准备至少两台机器 Centos7,这两台机器都关闭 selinux
IP:106.13.118.132 服务端(ansible) master
IP:148.70.60.244 节点 slaver
服务端:
1、Ansible仓库默认不在yum仓库中,因此我们需要使用下面的命令启用epel仓库
[root@master tools]# yum install -y epel-release
2、安装ansible
[root@master tools]# yum install -y ansible
3、查看ansible版本:
[root@master tools]# ansible --version
ansible 2.7.10
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
4、使用ssh-keygen生成公钥
[root@master tools]# ssh-keygen -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:OAgDBVATJg64cl++LrvxVbxYyFDp0joX0eps5mpd2ME root@master
The key's randomart image is:
+---[RSA 2048]----+
|O+*. .o |
|++ . .o . |
| oo .o + |
|o .o .o+=oE |
|.. ..oo=S++. |
| . +.B+o. |
| . Oo.. |
| .oo.o |
| o*+. |
+----[SHA256]-----+
[root@master tools]# systemctl stop firewalld.service
5、使用ssh-copy-id命令来复制ansible公钥的公钥到节点中,实现无秘钥执行命令
[root@master tools]# ssh-copy-id -i root@148.70.60.244
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '148.70.60.244 (148.70.60.244)' can't be established.
ECDSA key fingerprint is SHA256:EXMPsKuf0hIIw0Ena8RDnYjm99CoYSqWzX9Nzw0OpxE.
ECDSA key fingerprint is MD5:0f:3b:7f:30:e7:0e:12:83:ea:4c:be:b1:d9:03:57:ef.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@148.70.60.244's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@148.70.60.244'"
and check to make sure that only the key(s) you wanted were added.
6、输入正确的节点登录密码,测试是否无需密码登录节点
[root@master tools]# ssh root@148.70.60.244
Last login: Thu Apr 25 15:29:42 2019 from 211.137.135.200
7、ctrl+d 退出 服务端 在ansible节点上添加可控制节点,/etc/ansible/hosts ansible的配置文件相对于简单所定义主机可以在webservers中定义节点ip
[root@master tools]# vim /etc/ansible/hosts
[testservers]
148.70.60.244
8、保存退出无需重启服务,测试是否成功
[root@master tools]# ansible -m ping 'testservers'
148.70.60.244 | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible 服务端执行命令:
[root@master tools]# ansible -m command -a "uptime" 'testservers'
148.70.60.244 | CHANGED | rc=0 >>
16:24:02 up 59 min, 2 users, load average: 0.24, 0.06, 0.06
[root@master tools]# ansible -m command -a "uname -r" 'testservers'
148.70.60.244 | CHANGED | rc=0 >>
3.10.0-514.26.2.el7.x86_64
[root@master tools]#
[root@master tools]# ansible -m command -a "yum install -y telnet*" 'testservers'
9、节点:
[root@slaver tools]# yum install -y epel-release
[root@slaver tools]# yum install -y ansible
[root@slaver tools]# ansible --version
ansible 2.7.10
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
[root@slaver tools]# systemctl stop firewalld.service
节点侧验证 Telnet:
[root@slaver tools]# telnet 106.13.118.132 22
Trying 106.13.118.132...
Connected to 106.13.118.132.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4