学海无涯
go,go,go

ansible安装配置免密管理端实操

配置管理端主机名称
hostnamectl set-hostname ansible
#使主机名称生效
exec bash

#安装ansible
yum install -y ansible
#检查
rpm -ql ansible|less

#简单的配置/etc/ansible/hosts主机清单文件,配置完不需要重启ansible
cat >/etc/ansible/hosts<<'EOF'
192.168.2.189
192.168.2.196
192.168.2.197
EOF

测试ping模块,197和196密码一样可以直接2台主机测试通不通
#-k链接指定要输入链接密码,默认key验证
#-m指定使用什么模块
ping模块是使用ssh协议
[root@ansible ~]# ansible 192.168.2.196,192.168.2.197 -m ping -k
SSH password: 
192.168.2.196 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.2.197 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

#3台主机的时候,197和196密码一样,189密码不一样就无法连接,输入的密码是197和196的密码
[root@ansible ~]# ansible 192.168.2.196,192.168.2.197,192.168.2.189 -m ping -k
SSH password: 
192.168.2.189 | FAILED! => {
    "msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this.  Please add this host's fingerprint to your known_hosts file to manage this host."
}
192.168.2.197 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.2.196 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
#红色的是报错,绿色的就是成功
配置管理主机的配置文件
#被管理的主机必须放在主机清华文件里/etc/ansible/hosts主机清单文件
#配置方法可以直接写ip地址:192.168.2.1
#也可以写连续的ip地址:192.168.2.[100:200]指定的ip地址从100到200
cat >/etc/ansible/hosts<<'EOF'
[web]
192.168.2.189
192.168.2.196
[db]
192.168.2.[196:197]
EOF
#配置完成
[root@ansible ~]# cat /etc/ansible/hosts 
[web]
192.168.2.189
192.168.2.196
[db]
192.168.2.[196:197]
再次测试ping模块
[root@ansible ~]# ansible db -m ping -k
SSH password: 
192.168.2.197 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.2.196 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}


#修改ansible的配置文件
#打开日志记录
sed -ri 's@#log_path = /var/log/ansible.log@log_path = /var/log/ansible.log@g' /etc/ansible/ansible.cfg
#检查服务器host-key,取消注销改为False就是不检查
sed -ri 's@#host_key_auto_add = True@host_key_auto_add = False@g' /etc/ansible/ansible.cfg

指定远程默认端口,默认为22修改可以提高安全性
#remote_port    = 22
这里是把ansible管理端要执行的命令临时的复制到远程主机~/.ansible/tmp这个目录下。然后在远程主机执行,执行完毕就删除命令
#remote_tmp     = ~/.ansible/tmp
如果管理端要在本机执行ansible的管理命令那么本机也会把要执行的命令存放到本机的此目录~/.ansible/tmp,然后执行,执行完毕就删除
#local_tmp      = ~/.ansible/tmp
ansible管理端执行命令一次最多在5台服务器上执行
#forks          = 5
使用sudo的方式远程执行ansible管理端的命令
#sudo_user      = root
#ask_sudo_pass = True
#ask_pass      = True
记录ansible的日志配置
#log_path = /var/log/ansible.log
检查服务器host-key,取消注销改为False就是不检查

#配置ssh-key秘钥对实现ansible免密管理
[root@ansible ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:f6/PUlNQUgIPrti4tPJusMlf+ud1tfqHXOHBrEW2b+I root@ansible
The key's randomart image is:
+---[RSA 2048]----+
|            o.ooo|
|           . o.= |
|            . *..|
|         + .   B.|
|        S o   +.=|
|      .. +   .+.*|
|     ..+o o .+.B.|
|      +o.o .o+E..|
|       +=..oo==..|
+----[SHA256]-----+



#推送公钥到被管理端实现免密管理
ssh-copy-id 192.168.2.189
ssh-copy-id 192.168.2.196
ssh-copy-id 192.168.2.197

#all代表所有的主机
[root@ansible ~]# ansible all -m ping
192.168.2.197 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.2.196 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.2.189 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}


#查看日志
[root@ansible ~]# cat /var/log/ansible.log 
2020-01-17 17:14:37,740 p=root u=6680 | 192.168.2.197 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
2020-01-17 17:14:37,752 p=root u=6680 | 192.168.2.196 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
2020-01-17 17:14:37,902 p=root u=6680 | 192.168.2.189 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
赞(0) 打赏
未经允许不得转载:YYQ运维技术博客_运维的工作学习之路 » ansible安装配置免密管理端实操
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

运维devops

联系我们关于本博客

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