环境:centos7,外网通
脚本如下:
#!/bin/bash
#function:ansible
#author:tommypeng 20220801
#####root判断#####
if
[ "$USER" != "root" ]
then
echo "错误:非root用户,权限不足!"
exit 0
fi
###############防火墙及SElinux############
systemctl stop firewalld && systemctl disable firewalld && echo "防火墙已经关闭"
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config && echo "关闭selinux"
##############网络测试##############
ping -c 3 www.baidu.com
if
[ $? = 0 ]
then
echo "外网通讯良好!"
else
echo "丫的你在逗我吗?网都没有安装个毛线!"
exit 1
fi
##############yum源配置################
yum install epel-release -y
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.bak >> /dev/null
yum clean all
rpm -Uvh http://mirrors.ustc.edu.cn/epel/epel-release-latest-7.noarch.rpm
yum makecache
###########ansible安装#########
yum -y install ansible
##########主机组配置#########
read -p "请输入主机组的名称: " ppo
read -p "请输入主机1的IP: " wokao
read -p "请输入主机2的IP: " haoshuai
sleep 5
cat >> /etc/ansible/hosts << EOF
[$ppo]
$wokao
$haoshuai
EOF
###########免密登录#########
rm -rf /root/.ssh/* ##清除已有的密钥对
ssh-keygen -N '' -f /root/.ssh/id_rsa ###创建密钥对(验证码为空)
ssh-copy-id -i /root/.ssh/id_rsa.pub $wokao
ssh-copy-id -i /root/.ssh/id_rsa.pub $haoshuai ####传递公钥
##########测试############
ansible $ppo -m command -a 'ifconfig'
if [ $? -eq 0 ];then
echo -e "\n\033[32m-----------------------------------------------\033[0m"
echo -e "\033[32m测试成功ansible安装成功 !\033[0m"
else
echo -e "\033[32m测试失败ansible安装失败,即将退出 !"
exit 0
fi
默认主机清单包含两台主机,如部署完成后,需要添加其他主机,请编辑文件 /etc/ansible/hosts
在您的主机清单添加相应主机的IP即可。
[root@localhost ~]# vim /etc/ansible/hosts
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
。
。
。
。
[pxg]
192.168.137.213
192.168.137.214
还须配置免密登录,具体如下:
ssh-copy-id -i /root/.ssh/id_rsa.pub 主机IP ###将公钥发送给新加入的主机,请注意需要输入新加入主机的root密码,按提示输入即可,示例:
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.137.216
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.137.216 (192.168.137.216)' can't be established.
ECDSA key fingerprint is SHA256:YejXn/pAjoOSNaOfxVO+TiBPp6JmHfZ5Z8nbiUN5m0U.
ECDSA key fingerprint is MD5:b6:8d:e0:b0:08:5c:29:dc:df:2e:87:4e:51:e7:20:48.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.137.216's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.137.216'"
and check to make sure that only the key(s) you wanted were added.
拓展:主机清单的写法:
[pxg]
192.168.137.155
192.168.137.162
以上意思为:主机组pxg包含这两个IP的主机
定义嵌套组
通过创建后缀为:children的主机组名称来实现,例子如下:
[web]
web1.example.com
web2.example.com
[db]
db1.example.com
db2.example.com
[all:children]
web
db
上述例子可以改成
[web]
web[1:2].example.com
[db]
db[1:2].example.com
[webdb:children]
web
db