在 CentOS 8 上安装 Ansible

在 CentOS 8 上安装 Ansible 有多种方法，但我们是从 EPEL yum 存储库安装它。

因为 Ansible 在默认 yum 存储库中不可用。
因此，我们需要安装 EPEL（Extra Packages for Enterprise Linux）yum 存储库。

[root@oir-lab-semaphore ~]# dnf install -y epel-release

为 EPEL yum 存储库构建缓存。

[root@oir-lab-semaphore ~]# dnf makecache
CentOS-8 - AppStream                             12 kB/s | 4.3 kB     00:00
CentOS-8 - Base                                 1.2 kB/s | 3.9 kB     00:03
CentOS-8 - Extras                               4.2 kB/s | 1.5 kB     00:00
Extra Packages for Enterprise Linux Modular 8 -  25 kB/s | 118 kB     00:04
Extra Packages for Enterprise Linux 8 - x86_64  606 kB/s | 6.8 MB     00:11
Metadata cache created.

现在，我们可以从 EPEL yum 存储库安装 Ansible。

[root@oir-lab-semaphore ~]# dnf install -y ansible

Ansible Semaphore准备工作：

要安装 Ansible Semaphore ，需要：

• MySQL >= 5.6.4/MariaDB >= 5.3
• ansible
• git >= 2.x

访问 Ansible 信号量 Web UI：

使用 浏览器 http://oir-lab-semaphore.onitroad.com:3000。
打开 Ansible Semaphore 的登录页面。

使用之前创建的用户/密码登录。
将可以看到Semaphore 的仪表板。

在 CentOS 8 上安装 Git

git 在默认的 yum 存储库中可用，因此，我们可以使用 dnf 命令轻松地在 CentOS 上安装 git。

[root@oir-lab-semaphore ~]# dnf install -y git

检查 git 的版本

[root@oir-lab-semaphore ~]# git --version
git version 2.18.2

在 CentOS 8 上配置 Ansible Semaphore

要配置 Sempahore Web UI，请执行以下命令并提供所需的参数如下。

[root@oir-lab-semaphore ~]# semaphore -setup
 Hello! You will now be guided through a setup to:
 1. Set up configuration for a MySQL/MariaDB database
 2. Set up a path for your playbooks (auto-created)
 3. Run database Migrations
 4. Set up initial semaphore user & password
 > DB Hostname (default 127.0.0.1:3306): 127.0.0.1:3306
 > DB User (default root): root
 > DB Password: 123
 > DB Name (default semaphore): semaphore
 > Playbook path (default /tmp/semaphore): /opt/semaphore
 > Web root URL (optional, example http://localhost:8010/): http://localhost:8010/
 > Enable email alerts (y/n, default n): n
 > Enable telegram alerts (y/n, default n): n
 > Enable LDAP authentication (y/n, default n): n
 Generated configuration:
 {
        "mysql": {
                "host": "127.0.0.1:3306",
                "user": "root",
                "pass": "123",
                "name": "semaphore"
        },
        "port": "",
        "tmp_path": "/opt/semaphore",
        "cookie_hash": "amackrz6Wq4yQCTPPZFJOdPn5ZXrlwW9q5nFDrdz7bU=",
        "cookie_encryption": "+kh28Q3TZw7TFMTUj7JSQPsJg6TiueaM3MlQ0Y/quZ4=",
        "email_sender": "",
        "email_host": "",
        "email_port": "",
        "web_host": "http://localhost:8010/",
        "ldap_binddn": "",
        "ldap_bindpassword": "",
        "ldap_server": "",
        "ldap_searchdn": "",
        "ldap_searchfilter": "",
        "ldap_mappings": {
                "dn": "",
                "mail": "",
                "uid": "",
                "cn": ""
        },
        "telegram_chat": "",
        "telegram_token": "",
        "concurrency_mode": "",
        "max_parallel_tasks": 0,
        "email_alert": false,
        "telegram_alert": false,
        "ldap_enable": false,
        "ldap_needtls": false
 }
 > Is this correct? (yes/no): yes
 > Config output directory (default /root): /etc/semaphore
 Running: mkdir -p /etc/semaphore..
 Configuration written to /etc/semaphore/config.json..
 Pinging db..
 Running DB Migrations..
...
Executing migration v2.5.0 (at 2020-05-27 12:27:24.769857459 +0500 PKT m=+106.675895917)...
 [1/1]
Migrations Finished

 > Username: onitroad
 > Email: JackLiu@onitroad.com
WARN[0126] sql: no rows in result set                    level=Warn
 > Your name: onitroad
 > Password: 123
 You are all setup onitroad!
 Re-launch this program pointing to the configuration file
./semaphore -config /etc/semaphore/config.json
 To run as daemon:
nohup ./semaphore -config /etc/semaphore/config.json &
 You can login with JackLiu@onitroad.com or onitroad.

在 CentOS 8 上创建Semaphore服务：

要配置 Ansible Semaphore 的自动启动，我们必须为 Semaphore 服务创建一个 systemd 单元。

[root@oir-lab-semaphore ~]# vi /usr/lib/systemd/system/semaphore.service

在此文件中添加以下指令。

[Unit]
Description=Semaphore Ansible UI
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/bin/semaphore -config /etc/semaphore/config.json
SyslogIdentifier=semaphore
Restart=always
[Install]
WantedBy=multi-user.target

启用并启动 semaphore.service。

[root@oir-lab-semaphore ~]# systemctl enable --now semaphore.service
Created symlink /etc/systemd/system/multi-user.target.wants/semaphore.service -> /usr/lib/systemd/system/semaphore.service.

在 CentOS 防火墙中允许 Semaphore 默认服务端口。

[root@oir-lab-semaphore ~]# firewall-cmd --permanent --add-port=3000/tcp
success
[root@oir-lab-semaphore ~]# firewall-cmd --reload
success

什么是 Ansible Semaphore

Ansible Semaphore 是 Ansible Tower 的另一个开源替代品。
Semaphore 支持 LDAP 身份验证、REST API、电子邮件和电报警报。

Semaphore是用 Golang（后端）和 AngularJS（前端）编写的，并在 MIT 许可下分发。

在 CentOS 8 上安装 MariaDB 服务器

Ansible Semaphore 需要一个 MySQL 数据库来创建其数据存储库。
因此，我们使用 dnf 命令在 CentOS 8 上安装 MariaDB 10.3 服务器。

[root@oir-lab-semaphore ~]# dnf install -y mariadb-server

启用并启动 mariadb.service。

[root@oir-lab-semaphore ~]# systemctl enable --now mariadb.service

配置 MariaDB 服务器并设置 root 用户密码。

[root@oir-lab-semaphore ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
 ... Success!
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
 ... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
 ... Success!
Cleaning up...
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

在 CentOS 8 上安装 Ansible Semaphore

在 GitHub 上找到下载链接， 然后使用wget命令下载。

[root@oir-lab-semaphore ~]# wget https://github.com/ansible-semaphore/semaphore/releases/download/v2.5.1/semaphore_2.5.1_linux_amd64.rpm

现在，使用 dnf 命令安装 Semaphore 包。

[root@oir-lab-semaphore ~]# dnf install -y semaphore_2.5.1_linux_amd64.rpm

查看已安装的版本

[root@oir-lab-semaphore ~]# semaphore -version
v2.5.1