实战ansible
前言
本次实战情况是因为服务器机房由于安全原因,处理无网络的网闸区域。在这样的情况下,就需要采用离线安装ansible的方式来进行安装了。
实战环境
- 服务器已做好了镜像的离线yum源,可以离线安装vim等工具,无法离线安装ansible
- 服务器无法访问外网,处于网闸内环境
思路步骤
- 首先离线ansible需要安装的rpm包
- 编写自动构建离线ansible的yum源脚本
- 使用脚本安装ansible工具
1.离线下载ansible需要安装的rpm包
语句格式: yum install -y 软件名 --downloadonly --downloaddir=保存文件路径
[root@server81 install_ansible]# yum install -y ansible --downloadonly --downloaddir=ansible
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
epel/x86_64/metalink | 8.8 kB 00:00:00
epel | 3.2 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/3): epel/x86_64/updateinfo | 930 kB 00:00:00
(2/3): extras/7/x86_64/primary_db | 205 kB 00:00:00
(3/3): epel/x86_64/primary | 3.6 MB 00:00:00
Determining fastest mirrors
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
epel 12706/12706
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.7.0-1.el7 will be updated
---> Package ansible.noarch 0:2.7.2-1.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================
Package Arch Version Repository Size
====================================================================================================================
Updating:
ansible noarch 2.7.2-1.el7 epel 11 M
Transaction Summary
====================================================================================================================
Upgrade 1 Package
Total download size: 11 M
Background downloading packages, then exiting:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
ansible-2.7.2-1.el7.noarch.rpm | 11 MB 00:00:01
exiting because "Download Only" specified
[root@server81 install_ansible]#
[root@server81 install_ansible]# ls
[root@server81 install_ansible]# cd ansible/
[root@server81 ansible]# ls
ansible-2.7.2-1.el7.noarch.rpm
[root@server81 ansible]#
1.1 尝试在无网络环境进行直接的rpm包安装
[root@server01 ~]# rpm -ivh ansible-2.7.1-1.el7.noarch.rpm
warning: ansible-2.7.1-1.el7.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
error: Failed dependencies:
PyYAML is needed by ansible-2.7.1-1.el7.noarch
python-crypto is needed by ansible-2.7.1-1.el7.noarch
python-httplib2 is needed by ansible-2.7.1-1.el7.noarch
python-jinja2 is needed by ansible-2.7.1-1.el7.noarch
python-keyczar is needed by ansible-2.7.1-1.el7.noarch
python-paramiko is needed by ansible-2.7.1-1.el7.noarch
python-setuptools is needed by ansible-2.7.1-1.el7.noarch
python-six is needed by ansible-2.7.1-1.el7.noarch
python2-jmespath is needed by ansible-2.7.1-1.el7.noarch
sshpass is needed by ansible-2.7.1-1.el7.noarch
[root@server01 ~]#
发现单纯简单的rpm安装的话,会提示需要安装很多python的工具依赖。那么下一步就要考虑如何构建yum源了。
2. 编写自动构建ansible的离线yum源脚本
2.1 步骤1 - 自动下载rpm包(Step1_download_rpm.py)
[root@server81 install_ansible]# vim Step1_download_rpm.py
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import os
# shell命令
# yum install -y ansible --downloadonly --downloaddir=ansible
## 打印当前路径
print os.getcwd() #获取当前工作目录路径
savedir = os.getcwd() + '/software'
print '下载保存路径=',savedir
# 定义ansible需要yum离线缓存的list表
softwares = ['ansible']
for software in softwares:
print '当前下载 :', software
print os.system("date") ## 使用os模块执行shell命令
print '执行下载:', os.system("yum install -y %s --downloadonly --downloaddir=%s" % (software,savedir)) ## 使用%s拼接字符串
print '============== 下载完毕 ===================='
执行过程如下:
[root@server81 install_ansible]# python Step1_download_rpm.py
/opt/install_ansible
下载保存路径= /opt/install_ansible/software
当前下载 : ansible
Wed Nov 21 13:54:24 HKT 2018
0
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.7.2-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================
Package Arch Version Repository Size
====================================================================================================================
Installing:
ansible noarch 2.7.2-1.el7 epel 11 M
Transaction Summary
====================================================================================================================
Install 1 Package
Total download size: 11 M
Installed size: 60 M
Background downloading packages, then exiting:
