针对Andsible在Kylin系统下的安装
一、Docker 与 Docker Compose 环境部署
1.1 Docker 环境安装
# 列出安装文件
ls
# 解压docker二进制包
tar xzvf docker-24.0.9.tgz
# 安装containerd的RPM包
rpm -ivh --force --nodeps containerd.io-1.6.21-3.1.el7.aarch64.rpm
# 检查版本
docker -v
containerd -v
# 后台启动Docker引擎(未配置service时)
dockerd &
# 检查运行状态
ps -ef | grep containerd
docker info | grep "Container Runtime"1.2 Docker 服务配置(systemd 管理)
# 创建service文件
sudo vim /usr/lib/systemd/system/docker.service添加以下内容:
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target# 配置生效
sudo systemctl daemon-reload
sudo systemctl enable --now docker
# 验证状态
systemctl status docker1.3 Docker 与 containerd 联动配置
# 编辑配置文件
sudo vim /etc/docker/daemon.json添加内容:
{
"containerd": "/run/containerd/containerd.sock"
}# 重启服务
sudo systemctl restart docker
# 验证配置
docker info | grep "Container Runtime"1.4 Docker Compose 安装(两种方案)
方案一:独立二进制包安装
# 移动二进制文件
sudo mv /mnt/docker-compose-linux-aarch64-v2.17.0 /usr/local/bin/docker-compose
# 添加执行权限
sudo chmod +x /usr/local/bin/docker-compose
# 创建软链接(可选)
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
# 验证版本
docker-compose --version方案二:插件式安装
# 下载插件
cd /tmp
sudo curl -L "https://github.com/docker/compose/releases/download/v2.20.0/docker-compose-linux-aarch64" -o /usr/libexec/docker/cli-plugins/docker-compose
# 添加权限
sudo chmod +x /usr/libexec/docker/cli-plugins/docker-compose
# 验证版本
docker compose version卸载方法
# 删除主文件
sudo rm -f /usr/local/bin/docker-compose
# 删除软链接
sudo rm -f /usr/bin/docker-compose
# 删除插件文件
sudo rm -f ~/.docker/cli-plugins/docker-compose1.5 Docker Compose 基础使用
# docker-compose.yml示例
version: '3' # Docker 18.09最高支持3.7
services:
nginx:
image: nginx:alpine
ports:
- "80:80"
restart: always
container_name: my-nginx
redis:
image: redis:alpine
ports:
- "6379:6379"
restart: always
container_name: my-redis# 独立版命令
docker-compose up -d # 启动
docker-compose ps # 查看状态
docker-compose down # 停止
docker-compose logs nginx # 查看日志
# 插件版命令
docker compose up -d
docker compose ps
docker compose down
docker compose logs nginx二、Python 3.11 环境部署
2.1 系统依赖安装
# CentOS/RHEL系统
yum install -y gcc make patch zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel tk-devel libffi-devel xz-devel wget
# Ubuntu系统
apt update
apt install -y software-properties-common gcc make zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev libssl-dev tk-dev libffi-dev xz-utils wget2.2 源码编译安装
# 下载源码
wget https://www.python.org/ftp/python/3.11.6/Python-3.11.6.tgz
tar -xf Python-3.11.6.tgz
cd Python-3.11.6
# 配置编译选项
./configure --prefix=/usr/local/python311 --enable-optimizations --with-ensurepip=install
make -j $(nproc)
make altinstall
# 创建软链接
ln -s /usr/local/python311/bin/python3.11 /usr/bin/python3.11
ln -s /usr/local/python311/bin/pip3.11 /usr/bin/pip3.11
# 验证安装
python3.11 --version
pip3.11 --version2.3 Ubuntu 系统简化安装
add-apt-repository -y ppa:deadsnakes/ppa
apt update
apt install -y python3.11 python3.11-pip python3.11-dev三、Ansible 安装(三种方案对比)
方案一:RPM 包安装(推荐生产环境)
[root@host-192-168-100-165 ~]# tree ansible-Sys-rpm-zl1.5
