RH8的ansible安装与配置

最新推荐文章于 2023-12-14 12:13:44 发布

试试就逝世GG

最新推荐文章于 2023-12-14 12:13:44 发布

阅读量828

点赞数

分类专栏： RHCE 文章标签： ansible linux 服务器

本文链接：https://blog.csdn.net/zx172406081/article/details/128499336

版权

RHCE 专栏收录该内容

16 篇文章 1 订阅

订阅专栏

Ansible安装与配置

自定义环境

角色	主机名	ip地址	组名
控制主机	server.example.com	192.168.157.100	server
受控主机1	node1.example.com	192.168.157.134	node1
受控主机2	node2.example.com	192.168.157.135	node2

多台主机配置主机名并且确保多台主机能够通过主机名互访

vim /etc/hosts	//控制主机配置本地DNS

hostnamectl set-hostname server.example.com	//改名
hostnamectl set-hostname node1.example.com

安装ansible

1、删除多余的（yum配置）源文件

[zx@server ~]$ cd /etc/yum.repos.d/
[zx@server yum.repos.d]$ ll

-rw-r--r--. 1 root root  136 Dec 30 16:50 redhat.repo	//仅保留此文件

2、配置centos8基础源

vim  /etc/yum.repos.d/base.repo
[AppStream]
name=AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/AppStream/x86_64/os/
gpgcheck=0
[BaseOS]
name=AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/BaseOS/x86_64/os/
gpgcheck=0

3、配置epel

yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm

[zx@server yum.repos.d]$ ll
total 28
-rw-r--r--. 1 root root  112 Dec 30 16:49 base.repo
-rw-r--r--. 1 root root  214 Dec 30 17:04 Centos-stream.repo
-rw-r--r--. 1 root root 1692 Dec 30 17:03 epel-modular.repo
-rw-r--r--. 1 root root 1326 Dec 30 17:03 epel.repo
-rw-r--r--. 1 root root 1791 Dec 30 17:03 epel-testing-modular.repo
-rw-r--r--. 1 root root 1425 Dec 30 17:03 epel-testing.repo
-rw-r--r--. 1 root root  136 Dec 30 16:50 redhat.repo


sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
                                         
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*

yum install ansible -y
ansible --version

[zx@server /]$ ansible --version
ansible [core 2.13.5]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/zx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/zx/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.14 (main, Dec  5 2022, 13:41:22) [GCC 8.5.0 20210514 (Red Hat 8.5.0-17)]
  jinja version = 3.1.2
  libyaml = True

案例一：控制主机和受控主机通过root用户通过免密验证方式远程控住受控主机实施对应任务

root下免密登陆
[root@server ~]# ssh-keygen -t RSA
# ssh-copy-id  -i node1	//发送密钥
# ssh-copy-id  -i node2
验证：
[root@server /]# ssh node1
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

Last login: Fri Dec 30 17:41:23 2022
[root@node1 ~]# 

[root@server /]# ssh node1 hostname
node1.example.com

案例二：案例二：控制主机连接受控主机通过普通用户以免密验证远程控住受控主机实施特权指定操作。

普通用户的免密登陆实现
[zx@server ~]$ ssh-keygen -t RSA
$ ssh-copy-id  -i node1
$ ssh-copy-id  -i node2
验证：
[zx@server /]$ ssh node1
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

Last login: Fri Dec 30 18:51:37 2022 from 192.168.157.100
[zx@node1 ~]$ 

[zx@server /]$ ssh node1 hostname
node1.example.com

实现特权指定操作：
[zx@server /]$ ssh node1 sudo useradd user1
此时会报错，因为受控主机中没有该普通用户的权限

修改权限：
[root@node1 zx]# vim /etc/sudoers

## Allow root to run any commands anywhere 
root    ALL=(ALL)       ALL
zx      ALL=(ALL)       NOPASSWD: ALL //添加部分

## Allows members of the 'sys' group to run networking, software, 
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

[zx@server /]$ ssh node1 sudo useradd user1
[zx@server /]
[root@node1 zx]# id user1
uid=1001(user1) gid=1001(user1) groups=1001(user1)