系统环境
管理端:外网IP-10.0.0.61 内网IP-172.16.1.61
被控端:外网IP-10.0.0.7 内网IP-172.16.1.7
被控端:外网IP-10.0.0.51 内网IP-172.16.1.51
[root@m01 ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@m01 ~]# uname -r
3.10.0-862.el7.x86_64
1)创建密钥对
[root@m01 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:4T6iidi/1hEUuztrfCKz0UNMId375z+DfcMtnbmn1Mo root@m01
The key's randomart image is:
+---[DSA 1024]----+
| ..oo |
| .oo. |
| .o .. |
| o.o.. |
| +.S. |
| o.o . . . |
| .o*.o o oo.=|
| o .++==.. oo=*=|
|. oo**.o .EB+|
+----[SHA256]-----+
2)分发公钥给受控端
ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.7
ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.51
然后分别输入主机确认信息“yes"和密码”123456“即可。
补充:如果想免交互式分发公钥,也就是不输入上述的两个信息,该如何做?
针对连接确认信息,输入yes
ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.7 "-o StrictHostKeyChecking=no"
针对连接确认输入密码123456
yum install -y sshpass
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.7
综上所述:免交互式分发公钥的命令如下
yum install -y sshpass
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.7 "-o StrictHostKeyChecking=no"
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.51 "-o StrictHostKeyChecking=no"
3)安装部署ansible软件
此处需要检查epel镜像源/etc/yum.repos.d/epel.repo
是否更新
yum install -y ansible
4)关闭selinux和防火墙
[root@m01 ~]# cat /etc/selinux/config
SELINUX=disabled
[root@m01 ~]# getenforce
Disabled
[root@m01 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
5)编写主机清单配置文件
[root@m01 ~]# cat /etc/ansible/hosts
[db]
172.16.1.51
[web]
172.16.1.7
6)测试是否可以管理多个主机
[root@m01 ansible]# ansible all -a "hostname -I"
172.16.1.7 | CHANGED | rc=0 >>
10.0.0.7 172.16.1.7
172.16.1.51 | CHANGED | rc=0 >>
10.0.0.51 172.16.1.51
[root@m01 ansible]# ansible web -a "hostname -I"
172.16.1.7 | CHANGED | rc=0 >>
10.0.0.7 172.16.1.7
[root@m01 ansible]# ansible db -a "hostname -I"
172.16.1.51 | CHANGED | rc=0 >>
10.0.0.51 172.16.1.51
到此,ansible服务部署完毕。