Ansible----简易安装配置

Ansible安装配置

  • 一、ansible简介
    • 1、安装
      • 1.1、centos安装
      • 1.2、ubuntu安装方式
    • 2、配置
      • 2.1、配置文件
      • 2.2、执行程序
  • 二、ssh免密登录
    • 1、本地解析
    • 2、ssh密钥对生成
    • 3、拷贝公钥到远程主机
    • 4、简易脚本
  • 三、使用ping模块验证远程客户端是否在线
    • 1、基于密码验证ping(不推荐)
    • 2、基于key验证ping(推荐)

一、ansible简介

1、安装

1.1、centos安装

yum install epel-release
yum install -y ansible

1.2、ubuntu安装方式

# 更换阿里云源
http://mirrors.aliyun.com
sudo apt-get update
sudo apt-get install -y ansible

2、配置

2.1、配置文件

/etc/ansible/ansible.cfg: 主配置文件,配置ansible工作特性

[defaults]
#inventory      = /etc/ansible/hosts  #主机列表配置文件
#library        = /usr/share/my_modules/  #库文件存放目录
#module_utils   = /usr/share/my_module_utils/ 
#remote_tmp     = ~/.ansible/tmp  #临时py命令文件存放在远程主机目录
#local_tmp      = ~/.ansible/tmp  #本机临时py命令文件存放目录
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks          = 5  #默认并发数
#poll_interval  = 15  
#sudo_user      = root  #默认sudo用户
#ask_sudo_pass = True 
#ask_pass      = True
#transport      = smart
#remote_port    = 22
#module_lang    = C
#module_set_locale = False
#gathering = implicit
#gather_subset = all
# gather_timeout = 10
# inject_facts_as_vars = True
#roles_path    = /etc/ansible/roles
host_key_checking = False  #检查对应服务器的host_key,建议取消注释
#stdout_callback = skippy
#callback_whitelist = timer, mai
#task_includes_static = False
#handler_includes_static = False
#error_on_missing_handler = True
#sudo_exe = sudo
#sudo_flags = -H -S -n
#timeout = 10
#remote_user = root
log_path = /var/log/ansible.log  #日志文件建议开启
...

/etc/ansible/hosts: 主机清单(inventory 文件配置)

第一种格式(ip或主机名):

192.168.10.100
master.cyf.com

第二种格式(分组方式):

[centos]
master  #主机名,需要hosts解析
node1
192.168.10.250:2222  #ssh端口非22的

第三种格式(列表方式):

[centos]
192.168.10.25[0:2]  #字母,数字都支持
node[a:f]

/etc/ansible/roles: 存放角色的目录

2.2、执行程序

/usr/bin/ansible:主程序,临时命令执行工具
/usr/bin/ansible-doc:查看配置文档,模块功能查看工具
/usr/bin/ansible-galaxy:下载/上传优秀代码或Roles模块的官方平台
/usr/bin/ansible-playbook:定制自动化任务,编排剧本工具
/usr/bin/ansible-pull:远程执行命令的工具
/usr/bin/ansible-vault:文件加密工具(playbook)
/usr/bin/ansible-console:基于Console界面与用户交互的执行工具

二、ssh免密登录

1、本地解析

cat >> /etc/hosts <<EOF
192.168.10.250  master
192.168.10.251  node1
192.168.10.252  node2
EOF

2、ssh密钥对生成

使用ssh-keygen生成秘钥

[root@master ~]# ssh-keygen      #一直Enter即可
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fV3lPwWQg7uuzCsps2L91VY7ayaAPjQR10LufuxRmbE root@master
The key's randomart image is:
+---[RSA 2048]----+
|       ... ..o. .|
|      ..o o o  o.|
|       o.. ...  +|
|      .. ..  * .o|
|       oS ..E ...|
|      +..o.+ .  .|
|   . o ooo* o    |
|  o + =+ +o.oo   |
| . ..=.o=o.+.    |
+----[SHA256]-----+

3、拷贝公钥到远程主机

使用ssh-copy-id拷贝公钥到远程主机,或手动复制ansible主机的id_rsa.pub文件内容到远程主机的authorized_keys

[root@master ~]# ssh-copy-id master  # 将公钥拷贝到远程主机
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'master (192.168.10.250)' can't be established.
ECDSA key fingerprint is SHA256:XmwxlbeOIGjpv2VDdH0tgFAG7KCBoUaTFdJ7C61lyCc.
ECDSA key fingerprint is MD5:12:6b:16:04:e5:cc:f2:7b:b5:b3:bc:c4:75:7e:58:a0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
		(if you think this is a mistake, you may want to use -f option)
[root@master ~]# ssh-copy-id node1  
[root@master ~]# ssh-copy-id node2

4、简易脚本

ssh-keygen -f /root/.ssh/id_rsa -P ''
NET=192.168.10
export SSHPASS=123456
for IP in {1..250};do
    sshpass -e ssh-copy-id $NET.$IP
done

三、使用ping模块验证远程客户端是否在线

温馨提示:Ansible1.2.1及其之后的版本都会默认启用公钥认证.,最好将配置文件ansible.cfghost_key_checking = False的注释取消或设置环境变量export ANSIBLE_HOST_KEY_CHECKING=False,否则会出现类似如下问题(在没有登录过远程主机的情况
Ansible----简易安装配置_第1张图片

1、基于密码验证ping(不推荐)

基于密码验证需要指定-k--ask-pass参数,手动输入密码ping,注意:密码认证只认证一次,在各个远程主机密码不同的情况下ping会失败

ansible master,node1,node2 -m ping -k  #多个主机可以用逗号隔开

Ansible----简易安装配置_第2张图片

2、基于key验证ping(推荐)

基于key验证需要设置ssh免密登录

ansible master -m ping  #指定单个主机
ansible centos -m ping  #指定主机组
ansible all -m ping  #指定所有主机

Ansible----简易安装配置_第3张图片

你可能感兴趣的:(Ansible)