ansible基礎配置

一、基礎配置

1.一、環境

主機配置
ansible版本：2.7.4
控制端：centos7.4，IP：192.168.1.213，主機名：operation
被控制端：
centos6.5，IP：192.168.1.216，主機名：master；
centos6.5，IP：192.168.1.217，主機名：slave
centos7.3，IP：192.168.1.214，主機名：lzcx

# 系統設置
# centos6.5
service iptables stop
chkconfig iptables off
sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config
setenforce Permissive
# 控制端
sed -i 's/localhost.localdomain/master/' /etc/hosts
# 被控制端
sed -i 's/localhost.localdomain/slave/' /etc/hosts
# centos7.4
systemctl stop firewalld
systemctl disable firewalld
sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config
# 3臺機器重啓
shutdown -r now
# 安裝常命令
yum install wget vim lrzsz gcc xz -y

控制端安裝python3.7和ansible

# 依賴安裝
yum -y install epel-release
yum -y install openssl openssl-devel openssl-static python-pip python-devel zlib-devel libffi-devel python-rpm-macros
# 下載python3.7
wget -c https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tar.xz
tar -Jxf Python-3.7.0.tar.xz
mkdir -p /usr/local/python3
cd ./Python-3.7.0
./configure --prefix=/usr/local/python3/
make
make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
# 安裝ansible
pip3 install ansible

1.二、建立ansible管理用戶

生產環境中，不容許root經過ssh登陸，因此選擇一個普通用戶作ansible的管理帳戶。這裏的環境是新主機，剛剛申請後只有一個root用戶，如下腳本完成ansible新建管理用戶和實現管理用戶的密鑰分發，注意須要安裝sshpass，腳本會檢查，默認全部機器的root密碼同樣。

如下是批量部署，建立ansible用戶、密鑰分發和實現sudo權限，能夠自定義用戶名和密碼

#!/bin/bash

#########################################################################

# File Name: batch_users.sh

# file_path: /root/script/batch_users.sh 

# Author: 浪子塵心

# Mail: 536418286@qq.com

# Created Time: 2018-11-09 17:43:02

# Last Changed: 2018-11-09 17:58:53

# Description: batch create users in linux

# Version: 0.1

#########################################################################

which sshpass > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "don't exist sshpass,please install sshpas"
exit;
fi

# select a user for ansible manager
ansible_user='ansible'

# passwd of ansible user
user_passwd='123456@Ap'

# root passwd
root_passwd='123456!Ab'

# creater a user
useradd ${ansible_user}

# change user passwd
echo ${user_passwd} | passwd --stdin ${ansible_user}

# make user to be the power of root
sed -i "92a ${ansible_user}     ALL=(ALL)       NOPASSWD: ALL" /etc/sudoers

# create private key
su - ${ansible_user} -c "ssh-keygen -t rsa -f /home/${ansible_user}/.ssh/id_rsa -N '' -q"

# config the public key
su - ${ansible_user} -c "sshpass -p${user_passwd} ssh-copy-id -i /home/${ansible_user}/.ssh/id_rsa.pub ${ansible_user}@127.0.0.1 -o StrictHostKeyChecking=no"

# batch create users and send public key
for line in `cat /root/script/ip_list.txt`
do
# create a user and change user passwd and make user to be root on remote
sshpass -p"${root_passwd}" ssh -o StrictHostKeyChecking=no root@${line} "useradd ${ansible_user} ; echo ${user_passwd} | passwd --stdin ${ansible_user} ; sed -i '92a ${ansible_user}     ALL=(ALL)       NOPASSWD: ALL' /etc/sudoers"

# send public key
su - ${ansible_user} -c "sshpass -p${user_passwd} ssh-copy-id -i /home/${ansible_user}/.ssh/id_rsa.pub ${ansible_user}@${line} -o StrictHostKeyChecking=no"
done`

1.三、配置清單

下文中組名爲 yuhui 的修改成 lzcx ，ip不變

[monitor]
192.168.1.213

[centos6]
192.168.1.[216:217]

[lzcx]
192.168.1.214

# 額外添加測試機器
[mysql]
192.168.1.20
192.168.1.21

[gzyk]
192.168.1.130
192.168.1.38

[dgyk]
192.168.1.162

[uim]
192.168.1.98

[yhgl]
192.168.1.172