Tips:一些记录,一些笔记
2024/07/17
WEDNESDAY
To be both a speaker of words and a doer of deeds.
既当演说家,又做实干家。
01
通过YUM安装Ansible
查看Ansible软件包的信息:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# rpm -qi ansibleName : ansibleVersion : 2.9.27Release : 1.el7Architecture: noarchInstall Date: Wed 17 Jul 2024 09:12:42 PM CSTGroup : UnspecifiedSize : 108155317License : GPLv3+Signature : RSA/SHA256, Sun 16 Jan 2022 06:18:04 AM CST, Key ID 6a2faea2352c64e5Source RPM : ansible-2.9.27-1.el7.src.rpmBuild Date : Sun 16 Jan 2022 06:02:03 AM CSTBuild Host : buildvm-x86-05.iad2.fedoraproject.orgRelocations : (not relocatable)Packager : Fedora ProjectVendor : Fedora ProjectURL : http://ansible.comBug URL : https://bugz.fedoraproject.org/ansibleSummary : SSH-based configuration management, deployment, and task execution systemDescription :Ansible is a radically simple model-driven configuration management,multi-node deployment, and remote task execution system. Ansible worksover SSH and does not require any software or daemons to be installedon remote nodes. Extension modules can be written in any language andare transferred to managed machines automatically.[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# yum info ansibleLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfileInstalled PackagesName : ansibleArch : noarchVersion : 2.9.27Release : 1.el7Size : 103 MRepo : installedFrom repo : epelSummary : SSH-based configuration management, deployment, and task execution systemURL : http://ansible.comLicense : GPLv3+Description : Ansible is a radically simple model-driven configuration management,: multi-node deployment, and remote task execution system. Ansible works: over SSH and does not require any software or daemons to be installed: on remote nodes. Extension modules can be written in any language and: are transferred to managed machines automatically.[root@iZuf6ft8kvzxhme7svd96pZ ~]#
直接通过CentOS的YUM包管理器安装Ansible:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# yum list | grep ansibleansible.noarch 2.9.27-1.el7 epelansible-collection-microsoft-sql.noarch 1.1.0-1.el7_9 extrasansible-doc.noarch 2.9.27-1.el7 epelansible-inventory-grapher.noarch 2.4.4-1.el7 epelansible-lint.noarch 3.5.1-1.el7 epelansible-openstack-modules.noarch 0-20140902git79d751a.el7 epelansible-python3.noarch 2.9.27-1.el7 epelansible-review.noarch 0.13.4-1.el7 epelansible-test.noarch 2.9.27-1.el7 epelcentos-release-ansible-27.noarch 1-1.el7 extrascentos-release-ansible-28.noarch 1-1.el7 extrascentos-release-ansible-29.noarch 1-1.el7 extrascentos-release-ansible26.noarch 1-3.el7.centos extraskubernetes-ansible.noarch 0.6.0-0.1.gitd65ebd5.el7 epelpython2-ansible-runner.noarch 1.0.1-1.el7 epelpython2-ansible-tower-cli.noarch 3.3.9-1.el7 epelvim-ansible.noarch 3.2-1.el7 epel[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# yum install ansibleLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfileResolving Dependencies--> Running transaction check---> Package ansible.noarch 0:2.9.27-1.el7 will be installed--> Processing Dependency: PyYAML for package: ansible-2.9.27-1.el7.noarch--> Processing Dependency: python-httplib2 for package: ansible-2.9.27-1.el7.noarch--> Processing Dependency: python-jinja2 for package: ansible-2.9.27-1.el7.noarch--> Processing Dependency: python-paramiko for package: ansible-2.9.27-1.el7.noarch--> Processing Dependency: python-setuptools for package: ansible-2.9.27-1.el7.noarch--> Processing Dependency: python-six for package: ansible-2.9.27-1.el7.noarch--> Processing Dependency: python2-cryptography for package: ansible-2.9.27-1.el7.noarch--> Processing Dependency: python2-jmespath for package: ansible-2.9.27-1.el7.noarch--> Processing Dependency: sshpass for package: ansible-2.9.27-1.el7.noarch--> Running transaction check---> Package PyYAML.x86_64 0:3.10-11.el7 will be