Ansible-安裝-祕鑰-部署-使用
本文轉自:https://www.cnblogs.com/ylqh/p/5902259.htmlhtml
ansiblemaster:192.168.74.146python
ansibleslave1 :192.168.74.144linux
ansibleslave2 : 192.168.74.140shell
安裝ansible:數組
[root@ansiblemaster /]# yum -y install ansible
生成ssh祕鑰文件,而且分發給全部客戶端bash
[root@ansible_master ~]# ssh-keygen -t rsa #生成密鑰
#將公鑰分別發送到slave機器上面 [root@ansible_master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.74.144 -bash: ssh-copy-id: command not found 報錯了 解決方法: yum -y install openssh-clients
[root@ansible_master ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.74.144
The authenticity of host '192.168.74.144 (192.168.74.144)' can't be established.
RSA key fingerprint is b8:5b:58:13:6f:71:12:0b:10:70:97:f8:c7:71:2c:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.74.144' (RSA) to the list of known hosts.
root@192.168.74.144's password:
Now try logging into the machine, with "ssh '192.168.74.144'", and check in:ssh
.ssh/authorized_keysasync
to make sure we haven't added extra keys that you weren't expecting.ide
在slave端見檢查是否出現一個authorized_keys的文件。測試
root@ansibleslave1 .ssh]# ls /root/.ssh/
authorized_keys
檢查一下是否安裝成功:
[root@ansible_master ~]# ansible --version
ansible 2.1.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = Default w/o overrides
安裝ssh過程當中若是出現sign_and_send_pubkey: signing failed: agent refused operation,解決方式爲執行
eval "$(ssh-agent -s)"
ssh-add
ansible安裝完成
ansible的配置:
首先配置三臺主機的hosts的文件:
[root@ansiblemaster ansible]# cat /etc/hosts 192.168.74.146 ansiblesmaster 192.168.74.144 ansibleslave1 192.168.74.140 ansibleslave2
配置ansible的host分組
[root@ansiblemaster ansible]# cat /etc/ansible/hosts [www] ansibleslave1 ansibleslave2
測試ansible與slave的是否可用了
[root@ansiblemaster ansible]# ansible *www* -m shell -a "df -h" -k SSH password: ansibleslave1 | SUCCESS | rc=0 >> Filesystem Size Used Avail Use% Mounted on devtmpfs 488M 0 488M 0% /dev tmpfs 495M 0 495M 0% /dev/shm tmpfs 495M 624K 495M 1% /run tmpfs 495M 0 495M 0% /sys/fs/cgroup /dev/sda3 18G 1.4G 17G 8% / tmpfs 495M 44K 495M 1% /tmp /dev/sda1 283M 74M 191M 28% /boot tmpfs 99M 0 99M 0% /run/user/0 tmpfs 99M 0 99M 0% /run/user/1000 ansibleslave2 | SUCCESS | rc=0 >> Filesystem Size Used Avail Use% Mounted on devtmpfs 488M 0 488M 0% /dev tmpfs 495M 0 495M 0% /dev/shm tmpfs 495M 648K 495M 1% /run tmpfs 495M 0 495M 0% /sys/fs/cgroup /dev/sda3 18G 2.1G 16G 12% / tmpfs 495M 48K 495M 1% /tmp /dev/sda1 283M 74M 191M 28% /boot tmpfs 99M 0 99M 0% /run/user/0 tmpfs 99M 0 99M 0% /run/user/1000
到此ansible已經支持簡單的批量命令了
ansible錯誤排除:
第一:
[root@ansiblemaster ansible]# ansible -m ping all -k
SSH password:
ansibleslave1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}
解決方法:
第一:首先查看客戶端的/root/.ssh/下面是否存在 authorized_keys文件。
第二:測試master端是否能夠無密鑰登陸slave端
(注意:檢查防火牆與selinux)
第三:ping主機名是否能夠ping通。
第二:
[root@ansiblemaster ansible]# ansible all -m ping -k
SSH password:
ansibleslave1 | FAILED! => {
"failed": true,
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
ssh第一次鏈接的時候通常會提示輸入yes 進行確認爲將key字符串加入到 ~/.ssh/known_hosts 文件中。而本機的~/.ssh/known_hosts文件中並有fingerprint key串
