ansible部署
安装yum源
[root@localhost yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2495 100 2495 0 0 7653 0 --:--:-- --:--:-- --:--:-- 7653
[root@localhost yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@localhost yum.repos.d]# dnf -y install centos-release-ansible-29-1-2.el8.noarch
然后再安装ansible
[root@localhost ~]# dnf -y install ansible
查看ansible版本
[root@localhost ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Jan 19 2022, 23:28:49) [GCC 8.5.0 20210514 (Red Hat 8.5.0-7)]
[root@localhost ~]#
配置/etc/hosts
[root@server ~]# vim /etc/hosts
[root@server ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.181.159 server.example.com server
192.168.181.181 node1.example.com node1
192.168.181.182 node2.example.com node2
192.168.181.183 node3.example.com node3
配置ssh的基于密钥认证
在ansible节点执行ssh-keygen命令,一直回车
[root@server ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Us/iiwYCPRv8YyAOpu3FtQYy8DJ1okpi2RziclO8sPs root@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
| . |
|..+.+ |
|.B=*.. . |
|X*&oo .. o |
|@B % o..S o |
|o.= B oo . |
| . = + . |
| . E .. . |
| .. . |
+----[SHA256]-----+
[root@server ~]# for i in node{1..3}
> do scp /etc/hosts root@$i:/etc/hosts
> done
The authenticity of host 'node1 (192.168.181.181)' can't be established.
ECDSA key fingerprint is SHA256:tgf2yiFV2TrjOQEd9a9e9dFRgo/eHo0oKloKyIVulaI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node1,192.168.181.181' (ECDSA) to the list of known hosts.
root@node1's password:
hosts 100% 332 12.4KB/s 00:00
The authenticity of host 'node2 (192.168.181.182)' can't be established.
ECDSA key fingerprint is SHA256:ejuoTwhMCCJB4Hbr6FqIQ7kvTKXjoenEigo/IZkdwy4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node2,192.168.181.182' (ECDSA) to the list of known hosts.
root@node2's password:
hosts 100% 332 14.7KB/s 00:00
The authenticity of host 'node3 (192.168.181.183)' can't be established.
ECDSA key fingerprint is SHA256:lg9uPXB9N5exOgRJJWroJ/66GsQchNe9Dcdo5S0sw6o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'node3,192.168.181.183' (ECDSA) to the list of known hosts.
root@node3's password:
hosts
在ansible主机和所有受控主机中创建student用户,并设置密码为1
[root@server ~]# useradd student
[root@server ~]# echo 1 | passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.
使用student用户创建基于密钥认证
在ansible节点执行ssh-keygen命令,一直回车
[student@server ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa):
Created directory '/home/student/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bxx6XReLgGuZes65d2EHD9HHA++W5t10pSN8oY9vqtM student@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
| .o. |
| . ..oo|
| . . oo+|
| +..+oo=|
| S=. +.O*+|
| o+ o O+*+|
| ...=.+ +.o|
| +oo.Eo. |
| =+ooo. |
+----[SHA256]-----+
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node2
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@node3
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node1
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node2
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node3
测试
[student@server ~]$ mkdir ansible
[student@server ~]$ cd ansible/
[student@server ansible]$ pwd
/home/student/ansible
[student@server ansible]$ cp /etc/ansible/ansible.cfg .
[student@server ansible]$ vim ansible.cfg
[student@server ansible]$ vim inventory
[student@server ansible]$ cat inventory
[dev]
node1
[test]
node2
[prod]
node3
[zhan:children]
[student@server ansible]$ ansible all -m ping
node3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}