搜索到
2
篇与
的结果
-
linuxea:ansible使用synchronize普通用户权限问题 1,首先已经做好了密钥认证[gitlab-runner@Linuxea-VM-Node_10_10_240_145 root]$ ssh root@10.10.240.203 [root@Linuxea-VM-Node203 ~]# [root@Linuxea-VM-Node203 ~]# exit 登出 Connection to 10.10.240.203 closed.切换到普通用户推送出现问题[gitlab-runner@Linuxea-VM-Node_10_10_240_145 root]$ ansible 10.10.240.203 -m synchronize -a 'src=/home/gitlab-runner/123.txt dest=/data/wwwroot/' An exception occurred during task execution. To see the full traceback, use -vvv. The error was: OSError: [Errno 13] Permission denied: '.' 10.10.240.203 | FAILED! => { "msg": "Unexpected failure during module execution.", "stdout": "" }查看详情[gitlab-runner@Linuxea-VM-Node_10_10_240_145 root]$ ansible 10.10.240.203 -m synchronize -a 'src=/home/gitlab-runner/123.txt dest=/data/wwwroot/' -vvv ansible 2.5.3 config file = /etc/ansible/ansible.cfg configured module search path = [u'/home/gitlab-runner/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] Using /etc/ansible/ansible.cfg as config file Parsed /etc/ansible/hosts inventory source with ini plugin META: ran handlers Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/synchronize.py The full traceback is: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 138, in run res = self._execute() File "/usr/lib/python2.7/site-packages/ansible/executor/task_executor.py", line 561, in _execute result = self._handler.run(task_vars=variables) File "/usr/lib/python2.7/site-packages/ansible/plugins/action/synchronize.py", line 414, in run result.update(self._execute_module('synchronize', module_args=_tmp_args, task_vars=task_vars)) File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 720, in _execute_module self._make_tmp_path() File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 255, in _make_tmp_path tmpdir = self._remote_expand_user(remote_tmp, sudoable=False) File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 590, in _remote_expand_user data = self._low_level_execute_command(cmd, sudoable=False) File "/usr/lib/python2.7/site-packages/ansible/plugins/action/__init__.py", line 915, in _low_level_execute_command os.chdir(self._loader.get_basedir()) OSError: [Errno 13] Permission denied: '.' 10.10.240.203 | FAILED! => { "msg": "Unexpected failure during module execution.", "stdout": "" }删掉之前的目录,重新推送创建[gitlab-runner@Linuxea-VM-Node_10_10_240_145 ~]$ ansible linuxea -m synchronize -a 'src=/home/gitlab-runner/123.txt dest=/data/wwwroot/' -vvv ansible 2.5.3 config file = /etc/ansible/ansible.cfg configured module search path = [u'/home/gitlab-runner/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)] Using /etc/ansible/ansible.cfg as config file Parsed /etc/ansible/hosts inventory source with ini plugin META: ran handlers Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/synchronize.py Using module file /usr/lib/python2.7/site-packages/ansible/modules/files/synchronize.py <10.10.240.202> ESTABLISH LOCAL CONNECTION FOR USER: gitlab-runner <10.10.240.202> EXEC /bin/sh -c 'echo ~root && sleep 0' <10.10.240.203> ESTABLISH LOCAL CONNECTION FOR USER: gitlab-runner <10.10.240.203> EXEC /bin/sh -c 'echo ~root && sleep 0' <10.10.240.203> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-161212317664020 `" && echo ansible-tmp-1528855639.99-161212317664020="` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-161212317664020 `" ) && sleep 0' <10.10.240.202> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-180372546287702 `" && echo ansible-tmp-1528855639.99-180372546287702="` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-180372546287702 `" ) && sleep 0' 10.10.240.203 | UNREACHABLE! => { "changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-161212317664020 `\" && echo ansible-tmp-1528855639.99-161212317664020=\"` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-161212317664020 `\" ), exited with result 1", "unreachable": true } 10.10.240.202 | UNREACHABLE! => { "changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-180372546287702 `\" && echo ansible-tmp-1528855639.99-180372546287702=\"` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-180372546287702 `\" ), exited with result 1", "unreachable": true }可以看到这里报错 "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-180372546287702 `\" && echo ansible-tmp-1528855639.99-180372546287702=\"` echo /root/.ansible/tmp/ansible-tmp-1528855639.99-180372546287702 `\" ), exited with result 1", 将配置文件中remote_tmp = ~/.ansible/tmp 修改 remote_tmp = /tmp/.ansible/tmp,这里主要是权限问题切换root用户修改后在来推送验证一下已经ok -
Ansible简单安装和批量配置 Ansibleansible不需要任何agent,除了sshd,在ansible不执行时不占用管控端任何资源(默认支持ssh,也支持其他)ansible也没有服务端,只有在需要时执行命令即可ansible基于模块工作,执行命令,脚本,计划任务等都需要一个模块来实现,ansible有近百个模块,模块可以由任意编程语言开发ansible支持yaml语言任务列表,来做多主机多任务ansible由python研发YAML语法和其他语法类似,可以简单表达清单,散列,标量等数据结构。其结构(structure)通过空格来展示,序列(sequence)里的项用“-”来代表,map里的键值对用“:"分割。如下实例:- hosts: 主机名或组名,可以是多个 vars: http_prot:80 max_clients:256 remote_user:root tashs: 任务 - name:任务名称 yum: name=httpd state=latest 安装httpd - name: service: name=httpd state=started 确保安装后能够启动下载ansible:https://pypi.python.org/pypi/ansible http://pkgs.org/download/ansible https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz 一,编译安装ansible1,安装依赖包:yum install python-jinja2 PyYAML python-paramiko python-babel python-crypto pip* gcc python-devel wget -P /usr/local/ https://pypi.python.org/packages/source/a/ansible/ansible-2.0.1.0.tar.gz && cd /usr/local tar xf ansible-2.0.1.0.tar.gz ln -sv ansible-2.0.1.0 ansible cd ansible python setup.py build python setup.py install mkdir /etc/ansible cp -r examples/* /etc/ansible [root@yum-down bin]# ls /etc/ansible/ ansible.cfg 配置文件 hosts 主机文件 yum remove python-jinja2 PyYAML python-paramiko python-babel python-crypto gcc python-devel 在hosts文件中,定义主机可以单独写主机名或者ip,也可以使用[主机组],或者通配符www.[1*].com1,添加主机:[db-server] 192.168.1.7 192.168.1.8 [web-server] 192.168.1.4 2,添加ssh-key[root@yum-down ansible]# ssh-keygen -t rsa -P '' [root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.4 [root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.7 [root@yum-down ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.8 3,查看时间[root@yum-down bin]# ./ansible all -a 'date' 192.168.1.7 | SUCCESS | rc=0 >> Sat Apr 9 05:58:16 PDT 2016 192.168.1.8 | SUCCESS | rc=0 >> Sat Apr 9 05:58:16 PDT 2016 192.168.1.4 | SUCCESS | rc=0 >> Sat Apr 9 05:58:16 PDT 2016 [root@yum-down bin]# ./ansible all -m command -a 'date' 192.168.1.4 | SUCCESS | rc=0 >> Sat Apr 9 05:58:36 PDT 2016 192.168.1.7 | SUCCESS | rc=0 >> Sat Apr 9 05:58:36 PDT 2016 192.168.1.8 | SUCCESS | rc=0 >> Sat Apr 9 05:58:36 PDT 2016 [root@yum-down bin]# ./ansible all -m command -a 'service httpd status' 192.168.1.7 | FAILED | rc=3 >> httpd is stopped 192.168.1.8 | FAILED | rc=3 >> httpd is stopped 192.168.1.4 | FAILED | rc=3 >> httpd is stopped 4,列出所有模块的支持[root@yum-down bin]# ./ansible-doc -l查看模块的参数帮助[root@yum-down bin]# ./ansible-doc -s copy二,yum安装 yum -y install ansible即可1,文件推送copy将root下epel-release-6-8.noarch.rpm推送到db-server组中机器的opt目录下[root@node ansible]# ansible db-server -m copy -a "src=/root/epel-release-6-8.noarch.rpm