配置ansible学习环境实现以下要求
1.控制主机和受控主机通过root用户通过免密验证方式远程控住受控主机实施对应(普通命令,特权命令)任务
2.控制主机连接受控主机通过普通用户以免密验证远程控住受控主机实施指定(普通命令,特权命令)任务操作。
1.控制主机和受控主机通过root用户通过免密验证方式远程控住受控主机实施对应(普通命令,特权命令)任务
root下免密登陆
[root@server ~]# ssh-keygen -t RSA
# ssh-copy-id -i node1 //发送密钥
# ssh-copy-id -i node2
验证:
[root@server /]# ssh node1
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Fri Dec 30 17:41:23 2022
[root@node1 ~]#
[root@server /]# ssh node1 hostname
node1.example.com
2..控制主机连接受控主机通过普通用户以免密验证远程控住受控主机实施指定(普通命令,特权命令)任务操作。
普通用户的免密登陆实现
[zx@server ~]$ ssh-keygen -t RSA
$ ssh-copy-id -i node1
$ ssh-copy-id -i node2
验证:
[zx@server /]$ ssh node1
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Fri Dec 30 18:51:37 2022 from 192.168.157.100
[zx@node1 ~]$
[zx@server /]$ ssh node1 hostname
node1.example.com
实现特权指定操作:
[zx@server /]$ ssh node1 sudo useradd user1
此时会报错,因为受控主机中没有该普通用户的权限
修改权限:
[root@node1 zx]# vim /etc/sudoers
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
zx ALL=(ALL) NOPASSWD: ALL //添加部分
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
[zx@server /]$ ssh node1 sudo useradd user1
[zx@server /]
[root@node1 zx]# id user1
uid=1001(user1) gid=1001(user1) groups=1001(user1)