ansible作业（一）

最新推荐文章于 2024-07-14 16:38:37 发布

Hi_yang_sir_

最新推荐文章于 2024-07-14 16:38:37 发布

阅读量433

点赞数

文章标签： ansible linux 运维

本文链接：https://blog.csdn.net/Hi_yang_sir_/article/details/128523939

版权

1.安装ansible
        cd /etc/yum.repos.d
        # 2.2.1配置centos8基础源
        [root@localhost yum.repos.d]vim /etc/yum.repos.d/base.repo
        [AppStream]
        name=AppStream
        baseurl=https://mirrors.aliyun.com/centos/8-stream/AppStream/x86_64/os/
        gpgcheck=0
        [BaseOS]
        name=AppStream
        baseurl=https://mirrors.aliyun.com/centos/8-stream/BaseOS/x86_64/os/
        gpgcheck=0

        # 2.2.2配置epel
        [root@localhost yum.repos.d]# yum install -y         https://mirrors.aliyun.com/epel/epel-        release-latest-8.noarch.rpm
        [root@localhost yum.repos.d]# ll
        total 24
        -rw-r--r--. 1 root root 214 Dec 30 08:42 base.repo
        -rw-r--r--. 1 root root 1698 Oct 3 19:26 epel-modular.repo
        -rw-r--r--. 1 root root 1332 Oct 3 19:26 epel.repo
        -rw-r--r--. 1 root root 1797 Oct 3 19:26 epel-testing-modular.repo
        -rw-r--r--. 1 root root 1431 Oct 3 19:26 epel-testing.repo
        -rw-r--r--. 1 root root 358 Oct 14 22:55 redhat.repo
        [root@localhost yum.repos.d]# sed -i         's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|'         /etc/yum.repos.d/epel*
        [root@localhost yum.repos.d]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
        [root@localhost yum.repos.d]# yum install ansible -y

        [root@server yum.repos.d]# ansible --version
        ansible [core 2.13.5]
          config file = /etc/ansible/ansible.cfg
          configured module search path = ['/root/.ansible/plugins/modules',         '/usr/share/ansible/plugins/modules']
          ansible python module location = /usr/lib/python3.9/site-packages/ansible
          ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
          executable location = /usr/bin/ansible
          python version = 3.9.6 (default, Aug 2 2021, 15:37:19) [GCC 8.5.0 20210514 (Red Hat         8.5.0-3)]
          jinja version = 3.1.2
          libyaml = True

2.控制主机和受控主机通过root用户通过免密验证方式远程控住受控主机实施对应任务
（1）控住主机--server通过主机名匹配对应连接的受控主机

        [root@server yum.repos.d]# vim /etc/hosts
        192.168.87.111 node1 node1.exmaple.com
        192.168.87.100 node2 node2.exmaple.com
(2)制作秘钥

[root@server yum.repos.d]# ssh-keygen -t rsa -P '' -q -f ~/.ssh/id_rsa
(3)发送密钥

[root@server yum.repos.d]# ssh-copy-id -i node1
[root@server yum.repos.d]# ssh-copy-id -i node2
(4)验证免密

        [root@server yum.repos.d]# ssh node1 hostname
        node1.example.com
        [root@server yum.repos.d]# ssh node2 hostname
        node2.example.com
3.控制主机连接受控主机通过普通用户以免密验证远程控住受控主机实施特权指定操作
（1）控住端和受控端都需要有对应的普通身份

[root@server yum.repos.d]# su sss
[sss@server yum.repos.d]$ ssh-keygen -t rsa -P '' -q -f ~/.ssh/id_rsa

（2）制作秘钥

[sss@server ~]$ ssh-keygen -t rsa -P '' -q -f ~/.ssh/id_rsa
（3）发送秘钥

[sss@server ~]$ ssh-copy-id -i zyy@node1
[sss@server ~]$ ssh-copy-id -i csj@node2
（4）测试免密配置

        [sss@server ~]$ ssh zyy@node1 hostname
        node1.example.com
        [sss@server ~]$ ssh csj@node2 hostname
        node2.example.com
(5)[sss@server ~]$ ssh zyy@node1 sudo useradd user1 ---控制端主机sudo提权（----报错）

[sss@server ~]$ ssh zyy@node1 sudo useradd user1
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper

在受控主机通过/etc/sudoers授权

        [root@node2 ~]# vim /etc/sudoers
        ## Allows people in group wheel to run all commands
        # %wheel ALL=(ALL) ALL
        ## Same thing without a password
         %wheel ALL=(ALL) NOPASSWD: ALL
        [sss@server ~]$ ssh csj@node2 sudo useradd user2
        [sss@server ~]$ ssh csj@node2 id user2
        uid=1003(user2) gid=1003(user2) groups=1003(user2)