1、安裝前檢查

1.1檢查防火牆狀態

[[email protected] ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

selinux檢視狀態的方法：
除了檢視配置檔案還有：
[
 
[email protected] ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

[[email protected] ~]# getenforce
Enforcing
 

以上幾種方法均可以看到selinux的狀態是開啟的，修改配置檔案 /etc/sysconfig/selinux，將狀態改為SELINUX=disabled，使用setenforce 0 命令

這樣會將enforcing模式修改為permissive變成寬容模式

[[email protected] ~]# setenforce 0
[[email protected] ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 




[
 
[email protected] ~]# getenforce
Permissive
配置檔案並沒有被修改，但是狀態被改變為permissive寬容模式了
注意的是，如果改變了政策則需要重新開機；如果由 enforcing 或 permissive 改成 disabled ，或由 disabled 改成其他兩個，那也必須要重新開機。這是因為 SELinux 是整合到核心裡面去的， 你只可以在 SELinux 運作下切換成為強制 (enforcing) 或寬容 (permissive) 模式，不能夠直接關閉 SELinux 的！ 

修改了配置檔案selinux=disabled 因為沒有重啟主機，目前狀態還是permissive


[[email protected] ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          disabled
Policy version:                 24
Policy from config file:        targeted

1.2配置免密登陸

ssh-keygen-t rsa  生成公鑰
ssh-copy-id [email protected]地址  
[[email protected] ~]# ssh-copy-id [email protected]

2、安裝

2.1yum 安裝

安裝ansible:
[[email protected] ~]# yum list |grep ansible
ansible.noarch                            2.5.1-1.el7                  epel     
ansible-doc.noarch                        2.5.1-1.el7                  epel     
ansible-inventory-grapher.noarch          2.4.4-1.el7                  epel     
ansible-lint.noarch                       3.4.21-1.el7                 epel     
ansible-openstack-modules.noarch          0-20140902git79d751a.el7     epel     
ansible-review.noarch                     0.13.4-1.el7                 epel     
kubernetes-ansible.noarch                 0.6.0-0.1.gitd65ebd5.el7     epel     
python2-ansible-tower-cli.noarch          3.2.1-2.el7                  epel     
[[email protected] ~]# yum -y install ansible

檢視安裝狀態：
[[email protected] ~]# ansible --version
ansible 2.5.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
[[email protected] ~]# python
Python 2.7.5 (default, Aug  4 2017, 00:39:18) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ansible
>>> exit()

2.2原始碼安裝

安裝包下載地址：https://releases.ansible.com/ansible/    

原始碼安裝需要python2.6以上版本，其依賴模組paramiko,pyYAML,Jinja2,simplejson等

安裝順序

setuptools

pycrypto

ecdsa

paramiko（依賴於pycrypto）

pyYaml

httplib

simplejson

Jinjia

1.  tar -xvzf setuptools-36.0.1
2. # cd setuptools-36.0.1
3. # python setup.py install 

接下來安裝其他模組

[[email protected] opt]# yum install python-devel.x86_64
 [[email protected] opt]# rpm -qa | grep python-devel
[[email protected] opt]# yum list | grep python-devel
dbus-python-devel.x86_64                 0.83.0-6.1.el6                   CentOS
gstreamer-python-devel.x86_64            0.10.16-1.1.el6                  CentOS
python-devel.x86_64                      2.6.6-52.el6                     CentOS
[roo[email protected] opt]# yum install python-devel.x86_64
  cd setuptools-7.0/
  python setup.py install  
   cd pycrypto-2.6.1/
python setup.py install
報錯：raise RuntimeError("autoconf error")
安裝c的編譯器  yum install gcc*
python setup.py install
沒有報錯
[[email protected] ansible]# cd ecdsa-0.11/
[[email protected] ecdsa-0.11]# python setup.py install
running install_egg_info
Writing /usr/lib/python2.6/site-packages/ecdsa-0.11-py2.6.egg-info

