用脚本进行免密认证在网络通畅的Redhat企业8主机上执行以下命令安装EPEL
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
[root@westoslinxu112 mnt]# rpm -ivh epel-release-latest-8.noarch.rpm
[root@westoslinxu112 mnt]# dnf search ansible
[root@westoslinxu112 mnt]# dnf install ansible.noarch -y 安装成功
构建ansible清单[root@westoslinxu112 mnt]# ssh-keygen
[root@westoslinxu112 mnt]# vim keygen_ssh.sh
[root@westoslinxu112 mnt]# cat keygen_ssh.sh
#!/bin/bash
AUTOSSH()
{
/usr/bin/expect << EOF
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.$i
expect {
"yes/no" { send "yesr"; exp_continue }
"password" { send "westosr" }
}
expect eof
EOF
}for i in 212
do
AUTOSSH
done
[root@westoslinxu112 mnt]# cd /etc/ansible
[root@westoslinxu112 ansible]# ls
ansible.cfg hosts roles
[root@westoslinxu112 ansible]# vim hosts[westos]
172.25.254.112[westos1]
172.25.254.212
172.25.254.112[root@westoslinxu112 ansible]# ansible all --list-hosts
hosts (2):
172.25.254.112
172.25.254.212
[root@westoslinxu112 ansible]# ansible westos --list-hosts
hosts (1):
172.25.254.112
[root@westoslinxu112 ansible]# ansible westos1 --list-hosts
hosts (2):
172.25.254.212
172.25.254.112[root@westoslinxu112 ansible]# vim hosts
[westos]
172.25.254.112[westos1]
172.25.254.212
172.25.254.112nodea.westos.org
[root@westoslinxu112 ansible]# ansible westos1 --list-hosts
hosts (3):
172.25.254.212
172.25.254.112
nodea.westos.org
[root@westoslinxu112 ansible]# ansible westos --list-hosts
hosts (1):
172.25.254.112
[root@westoslinxu112 ansible]# ansible all --list-hosts
hosts (3):
172.25.254.112
172.25.254.212
nodea.westos.org[root@westoslinxu112 ansible]# vim hosts
172.25.254.198
[westos]
172.25.254.112[westos1]
172.25.254.212
172.25.254.112nodea.westos.org
[root@westoslinxu112 ansible]# ansible all --list-hosts
hosts (4):
172.25.254.198
172.25.254.112
172.25.254.212
nodea.westos.org[root@westoslinxu112 ansible]# ansible ungrouped --list-hosts
hosts (1):
172.25.254.198
ansible的正则表达式镶嵌清单
[root@westoslinxu112 ansible]# vim hosts
[westosall:children]
westos
westos1[root@westoslinxu112 ansible]# ansible westosall --list
hosts (3):
172.25.254.112
172.25.254.212
nodea.westos.org[root@westoslinxu112 ansible]# vim hosts
[westos1]
172.25.254.[100:110][root@westoslinxu112 ansible]# ansible westos1 --list
hosts (11):
172.25.254.100
172.25.254.101
172.25.254.102
172.25.254.103
172.25.254.104
172.25.254.105
172.25.254.106
172.25.254.107
172.25.254.108
172.25.254.109
172.25.254.110指定清单
[root@westoslinxu112 ansible]# cd /mnt
[root@westoslinxu112 ansible]# vim /mnt/westos
[lee1]
172.25.254.[200:210][lee2]
nodea.westos.org[root@westoslinxu112 mnt]# ansible -i /mnt/westos lee --list
[root@westoslinxu112 mnt]# ansible -i /mnt/westos lee1 --list
` hosts (11):
172.25.254.200
172.25.254.201
172.25.254.202
172.25.254.203
172.25.254.204
172.25.254.205
172.25.254.206
172.25.254.207
172.25.254.208
172.25.254.209
172.25.254.210
ansible命令指定清单的正则表达式
* ##所有
##172.25.254.*
##westos*: ##逻辑或
##westos1:linux
##172.25.254.100:172.25.254.200:& ##逻辑与
##westos1:&linux
##主机即在westos1清单也在linux清单中:! ##逻辑非
##westos1:!linux
##在westos1中不在linux中~ ##以关键字开头
~(str1|str2) ##以条件1或者条件2开头
Ansible配置文件参数详解[root@westoslinxu112 ansible]# ansible 172* --list
hosts (2):
172.25.254.212
172.25.254.112