解決方法:在ansible.cfg文件中更改下面的參數:
# host_key_checking = False
將#號去掉便可
###################ansible內置模塊的使用####################
先介紹一下ansible的命令參數:
1 [root@ansiblemaster ansible]# ansible --help 2 Usage: ansible <host-pattern> [options] 3 4 Options: 5 -a MODULE_ARGS, --args=MODULE_ARGS #(指定模塊參數) 6 module arguments 7 --ask-vault-pass ask for vault password 8 -B SECONDS, --background=SECONDS #(在後臺運行命令,在制定NUM秒後kill該任務) 9 run asynchronously, failing after X seconds 10 (default=N/A) 11 -C, --check don't make any changes; instead, try to predict some 12 of the changes that may occur #(只是測試一下會改變什麼內容,不會真正去執行) 13 -D, --diff when changing (small) files and templates, show the 14 differences in those files; works great with --check 15 -e EXTRA_VARS, --extra-vars=EXTRA_VARS 16 set additional variables as key=value or YAML/JSON 17 -f FORKS, --forks=FORKS 18 specify number of parallel processes to use 19 (default=5) 20 -h, --help show this help message and exit #(幫助信息) 21 -i INVENTORY, --inventory-file=INVENTORY #(指定hosts文件路徑,默認default=/etc/ansible/hosts) 22 specify inventory host path 23 (default=/etc/ansible/hosts) or comma separated host 24 list. 25 -l SUBSET, --limit=SUBSET 26 further limit selected hosts to an additional pattern 27 --list-hosts outputs a list of matching hosts; does not execute 28 anything else 29 -m MODULE_NAME, --module-name=MODULE_NAME #(指定模塊) 30 module name to execute (default=command) 31 -M MODULE_PATH, --module-path=MODULE_PATH #(要執行的模塊路徑,默認爲/usr/share/ansible) 32 specify path(s) to module library (default=None) 33 --new-vault-password-file=NEW_VAULT_PASSWORD_FILE 34 new vault password file for rekey 35 -o, --one-line condense output #(一個主機的執行結果在一行顯示) 36 --output=OUTPUT_FILE output file name for encrypt or decrypt; use - for 37 stdout 38 -P POLL_INTERVAL, --poll=POLL_INTERVAL 39 set the poll interval if using -B (default=15) 40 --syntax-check perform a syntax check on the playbook, but do not 41 execute it 42 -t TREE, --tree=TREE log output to this directory #(日誌輸出到該目錄,日誌文件名以主機名命名) 43 --vault-password-file=VAULT_PASSWORD_FILE 44 vault password file 45 -v, --verbose verbose mode (-vvv for more, -vvvv to enable 46 connection debugging) 47 --version show program's version number and exit 48 49 Connection Options: 50 control as whom and how to connect to hosts 51 52 -k, --ask-pass ask for connection password #(輸入ssh密碼,而不是使用祕鑰) 53 --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE 54 use this file to authenticate the connection 55 -u REMOTE_USER, --user=REMOTE_USER #(指定遠程機器的用戶) 56 connect as this user (default=None) 57 -c CONNECTION, --connection=CONNECTION #(指定創建鏈接的類型,通常有ssh,localhost FILES) 58 connection type to use (default=smart) 59 -T TIMEOUT, --timeout=TIMEOUT #(超時時間) 60 override the connection timeout in seconds 61 (default=10) 62 --ssh-common-args=SSH_COMMON_ARGS 63 specify common arguments to pass to sftp/scp/ssh (e.g. 64 ProxyCommand) 65 --sftp-extra-args=SFTP_EXTRA_ARGS 66 specify extra arguments to pass to sftp only (e.g. -f, 67 -l) 68 --scp-extra-args=SCP_EXTRA_ARGS 69 specify