centos安装ansible集群

---

yum安装

• 集群IP列表

name	host
k8s-master	192.168.78.22
k8s-node1	192.168.78.23
k8s-node2	192.168.78.24

• 主机名称
  hostnamectl set-hostname k8s-master
hostnamectl set-hostname k8s-node1
hostnamectl set-hostname k8s-node2
  永久：echo "hostname=k8s-master" > /etc/sysconfig/network
• 域名解析

  cat >> /etc/hosts <<EOF
  192.168.78.22 k8s-master
  192.168.78.23 k8s-node1
  192.168.78.24 k8s-node2	
  EOF 
  

• 生成key
  ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ""

ssh7.0以上默认关闭dsa
ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ""

• 分发key

ssh-copy-id -i ~/.ssh/id_dsa.pub root@k8s-master
ssh-copy-id -i ~/.ssh/id_dsa.pub root@k8s-node1
ssh-copy-id -i ~/.ssh/id_dsa.pub root@k8s-node2
#RSA
ssh-copy-id -i ~/.ssh/id_rsa.pub root@k8s-master
ssh-copy-id -i ~/.ssh/id_rsa.pub root@k8s-node1
ssh-copy-id -i ~/.ssh/id_rsa.pub root@k8s-node2

• 安装ansible
  yum install -y epel-release ansible
• 安装ansible2.9.10

sudo apt install software-properties-common
sudo apt-add-repository ppa:ansible/ansible
sudo apt update
sudo apt install ansible

• 配置ansible集群

#追加
vim /etc/ansible/hosts;
[k8s]
k8s-master
k8s-node1
k8s-node2

• 查看版本及测试联通性
  ansible --version
ansible k8s -m command 'uptime'
ansible all -m ping

---

实践：使用ansible批量同步集群日期

集群安装ntp

yum install ntp -y
timedatectl set-ntp true
timedatectl set-timezone “Asia/Shanghai”

#循环执行
for i in 'yum install -y ntp' 'timedatectl set-ntp true' 'timedatectl set-timezone "Asia/Shanghai"';
do
ansible all -m command -a $i;
done

检查
ansible all -m command -a "date"

自动时间同步
1.配置开机启动校验
vim /etc/rc.d/rc.local
/usr/sbin/ntpdate -u cn.pool.ntp.org> /dev/null 2>&1; /sbin/hwclock -w
2.配置定时任务
每10分钟
vim /etc/crontab
*/10 * * * * root /usr/sbin/ntpdate -u cn.pool.ntp.org > /dev/null 2>&1; /sbin/hwclock -w
或者
crontab -e
*/10 * * * * /usr/sbin/ntpdate -u cn.pool.ntp.org > /dev/null 2>&1; /sbin/hwclock -w

playbook实践集群同步日期

---
- hosts: k8s
  remote_user: root
  any_errors_fatal: true
  gather_facts: no
  tasks:
  - name: check cron file
    shell: /usr/bin/ls /var/spool/cron/root
    ignore_errors: True
    register: result
  - name: 2
    file: path=/var/spool/cron/root state=touch
    when: result is failure
  - name: 集群时间同步安装
    yum: name=ntp state=latest
  - name: syn date
    shell: /usr/sbin/ntpdate -u cn.pool.ntp.org > /dev/null 2>&1
  - name: rc date
    shell: echo "/usr/sbin/ntpdate -u cn.pool.ntp.org > /dev/null 2>&1" >>/etc/rc.d/rc.local
  - name: chmod rc
    shell: chmod +x /etc/rc.d/rc.local
  - name: cron date
    shell: echo "*/10 * * * * /usr/sbin/ntpdate -u cn.pool.ntp.org > /dev/null 2>&1;" >> /var/spool/cron/root

检查yaml语法
ansible-playbook [file-name].yml --syntax-check
执行
ansible-playbook [file-name].yml

ansible-playbook a.yml --syntax-check #检查yaml文件的语法是否正确
ansible-playbook a.yml --list-task #检查tasks任务
ansible-playbook a.yml --list-hosts #检查生效的主机
ansible-playbook a.yml --start-at-task=‘Copy Nginx.conf’ #指定从某个task开始运行

playbook常用模块讲解

• yum_repository

tasks:
  - name: add test yum repo
    yum_repository:
      name: test
      description: Kubernetes
      baseurl:
        - https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
      gpgcheck: yes
      gpgkey: https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
      file: test

yum_repository是ansible配置yum源的模块
name: [仓库id]，即[test]
description:仓库名字即name
baseurl:源网址即baseurl
file:即文件名称即test.repo的test
gpgcheck:即gpgcheck
gpgkey:即gpgkey

cat test.repo 
[test]
baseurl = https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
gpgcheck = 1
gpgkey = https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
name = Kubernetes

• get_url

- name: add docker repo
    get_url: url=https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo dest=/root/docker-ce.repo

get_url即文件下载模块，同wget
url:即下载路径
dest:即保存目录，可重定文件名
类比wget命令：
wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

积累

cat install_docker.yml

---
- hosts: k8s
  remote_user: duanyiwen
  become: yes
  become_user: root
  gather_facts: false
  tasks:
  - name: uninstall
    apt: name={{ item }} state=absent
    with_items:
      - docker
      - docker-engine
      - docker-ce
      - docker.io
    ignore_errors: True
    register: result
  - name: install_YL
    apt: name={{ item }} state=present
    with_items:
      - apt-transport-https
      - ca-certificates
      - curl
      - software-properties-common
  - name: GPG
    shell: curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | apt-key add -
  - name: set-repo
    shell: add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
  - name: update
    apt: update_cache=yes
  - name: install
    apt: name=docker-ce=18.06.3~ce~3-0~ubuntu state=present

cat main.yml

---
- include: install_docker.yml
  tags: docker==18.06.3~ce~3-0~ubuntu