ansible安装及配置
1、install the newest 'epel-release' package
el7 : rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
el6 : rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
2、install ansible
sudo yum install ansible
3、ansible 配置及测试
(1)修改主机与组配置
vi /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
172.16.171.154
172.16.171.155
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
172.16.171.154
172.16.171.155
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com
(2)通过ping模块测试主机的连通性,分别对单主机及组进行ping操作
单主机测试:
ansible 172.16.171.154 -m ping -k
由于主控端与被控主机为配置ssh证书信任,-k参数要求提供root账号密码,在提示“SSH password”时输入。
出现如下结果说明测试成功:
172.16.171.154 | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible webservers -m ping -k
出现如下结果说明测试成功:
172.16.171.155 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.171.154 | SUCCESS => {
"changed": false,
"ping": "pong"
}
4、配置Linux主机SSH无密码访问
(1)主控端主机生成秘钥
ssh-keygen -t rsa (有询问直接回车)
执行该命令后会在/root/.ssh/下生成一对秘钥,其中id_rsa为私钥,id_rsa.pub为公钥(需要下发到被控主机用户的.ssh目录,同时重命名为authorized_keys文件)。
(2)同步公钥文件id_rsa.pub到被控主机,使用ssh-copy-id命令,格式:/usr/bin/ssh-copy-id [-i [identity_file]] [user@]host
ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.171.154
(3)检验SSH无密码配置是否成功
ssh root@172.16.171.154
如果直接进入root账户,说明配置成功
1、install the newest 'epel-release' package
el7 : rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
el6 : rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
2、install ansible
sudo yum install ansible
3、ansible 配置及测试
(1)修改主机与组配置
vi /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10
172.16.171.154
172.16.171.155
# Ex 2: A collection of hosts belonging to the 'webservers' group
## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110
172.16.171.154
172.16.171.155
# If you have multiple hosts following a pattern you can specify
# them like this:
## www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
## db-[99:101]-node.example.com
(2)通过ping模块测试主机的连通性,分别对单主机及组进行ping操作
单主机测试:
ansible 172.16.171.154 -m ping -k
由于主控端与被控主机为配置ssh证书信任,-k参数要求提供root账号密码,在提示“SSH password”时输入。
出现如下结果说明测试成功:
172.16.171.154 | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible webservers -m ping -k
出现如下结果说明测试成功:
172.16.171.155 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.171.154 | SUCCESS => {
"changed": false,
"ping": "pong"
}
4、配置Linux主机SSH无密码访问
(1)主控端主机生成秘钥
ssh-keygen -t rsa (有询问直接回车)
执行该命令后会在/root/.ssh/下生成一对秘钥,其中id_rsa为私钥,id_rsa.pub为公钥(需要下发到被控主机用户的.ssh目录,同时重命名为authorized_keys文件)。
(2)同步公钥文件id_rsa.pub到被控主机,使用ssh-copy-id命令,格式:/usr/bin/ssh-copy-id [-i [identity_file]] [user@]host
ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.171.154
(3)检验SSH无密码配置是否成功
ssh root@172.16.171.154
如果直接进入root账户,说明配置成功
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
