、安装ansible

1.1、源码安装

源码安装参照 https://www.cnblogs.com/guxiong/p/7218717.html

[root@kube-node3 ~]# tar xf ansible-1.7..tar.gz -C /usr/local/

[root@kube-node3 ~]# cd /usr/local/ansible-1.7./

[root@kube-node3 ansible-1.7.]# python setup.py install

配置文件：

[root@kube-node3 ~]# find / -name ansible.cfg

/usr/local/ansible-1.7./examples/ansible.cfg

/usr/local/ansible-1.7./test/units/ansible.cfg

[root@kube-node3 ~]# cd /usr/local/ansible-1.7./examples

[root@kube-node3 examples]# ls

ansible.cfg DOCUMENTATION.yml hosts issues playbooks scripts

[root@kube-node3 ~]# mkdir /etc/ansible

[root@kube-node3 examples]# cp ansible.cfg hosts /etc/ansible/

1.2、yum安装(推荐)

rpm包安装 https://www.jianshu.com/p/b411608a17bf

[root@kube-node3 ~]# yum install -y ansible

查看版本：

[root@kube-node3 ~]# ansible --version

ansible 1.7.

1.3、pip安装

python3 -m pip install ansible

、配置ssh登录

服务端:192.168.0.64 客户端:192.168.0.65

一键生成非交互式秘钥对

ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ""

然后把公钥(id_rsa.pub)拷贝到客户端上：

ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.0.65

本机也要拷贝：

cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

chmod  /root/.ssh/authorized_keys　　　　　　# 必须是600, 否则用ansible连接本机报错

在服务端测试ssh是否可以登录

、配置主机组

如果没有ansible目录创建即可

mkdir -p /etc/ansible/

touch /etc/ansible/hosts

cat > /etc/ansible/hosts << EOF

[k8s]

192.168.0.91

192.168.0.92

192.168.0.93
192.168.0.94
[test1]
192.168.0.91
[test2]
192.168.0.92
[test3]
192.168.0.93
[test4]
192.168.0.94

EOF

、创建、配置ansible配置文件

touch /etc/ansible/ansible.cfg

cat > /etc/ansible/ansible.cfg << EOF

[defaults]

inventory = /etc/ansible/hosts

sudo_user=root

remote_port=

host_key_checking=False

remote_user=root

log_path=/var/log/ansible.log

module_name=command

private_key_file=/root/.ssh/id_rsa

#关闭报错信息显示

deprecation_warnings=False

pipelining = True

#不收集系统变量

gather_facts: no

#开启时间显示

callback_whitelist = profile_tasks

#关闭秘钥检测

host_key_cheking=False

EOF

测试:

[root@test2 ~]# time ansible -m ping all

127.0.0.1 | SUCCESS => {

    "changed": false,

    "ping": "pong"

}

192.168.0.92 | SUCCESS => {

    "changed": false,

    "ping": "pong"

}

real    0m10.623s

user    0m7.961s

sys    0m1.075s

报错解决：

"msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"

出现这个的原因是因为selinux开着的，关闭即可。安装libselinux-python是不管用的

查看当前selinux的状态命令为

getenforce

cat > /etc/selinux/config << EOF

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of three two values:

#     targeted - Targeted processes are protected,

#     minimum - Modification of targeted policy. Only selected processes are protected.

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted 

EOF

两个都要关。注意先看看有么有这两个文件，如果没有就创建一个，否则后期会出现很多问题

sed -i 's/enforcing/disabled/g' /etc/selinux/config

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

再次查看当前selinux的状态命令为

getenforce