zoukankan      html  css  js  c++  java
  • Ansible学习笔记(一):部署管理Windows机器遇到的一些坑

    在给国盛通上海测试环境做Ansible管理Windows服务器的时候,遇到了一些坑,Google解决掉了,特此记录,坑用红色标记。

    一、环境说明

    1.Ansible管理主机

    操作系统:CentOS 7.4

    ip:172.50.1.119

    2.Ansible客户端主机

    操作系统:Windows Server 2008 R2

    ip:172.50.1.172

    二、开始部署

    1.Windows部分:

    (1)升级PowerShell版本到4.0【Windows Server 2012的同学就不需要升级了,Server 2012的PowerShell默认版本就是4.0】

    # 1.下载并安装Microsoft .NET Framework 4.5
    https://download.microsoft.com/download/B/A/4/BA4A7E71-2906-4B2D-A0E1-80CF16844F5F/dotNetFx45_Full_setup.exe
    
    # 2.下载并安装PowerShell 4.0(Windows Management Framework 4.0
    https://download.microsoft.com/download/3/D/6/3D61D262-8549-4769-A660-230B67E15B25/Windows6.1-KB2819745-x64-MultiPkg.msu
    
    # 3.重启Windows Server之后,打开PowerShell,查看升级是否成功,如图1所示。
    get-host

    【图1】

    (2)Windows Server开启winrm服务【这个服务 远程管理作用】

    以下都在PowerShell中进行

    # 1.查看powershell执行策略
    get-executionpolicy
    
    # 2.更改powershell执行策略为remotesigned【输入y确认】
    set-executionpolicy remotesigned
    
    # 3.配置winrm service并启动服务
    winrm quickconfig
    
    # 4.修改winrm配置,启用远程连接认证【这里是PowerShell的命令,如果用cmd的话,@前面的' 和 末尾的' 要去掉的】【如图2所示】
    winrm set winrm/config/service/auth '@{Basic="true"}'
    winrm set winrm/config/service '@{AllowUnencrypted="true"}'
    
    # 5.查看winrm service启动监听状态【如果有应答,说明服务配置并启动成功了】【如图3所示】
    winrm enumerate winrm/config/listener

    【图2】【图3】

    (3)设置防火墙入站规则

    允许5985端口入站通过。这个很简单,略。

    2.CentOS部分(Ansible管理主机)

    重点:千万不要yum安装。选择pip安装,或者二进制包安装。否则,即便安装了pywinrm插件也无法管理Windows主机。报图4错误。

    "msg": "winrm or requests is not installed: No module named winrm"

    【图4】

    (1)安装pip命令【先安装python3环境:https://www.cnblogs.com/herui1991/p/12305897.html

    # 1.从官网下载pip包到本地,官网链接:https://pypi.org/project/pip/#files
    [root@localhost ~]# wget https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f/pip-20.0.2.tar.gz
    
    # 2.解压
    [root@localhost ~]# tar -zxvf pip-20.0.2.tar.gz -C /usr/local
    
    # 3.安装
    [root@localhost ~]# cd /usr/local/pip-20.0.2
    [root@localhost pip-20.0.2]# python3 setup.py install

    (2)安装pywinrm插件

    [root@localhost ~]# pip install pywinrm
    Collecting pywinrm
      Using cached pywinrm-0.4.1.tar.gz (36 kB)
    Requirement already satisfied: xmltodict in /usr/local/lib/python3.7/site-packages (from pywinrm) (0.12.0)
    Requirement already satisfied: requests>=2.9.1 in /usr/local/lib/python3.7/site-packages (from pywinrm) (2.22.0)
    Requirement already satisfied: requests_ntlm>=0.3.0 in /usr/local/lib/python3.7/site-packages (from pywinrm) (1.1.0)
    Requirement already satisfied: six in /usr/local/lib/python3.7/site-packages (from pywinrm) (1.14.0)
    Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/local/lib/python3.7/site-packages (from requests>=2.9.1->pywinrm) (3.0.4)
    Requirement already satisfied: idna<2.9,>=2.5 in /usr/local/lib/python3.7/site-packages (from requests>=2.9.1->pywinrm) (2.8)
    Requirement already satisfied: urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1 in /usr/local/lib/python3.7/site-packages (from requests>=2.9.1->pywinrm) (1.25.8)
    Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python3.7/site-packages (from requests>=2.9.1->pywinrm) (2019.11.28)
    Requirement already satisfied: cryptography>=1.3 in /usr/local/lib/python3.7/site-packages (from requests_ntlm>=0.3.0->pywinrm) (2.8)
    Requirement already satisfied: ntlm-auth>=1.0.2 in /usr/local/lib/python3.7/site-packages (from requests_ntlm>=0.3.0->pywinrm) (1.4.0)
    Requirement already satisfied: cffi!=1.11.3,>=1.8 in /usr/local/lib/python3.7/site-packages (from cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm) (1.14.0)
    Requirement already satisfied: pycparser in /usr/local/lib/python3.7/site-packages (from cffi!=1.11.3,>=1.8->cryptography>=1.3->requests_ntlm>=0.3.0->pywinrm) (2.19)
    Installing collected packages: pywinrm
        Running setup.py install for pywinrm ... done
    Successfully installed pywinrm-0.4.1

    (3)pip安装ansible

    [root@localhost ~]# pip install ansible

    (4)配置文件

    配置文件默认路径:/etc/ansible/hosts,在此配置文件尾巴追加以下信息,ansible_ssh_user是Windows Server的用户名,ansible_ssh_pass是Windows Server的密码

    [windows]
    172.50.1.172 ansible_ssh_user="Administrator" ansible_ssh_pass="Password" ansible_ssh_port=5985 ansible_connection="winrm" ansible_winrm_server_cert_validation=ignore

    (5)验证通不通,显示SUCCESS表示通了

    # ping下通不通
    [root@localhost ~]# ansible windows -m win_ping 
    172.50.1.172 | SUCCESS => {
        "changed": false,
        "ping": "pong"
    }

    三、重点与说明

    1.重点

    (1)升级PowerShell到4.0要先升级.Net Franmwork;

    (2)开启winrm服务在CMD下、PowerShell下语法是不一样的,本文是在PowerShell下进行的,有截图为证;

    (3)一定要安装pywinrm插件,否则管理Windows Server的时候会报错"msg": "winrm or requests is not installed: No module named winrm"

    (4)如果安装了pywinrm还是报这个错,是因为yum安装的ansible无法调用pip安装的pywinrm插件,故而建议用pip安装ansible或者用源码包安装ansible。【这个坑埋得比较深,还是Google解决的,这里吐槽下Baidu搜不到】【用yum安装ansible无法调用pip安装的pywinrm插件,不确定是不是必现,但在我工作的测试环境出现了】

    2.说明

    ansible详解用法

  • 相关阅读:
    mysql实现主从复制
    go get时候 timeout
    linux 修改/etc/profile文件之后 没有效果
    初试 laravel
    php 实现单个大文件(视频)的 断点上传
    UEditor图片左对齐右对齐 要的作用显示之后 保存之后没有效果
    docker 实现 mysql+nginx+php
    redis
    easyPoi框架的excel导入导出
    从生产计划的角度认识精益生产
  • 原文地址:https://www.cnblogs.com/herui1991/p/12304487.html
Copyright © 2011-2022 走看看