一 环境配置
角色 | 主机名 | ip 地址 | 组名 |
控制节点 | control | 192.168.188.60 | localhost |
被控制节点1 | node1 | 192.168.188.61 | nodes |
被控制节点2 | node2 | 192.168.188.62 | nodes |
1.配置三个主机/etc/hosts文件,实现通过主机名互相访问
在三个主机上均需要配置
2.配置ssh远程免密连接
2.1在控制主机control生成秘钥
2.2 发送公钥到受控主机node1 node2
[root@control ~]# ssh-copy-id -i node1
[root@control ~]# ssh-copy-id -i node2
二 控制主机control上安装ansible
1.确认控制主机可以上网
2.挂载并配置 epel源
2.1挂载
[root@control ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: device write-protected, mounted read-only.
2.2 配置epel源
[root@control ~]# cd /etc/yum.repos.d
[root@control yum.repos.d]# vim epel.repo
[root@control yum.repos.d]# cat epel.repo
[epel]
name = epel
baseurl = https://mirrors.tuna.tsinghua.edu.cn/epel/8/Everything/x86_64/
gpgcheck = 0
enabled = 1
3、通过yum安装ansible
[root@control yum.repos.d]# yum install ansible
4、通过 ansible --version 判断是否安装成功
[root@control ~]# ansible --version
三. 定义主机清单
- 默认安装ansible匹配的主机清单文件是/etc/ansible/hosts
创建一个自己的目录来做ansible测试
[root@control ~]# cd myx
[root@control myx]# vim inventory
[root@control myx]# cat inventory
[nodes]
node1
node2
四、ansible使用ssh连接受管主机并配置免密登录,一般不建议用管理用户,要求通过普通用户 myx进行链接
1、将公钥发送给node1主机和node2主机的myx用户
root@control myx]# ssh-copy-id myx@node1
root@control myx]# ssh-copy-id myx@node2
2、配置ansible文件
[root@control myx]# vim ansible.cfg
[root@control myx]# cat ansible.cfg
[defaults]
inventory = ./inventory
remote_user = myx
ask_pass = false
3、测试
[root@control myx]# ansible all -a "whoami"
node1 | CHANGED | rc=0 >>
myx
node2 | CHANGED | rc=0 >>
myx
五、远程用户sudo提权
1、对myx用户下放权限(特权升级也要做这一步)
[root@node1 ~]# vim /etc/sudoers
root ALL=(ALL) ALL
myx ALL=(ALL) NOPASSWD: ALL //授权myx用户在所有计算机上以所有用户身份免密执行所有命令
[root@node2 ~]# vim /etc/sudoers
root ALL=(ALL) ALL
myx ALL=(ALL) NOPASSWD: ALL
2、设置默认sudo用户为root,关闭提权时的密码验证
[root@control myx]# vim ansible.cfg
[root@control myx]# cat ansible.cfg
[defaults]
inventory=./inventory
remote_user=myx
ask_pass=False
sudo_user=root //默认的sudo用户
ask_sudo_pass=False //提权时是否密码验证
//特权升级
[privilege_escalation]
become=True //连接后是否在受管主机上切换用户,默认会切换到root下
become_method=sudo //如何切换用户
become_user=root //受管主机切换到的哪个用户
become_ask_pass=False //是否为become_method提示输入密码
3、测试
[root@control myx]# ansible nodes -m ping
node1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@control myx]# ansible all -a "id"
node2 | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
node1 | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
五、写一个playbook并执行
[root@control myx]# vim createuser.yml
[root@control myx]# cat createuser.yml
---
- name: this is my first play
hosts: nodes
tasks:
- name: create a new user
user:
name: test0112
uid: 20230112
state: present
[root@control myx]# ansible-playbook createuser.yml
PLAY [this is my first play] ***************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
ok: [node2]
TASK [create a new user] *******************************************************
changed: [node1]
changed: [node2]
PLAY RECAP *********************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node2 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
![[root@control myx]# cat createuser.yml
name :
hosts:
tasks :
this is my first play
nodes
name :
user:
create a new user
name: test0112
uid: 20230112
state: present
[root@control myx]# ansible-playbook createuser.yml
PLAY [this is my first play]
TASK [Gathering Facts]
ok:
[nodel]
ok: [node2]
TASK [create a new user]
changed: [nodel]
changed: [node2]
nodel
node2
ok=2
ok=2
changed=l
changed=l
unreachable=o
unreachable=o
failed=O
failed=O
skipped—O
skipped
rescued=O
rescued
ignored=O
ignored=O](https://s2.51cto.com/images/202301/37f3ce0603255a3d78068125ae1fdac80ee9d5.png?x-oss-process=image/watermark,size_14,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=, "[root@control myx]# cat createuser.yml
name :
hosts:
tasks :
this is my first play
nodes
name :
user:
create a new user
name: test0112
uid: 20230112
state: present
[root@control myx]# ansible-playbook createuser.yml
PLAY [this is my first play]
TASK [Gathering Facts]
ok:
[nodel]
ok: [node2]
TASK [create a new user]
changed: [nodel]
changed: [node2]
nodel
node2
ok=2
ok=2
changed=l
changed=l
unreachable=o
unreachable=o
failed=O
failed=O
skipped—O
skipped
rescued=O
rescued
ignored=O
ignored=O")