paramiko這個包依賴於pycrypto-2.6.1
[[email protected] ansible]# cd paramiko-1.15.1/
[[email protected] paramiko-1.15.1]# python setup.py install
 [[email protected] ansible]# cd pycrypto-2.6.1/
[[email protected] pycrypto-2.6.1]# python setup.py install
Writing /usr/lib64/python2.6/site-packages/pycrypto-2.6.1-py2.6.egg-info
[[email protected] ansible]# cd PyYAML-3.11/
 [[email protected] PyYAML-3.11]# python setup.py install
running install_egg_info
Writing /usr/lib64/python2.6/site-packages/PyYAML-3.11-py2.6.egg-info
[[email protected] ansible]# cd simplejson-3.6.5/
[[email protected] simplejson-3.6.5]# python setup.py install
Installed /usr/lib64/python2.6/site-packages/simplejson-3.6.5-py2.6-linux-x86_64.egg
Processing dependencies for simplejson==3.6.5
Finished processing dependencies for simplejson==3.6.5
[[email protected] ansible]# cd Jinja2-2.7.3/
[[email protected] Jinja2-2.7.3]# python setup.py install
安裝cryptography-2.2.2(如果不安裝ansible2.5x版本會報錯)
報錯要求setuptools18.5以上版本（重新安裝setuptools要把所有模組重新安裝一遍，不然找不到新版本的setuptools（同時要把/usr/lib/python2.6/site-packages中低版本的檔案刪除） ）

依賴cffi，cffi依賴libffi(這個不是Python模組)

error: command 'gcc' failed with exit status 1

[[email protected] cffi-1.11.5]# yum install libffi*

依賴pycparser

3、安裝問題及解決&配置

修改hosts檔案（/opt/ansible/ansible-2.5.5/examples）

兩個核心檔案：ansible.cfg和hosts檔案,預設都存放在/etc/ansible目錄下。ansible.cfg：主要設定一些ansible初始化的資訊，比如日誌存放路徑、模組、外掛等配置資訊

hosts：機器清單，進行分組管理

所以編譯安裝以後要把他們複製到/etc/ansible下面

1、修改主機清單

# Ex 2: A collection of hosts belonging to the 'webservers' group

 [webservers] #監控的組名為webservers

## alpha.example.org

## beta.example.org  # 把被監控節點加進去

192.168.119.88

192.168.119.89

192.168.119.90

# If you have multiple hosts following a pattern you can specify

# them like this:

## www[001:006].example.com

# Ex 3: A collection of database servers in the 'dbservers' group

## [dbservers]

##

2、修改配置檔案

簡要修改

 [defaults]  --->通用預設配置

inventory      = /etc/ansible/hosts 這個是預設庫檔案位置,指令碼,或者存放可通訊主機的目錄

forks          = 10 在與主機通訊時的預設並行程序數 ，預設是5d

host_key_checking = False檢查主機金鑰

log_path = /var/log/ansible.log  日誌檔案存放位置

module_name = command ansible命令執行預設的模組

private_key_file = /root/.ssh/id_rsa  私鑰檔案儲存位置（配置免密跳轉的時候設定的檔案位置）

[inventory]

[privilege_escalation]

[paramiko_connection]

[ssh_connection]

[persistent_connection]

[accelerate]

[selinux]

[colors]

[diff]

[[email protected] pycrypto-2.6.1]# ansible webservers -m command -a'uptime'

/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.

  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)

192.168.119.88 | SUCCESS | rc=0 >>

 17:19:40 up 535 days,  6:21,  2 users,  load average: 0.00, 0.00, 0.00

192.168.119.89 | SUCCESS | rc=0 >>

 17:09:57 up 535 days,  6:11,  1 user,  load average: 0.00, 0.00, 0.00

192.168.119.90 | SUCCESS | rc=0 >>

 17:42:30 up 535 days,  6:44,  2 users,  load average: 0.08, 0.11, 0.04

首先這不算是一個報錯資訊，而是一個安全提示資訊，是說系統自帶的gmp庫版本太低，容易遭受***，需要升級：

yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-devel openssl-devel zlib-devel bzip2-devel ncurses-devel