1、基础配置
1.1、环境
主机配置
ansible版本:2.7.4
控制端:centos7.4,IP:192.168.1.213,主机名:operation
被控制端:
centos6.5,IP:192.168.1.216,主机名:master;
centos6.5,IP:192.168.1.217,主机名:slave
centos7.3,IP:192.168.1.214,主机名:lzcx
# 系统设置
# centos6.5
service iptables stop
chkconfig iptables off
sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config
setenforce Permissive
# 控制端
sed -i 's/localhost.localdomain/master/' /etc/hosts
# 被控制端
sed -i 's/localhost.localdomain/slave/' /etc/hosts
# centos7.4
systemctl stop firewalld
systemctl disable firewalld
sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config
# 3台机器重启
shutdown -r now
# 安装常命令
yum install wget vim lrzsz gcc xz -y
控制端安装python3.7和ansible
# 依赖安装
yum -y install epel-release
yum -y install openssl openssl-devel openssl-static python-pip python-devel zlib-devel libffi-devel python-rpm-macros
# 下载python3.7
wget -c https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tar.xz
tar -Jxf Python-3.7.0.tar.xz
mkdir -p /usr/local/python3
cd ./Python-3.7.0
./configure --prefix=/usr/local/python3/
make
make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
# 安装ansible
pip3 install ansible
1.2、创建ansible管理用户
生产环境中,不允许root通过ssh登录,所以选择一个普通用户做ansible的管理账户。这里的环境是新主机,刚刚申请后只有一个root用户,以下脚本完成ansible新建管理用户和实现管理用户的密钥分发,注意需要安装sshpass,脚本会检查,默认所有机器的root密码一样。
以下是批量部署,创建ansible用户、密钥分发和实现sudo权限,可以自定义用户名和密码
#!/bin/bash
#########################################################################
# File Name: batch_users.sh
# file_path: /root/script/batch_users.sh
# Author: 浪子尘心
# Mail: 536418286@qq.com
# Created Time: 2018-11-09 17:43:02
# Last Changed: 2018-11-09 17:58:53
# Description: batch create users in linux
# Version: 0.1
#########################################################################
which sshpass > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "don't exist sshpass,please install sshpass"
exit;
fi
# select a user for ansible manager
ansible_user='ansible'
# passwd of ansible user
user_passwd='123456@Ap'
# root passwd
root_passwd='123456!Ab'
# creater a user
useradd ${ansible_user}
# change user passwd
echo ${user_passwd} | passwd --stdin ${ansible_user}
# make user to be the power of root
sed -i "92a ${ansible_user} ALL=(ALL) NOPASSWD: ALL" /etc/sudoers
# create private key
su - ${ansible_user} -c "ssh-keygen -t rsa -f /home/${ansible_user}/.ssh/id_rsa -N '' -q"
# config the public key
su - ${ansible_user} -c "sshpass -p${user_passwd} ssh-copy-id -i /home/${ansible_user}/.ssh/id_rsa.pub ${ansible_user}@127.0.0.1 -o StrictHostKeyChecking=no"
# batch create users and send public key
for line in `cat /root/script/ip_list.txt`
do
# create a user and change user passwd and make user to be root on remote
sshpass -p"${root_passwd}" ssh -o StrictHostKeyChecking=no root@${line} "useradd ${ansible_user} ; echo ${user_passwd} | passwd --stdin ${ansible_user} ; sed -i '92a ${ansible_user} ALL=(ALL) NOPASSWD: ALL' /etc/sudoers"
# send public key
su - ${ansible_user} -c "sshpass -p${user_passwd} ssh-copy-id -i /home/${ansible_user}/.ssh/id_rsa.pub ${ansible_user}@${line} -o StrictHostKeyChecking=no"
done
1.3、配置清单
下文中组名为 yuhui 的修改为 lzcx ,ip不变
[monitor]
192.168.1.213
[centos6]
192.168.1.[216:217]
[lzcx]
192.168.1.214
# 额外添加测试机器
[mysql]
192.168.1.20
192.168.1.21
[gzyk]
192.168.1.130
192.168.1.38
[dgyk]
192.168.1.162
[uim]
192.168.1.98
[yhgl]
192.168.1.172