SSH与ansible 部署方法
部署环境
管理服务器 172.16.1.61
NFS服务器 172.16.1.31
备份服务器 172.16.1.41
1检查SSH服务是否运行并开启服务
netstat -lntup |grep ssh 检查当前服务是否运行
/etc/init.d/sshd status 启动SSH服务
2创建SSH服务的DSA密钥认证(三确认:确认私钥路径、确认是否设置私钥密码、再确认)
[root@Manager-61 ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): 默认存放私钥与公钥位置 Enter passphrase (empty for no passphrase): 是否设置密码 Enter same passphrase again: 再次确认 Your identification has been saved in /root/.ssh/id_dsa. 存放私钥所在位置 Your public key has been saved in /root/.ssh/id_dsa.pub. 存放公钥所在位置 The key fingerprint is: de:15:6d:ae:2c:27:e3:6a:80:4a:a3:be:8b:be:4b:eb root@Manager-61 The key's randomart image is: +--[ DSA 1024]----+ | | | . | | . o | | + | | . S . . | | o . .. . o . | | + o .. = + | |+ o .. = | |=E= .... | +-----------------+
3将公钥信息下发给nfs服务器(172.16.1.31)
[root@Manager-61 ~]# ssh-copy-id -i /root/.ssh/id_dsa 172.16.1.31 root@172.16.1.31's password: 需要确认nfs服务器密码 Now try logging into the machine, with "ssh '172.16.1.31'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. 免交互创建密钥对 [root@Manager-61 ~]ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""
4通过免交互实现公钥分发(选需要安装依赖包yum install sshpass)
[root@Manager-61 ~]# sshpass ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.31 免交互分发 [root@Manager-61~]#sshpass -p123123 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.31"
5使用脚本实现批量创建密钥与分发公钥实现方法
[root@Manager-61 scripts]# cat piliang.sh #!bin/bash rm -f /root/.ssh/id_dsa* ssh-keygen -t dsa -f /root/.ssh/id_dsa -N "" for ip in 31 41 7 do sshpass ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.$ip" done
执行脚本测试
[root@Manager-61 scripts]# sh piliang.sh Generating public/private dsa key pair. Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 27:8d:70:e4:c5:2e:d3:8a:62:5f:0b:1e:e6:d6:de:f0 root@Manager-61 The key's randomart image is: +--[ DSA 1024]----+ | ... | | o .. | | . oo | | oooo | | .S+o | | o = oo | | . * =.. | | = o+ | | . .. E | +-----------------+ Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no 172.16.1.31'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no 172.16.1.41'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting
6批量检查测试脚本情况
[root@Manager-61 scripts]# cat piliang_chack.sh #!bin/bash if [ $# -ne 1 ] then echo "pleash input one agrs" exit 1 fi for ip in 31 41 7 do echo =====info 172.16.1.$ip====== ssh 172.16.1.$ip $1 echo "" done [root@Manager-61 scripts]# sh piliang_chack.sh ls =====info 172.16.1.31====== anaconda-ks.cfg install.log install.log.syslog =====info 172.16.1.41====== anaconda-ks.cfg install.log install.log.syslog
7安装Ansible软件
yum install -y ansible (基于epor源)
客户端可安装软件
yum inistall -y libselinux-python
8添加被管理主机地址与组名实现批量管理(hosts文件为ansible软件内的hosts)
[root@Manager-61 ansible]# cat hosts
[server1] ---> 设置管理组名
172.16.1.31 --->要管理的主机地址
172.16.1.41 ansible_user=root ansible_password=123123 --->设置登录密码无公钥也可远程
