ansible安装、配置ssh、hosts、测试连接

1、安装ansible

1.1、源码安装

源码安装参照 https://www.cnblogs.com/guxiong/p/7218717.html

[root@kube-node3 ~]# tar xf ansible-1.7.2.tar.gz -C /usr/local/

[root@kube-node3 ~]# cd /usr/local/ansible-1.7.2/
[root@kube-node3 ansible-1.7.2]# python setup.py install

配置文件：

[root@kube-node3 ~]# find / -name ansible.cfg
/usr/local/ansible-1.7.2/examples/ansible.cfg
/usr/local/ansible-1.7.2/test/units/ansible.cfg

[root@kube-node3 ~]# cd /usr/local/ansible-1.7.2/examples
[root@kube-node3 examples]# ls
ansible.cfg DOCUMENTATION.yml hosts issues playbooks scripts

[root@kube-node3 ~]# mkdir /etc/ansible

[root@kube-node3 examples]# cp ansible.cfg hosts /etc/ansible/

 

1.2、yum安装(推荐)

rpm包安装 https://www.jianshu.com/p/b411608a17bf

[root@kube-node3 ~]# yum install -y ansible

查看版本：

[root@kube-node3 ~]# ansible --version
ansible 1.7.2

 

1.3、pip安装

python3 -m pip install ansible

 

2、配置ssh登录

服务端:192.168.0.64 客户端:192.168.0.65

一键生成非交互式秘钥对

ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ""

然后把公钥(id_rsa.pub)拷贝到客户端上：

ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.0.65

本机也要拷贝：

cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

chmod 600 /root/.ssh/authorized_keys　　　　　　# 必须是600, 否则用ansible连接本机报错

在服务端测试ssh是否可以登录



3、配置主机组

如果没有ansible目录创建即可

mkdir -p /etc/ansible/
touch /etc/ansible/hosts
cat > /etc/ansible/hosts << EOF
[k8s]
192.168.0.91
192.168.0.92
192.168.0.93
192.168.0.94
[test1]
192.168.0.91
[test2]
192.168.0.92
[test3]
192.168.0.93
[test4]
192.168.0.94
EOF

 

4、创建、配置ansible配置文件

touch /etc/ansible/ansible.cfg

cat > /etc/ansible/ansible.cfg << EOF 
[defaults]
inventory = /etc/ansible/hosts
sudo_user=root
remote_port=22
host_key_checking=False
remote_user=root
log_path=/var/log/ansible.log
module_name=command
private_key_file=/root/.ssh/id_rsa

#关闭报错信息显示
deprecation_warnings=False

pipelining = True

#不收集系统变量
gather_facts: no

#开启时间显示
callback_whitelist = profile_tasks

#关闭秘钥检测
host_key_cheking=False
EOF

 

测试:

[root@test2 ~]# time ansible -m ping all
127.0.0.1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.0.92 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

real    0m10.623s
user    0m7.961s
sys    0m1.075s



报错解决：

"msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"


出现这个的原因是因为selinux开着的，关闭即可。安装libselinux-python是不管用的


查看当前selinux的状态命令为
getenforce



cat > /etc/selinux/config << EOF
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

EOF



两个都要关。注意先看看有么有这两个文件，如果没有就创建一个，否则后期会出现很多问题

sed -i 's/enforcing/disabled/g' /etc/selinux/config

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux


再次查看当前selinux的状态命令为

getenforce