1、安裝ansible 1.1、源碼安裝 源碼安裝參照 https://www.cnblogs.com/guxiong/p/7218717.html [root@kube-node3 ~]# tar xf ansible-1.7.2.tar.gz -C /usr/local/ [root@kube-node3 ~]# cd /usr/local/ansible-1.7.2/ [root@kube-node3 ansible-1.7.2]# python setup.py install 配置文件: [root@kube-node3 ~]# find / -name ansible.cfg /usr/local/ansible-1.7.2/examples/ansible.cfg /usr/local/ansible-1.7.2/test/units/ansible.cfg [root@kube-node3 ~]# cd /usr/local/ansible-1.7.2/examples [root@kube-node3 examples]# ls ansible.cfg DOCUMENTATION.yml hosts issues playbooks scripts [root@kube-node3 ~]# mkdir /etc/ansible [root@kube-node3 examples]# cp ansible.cfg hosts /etc/ansible/ 1.2、yum安裝(推薦) rpm包安裝 https://www.jianshu.com/p/b411608a17bf [root@kube-node3 ~]# yum install -y ansible 查看版本: [root@kube-node3 ~]# ansible --version ansible 1.7.2 1.3、pip安裝 python3 -m pip install ansible 2、配置ssh登錄 服務端:192.168.0.64 客戶端:192.168.0.65 一鍵生成非交互式秘鑰對 ssh-keygen -t rsa -f /root/.ssh/id_rsa -P "" 然后把公鑰(id_rsa.pub)拷貝到客戶端上: ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.0.65 本機也要拷貝: cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys # 必須是600, 否則用ansible連接本機報錯 在服務端測試ssh是否可以登錄 3、配置主機組 如果沒有ansible目錄創建即可 mkdir -p /etc/ansible/ touch /etc/ansible/hosts cat > /etc/ansible/hosts << EOF [k8s] 192.168.0.91 192.168.0.92 192.168.0.93
192.168.0.94
[test1]
192.168.0.91
[test2]
192.168.0.92
[test3]
192.168.0.93
[test4]
192.168.0.94 EOF 4、創建、配置ansible配置文件 touch /etc/ansible/ansible.cfg cat > /etc/ansible/ansible.cfg << EOF [defaults] inventory = /etc/ansible/hosts sudo_user=root remote_port=22 host_key_checking=False remote_user=root log_path=/var/log/ansible.log module_name=command private_key_file=/root/.ssh/id_rsa #關閉報錯信息顯示 deprecation_warnings=False pipelining = True #不收集系統變量 gather_facts: no #開啟時間顯示 callback_whitelist = profile_tasks #關閉秘鑰檢測 host_key_cheking=False EOF 測試: [root@test2 ~]# time ansible -m ping all 127.0.0.1 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.0.92 | SUCCESS => { "changed": false, "ping": "pong" } real 0m10.623s user 0m7.961s sys 0m1.075s 報錯解決: "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!" 出現這個的原因是因為selinux開着的,關閉即可。安裝libselinux-python是不管用的 查看當前selinux的狀態命令為 getenforce cat > /etc/selinux/config << EOF # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted EOF 兩個都要關。注意先看看有么有這兩個文件,如果沒有就創建一個,否則后期會出現很多問題 sed -i 's/enforcing/disabled/g' /etc/selinux/config sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux 再次查看當前selinux的狀態命令為 getenforce