前期环境准备:
本章环境:
系统:CentOS Linux release 7.9.2009
| 主机IP | hostname | 主控与被控 |
|---|---|---|
| 192.168.150.129 | ansible-server | 主控端 |
| 192.168.150.133 | agent133 | 被控端 |
| 192.168.150.135 | agent135 | 被控端 |
关闭防火墙 关闭selinux**
[[email protected] ~]# systemctl stop firewalld.service
[[email protected] ~]# systemctl distable firewalld.service
[[email protected] ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
[[email protected] ~]# setenforce 0
1.使用 ssh-keygen -t rsa生成密钥对
[[email protected] ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:07vKA+0BYsWPz9haYgOSUi/2ON34evwLtaosQA1inoU [email protected]-jboos
The key's randomart image is:
+---[RSA 2048]----+
| . . |
|.E.. o |
|+.=o . o |
|.+=.= o .. |
|.o B = BS . |
|. o + B.Bo . |
| . . +.B... |
| .. =+o . |
| .++..=+. |
+----[SHA256]-----+
查看已生成的公钥
[[email protected] ~]# cd .ssh/
[[email protected] .ssh]# ls
id_rsa id_rsa.pub known_hosts
2.推送单个公钥到远程机器
格式: ssh-copy-id -i ~/.ssh/id_rsa.pub username@[ip,hostname]
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
3.添加ansible hosts
编辑/etc/ansible/hosts,没有则创建些文件。
[[email protected] ~]# cd /etc/ansible/
[[email protected] ansible]# vim hosts
格式:【主机名】 【主机地址】 【主机密码】 默认是root用户来进行的,我这边是加上用户了
[test]
agent133 ansible_ssh_host=192.168.150.133 ansible_ssh_user="root" ansible_ssh_pass="666666" ansible_ssh_port=22
agent135 ansible_ssh_host=192.168.150.135 ansible_ssh_user="root" ansible_ssh_pass="666666" ansible_ssh_port=22
新版的ansible(2.4) hosts有更新, 用以下方式: [tomcat-servers]
192.168.100.1 ansible_user=tomcat ansible_ssh_pass=“test”
192.168.100.2 ansible_user=tomcat ansible_ssh_pass=“test”
4.批量推送公钥到远程机器
机器多的情况下,使用ssh-copy-id方法有些费时,使用ansible-playbook推送ymal,这里使用到了authoried_keys模块,可以参考 http://docs.ansible.com/authorized_key_module.html
将以下文件命名为:push.ssh.ymal
# Using alternate directory locations:
- hosts: test
user: root
tasks:
- name: ssh-copy
authorized_key: user=root key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
tags:
- sshkey
5.执行推送命令
ansible-playbook push.ssh.ymal
[[email protected] play]# ansible-playbook push.ssh.ymal
PLAY [test] **********************************************************************************************************************************************************
TASK [Gathering Facts] ***********************************************************************************************************************************************
fatal: [agent135]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."}
fatal: [agent133]: FAILED! => {"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."}
PLAY RECAP ***********************************************************************************************************************************************************
agent133 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
agent135 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
6.如若报错,解决
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host’s fingerprint to your known_hosts file to manage this host.
修改host_key_checking(默认是check的):
vim /home/xiangdong/ansible/ansible.cfg
打开注释
host_key_checking = False
7.测试
#查看各机器时间
ansible all -a date
#ansible all -m command -a date # 作用同上
再次下发密钥文件
ping测试
ansible all -m ping
输出结果:
下发命令测试
ansible all -a “ip a”