部署 ansible 架构

最新推荐文章于 2023-07-28 16:44:49 发布

Cristal.木

最新推荐文章于 2023-07-28 16:44:49 发布

阅读量273

点赞数

文章标签： ansible linux 服务器

本文链接：https://blog.csdn.net/m0_64735681/article/details/127426538

版权

文章目录

四台主机都开启防火墙和 SELinux
server 主机安装 yum 源
安装 ansible 并查看版本
配置 /etc/hosts
配置 ssh 的基于密钥认证
将 ansible 本地的 /etc/hosts 文件发送给受控主机
在 ansible 主机和所有受控主机中创建 student 用户，并设置密码
使用 student 用户创建基于密钥认证
修改 ansible 的配置
测试

环境：

主机名	IP
server.example.com	192.168.91.128
node1.example.com	192.168.91.133
node2.example.com	192.168.91.134
node3.example.com	192.168.91.137

四台主机都开启防火墙和 SELinux

server 主机安装 yum 源

[root@server ~]# rm -f /etc/yum.repos.d/*

[root@server ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2495  100  2495    0     0   6725      0 --:--:-- --:--:-- --:--:--  6706

[root@server ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo

[root@server ~]# dnf -y install centos-release-ansible-29-1-2.el8.noarch

安装 ansible 并查看版本

[root@server ~]# dnf -y install ansible

[root@server ~]# ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Dec  3 2020, 18:11:24) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]

配置 /etc/hosts

[root@server ~]# vim /etc/hosts
//添加以下内容
192.168.91.128  server.example.com      server
192.168.91.133  node1.example.com       node1
192.168.91.134  node2.example.com       node2
192.168.91.137  node3.example.com       node3

配置 ssh 的基于密钥认证

[root@server ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rwBejPNZ1+HBlI+Arh6+xK2KEeZVv/CgpVSYfQbwuQg root@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
|    ...  .  ..   |
|     = o. .o.    |
|  E o *.o  .+o   |
|   . * =.  o.o.  |
|  o B B.S . o    |
| o = XoB +       |
|  o +o*.+ .      |
|   o .oo .       |
|  . ..o..        |
+----[SHA256]-----+

[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node1 (192.168.91.133)' can't be established.
ECDSA key fingerprint is SHA256:UlPLQnM0HbxFL9KUXadRL9zZZWpF9R4ZzFd7UYMiSIs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.

[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node2 (192.168.91.134)' can't be established.
ECDSA key fingerprint is SHA256:UlPLQnM0HbxFL9KUXadRL9zZZWpF9R4ZzFd7UYMiSIs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node2'"
and check to make sure that only the key(s) you wanted were added.

[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node3 (192.168.91.137)' can't be established.
ECDSA key fingerprint is SHA256:Ewinkx1AsySA4UB5LOyVClSK6iLZfQ4np/15VPtqayQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node3'"
and check to make sure that only the key(s) you wanted were added.

将 ansible 本地的 /etc/hosts 文件发送给受控主机

[root@server ~]# scp /etc/hosts root@node1:/etc/hosts
hosts                                                 100%  316   124.7KB/s   00:00    

[root@server ~]# scp /etc/hosts root@node2:/etc/hosts
hosts                                                 100%  316   149.4KB/s   00:00    

[root@server ~]# scp /etc/hosts root@node3:/etc/hosts
hosts                                                 100%  316    80.6KB/s   00:00

在 ansible 主机和所有受控主机中创建 student 用户，并设置密码

[root@server ~]# useradd student
[root@server ~]# echo 'redhat' | passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

[root@node1 ~]# useradd student
[root@node1 ~]# echo 'redhat' | passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

[root@node2 ~]# useradd student
[root@node2 ~]# echo 'redhat' | passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

[root@node3 ~]# useradd student
[root@node3 ~]# echo 'redhat' | passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

使用 student 用户创建基于密钥认证

[root@server ~]# su - student
[student@server ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa): 
Created directory '/home/student/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ED6Pa9P+oxIWNlNmRtYPdMfJlQuRVm2s8Uw7BhoNTvs student@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
|      ..oo.o++==+|
|     . o= =o.B=.=|
|      +=   =+ oBo|
|      ==   .o .=o|
|     ..+S    E. .|
|      oo         |
|     .+..        |
|     ..o  .      |
|       .oo..     |
+----[SHA256]-----+

[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'node1 (192.168.91.133)' can't be established.
ECDSA key fingerprint is SHA256:UlPLQnM0HbxFL9KUXadRL9zZZWpF9R4ZzFd7UYMiSIs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.

[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'node2 (192.168.91.134)' can't be established.
ECDSA key fingerprint is SHA256:UlPLQnM0HbxFL9KUXadRL9zZZWpF9R4ZzFd7UYMiSIs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node2'"
and check to make sure that only the key(s) you wanted were added.

[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'node3 (192.168.91.137)' can't be established.
ECDSA key fingerprint is SHA256:Ewinkx1AsySA4UB5LOyVClSK6iLZfQ4np/15VPtqayQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@node3'"
and check to make sure that only the key(s) you wanted were added.

[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@node1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'student@node1'"
and check to make sure that only the key(s) you wanted were added.

[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@node2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'student@node2'"
and check to make sure that only the key(s) you wanted were added.

[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@node3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'student@node3'"
and check to make sure that only the key(s) you wanted were added.

修改 ansible 的配置

[student@server ~]$ mkdir ansible
[student@server ~]$ cd ansible/
[student@server ansible]$ cp /etc/ansible/ansible.cfg .

[student@server ansible]$ vim ansible.cfg 
inventory      = /home/student/ansible/inventory
			//取消注释，并修改

[student@server ansible]$ vim inventory
//添加以下内容
node1
node2
node3

测试

[student@server ansible]$ ansible all -m ping
node3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}