[系统运维]部署ansible架构

部署ansible架构

安装yum源

[root@server ~]# cd /etc/yum.repos.d/
[root@server yum.repos.d]# ll
total 4
-rw-r--r--. 1 root root 137 Jul  2 02:10 xx.repo
[root@server yum.repos.d]# rm -rf *
//配置阿里云yum源
[root@server yum.repos.d]#  curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@server yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
//配置ansible 的yum源
[root@server yum.repos.d]# dnf list all|grep ansible
[root@server yum.repos.d]# dnf -y install centos-release-ansible-29-1-2.el8.noarch 
[root@server yum.repos.d]# ls /etc/yum.repos.d/ |grep ansible
CentOS-SIG-ansible-29.repo

安装ansible

[root@server ~]# dnf  -y  install  ansible

查看ansible版本

[root@server ~]# ansible  --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Apr 16 2020, 01:36:27) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]

配置/etc/hosts

[root@server ~]# vim /etc/hosts

192.168.87.128 server.example.com server
192.168.87.129 nodel1.example.com nodel1
192.168.87.131 nodel2.example.com nodel2
192.168.87.133 nodel3.example.com nodel3

配置ssh的基于密钥认证

执行ssh-keygen命令，一直回车

[root@server ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:oS14wRQeLfk4BUmyhabLOt4eKoe81l+Nfxy7IXGvYUI root@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
|    .oB*         |
|    oB+.o        |
|   o. +=.        |
|  .  .o+..       |
| . .. +.SE .     |
|  o  . .+ o..    |
|.o..   o +.+o.   |
|=o+.. . . +++    |
|+*oo..   ..o.    |
+----[SHA256]-----+

[root@server ~]# ssh-copy-id  -i  ~/.ssh/id_rsa.pub  root@nodel1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@nodel1'"
and check to make sure that only the key(s) you wanted were added.

[root@server ~]# ssh-copy-id  -i  ~/.ssh/id_rsa.pub  root@nodel2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'nodel2 (192.168.87.131)' can't be established.
ECDSA key fingerprint is SHA256:5gd7HmPvSJxbclz5gFTHK1WDjLN6Qwd8HpqA/enrYlI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@nodel2'"
and check to make sure that only the key(s) you wanted were added.


[root@server ~]# ssh-copy-id  -i  ~/.ssh/id_rsa.pub  root@nodel3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'nodel3 (192.168.87.133)' can't be established.
ECDSA key fingerprint is SHA256:r4SZXJQDBt9bqNG2NHuCdmfeRGLsX+INUbL3qWQ9NVI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@nodel3'"
and check to make sure that only the key(s) you wanted were added.

将ansible本地的/etc/hosts文件发送给受控主机

[root@server ~]# scp /etc/hosts root@192.168.87.129:/etc/hosts
The authenticity of host '192.168.87.129 (192.168.87.129)' can't be established.
ECDSA key fingerprint is SHA256:GSJLlJgtoagBXmMbWp2t+aTDa0qy8ti+yZX3/Ujycto.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.87.129' (ECDSA) to the list of known hosts.
root@192.168.87.129's password: 
hosts                                                                    100%  323   221.9KB/s   00:00    
[root@server ~]# scp /etc/hosts root@192.168.87.131:/etc/hosts
The authenticity of host '192.168.87.131 (192.168.87.131)' can't be established.
ECDSA key fingerprint is SHA256:5gd7HmPvSJxbclz5gFTHK1WDjLN6Qwd8HpqA/enrYlI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.87.131' (ECDSA) to the list of known hosts.
root@192.168.87.131's password: 
hosts                                                                    100%  323   173.0KB/s   00:00    
[root@server ~]# scp /etc/hosts root@192.168.87.133:/etc/hosts
The authenticity of host '192.168.87.133 (192.168.87.133)' can't be established.
ECDSA key fingerprint is SHA256:r4SZXJQDBt9bqNG2NHuCdmfeRGLsX+INUbL3qWQ9NVI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.87.133' (ECDSA) to the list of known hosts.
root@192.168.87.133's password: 
hosts                                                                    100%  323   209.3KB/s   00:00  

在ansible主机和所有受控主机中创建student用户，并设置密码为redhat

[root@server ~]# useradd student
[root@server ~]# echo redhat|passwd --stdin student 
Changing password for user student.
passwd: all authentication tokens updated successfully.

[root@nodel1 ~]# useradd student
[root@nodel1 ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

[root@nodel2 ~]# useradd student
[root@nodel2 ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

[root@nodel3 ~]# useradd student
[root@nodel3 ~]# echo redhat|passwd --stdin student
Changing password for user student.
passwd: all authentication tokens updated successfully.

使用student用户创建基于密钥认证

[root@server ~]# su - student 
Last login: Fri Oct 21 03:05:53 CST 2022 on pts/0
[student@server ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa): 
Created directory '/home/student/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xtu/Yldm5cvaoBpPFgQy0Ru5CtauDCbNGR06yEo63DA student@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
|       +o..      |
|     .  o+.      |
|. . o o   +.     |
| E + + o o.     .|
|= * = o S  .   o |
|+o B   + o  . + .|
| .o o . ...o =. .|
|     o    B.o oo |
|         o.=oo.. |
+----[SHA256]-----+
[student@server ~]$ ssh-copy-id  -i  ~/.ssh/id_rsa.pub  root@nodel1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'nodel1 (192.168.87.129)' can't be established.
ECDSA key fingerprint is SHA256:GSJLlJgtoagBXmMbWp2t+aTDa0qy8ti+yZX3/Ujycto.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@nodel1'"
and check to make sure that only the key(s) you wanted were added.

[student@server ~]$ ssh-copy-id  -i  ~/.ssh/id_rsa.pub  root@nodel2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'nodel2 (192.168.87.131)' can't be established.
ECDSA key fingerprint is SHA256:5gd7HmPvSJxbclz5gFTHK1WDjLN6Qwd8HpqA/enrYlI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel2's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@nodel2'"
and check to make sure that only the key(s) you wanted were added.

[student@server ~]$ ssh-copy-id  -i  ~/.ssh/id_rsa.pub  root@nodel3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
The authenticity of host 'nodel3 (192.168.87.133)' can't be established.
ECDSA key fingerprint is SHA256:r4SZXJQDBt9bqNG2NHuCdmfeRGLsX+INUbL3qWQ9NVI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@nodel3's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@nodel3'"
and check to make sure that only the key(s) you wanted were added.

修改 ansible 的配置

[student@server ~]$ mkdir ansible
[student@server ~]$ cd ansible/
[student@server ansible]$ cp /etc/ansible/ansible.cfg  .
[student@server ansible]$ vim ansible.cfg 
···
inventory      = /home/student/ansible/inventory
···

[student@server ansible]$ vim inventory
nodel1
nodel2
nodel3

测试

[student@server ansible]$ ansible all -m ping
nodel1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: student@nodel1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}
nodel2 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: student@nodel2: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}
nodel3 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: student@nodel3: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}