dest=/opt/" 192.168.1.8 | success >> { "changed": true, "checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a", "dest": "/opt/epel-release-6-8.noarch.rpm", "gid": 0, "group": "root", "md5sum": "2cd0ae668a585a14e07c2ea4f264d79b", "mode": "0644", "owner": "root", "size": 14540, "src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-117005813385704/source", "state": "file", "uid": 0 } 192.168.1.7 | success >> { "changed": true, "checksum": "2b2767a5ae0de30b9c7b840f2e34f5dd9deaf19a", "dest": "/opt/epel-release-6-8.noarch.rpm", "gid": 0, "group": "root", "md5sum": "2cd0ae668a585a14e07c2ea4f264d79b", "mode": "0644", "owner": "root", "size": 14540, "src": "/root/.ansible/tmp/ansible-tmp-1460221879.64-59861356394345/source", "state": "file", "uid": 0 } [root@node ansible]# 2,验证[root@node ansible]# ansible db-server -a "ls /opt" 192.168.1.8 | success | rc=0 >> epel-release-6-8.noarch.rpm logstash rh 192.168.1.7 | success | rc=0 >> epel-release-6-8.noarch.rpm rh [root@node ansible]# 定义cron任务[root@node ansible]# ansible all -m cron -a'name="custom job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 192.168.1.6"' 192.168.1.7 | success >> { "changed": true, "jobs": [ "custom job", "linuxea job" ] } 192.168.1.4 | success >> { "changed": true, "jobs": [ "custom job", "linuxea job" ] } 192.168.1.8 | success >> { "changed": true, "jobs": [ "custom job", "linuxea job" ] } 查看:[root@node ansible]# ansible all -a "crontab -l" 192.168.1.7 | success | rc=0 >> #Ansible: custom job */3 * * * * /usr/sbin/ntpdate 192.168.1.6 192.168.1.8 | success | rc=0 >> #Ansible: custom job */3 * * * * /usr/sbin/ntpdate 192.168.1.6 192.168.1.4 | success | rc=0 >> #Ansible: custom job */3 * * * * /usr/sbin/ntpdate 192.168.1.6 [root@node ansible]# 创建组:[root@node ansible]# ansible-doc -s group action: group gid # Optional `GID' to set for the group. name= # Name of the group to manage. state # Whether the group should be present or not on the remote host. system # If `yes', indicates that the group created is a system group. [root@node ansible]# ansible all -m group -a "gid=300 system=yes name=mysql" 192.168.1.8 | success >> { "changed": true, "gid": 300, "name": "mysql", "state": "present", "system": true } 192.168.1.7 | success >> { "changed": true, "gid": 300, "name": "mysql", "state": "present", "system": true } 192.168.1.4 | success >> { "changed": true, "gid": 300, "name": "mysql", "state": "present", "system": true } [root@node ansible]# ansible all -a "tail -1 /etc/group" 192.168.1.4 | success | rc=0 >> mysql:x:300: 192.168.1.7 | success | rc=0 >> mysql:x:300: 192.168.1.8 | success | rc=0 >> mysql:x:300: [root@node ansible]# yum安装[root@yum-down ~]# ansible-doc -s yum action: yum conf_file 指定配置文件 disable_gpg_check disablerepo enablerepo list . name= state update_cache 安装corosync [root@yum-down ~]# ansible all -m yum -a "state=present name=corosync" [root@yum-down ~]# ansible all -a "rpm -qa corosync" 192.168.1.4 | success | rc=0 >> corosync-1.4.7-2.el6.x86_64 192.168.1.8 | success | rc=0 >> corosync-1.4.7-2.el6.x86_64 192.168.1.7 | success | rc=0 >> corosync-1.4.7-2.el6.x86_64 [root@yum-down ~]# 启动服务:[root@yum-down ~]# ansible all -m service -a "state=started name=httpd enabled=yes" 192.168.1.7 | success >> { "changed": false, "enabled": true, "name": "httpd", "state": "started" } 192.168.1.8 | success >> { "changed": false, "enabled": true, "name": "httpd", "state": "started" } 192.168.1.4 | success >> { "changed": true, "enabled": true, "name": "httpd", "state": "started" } 查看[root@yum-down ~]# ansible all -a "service httpd status" 192.168.1.4 | success | rc=0 >> httpd (pid 3702) is running... 