options:
-a MODULE_ARGS, --args=MODULE_ARGS
module arguments
--ask-vault-pass ask for vault password
……
第一条命令
- 配置inventory,在/etc/ansible/hosts中配置上
127.0.0.1 ansible_user=root
然后执行
$ ansible all -m ping
CASE 1
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 127.0.0.1 port 22: Connection refused\r\n",
"unreachable": true
}
看起来是22端口不同,直接telnet也显示拒绝,那应该是mac的限制,查了下发现需要开启mac的22端口。
开启方法:系统偏好设置——共享——远程登录勾选。
顺便我把用户换成了root用户,避免低权限用户环境变量的问题。
CASE 2
检查端口开了以后,再次执行,发现还有报错
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:6YbD5pl+7sP9ZqUPXQFh3gyB71U/XZosWrSUWbX2aRk.
Are you sure you want to continue connecting (yes/no)? yes
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,keyboard-interactive).\r\n",
"unreachable": true
}
看起来是密钥问题,但是其实在我们的环境下我们需要用用户名+密码的方式登录,所以重新配置一下hosts文件
$ vi /etc/ansible/hosts
127.0.0.1 ansible_user=root ansible_ssh_pass=sssmmm
再一次执行会出现如下的提示:
127.0.0.1 | FAILED! => {
"failed": true,
"msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"
}
原来是需要sshpass,按照这篇攻略安装一下sshpass,然后再次执行:
127.0.0.1 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}
这总算成功了。简单执行一个“echo hello”的命令:
$ ansible all -a "echo hello"
127.0.0.1 | SUCCESS | rc=0 >>
hello
而后我重启了个terminal,用低权限用户试了试
$ ansible all -a "/bin/echo a"
127.0.0.1 | FAILED | rc=-1 >>
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
切成root以后又没问题= =。。。。还没太弄明白