ansible-Sys-rpm-zl1.5 ├── createrepo │ ├── createrepo_c-0.15.0-4.p02.ky10.aarch64.rpm │ ├── dnf-plugins-core-4.0.11-5.ky10.noarch.rpm │ ├── dnf-plugins-core-4.0.17-3.ky10.noarch.rpm │ ├── drpm-0.4.1-3.ky10.aarch64.rpm │ ├── python3-dnf-plugins-core-4.0.11-5.ky10.noarch.rpm │ └── python3-dnf-plugins-core-4.0.17-3.ky10.noarch.rpm ├── deps │ ├── rpm-deps-deps.txt │ └── rpm-deps-list.txt ├── telnet │ ├── libssh2-1.9.0-2.ky10.aarch64.rpm │ ├── nmap-7.70-12.ky10.aarch64.rpm │ └── telnet-0.17-75.ky10.aarch64.rpm ├── rpm │ ├── ansible-2.8.8-1.ky10.noarch.rpm │ ├── e2fsprogs-devel-1.45.3-4.p01.ky10.aarch64.rpm │ ├── gcc-7.3.0-20190804.h30.ky10.aarch64.rpm │ ├── git-2.23.0-12.ky10.aarch64.rpm │ ├── gzip-1.9-18.ky10.aarch64.rpm │ ├── keyutils-libs-devel-1.5.10-11.ky10.aarch64.rpm │ ├── krb5-devel-1.17-9.ky10.aarch64.rpm │ ├── libffi-devel-3.3-7.ky10.aarch64.rpm │ ├── libselinux-devel-2.9-se.05.ky10.aarch64.rpm │ ├── libsepol-devel-2.9-1.ky10.aarch64.rpm │ ├── libverto-devel-0.3.1-2.ky10.aarch64.rpm │ ├── openssh-7.8p1-8.ky10.aarch64.rpm │ ├── openssl-devel-1.1.1d-9.ky10.aarch64.rpm │ ├── pcre2-devel-10.33-2.ky10.aarch64.rpm │ ├── python3-3.7.4-8.se.01.ky10.aarch64.rpm │ ├── python3-devel-3.7.4-8.se.01.ky10.aarch64.rpm │ ├── python3-pip-18.0-12.ky10.noarch.rpm │ ├── python3-setuptools-40.4.3-4.ky10.noarch.rpm │ ├── rsync-3.1.3-6.ky10.aarch64.rpm │ ├── sshpass-1.06-8.ky10.aarch64.rpm │ ├── tar-1.30-11.ky10.aarch64.rpm │ ├── unzip-6.0-45.ky10.aarch64.rpm │ ├── zip-3.0-25.ky10.aarch64.rpm │ └── zlib-devel-1.2.11-17.1.ky10.aarch64.rpm └── rpm-pip ├── libsodium-1.0.16-7.ky10.aarch64.rpm ├── python3-asn1crypto-0.24.0-8.ky10.noarch.rpm ├── python3-babel-2.7.0-1.ky10.noarch.rpm ├── python3-bcrypt-3.1.4-7.ky10.aarch64.rpm ├── python3-cffi-1.11.5-10.ky10.aarch64.rpm ├── python3-cryptography-2.6.1-1.ky10.aarch64.rpm ├── python3-jinja2-2.10-10.1.ky10.noarch.rpm ├── python3-markupsafe-1.0-3.ky10.aarch64.rpm ├── python3-paramiko-2.4.1-7.ky10.noarch.rpm ├── python3-ply-3.9-9.ky10.noarch.rpm ├── python3-pyasn1-0.3.7-8.ky10.noarch.rpm ├── python3-pycparser-2.19-1.ky10.noarch.rpm ├── python3-pynacl-1.2.1-4.ky10.aarch64.rpm ├── python3-pyyaml-5.1.2-1.ky10.aarch64.rpm └── sshpass-1.06-8.ky10.aarch64.rpm[root@host-192-168-100-165 ~]# tree ansible-pip3-zl1.5
ansible-pip3-zl1.5 ├── pip │ ├── ansible_deps │ │ ├── ansible_core-2.19.5-py3-none-any.whl │ │ ├── ansible-12.2.0-py3-none-any.whl │ │ ├── cffi-2.0.0-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.whl │ │ ├── cryptography-46.0.3-cp311-abi3-manylinux_2_28_aarch64.whl │ │ ├── jinja2-3.1.6-py3-none-any.whl │ │ ├── markupsafe-3.0.3-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl │ │ ├── packaging-25.0-py3-none-any.whl │ │ ├── pycparser-2.23-py3-none-any.whl │ │ ├── pyyaml-6.0.3-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl │ │ └── resolvelib-1.2.1-py3-none-any.whl │ └── ansible-12.2.0-py3-none-any.whl └── Python └── Python-3.11.6.tgz[root@host-192-168-100-165 ~]# tar -vtf ansible-2.9.8.tar.gz
ansible-2.9.8/ ansible-2.9.8/.gitignore ansible-2.9.8/CHANGELOG.md ansible-2.9.8/CONTRIBUTING.md ansible-2.9.8/COPYING ansible-2.9.8/MANIFEST.in ansible-2.9.8/README.rst ansible-2.9.8/ansible/ ansible-2.9.8/ansible/cli/ ansible-2.9.8/setup.py ...
