Ansible-安装-秘钥-部署-使用
本文转自:https://www.cnblogs.com/ylqh/p/5902259.html
ansiblemaster:192.168.74.146
ansibleslave1 :192.168.74.144
ansibleslave2 : 192.168.74.140
安装ansible:
[root@ansiblemaster /]# yum -y install ansible
生成ssh秘钥文件,并且分发给所有客户端
[root@ansible_master ~]# ssh-keygen -t rsa #生成密钥
#将公钥分别发送到slave机器上面
[root@ansible_master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.74.144
-bash: ssh-copy-id: command not found
报错了
解决方法:
yum -y install openssh-clients
[root@ansible_master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.74.144
The authenticity of host '192.168.74.144 (192.168.74.144)' can't be established.
RSA key fingerprint is b8:5b:58:13:6f:71:12:0b:10:70:97:f8:c7:71:2c:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.74.144' (RSA) to the list of known hosts.
root@192.168.74.144's password:
Now try logging into the machine, with "ssh '192.168.74.144'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
在slave端见检查是否出现一个authorized_keys的文件。
root@ansibleslave1 .ssh]# ls /root/.ssh/
authorized_keys
检查一下是否安装成功:
[root@ansible_master ~]# ansible --version
ansible 2.1.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
安装ssh过程中如果出现sign_and_send_pubkey: signing failed: agent refused operation,解决方式为执行
eval
"$(ssh-agent -s)"
ssh-add
ansible安装完成
ansible的配置:
首先配置三台主机的hosts的文件:
[root@ansiblemaster ansible]# cat /etc/hosts
192.168.74.146 ansiblesmaster
192.168.74.144 ansibleslave1
192.168.74.140 ansibleslave2
配置ansible的host分组
[root@ansiblemaster ansible]# cat /etc/ansible/hosts
[www]
ansibleslave1
ansibleslave2
测试ansible与slave的是否可用了
[root@ansiblemaster ansible]# ansible *www* -m shell -a "df -h" -k
SSH password:
ansibleslave1 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 488M 0 488M 0% /dev
tmpfs 495M 0 495M 0% /dev/shm
tmpfs 495M 624K 495M 1% /run
tmpfs 495M 0 495M 0% /sys/fs/cgroup
/dev/sda3 18G 1.4G 17G 8% /
tmpfs 495M 44K 495M 1% /tmp
/dev/sda1 283M 74M 191M 28% /boot
tmpfs 99M 0 99M 0% /run/user/0
tmpfs 99M 0 99M 0% /run/user/1000 ansibleslave2 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 488M 0 488M 0% /dev
tmpfs 495M 0 495M 0% /dev/shm
tmpfs 495M 648K 495M 1% /run
tmpfs 495M 0 495M 0% /sys/fs/cgroup
/dev/sda3 18G 2.1G 16G 12% /
tmpfs 495M 48K 495M 1% /tmp
/dev/sda1 283M 74M 191M 28% /boot
tmpfs 99M 0 99M 0% /run/user/0
tmpfs 99M 0 99M 0% /run/user/1000
到此ansible已经支持简单的批量命令了
ansible错误排除:
第一:
[root@ansiblemaster ansible]# ansible -m ping all -k
SSH password:
ansibleslave1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
解决方法:
第一:首先查看客户端的/root/.ssh/下面是否存在 authorized_keys文件。
第二:测试master端是否可以无密钥登录slave端
(注意:检查防火墙与selinux)
第三:ping主机名是否可以ping通。
第二:
[root@ansiblemaster ansible]# ansible all -m ping -k
SSH password:
ansibleslave1 | FAILED! => {
"failed": true,
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
ssh第一次连接的时候一般会提示输入yes 进行确认为将key字符串加入到 ~/.ssh/known_hosts 文件中。而本机的~/.ssh/known_hosts文件中并有fingerprint key串
解决方法:在ansible.cfg文件中更改下面的参数:
# host_key_checking = False
将#号去掉即可
###################ansible内置模块的使用####################
先介绍一下ansible的命令参数:
1 [root@ansiblemaster ansible]# ansible --help
2 Usage: ansible <host-pattern> [options]
3
4 Options:
5 -a MODULE_ARGS, --args=MODULE_ARGS #(指定模块参数)
6 module arguments
7 --ask-vault-pass ask for vault password
8 -B SECONDS, --background=SECONDS #(在后台运行命令,在制定NUM秒后kill该任务)
9 run asynchronously, failing after X seconds
10 (default=N/A)
11 -C, --check don't make any changes; instead, try to predict some
12 of the changes that may occur #(只是测试一下会改变什么内容,不会真正去执行)
13 -D, --diff when changing (small) files and templates, show the
14 differences in those files; works great with --check
15 -e EXTRA_VARS, --extra-vars=EXTRA_VARS
16 set additional variables as key=value or YAML/JSON
17 -f FORKS, --forks=FORKS
18 specify number of parallel processes to use
19 (default=5)
20 -h, --help show this help message and exit #(帮助信息)
21 -i INVENTORY, --inventory-file=INVENTORY #(指定hosts文件路径,默认default=/etc/ansible/hosts)
22 specify inventory host path
23 (default=/etc/ansible/hosts) or comma separated host
24 list.
