一、Ansible安装
环境准备
管理端:CentOS 7-2 192.168.18.147
被管理端1:CentOS 7-3 192.168.18.128
被管理端2:CentOS 7-4 192.168.18.148
管理端:
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# yum install epel-release -y
[root@localhost ~]# yum install ansible -y
[root@localhost ~]# ansible --version
ansible 2.9.2
[root@localhost ~]# yum install tree -y
[root@localhost ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg #配置文件
├── hosts
└── roles
1 directory, 2 files
`配置主机清单`
[root@localhost ~]# vim /etc/ansible/hosts
#在24行下插入以下内容
[webserver]
192.168.18.128
[mysql]
192.168.18.148
`生成密钥对`
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #直接回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #输入密码:abc123
Enter same passphrase again: #再次输入密码:abc123
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:5RvIVqbI9hscNK1Y4YivNnnUEgQeNfNm/WJcBXr8jWc root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| oo= . ... |
| . + * + o . |
| o o O B + |
| o @ @ + . o |
| O S * . o E|
| = = o + o |
| = . + . |
| . o o |
| . |
+----[SHA256]-----+
`密钥对位置`
[root@localhost ~]# ls -la
总用量 56
......
drwx------. 2 root root 38 1月 22 17:34 .ssh
......此处省略多行
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ls
id_rsa(私钥) id_rsa.pub(公钥)
`把密钥推给被管理端1`
[root@localhost .ssh]# ssh-copy-id root@192.168.18.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.18.128 (192.168.18.128)' can't be established.
ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk.
ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0.
Are you sure you want to continue connecting (yes/no)? yes #确认链接
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.18.128's password: #输入相对应被管理端的root密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.18.128'"
and check to make sure that only the key(s) you wanted were added.
`把密钥推给被管理端2`
[root@localhost .ssh]# ssh-copy-id root@192.168.18.148
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.18.148 (192.168.18.148)' can't be established.
ECDSA key fingerprint is SHA256:mTT+FEtzAu4X3D5srZlz93S3gye8MzbqVZFDzfJd4Gk.
ECDSA key fingerprint is MD5:fa:5a:88:23:49:60:9b:b8:7e:4b:14:4b:3f:cd:96:a0.
Are you sure you want to continue connecting (yes/no)? yes #确认链接
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.18.148's password: #输入相对应被管理端的root密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.18.148'"
and check to make sure that only the key(s) you wanted were added.
验证密钥是否推送成功:
被管理端1:192.168.18.128
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ls
authorized_keys
#此时密钥推送成功
被管理端2:
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ls
authorized_keys
#此时密钥推送成功
二、Ansible模块管理
1、command模块
`使用IP地址查看被管理端1的时间`
[root@localhost .ssh]# ansible 192.168.18.128 -m command -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa': #输入密钥密码abc123
192.168.18.128 | CHANGED | rc=0 >>
2020年 02月 02日 星期日 15:53:20 CST
`使用别名查看被管理端2的时间`
[root@localhost .ssh]# ansible mysql -m command -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa': #输入密钥密码abc123
192.168.18.148 | CHANGED | rc=0 >>
2020年 02月 02日 星期日 15:55:13 CST
`为避免总是输入密码的麻烦,我们可以执行免交互代理`
[root@localhost .ssh]# ssh-agent bash
[root@localhost .ssh]# ssh-add
Enter passphrase for /root/.ssh/id_rsa: #输入密钥密码abc123
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
[root@localhost .ssh]# ansible webserver -m command -a 'date'
192.168.18.128 | CHANGED | rc=0 >>
2020年 02月 02日 星期日 16:01:40 CST
#此时可以免交互直接显示时间
`所有hosts主机执行date命令`
[root@localhost .ssh]# ansible all -a 'date'
192.168.18.128 | CHANGED | rc=0 >>
2020年 02月 02日 星期日 16:21:08 CST
192.168.18.148 | CHANGED | rc=0 >>
2020年 02月 02日 星期日 16:21:08 CST
2、cron模块
两种状态(state):present表示添加(可以省略),absent表示移除
[root@localhost .ssh]# ansible mysql -m cron -a 'minute="*/1" job="/usr/bin/echo hello" name="test hello"'
192.168.18.148 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"test hello"
]
}
[root@localhost .ssh]# ansible mysql -a 'crontab -l'
192.168.18.148 | CHANGED | rc=0 >>
#Ansible: test hello
*/1 * * * * /usr/bin/echo hello
此时我们可以进入被管理端2进行验证:
[root@localhost .ssh]# crontab -l
#Ansible: test hello
*/1 * * * * /usr/bin/echo hello
您在 /var/spool/mail/root 中有新邮件
[root@localhost .ssh]# vim /var/spool/mail/root
From root@localhost.localdomain Sun Feb 2 16:40:02 2020
Return-Path: <root@localhost.localdomain>
X-Original-To: root