Ansible chapter I installation and deployment of ansible

1, Installation of Ansible epel source dnf install ansible -y ansible --viersion Basic information of ansible: /etc/ansi...
1. Write the managed host name or ip directly, one per line
2. Set the Group [group name] of the managed host
  The ansible command specifies the regular expression of the manifest
1. Classification and priority of configuration files
2. Common configuration parameters
1, Installation of Ansible

epel source
dnf install ansible -y
ansible --viersion

Basic information of ansible:
/etc/ansible/ansible.conf          ## Global configuration file, rarely modified by default
/etc/ansible/hosts                       ## Global host manifest file

dnf install sshpass-1.06-9.el8.x86_64.rpm -y dnf install ansible-2.9.11-1.el8.noarch.rpm -y

  2, Secret free connection between main control computer and controlled computer
[root@ansible mnt]# ssh-keygen ##Generate key [root@ansible mnt]# dnf install expect -y [root@ansible mnt]# vim sshkey.sh ##Pass the key to hosts 210 and 211 through script [root@ansible mnt]# cat sshkey.sh #!/bin/bash AUTOSSH() { /usr/bin/expect <<EOF spawn ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected].$i expect { "yes/no" { send "yes\r";exp_continue } "password" { send "westos\r" } } expect eof EOF } for i in 210 211 do AUTOSSH done [root@ansible mnt]# sh sshkey.sh [root@ansible mnt]# ssh -l root 172.25.254.211 ##Test, you can log in directly without secret Activate the web console with: systemctl enable --now cockpit.socket This system is not registered to Red Hat Insights. See https://cloud.redhat.com/ To register this system, run: insights-client --register Last login: Fri Nov 26 11:09:48 2021 from 172.25.254.70 [root@westoslinux ~]#

  3, Build Anisble list

Listing is a list of ansible control hosts
/etc/ansible/hosts ## global manifest file

1. Write the managed host name or ip directly, one per line

node1.westos.com
node2.westos.com
172.25.254.240

2. Set the Group [group name] of the managed host

List view:

Group name in ansible manifest [- i manifest file]
ansible ungrouped --list-hosts
ansible all --list-hosts

  Single layer list

[list1]
node1.westos.com
node2.westos.com
[list2]
node2.westos.com
[list3]
172.25.254.240

Nested list

[westos:children]
list1
list3

3, Scope operation of host specification

The Ansible host list can be simplified by specifying the host name or IP range
Syntax:
[start:end]
[westostest]
172.25.254.[100:108]

  4, Specify another manifest file

vim inventory
172.25.254.240
[westostest]
172.25.254.100
172.25.254.200

  The ansible command specifies the regular expression of the manifest

*                 ## All
##172.25.254.*
##westos*

:                 ## Logical or
##westos1:linux
##172.25.254.100:172.25.254.200

:&               ## Logic and
##westos1:&linux
                 ## The host is in both the westos1 list and the linux list

:!               ## Logical non
##westos1:!linux
                ## In westos1, not in linux

~                            ## Start with keyword
~(str1|str2)           ## Start with condition 1 or condition 2

[root@ansible ansible]# vim hosts [westos] 172.25.254.[200:210] [westos1] 172.25.254.211 nodea.westos.org [westosall:children] westos westos1

  4, Detailed explanation of Ansible configuration file parameters

Group name in ansible list - m module - u remote_user

1. Classification and priority of configuration files

/etc/ansible/ansible.cfg         ## Basic configuration file, no other configuration file found. This file takes effect
~/.ansible.cfg         ## The user does not have ansible.cfg in the current directory. This file takes effect
./ansible.cfg         ## Highest priority

2. Common configuration parameters

#[default]                 ## Basic information setting
inventory=                 ## Specify manifest path
remote_user=                 ## The user name logged in on the managed host. The current user is not specified
ask_pass=                 ## Whether to prompt for SSH password. If public key login is set to false
library=                 ## Storage directory of library files
local_tmp=                 ## Local temporary command execution directory
remote_tmp=                 ## Remote host temporary py command file storage directory
forks=                 ## Default concurrency
host_key_checking=                 ## Do you want to enter yes to establish the host when connecting to the managed host for the first time_ key
sudo_user=                 ## Default sudo user
ask_sudo_pass=                 ## Whether to ask sudo password every time the controlled host executes the ansible command
module_name=                 ## The default module uses command by default and can be modified to shell
log_path=                 ## log file path

[privilege_escalation]          ## Identity information setting
become=                         ## Whether to automatically switch users after connection
become_method=         ## Set the user switching mode, usually sudo
become_user=                 ## The user to switch to in the managed host, usually root
become_ask_pass                ## Do you need to be a become_method prompts for the password, which is false by default