3.1.1 准备本地 YUM 源
# 解压安装包
mkdir -p /root/ansible
tar -zxvf /root/ansible-package-zl.tar.gz -C /root/ansible
cd /root/ansible
# 安装仓库工具
cd /root/ansible/createrepo
rpm -ivh python3-dnf-plugins-core-4.0.11-5.ky10.noarch.rpm
rpm -ivh dnf-plugins-core-4.0.11-5.ky10.noarch.rpm
rpm -ivh drpm-0.4.1-3.ky10.aarch64.rpm
rpm -ivh createrepo_c-0.15.0-4.p02.ky10.aarch64.rpm
# 生成仓库元数据
createrepo /root/ansible/rpm
createrepo /root/ansible/rpm-pip3.1.2 配置 YUM 源
# 备份原有源
mkdir -p /etc/yum.repos.d/backup
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/backup/
# 创建本地源配置
vi /etc/yum.repos.d/ansible-sys.repo添加内容:
[ansible-local]
name=rpm
baseurl=file:///root/ansible/rpm
gpgcheck=0
enabled=1
[ansible-pip-local]
name=Ansible-pip
baseurl=file:///root/ansible/rpm-pip
gpgcheck=0
enabled=1# 刷新缓存
yum clean all
yum makecache3.1.3 安装 Ansible
[root@host-192-168-100-17 ~]# yum install -y ansible
Last metadata expiration check: 0:00:30 ago on 2025年12月17日 星期三 11时55分12秒.
Dependencies resolved.
===================================================================================================================================================
Package Architecture Version Repository Size
===================================================================================================================================================
Installing:
ansible noarch 2.8.8-1.ky10 ansible-local 15 M
Installing dependencies:
libsodium aarch64 1.0.16-7.ky10 ansible-pip-local 101 k
python3-asn1crypto noarch 0.24.0-8.ky10 ansible-pip-local 180 k
python3-babel noarch 2.7.0-1.ky10 ansible-pip-local 5.9 M
python3-bcrypt aarch64 3.1.4-7.ky10 ansible-pip-local 36 k
python3-cryptography aarch64 2.6.1-1.ky10 ansible-pip-local 374 k
python3-jinja2 noarch 2.10-10.1.ky10 ansible-pip-local 222 k
python3-markupsafe aarch64 1.0-3.ky10 ansible-pip-local 28 k
python3-paramiko noarch 2.4.1-7.ky10 ansible-pip-local 270 k
python3-pyasn1 noarch 0.3.7-8.ky10 ansible-pip-local 215 k
python3-pynacl aarch64 1.2.1-4.ky10 ansible-pip-local 75 k
python3-pyyaml aarch64 5.1.2-1.ky10 ansible-pip-local 173 k
sshpass aarch64 1.06-8.ky10 ansible-local 25 k
Transaction Summary
===================================================================================================================================================
Install 13 Packages
Total size: 22 M