installed--> Processing Dependency: libyaml-0.so.2()(64bit) for package: PyYAML-3.10-11.el7.x86_64---> Package python-jinja2.noarch 0:2.7.2-4.el7 will be installed--> Processing Dependency: python-babel >= 0.8 for package: python-jinja2-2.7.2-4.el7.noarch--> Processing Dependency: python-markupsafe for package: python-jinja2-2.7.2-4.el7.noarch---> Package python-paramiko.noarch 0:2.1.1-9.el7 will be installed--> Processing Dependency: python2-pyasn1 for package: python-paramiko-2.1.1-9.el7.noarch---> Package python-setuptools.noarch 0:0.9.8-7.el7 will be installed--> Processing Dependency: python-backports-ssl_match_hostname for package: python-setuptools-0.9.8-7.el7.noarch---> Package python-six.noarch 0:1.9.0-2.el7 will be installed---> Package python2-cryptography.x86_64 0:1.7.2-2.el7 will be installed--> Processing Dependency: python-idna >= 2.0 for package: python2-cryptography-1.7.2-2.el7.x86_64--> Processing Dependency: python-cffi >= 1.4.1 for package: python2-cryptography-1.7.2-2.el7.x86_64--> Processing Dependency: python-ipaddress for package: python2-cryptography-1.7.2-2.el7.x86_64--> Processing Dependency: python-enum34 for package: python2-cryptography-1.7.2-2.el7.x86_64---> Package python2-httplib2.noarch 0:0.18.1-3.el7 will be installed---> Package python2-jmespath.noarch 0:0.9.4-2.el7 will be installed---> Package sshpass.x86_64 0:1.06-2.el7 will be installed--> Running transaction check---> Package libyaml.x86_64 0:0.1.4-11.el7_0 will be installed---> Package python-babel.noarch 0:0.9.6-8.el7 will be installed---> Package python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7 will be installed--> Processing Dependency: python-backports for package: python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch---> Package python-cffi.x86_64 0:1.6.0-5.el7 will be installed--> Processing Dependency: python-pycparser for package: python-cffi-1.6.0-5.el7.x86_64---> Package python-enum34.noarch 0:1.0.4-1.el7 will be installed---> Package python-idna.noarch 0:2.4-1.el7 will be installed---> Package python-ipaddress.noarch 0:1.0.16-2.el7 will be installed---> Package python-markupsafe.x86_64 0:0.11-10.el7 will be installed---> Package python2-pyasn1.noarch 0:0.1.9-7.el7 will be installed--> Running transaction check---> Package python-backports.x86_64 0:1.0-8.el7 will be installed---> Package python-pycparser.noarch 0:2.14-1.el7 will be installed--> Processing Dependency: python-ply for package: python-pycparser-2.14-1.el7.noarch--> Running transaction check---> Package python-ply.noarch 0:3.4-11.el7 will be installed--> Finished Dependency ResolutionDependencies Resolved=====================================================================================================================================================================================================================================================Package Arch Version Repository Size=====================================================================================================================================================================================================================================================Installing:ansible noarch 2.9.27-1.el7 epel 17 MInstalling for dependencies:PyYAML x86_64 3.10-11.el7 base 153 klibyaml x86_64 0.1.4-11.el7_0 base 55 kpython-babel noarch 0.9.6-8.el7 base 1.4 Mpython-backports x86_64 1.0-8.el7 base 5.8 kpython-backports-ssl_match_hostname noarch 3.5.0.1-1.el7 base 13 kpython-cffi x86_64 1.6.0-5.el7 base 218 kpython-enum34 noarch 1.0.4-1.el7 base 52 kpython-idna noarch 2.4-1.el7 base 94 kpython-ipaddress noarch 1.0.16-2.el7 base 34 kpython-jinja2 noarch 2.7.2-4.el7 base 519 kpython-markupsafe x86_64 0.11-10.el7 base 25 kpython-paramiko noarch 2.1.1-9.el7 base 269 kpython-ply noarch 3.4-11.el7 base 123 kpython-pycparser noarch 2.14-1.el7 base 104 