Depedency
NIS/LDAP, EPEL Repository, SSH Without Password
Create EPEL Repository
Install & Configure Ansible
# yum install ansible
# which ansible
/usr/bin/ansible
# ansible --version
ansible 2.9.25
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Mar 20 2020, 17:08:22) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg # ansible config file
├── hosts # config file used to store information about the remote host to be managed
└── roles
Add the controlled server information to the hosts file
# vim /etc/ansible/hosts
...
# Ex 1: Ungrouped hosts, specify before any group headers.
nfs.seaship.com
idm01.seaship.com
idm02.seaship.com
bugzilla.seaship.com
vnc.seaship.com
lsf01.seaship.com
lsf02.seaship.com
...
# Ex 2: A collection of hosts belonging to the 'webservers' group
[rhel7]
nfs.seaship.com
idm01.seaship.com
idm02.seaship.com
bugzilla.seaship.com
vnc.seaship.com
lsf01.seaship.com
lsf02.seaship.com
...
Configure SSH Without Password
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:k/8JqXYosJ62iDjXHBSN7M4iFONmKEfcpsrZ56YYGCQ root@nfs.seaship.com
The key's randomart image is:
+---[RSA 2048]----+
| . o o |
| oo * . |
|Eoo+ . |
|==o o . |
|Boo+ S |
|++..=. o . |
|.o +o+ .+ |
|o.+.=+. o..o . |
|o+.+*. o.. o |
+----[SHA256]-----+
# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.220.104
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.220.104'"
and check to make sure that only the key(s) you wanted were added.
Test Ansible
Single host
# ansible vnc.seaship.com -m shell -a 'touch /home/cad/testfile'
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
vnc.seaship.com | CHANGED | rc=0 >>
In some cases, you may get the warning, you can modify /etc/ansible/ansible.cfg
# vim /etc/ansible/ansible.cfg
...
command_warnings = False
...
# ansible vnc.seaship.com -m shell -a 'touch /home/cad/testfile'
vnc.seaship.com | CHANGED | rc=0 >>
Hosts group
# ansible rhel7 -m shell -a 'uptime' -o
idm01.seaship.com | CHANGED | rc=0 | (stdout) 14:26:30 up 4:44, 1 user, load average: 0.00, 0.01, 0.05
idm02.seaship.com | CHANGED | rc=0 | (stdout) 14:26:30 up 4:43, 1 user, load average: 0.00, 0.01, 0.05
vnc.seaship.com | CHANGED | rc=0 | (stdout) 14:26:30 up 3:49, 1 user, load average: 0.00, 0.03, 0.05
nfs.seaship.com | CHANGED | rc=0 | (stdout) 14:26:30 up 4:44, 2 users, load average: 0.48, 0.11, 0.08
lsf01.seaship.com | CHANGED | rc=0 | (stdout) 14:26:31 up 3:50, 1 user, load average: 0.00, 0.01, 0.05
lsf02.seaship.com | CHANGED | rc=0 | (stdout) 14:26:31 up 3:50, 1 user, load average: 0.00, 0.02, 0.05
bugzilla.seaship.com | UNREACHABLE!: Failed to connect to the host via ssh: ssh_exchange_identification: Connection closed by remote host
Server bugzilla.seaship.com is offline.
Tips:
There are many common modules, such as ping, shell, raw, etc. You can use command 'ansible-doc -l' to find out the available modules, and use command 'ansible-doc help $module' for details.
ping:
ansible server -m ping
shell:
ansible server -m shell -a 'cmd'
raw:
The syntax is the same as SHELL