自定义环境
角色 主机名 ip地址 组名
控制主机 server.example.com 192.168.157.100 server
受控主机1 node1.example.com 192.168.157.134 node1
受控主机2 node2.example.com 192.168.157.135 node2
多台主机配置主机名并且确保多台主机能够通过主机名互访
vim /etc/hosts //控制主机配置本地DNS
hostnamectl set-hostname server.example.com //改名
hostnamectl set-hostname node1.example.com
安装ansible
1、删除多余的(yum配置)源文件
[dm@server ~]$ cd /etc/yum.repos.d/
[dm@server yum.repos.d]$ ll
-rw-r--r--. 1 root root 136 Dec 30 16:50 redhat.repo //仅保留此文件
2、配置centos8基础源
vim /etc/yum.repos.d/base.repo
[AppStream]
name=AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/AppStream/x86_64/os/
gpgcheck=0
[BaseOS]
name=AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/BaseOS/x86_64/os/
gpgcheck=0
3、配置epel
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[dm@server yum.repos.d]$ ll
total 28
-rw-r--r--. 1 root root 112 Dec 30 16:49 base.repo
-rw-r--r--. 1 root root 214 Dec 30 17:04 Centos-stream.repo
-rw-r--r--. 1 root root 1692 Dec 30 17:03 epel-modular.repo
-rw-r--r--. 1 root root 1326 Dec 30 17:03 epel.repo
-rw-r--r--. 1 root root 1791 Dec 30 17:03 epel-testing-modular.repo
-rw-r--r--. 1 root root 1425 Dec 30 17:03 epel-testing.repo
-rw-r--r--. 1 root root 136 Dec 30 16:50 redhat.repo
sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
yum install ansible -y
ansible --version
[dm@server /]$ ansible --version
ansible [core 2.13.5]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/zx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /home/zx/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.9.14 (main, Dec 5 2022, 13:41:22) [GCC 8.5.0 20210514 (Red Hat 8.5.0-17)]
jinja version = 3.1.2
libyaml = True
案例一:控制主机和受控主机通过root用户通过免密验证方式远程控住受控主机实施对应任务
root下免密登陆
[root@server ~]# ssh-keygen -t RSA
# ssh-copy-id -i node1 //发送密钥
# ssh-copy-id -i node2
验证:
[root@server /]# ssh node1
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Fri Dec 30 17:41:23 2022
[root@node1 ~]#
[root@server /]# ssh node1 hostname
案例二:控制主机连接受控主机通过普通用户以免密验证远程控住受控主机实施特权指定操作。
普通用户的免密登陆实现
[dm@server ~]$ ssh-keygen -t RSA
$ ssh-copy-id -i node1
$ ssh-copy-id -i node2
验证:
[dm@server /]$ ssh node1
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Fri Dec 30 18:51:37 2022 from 192.168.157.100
[dm@node1 ~]$
[dm@server /]$ ssh node1 hostname
实现特权指定操作:
[dm@server /]$ ssh node1 sudo useradd user1
此时会报错,因为受控主机中没有该普通用户的权限
修改权限:
[root@node1 zx]# vim /etc/sudoers
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
dm ALL=(ALL) NOPASSWD: ALL //添加部分
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
[dm@server /]$ ssh node1 sudo useradd user1
[dm@server /]
[root@node1 zx]# id user1
uid=1001(user1) gid=1001(user1) groups=1001(user1)
1959
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
