2. ubuntu20.04部署ansible¶
1. 安装ansible¶
#1. 查看安装命令
ubuntu@4c16g:~$ ansible
Command 'ansible' not found, but can be installed with:
sudo apt install ansible
#2. 安装ansible
ubuntu@4c16g:~$ sudo apt install ansible -y
#3. 查看版本
ubuntu@4c16g:~$ ansible --version
ansible 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/ubuntu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 3.8.10 (default, Sep 28 2021, 16:10:42) [GCC 9.3.0]
2. 修改配置文件¶
1. 备份¶
#1.备份
cd /etc/ansible
ls
sudo cp /etc/ansible/hosts /etc/ansible/hosts.bak
ubuntu@4c16g:~$ ls /etc/ansible/
ansible.cfg hosts
2. 添加被管理的机器¶
sudo -i
cd /etc/ansible
vim /etc/ansible/hosts
# 在文件末尾添加
[aliyun]
10.0.8.1
[tengxunyun]
10.0.8.2
10.0.8.3
10.0.8.5
[yamaxunyun]
10.0.8.4
3. 测试¶
ansible aliyun -m command -a 'hostname' -k -uadmin
ansible tengxunyun -m command -a 'hostname' -k -uubuntu
root@4c16g:/etc/ansible# ansible aliyun -m command -a 'hostname' -k -uadmin
SSH password:
10.0.8.1 | FAILED | rc=-1 >>
to use the 'ssh' connection type with passwords, you must install the sshpass program
#1 提示需要安装sshpass
root@4c16g:/etc/ansible# sshpass
Command 'sshpass' not found, but can be installed with:
apt install sshpass
root@4c16g:/etc/ansible#
#2 根据提示安装sshpass
root@4c16g:/etc/ansible# apt install sshpass -y
#3 再次测试
root@4c16g:/etc/ansible# ansible aliyun -m command -a 'hostname' -k -uadmin
SSH password:
10.0.8.1 | FAILED | rc=-1 >>
Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host.
#4. 提示需要添加信任,也就是说需要ssh登录一下,然后输入yes!
4. 登录测试¶
1. 阿里云¶
ssh admin@10.0.8.1
root@4c16g:/etc/ansible# ssh admin@10.0.8.1
The authenticity of host '10.0.8.1 (10.0.8.1)' can't be established.
ECDSA key fingerprint is SHA256:s04XzAcPb932jMDapVoBEkiBsGHwuiPSvWeySwqiUoI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? [fingerprint]
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added '10.0.8.1' (ECDSA) to the list of known hosts.
admin@10.0.8.1's password:
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-47-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
Welcome to Alibaba Cloud Elastic Compute Service !
Last login: Sun Jan 2 19:43:43 2022 from 10.0.8.5
admin@ali:~$
admin@ali:~$ exit
logout
Connection to 10.0.8.1 closed.
# 再次测试,成功!
root@4c16g:/etc/ansible# ansible aliyun -m command -a 'hostname' -k -uadmin
SSH password:
10.0.8.1 | CHANGED | rc=0 >>
ali
root@4c16g:/etc/ansible#
2. 腾讯云和亚马逊云¶
# 操作与上面一致!
ssh ubuntu@10.0.8.2
ssh ubuntu@10.0.8.3
ssh ubuntu@10.0.8.5
ssh ubuntu@10.0.8.4
5. 免密登录设置¶
1. 方法1:用户名密码写入配置文件(不推荐)¶
# 设置方法1:将用户名和密码写入配置文件,不推荐!
vim /etc/ansible/hosts
[aliyun]
10.0.8.1 ansible_user=admin ansible_ssh_pass=123456
# 再次测试
ansible aliyun -m command -a "ifconfig eth0"
root@4c16g:/etc/ansible# ansible aliyun -m command -a "ifconfig eth0"
10.0.8.1 | CHANGED | rc=0 >>
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.19.23.181 netmask 255.255.192.0 broadcast 172.19.63.255
inet6 fe80::216:3eff:fe13:9de1 prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:13:9d:e1 txqueuelen 1000 (Ethernet)
RX packets 41512479 bytes 10904503701 (10.9 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 41641107 bytes 9957603773 (9.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@4c16g:/etc/ansible#
2. 方法2:生成公私钥¶
#1. 生成公私钥对
ssh-keygen -f ~/.ssh/id_rsa -P '' >/dev/null 2>&1
#2. 查看
ls ~/.ssh
#3. 分发公钥!
ssh-copy-id admin@10.0.8.1
ssh-copy-id ubuntu@10.0.8.2
ssh-copy-id ubuntu@10.0.8.3
ssh-copy-id ubuntu@10.0.8.5
ssh-copy-id ubuntu@10.0.8.4
root@4c16g:/etc/ansible# ls ~/.ssh
authorized_keys known_hosts
root@4c16g:/etc/ansible#
root@4c16g:/etc/ansible# ssh-keygen -f ~/.ssh/id_rsa -P '' >/dev/null 2>&1
root@4c16g:/etc/ansible#
root@4c16g:/etc/ansible# ls ~/.ssh
authorized_keys id_rsa id_rsa.pub known_hosts
root@4c16g:/etc/ansible# ssh-copy-id admin@10.0.8.1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
admin@10.0.8.1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'admin@10.0.8.1'"
and check to make sure that only the key(s) you wanted were added.