ansible-2.7.2-1.el7.noarch.rpm | 11 MB 00:00:05
exiting because "Download Only" specified
执行下载: 0
============== 下载完毕 ====================
[root@server81 install_ansible]#
[root@server81 install_ansible]# ls
software Step1_download_rpm.py
[root@server81 install_ansible]#
[root@server81 install_ansible]# cd software/
[root@server81 software]# ls
ansible-2.7.2-1.el7.noarch.rpm
[root@server81 software]#
可以看到,依然只是下载了一个ansible-2.7版本的rpm包,那么下面就来写构建yum源的脚本。
2.2 步骤2 - 自动构建离线yum源以及安装ansible脚本(create_repo.sh、Step2_install_ansible.py)
create_repo.sh脚本如下:
[root@server81 install_ansible]# ls
create_repo.sh software Step1_download_rpm.py
[root@server81 install_ansible]# cat create_repo.sh
#!/bin/bash
basedir=$(cd `dirname $0`;pwd)
softwaredir=$basedir/software
repoDir=/etc/yum.repos.d
## function
function create_ansible_local_repo(){
cat <<EOF > $repoDir/ansible-local.repo
[ansible-local]
name=ansible-local
baseurl=file://$softwaredir/
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
EOF
createrepo -d $softwaredir
yum repolist
yum makecache
}
create_ansible_local_repo
[root@server81 install_ansible]#
执行一下create_repo.sh脚本:
[root@server81 install_ansible]# ./create_repo.sh
./create_repo.sh: line 17: createrepo: command not found
在这里提示createrepo该命令找不到,说明没有安装好createrepo的工具,那么这个也要离线缓存一下,以免到内网服务器无法安装。
离线缓存createrepo工具执行如下:
[root@server81 install_ansible]# yum install -y createrepo --downloadonly --downloaddir=createrepo
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
epel/x86_64/metalink | 5.1 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
====================================================================================================================
Package Arch Version Repository Size
====================================================================================================================
Installing:
createrepo noarch 0.9.9-28.el7 base 94 k
Installing for dependencies:
deltarpm x86_64 3.6-3.el7 base 82 k
libxml2-python x86_64 2.9.1-6.el7_2.3 base 247 k
python-deltarpm x86_64 3.6-3.el7 base 31 k
Transaction Summary
====================================================================================================================
Install 1 Package (+3 Dependent packages)
Total download size: 454 k
Installed size: 2.0 M
Background downloading packages, then exiting:
(1/4): createrepo-0.9.9-28.el7.noarch.rpm | 94 kB 00:00:00
(2/4): libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm | 247 kB 00:00:00
(3/4): python-deltarpm-3.6-3.el7.x86_64.rpm | 31 kB 00:00:00
(4/4): deltarpm-3.6-3.el7.x86_64.rpm | 82 kB 00:00:00
--------------------------------------------------------------------------------------------------------------------
Total 1.1 MB/s | 454 kB 00:00:00
exiting because "Download Only" specified
[root@server81 install_ansible]# ls
createrepo create_repo.sh software Step1_download_rpm.py
[root@server81 install_ansible]# ls createrepo/
createrepo-0.9.9-28.el7.noarch.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
deltarpm-3.6-3.el7.x86_64.rpm python-deltarpm-3.6-3.el7.x86_64.rpm
[root@server81 install_ansible]#
可以从上面看出,安装这个createrepo的工具也是有依赖的,那么为了下次方便,我直接将createrepo的rpm下载,写入步骤1的脚本中,再重新执行一下看看。
修改Step1_download_rpm.py脚本:
[root@server81 install_ansible]# vim Step1_download_rpm.py
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import os
# shell命令
#yum install -y ansible --downloadonly --downloaddir=ansible
# yum install -y createrepo --downloadonly --downloaddir=createrepo
## 打印当前路径
print os.getcwd() #获取当前工作目录路径
savedir = os.getcwd() + '/software'
print '下载保存路径=',savedir
# 定义ansible需要yum离线缓存的list表
softwares = ['ansible','createrepo']
for software in softwares:
print '当前下载 :', software
print os.system("date") ## 使用os模块执行shell命令
print '执行下载:', os.system("yum install -y %s --downloadonly --downloaddir=%s" % (software,savedir)) ## 使用%s拼接字符串
print '============== 下载完毕 ===================='
再次执行一下rpm下载,如下:
[root@server81 install_ansible]# python Step1_download_rpm.py
当前下载 : createrepo
Wed Nov 21 14:23:37 HKT 2018