9 Ansible常用批量管理模块命令介绍
ansible软件文档官方地址docs.ansible.com
语法格式:
ansible 管理主机/远程主机组/all所有主机 -m 模块名称 -a “相关模块参数”
-m 指定相应模块
-a 模块中的参数功能
-k 使用密码进行管理(交互模式)
-doc 查看模块信息 帮助命令
-s 查找指定命令参数
颜色表示
绿色:查看远程信息,不会对远程主机做任何修改
红色:执行操作出现异常报错
黄色:对远程主机进行修改操作
粉色:警告提示信息
a) command 命令模块
chdir 执行命令前切换目录
creates 判断一个文件是否存在,存在跳过,不存在后执行
removes 判断一个文件是否存在,存在则执行,不存在跳过
[root@m01 ansible]# ansible 172.16.1.31 -m command -a "chdir=/tmp/ pwd" 172.16.1.31 | SUCCESS | rc=0 >> /tmp [root@Manager-61 ~]# ansible 172.16.1.31 -m command -a "creates=/etc/rsyncd.conf hostname" 172.16.1.31 | SUCCESS | rc=0 >> NFS-31 [root@Manager-61 ~]# ansible 172.16.1.41 -m command -a "creates=/etc/rsyncd.conf hostname" 172.16.1.41 | SUCCESS | rc=0 >> skipped, since /etc/rsyncd.conf exists
b) shell 模块(万能模块)
chdir 执行命令前切换目录
creates 判断文件是否存在,存在跳过,不存在则执行后续命令
removes 判断文件是否存在,存在则执行后续命令,不存在跳过
free_form 执行模块信息时必须有linux合法命令信息
c) script 脚本模块
chdir 执行命令前切换目录
creates 判断文件是否存在,存在跳过,不存在则执行后续命令
removes 判断文件是否存在,存在则执行后续命令,不存在跳过
free_form 执行模块信息时必须有linux合法命令信息
ansible 172.16.1.41 -m script -a "/server/script/yum.sh"
文件类型模块
d) copy 推送模块
backup 对数据信息进行备份
owner 设置复制后的文件属主权限
grop 设置复制后的文件属组权限
mode 设置复制后的文件权限(600 755)
src 源地址-推送的数据信息
dest 远程目标目录
ansible 172.16.1.41 -m copy -a "src=/tmp/file01.txt dest=/tmp" ansible 172.16.1.41 -m copy -a "src=/tmp/file01.txt dest=/tmp backup=yes"
e) file 文件属性模块(修改/创建)
owner 设置复制后的文件属主权限
grop 设置复制后的文件属组权限
mode 设置复制后的文件权限(600 755)
state 指定创建文件或目录 =touch 创建文件 =directory 创建目录
[root@Manager-61 ~]# ansible 172.16.1.41 -m file -a "dest=/tmp/fil01.txt owner=oldboy group=oldboy mode=600" [root@Manager-61 ~]# ansible 172.16.1.41 -m file -a "dest=/tmp/fil01.txt state=touch" 172.16.1.41 | SUCCESS => { "changed": true, "dest": "/tmp/fil01.txt", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0 }
f) yum 包管理模块
name 执行要安装的软件名称
state =installed/latest(安装) =abset/removed(卸载)
list 指定软件名称,查看软件是否安装
ansible 172.16.1.41 -m yum -a "name=iftop state=installed" ansible 172.16.1.41 -m yum -a "name=iftop state=removed" ansible 172.16.1.41 -m yum -a "list=iftop"
系统模块类型
g) service 管理服务状态模块
name 指定管理服务的名称(一定在chkconfig中可看到的)
state =stopped(停止) =started(启动) =restarted(重启) =reloaded(从新加载/平滑重启)
enable 开机是否自启动 (yes/on)
ansible 172.16.1.41 -m service -a "name=crond state=stopped enabled=no"
定时任务停止并不开机自启动
h) cron 定时任务模块
name 设置定时任务名称
minute 设置分钟
hour 设置小时
day 设置天
month 设置月
weekday 设置周
job 设置任务
absent 删除定时任务
disable =yes (添加注释) =no (取消注释)
ansible 172.16.1.41 -m cron -a "name=oldboy minute=0 hour=0 job='/bin/sh /service/scripts/test.sh &>/dev/null'" 添加定时任务 ansible 172.16.1.41 -m cron -a "name=oldboy minute=0 hour=0 job='/bin/sh /service/scripts/test.sh &>/dev/null' state=absent" ansible 172.16.1.41 -m cron -a "name=oldboy state=absent" 删除指定定时任务
ansible 命令
-k 使用密码进行管理(交互模式)
-doc 查看模块信息 帮助命令
-s 查找指定命令参数
颜色总结
绿色:查看远程信息,不会对远程主机做任何修改
红色:执行操作出现异常报错
黄色:对远程主机进行修改操作
粉色:警告提示信息