Ansible环境配置

Ansible环境搭建

1.组成

2.设置每台主机的静态IP地址

• server端操作

[root@server ~]# nmcli connection modify ens160 ipv4.addresses 192.168.80.129/24 ipv4.gateway 192.168.80.2 ipv4.dns 114.114.114.114 ipv4.method manual
[root@server ~]# nmcli connection reload
[root@server ~]# nmcli connection up ens160
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/4）

• node1端操作

[root@node1 ~]# nmcli connection modify ens160 ipv4.addresses 192.168.80.130/24 ipv4.gateway 192.168.80.2 ipv4.dns 114.114.114.114 ipv4.method manual
[root@node1 ~]# nmcli connection reload
[root@node1 ~]# nmcli connection up ens160
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/2）

• node2端操作

[root@node2 ~]# nmcli connection modify ens160 ipv4.addresses 192.168.80.131/24 ipv4.gateway 192.168.80.2 ipv4.dns 114.114.114.114 ipv4.method manual
[root@node2 ~]# nmcli connection reload
[root@node2 ~]# nmcli connection up ens160
连接已成功激活（D-Bus 活动路径：/org/freedesktop/NetworkManager/ActiveConnection/2）

3.每台主机设置主机名

• server端

[root@server ~]# hostnamectl set-hostname server.example.com
[root@server ~]# bash
[root@server ~]# reboot
[root@server ~]#

• node1端

[root@node1 ~]# hostnamectl set-hostname node1.example.com
[root@node1 ~]# bash
[root@node1 ~]# reboot
[root@node1 ~]#

• node2端

[root@node2 ~]# hostnamectl set-hostname node2.example.com
[root@node2 ~]# bash
[root@node2 ~]# reboot
[root@node2 ~]#

4.每台主机设置host映射

• server端

[root@server ~]# vim /etc/hosts
[root@server ~]# cat /etc/hosts
127.0.0.1         server.example.com
192.168.80.129    server.example.com
192.168.80.130    node1.example.com
192.168.80.131    node2.example.com

• node1端

[root@node1 ~]# vim /etc/hosts
[root@node1 ~]# cat /etc/hosts
127.0.0.1         node1.example.com
192.168.80.129    server.example.com
192.168.80.130    node1.example.com
192.168.80.131    node2.example.com

• node2端

[root@node2 ~]# vim /etc/hosts
[root@node2 ~]# cat /etc/hosts
127.0.0.1         node2.example.com
192.168.80.129    server.example.com
192.168.80.130    node1.example.com
192.168.80.131    node2.example.com

5.多台主机通过ssh免密登录

• server端操作

[root@server ~]# ssh-keygen -t rsa   #之后一路回车
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:087zOwx6jrL5/TT1N9+CY+fmPdvIAcn3MyEHPK0Wwhg root@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
|         E       |
|          + . .  |
|         . o = . |
|         . ...=  |
|        S . ++oo |
|         +. .+oo.|
|         .+oo..++|
|      ...o.+*o+=O|
|      o+oooo+O=oB|
+----[SHA256]-----+
[root@server ~]# ssh-copy-id    node1.example.com   #server端向node1分发密钥
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node1.example.com (192.168.80.130)' can't be established.
ED25519 key fingerprint is SHA256:8/9KJPE9MmvW3tHXlBouijAhOshcqcqUX2ejOmS28tk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1.example.com's password:       #输入登录node1的密码 
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node1.example.com'"
and check to make sure that only the key(s) you wanted were added.

[root@server ~]# ssh-copy-id node2.example.com      #server端向node2分发密钥
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node2.example.com (192.168.80.131)' can't be established.
ED25519 key fingerprint is SHA256:8/9KJPE9MmvW3tHXlBouijAhOshcqcqUX2ejOmS28tk.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: node1.example.com
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2.example.com's password:    #输入登录node2的密码 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node2.example.com'"
and check to make sure that only the key(s) you wanted were added.

