1、安装
pip3 install ansible
安装完之后,会生成 /etc/ansible/ 目录
下面有ansible配置文件ansible.cfg
远程主机配置文件hosts
2、创建ansible账号
useradd ansible -d /home/userhome/ansible
修改密码
passwd ansible
3、ansible登入服务器创建SSH秘钥
[ansible@xxxxxxxxxxxxxxxx ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/userhome/ansible/.ssh/id_rsa):
Created directory '/home/userhome/ansible/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/userhome/ansible/.ssh/id_rsa.
Your public key has been saved in /home/userhome/ansible/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sdfsdg ansible@sdfsdfsdf
The key's randomart image is:
+---[RSA 2048]----+
| .+ X@=|
| . o.*.B|
| . ..xo.B+=|
| . . G.+o|
| S..*..+..|
| .+. .|
| g.. +..|
| ... +|
| .. .|
+----[SHA256]-----+
4、ssh公钥文件安装到远程客户机
说明:假设客户机192.168.1.81上面创建guest账号
[test@xxxxxxxxxx ~]$ ssh-copy-id guest@192.168.1.81 -p 22
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/userhome/test/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.81 (192.168.1.81)' can't be established.
ECDSA key fingerprint is SHA256:dfgdfgg.
ECDSA key fingerprint is MD5:xxxxxxx.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
guest@192.168.1.81's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '22' 'guest@192.168.1.81'"
5、修改/etc/ansible/hosts
[webservers]
test ansible_ssh_host=192.168.1.81 ansible_ssh_port=22
6、测试ansible命令
[ansible@xxxxx ansible]$ ansible test -u guest -m shell -a "mkdir tt;cd tt;touch a.txt;ls -la"
[WARNING]: Consider using the file module with state=directory rather than running 'mkdir'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
test | CHANGED | rc=0 >>
total 8
drwxrwxr-x 2 guest guest 4096 Oct 28 16:00 .
drwx------ 5 guest guest 4096 Oct 28 16:00 ..
-rw-rw-r-- 1 guest guest 0 Oct 28 16:00 a.txt
7、客户机配置guest 能使用sudo root权限执行命令
通过root登入客户机192.168.1.81
vim /etc/sudoers
添加如下用户授权
guest ALL=(ALL) NOPASSWD:ALL
或者添加
guest ALL=(ALL) NOPASSWD:/bin/sh
保存 wq!
8、ansible切换到sudo root方式执行指令(-b 参数)
[ansible@xxxx ansible]$ ansible test -u guest -b -m shell -a "cd /root/;ls -la"
test | CHANGED | rc=0 >>
total 152
dr-xr-x---. 14 root root 4096 Oct 28 16:11 .
dr-xr-xr-x. 20 root root 4096 Jul 20 10:54 ..
drwx------ 4 root root 4096 Jun 14 2019 .ansible
-rw------- 1 root root 15386 Oct 28 15:49 .bash_history
-rw-r--r--. 1 root root 18 Dec 29 2013 .bash_logout
-rw-r--r--. 1 root root 176 Dec 29 2013 .bash_profile
-rw-r--r--. 1 root root 176 Dec 29 2013 .bashrc
drwxr-xr-x 3 root root 4096 Feb 15 2019 .cache
drwxrwxrwx 2 root root 4096 Jul 24 13:08 .certs
-rw-r--r-- 1 root root 11243 Apr 10 2020 check_ssh_port.log
-rw-r--r-- 1 root root 1318 Apr 17 2020 check_web_url.log
drwx------ 3 root root 4096 Jul 24 12:18 .config
-rw-r--r--. 1 root root 100 Dec 29 2013 .cshrc
-rw------- 1 root root 6653 Jul 24 15:43 dead.letter
drwxr-xr-x 2 root root 4096 Jun 6 20:06 .kube
-rw------- 1 root root 41 Sep 6 16:03 .lesshst
drwxr-xr-x 3 root root 4096 Mar 30 2019 .local
-rw------- 1 root root 2776 Apr 11 2020 .mysql_history
-rw------- 1 root root 78 May 31 2019 .mysql_secret
drwxr-xr-x 2 root root 4096 Nov 12 2019 .oracle_jre_usage
drwxr-xr-x 2 root root 4096 Feb 15 2019 .pip
drwxr----- 3 root root 4096 Feb 13 2020 .pki
-rw-r--r-- 1 root root 205 Mar 25 2019 .pydistutils.cfg
drwxr-xr-x 3 root root 4096 Feb 1 2020 .python-eggs
-rw------- 1 root root 1077 Jul 7 17:47 .rediscli_history
drwx------ 2 root root 4096 Sep 10 17:26 .ssh
drwxr-xr-x 3 root root 4096 Mar 31 2019 .subversion
-rw-r--r--. 1 root root 129 Dec 29 2013 .tcshrc
-rw-r--r-- 1 root root 202 Aug 20 23:18 test.py
-rw------- 1 root root 9546 Oct 28 16:11 .viminfo
9、ansible调试( -vvv 参数)
10、ansible详解,请参考官网