1.环境准备

关闭防火墙

[root@ansible-1 ~]# systemctl stop firewalld
[root@ansible-1 ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
# setenforce 0
# cat /etc/selinux/config 
…
#     disabled - No SELinux policy is loaded.
SELINUX=disabled    //将此处改为disabled
# SELINUXTYPE= can take one of three two values:
…
[root@ansible-1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.100 ansible-1    //添加两台主机的IP和主机名
192.168.200.110 ansible-2

更改源为阿里，并安装epel仓库

[root@ansible-1 ~]# #wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-6.repo
[root@ansible-1 ~]# #rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[root@ansible-1 ~]# # yum install epel-release -y

2.建立互信

在AB主机中生成密钥

[root@ansible-1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1a:42:a5:2f:7a:17:82:33:2f:4a:7b:e4:24:a6:1d:0f root@ansible-1
The key's randomart image is:
+--[ RSA 2048]----+
|      .          |
|     o           |
|    o            |
|   o .           |
|  + + + S        |
| oEB + +         |
|ooB+o o          |
|o.o=..           |
|...              |
+-----------------+
[root@ansible-1 ~]# cd .ssh/
[root@ansible-1 .ssh]# ls
id_rsa  id_rsa.pub
[root@ansible-1 .ssh]# cat id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkkgxhQ//HoJBFhgF4eRFDOzHKMfma5w012MwNsIYr2GA9POhMlbcpZcmUYkU59vNuZv3jN3MfeeGieiCXFXVCCZ8sasRPf84NqkDU6sXl4RdR70ZmPY9m3Vn3QLbs25oz6aumAtotstPH+jBA+CKaze0xlL12jH94yRToc0lLVa2k4gxkjd2Um6Co9m2NpkdWJ320np4avJMdFF50beZ4sicH0UZc5PXataS1cMC+TM8D/EWR4X4AGw/sBzQiOY5YqZ2rzf+hwu6yekAtlG1qCpPJ9SxBK6OUdY6CPoFRekFADyyLLh1RHn37OEMKDf5phzUgx9ATDTFFLeuJAmFV root@ansible-1
[root@ansible-1 .ssh]#

复制私钥

[root@ansible-2 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
56:19:87:9a:a8:b1:3c:10:20:e1:89:df:47:de:8b:48 root@ansible-2
The key's randomart image is:
+--[ RSA 2048]----+
|+o        ...    |
|+ o       .+     |
|.o .  .. oo      |
| ....o..o.       |
|  .oE+o S        |
|   .=o o .       |
|    ... .        |
|                 |
|                 |
+-----------------+
[root@ansible-2 ~]# cd .ssh/
[root@ansible-2 .ssh]# vim authorized_keys
[root@ansible-2 .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkkgxhQ//HoJBFhgF4eRFDOzHKMfma5w012MwNsIYr2GA9POhMlbcpZcmUYkU59vNuZv3jN3MfeeGieiCXFXVCCZ8sasRPf84NqkDU6sXl4RdR70ZmPY9m3Vn3QLbs25oz6aumAtotstPH+jBA+CKaze0xlL12jH94yRToc0lLVa2k4gxkjd2Um6Co9m2NpkdWJ320np4avJMdFF50beZ4sicH0UZc5PXataS1cMC+TM8D/EWR4X4AGw/sBzQiOY5YqZ2rzf+hwu6yekAtlG1qCpPJ9SxBK6OUdY6CPoFRekFADyyLLh1RHn37OEMKDf5phzUgx9ATDTFFLeuJAmFV root@ansible-1
[root@ansible-2 .ssh]# chmod 700 authorized_keys 
[root@ansible-2 .ssh]# ssh 192.168.200.100
[root@ansible-1 .ssh]# vim authorized_keys
[root@ansible-1 .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8B3f352Pf/8JYupVLRqAaUoFHzV+MQYcRu4G3CpJKNpDVpsKbS1yMCVK7NGSbwGhV2j2kLJ2Kzvo9Q4Sg1QKxmTFpOl1HboOvbxY91el9VTweYaivv7HI7w5Xq641ky6gQyPY5nKWrDhmiLg9JRCaCokRfO39t2ZJPUzYu2MD/QqTAnBB+H06grJ4vrkWSxZCv15/JvDbPjCfIrwWfy6inZeACVx7mBzD9JsEnYXNzXJGK0O45wL5JADnqRFdskP7tOF0B8Wwn7EDUjJycZbTwwpRFaZltFkLfh7RuKU2pi9TUUiPzoWcHhrk3B18ap8a411sqBYqO73INCcmQ90X root@ansible-2
[root@ansible-1 .ssh]# chmod 700 authorized_keys

验证互信是否建立成功

[root@ansible-1 ~]# ssh 192.168.200.110
Last login: Thu Apr 21 23:39:13 2022 from 192.168.200.100
[root@ansible-2 ~]# 
[root@ansible-2 ~]# ssh 192.168.200.100
Last login: Thu Apr 21 23:39:23 2022 from 192.168.200.110
[root@ansible-1 ~]#

3.安装ansible

[root@ansible-1 ~]# yum install -y ansible
[root@ansible-1 ~]# ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]

4.设置主机组

[root@ansible-1 ~]# vim /etc/ansible/hosts 
插入以下：
[testhost]
192.168.200.100 \\A主机的IP
192.168.200.110 \\B主机的IP

说明：testhost为自定义的主机组名字，下面两个IP为组内的机器IP。

如果在对本机（即安装ansible的节点）进行ssh连接时报错：

192.168.200.100 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", 
    "unreachable": true
}

原因分析：没有在该节点（即安装ansible的节点）上添加目标节点（即需要管理的节点）的ssh认证信息。
解决方法：

[root@ansible-1 ~]# ssh-copy-id root@ansible-1
The authenticity of host 'ansible-1 (192.168.200.100)' can't be established.
ECDSA key fingerprint is aa:1a:ea:6b:db:bf:68:ab:fa:2c:61:8e:7c:e1:58:89.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@ansible-1's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'root@ansible-1'"
and check to make sure that only the key(s) you wanted were added.

这里root是在目标节点上登录的用户，@符号后面接目标节点IP即可，之后会提示输入目标节点root用户密码，输入即可。
添加认证信息后，目标节点主机的~/.ssh/目录下将会出现一个authorized_keys文件，里面包含了ansible管理节点的公钥信息，可以检查一下是否存在。