• 测试

[root@server ~]# ssh node1.example.com  #server端远程登录到node1端
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Jul  5 07:34:02 2024 from 192.168.80.129
[root@node1 ~]# exit   #已成功，注销
注销
Connection to node1.example.com closed.
[root@server ~]#

[root@server ~]# ssh node2.example.com   #server端远程登录到node2端
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Jul  5 07:34:21 2024 from 192.168.80.130
[root@node2 ~]# exit    #已成功，注销后回到server端
注销
Connection to node2.example.com closed.
[root@server ~]# 

6.所有主机安全软件关闭

• server端

[root@server ~]# getenforce
Disabled
[root@server ~]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset:>
     Active: inactive (dead)
       Docs: man:firewalld(1)
[root@server ~]#

• node1端

[root@node1 ~]# getenforce
Disabled
[root@node1 ~]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset:>
     Active: inactive (dead)
       Docs: man:firewalld(1)
[root@node1 ~]#

• node2端

[root@node2 ~]# getenforce
Disabled
[root@node2 ~]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset:>
     Active: inactive (dead)
       Docs: man:firewalld(1)
[root@node2 ~]#

7.注意

• server、node1、node2在学期做实验时可以做快照
• 免密登录时，若为普通账户则使用sudo进行提权

安装Ansible

• 下载基于rhel9的epel扩展源

[root@server ~]# yum list | grep ansible    #查看原yum源中的ansible包
ansible-collection-microsoft-sql.noarch              2.2.3-2.el9                        app
ansible-collection-redhat-rhel_mgmt.noarch           1.1.0-2.el9                        app
ansible-core.x86_64                                  1:2.14.17-1.el9                    app
ansible-freeipa.noarch                               1.13.2-1.el9                       app
ansible-freeipa-collection.noarch                    1.13.2-1.el9                       app
ansible-freeipa-tests.noarch                         1.13.2-1.el9                       app
ansible-pcp.noarch                                   2.3.0-1.el9                        app
ansible-test.x86_64                                  1:2.14.17-1.el9                    app
[root@server ~]# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm  #装红帽扩展包
正在更新 Subscription Management 软件仓库。
无法读取客户身份

本系统尚未在权利服务器中注册。可使用 subscription-manager 进行注册。

上次元数据过期检查：1:05:46 前，执行于 2024年07月05日 星期五 07时04分52秒。
epel-release-latest-9.noarch.rpm                         6.5 kB/s |  19 kB     00:02
依赖关系解决。
=========================================================================================
 软件包                 架构             版本               仓库                    大小
=========================================================================================
安装:
 epel-release           noarch           9-7.el9            @commandline            19 k

事务概要
=========================================================================================
安装  1 软件包

总计：19 k
安装大小：26 k
确定吗？[y/N]： y
下载软件包：
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
  准备中  :                                                                          1/1
  安装    : epel-release-9-7.el9.noarch                                              1/1
  运行脚本: epel-release-9-7.el9.noarch                                              1/1
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB repository.

  验证    : epel-release-9-7.el9.noarch                                              1/1
已更新安装的产品。

已安装:
  epel-release-9-7.el9.noarch

完毕！
[root@server ~]# yum makecache  #制作缓存
正在更新 Subscription Management 软件仓库。
无法读取客户身份