25 -l SUBSET, --limit=SUBSET
26 further limit selected hosts to an additional pattern
27 --list-hosts outputs a list of matching hosts; does not execute
28 anything else
29 -m MODULE_NAME, --module-name=MODULE_NAME #(指定模块)
30 module name to execute (default=command)
31 -M MODULE_PATH, --module-path=MODULE_PATH #(要执行的模块路径,默认为/usr/share/ansible)
32 specify path(s) to module library (default=None)
33 --new-vault-password-file=NEW_VAULT_PASSWORD_FILE
34 new vault password file for rekey
35 -o, --one-line condense output #(一个主机的执行结果在一行显示)
36 --output=OUTPUT_FILE output file name for encrypt or decrypt; use - for
37 stdout
38 -P POLL_INTERVAL, --poll=POLL_INTERVAL
39 set the poll interval if using -B (default=15)
40 --syntax-check perform a syntax check on the playbook, but do not
41 execute it
42 -t TREE, --tree=TREE log output to this directory #(日志输出到该目录,日志文件名以主机名命名)
43 --vault-password-file=VAULT_PASSWORD_FILE
44 vault password file
45 -v, --verbose verbose mode (-vvv for more, -vvvv to enable
46 connection debugging)
47 --version show program's version number and exit
48
49 Connection Options:
50 control as whom and how to connect to hosts
51
52 -k, --ask-pass ask for connection password #(输入ssh密码,而不是使用秘钥)
53 --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
54 use this file to authenticate the connection
55 -u REMOTE_USER, --user=REMOTE_USER #(指定远程机器的用户)
56 connect as this user (default=None)
57 -c CONNECTION, --connection=CONNECTION #(指定建立连接的类型,一般有ssh,localhost FILES)
58 connection type to use (default=smart)
59 -T TIMEOUT, --timeout=TIMEOUT #(超时时间)
60 override the connection timeout in seconds
61 (default=10)
62 --ssh-common-args=SSH_COMMON_ARGS
63 specify common arguments to pass to sftp/scp/ssh (e.g.
64 ProxyCommand)
65 --sftp-extra-args=SFTP_EXTRA_ARGS
66 specify extra arguments to pass to sftp only (e.g. -f,
67 -l)
68 --scp-extra-args=SCP_EXTRA_ARGS
69 specify extra arguments to pass to scp only (e.g. -l)
70 --ssh-extra-args=SSH_EXTRA_ARGS
71 specify extra arguments to pass to ssh only (e.g. -R)
72
73 Privilege Escalation Options:
74 control how and which user you become as on target hosts
75
76 -s, --sudo run operations with sudo (nopasswd) (deprecated, use
77 become)
78 -U SUDO_USER, --sudo-user=SUDO_USER
79 desired sudo user (default=root) (deprecated, use
80 become)
81 -S, --su run operations with su (deprecated, use become)
82 -R SU_USER, --su-user=SU_USER
83 run operations with su as this user (default=root)
84 (deprecated, use become)
85 -b, --become run operations with become (does not imply password
86 prompting)
87 --become-method=BECOME_METHOD
88 privilege escalation method to use (default=sudo),
89 valid choices: [ sudo | su | pbrun | pfexec | runas |
90 doas | dzdo ]
91 --become-user=BECOME_USER
92 run operations as this user (default=root)
93 --ask-sudo-pass ask for sudo password (deprecated, use become)
94 --ask-su-pass ask for su password (deprecated, use become)
95 -K, --ask-become-pass #(提示输入sudo密码,与sudo一起使用)
96 ask for privilege escalation password
(解释的不是太全,有些我还没有用到,欢迎大牛指定!)
