指导手册地址
http://ansible.com.cn/docs/intro_getting_started.html
ansible安装
yum install -y epel-release
yum install -y ansible
[root@myserver ansible]# pwd
/etc/ansible
[root@myserver ansible]# ls
ansible.cfg hosts roles
秘钥认证
1.秘钥生成
[root@myserver ansible]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3bnskwoN4renujDKyG4t3Rp0xM/JCEyXryCwrzsNhhs root@myserver
The key's randomart image is:
+---[RSA 3072]----+
| . .. |
|. o o. |
|.. o o. |
|.. .o =... . . |
|.....oo=S . o |
|E.o .o . o . . |
|.*o.+ . o . o. |
|==.+.+ . o..o |
|==+.. oooo.... |
+----[SHA256]-----+
[root@myserver ansible]# ls /root/.ssh/
id_rsa id_rsa.pub
2.秘钥拷贝到被管理服务端
[root@myserver ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.161
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.161 (192.168.1.161)' can't be established.
ECDSA key fingerprint is SHA256:kDFAc7FJr55Ve5I0Dthydr5SSKEmb9kyLYT5Qnh7Bik.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are
already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to
install the new keysroot@192.168.1.161's password:
Permission denied, please try again.
root@192.168.1.161's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.1.161'"
and check to make sure that only the key(s) you wanted were added.
[root@myserver ansible]# ssh root@192.168.1.161
Activate the web console with: systemctl enable --now cockpit.socket
Last failed login: Sun Dec 20 17:59:14 CST 2020 from 192.168.1.160 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sun Dec 20 17:36:25 2020 from 192.168.1.11
[root@myserver_1 ~]#
=============成功免秘钥登录到被管理服务器=========================
[root@myserver ansible]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.162
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.162 (192.168.1.162)' can't be established.
ECDSA key fingerprint is SHA256:kDFAc7FJr55Ve5I0Dthydr5SSKEmb9kyLYT5Qnh7Bik.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already
installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install t
he new keysroot@192.168.1.162's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.1.162'"
and check to make sure that only the key(s) you wanted were added.
[root@myserver ansible]# ssh root@192.168.1.162
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sun Dec 20 18:01:01 2020 from 192.168.1.161
[root@myserver_2 ~]#
管理主机配置文件
Ansible命令格式 ansible [options]
检查ansible的安装环境 ansible all -m ping -u root
[root@myserver ansible]# egrep -v '#|^$' hosts
[webservers]
192.168.1.38
192.168.1.161
[root@myserver ansible]# ansible all -m ping
192.168.1.38 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.1.161 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
上面检查管理节点与被管理节点之间的通信
[root@myserver ansible]# ansible all -a "echo hello world"
192.168.1.38 | CHANGED | rc=0 >>
hello world
192.168.1.161 | CHANGED | rc=0 >>
hello world
[root@myserver ansible]#