本系统尚未在权利服务器中注册。可使用 subscription-manager 进行注册。

appstream                                                4.8 kB/s | 4.4 kB     00:00
basestream                                               5.7 kB/s | 3.9 kB     00:00
Extra Packages for Enterprise Linux 9 - x86_64           1.1 MB/s |  22 MB     00:19
Extra Packages for Enterprise Linux 9 openh264 (From Cis 570  B/s | 2.5 kB     00:04
元数据缓存已建立。
[root@server ~]# yum list | grep ansible  #装完红帽扩展包后，检查ansible包
ansible.noarch                                                                           1:7.7.0-1.el9                        epel
ansible-collection-ansible-posix.noarch                                                  1.5.4-1.el9                          epel
ansible-collection-awx-awx.noarch                                                        24.3.1-1.el9                         epel
ansible-collection-chocolatey-chocolatey.noarch                                          1.4.0-1.el9                          epel
ansible-collection-community-crypto.noarch                                               2.15.0-1.el9                         epel
ansible-collection-community-docker.noarch                                               3.4.6-1.el9                          epel
ansible-collection-community-general.noarch                                              7.5.0-1.el9                          epel
ansible-collection-community-libvirt.noarch                                              1.2.0-1.el9                          epel
ansible-collection-community-mysql.noarch                                                3.5.1-1.el9                          epel
ansible-collection-community-postgresql.noarch                                           3.0.0-1.el9                          epel
ansible-collection-community-rabbitmq.noarch                                             1.2.3-1.el9                          epel
ansible-collection-containers-podman.noarch                                              1.12.0-5.el9                         epel
ansible-collection-mdellweg-filters.noarch                                               0.0.3-1.el9                          epel
ansible-collection-microsoft-sql.noarch                                                  2.2.3-2.el9                          app
ansible-collection-netbox-netbox.noarch                                                  3.9.0-1.el9                          epel
ansible-collection-pulp-pulp_installer.noarch                                            3.22.1-2.el9                         epel
ansible-collection-pulp-pulp_installer-doc.noarch                                        3.22.1-2.el9                         epel
ansible-collection-redhat-rhel_mgmt.noarch                                               1.1.0-2.el9                          app
ansible-core.x86_64                                                                      1:2.14.17-1.el9                      app
ansible-freeipa.noarch                                                                   1.13.2-1.el9                         app
ansible-freeipa-collection.noarch                                                        1.13.2-1.el9                         app
ansible-freeipa-tests.noarch                                                             1.13.2-1.el9                         app
ansible-packaging.noarch                                                                 1-12.el9                             epel
ansible-packaging-tests.noarch                                                           1-12.el9                             epel
ansible-pcp.noarch                                                                       2.3.0-1.el9                          app
ansible-srpm-macros.noarch                                                               1-12.el9                             epel
ansible-test.x86_64                                                                      1:2.14.17-1.el9                      app
python3-ansible-lint.noarch                                                              1:5.4.0-2.el9                        epel
python3-pytest-testinfra+ansible.noarch                                                  10.1.0-2.el9                         epel
vim-ansible.noarch                                                                       3.2-1.el9                            epel
[root@server ~]# yum install ansiblele.noarch   #安装ansible
正在更新 Subscription Management 软件仓库。
无法读取客户身份

本系统尚未在权利服务器中注册。可使用 subscription-manager 进行注册。

上次元数据过期检查：0:01:24 前，执行于 2024年07月05日 星期五 08时12分13秒。
未找到匹配的参数: ansiblele.noarch
错误：没有任何匹配: ansiblele.noarch
[root@server ~]# yum install ansible.noarch
正在更新 Subscription Management 软件仓库。
无法读取客户身份

本系统尚未在权利服务器中注册。可使用 subscription-manager 进行注册。

上次元数据过期检查：0:01:36 前，执行于 2024年07月05日 星期五 08时12分13秒。
依赖关系解决。
=========================================================================================
 软件包                       架构           版本                     仓库          大小
=========================================================================================
安装:
 ansible                      noarch         1:7.7.0-1.el9            epel          34 M
安装依赖关系:
 ansible-core                 x86_64         1:2.14.17-1.el9          app          2.6 M
 git-core                     x86_64         2.43.5-1.el9             app          4.4 M
 python3-cffi                 x86_64         1.14.5-5.el9             app          253 k
 python3-cryptography         x86_64         36.0.1-4.el9             base         1.2 M
 python3-packaging            noarch         20.9-5.el9               app           77 k
 python3-ply                  noarch         3.11-14.el9              app          106 k
 python3-pycparser            noarch         2.20-6.el9               app          135 k
 python3-pyparsing            noarch         2.4.7-9.el9              base         150 k
 python3-resolvelib           noarch         0.5.4-5.el9              app           34 k
 sshpass                      x86_64         1.09-4.el9               app           28 k

