ansible搭建

ansible配置步骤

1.创建用户

2.用户提权

3.用户免密

4.cp ansible配置文件

5.配置主机清单

6.修改ansible 用户路径下的配置文件

1.创建用户（都要做）

[root@localhost ~]# useradd  hum
[root@localhost ~]# passwd hum
Changing password for user hum.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.

2.用户提权（都要做）

[root@localhost ~]# cat /etc/sudoers.d/hum
hum ALL=(ALL) NOPASSWD:ALL

3.用户免密

[root@localhost ~]# su hum
[hum@localhost root]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hum/.ssh/id_rsa):
Created directory '/home/hum/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hum/.ssh/id_rsa.
Your public key has been saved in /home/hum/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:emW7KWD/2eSSFA1IRpmZMXEBt4g8bkr1A+nBN/vGQWE hum@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|       oOXE.     |
|     o +**.o     |
|      X + oo     |
|     + * +. .    |
|    . + S +.     |
|   . oo. *.o     |
|    ...o..=..    |
|       .o.oB     |
|         o=.o    |
+----[SHA256]-----+
[hum@localhost ~]$ ll -a
total 12
drwx------. 4 hum  hum   90 Dec  6 09:25 .
drwxr-xr-x. 4 root root  28 Dec  5 16:05 ..
-rw-r--r--. 1 hum  hum   18 Dec  4  2020 .bash_logout
-rw-r--r--. 1 hum  hum  141 Dec  4  2020 .bash_profile
-rw-r--r--. 1 hum  hum  376 Dec  4  2020 .bashrc
drwxr-xr-x. 4 hum  hum   39 Nov 19 21:56 .mozilla
drwx------. 2 hum  hum   38 Dec  6 09:25 .ssh
[hum@localhost ~]$ ssh-copy-id hum@192.168.10.20
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/hum/.ssh/id_rsa.pub"
The authenticity of host '192.168.10.20 (192.168.10.20)' can't be established.
ECDSA key fingerprint is SHA256:LC3ur7vjJjDH/59gWsQu/kreK4GdZwhlh+M3SJ6/S+s.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hum@192.168.10.20's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'hum@192.168.10.20'"
and check to make sure that only the key(s) you wanted were added.

验证：

#远程连接不用输密码
[hum@control root]$ ssh hum@node1
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

Last login: Wed Dec  6 09:35:43 2023 from 192.168.10.10
[hum@node1 ~]$ exit
logout
Connection to node1 closed.

#sudo 命令不用输入root密码
[hum@control root]$ ls
ls: cannot open directory '.': Permission denied
[hum@control root]$ sudo ls
anaconda-ks.cfg       Music
Desktop		      Pictures
Documents	      Public
Downloads	      Templates
initial-setup-ks.cfg  Videos

4.cp ansible配置文件

[hum@control ~]$ cp -r /etc/ansible/ .
[hum@control ~]$ ll
total 0
drwxr-xr-x. 3 hum hum 51 Dec  6 09:41 ansible

5.配置主机清单

[hum@control ansible]$ vim hosts
[hum@control ansible]$ sort hosts
node1

6.修改ansible 用户路径下的配置文件

[hum@control ansible]$ cat ansible.cfg
[defaults]
inventory      = /home/hum/ansible/hosts#定义默认使用的主机清单
ask_pass       = false#ansible在操作远程主机时，获取远程主机上的用户身份，是否提示密码验证，默认为True。如果使用密钥认证的话，建议将其设置为False
remote_user    = hum#用户在操作远程主机时，使用远程主机上的哪个身份，默认是root
log_path       = /var/log/ansible.log

[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False

[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
host_key_checking = false

实验成功：

[hum@control ansible]$ ansible node1 -m shell -a  "whoami"
[WARNING]: log file at /var/log/ansible.log is not writeable and we cannot create it, aborting

node1 | CHANGED | rc=0 >>
root