192.168.1.7 | success | rc=0 >> httpd (pid 4046) is running... 192.168.1.8 | success | rc=0 >> httpd (pid 4097) is running... [root@yum-down ~]# 执行多个命令[root@yum-down ~]# cat linuxea.yaml - hosts: all 所有主机 remote_user: root 执行用户 tasks: - name: add group 添加用户 group: gid=1000 name=linuxea system=no - name: excute a command 执行时间 command: /bin/date [root@yum-down ~]# 执行[root@yum-down ~]# ansible-playbook linuxea.yaml PLAY [all] ******************************************************************** GATHERING FACTS *************************************************************** ok: [192.168.1.7] ok: [192.168.1.8] ok: [192.168.1.4] TASK: [add group] ************************************************************* changed: [192.168.1.4] changed: [192.168.1.8] changed: [192.168.1.7] TASK: [excute a command] ****************************************************** changed: [192.168.1.4] changed: [192.168.1.7] changed: [192.168.1.8] PLAY RECAP ******************************************************************** 192.168.1.4 : ok=3 changed=2 unreachable=0 failed=0 192.168.1.7 : ok=3 changed=2 unreachable=0 failed=0 192.168.1.8 : ok=3 changed=2 unreachable=0 failed=0 [root@yum-down ~]# 批量替换文件修改httpd端口为801,而后将文件推送并且重启服务[root@yum-down ~]# cat web.yaml - hosts: all remote_user: root tasks: - name: ensure apache latest version 确保apache是最新版本 yum: state=latest name=httpd 确保httpd安装 - name: copy configure file 复制文件 copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf force=yes 复制文件 notify: 复制完成执行的任务 - restart httpd handlers: 重启,这里如果文件被修改则被激活,并且重启 - name: restart httpd service: name=httpd state=restarted [root@yum-down ~]# 执行[root@yum-down ~]# ansible-playbook web.yaml PLAY [all] ******************************************************************** GATHERING FACTS *************************************************************** ok: [192.168.1.4] ok: [192.168.1.7] ok: [192.168.1.8] TASK: [ensure apache latest version] ****************************************** ok: [192.168.1.4] ok: [192.168.1.7] ok: [192.168.1.8] TASK: [copy configure file] *************************************************** changed: [192.168.1.4] changed: [192.168.1.7] changed: [192.168.1.8] NOTIFIED: [restart httpd] ***************************************************** changed: [192.168.1.4] changed: [192.168.1.7] changed: [192.168.1.8] PLAY RECAP ******************************************************************** 192.168.1.4 : ok=4 changed=2 unreachable=0 failed=0 192.168.1.7 : ok=4 changed=2 unreachable=0 failed=0 192.168.1.8 : ok=4 changed=2 unreachable=0 failed=0 查看[root@yum-down ~]# ansible all -a "ss -tlnp" 192.168.1.4 | success | rc=0 >> State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::801 :::* users:(("httpd",4973,6),("httpd",4976,6),("httpd",4977,6),("httpd",4978,6),("httpd",4979,6),("httpd",4980,6),("httpd",4981,6),("httpd",4982,6),("httpd",4983,6)) 192.168.1.7 | success | rc=0 >> State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::801 :::* users:(("httpd",5302,6),("httpd",5305,6),("httpd",5306,6),("httpd",5307,6),("httpd",5308,6),("httpd",5309,6),("httpd",5310,6),("httpd",5311,6),("httpd",5312,6)) 192.168.1.8 | success | rc=0 >> State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::801 :::* users:(("httpd",5382,6),("httpd",5385,6),("httpd",5386,6),("httpd",5387,6),("httpd",5388,6),("httpd",5389,6),("httpd",5390,6),("httpd",5391,6),("httpd",5392,6)) [root@yum-down ~]#
