一、centos 7.4下安装ansible
1.1、使用yum安装ansible
1 |
[root@imzcy ~]# yum -y install ansible |
1.2、查看ansible版本
1 2 3 4 5 6 7 8 |
[root@imzcy ~]# ansible --version ansible 2.4.2.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] [root@imzcy ~]# |
二、编辑hosts配置文件,添加被管理服务器
2.1 查看ansible安装目录下有哪些文件
1 2 3 4 5 6 |
[root@imzcy ~]# ll /etc/ansible/ 总用量 24 -rw-r--r-- 1 root root 19179 1月 30 2018 ansible.cfg -rw-r--r-- 1 root root 1016 1月 30 2018 hosts drwxr-xr-x 2 root root 6 1月 30 2018 roles [root@imzcy ~]# |
2.2 编辑hosts配置文件,在末尾新增以下两行内容
(定义zcy-test组,并在其下添加一台192.168.122.69的服务器)
1 2 3 4 |
[root@imzcy ~]# tail -n 2 /etc/ansible/hosts [zcy-test] 192.168.122.69 [root@imzcy ~]# |
三、配置登录远程主机认证方式
第一种方法:使用ssh公钥进行认证
3.1.1、使用 ssh-keygen
命令生成ssh key
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
[root@imzcy ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:1zKLs5rgWm9MEtYEl64CKTjLEEE8UgiaNRAEvJU4Cfs root@imzcy The key's randomart image is: +---[RSA 2048]----+ |/O* o... | |=@ + .o | |*o= + | |Bo o o . | |++E. o S + . | |... o . o + | | .o+ o . | | o oo. o | | ....+.. | +----[SHA256]-----+ [root@imzcy ~]# [root@imzcy ~]# ll .ssh/ 总用量 8 -rw------- 1 root root 1679 10月 10 10:23 id_rsa -rw-r--r-- 1 root root 392 10月 10 10:23 id_rsa.pub [root@imzcy ~]# |
3.1.2、使用 ssh-copy-id
命令将公钥文件复制到远程服务器
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[root@imzcy ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.69 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.1.69 (192.168.1.69)' can't be established. ECDSA key fingerprint is SHA256:tnyGy4jcwB60drGNXUKL55ySboCTvN0MuPvL67dwTqg. ECDSA key fingerprint is MD5:19:3b:c2:ef:1b:0c:3d:96:93:20:65:8d:8f:17:d4:07. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.1.69's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.1.69'" and check to make sure that only the key(s) you wanted were added. [root@imzcy ~]# |
3.1.3、测试可以通过ssh key实现免密登录
1 2 3 |
[root@imzcy ~]# ssh root@192.168.122.69 Last login: Wed Oct 10 09:30:46 2018 from 192.168.122.158 [root@CBG-BJKD ~]# |
3.1.4、查看复制到远程服务器上的公钥文件信息
1 2 3 4 5 6 7 8 9 |
[root@CBG-BJKD ~]# ll .ssh/ 总用量 8 -rw------- 1 root root 392 10月 10 10:32 authorized_keys -rw-r--r-- 1 root root 2569 9月 23 14:24 known_hosts [root@CBG-BJKD ~]# [root@CBG-BJKD ~]# cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7nTwdAEO2C1seGXnVKVaOf56hvPwKUJpUyAt/Ca0HjuClMgYAGK3PQNhnQxFrzTduHjPmh4AhE2KiIzTwlJM2CWOUNQvwCxoIlwJLwW5NDNeHgiGKAd6/JSiZCNgRYU4qFpHHXXdBYOXN3/db1AP5bqHk1aGS5fSkq14mvGzCRRFXBiiWC/eeMJMumyYPjbpdaZY0h4Hzwxh513j60dr5RliJ4IxPsDjnuOwO3MT1ZcML7I+oAN9RSyfv3UtCSMMsKh2gi2gtYqkwbDgBN7ZvXHuAslTUaq4Iq2MpY6/uhBFJyGWXiT+ou0MmBkcveUeV2zciJEzpygB0xPf5wlqx root@imzcy [root@CBG-BJKD ~]# |
第二种方法:使用sshpass指定用户名密码进行认证
3.2.1、安装sshpass
1 2 3 4 5 6 7 8 |
[root@imzcy ~]# ll ssh* -rw-r--r-- 1 root root 112205 8月 28 14:42 sshpass-1.06.tar.gz [root@imzcy ~]# [root@imzcy ~]# tar -zxf sshpass-1.06.tar.gz [root@imzcy ~]# cd sshpass-1.06 [root@imzcy sshpass-1.06]# ./configure [root@imzcy sshpass-1.06]# make && make install |
3.2.2、编辑修改hosts配置文件
在要管理的远程主机IP后面加上两处配置项指定sshpass使用的用户名和密码、端口即可(端口默认22时可以不用指定)。
1 2 3 4 |
[root@imzcy ansible]# tail -n 2 hosts [zcy-pwd] 192.168.1.69 ansible_ssh_user=root ansible_ssh_pass=13456 ansible_ssh_port=22 [root@imzcy ansible]# |
注意:
测试过程中发现,ansible连接老版本系统时可能会存在无法正常连接的问题。测试使用ansible连接RHEL 5.8系统,不管是通过公钥认证还是sshpass指定用户名密码认证都无法正常连接!
2018-10-16 日更新:
解决方法请查看此篇文章: 《RHEL5.8升级自带python2.4.3为python2.7.5》
四、ansible命令简单使用
4.1、使用ping模块测试与被管理主机的连通性
ansible会像SSH那样尝试用你的当前用户名来连接你的远程机器。要覆写远程用户名,只需使用'-u'参数指定用户名即可!
1 2 3 4 5 6 |
[root@imzcy ~]# ansible zcy-test -m ping 192.168.1.69 | SUCCESS => { "changed": false, "ping": "pong" } [root@imzcy ~]# |
4.2、使用command模块获取远程主机内存使用情况
1 2 3 4 5 6 7 |
[root@imzcy ~]# ansible zcy-test -a "/usr/bin/free -m" 192.168.1.69 | SUCCESS | rc=0 >> total used free shared buff/cache available Mem: 3774 933 365 184 2475 2335 Swap: 3967 0 3967 [root@imzcy ~]# |