1、Ansible部署和使用

Juladoe

2019-06-28

一、安装pip和ansible

wget --no-check-certificate https://bootstrap.pypa.io/get-pip.py
python get-pip.py
pip install virtualenv
pip --version
pip install ansible=2.3.3.0

二、配置ansible

[root@localhost ~]# cat /etc/ansible/ansible.cfg |grep -Ev "^$|^#"
[defaults]
inventory      = /etc/ansible/hosts
forks          = 24
poll_interval  = 10
gathering = smart
gather_subset = all
roles_path    = /opt/ansible/roles
host_key_checking = False
timeout = 5
vault_password_file = /opt/ansible/.secret/vault_pass
fact_caching = redis
fact_caching_timeout = 36000
fact_caching_connection = 127.0.0.1:6379:0
[privilege_escalation]
[paramiko_connection]
[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=300s
control_path_dir = /tmp/.ansible/
control_path = %(directory)s/%%h-%%r
pipelining = True
scp_if_ssh = smart
[persistent_connection]
connect_timeout = 30
connect_retries = 30
connect_interval = 1
[accelerate]
[selinux]
[colors]
[diff]


[root@localhost ~]# cat /etc/ansible/hosts
[web-access]
web02  ansible_ssh_host=192.168.56.3  ansible_ssh_user=root

三、服务器公私钥生成

[root@localhost .ssh]# ssh-keygen -C "ansible@autodeploy"   # -C 生成备注
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): 123456
Enter same passphrase again: 123456
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:+dlu9YwAcuU6HSc6Q1838vlfbYJfubjtyVnkVX8EKVc ansible@autodeploy
The key's randomart image is:
+---[RSA 2048]----+
|              .oE|
|            o o. |
|           o o  o|
|        ..+ +.oo+|
|        S+ * =o.B|
|         .*o+..==|
|          o+oo.=O|
|           ...=+X|
|           ..o+Bo|
+----[SHA256]-----+
[root@localhost .ssh]#
[root@localhost .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+cpr4b6W0wP1yJZ0tFI+bu8Vl+Bc3YLpx+2K+mDrTEYGTZWREl8HPylst12CHR8LcWcjVdjhSyDpAj5e7glCIPNU1gIzrrWEld37fDBvtc5/Zpyzk3rR+mn9Lo9FnE26c8SvX9TgSxlL3dFS7+uzIIQ+jYb4/X3hGtg3gteRyEO2Luu61oXt6S2req/VAatZpZkkWJ0TZ9nnoc5ESUHYnzchaTrCfx1COQ+4JEI5D5Vqbk0qss2PWS+smx01DRWPrkbgOUvVKsBlPOiytrauL+80xVEIRqjWZoisz1Y3Toa22QHHJ2ks0bdXbmfRO99Q+vvmL3sBWS1KWZaQbD3m9 ansible@autodeploy

四、将公钥下发到管理机器

[root@localhost .ssh]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.56.3 (192.168.56.3)' can't be established.
ECDSA key fingerprint is SHA256:WZoUu6p7d3EO4t4OKS2s5j3bzDdBZziOWi0xYVabZfM.
ECDSA key fingerprint is MD5:09:d6:a4:3c:47:77:f1:ed:5c:a2:df:d7:bb:05:01:fc.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

五、测试验证配置是否正确

[root@localhost .ssh]# ssh [email protected]
Enter passphrase for key '/root/.ssh/id_rsa': 这里输入 123456 
Last login: Wed Aug  8 19:33:16 2018 from 192.168.56.3
[root@localhost ~]#

或者指定目录私钥登录
[root@localhost ~]# ssh [email protected] -i /tmp/id_rsa
Enter passphrase for key '/tmp/id_rsa':
Last login: Wed Aug  8 19:44:45 2018 from 192.168.56.3
[root@localhost ~]#

六、Ansible测试

[root@localhost ~]# ansible web02 -m ping --private-key /root/.ssh/id_rsa
Enter passphrase for key '/root/.ssh/id_rsa':    123456   首次需要输入密码
web02 | SUCCESS => {  
    "changed": false,
    "ping": "pong"
}

七、取消ssh key密码

使用openssl命令去掉私钥的密码
openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa_new
备份旧私钥
mv ~/.ssh/id_rsa ~/.ssh/id_rsa.backup
使用新私钥
mv ~/.ssh/id_rsa_new ~/.ssh/id_rsa
设置权限
chmod 600 ~/.ssh/id_rsa

参考文档： https://blog.csdn.net/qianggezhishen/article/details/49022453

ansible