extra arguments to pass to scp only (e.g. -l) 70 --ssh-extra-args=SSH_EXTRA_ARGS 71 specify extra arguments to pass to ssh only (e.g. -R) 72 73 Privilege Escalation Options: 74 control how and which user you become as on target hosts 75 76 -s, --sudo run operations with sudo (nopasswd) (deprecated, use 77 become) 78 -U SUDO_USER, --sudo-user=SUDO_USER 79 desired sudo user (default=root) (deprecated, use 80 become) 81 -S, --su run operations with su (deprecated, use become) 82 -R SU_USER, --su-user=SU_USER 83 run operations with su as this user (default=root) 84 (deprecated, use become) 85 -b, --become run operations with become (does not imply password 86 prompting) 87 --become-method=BECOME_METHOD 88 privilege escalation method to use (default=sudo), 89 valid choices: [ sudo | su | pbrun | pfexec | runas | 90 doas | dzdo ] 91 --become-user=BECOME_USER 92 run operations as this user (default=root) 93 --ask-sudo-pass ask for sudo password (deprecated, use become) 94 --ask-su-pass ask for su password (deprecated, use become) 95 -K, --ask-become-pass #(提示輸入sudo密碼,與sudo一塊兒使用) 96 ask for privilege escalation password
(解釋的不是太全,有些我尚未用到,歡迎大牛指定!)
ansible的模塊的使用:
第一個:copy模塊
用途:把master端文件拷貝到其餘slave端上
[root@ansiblemaster ansible]# ansible *www* -m copy -a 'src=/etc/ansible/test1.txt dest=/opt/'
ansibleslave2 | FAILED! => {
"changed": false,
"checksum": "44b9edcf7d3cb15a005a3eb16b8011d352399eed",
"failed": true,
"msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"
}
問題:被控機器上開啓selinux的,須要要安裝上libselinux-python
解決辦法:被控機器上安裝:
yum -y install libselinux-python
[root@ansiblemaster ansible]# ansible *www* -m copy -a 'src=/etc/ansible/test1.txt dest=/opt/' -k
SSH password:
ansibleslave2 | SUCCESS => {
"changed": true,
"checksum": "44b9edcf7d3cb15a005a3eb16b8011d352399eed",
"dest": "/opt/test1.txt",
"gid": 0,
"group": "root",
"md5sum": "0a1d32cf98dac2652ecca0aa4571ac3b",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 5,
"src": "/root/.ansible/tmp/ansible-tmp-1474886175.03-280566111251484/source",
"state": "file",
"uid": 0
}
第二個:file模塊:
用途:更改被控節點的權限爲777,屬主數組爲root
[root@ansiblemaster ansible]# ansible all -m file -a "dest=/opt/test1.txt mode=777 owner=root group=root"
ansibleslave1 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"path": "/opt/test1.txt",
"secontext": "system_u:object_r:usr_t:s0",
"size": 5,
"state": "file",
"uid": 0
}
第三個:cron
用途:在全部節點上設置crontab
[root@ansiblemaster ansible]# ansible all -m cron -a 'name="custom job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 192.168.74.146"'
ansibleslave1 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"custom job"
]
}
ansibleslave2 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"custom job"
]
}
第四個:group模塊
用途:在全部被控端上建立gid是2048的名字爲zzl的組
[root@ansiblemaster ansible]# ansible all -m group -a 'gid=2048 name=zzl'
ansibleslave1 | SUCCESS => {
"changed": true,
"gid": 2048,
"name": "zzl",
"state": "present",
"system": false
}
ansibleslave2 | SUCCESS => {
"changed": true,
"gid": 2048,
"name": "zzl",
"state": "present",
"system": false
}
第五個:user模塊
