操作系统:红帽 Linux8
环境
控制机:192.168.88.100
主机01:192.168.88.110
主机02:192.168.88.120
主机03:192.168.88.130
流程
为受控机添加 remote_user 与 sudo 提权
# 为 node1/node2/node3 准备 remote_user 远程专用用户 Root(普通用户)
# 以 node1 示例:
[root@node1 ~]# useradd Root && echo "123" | passwd --stdin Root
[root@node1 ~]# vim /etc/sudoers
...
Root ALL NOPASSWD: ALL
...为控制机部署 ansible 环境
# 进入控制机
[root@control ~]# mkdir -p /home/Root/ansible
[root@control ~]# mkdir -p /home/Root/ansible/roles /home/Root/ansible/collections
# 创建 ansible.cfg
[root@control ~]# vim /home/Root/ansible/ansible.cfg
[defaults]
inventory=
roles_path=
collections_paths=
remote_user=Root
[privilege_escalation]
become=true
become_method=sudo
become_user=root
become_ask_pass=false
# 创建 Inventory
[root@control ~]# vim /home/Root/ansible/inventory
[nodes]
node1
node2
node3
# 配置 hosts
[root@control ~]# vim /etc/hosts
...
node1 192.168.88.110
node2 192.168.88.120
node3 192.168.88.130或在 Inventory 文件中使用 node1 ansible_host=192.168.88.100 格式
为控制机远程增加 ssh 免密操作
# 创建密钥
[root@control ~]# ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa
...默认回车
# 为 node1/node2/node3 部署密钥
# 以 node1 为例
[root@control ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub Root@node1
...依次对 Root@node2 Root@node3 执行测试
[root@control ansible]# ansible all -m ping
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
...显示如上结果