当前位置: 首页 > news >正文

ansible开局配置-openEuler

news 2025/7/9 12:28:20

ansible干啥用的就不多介绍了,这篇文章主要在说ansible的安装、开局配置、免密登录。

ansible安装

  1. 查看系统版本
cat /etc/openEuler-latest

输出内容如下:

openeulerversion=openEuler-24.03-LTS

compiletime=2024-05-27-21-31-28

gccversion=12.3.1-30.oe2403

kernelversion=6.6.0-28.0.0.34.oe2403

openjdkversion=1.8.0.412.b08-5.oe2403

  1. 清除软件库缓存
dnf clean all
  1. 建议软件库缓存
dnf makecache
  1. 安装epel-release软件仓
    1. 下载对应版本epel-release的软件仓库
# 不同系统版本需要安装不同的epel-release
wget https://mirrors.aliyun.com/repo/epel-testing.repo

2. 重新建立软件库索引

mv epel-testing.repo /etc/yum.repo.d/
dnf clean all 
dnf makecache
  1. 安装ansible
dnf -y install ansible

等待安装完成即可

开局配置

  1. 常用文件介绍

/etc/ansible/hosts ## 用于存放需要批量管理的主机IP或主机名称

/etc/ansible/ansible.cfg ## 该文件为ansible的主要配置文件

  1. 添加主机到ansible
192.168.0.10    ansible_ssh_pass=主机密码        ansible_ssh_user=主机账号
192.168.0.11    ansible_ssh_pass=主机密码        ansible_ssh_user=主机账号
192.168.0.12    ansible_ssh_pass=主机密码       ansible_ssh_user=主机账号

ansible_ssh_pass:远程主机登录密码

ansible_ssh_user:远程主机登录账号

  1. 远程执行ping命令,会发现执行报错
ansible all -m ping

输出内容如下:

192.168.0.10 | FAILED! => {

“msg”: “Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support
this. Please add this host’s fingerprint to your known_hosts file to
manage this host.”

}

192.168.0.11 | FAILED! => {

“msg”: “Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support
this. Please add this host’s fingerprint to your known_hosts file to
manage this host.”

}

192.168.0.12 | FAILED! => {

“msg”: “Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support
this. Please add this host’s fingerprint to your known_hosts file to
manage this host.”

}

出现这个问题主要是因为ansible默认是没有开启账号密码登录的,默认采用证书登录,只需要在配置文件中把证书登录关闭就可以执行成功了。

进入/etc/ansible/ansible.cfg文件,将host_key_checking = False取消注释或者增加该内容即可

再次重新执行就不会有问题了,成功后输出内容如下

192.168.0.11 | SUCCESS => {

"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"

}

192.168.0.10 | SUCCESS => {

"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"

}

192.168.0.12 | SUCCESS => {

"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"

}

配置免密登录

  1. 生成密钥
ssh-keygen

一路回车即可,输出内容如下:

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa

Your public key has been saved in /root/.ssh/id_rsa.pub

The key fingerprint is:

SHA256:+RGyyNnrIHOLllk+e2hpNyTmxjBZkMY5vvDmTGuEh5g root@ecs-5352

The key’s randomart image is:

±–[RSA 3072]----+

| . o |

| B |

| o o . . |

| . …+ + . |

| o = ++ S . |

|E o @ + .o . |

| Bo%o=. . |

| O=@++ |

| o.+o=… |

±—[SHA256]-----+

  1. 编写playbook脚本文件
- hosts: # 主机组remote_user: # 用户名tasks:- name: push ansible keyauthorized_key: user=root key="{{ lookup('file' ,'密钥存放位置')}}" state=present

示例:

- hosts: allremote_user: roottasks:- name: push ansible keyauthorized_key: user=root key="{{ lookup('file' ,'/root/.ssh/id_rsa.pub')}}" state=present
  1. 执行playbook脚本文件
ansible-playbook push_key.yml

输出结果如下表示执行成功:

[root@ecs-5352 yml]# ansible-playbook push_key.yml

PLAY [all]

TASK [Gathering Facts]

ok: [192.168.0.10]

ok: [192.168.0.12]

ok: [192.168.0.11]

TASK [push ansible key]

changed: [192.168.0.10]

changed: [192.168.0.12]

changed: [192.168.0.11]

PLAY RECAP

192.168.0.10 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

192.168.0.11 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

192.168.0.12 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

  1. 测试是否可以免密
    1. 将ansible.cfg配置文件中的host_key_checking = False注释掉

2. 删除hosts文件主机后面的用户名和密码


3. 测试执行ping命令

ansible all -m ping

输出结果如下:

192.168.0.10 | SUCCESS => {

"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"

}

192.168.0.12 | SUCCESS => {

"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"

}

192.168.0.11 | SUCCESS => {

"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"

}

  1. 再次测试

直接在ansible主机上,使用ssh命令测试是否可以免密登录

ssh root@192.168.0.11

无需输入密码即可登录成功

http://www.lryc.cn/news/473527.html

相关文章:

  • 连锁收银系统的优势与挑战
  • 轻型民用无人驾驶航空器安全操控理论培训知识总结-多旋翼部分
  • springboot092安康旅游网站的设计与实现(论文+源码)_kaic
  • 优化 Git 管理:提升协作效率的最佳实践20241030
  • Cocos使用精灵组件显示相机内容
  • AListFlutter(手机alist)——一键安装,可在手机/电视上运行并挂载各个网盘
  • 2024快手面试算法题-生气传染
  • 组织如何防御日益增加的 API 攻击面
  • 如何防止U盘盗取电脑数据?
  • python爬虫抓取豆瓣数据教程
  • Mybatis 注意传递多种参数,不一定都有参数值,用xml如何写出查询语句
  • 【Windows】Redis 部署
  • 【经典】Vue中this指向问题??
  • Oracle数据泵(expdp)导入导出数据
  • 得物App 3D球鞋博物馆亮相两博会,打造沉浸式消费新体验
  • 深度学习中的迁移学习
  • 【深入浅出】深入浅出Bert(附面试题)
  • Docker-安装
  • 《盼归》
  • 第十九章 Vue组件之data函数
  • 【jvm】什么时候对象进入老年代
  • Vue.nextTick 使用指南:数据更新与 DOM 同步利器
  • 第三百零一节 Lucene教程 - Lucene索引文件
  • 动态规划 01背包(算法)
  • 使用常数指针作为函数参数
  • wps宏代码学习
  • libavdevice.so.58: cannot open shared object file: No such file ordirectory踩坑
  • Rust:Vec<u8> 与 [u8] 之间的转换
  • Leetcode 课程表
  • Java面试经典 150 题.P55. 跳跃游戏(009)