前期環境準備:
本章環境:
系統:CentOS Linux release 7.9.2009
主機IP | hostname | 主要與被控 |
---|---|---|
192.168.150.129 | ansible-server | 主要端 |
192.168.150.133 | agent133 | 被控端 |
192.168.150.135 | agent135 | 被控端 |
關閉防火牆 關閉selinux**
[[email protected] ~]# systemctl stop firewalld.service
[[email protected] ~]# systemctl distable firewalld.service
[[email protected] ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[[email protected] ~]# setenforce 0
1.使用 ssh-keygen -t rsa生成密鑰對
[[email protected] ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:07vKA+0BYsWPz9haYgOSUi/2ON34evwLtaosQA1inoU [email protected]-jboos
The key's randomart image is:
+---[RSA 2048]----+
| . . |
|.E.. o |
|+.=o . o |
|.+=.= o .. |
|.o B = BS . |
|. o + B.Bo . |
| . . +.B... |
| .. =+o . |
| .++..=+. |
+----[SHA256]-----+
檢視已生成的公鑰
[[email protected] ~]# cd .ssh/
[[email protected] .ssh]# ls
id_rsa id_rsa.pub known_hosts
2.推送單個公鑰到遠端機器
格式: ssh-copy-id -i ~/.ssh/id_rsa.pub username@[ip,hostname]
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
3.添加ansible hosts
編輯/etc/ansible/hosts,沒有則建立些檔案。
[[email protected] ~]# cd /etc/ansible/
[[email protected] ansible]# vim hosts
格式:【主機名】 【主機位址】 【主機密碼】 預設是root使用者來進行的,我這邊是加上使用者了
[test]
agent133 ansible_ssh_host=192.168.150.133 ansible_ssh_user="root" ansible_ssh_pass="666666" ansible_ssh_port=22
agent135 ansible_ssh_host=192.168.150.135 ansible_ssh_user="root" ansible_ssh_pass="666666" ansible_ssh_port=22
新版的ansible(2.4) hosts有更新, 用以下方式: [tomcat-servers]
192.168.100.1 ansible_user=tomcat ansible_ssh_pass=“test”
192.168.100.2 ansible_user=tomcat ansible_ssh_pass=“test”
4.批量推送公鑰到遠端機器
機器多的情況下,使用ssh-copy-id方法有些費時,使用ansible-playbook推送ymal,這裡使用到了authoried_keys子產品,可以參考 http://docs.ansible.com/authorized_key_module.html
将以下檔案命名為:push.ssh.ymal
# Using alternate directory locations:
- hosts: test
user: root
tasks:
- name: ssh-copy
authorized_key: user=root key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
tags:
- sshkey
5.執行推送指令
ansible-playbook push.ssh.ymal
[[email protected] play]# ansible-playbook push.ssh.ymal
PLAY [test] **********************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************
fatal: [agent135]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."}
fatal: [agent133]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."}
PLAY RECAP ***********************************************************************************************************************************************************
agent133 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
agent135 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
6.如若報錯,解決
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host’s fingerprint to your known_hosts file to manage this host.
修改host_key_checking(預設是check的):
vim /home/xiangdong/ansible/ansible.cfg
打開注釋
host_key_checking = False
7.測試
#檢視各機器時間
ansible all -a date
#ansible all -m command -a date # 作用同上
再次下發密鑰檔案
ping測試
ansible all -m ping
輸出結果:
下發指令測試
ansible all -a “ip a”