安装 Ansible
准备两台测试用虚机,ip 地址分别为:
- ansible-server:192.168.100.124
- ansible-client:192.168.100.28
在 ansible-server 上执行如下命令来安装 ansible:
root@ansible-server:~# apt update
root@ansible-server:~# apt install software-properties-common
root@ansible-server:~# apt-add-repository --yes --update ppa:ansible/ansible
root@ansible-server:~# apt install ansible -y
root@ansible-server:~# ansible --version
ansible 2.9.19
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.17 (default, Feb 27 2021, 15:10:58) [GCC 7.5.0]
已经在 ansible-server 节点上安装成功 ansible,版本为2.9.19。
设置 SSH Key Exchange
Ansible 通过 SSH 连接 client,先在 server 节点生产一个公钥 key,然后将它拷贝到 client 节点上。
root@ansible-server:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:edjMAYYNV3V1nw4ggM+lMtl5bO55rSdIVJlfoeJ20GA root@ansible-server
The key's randomart image is:
+---[RSA 2048]----+
| o==o.E+ .o+|
| ..o.oo++...+|
| = = oo.+...|
| + * @..o.o |
| o S =o . . |
| +. . |
| o o . |
| + o o |
| ..+ |
+----[SHA256]-----+
root@ansible-server:~#
root@ansible-server:~# ls -l /root/.ssh/
total 20
-rw------- 1 root root 1675 3月 20 19:56 id_rsa
-rw-r--r-- 1 root root 401 3月 20 19:56 id_rsa.pub
-rw-r--r-- 1 root root 666 3月 20 18:02 known_hosts
-rw------- 1 root root 1679 3月 19 16:08 octavia_ssh_key
-rw-r--r-- 1 root root 391 3月 19 16:08 octavia_ssh_key.pub
root@ansible-server:~#
拷贝公钥 key 至 client 节点:
root@ansible-server:~# ssh-copy-id root@192.168.100.28
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.28's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.100.28'"
and check to make sure that only the key(s) you wanted were added.
配置 Host
编辑 /etc/ansible/hosts 添加 client 信息:
root@ansible-server:~# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com
[Client]
node1 ansible_ssh_host=192.168.100.28
Ansible 测试
如下所示,测试 ping 命令执行成功:
root@ansible-server:~# ansible Client -m ping
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
root@ansible-server:~#
root@ansible-server:~#
root@ansible-server:~#
root@ansible-server:~# ansible Client -m command -a 'hostname'
node1 | CHANGED | rc=0 >>
ansible-client