0
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: sg.fedora.ipserverone.com
* extras: mirrors.aliyun.com
====================================================================================================================
Package Arch Version Repository Size
====================================================================================================================
Installing:
createrepo noarch 0.9.9-28.el7 base 94 k
Installing for dependencies:
deltarpm x86_64 3.6-3.el7 base 82 k
libxml2-python x86_64 2.9.1-6.el7_2.3 base 247 k
python-deltarpm x86_64 3.6-3.el7 base 31 k
Transaction Summary
====================================================================================================================
Install 1 Package (+3 Dependent packages)
Total download size: 454 k
Installed size: 2.0 M
Background downloading packages, then exiting:
(1/4): createrepo-0.9.9-28.el7.noarch.rpm | 94 kB 00:00:00
(2/4): deltarpm-3.6-3.el7.x86_64.rpm | 82 kB 00:00:00
(3/4): python-deltarpm-3.6-3.el7.x86_64.rpm | 31 kB 00:00:00
(4/4): libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm | 247 kB 00:00:00
--------------------------------------------------------------------------------------------------------------------
Total 771 kB/s | 454 kB 00:00:00
exiting because "Download Only" specified
执行下载: 0
============== 下载完毕 ====================
[root@server81 install_ansible]# ls
create_repo.sh software Step1_download_rpm.py
[root@server81 install_ansible]# ls software/
ansible-2.7.2-1.el7.noarch.rpm deltarpm-3.6-3.el7.x86_64.rpm python-deltarpm-3.6-3.el7.x86_64.rpm
createrepo-0.9.9-28.el7.noarch.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
[root@server81 install_ansible]#
由于如果没有安装好createrepo就无法构建离线yum源,那么就无法使用yum install 的方式快速安装。
那么还是要rpm包将createrepo这个工具安装好先,操作如下:
[root@server81 install_ansible]# ls software/
ansible-2.7.2-1.el7.noarch.rpm deltarpm-3.6-3.el7.x86_64.rpm python-deltarpm-3.6-3.el7.x86_64.rpm
createrepo-0.9.9-28.el7.noarch.rpm libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
[root@server81 install_ansible]#
[root@server81 install_ansible]# cd software/
[root@server81 software]# rpm -ivh createrepo-0.9.9-28.el7.noarch.rpm
error: Failed dependencies:
deltarpm is needed by createrepo-0.9.9-28.el7.noarch
libxml2-python is needed by createrepo-0.9.9-28.el7.noarch
python-deltarpm is needed by createrepo-0.9.9-28.el7.noarch
[root@server81 software]#
[root@server81 software]# rpm -ivh python-deltarpm-3.6-3.el7.x86_64.rpm
error: Failed dependencies:
deltarpm(x86-64) = 3.6-3.el7 is needed by python-deltarpm-3.6-3.el7.x86_64
[root@server81 software]#
[root@server81 software]# rpm -ivh deltarpm-3.6-3.el7.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:deltarpm-3.6-3.el7 ################################# [100%]
[root@server81 software]#
[root@server81 software]# rpm -ivh python-deltarpm-3.6-3.el7.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:python-deltarpm-3.6-3.el7 ################################# [100%]
[root@server81 software]#
[root@server81 software]# rpm -ivh libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:libxml2-python-2.9.1-6.el7_2.3 ################################# [100%]
[root@server81 software]#
[root@server81 software]# rpm -ivh createrepo-0.9.9-28.el7.noarch.rpm
Preparing... ################################# [100%]
Updating / installing...
1:createrepo-0.9.9-28.el7 ################################# [100%]
[root@server81 software]#
[root@server81 software]# createrepo --help
Usage: genpkgmetadata.py [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-q, --quiet output nothing except for serious errors
-v, --verbose output more debugging info.
--profile output timing/profile info.
-x EXCLUDES, --excludes=EXCLUDES
[root@server81 software]# createrepo --help
Usage: genpkgmetadata.py [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-q, --quiet output nothing except for serious errors
-v, --verbose output more debugging info.
--profile output timing/profile info.
