ansible基础配置

1、基础配置

1.1、环境

主机配置

ansible版本：2.7.4

控制端：centos7.4，IP：192.168.1.213，主机名：operation

被控制端：

centos6.5，IP：192.168.1.216，主机名：master；

centos6.5，IP：192.168.1.217，主机名：slave

centos7.3，IP：192.168.1.214，主机名：lzcx

# 系统设置
# centos6.5
service iptables stop
chkconfig iptables off
sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config
setenforce Permissive
# 控制端
sed -i 's/localhost.localdomain/master/' /etc/hosts
# 被控制端
sed -i 's/localhost.localdomain/slave/' /etc/hosts
# centos7.4
systemctl stop firewalld
systemctl disable firewalld
sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config
# 3台机器重启
shutdown -r now
# 安装常命令
yum install wget vim lrzsz gcc xz -y

控制端安装python3.7和ansible

# 依赖安装
yum -y install epel-release
yum -y install openssl openssl-devel openssl-static python-pip python-devel zlib-devel libffi-devel python-rpm-macros
# 下载python3.7
wget -c https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tar.xz
tar -Jxf Python-3.7.0.tar.xz
mkdir -p /usr/local/python3
cd ./Python-3.7.0
./configure --prefix=/usr/local/python3/
make
make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
# 安装ansible
pip3 install ansible

1.2、创建ansible管理用户

生产环境中，不允许root通过ssh登录，所以选择一个普通用户做ansible的管理账户。这里的环境是新主机，刚刚申请后只有一个root用户，以下脚本完成ansible新建管理用户和实现管理用户的密钥分发，注意需要安装sshpass，脚本会检查，默认所有机器的root密码一样。

以下是批量部署，创建ansible用户、密钥分发和实现sudo权限，可以自定义用户名和密码

#!/bin/bash

#########################################################################
# File Name: batch_users.sh
# file_path: /root/script/batch_users.sh
# Author: 浪子尘心
# Mail: 536418286@qq.com
# Created Time: 2018-11-09 17:43:02
# Last Changed: 2018-11-09 17:58:53
# Description: batch create users in linux
# Version: 0.1
#########################################################################

which sshpass > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "don't exist sshpass,please install sshpass"
exit;
fi

# select a user for ansible manager
ansible_user='ansible'

# passwd of ansible user
user_passwd='123456@Ap'

# root passwd
root_passwd='123456!Ab'

# creater a user
useradd ${ansible_user}

# change user passwd
echo ${user_passwd} | passwd --stdin ${ansible_user}

# make user to be the power of root
sed -i "92a ${ansible_user}     ALL=(ALL)       NOPASSWD: ALL" /etc/sudoers

# create private key
su - ${ansible_user} -c "ssh-keygen -t rsa -f /home/${ansible_user}/.ssh/id_rsa -N '' -q"

# config the public key
su - ${ansible_user} -c "sshpass -p${user_passwd} ssh-copy-id -i /home/${ansible_user}/.ssh/id_rsa.pub ${ansible_user}@127.0.0.1 -o StrictHostKeyChecking=no"

# batch create users and send public key
for line in `cat /root/script/ip_list.txt`
do
# create a user and change user passwd and make user to be root on remote
sshpass -p"${root_passwd}" ssh -o StrictHostKeyChecking=no root@${line} "useradd ${ansible_user} ; echo ${user_passwd} | passwd --stdin ${ansible_user} ; sed -i '92a ${ansible_user}     ALL=(ALL)       NOPASSWD: ALL' /etc/sudoers"

# send public key
su - ${ansible_user} -c "sshpass -p${user_passwd} ssh-copy-id -i /home/${ansible_user}/.ssh/id_rsa.pub ${ansible_user}@${line} -o StrictHostKeyChecking=no"
done

1.3、配置清单

下文中组名为 yuhui 的修改为 lzcx ，ip不变

[monitor]
192.168.1.213

[centos6]
192.168.1.[216:217]

[lzcx]
192.168.1.214

# 额外添加测试机器
[mysql]
192.168.1.20
192.168.1.21

[gzyk]
192.168.1.130
192.168.1.38

[dgyk]
192.168.1.162

[uim]
192.168.1.98

[yhgl]
192.168.1.172