ansible安裝、配置ssh、hosts、測試連接

1、安裝ansible

1.1、源碼安裝

源碼安裝參照 https://www.cnblogs.com/guxiong/p/7218717.html

[root@kube-node3 ~]# tar xf ansible-1.7.2.tar.gz -C /usr/local/

[root@kube-node3 ~]# cd /usr/local/ansible-1.7.2/
[root@kube-node3 ansible-1.7.2]# python setup.py install

配置文件：

[root@kube-node3 ~]# find / -name ansible.cfg
/usr/local/ansible-1.7.2/examples/ansible.cfg
/usr/local/ansible-1.7.2/test/units/ansible.cfg

[root@kube-node3 ~]# cd /usr/local/ansible-1.7.2/examples
[root@kube-node3 examples]# ls
ansible.cfg DOCUMENTATION.yml hosts issues playbooks scripts

[root@kube-node3 ~]# mkdir /etc/ansible

[root@kube-node3 examples]# cp ansible.cfg hosts /etc/ansible/

 

1.2、yum安裝(推薦)

rpm包安裝 https://www.jianshu.com/p/b411608a17bf

[root@kube-node3 ~]# yum install -y ansible

查看版本：

[root@kube-node3 ~]# ansible --version
ansible 1.7.2

 

1.3、pip安裝

python3 -m pip install ansible

 

2、配置ssh登錄

服務端:192.168.0.64 客戶端:192.168.0.65

一鍵生成非交互式秘鑰對

ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ""

然后把公鑰(id_rsa.pub)拷貝到客戶端上：

ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.0.65

本機也要拷貝：

cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

chmod 600 /root/.ssh/authorized_keys　　　　　　# 必須是600, 否則用ansible連接本機報錯

在服務端測試ssh是否可以登錄



3、配置主機組

如果沒有ansible目錄創建即可

mkdir -p /etc/ansible/
touch /etc/ansible/hosts
cat > /etc/ansible/hosts << EOF
[k8s]
192.168.0.91
192.168.0.92
192.168.0.93
192.168.0.94
[test1]
192.168.0.91
[test2]
192.168.0.92
[test3]
192.168.0.93
[test4]
192.168.0.94
EOF

 

4、創建、配置ansible配置文件

touch /etc/ansible/ansible.cfg

cat > /etc/ansible/ansible.cfg << EOF 
[defaults]
inventory = /etc/ansible/hosts
sudo_user=root
remote_port=22
host_key_checking=False
remote_user=root
log_path=/var/log/ansible.log
module_name=command
private_key_file=/root/.ssh/id_rsa

#關閉報錯信息顯示
deprecation_warnings=False

pipelining = True

#不收集系統變量
gather_facts: no

#開啟時間顯示
callback_whitelist = profile_tasks

#關閉秘鑰檢測
host_key_cheking=False
EOF

 

測試:

[root@test2 ~]# time ansible -m ping all
127.0.0.1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.0.92 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

real    0m10.623s
user    0m7.961s
sys    0m1.075s



報錯解決：

"msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"


出現這個的原因是因為selinux開着的，關閉即可。安裝libselinux-python是不管用的


查看當前selinux的狀態命令為
getenforce



cat > /etc/selinux/config << EOF
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

EOF



兩個都要關。注意先看看有么有這兩個文件，如果沒有就創建一個，否則后期會出現很多問題

sed -i 's/enforcing/disabled/g' /etc/selinux/config

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux


再次查看當前selinux的狀態命令為

getenforce