[root@westoslinxu112 ansible]# ansible node* --list
hosts (1):
nodea.westos.org
[root@westoslinxu112 ansible]# ansible node*:172* --list
hosts (3):
nodea.westos.org
172.25.254.212
172.25.254.112
[root@westoslinxu112 ansible]# ansible westos:westos1 --list
hosts (3):
172.25.254.212
172.25.254.112
nodea.westos.org
[root@westoslinxu112 ansible]# ansible 'westos1:!westos' --list
hosts (2):
172.25.254.112
nodea.westos.org
[root@westoslinxu112 ansible]# ansible '~node' --list
hosts (1):
nodea.westos.org
[root@westoslinxu112 ansible]# ansible 'westos*' --list
hosts (3):
172.25.254.212
172.25.254.112
nodea.westos.org
[root@westoslinxu112 ansible]# ansible '*org' --list
hosts (1):
nodea.westos.org
[root@westoslinxu112 ansible]# ansible '~(node|172)' --list
hosts (3):
172.25.254.212
172.25.254.112
nodea.westos.org
ansible 清单中组名称 -m 模块 -u remote_user
1.配置文件的分类与优先级
/etc/ansible/ansible.cfg #基本配置文件,找不到其他配置文件此文件生效
~/.ansible.cfg #用户当前目录中没有ansible.cfg此文件生效
./ansible.cfg #优先级最高
2.常用配置参数
构建用户级Ansible *** 作环境inventory = /etc/ansible/hosts 默认清单
remote_user = root 在受管主机上登陆的用户名称,未指定使用当前用户
local_tmp = ~/.ansible/tmp 本机临时命令执行目录
module_name = command 默认模块,默认使用command,可以修改为shel
host_key_checking = False 第一次连接受管主机时是否要输入yes建立host_key
[root@westoslinxu112 ansible]# useradd devops
[root@westoslinxu112 ansible]# su - devops
[devops@westoslinxu112 ~]$ mkdir .ansible
[devops@westoslinxu112 ~]$ cd .ansible[devops@westoslinxu112 .ansible]$ vim inventory
[westos]
172.25.254.212[devops@westoslinxu112 .ansible]$ vim ansible.cfg
[defaults]
inventory= ~/.ansible/inventory ~/ 普通用户家目录
host_key_checking = False
remote_user = devops[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'useradd devops' -k -u root
SSH password:
172.25.254.212 | CHANGED | rc=0 >>[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'echo westos | passwd --stdin devops' -k -u root
SSH password:
172.25.254.212 | CHANGED | rc=0 >>
Changing password for user devops.
passwd: all authentication tokens updated successfully.
[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'echo "devops ALL=(root) NOPASSWD: ALL" >> /etc/sudoers' -k -u root
SSH password:
172.25.254.212 | CHANGED | rc=0 >>[devops@westoslinxu112 .ansible]$ vim ansible.cfg
[defaults]
inventory= ~/.ansible/inventory
host_key_checking = False
remote_user = devops
module_name = shell[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'mkdir -p /home/devops/.ssh' -k
SSH password:172.25.254.212 | CHANGED | rc=0 >>
[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'chown devops.devops /home/devops/.ssh' -k
SSH password:172.25.254.212 | CHANGED | rc=0 >>
[devops@westoslinxu112 .ansible]$ ansible westos -m shell -a 'chmod 700 /home/devops/.ssh' -k
SSH password:172.25.254.212 | CHANGED | rc=0 >>
[devops@westoslinxu112 .ansible]$ ssh-keygen
[devops@westoslinxu112 .ansible]$ ansible westos -m copy -a 'src=/home/devops/.ssh/id_rsa.pub dest=/home/devops/.ssh/authorized_keys mode=0600 owner=devops group=devops' -k src 发送密钥的来源 dest发送密钥的位置 mode文件权限
[devops@westoslinxu112 .ansible]$ ansible westos -m ping
172.25.254.212 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong" ---------------------------> 成功
}
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)