一、ansible-tower简介
1)公司中实现运维自动化的架构中主要用到ansible,ansible脚本在部署服务器指令行中显得不太直观。Ansible-Tower(之前叫做awx)是将ansible的指令界面化,简明直观,简单易用。
2)Ansibke-tower其实就是一个图形化的任务调度,复杂服务部署,IT自动化的一个管理平台,属于发布配置管理系统,支持Api及界面操作,Django编写。
3)Ansible-tower可以通过界面从github拉取最新playbook实施服务部署,提高生产效率。当然它也提供一个RESET API和命令行的CLI以供python脚本调用
官方网站:https://www.ansible.com/products/tower
中文指南:http://www.ansible.com.cn/docs/tower.html
官方安装文档:http://docs.ansible.com/ansible-tower/latest/html/quickinstall/index.html
官方源地址:http://releases.ansible.com/ansible-tower/setup-bundle/
二、ansible-tower安装及配置
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
[root@tower ~] # cd /opt/
[root@tower opt] # wget https://releases.ansible.com/ansible-tower/setup-bundle/ansible-tower-setup-bundle-3.6.2-1.el7.tar.gz
[root@tower opt] # tar xf ansible-tower-setup-bundle-3.6.2-1.el7.tar.gz
[root@tower opt] # cd ansible-tower-setup-bundle-3.6.2-1/
[root@tower ansible-tower-setup-bundle-3.6.2-1] # ls
backup.yml bundle group_vars install .yml inventory licenses README.md rekey.yml restore.yml roles setup.sh
[root@tower ansible-tower-setup-bundle-3.6.2-1] # vim inventory
[tower]
localhost ansible_connection= local
[database]
[all:vars]
admin_password= 'tower' #tower登录密码
pg_host= ''
pg_port= ''
pg_database= 'awx'
pg_username= 'awx'
pg_password= 'tower'
pg_sslmode= 'prefer' # set to 'verify-full' for client-side enforced SSL
rabbitmq_username=tower
rabbitmq_password= 'tower'
rabbitmq_cookie=cookiemonster
# Isolated Tower nodes automatically generate an RSA key for authentication;
# To disable this behavior, set this value to false
# isolated_key_generation=true
# SSL-related variables
# If set, this will install a custom CA certificate to the system trust store.
# custom_ca_cert=/path/to/ca.crt
# Certificate and key to install in nginx for the web UI and API
# web_server_ssl_cert=/path/to/tower.cert
# web_server_ssl_key=/path/to/tower.key
# Use SSL for RabbitMQ inter-node communication. Because RabbitMQ never
# communicates outside the cluster, a private CA and certificates will be
# created, and do not need to be supplied.
# rabbitmq_use_ssl=False
# Server-side SSL settings for PostgreSQL (when we are installing it).
# postgres_use_ssl=False
# postgres_ssl_cert=/path/to/pgsql.crt
# postgres_ssl_key=/path/to/pgsql.key
#开始安装
[root@tower ansible-tower-setup-bundle-3.6.2-1] # ./setup.sh
|
需要认证:
三、ansible-tower破解
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
[root@tower ~] # cd /var/lib/awx/venv/awx/lib/python3.6/site-packages/tower_license
[root@tower tower_license] # ll
total 8
-rw-r--r-- 1 root root 7764 Dec 14 01:39 __init__.pyc
drwxr-xr-x 2 root root 37 Jan 12 11:46 __pycache__
#安装pip
[root@tower tower_license] # wget https://bootstrap.pypa.io/get-pip.py
[root@tower tower_license] # python get-pip.py
[root@tower tower_license] # pip -V
pip 19.3.1 from /usr/lib/python2 .7 /site-packages/pip (python 2.7)
[root@tower tower_license] # pip install uncompyle6
#反汇编init.pyc
[root@tower tower_license] # uncompyle6 __init__.pyc >__init__.py
[root@tower tower_license] # ll
total 20
-rw-r--r-- 1 root root 11502 Jan 12 12:04 __init__.py
-rw-r--r-- 1 root root 7764 Dec 14 01:39 __init__.pyc
drwxr-xr-x 2 root root 37 Jan 12 11:46 __pycache__
#修改__init__.py文件
def _check_cloudforms_subscription(self):
return True #添加这一行
if os.path.exists( '/var/lib/awx/i18n.db' ):
return True
else :
if os.path.isdir( '/opt/rh/cfme-appliance' ):
if os.path.isdir( '/opt/rh/cfme-gemset' ):
pass
try:
has_rpms = subprocess.call([ 'rpm' , '--quiet' , '-q' , 'cfme' , 'cfme-appliance' , 'cfme-gemset' ])
if has_rpms == 0:
return True
except OSError:
pass
return False
....
