环境- Rocky-Linux8.6
安装部署Ansible
bash
# 安装ansible
[root@harbor ansible]# dnf install -y ansible-core
#查看安装信息
[root@harbor ansible]# ansible-doc --version
ansible-doc [core 2.12.2]
config file = /root/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.8/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible-doc
python version = 3.8.12 (default, May 10 2022, 23:46:40) [GCC 8.5.0 20210514 (Red Hat 8.5.0-10)]
jinja version = 2.10.3
libyaml = True
: << EOF
Ansible认证方式有密码认证和公私钥认证两种方式
EOF
# 为"ssh"生成、管理和转换认证密钥,它支持RSA和DSA两种认证密钥,默认RSA
[root@harbor ansible]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)?
#ssh-copy-id可以把本地主机的公钥复制到远程主机的authorized_keys文件上
[root@harbor ansible]# ssh-copy-id -i /root/.ssh/id_rsa 192.168.29.161
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.29.161 (192.168.29.161)' can't be established.
ECDSA key fingerprint is SHA256:77a8CWnJMqyZH4QnCrcwH81FefxPv38r7+pw5yO0OJI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.29.161's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.29.161'"
and check to make sure that only the key(s) you wanted were added.
[root@harbor ansible]# pwd
/root/ansible
#配置Ansible配置文件和主机列表
[root@harbor ansible]# ls
ansible.cfg hostlist
[root@harbor ansible]# cat ansible.cfg hostlist
[defaults]
inventory = hostlist #主机清单列表文件
host_key_checking = False #Ansible连接客户端时的SSH主机密钥检查,避免第一次连接到新主机时出现连接确认,即首交连接是否需要key认证
#主机清单文件中可以是IP地址或主机名
[web]
192.168.29.161
192.168.29.162
# 查看web组下的主机列表
[root@harbor ansible]# ansible web --list
hosts (2):
192.168.29.161
192.168.29.162
# 向web主机组下主机发送ping命令
[root@harbor ansible]# ansible web -m ping
192.168.29.161 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.29.162 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}