事务概要
=========================================================================================
安装  11 软件包

总下载：43 M
安装大小：403 M
确定吗？[y/N]： y
下载软件包：
(1/11): python3-cffi-1.14.5-5.el9.x86_64.rpm             156 kB/s | 253 kB     00:01
(2/11): git-core-2.43.5-1.el9.x86_64.rpm                 1.2 MB/s | 4.4 MB     00:03
[MIRROR] python3-packaging-20.9-5.el9.noarch.rpm: Status code: 502 for https://mirrors.aliyun.com/centos-stream/9-stream/AppStream/x86_64/os/Packages/python3-packaging-20.9-5.el9.noarch.rpm (IP: 124.89.110.220)
[MIRROR] python3-packaging-20.9-5.el9.noarch.rpm: Status code: 502 for https://mirrors.aliyun.com/centos-stream/9-stream/AppStream/x86_64/os/Packages/python3-packaging-20.9-5.el9.noarch.rpm (IP: 124.89.110.220)
(3/11): ansible-core-2.14.17-1.el9.x86_64.rpm            214 kB/s | 2.6 MB     00:12
[MIRROR] python3-packaging-20.9-5.el9.noarch.rpm: Status code: 502 for https://mirrors.aliyun.com/centos-stream/9-stream/AppStream/x86_64/os/Packages/python3-packaging-20.9-5.el9.noarch.rpm (IP: 124.89.110.220)
(4/11): python3-packaging-20.9-5.el9.noarch.rpm          6.6 kB/s |  77 kB     00:11
(5/11): python3-resolvelib-0.5.4-5.el9.noarch.rpm         91 kB/s |  34 kB     00:00
(6/11): sshpass-1.09-4.el9.x86_64.rpm                     69 kB/s |  28 kB     00:00
(7/11): python3-cryptography-36.0.1-4.el9.x86_64.rpm     1.4 MB/s | 1.2 MB     00:00
(8/11): python3-pyparsing-2.4.7-9.el9.noarch.rpm         574 kB/s | 150 kB     00:00
(9/11): ansible-7.7.0-1.el9.noarch.rpm                   2.1 MB/s |  34 MB     00:16
[MIRROR] python3-ply-3.11-14.el9.noarch.rpm: Curl error (28): Timeout was reached for https://mirrors.aliyun.com/centos-stream/9-stream/AppStream/x86_64/os/Packages/python3-ply-3.11-14.el9.noarch.rpm [Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds]
[MIRROR] python3-pycparser-2.20-6.el9.noarch.rpm: Curl error (28): Timeout was reached for https://mirrors.aliyun.com/centos-stream/9-stream/AppStream/x86_64/os/Packages/python3-pycparser-2.20-6.el9.noarch.rpm [Operation too slow. Less than 1000 bytes/sec transferred the last 30 seconds]
[FAILED] python3-pycparser-2.20-6.el9.noarch.rpm: No more mirrors to try - All mirrors were already tried without success
(11/11): python3-ply-3.11 99% [=======================-] 2.1 MB/s |  43 MB     00:00 ETA
下载的软件包保存在缓存中，直到下次成功执行事务。
您可以通过执行 'yum clean packages' 删除软件包缓存。
错误：下载软件包出错 :
  python3-pycparser-2.20-6.el9.noarch: Cannot download, all mirrors were already tried without success
[root@server ~]#

• 测试

[root@server ~]# ansible --version   #通过查看版本检索安装是否成功
ansible [core 2.14.17]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.14 (main, Sep 21 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

[root@server ~]# vim  /etc/ansible/hosts   # 设置管理机的主机清单，输入受空机
node1.example.com
node2.example.com
[root@server ~]# ansible  all  -m  ping  # 测试受控机是否能管理
node2.example.com | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
node1.example.com | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}