用途:在全部被控端上建立用戶名爲zzl,組名爲zzl的用戶
[root@ansiblemaster ansible]# ansible all -m user -a 'name=zzl groups=zzl state=present'
ansibleslave1 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 100,
"groups": "zzl",
"home": "/home/zzl",
"name": "zzl",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1003
}
ansibleslave2 | SUCCESS => {
"changed": true,
"comment": "",
"createhome": true,
"group": 100,
"groups": "zzl",
"home": "/home/zzl",
"name": "zzl",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1002
}
第六:get_url模塊:
用途: 將http://ip/的index.html下載到全部節點的/home目錄下
[root@ansiblemaster ~]# ansible all -m get_url -a 'url=http://ip/ dest=/home'
ansibleslave1 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "3b8a8ccd603538b663776258db5265adf1e87ece",
"dest": "/home/index.html",
"gid": 0,
"group": "root",
"md5sum": "8235b10c5e8177ab388f9b0f7073bcb9",
"mode": "0644",
"msg": "OK (unknown bytes)",
"owner": "root",
"secontext": "unconfined_u:object_r:home_root_t:s0",
"size": 3209,
"src": "/tmp/tmp5dcxVi",
"state": "file",
"uid": 0,
"url": "http://211.151.81.74/"
}
ansibleslave2 | SUCCESS => {
"changed": true,
"checksum_dest": null,
"checksum_src": "67190352276452de41c7b08b0eb98d0b997ea21a",
"dest": "/home/index.html",
"gid": 0,
"group": "root",
"md5sum": "643988ed5105422eaf813b6acde9661a",
"mode": "0644",
"msg": "OK (unknown bytes)",
"owner": "root",
"secontext": "unconfined_u:object_r:home_root_t:s0",
"size": 3209,
"src": "/tmp/tmpmGTNeq",
"state": "file",
"uid": 0,
"url": "http://211.151.81.74/"
}
第七:script模塊
用途:在全部節點上執行/home/1.sh腳本(該腳本是在ansible控制節點上的)
[root@ansiblemaster ~]# ansible all -m script -a '/home/1.sh'
ansibleslave1 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "",
"stdout": "",
"stdout_lines": []
}
ansibleslave2 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "",
"stdout": "",
"stdout_lines": []
}
第八:command:
用途:在指定節點上運行df -h的命令
[root@ansiblemaster ~]# ansible all -m command -a 'df -h' ansibleslave1 | SUCCESS | rc=0 >> Filesystem Size Used Avail Use% Mounted on devtmpfs 488M 0 488M 0% /dev tmpfs 495M 0 495M 0% /dev/shm tmpfs 495M 624K 495M 1% /run tmpfs 495M 0 495M 0% /sys/fs/cgroup /dev/sda3 18G 1.4G 17G 8% / tmpfs 495M 44K 495M 1% /tmp /dev/sda1 283M 74M 191M 28% /boot tmpfs 99M 0 99M 0% /run/user/0 tmpfs 99M 0 99M 0% /run/user/1000 ansibleslave2 | SUCCESS | rc=0 >> Filesystem Size Used Avail Use% Mounted on devtmpfs 488M 0 488M 0% /dev tmpfs 495M 0 495M 0% /dev/shm tmpfs 495M 648K 495M 1% /run tmpfs 495M 0 495M 0% /sys/fs/cgroup /dev/sda3 18G 2.2G 16G 12% / tmpfs 495M 48K 495M 1% /tmp /dev/sda1 283M 74M 191M 28% /boot tmpfs 99M 0 99M 0% /run/user/0 tmpfs 99M 0 99M 0% /run/user/1000
相關文章
- 1. Ansible安裝部署
- 2. 使用 Ansible 安裝部署 TiDB
- 3. ansible部署&使用
- 4. ansible安裝與部署
- 5. Ansible的安裝及部署
- 6. ansible 安裝部署文檔
- 7. linux下安裝部署ansible
- 8. Openstack Kolla-Ansible安裝部署
- 9. ansible部署(pip安裝)
- 10. 使用Ansible安裝部署nginx+php+mysql之安裝php(2)
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • Redis基本安裝和使用 - Redis教程
- • Composer 安裝與使用
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
