安装
apt install ansible
/etc/ansible/hosts , 指定密码或密钥访问分组机器
[k8s_masters]
master0.c0.k8s.sb
[k8s_nodes]
node0.c0.k8s.sb
node1.c0.k8s.sb
[k8s:children]
k8s_masters
k8s_nodes
[k8s_masters:vars]
ansible_ssh_user=sbadmin
ansible_ssh_pass="***"
#ansible_ssh_private_key_file=/home/sbadmin/.ssh/id_rsa
[k8s_nodes:vars]
ansible_ssh_user=sbadmin
ansible_ssh_pass="***"
#ansible_ssh_private_key_file=/home/sbadmin/.ssh/id_rsa
/etc/ansible/ansible.cfg
[defaults]
host_key_checking = False
命令
# 运行时指定私钥
ansible all -m ping --key-file /home/user/.ssh/id_rsa
# 某一组机器执行ping
ansible k8s_nodes -m ping
# 不带参数默认走shell命令
ansible k8s -a "df -h"
=
ansible k8s -m shell -a "df -h"
剧本
公钥分发
- hosts: k8s
tasks:
- name: Set authorized key took from file
authorized_key:
exclusive: True #清除远程主机之前所有的其他公钥
key: "{{ lookup('file', '/home/sbadmin/.ssh/id_rsa.pub') }}" #本机的公钥地址
user: sbadmin #被控制的远程服务上的用户名
state: present #模式为添加公钥
执行
ansible-playbook distribute_pub_keys.yaml