Installed size: 112 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-pyyaml-5.1.2-1.ky10.aarch64 1/13
Installing : python3-pyasn1-0.3.7-8.ky10.noarch 2/13
Installing : python3-markupsafe-1.0-3.ky10.aarch64 3/13
Installing : python3-bcrypt-3.1.4-7.ky10.aarch64 4/13
Installing : python3-babel-2.7.0-1.ky10.noarch 5/13
Installing : python3-jinja2-2.10-10.1.ky10.noarch 6/13
Installing : python3-asn1crypto-0.24.0-8.ky10.noarch 7/13
Installing : python3-cryptography-2.6.1-1.ky10.aarch64 8/13
Installing : libsodium-1.0.16-7.ky10.aarch64 9/13
Installing : python3-pynacl-1.2.1-4.ky10.aarch64 10/13
Installing : python3-paramiko-2.4.1-7.ky10.noarch 11/13
Installing : sshpass-1.06-8.ky10.aarch64 12/13
Installing : ansible-2.8.8-1.ky10.noarch 13/13
Running scriptlet: ansible-2.8.8-1.ky10.noarch 13/13
Verifying : ansible-2.8.8-1.ky10.noarch 1/13
Verifying : sshpass-1.06-8.ky10.aarch64 2/13
Verifying : libsodium-1.0.16-7.ky10.aarch64 3/13
Verifying : python3-asn1crypto-0.24.0-8.ky10.noarch 4/13
Verifying : python3-babel-2.7.0-1.ky10.noarch 5/13
Verifying : python3-bcrypt-3.1.4-7.ky10.aarch64 6/13
Verifying : python3-cryptography-2.6.1-1.ky10.aarch64 7/13
Verifying : python3-jinja2-2.10-10.1.ky10.noarch 8/13
Verifying : python3-markupsafe-1.0-3.ky10.aarch64 9/13
Verifying : python3-paramiko-2.4.1-7.ky10.noarch 10/13
Verifying : python3-pyasn1-0.3.7-8.ky10.noarch 11/13
Verifying : python3-pynacl-1.2.1-4.ky10.aarch64 12/13
Verifying : python3-pyyaml-5.1.2-1.ky10.aarch64 13/13
Installed:
ansible-2.8.8-1.ky10.noarch libsodium-1.0.16-7.ky10.aarch64 python3-asn1crypto-0.24.0-8.ky10.noarch
python3-babel-2.7.0-1.ky10.noarch python3-bcrypt-3.1.4-7.ky10.aarch64 python3-cryptography-2.6.1-1.ky10.aarch64
python3-jinja2-2.10-10.1.ky10.noarch python3-markupsafe-1.0-3.ky10.aarch64 python3-paramiko-2.4.1-7.ky10.noarch
python3-pyasn1-0.3.7-8.ky10.noarch python3-pynacl-1.2.1-4.ky10.aarch64 python3-pyyaml-5.1.2-1.ky10.aarch64
sshpass-1.06-8.ky10.aarch64
Complete!
# 验证安装
ansible --version方案二:PIP 安装(灵活版本控制)
3.2.1 在线环境依赖打包
# 配置国内源
mkdir -p ~/.config/pip
cat > ~/.config/pip/pip.conf << EOF
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
trusted-host = mirrors.aliyun.com
EOF
# 创建依赖清单
cat > requirements.txt << EOF
cryptography
jinja2
paramiko
pyyaml
ansible==2.8.8
EOF
# 下载依赖包
mkdir -p /root/ansible-pip-packages
cd /root/ansible-pip-packages
pip3 download -r /root/requirements.txt -d .
