#部署ansible架构
文章目录
##安装yum源
配置阿里云yum源
[root@server yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@server yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
配置ansible 的yum源
[root@server yum.repos.d]# dnf list all|grep ansible
[root@server yum.repos.d]# dnf -y install centos-release-ansible-29-1-2.el8.noarch
[root@server yum.repos.d]# ls /etc/yum.repos.d/ |grep ansible
CentOS-SIG-ansible-29.repo
##安装ansible
[root@server ~]# dnf -y install ansible
##查看ansible版本
[root@server ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
##配置/etc/hosts
[root@server ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.10 server.example.com server
192.168.100.20 nodel1.example.com nodel1
192.168.100.30 nodel2.example.com nodel2
192.168.100.40 nodel3.example.com nodel3
##配置ssh的基于密钥认证
[root@server ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:R8wj0VvCUSTWBuEEfqF6Jzsxl/u9/WwS7A0e4QraESk root@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
| o+OBo |
| . O+o+ |
| + B* |
| .E++o . |
| . S.=. o . |
| . Oo. * |
| oo.o + = |
| ......+oo|
| . o+=|
+----[SHA256]-----+
[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'nodel1 (192.168.100.20)' can't be established.
ECDSA key fingerprint is SHA256:MMI36yluru9YSl4xKo7Tpq/crzsgPkelib65Zg702NI.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
The authenticity of host 'nodel1 (192.168.100.20)' can't be established.
ECDSA key fingerprint is SHA256:MMI36yluru9YSl4xKo7Tpq/crzsgPkelib65Zg702NI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: 1^H
Please type 'yes', 'no' or the fingerprint: yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel1'"
and check to make sure that only the key(s) you wanted were added.
[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'nodel2 (192.168.100.30)' can't be established.
ECDSA key fingerprint is SHA256:MMI36yluru9YSl4xKo7Tpq/crzsgPkelib65Zg702NI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel2'"
and check to make sure that only the key(s) you wanted were added.
[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'nodel3 (192.168.100.40)' can't be established.
ECDSA key fingerprint is SHA256:MMI36yluru9YSl4xKo7Tpq/crzsgPkelib65Zg702NI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel3's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel3'"
and check to make sure that only the key(s) you wanted were added.
[root@server ~]#
##将ansible本地的/etc/hosts文件发送给受控主机
[root@server ~]# scp /etc/hosts root@192.168.100.20:/etc/hosts
hosts 100% 322 143.4KB/s 00:00
[root@server ~]# scp /etc/hosts root@192.168.100.30:/etc/hosts
hosts 100% 322 173.7KB/s 00:00
[root@server ~]# scp /etc/hosts root@192.168.100.40:/etc/hosts
hosts 100% 322 191.4KB/s 00:00
[root@server ~]#
##在ansible主机和所有受控主机中创建student用户,并设置密码为redhat
[root@server ~]# useradd student
[root@server ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.
[root@nodel1 ~]# useradd student
[root@nodel1 ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.
[root@nodel2 ~]# useradd student
[root@nodel2 ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.
[root@nodel3 ~]# useradd student
[root@nodel3 ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.
##使用student用户创建基于密钥认证
[root@server ~]# su - student
[student@server ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa):
Created directory '/home/student/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Passphrases do not match. Try again.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:HrYVcDV5R2E9jbCGKA1HnxS3mmM22m6Cdg7p3VpjYQs student@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
| ..+ +o=o ==|
| + * +.++.+|
| . o = +. ..|
| . = |
| E @ |
| + @ = |
| o.+ * |
| .ooo=.. |
| ..o++o |
+----[SHA256]-----+
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'nodel1 (192.168.100.20)' can't be established.
ECDSA key fingerprint is SHA256:MMI36yluru9YSl4xKo7Tpq/crzsgPkelib65Zg702NI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel1'"
and check to make sure that only the key(s) you wanted were added.
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'nodel2 (192.168.100.30)' can't be established.
ECDSA key fingerprint is SHA256:MMI36yluru9YSl4xKo7Tpq/crzsgPkelib65Zg702NI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel2'"
and check to make sure that only the key(s) you wanted were added.
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'nodel3 (192.168.100.40)' can't be established.
ECDSA key fingerprint is SHA256:MMI36yluru9YSl4xKo7Tpq/crzsgPkelib65Zg702NI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel3's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel3'"
and check to make sure that only the key(s) you wanted were added.
[student@server ~]$
##修改 ansible 的配置
[student@server ~]$ mkdir ansible
[student@server ~]$ cd ansible/
[student@server ansible]$ cp /etc/ansible/ansible.cfg .
[student@server ansible]$ vim ansible.cfg
···
inventory = /home/student/ansible/inventory
···
[student@server ansible]$ vim inventory
nodel1
nodel2
nodel3
##测试
[student@server ansible]$ ansible all -m ping
nodel1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: student@nodel1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
nodel2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: student@nodel2: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
nodel3 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: student@nodel3: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}