5, Build user level Ansible operating environment
[root@ansible mnt]# sh sshkey.sh ##Delete the key previously transmitted to the client #!/bin/bash AUTOSSH() { /usr/bin/expect <<EOF spawn ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected].$i expect { "yes/no" { send "yes\r";exp_continue } "password" { send "westos\r" } } expect eof EOF } for i in 210 211 do ssh -l root 172.25.254.$i rm -fr /root/.ssh done

Add user, add list

[root@ansible ansible]# useradd devops [root@ansible ansible]# su - devops [devops@ansible ~]$ mkdir .ansible [devops@ansible ~]$ cd .ansible/ [devops@ansible .ansible]$ vim inventory ##detailed list [westos] 172.25.254.210 [devops@ansible .ansible]$ ls inventory

Modify the previous master profile and delete the previous settings. Write user profile

[root@ansible ansible]#vim /etc/ansible/hosts ##Modify the previous master profile and delete the previous settings [root@ansible ansible]# su - devops Last login: Fri Nov 26 15:01:40 CST 2021 on pts/1 [devops@ansible ~]$ cd .ansible/ [devops@ansible .ansible]$ ls inventory [devops@ansible .ansible]$ vim ansible.cfg ##Write configuration file [defaults] inventory = ~/.ansible/inventory host_key_checking = False remote_user = root module_name = shell [privilege_escalation] #become=True #become_method=sudo #become_user=root #become_ask_pass=False

Create a user for the controlled machine in the main control machine

[devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'useradd devops' -k -u root SSH password: 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'echo westos | passwd --stdin devops' -k -u root SSH password: 172.25.254.210 | CHANGED | rc=0 >> Changing password for user devops. passwd: all authentication tokens updated successfully. [devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'echo "devops ALL=(root) NOPASSWD: ALL" >> /etc/sudoers' -k -u root SSH password: 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$
[devops@ansible .ansible]$ vim ansible.cfg [defaults] inventory = ~/.ansible/inventory host_key_checking = False remote_user = devops module_name = shell [privilege_escalation] ##After the comment, the login uses devops #become=True #become_method=sudo #become_user=root #become_ask_pass=False [devops@ansible .ansible]$ ansible westos -m shell -a 'whoami' -k SSH password: 172.25.254.211 | CHANGED | rc=0 >> devops 172.25.254.210 | CHANGED | rc=0 >> devops [devops@ansible .ansible]$ vim ansible.cfg [defaults] inventory = ~/.ansible/inventory host_key_checking = False remote_user = devops module_name = shell [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False [devops@ansible .ansible]$ ansible westos -m shell -a 'whoami' -k ##Remove the comments and log in to Devops sudo to root SSH password: 172.25.254.210 | CHANGED | rc=0 >> root 172.25.254.211 | CHANGED | rc=0 >> root
[devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'mkdir -p /home/devops/.ssh' -k ##Create a directory for the client SSH password: [WARNING]: Consider using the file module with state=directory rather than running 'mkdir'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'chown devops.devops /home/devops/.ssh' -k ##Modify owner and all groups SSH password: [WARNING]: Consider using the file module with owner rather than running 'chown'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$ ansible 172.25.254.210 -m shell -a 'chmod 700 /home/devops/.ssh' -k SSH password: [WARNING]: Consider using the file module with mode rather than running 'chmod'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 172.25.254.210 | CHANGED | rc=0 >> [devops@ansible .ansible]$
[devops@ansible .ansible]$ ssh-keygen ##Generate key [devops@ansible .ansible]$ ansible 172.25.254.210 -m copy -a 'src=/home/devops/.ssh/id_rsa.pub dest=/home/devops/.ssh/authorized_keys mode=0600 owner=devops group=devops' -k SSH password: 172.25.254.210 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": true, "checksum": "880b6c072bc8663a1c81ebdfe683ff9cceddf539", "dest": "/home/devops/.ssh/authorized_keys", "gid": 1001, "group": "devops", "md5sum": "49741185aa9e2f68c3d9fec822196c38", "mode": "0600", "owner": "devops", "secontext": "unconfined_u:object_r:ssh_home_t:s0", "size": 579, "src": "/home/devops/.ansible/tmp/ansible-tmp-1637913963.6558049-34674-55602837977237/source", "state": "file", "uid": 1001 } [devops@ansible .ansible]$ ansible 172.25.254.210 -m ping ##Test, the module can be executed without a password 172.25.254.210 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }

29 November 2021, 15:39 | Views: 2592

Add new comment

For adding a comment, please log in
or create account

0 comments