部署ansible架构
安装yum源
[root@server ~]# cd /etc/yum.repos.d/
[root@server yum.repos.d]# ll
total 4
-rw-r--r--. 1 root root 137 Jul 2 02:10 xx.repo
[root@server yum.repos.d]# rm -rf *
//配置阿里云yum源
[root@server yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@server yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
//配置ansible 的yum源
[root@server yum.repos.d]# dnf list all|grep ansible
[root@server yum.repos.d]# dnf -y install centos-release-ansible-29-1-2.el8.noarch
[root@server yum.repos.d]# ls /etc/yum.repos.d/ |grep ansible
CentOS-SIG-ansible-29.repo
安装ansible
[root@server ~]# dnf -y install ansible
查看ansible版本
[root@server ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
配置/etc/hosts
[root@server ~]# vim /etc/hosts
192.168.87.128 server.example.com server
192.168.87.129 nodel1.example.com nodel1
192.168.87.131 nodel2.example.com nodel2
192.168.87.133 nodel3.example.com nodel3
配置ssh的基于密钥认证
执行ssh-keygen命令,一直回车
[root@server ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:oS14wRQeLfk4BUmyhabLOt4eKoe81l+Nfxy7IXGvYUI root@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
| .oB* |
| oB+.o |
| o. +=. |
| . .o+.. |
| . .. +.SE . |
| o . .+ o.. |
|.o.. o +.+o. |
|=o+.. . . +++ |
|+*oo.. ..o. |
+----[SHA256]-----+
[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel1'"
and check to make sure that only the key(s) you wanted were added.
[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'nodel2 (192.168.87.131)' can't be established.
ECDSA key fingerprint is SHA256:5gd7HmPvSJxbclz5gFTHK1WDjLN6Qwd8HpqA/enrYlI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel2'"
and check to make sure that only the key(s) you wanted were added.
[root@server ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'nodel3 (192.168.87.133)' can't be established.
ECDSA key fingerprint is SHA256:r4SZXJQDBt9bqNG2NHuCdmfeRGLsX+INUbL3qWQ9NVI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel3's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel3'"
and check to make sure that only the key(s) you wanted were added.
将ansible本地的/etc/hosts文件发送给受控主机
[root@server ~]# scp /etc/hosts root@192.168.87.129:/etc/hosts
The authenticity of host '192.168.87.129 (192.168.87.129)' can't be established.
ECDSA key fingerprint is SHA256:GSJLlJgtoagBXmMbWp2t+aTDa0qy8ti+yZX3/Ujycto.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.87.129' (ECDSA) to the list of known hosts.
root@192.168.87.129's password:
hosts 100% 323 221.9KB/s 00:00
[root@server ~]# scp /etc/hosts root@192.168.87.131:/etc/hosts
The authenticity of host '192.168.87.131 (192.168.87.131)' can't be established.
ECDSA key fingerprint is SHA256:5gd7HmPvSJxbclz5gFTHK1WDjLN6Qwd8HpqA/enrYlI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.87.131' (ECDSA) to the list of known hosts.
root@192.168.87.131's password:
hosts 100% 323 173.0KB/s 00:00
[root@server ~]# scp /etc/hosts root@192.168.87.133:/etc/hosts
The authenticity of host '192.168.87.133 (192.168.87.133)' can't be established.
ECDSA key fingerprint is SHA256:r4SZXJQDBt9bqNG2NHuCdmfeRGLsX+INUbL3qWQ9NVI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.87.133' (ECDSA) to the list of known hosts.
root@192.168.87.133's password:
hosts 100% 323 209.3KB/s 00:00
在ansible主机和所有受控主机中创建student用户,并设置密码为redhat
[root@server ~]# useradd student
[root@server ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.
[root@nodel1 ~]# useradd student
[root@nodel1 ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.
[root@nodel2 ~]# useradd student
[root@nodel2 ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.
[root@nodel3 ~]# useradd student
[root@nodel3 ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.
使用student用户创建基于密钥认证
[root@server ~]# su - student
Last login: Fri Oct 21 03:05:53 CST 2022 on pts/0
[student@server ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa):
Created directory '/home/student/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xtu/Yldm5cvaoBpPFgQy0Ru5CtauDCbNGR06yEo63DA student@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
| +o.. |
| . o+. |
|. . o o +. |
| E + + o o. .|
|= * = o S . o |
|+o B + o . + .|
| .o o . ...o =. .|
| o B.o oo |
| o.=oo.. |
+----[SHA256]-----+
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'nodel1 (192.168.87.129)' can't be established.
ECDSA key fingerprint is SHA256:GSJLlJgtoagBXmMbWp2t+aTDa0qy8ti+yZX3/Ujycto.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel1'"
and check to make sure that only the key(s) you wanted were added.
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'nodel2 (192.168.87.131)' can't be established.
ECDSA key fingerprint is SHA256:5gd7HmPvSJxbclz5gFTHK1WDjLN6Qwd8HpqA/enrYlI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel2'"
and check to make sure that only the key(s) you wanted were added.
[student@server ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@nodel3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'nodel3 (192.168.87.133)' can't be established.
ECDSA key fingerprint is SHA256:r4SZXJQDBt9bqNG2NHuCdmfeRGLsX+INUbL3qWQ9NVI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel3's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@nodel3'"
and check to make sure that only the key(s) you wanted were added.
修改 ansible 的配置
[student@server ~]$ mkdir ansible
[student@server ~]$ cd ansible/
[student@server ansible]$ cp /etc/ansible/ansible.cfg .
[student@server ansible]$ vim ansible.cfg
···
inventory = /home/student/ansible/inventory
···
[student@server ansible]$ vim inventory
nodel1
nodel2
nodel3
测试
[student@server ansible]$ ansible all -m ping
nodel1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: student@nodel1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
nodel2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: student@nodel2: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
nodel3 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: student@nodel3: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
|