标签：name 安装 192.168 ansible ssh key 简单 root id

1.安装前

需要epel的repo文件以及2.6以上的python

可以在阿里镜像站下载到

2.开始安装

我这里只有两台虚拟机，一台作为控制端，一台作为被控端

控制端：192.168.10.144（之后称主节点）

被控端：192.168.10.100（之后称node）

只需要主节点安装即可

yum  install ansible -y

已安装:
  ansible.noarch 0:2.9.27-1.el7                                                                                 

作为依赖被安装:
  python-babel.noarch 0:0.9.6-8.el7                     python-cffi.x86_64 0:1.6.0-5.el7                        
  python-enum34.noarch 0:1.0.4-1.el7                    python-idna.noarch 0:2.4-1.el7                          
  python-jinja2.noarch 0:2.7.2-4.el7                    python-markupsafe.x86_64 0:0.11-10.el7                  
  python-paramiko.noarch 0:2.1.1-9.el7                  python-ply.noarch 0:3.4-11.el7                          
  python-pycparser.noarch 0:2.14-1.el7                  python2-cryptography.x86_64 0:1.7.2-2.el7               
  python2-httplib2.noarch 0:0.18.1-3.el7                python2-jmespath.noarch 0:0.9.4-2.el7                   
  python2-pyasn1.noarch 0:0.1.9-7.el7                   sshpass.x86_64 0:1.06-2.el7                             

完毕！

3.简单配置

 

1.首先使两台机子能够互相进行免密登录ssh

[root@gjm ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8E96siNVumn/urJKos0ltBExM9GqJ0LbfZHc/BarzJo [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|    *o           |
|     =.          |
|    ..o +        |
| .  .. * o..     |
|. o.+   Soo o    |
|..oo.+ .o+ +     |
| . o+ +.=o=      |
|   + =. BB       |
|  . o .E+=++.    |
+----[SHA256]-----+
[root@gjm ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.10.100 (192.168.10.100)' can't be established.
ECDSA key fingerprint is SHA256:iZ5LwrGXD32NgULBNDLIzhNxcVy69ByUW1Pd8jI1Uyg.
ECDSA key fingerprint is MD5:f1:ae:be:b5:31:ad:e9:d7:83:f8:d6:44:95:19:3d:0a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

在node端进行相同操作

[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:s7x/UpcNRgf5iPqTUvjXUjCYrprMZPUdJX5zA+sNeVY root@node1
The key's randomart image is:
+---[RSA 2048]----+
|              .o |
|              o .|
|             *.+E|
|            +.Xoo|
|        S .+ =o@o|
|       . +o.=.Bo*|
|        =  *.+.+ |
|       = o+ * o .|
|        *o.+ o . |
+----[SHA256]-----+
[root@node1 ~]# 
[root@node1 ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.10.144 (192.168.10.144)' can't be established.
ECDSA key fingerprint is SHA256:PIIQUgz5sGZFeblv8JY41pekowBYi8LDTUUkdm3Gc9o.
ECDSA key fingerprint is MD5:34:fc:ba:e8:19:a1:74:30:32:e7:fa:b2:e3:87:f5:ed.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

2.添加两台机子的域名解析

主节点：

[root@gjm ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.100 node1
192.168.10.144 gjm

node：

[root@node1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.100 node1
192.168.10.144 gjm

3.配置ansible hosts文件

[all]
node1
gjm

这里中括号代表一个主机组

下面代表主机组所包括的主机名

这样设置之后，运行playbook就可以同时在node1和gjm两台机子上处理事务了

另外这里的hosts文件是ansible默认的路径，当然也可以自己另外新建一个，只是在运行anisble命令的时候需要加上-i参数指明hosts文件的路径才可以

4.一些简单的ansible使用（ad-hoc）

ansible -h
Usage: ansible <host-pattern> [options]
-a MODULE_ARGS   #模块参数
-C, --check  #检查语法
-f FORKS #并发
--list-hosts #列出主机列表
-m MODULE_NAME #模块名字
-o 使用精简的输出

1.ansible all  -a  ‘ls’

使用默认的command模块，查看所有主机当前文件和目录

2. ansible all -m ping

[root@gjm ~]# ansible all -m ping
node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
gjm | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

 

5. ansible-playbook

---
- hosts: all  #指定的主机组
  vars:　　　　#定义变量
    http_port: 80   #变量
    max_clients: 200
  remote_user: root  #远程登录用户
  tasks:       #一个任务的开始
  - name: ensure apache is at the latest version      #任务的名字
    yum:             #yum模块
      pkg: httpd         #软件包名
      state: latest      #软件版本
  - name: write the apache config file
    template:        #template模板
          src: /srv/httpd.j2    #模板文件的位置
          dest: /etc/httpd.conf   #目标位置
    notify:        #与handlers一起使用，定义了一个动作action来触发下面handlers的执行
    - restart apache   #必须要和handlers的name一致
  - name: ensure apache is running
    service:       #service模块
         name: httpd   #服务名
         state: started   #指定服务的状态
  handlers:
    - name: restart apache
      service:
        name: httpd
        state: restarted

示例2：

---
- hosts: all
  remote_user: root
  vars:
    http_port: 8080
  tasks:
    - name: create new file  #创建新文件
      file:  #file模块
        name: /tmp/playtest.txt   #需要创建的路径和文件名
        state: touch      #需要执行的操作（file代表拷贝后是文件|link代表最后是个软链接|directory代表文件夹|hard是硬链接|touch代表创建一个空文件|absent代表删除）
    - name: create new user    
      user:   #user模块
        name: test02   #用户名
        shell: /sbin/nologin  #使用的shell解释器
    - name: install package
      yum:
        name: httpd
        state: latest
    - name: config httpd
      template:
            src: /etc/httpd/conf/httpd.conf
            dest: /etc/httpd/conf/httpd.conf
      notify:
        - restart apache
    - name: copy index.html
      copy:   #copy模块
        src: /var/www/html/index.html   #已有文件的路径
        dest: /var/www/html/index.html  #目标路径
    - name: start httpd
      service: 
           name: httpd
           state: started
  handlers:
    - name: restart apache
      service: 
           name: httpd
           state: restarted  

 

标签：name,安装,192.168,ansible,ssh,key,简单,root,id
From： https://www.cnblogs.com/gjm-study-test/p/16717016.html