一 环境配置
角色 | 主机名 | ip 地址 | 组名 |
控制节点 | control | 192.168.188.60 | localhost |
被控制节点1 | node1 | 192.168.188.61 | nodes |
被控制节点2 | node2 | 192.168.188.62 | nodes |
1.配置三个主机/etc/hosts文件,实现通过主机名互相访问
在三个主机上均需要配置
2.配置ssh远程免密连接
2.1在控制主机control生成秘钥
2.2 发送公钥到受控主机node1 node2
[root@control ~]# ssh-copy-id -i node1
[root@control ~]# ssh-copy-id -i node2
二 控制主机control上安装ansible
1.确认控制主机可以上网
2.挂载并配置 epel源
2.1挂载
[root@control ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: device write-protected, mounted read-only.
2.2 配置epel源
[root@control ~]# cd /etc/yum.repos.d
[root@control yum.repos.d]# vim epel.repo
[root@control yum.repos.d]# cat epel.repo
[epel]
name = epel
baseurl = https://mirrors.tuna.tsinghua.edu.cn/epel/8/Everything/x86_64/
gpgcheck = 0
enabled = 1
3、通过yum安装ansible
[root@control yum.repos.d]# yum install ansible
4、通过 ansible --version 判断是否安装成功
[root@control ~]# ansible --version
三. 定义主机清单
- 默认安装ansible匹配的主机清单文件是/etc/ansible/hosts
创建一个自己的目录来做ansible测试
[root@control ~]# cd myx
[root@control myx]# vim inventory
[root@control myx]# cat inventory
[nodes]
node1
node2
四、ansible使用ssh连接受管主机并配置免密登录,一般不建议用管理用户,要求通过普通用户 myx进行链接
1、将公钥发送给node1主机和node2主机的myx用户
root@control myx]# ssh-copy-id myx@node1
root@control myx]# ssh-copy-id myx@node2
2、配置ansible文件
[root@control myx]# vim ansible.cfg
[root@control myx]# cat ansible.cfg
[defaults]
inventory = ./inventory
remote_user = myx
ask_pass = false
3、测试
[root@control myx]# ansible all -a "whoami"
node1 | CHANGED | rc=0 >>
myx
node2 | CHANGED | rc=0 >>
myx
五、远程用户sudo提权
1、对myx用户下放权限(特权升级也要做这一步)
[root@node1 ~]# vim /etc/sudoers
root ALL=(ALL) ALL
myx ALL=(ALL) NOPASSWD: ALL //授权myx用户在所有计算机上以所有用户身份免密执行所有命令
[root@node2 ~]# vim /etc/sudoers
root ALL=(ALL) ALL
myx ALL=(ALL) NOPASSWD: ALL
2、设置默认sudo用户为root,关闭提权时的密码验证
[root@control myx]# vim ansible.cfg
[root@control myx]# cat ansible.cfg
[defaults]
inventory=./inventory
remote_user=myx
ask_pass=False
sudo_user=root //默认的sudo用户
ask_sudo_pass=False //提权时是否密码验证
//特权升级
[privilege_escalation]
become=True //连接后是否在受管主机上切换用户,默认会切换到root下
become_method=sudo //如何切换用户
become_user=root //受管主机切换到的哪个用户
become_ask_pass=False //是否为become_method提示输入密码
3、测试
[root@control myx]# ansible nodes -m ping
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@control myx]# ansible all -a "id"
node2 | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
node1 | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
五、写一个playbook并执行
[root@control myx]# vim createuser.yml
[root@control myx]# cat createuser.yml
---
- name: this is my first play
hosts: nodes
tasks:
- name: create a new user
user:
name: test0112
uid: 20230112
state: present
[root@control myx]# ansible-playbook createuser.yml
PLAY [this is my first play] ***************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node2]
TASK [create a new user] *******************************************************
changed: [node1]
changed: [node2]
PLAY RECAP *********************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
标签:control,myx,主机,ansible,Playbook,node2,root From: https://blog.51cto.com/u_14567835/6004163