1.安装ansible
cd /etc/yum.repos.d
# 2.2.1配置centos8基础源
[root@localhost yum.repos.d]vim /etc/yum.repos.d/base.repo
[AppStream]
name=AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/AppStream/x86_64/os/
gpgcheck=0
[BaseOS]
name=AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/BaseOS/x86_64/os/
gpgcheck=0
# 2.2.2配置epel
[root@localhost yum.repos.d]# yum install -y https://mirrors.aliyun.com/epel/epel- release-latest-8.noarch.rpm
[root@localhost yum.repos.d]# ll
total 24
-rw-r--r--. 1 root root 214 Dec 30 08:42 base.repo
-rw-r--r--. 1 root root 1698 Oct 3 19:26 epel-modular.repo
-rw-r--r--. 1 root root 1332 Oct 3 19:26 epel.repo
-rw-r--r--. 1 root root 1797 Oct 3 19:26 epel-testing-modular.repo
-rw-r--r--. 1 root root 1431 Oct 3 19:26 epel-testing.repo
-rw-r--r--. 1 root root 358 Oct 14 22:55 redhat.repo
[root@localhost yum.repos.d]# sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@localhost yum.repos.d]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@localhost yum.repos.d]# yum install ansible -y
[root@server yum.repos.d]# ansible --version
ansible [core 2.13.5]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.9.6 (default, Aug 2 2021, 15:37:19) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
jinja version = 3.1.2
libyaml = True
2.控制主机和受控主机通过root用户通过免密验证方式远程控住受控主机实施对应任务
(1)控住主机--server通过主机名匹配对应连接的受控主机
[root@server yum.repos.d]# vim /etc/hosts
192.168.87.111 node1 node1.exmaple.com
192.168.87.100 node2 node2.exmaple.com
(2)制作秘钥
[root@server yum.repos.d]# ssh-keygen -t rsa -P '' -q -f ~/.ssh/id_rsa
(3)发送密钥
[root@server yum.repos.d]# ssh-copy-id -i node1
[root@server yum.repos.d]# ssh-copy-id -i node2
(4)验证免密
[root@server yum.repos.d]# ssh node1 hostname
node1.example.com
[root@server yum.repos.d]# ssh node2 hostname
node2.example.com
3.控制主机连接受控主机通过普通用户以免密验证远程控住受控主机实施特权指定操作
(1)控住端和受控端都需要有对应的普通身份
[root@server yum.repos.d]# su sss
[sss@server yum.repos.d]$ ssh-keygen -t rsa -P '' -q -f ~/.ssh/id_rsa
(2)制作秘钥
[sss@server ~]$ ssh-keygen -t rsa -P '' -q -f ~/.ssh/id_rsa
(3)发送秘钥
[sss@server ~]$ ssh-copy-id -i zyy@node1
[sss@server ~]$ ssh-copy-id -i csj@node2
(4)测试免密配置
[sss@server ~]$ ssh zyy@node1 hostname
node1.example.com
[sss@server ~]$ ssh csj@node2 hostname
node2.example.com
(5)[sss@server ~]$ ssh zyy@node1 sudo useradd user1 ---控制端主机sudo提权(----报错)
[sss@server ~]$ ssh zyy@node1 sudo useradd user1
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
在受控主机通过/etc/sudoers授权
[root@node2 ~]# vim /etc/sudoers
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
[sss@server ~]$ ssh csj@node2 sudo useradd user2
[sss@server ~]$ ssh csj@node2 id user2
uid=1003(user2) gid=1003(user2) groups=1003(user2)