# 打包传输
cd /root
tar -zcvf ansible-pip-packages.tar.gz ansible-pip-packages/3.2.2 离线环境安装
# 传输并解压
scp ansible-pip-packages.tar.gz root@目标机:/root/
ssh root@目标机 "mkdir -p /root/ansible-offline/pip && tar -zxvf ansible-pip-packages.tar.gz -C /root/ansible-offline/pip --strip-components=1"
# 离线安装
ssh root@目标机 "cd /root/ansible-offline/pip && pip3 install --no-index --find-links=. *.whl"
# 验证
ssh root@目标机 "ansible --version"方案三:源码编译安装(自定义需求)
# 准备环境(参考RPM方案的YUM源配置)
yum install -y python3-jinja2 python3-pyyaml python3-pip python3-markupsafe sshpass python3-cryptography
# 解压源码
tar -zxf ansible-2.9.8.tar.gz
cd ansible-2.9.8
# 编译安装
python3 setup.py install
# 配置环境变量
echo "export PATH=\$PATH:/usr/local/bin" >> /etc/profile
source /etc/profile
# 验证
ansible --version3.3 通用配置:Ansible 基础设置
# 创建配置目录
mkdir -p /etc/ansible
# 配置文件
cat > /etc/ansible/ansible.cfg << EOF
[defaults]
interpreter_python = /usr/bin/python3.7
inventory = /etc/ansible/hosts
remote_user = root
host_key_checking = False
EOF
# 主机清单示例
cat > /etc/ansible/hosts << EOF
[kylin_nodes]
192.168.100.101
192.168.100.102
192.168.100.[103:110]
[kylin_nodes:vars]
ansible_ssh_user=root
ansible_python_interpreter=/usr/bin/python3.7
ansible_ssh_port=22
EOF3.4 SSH 免密配置
# 生成密钥对
ssh-keygen -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa
# 单台推送
ssh-copy-id root@192.168.100.101
# 批量推送
for ip in {101..110}; do
ssh-copy-id root@192.168.100.$ip
done
# 无ssh-copy-id命令时
cat ~/.ssh/id_rsa.pub | ssh root@192.168.100.101 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys && chmod 700 ~/.ssh"3.5 连通性测试
# 测试单个节点
ansible 192.168.100.101 -m ping
# 测试分组
ansible kylin_nodes -m ping
# 执行命令
ansible kylin_nodes -m command -a "cat /etc/os-release"四、Ansible AWX 部署(Web 管理界面)
4.1 环境准备
# 检查依赖
docker --version
docker compose version
git --version
ansible --version
# 系统配置
systemctl stop firewalld && systemctl disable firewalld
setenforce 0 && sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
systemctl restart docker4.2 源码部署
# 创建目录
mkdir -p /opt/awx && cd /opt/awx
# 克隆源码
git clone -b 17.1.0 https://gitee.com/mirrors/ansible-awx.git awx
cd awx/installer
# 配置安装参数
cp inventory inventory.bak
vim inventory # 根据需求修改配置
# 执行安装
ansible-playbook -i inventory install.yml -v4.3 镜像拉取(安装失败时手动执行)
docker pull ansible/awx_web:17.1.0
docker pull ansible/awx_task:17.1.0
docker pull postgres:12
docker pull redis:alpine4.4 运维管理
# 容器管理
cd /opt/awx/awx/installer
docker compose up -d # 启动
docker compose ps # 状态查看
docker compose down # 停止
docker compose logs awx_web # 日志查看
# 开机自启
systemctl enable --now docker五、系统配置补充
5.1 普通用户 Docker 权限配置
sudo groupadd docker
sudo usermod -aG docker $USER
newgrp docker5.2 系统源管理
# 备份系统源
mkdir -p /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
# 恢复系统源
rm -rf /etc/yum.repos.d/*.repo
mv /etc/yum.repos.d/bak/*.repo /etc/yum.repos.d/
rm -rf /etc/yum.repos.d/bak/
# 配置麒麟源(ARM架构)
cat > /etc/yum.repos.d/kylin_aarch64_zl.repo << EOF
[ks10-adv-os]
name = Kylin Linux Advanced Server 10 - Os
baseurl = http://update.cs2c.com.cn:8080/NS/V10/V10SP1/os/adv/lic/base/$basearch/
gpgcheck = 0
enabled = 1
[ks10-adv-updates]
name = Kylin Linux Advanced Server 10 - Updates
baseurl = http://update.cs2c.com.cn:8080/NS/V10/V10SP1/os/adv/lic/updates/$basearch/
gpgcheck = 0
enabled = 0
[ks10-adv-addons]
name = Kylin Linux Advanced Server 10 - Addons
baseurl = http://update.cs2c.com.cn:8080/NS/V10/V10SP1/os/adv/lic/addons/$basearch/
gpgcheck = 0
enabled = 0
EOF5.3 常用工具安装
yum install -y nmap-ncat telnet wget git