-x EXCLUDES, --excludes=EXCLUDES
为了方便下载安装的时候,不用再这样一步步尝试rpm安装createrepo的过程,我先把这个过程写入脚本之后。
编写Step2_install_software.py脚本如下:
[root@server81 install_ansible]# cat Step2_install_software.py
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import os
# shell命令 - 安装createrepo
# rpm -ivh deltarpm-3.6-3.el7.x86_64.rpm
# rpm -ivh python-deltarpm-3.6-3.el7.x86_64.rpm
# rpm -ivh libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm
# rpm -ivh createrepo-0.9.9-28.el7.noarch.rpm
# 打印当前路径
print os.getcwd() #获取当前工作目录路径
# 设置前面下载rpm的文件路径
softwaredir = os.getcwd() + '/software'
# rpm方式安装createrepo
def install_createrepo():
os.system("rpm -ivh %s/deltarpm-3.6-3.el7.x86_64.rpm" % (softwaredir))
os.system("rpm -ivh %s/python-deltarpm-3.6-3.el7.x86_64.rpm" % (softwaredir))
os.system("rpm -ivh %s/libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm" % (softwaredir))
os.system("rpm -ivh %s/createrepo-0.9.9-28.el7.noarch.rpm" % (softwaredir))
print('安装createrepo:')
install_createrepo()
# 构建离线yum源
def create_yum_repo():
os.system("sh create_repo.sh")
print '创建yum离线源:'
create_yum_repo()
## 使用离线yum源安装
def install_ansible():
os.system("yum install -y ansible")
print '使用本地yum源安装'
install_ansible()
[root@server81 install_ansible]#
执行Step2_install_software.py脚本如下:
[root@server81 install_ansible]# python Step2_install_software.py
/opt/install_ansible
Preparing... ################################# [100%]
package deltarpm-3.6-3.el7.x86_64 is already installed
Preparing... ################################# [100%]
package python-deltarpm-3.6-3.el7.x86_64 is already installed
Preparing... ################################# [100%]
package libxml2-python-2.9.1-6.el7_2.3.x86_64 is already installed
Preparing... ################################# [100%]
package createrepo-0.9.9-28.el7.noarch is already installed
安装createrepo:
Spawning worker 0 with 5 pkgs
...
Install 1 Package
Total download size: 11 M
Installed size: 60 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : ansible-2.7.2-1.el7.noarch 1/1
Verifying : ansible-2.7.2-1.el7.noarch 1/1
Installed:
ansible.noarch 0:2.7.2-1.el7
Complete!
[root@server81 install_ansible]# ansible
ansible ansible-console ansible-doc-2.7 ansible-playbook ansible-pull-2.7
ansible-2 ansible-console-2 ansible-galaxy ansible-playbook-2 ansible-vault
ansible-2.7 ansible-console-2.7 ansible-galaxy-2 ansible-playbook-2.7 ansible-vault-2
ansible-config ansible-doc ansible-galaxy-2.7 ansible-pull ansible-vault-2.7
ansible-connection ansible-doc-2 ansible-inventory ansible-pull-2
[root@server81 install_ansible]#
执行完毕这个脚本,那么ansible就安装起来了。
3. 个人习惯,喜欢最后写上卸载的脚本
卸载脚本如下:
[root@server81 install_ansible]# cat Step3_erase_clamav.py
#!/usr/bin/python
# -*- coding: UTF-8 -*-
import os
# 卸载
def erase_ansible():
os.system("yum erase -y ansible")
print '卸载ansible'
erase_ansible()
[root@server81 install_ansible]#
执行如下:
[root@server81 install_ansible]# python Step3_erase_clamav.py
Loaded plugins: fastestmirror
Resolving Dependencies
--> Running transaction check
---> Package ansible.noarch 0:2.7.2-1.el7 will be erased
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================================
Package Arch Version Repository Size
===============================================================================================================
Removing:
ansible noarch 2.7.2-1.el7 @ansible-local 60 M
Transaction Summary
===============================================================================================================
Remove 1 Package
Installed size: 60 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing : ansible-2.7.2-1.el7.noarch 1/1
Verifying : ansible-2.7.2-1.el7.noarch 1/1
Removed:
ansible.noarch 0:2.7.2-1.el7
Complete!
卸载ansible
[root@server81 install_ansible]#
好了,对于centos7的步骤可以说是到此为止了。只要将脚本拷贝到内网服务器执行即可。
但是有一个前置条件,就是内网的服务器已经做好了系统镜像的离线yum源。
4.线上正式执行
上面因为是以大家常用的centos7系统作为脚本编写演示,因为正式执行的服务器系统是Oracle Linux7.5,其中构建离线yum源的脚本部分需要稍微改一下。
注意:在线上服务执行的过程中碰到了几个坑,以及依赖的缺失,请继续往下看。