Ansible安装与配置
自定义环境
角色 | 主机名 | ip地址 | 组名 |
---|---|---|---|
控制主机 | server.example.com | 192.168.157.100 | server |
受控主机1 | node1.example.com | 192.168.157.134 | node1 |
受控主机2 | node2.example.com | 192.168.157.135 | node2 |
多台主机配置主机名并且确保多台主机能够通过主机名互访
vim /etc/hosts //控制主机配置本地DNS
hostnamectl set-hostname server.example.com //改名
hostnamectl set-hostname node1.example.com
安装ansible
1、删除多余的(yum配置)源文件
[zx@server ~]$ cd /etc/yum.repos.d/
[zx@server yum.repos.d]$ ll
-rw-r--r--. 1 root root 136 Dec 30 16:50 redhat.repo //仅保留此文件
2、配置centos8基础源
vim /etc/yum.repos.d/base.repo
[AppStream]
name=AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/AppStream/x86_64/os/
gpgcheck=0
[BaseOS]
name=AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/BaseOS/x86_64/os/
gpgcheck=0
3、配置epel
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[zx@server yum.repos.d]$ ll
total 28
-rw-r--r--. 1 root root 112 Dec 30 16:49 base.repo
-rw-r--r--. 1 root root 214 Dec 30 17:04 Centos-stream.repo
-rw-r--r--. 1 root root 1692 Dec 30 17:03 epel-modular.repo
-rw-r--r--. 1 root root 1326 Dec 30 17:03 epel.repo
-rw-r--r--. 1 root root 1791 Dec 30 17:03 epel-testing-modular.repo
-rw-r--r--. 1 root root 1425 Dec 30 17:03 epel-testing.repo
-rw-r--r--. 1 root root 136 Dec 30 16:50 redhat.repo
sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
yum install ansible -y
ansible --version
[zx@server /]$ ansible --version
ansible [core 2.13.5]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/zx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.9/site-packages/ansible
ansible collection location = /home/zx/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.9.14 (main, Dec 5 2022, 13:41:22) [GCC 8.5.0 20210514 (Red Hat 8.5.0-17)]
jinja version = 3.1.2
libyaml = True
案例一:控制主机和受控主机通过root用户通过免密验证方式远程控住受控主机实施对应任务
root下免密登陆
[root@server ~]# ssh-keygen -t RSA
# ssh-copy-id -i node1 //发送密钥
# ssh-copy-id -i node2
验证:
[root@server /]# ssh node1
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Fri Dec 30 17:41:23 2022
[root@node1 ~]#
[root@server /]# ssh node1 hostname
node1.example.com
案例二:案例二:控制主机连接受控主机通过普通用户以免密验证远程控住受控主机实施特权指定操作。
普通用户的免密登陆实现
[zx@server ~]$ ssh-keygen -t RSA
$ ssh-copy-id -i node1
$ ssh-copy-id -i node2
验证:
[zx@server /]$ ssh node1
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Fri Dec 30 18:51:37 2022 from 192.168.157.100
[zx@node1 ~]$
[zx@server /]$ ssh node1 hostname
node1.example.com
实现特权指定操作:
[zx@server /]$ ssh node1 sudo useradd user1
此时会报错,因为受控主机中没有该普通用户的权限
修改权限:
[root@node1 zx]# vim /etc/sudoers
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
zx ALL=(ALL) NOPASSWD: ALL //添加部分
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
[zx@server /]$ ssh node1 sudo useradd user1
[zx@server /]
[root@node1 zx]# id user1
uid=1001(user1) gid=1001(user1) groups=1001(user1)