重点:ansible互信认证部署、ansible主机和组的定义Inventory
Ansible默认是通过SSH key和远程被控制主机进行通信,当然我们可以SSH password来和远程主机进行通信。 如果使用SSH KEY,则要将控制主机上的公钥放到被监控主机的/root/.ssh/authorized_keys文件中。
1、安装ansible和简单的配置的设置
安装epel源再yum安装ansible:
# yum installl ansible -y
# vim /etc/ansible/ansible.cfg
。。。。
# uncomment this to disable SSH key host checking
host_key_checking = False
2、主机组inventory设置
# cat /root/ans/ansible_inventory.txt
[front]
10.11.7.224 ansible_connection=ssh ansible_ssh_user=root ansible_ssh_pass=xuAKCeU
10.11.5.84 ansible_connection=ssh ansible_ssh_user=root ansible_ssh_pass=pwByh
3、创建SSH认证文件
# ssh-keygen -t rsa -N yOdaf
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):/root/.ssh/sshhost
Your identification has been saved in /root/.ssh/ansssh.
Your public key has been saved in /root/.ssh/ansssh.pub.
The key fingerprint is:
4b:8a:fb:f6:ca:58:81:b1:49:4b:47:55:c6:c1:61:df root@ecloud
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| ...+*o |
| . oo. . |
| + . . E |
| o B |
| = . S |
| . + . |
| . o . |
| =. |
| oo+o. |
+-----------------+
SSH认证文件创建成功之后,将控制主机的公钥文件 id_rsa.pub (这里改名为sshhost)添加到被控制主机的~/.ssh/authorized_keys。
# ~ 指的是控制主机和被控制主机通信的用户家目录。
# id_rsa 是控制主机的私钥文件,要严格保管。
# id_rsa.pub 是控制主机的公钥文件,可随意分发。
4、分发公钥文件
分发添加:
# ansible front -i /root/ans/ansible_inventory.txt -m authorized_key -a "user=root key='{{ lookup('file','/root/.ssh/sshhost.pub') }}'" -k
测试ping
# ansible front -i /root/ans/ansible_inventory.txt -m ping
10.11.5.84 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.11.7.224 | SUCCESS => {
"changed": false,
"ping": "pong"
指定ip操作:
# ansible front -i /root/ans/ansible_inventory.txt -m authorized_key -a "user=root key='{{ lookup('file','/root/.ssh/sshhost.pub') }}'" -k --limit 10.11.7.209
分发删除:
# ansible front -i /root/ans/ansible_inventory.txt -m authorized_key -a "user=root key='{{ lookup('file','/root/.ssh/sshhost.pub') }}' state=absent"
安装开发工具:
# ansible all -i /root/ans/ansible_inventory.txt -m shell -a "yum groupinstall 'Development Tools' -y"
