银河麒麟服务器系统v10sp2安装部署ansiable

一、Ansible是什么？

Ansible是最近几年特别火的一款开源运维自动化工具，它能够帮助运维人员肉眼可见地提高工作效率，并减少人为失误。Ansible有上千个功能丰富且实用的模块，而且有详尽的帮助信息可供查阅，因此即便是小白用户也可以轻松上手.

二、安装部署

1.测试用到的主机和ip

2.修改给主机hosts文件

[root@manger01 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.156 manger01
192.168.10.155 node1
192.168.10.154 node2
192.168.10.153 node3

其他机器同理

3.关闭防火墙及selinux

[root@manger01 ~]# systemctl disable firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@manger01 ~]# sed -i -r '/SELINUX=/c\SELINUX=disable' /etc/selinux/config
[root@manger01 ~]#reboot

其他机器同理

4.ansible安装

[root@manger01 ~]# yum install ansible
上次元数据过期检查：0:53:58 前，执行于 2022年09月08日 星期四 15时58分20秒。
依赖关系解决。
================================================================================
 Package             Arch      Version                Repository           Size
================================================================================
安装:
 ansible             noarch    2.8.8-1.p01.ky10       ks10-adv-updates     15 M
安装依赖关系:
 libsodium           x86_64    1.0.16-7.ky10          ks10-adv-os         146 k
 python3-bcrypt      x86_64    3.1.4-8.ky10           ks10-adv-os          39 k
 python3-paramiko    noarch    2.4.3-1.ky10.ky10      ks10-adv-os         281 k
 python3-pyasn1      noarch    0.3.7-8.ky10           ks10-adv-os         215 k
 python3-pynacl      x86_64    1.2.1-5.ky10           ks10-adv-os          77 k
 python3-pyyaml      x86_64    5.3.1-4.ky10           ks10-adv-updates    189 k
 sshpass             x86_64    1.06-8.ky10            ks10-adv-os          24 k

事务概要
================================================================================
安装  8 软件包

总下载：16 M
安装大小：82 M
确定吗？[y/N]： y
下载软件包：
(1/8): python3-bcrypt-3.1.4-8.ky10.x86_64.rpm                                                                           203 kB/s |  39 kB     00:00
(2/8): libsodium-1.0.16-7.ky10.x86_64.rpm                                                                               581 kB/s | 146 kB     00:00
(3/8): python3-paramiko-2.4.3-1.ky10.ky10.noarch.rpm                                                                    993 kB/s | 281 kB     00:00
(4/8): python3-pyasn1-0.3.7-8.ky10.noarch.rpm                                                                           1.8 MB/s | 215 kB     00:00
(5/8): python3-pynacl-1.2.1-5.ky10.x86_64.rpm                                                                           1.1 MB/s |  77 kB     00:00
(6/8): sshpass-1.06-8.ky10.x86_64.rpm                                                                                   420 kB/s |  24 kB     00:00
(7/8): python3-pyyaml-5.3.1-4.ky10.x86_64.rpm                                                                           1.2 MB/s | 189 kB     00:00
(8/8): ansible-2.8.8-1.p01.ky10.noarch.rpm                                                                              685 kB/s |  15 MB     00:21
--------------------------------------------------------------------------------------------------------------------------------------------------------

4.管理端生成ssh公钥

[root@manger01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:f85Jhua+/V0JV3kX7Hnjf5R2A2YYZ4Y5TV28p3vIq7M root@manger01
The key's randomart image is:
+---[RSA 3072]----+
|            =.ooo|
|           = = o+|
|            B ..*|
|           . + =*|
|        S   o.oo=|
|         . .  +=+|
|          + +..==|
|         o B..+.=|
|         .+.E=ooo|
+----[SHA256]-----+

4.将生成的公钥传给节点

[root@manger01 ~]# ssh-copy-id -i .ssh/id_rsa.pub node3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'node3 (192.168.10.153)' can't be established.
ECDSA key fingerprint is SHA256:926xuT7i9eneo+Aoyu63uNLlGNQPfDBHhbRbDUCXxLA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node3's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node3'"
and check to make sure that only the key(s) you wanted were added.

5.配置ansible，部署主机列表，定义被监控机器

[root@manger01 ansible]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
[group]
192.168.10.153
192.168.10.154
192.168.10.155

6.测试管理机器月业务机器连通性

列出所有主机

[root@manger01 ansible]# ansible all --list-host
  hosts (3):
    192.168.10.153
    192.168.10.154
    192.168.10.155

测试单台node3的连通性

[root@manger01 ansible]# ansible  -m ping  192.168.10.153
192.168.10.153 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false,
    "ping": "pong"

7.ansiable之copy命令用法简易演示

[root@manger01 ansible]# ansible 192.168.10.153 -m copy -a 'src=/etc/.productinfo dest=/mnt'
192.168.10.153 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": true,
    "checksum": "6e900b223bf93a85581ca9f29d3265e1ad653d77",
    "dest": "/mnt/.productinfo",
    "gid": 0,
    "group": "root",
    "md5sum": "4ab579029b7f9ba4c21751a4e1647038",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:mnt_t:s0",
    "size": 79,
    "src": "/root/.ansible/tmp/ansible-tmp-1662628948.3531294-145080940642918/source",
    "state": "file",
    "uid": 0
}

总结

以上为今天主要演示的内容