ansible的模块的使用:
第一个:copy模块
用途:把master端文件拷贝到其他slave端上
[root@ansiblemaster ansible]# ansible *www* -m copy -a 'src=/etc/ansible/test1.txt dest=/opt/'
ansibleslave2 | FAILED! => {
"changed": false,
"checksum": "44b9edcf7d3cb15a005a3eb16b8011d352399eed",
"failed": true,
"msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"
}
问题:被控机器上开启selinux的,需要要安装上libselinux-python
解决办法:被控机器上安装:
yum -y install libselinux-python
[root@ansiblemaster ansible]# ansible *www* -m copy -a 'src=/etc/ansible/test1.txt dest=/opt/' -k
SSH password:
ansibleslave2 | SUCCESS => {
"changed": true,
"checksum": "44b9edcf7d3cb15a005a3eb16b8011d352399eed",
"dest": "/opt/test1.txt",
"gid": 0,
"group": "root",
"md5sum": "0a1d32cf98dac2652ecca0aa4571ac3b",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 5,
"src": "/root/.ansible/tmp/ansible-tmp-1474886175.03-280566111251484/source",
"state": "file",
"uid": 0
}
第二个:file模块:
用途:更改被控节点的权限为777,属主数组为root
[root@ansiblemaster ansible]# ansible all -m file -a "dest=/opt/test1.txt mode=777 owner=root group=root"
ansibleslave1 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"path": "/opt/test1.txt",
"secontext": "system_u:object_r:usr_t:s0",
"size": 5,
"state": "file",
"uid": 0
}
第三个:cron
用途:在所有节点上设置crontab
[root@ansiblemaster ansible]# ansible all -m cron -a 'name="custom job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 192.168.74.146"'
ansibleslave1 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"custom job"
]
}
ansibleslave2 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"custom job"
]
}
第四个:group模块
用途:在所有被控端上创建gid是2048的名字为zzl的组
[root@ansiblemaster ansible]# ansible all -m group -a 'gid=2048 name=zzl'
ansibleslave1 | SUCCESS => {
"changed": true,
"gid": 2048,
"name": "zzl",
"state": "present",
"system": false
}
ansibleslave2 | SUCCESS => {
"changed": true,
"gid": 2048,
"name": "zzl",
"state": "present",
"system": false
}
第五个:user模块
用途:在所有被控端上创建用户名为zzl,组名为zzl的用户
[root@ansiblemaster ansible]# ansible all -m user -a 'name=zzl groups=zzl state=present'
ansibleslave1 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 100,
"groups": "zzl",
"home": "/home/zzl",
"name": "zzl",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1003
}
ansibleslave2 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 100,
"groups": "zzl",
"home": "/home/zzl",
"name": "zzl",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}
第六:get_url模块:
用途: 将http://ip/的index.html下载到所有节点的/home目录下
[root@ansiblemaster ~]# ansible all -m get_url -a 'url=http://ip/ dest=/home'
ansibleslave1 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "3b8a8ccd603538b663776258db5265adf1e87ece",
"dest": "/home/index.html",
"gid": 0,
"group": "root",
"md5sum": "8235b10c5e8177ab388f9b0f7073bcb9",
"mode": "0644",
"msg": "OK (unknown bytes)",
"owner": "root",
"secontext": "unconfined_u:object_r:home_root_t:s0",
"size": 3209,
"src": "/tmp/tmp5dcxVi",
"state": "file",
"uid": 0,
"url": "http://211.151.81.74/"
}
ansibleslave2 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "67190352276452de41c7b08b0eb98d0b997ea21a",
"dest": "/home/index.html",
"gid": 0,
"group": "root",
"md5sum": "643988ed5105422eaf813b6acde9661a",
"mode": "0644",
"msg": "OK (unknown bytes)",
"owner": "root",
"secontext": "unconfined_u:object_r:home_root_t:s0",
"size": 3209,
"src": "/tmp/tmpmGTNeq",
"state": "file",
"uid": 0,
"url": "http://211.151.81.74/"
}
第七:script模块
用途:在所有节点上执行/home/1.sh脚本(该脚本是在ansible控制节点上的)
[root@ansiblemaster ~]# ansible all -m script -a '/home/1.sh'
ansibleslave1 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "",
"stdout": "",
"stdout_lines": []
}
ansibleslave2 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "",
"stdout": "",
"stdout_lines": []
}
第八:command:
用途:在指定节点上运行df -h的命令
[root@ansiblemaster ~]# ansible all -m command -a 'df -h'
ansibleslave1 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 488M 0 488M 0% /dev
tmpfs 495M 0 495M 0% /dev/shm
tmpfs 495M 624K 495M 1% /run
tmpfs 495M 0 495M 0% /sys/fs/cgroup
/dev/sda3 18G 1.4G 17G 8% /
tmpfs 495M 44K 495M 1% /tmp
/dev/sda1 283M 74M 191M 28% /boot
tmpfs 99M 0 99M 0% /run/user/0
tmpfs 99M 0 99M 0% /run/user/1000 ansibleslave2 | SUCCESS | rc=0 >>
Filesystem Size Used Avail Use% Mounted on
devtmpfs 488M 0 488M 0% /dev
tmpfs 495M 0 495M 0% /dev/shm
tmpfs 495M 648K 495M 1% /run
tmpfs 495M 0 495M 0% /sys/fs/cgroup
/dev/sda3 18G 2.2G 16G 12% /
tmpfs 495M 48K 495M 1% /tmp
/dev/sda1 283M 74M 191M 28% /boot
tmpfs 99M 0 99M 0% /run/user/0
tmpfs 99M 0 99M 0% /run/user/1000
Ansible-安装-秘钥-部署-使用的更多相关文章
- Windows10安装秘钥大全
Windows10官方镜像下载地址: 点击下载 老毛桃U盘启动制作:点击下载 秘钥大全 家庭版: Core 家庭版:YTMG3-N6DKC-DKB77-7M9GH-8HVX7 单语言家庭版:BT79Q ...
