• Ansible安装部署

    系统环境

    管理端:外网IP-10.0.0.61 内网IP-172.16.1.61
    被控端:外网IP-10.0.0.7 内网IP-172.16.1.7
    被控端:外网IP-10.0.0.51 内网IP-172.16.1.51

    [root@m01 ~]# cat /etc/redhat-release 
CentOS Linux release 7.5.1804 (Core) 
[root@m01 ~]# uname -r
3.10.0-862.el7.x86_64

    • 1
    • 2
    • 3
    • 4

    1)创建密钥对(管理端)

    [root@m01 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:4T6iidi/1hEUuztrfCKz0UNMId375z+DfcMtnbmn1Mo root@m01
The key's randomart image is:
+---[DSA 1024]----+
|    ..oo         |
|     .oo.        |
|     .o ..       |
|     o.o..       |
|      +.S.       |
|     o.o  . .  . |
|    .o*.o  o oo.=|
| o .++==..  oo=*=|
|. oo**.o     .EB+|
+----[SHA256]-----+

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21

    2)分发公钥给受控端(服务端)

    ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.7
ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.51

    • 1
    • 2

    然后分别输入主机确认信息“yes"和密码”123456“即可。

    补充:如果想免交互式分发公钥,也就是不输入上述的两个信息,该如何做?

    针对连接确认信息,输入yes
ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.7 "-o StrictHostKeyChecking=no"

针对连接确认输入密码123456
yum install -y sshpass
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.7

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6

    综上所述:免交互式分发公钥的命令如下

    yum install -y sshpass
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.7 "-o StrictHostKeyChecking=no"
sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.51 "-o StrictHostKeyChecking=no"

    • 1
    • 2
    • 3

    3)安装部署ansible软件(服务端)

    此处需要检查epel镜像源/etc/yum.repos.d/epel.repo 是否更新

    yum install -y ansible

    • 1

    4)关闭selinux和防火墙

    [root@m01 ~]# cat /etc/selinux/config
SELINUX=disabled
[root@m01 ~]# getenforce
Disabled
[root@m01 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9

    5)编写主机清单配置文件

    [root@m01 ~]# cat /etc/ansible/hosts 
[db]
172.16.1.51

[web]
172.16.1.7

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6

    6)测试是否可以管理多个主机

    [root@m01 ansible]# ansible all -a "hostname -I"
172.16.1.7 | CHANGED | rc=0 >>
10.0.0.7 172.16.1.7 
172.16.1.51 | CHANGED | rc=0 >>
10.0.0.51 172.16.1.51 
[root@m01 ansible]# ansible web -a "hostname -I"
172.16.1.7 | CHANGED | rc=0 >>
10.0.0.7 172.16.1.7 
[root@m01 ansible]# ansible db -a "hostname -I"
172.16.1.51 | CHANGED | rc=0 >>
10.0.0.51 172.16.1.51 

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11

    到此,ansible服务部署完毕。

  • 相关阅读:
    无需配置MySQL,Navicat也有在线版了?
    02-Redis持久化、主从复制
    TCP三握四挥手
    软考高级+系统架构设计师教程+第二版新版+电子版pdf
    shopee选品软件:解决你店铺选品难题的神器-shopee选品软件知虾
    深度学习1:神经网络原理与算法详解
    Jenkins发布失败记录
    【LLM】搭建RAG
    微服务中配置文件(YAML文件)和项目依赖(POM文件)的区别与联系
    【Apache Flink 介绍与学习】
  • 原文地址:https://blog.csdn.net/oldboy1999/article/details/126297368