root@4c16g:/etc/ansible# ssh-copy-id ubuntu@10.0.8.2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ubuntu@10.0.8.2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ubuntu@10.0.8.2'"
and check to make sure that only the key(s) you wanted were added.
root@4c16g:/etc/ansible# ssh-copy-id ubuntu@10.0.8.3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ubuntu@10.0.8.3's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ubuntu@10.0.8.3'"
and check to make sure that only the key(s) you wanted were added.
root@4c16g:/etc/ansible# ssh-copy-id ubuntu@10.0.8.5
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ubuntu@10.0.8.5's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ubuntu@10.0.8.5'"
and check to make sure that only the key(s) you wanted were added.
root@4c16g:/etc/ansible# ssh-copy-id ubuntu@10.0.8.4
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ubuntu@10.0.8.4's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ubuntu@10.0.8.4'"
and check to make sure that only the key(s) you wanted were added.
root@4c16g:/etc/ansible#
6. 测试¶
ansible aliyun -m command -a 'hostname'
ansible tengxunyun -m command -a 'hostname'
ansible yamaxunyun -m command -a 'hostname'
root@4c16g:/etc/ansible# ansible aliyun -m command -a 'hostname'
10.0.8.1 | CHANGED | rc=0 >>
ali
root@4c16g:/etc/ansible# ansible tengxunyun -m command -a 'hostname'
10.0.8.5 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: root@10.0.8.5: Permission denied (publickey,password).",
"unreachable": true
}
10.0.8.2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: root@10.0.8.2: Permission denied (publickey,password).",
"unreachable": true
}
10.0.8.3 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: root@10.0.8.3: Permission denied (publickey,password).",
"unreachable": true
}
root@4c16g:/etc/ansible# ansible yamaxunyun -m command -a 'hostname'
10.0.8.4 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: root@10.0.8.4: Permission denied (publickey,password).",
"unreachable": true
}
root@4c16g:/etc/ansible#
root@4c16g:/etc/ansible#
root@4c16g:/etc/ansible# ansible tengxunyun -m command -a 'hostname' -uubuntu
[DEPRECATION WARNING]: Distribution ubuntu 20.04 on host 10.0.8.5 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible
release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will
be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
10.0.8.5 | CHANGED | rc=0 >>
4c16g
[DEPRECATION WARNING]: Distribution ubuntu 20.04 on host 10.0.8.3 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible
release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will
be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
10.0.8.3 | CHANGED | rc=0 >>
zabbix
[DEPRECATION WARNING]: Distribution ubuntu 20.04 on host 10.0.8.2 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible
release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will
be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
10.0.8.2 | CHANGED | rc=0 >>
k8s-master
root@4c16g:/etc/ansible# ansible yamaxunyun -m command -a 'hostname' -uubuntu
10.0.8.4 | CHANGED | rc=0 >>
vpn
7. 修改配置文件¶
# 指定用户名,不指定密码!
vim /etc/ansible/hosts
[aliyun]
10.0.8.1 ansible_user=admin
[tengxunyun]
10.0.8.2 ansible_user=ubuntu
10.0.8.3 ansible_user=ubuntu
10.0.8.5 ansible_user=ubuntu
[yamaxunyun]
10.0.8.4 ansible_user=ubuntu
8. 再次测试!¶
ansible aliyun -m command -a 'hostname'
ansible tengxunyun -m command -a 'hostname'
ansible yamaxunyun -m command -a 'hostname'
root@4c16g:/etc/ansible# ansible aliyun -m command -a 'hostname'
10.0.8.1 | CHANGED | rc=0 >>
ali
root@4c16g:/etc/ansible# ansible tengxunyun -m command -a 'hostname'
[DEPRECATION WARNING]: Distribution ubuntu 20.04 on host 10.0.8.5 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible
release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will
be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
10.0.8.5 | CHANGED | rc=0 >>
4c16g
[DEPRECATION WARNING]: Distribution ubuntu 20.04 on host 10.0.8.3 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible
release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will
be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
10.0.8.3 | CHANGED | rc=0 >>
zabbix
[DEPRECATION WARNING]: Distribution ubuntu 20.04 on host 10.0.8.2 should use /usr/bin/python3, but is using /usr/bin/python for backward compatibility with prior Ansible releases. A future Ansible
release will default to using the discovered platform python for this host. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information. This feature will
be removed in version 2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
10.0.8.2 | CHANGED | rc=0 >>
k8s-master
root@4c16g:/etc/ansible# ansible yamaxunyun -m command -a 'hostname'
10.0.8.4 | CHANGED | rc=0 >>
vpn
最后更新:
2022-02-22 12:50:43