- 云主机使用ansible出现秘钥认证问题
使用ansible的时候,出现如下秘钥失效的问题: root@jumpserver ftp]# ansible web -m ping The authenticity of host 'web-00 ...
- visual studio 2019安装秘钥
美国时间4.2微软发布了最新版本的visual studio 2019 现在贴出visual studio2019的秘钥,有需要的请自取: Visual Studio 2019 Enterprise( ...
- expect配合shell 实现自动分发秘钥文件
expect使用场景 有时候需要批量地执行一些操作,或者执行自动化的操作的时候,有些指令需要交互式地进行这就会有很多麻烦,linux下有一个程序交expect,它可以模拟键盘输入文本,省去人工干预交互 ...
- Ansible安装配置及使用
一.Ansible特点 1.不需要安装客户端,通过sshd通信 2.基于模块工作,模块可以由任何序言开发 3.不仅支持命令行使用模块,也支持编写yaml格式的playbook 4.支持sudo 5.有 ...
- ansible 安装及基本使用
1.yum 安装 yum -y install epel-releaseyum -y install ansible ansible 配置秘钥 ssh-keygen -t rsa #直接回车不用设置密 ...
- Ansible安装部署和常用命令,及其主机清单inventory(二)
1.ansible的安装方式 1.1使用yum源安装 yum install ansible -y 1.2使用rpm包安装 https://dl.fedoraproject.org/pub/epel/ ...
- Ansible安装部署
Ansible安装部署 Ansible是一种集成IT系统的配置管理, 应用部署, 执行特定任务的开源平台. 它基于Python语言实现, 部署只需在主控端部署Ansible环境, 被控端无需安装代理工 ...
- sshpass做秘钥分发,ansible做自动化运维工具
最近公司机器的增多,顺便还要上报表系统,考虑到服务器越来越多,手工的管理显得越来的越吃力,所以打算推进公司自动化运维工具的使用. 推进的过程中,一步一个坑踩过来的.由于公司之前未运用过自动化运维工具, ...
随机推荐
- 误删文件不用怕 grep命令帮你恢复
作为长期的电脑使用者,肯定会有误删文件的经历,在 Mac OS X 和 Windows 上删除的文件都会默认进 “回收站”.在 Linux 上如果事先没有用别名(alias)修改默认的 rm 功能,r ...
- POJ3104--Drying(Binary Search)
It is very hard to wash and especially to dry clothes in winter. But Jane is a very smart girl. She ...
- sdut 3916
这道题就是二分枚举加贪心,小蓝书上一开始就讲的,但是我给忘了,很难受 #include <iostream> #include <cstdio> #include <cs ...
- jQuery插件初级练习4
<!DOCTYPE html><html> <head> <meta charset="UTF-8"> <title>& ...
- ElementTriArgyris
class ElementTriArgyris(ElementH2): nodal_dofs = 6 facet_dofs = 1 dim = 2 maxdeg = 5 def gdof(self, ...
- fastscript例子一
fastscript例子一 fastscript例子一 unit Unit1; interface usesWinapi.Windows, Winapi.Messages, System.SysU ...
- 分形之树(Tree)
似乎每一个有关分形的教程都要讲到分形树,大概是因为树是生活中最常见的分形实物吧.这一节将展示下如何一步一步地生长出一棵树来.其实现算法不难,就是在每一次生长迭代中,使线段生长出几条新的线段来. 核心代 ...
- Excel VBA语句集
Excel VBA语句集 引子 最近批阅学生成绩,用Excel 处理学生成绩,用到VBA 提高办公效率.需要经常查阅VBA的一些用法 正文 定制模块行为 (1) Option Explicit '强制 ...
- 通过 sysprocesses 简单查询死锁及解决死锁办法
简单查询死锁,如下四步可以轻松解决: 第一步:查询死锁语句 1: 条件是 blocked <> 0 select dbid,* from sys.sysprocesseswhere 1=1 ...
- asp.net mvc 配置ckeditor4.x
下载地址:https://ckeditor.com/ckeditor-4/download/ 一.使用方法: 1.在页面中引入ckeditor核心文件ckeditor.js 2.在使用编辑器的地方插入 ...