#修改"license_date=253370764800L" 为 "license_date=253370764800"
def _generate_cloudforms_subscription(self):
self._attrs.update(dict(company_name= 'Red Hat CloudForms License' , instance_count=MAX_INSTANCES,
license_date=253370764800, #修改
license_key= 'xxxx' ,
license_type= 'enterprise' ,
subscription_name= 'Red Hat CloudForms License' ))
...
#------------------------------------------------------------------
#修改完重新编译一下
[root@tower tower_license] # python -m py_compile __init__.py
[root@tower tower_license] # python -O -m py_compile __init__.py
[root@tower tower_license] # ll
total 36
-rw-r--r-- 1 root root 11521 Jan 12 12:08 __init__.py
-rw-r--r-- 1 root root 9181 Jan 12 12:08 __init__.pyc
-rw-r--r-- 1 root root 9181 Jan 12 12:08 __init__.pyo
drwxr-xr-x 2 root root 37 Jan 12 11:46 __pycache__
#重启服务
[root@tower tower_license] # ansible-tower-service restart
Restarting Tower
Redirecting to /bin/systemctl stop rh-postgresql10-postgresql.service
Redirecting to /bin/systemctl stop rabbitmq-server.service
Redirecting to /bin/systemctl stop nginx.service
Redirecting to /bin/systemctl stop supervisord.service
Redirecting to /bin/systemctl start rh-postgresql10-postgresql.service
Redirecting to /bin/systemctl start rabbitmq-server.service
Redirecting to /bin/systemctl start nginx.service
Redirecting to /bin/systemctl start supervisord.service
|
#访问https://10.0.0.203/#/license
四、运行测试项目
playbook将在github上创建,Ansible Tower拉取执行,Ansible Tower的playbook默认存在 /var/lib/awx/projects/
1)创建host登录凭据
2)在github中添加playbook项目
3)在Ansible Tower添加拉取github项目的凭据
4)创建project
保存后Ansilble Tower会自动运行一次Update,如果要手动运行,点击列表中的刷新按钮。当github上yml文件被更新或者新增后需要点击一下刷新按钮,否则JOB执行得还是原来的yml
此时在Ansible Tower服务器的/var/lib/awx/projects/目录下已经有git拉下来的完整文件结构
5)创建主机清单
6)创建任务模板
7)运行模板
点击右侧日志中change几行可以看到详细信息
五、安装tomcat8测试
1)编写playbook
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
---
- hosts: all
remote_user: root
tasks:
- name: "copy files to remote host"
copy:
src={{ item.src }}
dest={{ item.dest }}
with_items:
- src: /usr/local/src/jdk-8u162-linux-x64 .rpm
dest: /usr/local/
- src: /usr/local/src/apache-tomcat-8 .0.38. tar .gz
dest: /usr/local/
- name: "install jdk"
yum:
name: /usr/local/jdk-8u162-linux-x64 .rpm
state: present
- name: "install tomcat8"
shell: cd /usr/local/ && tar xf apache-tomcat-8.0.38. tar .gz
- name: "rename file"
shell: mv /usr/local/apache-tomcat-8 .0.38 /usr/local/tomcat8
- name: "start tomcat"
shell: 'nohup /usr/local/tomcat8/bin/startup.sh &'
|
2)创建inventory
3)创建project
4)创建模板
5)运行模板
6)浏览器测试tomcat
参考文档:
https://blog.51cto.com/lzlutao/2382193
https://blog.51cto.com/lzlutao/2382194
https://www.cnblogs.com/kevingrace/p/11306540.html