[系统运维]ansible架构部署

linux ansible架构

ansible部署

安装yum源 安装ansible

[root@ansible ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# dnf -y install centos-release-ansible-29-1-2.el8.noarch 
[root@ansible ~]# dnf -y install ansible

查看ansible版本

[root@ansible ~]# ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Jan 19 2022, 23:28:49) [GCC 8.5.0 20210514 (Red Hat 8.5.0-7)]

配置/etc/hosts

[root@ansible ~]# vim /etc/hosts
192.168.78.138 ansible.example.com ansible
192.168.78.139 node1.example.com node1
192.168.78.144 node2.example.com node2
192.168.78.145 node3.example.com node3

配置ssh的基于密钥认证

在ansible节点执行ssh-keygen命令，一直回车

[root@ansible ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1nUMRZerEhMCkYm+2099aMI31+fM7zn54Qmg0+rhMbg root@ansible.example.com
The key's randomart image is:
+---[RSA 3072]----+
|      .o=   .oo o|
|     . o . . o o |
|    .     . o o .|
|     .   . + . . |
|      . S ..o .  |
|     . .o +.o..  |
|      o. X B.+ oo|
|     . .+ X + o*=|
|       Eo=     =@|
+----[SHA256]-----+

[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node1
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node2
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@node3

将ansible本地的/etc/hosts文件发送给受控主机

在ansible节点使用如下命令

[root@ansible ~]# for  i  in   node{1..3}
> do scp /etc/hosts root@$i:/etc/hosts
> done
hosts                                                   100%  318    99.3KB/s   00:00    
hosts                                                   100%  318   155.8KB/s   00:00    
hosts                                                   100%  318   169.6KB/s   00:00    

在ansible主机和所有受控主机中创建student用户，并设置密码为123

[root@ansible ~]# useradd student
[root@ansible ~]# echo 123|passwd --stdin student 
Changing password for user student.
passwd: all authentication tokens updated successfully.

使用student用户创建基于密钥认证

在ansible节点执行ssh-keygen命令，一直回车

[student@ansible ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa): 
Created directory '/home/student/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:0OQgv2G/4Le+gApa/NCTZ80ed8sn959ryWMyk+jNEp8 student@ansible.example.com
The key's randomart image is:
+---[RSA 3072]----+
|    . . .        |
|     o =         |
|      = o        |
|     . =         |
|      o S        |
| . . + + . .     |
|. + = = * . = + .|
|.o + + + + =+Eo*.|
|. . .  .=...+**+*|
+----[SHA256]-----+

[student@ansible ~]$ ssh-copy-id  -i  ~/.ssh/id_rsa.pub  root@node1
[student@ansible ~]$ ssh-copy-id  -i  ~/.ssh/id_rsa.pub  root@node2
[student@ansible ~]$ ssh-copy-id  -i  ~/.ssh/id_rsa.pub  root@node3

[student@ansible ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node1
[student@ansible ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node2
[student@ansible ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub student@node3

使用普通用户student进行测试 ansible all -m ping

[student@ansible ~]$ mkdir ansible
[student@ansible ~]$ cd ansible/
[student@ansible ansible]$ ls
[student@ansible ansible]$ cp /etc/ansible/ansible.cfg .
[student@ansible ansible]$ vim ansible.cfg 
inventory      = /home/student/ansible/inventory
[student@ansible ansible]$ vim inventory
node1
node2
node3

[student@ansible ansible]$ ansible all -m ping
node3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
node2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}