一、安装先前准备
安装之前要先配置好yum,要确定yum里面有Python36和ansible的rmp不懂的先前的 配置yum
二、开始安装
因为ansible是基于python的所以安装ansible之前要安装python36
1、yum install python36 -y
2、yum install ansible -y
查看是ansible信息
3、ansible --version
[root@localhost ~]# ansible --version
ansible 2.9.5
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 12 2022, 06:55:39) [GCC 8.5.0 20210514 (Red Hat 8.5.0-10)]
[root@localhost ~]#
安装完成,可以看到当前路径为/etc/ansible/下 ,现在可以在这个目录使用ansible啦
但是ta原本自带的配置文件里面内容太多,不容易操作所以我们可以自立门户,新建一个目录在里面新建ansible.cfg和hosts文件。(ansible在哪个目录下他自动识别当下的ansible.cfg文件)
[root@localhost ~]# mkdir ansible && cd ansible;touch {ansible.cfg,hosts}
[root@localhost ansible]# tree .
.
├── ansible.cfg
└── hosts
0 directories, 2 files
[root@localhost ansible]# ansible --version
ansible 2.9.5
config file = /root/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 12 2022, 06:55:39) [GCC 8.5.0 20210514 (Red Hat 8.5.0-10)]
现在路径发生改变
配置文件优先级
Ansible只有一个配置文件ansible.cfg。但其实配置文件可以存在于多个位置,他们的被读取的顺序如下:
ANSIBLE_CONFIG (环境变量)
ansible.cfg (当前目录)
.ansible.cfg (用户家目录)
/etc/ansible/ansible.cfg (默认配置文件)
只有最先找到的配置文件会生效,而且可以一个一个单独设置。
三、现在编辑ansible配置文件个主机清单
[root@localhost ansible]# cat ansible.cfg
[defaults]
inventory = /root/test/hosts
remote_user = root
remote_port = 22
ask_pass = False
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
[root@localhost ansible]# cat hosts
[web]
192.168.219.133
[root@localhost ansible]#
配置选项
查看ansible.cfg的配置项
[root@localhost ansible]# grep "^\[" /etc/ansible/ansible.cfg
[defaults] # 默认常用配置
[inventory] # 主机清单插件
[privilege_escalation] # 用于提权
[paramiko_connection] # python paramiko模块的连接设置(默认使用SSH)
[ssh_connection] # SSH连接设置
[persistent_connection] # 长连接设置
[accelerate] # 加速模式的配置
[selinux] # selinux设置
[colors] # 输出结果颜色的设置
[diff] # 输出不同的设置
常用配置选项解读
[defaults]
#inventory = /etc/ansible/hosts # 主机清单文件的位置
#library = /usr/share/my_modules/ # 库文件存放目录
#remote_tmp = ~/.ansible/tmp # 临时py命令文件存放在远程主机目录
#local_tmp = ~/.ansible/tmp # 本机的临时命令执行目录
#forks = 5 # 默认并发数
#sudo_user = root # 默认sudo 用户
#ask_sudo_pass = True # 是否需要sudo密码
#ask_pass = True # 连接时是否需要密码
#remote_port = 22 # 远程主机的默认端口,生产中这个端口应该会不同
#log_path = /var/log/ansible.log # 日志路径
#roles_path = /etc/ansible/roles # roles 存放路径
#host_key_checking = False # 首次连接是否检查对应服务器的host_key,建议取消注释。
[privilege_escalation]:
become=True #是否提权
become_method=sudo #提权方式
become_user=root #提权的用户
become_ask_pass=False #提权是否需要密码
官网配置参考网址:
四、生成并发送密钥
ssh-keygen #一直回车就好
ssh-copy-id IP
[root@localhost ansible]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8Ca3H5CjNOxmuJnuYkU7j+G3/7yO2XDTwFjs8BdxJzk root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| . o..|
| . oEo |
| . . o . . |
| .. o O . |
| . .= S = . |
| =+ * + + |
| o.== o + . |
| o o*o O o |
| . +*..o+oB. |
+----[SHA256]-----+
[root@localhost ansible]# ssh-copy-id 192.168.219.133
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.219.133's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.219.133'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ansible]#
测试是否成功
命令:ansible web -m ping
[root@localhost ansible]# ansible web -m ping
192.168.219.133 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ansible]#