kpython-setuptools noarch 0.9.8-7.el7 base 397 kpython-six noarch 1.9.0-2.el7 base 29 kpython2-cryptography x86_64 1.7.2-2.el7 base 502 kpython2-httplib2 noarch 0.18.1-3.el7 epel 125 kpython2-jmespath noarch 0.9.4-2.el7 epel 41 kpython2-pyasn1 noarch 0.1.9-7.el7 base 100 ksshpass x86_64 1.06-2.el7 extras 21 kTransaction Summary=====================================================================================================================================================================================================================================================Install 1 Package (+21 Dependent packages)Total download size: 21 MInstalled size: 122 MIs this ok [y/d/N]: yDownloading packages:(1/22): libyaml-0.1.4-11.el7_0.x86_64.rpm | 55 kB 00:00:00(2/22): PyYAML-3.10-11.el7.x86_64.rpm | 153 kB 00:00:00(3/22): python-backports-1.0-8.el7.x86_64.rpm | 5.8 kB 00:00:00(4/22): python-babel-0.9.6-8.el7.noarch.rpm | 1.4 MB 00:00:00(5/22): python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch.rpm | 13 kB 00:00:00(6/22): python-cffi-1.6.0-5.el7.x86_64.rpm | 218 kB 00:00:00(7/22): python-enum34-1.0.4-1.el7.noarch.rpm | 52 kB 00:00:00(8/22): python-idna-2.4-1.el7.noarch.rpm | 94 kB 00:00:00(9/22): python-jinja2-2.7.2-4.el7.noarch.rpm | 519 kB 00:00:00(10/22): python-ipaddress-1.0.16-2.el7.noarch.rpm | 34 kB 00:00:00(11/22): python-markupsafe-0.11-10.el7.x86_64.rpm | 25 kB 00:00:00(12/22): python-ply-3.4-11.el7.noarch.rpm | 123 kB 00:00:00(13/22): python-pycparser-2.14-1.el7.noarch.rpm | 104 kB 00:00:00(14/22): python-setuptools-0.9.8-7.el7.noarch.rpm | 397 kB 00:00:00(15/22): python-paramiko-2.1.1-9.el7.noarch.rpm | 269 kB 00:00:00(16/22): ansible-2.9.27-1.el7.noarch.rpm | 17 MB 00:00:00(17/22): python-six-1.9.0-2.el7.noarch.rpm | 29 kB 00:00:00(18/22): python2-cryptography-1.7.2-2.el7.x86_64.rpm | 502 kB 00:00:00(19/22): python2-jmespath-0.9.4-2.el7.noarch.rpm | 41 kB 00:00:00(20/22): python2-httplib2-0.18.1-3.el7.noarch.rpm | 125 kB 00:00:00(21/22): sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00(22/22): python2-pyasn1-0.1.9-7.el7.noarch.rpm | 100 kB 00:00:00-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Total 40 MB/s | 21 MB 00:00:00Running transaction checkRunning transaction testTransaction test succeededRunning transactionInstalling : python2-pyasn1-0.1.9-7.el7.noarch 1/22Installing : python-ipaddress-1.0.16-2.el7.noarch 2/22Installing : python-six-1.9.0-2.el7.noarch 3/22Installing : sshpass-1.06-2.el7.x86_64 4/22Installing : libyaml-0.1.4-11.el7_0.x86_64 5/22Installing : PyYAML-3.10-11.el7.x86_64 6/22Installing : python-backports-1.0-8.el7.x86_64 7/22Installing : python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 8/22Installing : python-setuptools-0.9.8-7.el7.noarch 9/22Installing : python2-httplib2-0.18.1-3.el7.noarch 10/22Installing : python-babel-0.9.6-8.el7.noarch 11/22Installing : python2-jmespath-0.9.4-2.el7.noarch 12/22Installing : python-ply-3.4-11.el7.noarch 13/22Installing : python-pycparser-2.14-1.el7.noarch 14/22Installing : python-cffi-1.6.0-5.el7.x86_64 15/22Installing : python-markupsafe-0.11-10.el7.x86_64 16/22Installing : python-jinja2-2.7.2-4.el7.noarch 17/22Installing : python-idna-2.4-1.el7.noarch 18/22Installing : python-enum34-1.0.4-1.el7.noarch 19/22Installing : python2-cryptography-1.7.2-2.el7.x86_64 20/22Installing : python-paramiko-2.1.1-9.el7.noarch 21/22Installing : ansible-2.9.27-1.el7.noarch 22/22Verifying : python-backports-ssl_match_hostname-3.5.0.1-1.el7.noarch 1/22Verifying : python-enum34-1.0.4-1.el7.noarch 2/22Verifying : python-setuptools-0.9.8-7.el7.noarch 3/22Verifying : python-paramiko-2.1.1-9.el7.noarch 4/22Verifying : python-jinja2-2.7.2-4.el7.noarch 5/22Verifying : python-six-1.9.0-2.el7.noarch 6/22Verifying : python-idna-2.4-1.el7.noarch 7/22Verifying : python-markupsafe-0.11-10.el7.x86_64 8/22Verifying : python-ply-3.4-11.el7.noarch 9/22Verifying : ansible-2.9.27-1.el7.noarch 10/22Verifying : python2-jmespath-0.9.4-2.el7.noarch 11/22Verifying : python-babel-0.9.6-8.el7.noarch 12/22Verifying : python2-httplib2-0.18.1-3.el7.noarch 13/22Verifying : python-backports-1.0-8.el7.x86_64 14/22Verifying : python-cffi-1.6.0-5.el7.x86_64 15/22Verifying : python-pycparser-2.14-1.el7.noarch 16/22Verifying : libyaml-0.1.4-11.el7_0.x86_64 17/22Verifying : python-ipaddress-1.0.16-2.el7.noarch 18/22Verifying : sshpass-1.06-2.el7.x86_64 19/22Verifying : python2-pyasn1-0.1.9-7.el7.noarch 20/22Verifying : PyYAML-3.10-11.el7.x86_64 21/22Verifying : python2-cryptography-1.7.2-2.el7.x86_64 22/22Installed:ansible.noarch 0:2.9.27-1.el7Dependency Installed:PyYAML.x86_64 0:3.10-11.el7 libyaml.x86_64 0:0.1.4-11.el7_0 python-babel.noarch 0:0.9.6-8.el7 python-backports.x86_64 0:1.0-8.el7 python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7python-cffi.x86_64 0:1.6.0-5.el7 python-enum34.noarch 0:1.0.4-1.el7 python-idna.noarch 0:2.4-1.el7 python-ipaddress.noarch 0:1.0.16-2.el7 python-jinja2.noarch 0:2.7.2-4.el7python-markupsafe.x86_64 0:0.11-10.el7 python-paramiko.noarch 0:2.1.1-9.el7 python-ply.noarch 0:3.4-11.el7 python-pycparser.noarch 0:2.14-1.el7 python-setuptools.noarch 0:0.9.8-7.el7python-six.noarch 0:1.9.0-2.el7 python2-cryptography.x86_64 0:1.7.2-2.el7 python2-httplib2.noarch 0:0.18.1-3.el7 python2-jmespath.noarch 0:0.9.4-2.el7 python2-pyasn1.noarch 0:0.1.9-7.el7sshpass.x86_64 0:1.06-2.el7Complete![root@iZuf6ft8kvzxhme7svd96pZ ~]#
查看Ansible的软件包到底安装了一些什么:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# rpm -ql ansible | grep -v "/usr"/etc/ansible/etc/ansible/ansible.cfg/etc/ansible/hosts/etc/ansible/roles[root@iZuf6ft8kvzxhme7svd96pZ ~]#
默认的软件目录:/etc/ansible
默认的配置文件:/etc/ansible/ansible.cfg
默认的HOST文件:/etc/ansible/hosts
默认的角色:/etc/ansible/roles
来看看它们的内容:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# cd etc/ansible/[root@iZuf6ft8kvzxhme7svd96pZ ansible]# ls -ltrtotal 28drwxr-xr-x 2 root root 4096 Jan 16 2022 roles-rw-r--r-- 1 root root 1016 Jan 16 2022 hosts-rw-r--r-- 1 root root 19985 Jan 16 2022 ansible.cfg[root@iZuf6ft8kvzxhme7svd96pZ ansible]#[root@iZuf6ft8kvzxhme7svd96pZ ansible]# cat etc/ansible/ansible.cfg | grep -v "^#" | strings[defaults][inventory][privilege_escalation][paramiko_connection][ssh_connection][persistent_connection][accelerate][selinux][colors][diff][root@iZuf6ft8kvzxhme7svd96pZ ansible]#[root@iZuf6ft8kvzxhme7svd96pZ ansible]# cat etc/ansible/hosts# This is the default ansible 'hosts' file.## It should live in etc/ansible/hosts## - Comments begin with the '#' character# - Blank lines are ignored# - Groups of hosts are delimited by [header] elements# - You can enter hostnames or ip addresses# - A hostname/ip can be a member of multiple groups# Ex 1: Ungrouped hosts, specify before any group headers.## green.example.com## blue.example.com## 192.168.100.1## 192.168.100.10# Ex 2: A collection of hosts belonging to the 'webservers' group## [webservers]## alpha.example.org## beta.example.org## 192.168.1.100## 192.168.1.110# If you have multiple hosts following a pattern you can specify# them like this:## www[001:006].example.com# Ex 3: A collection of database servers in the 'dbservers' group## [dbservers]#### db01.intranet.mydomain.net## db02.intranet.mydomain.net## 10.25.1.56## 10.25.1.57# Here's another example of host ranges, this time there are no# leading 0s:## db-[99:101]-node.example.com[root@iZuf6ft8kvzxhme7svd96pZ ansible]#
02
配置Ansible
创建Ansible的工作目录:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# ls -ltr | grep ansible[root@iZuf6ft8kvzxhme7svd96pZ ~]# mkdir ansible[root@iZuf6ft8kvzxhme7svd96pZ ~]#
创建Ansible的配置文件「ansible.cfg」:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# cat > ansible/ansible.cfg << EOF> [defaults]> inventory = ansible/inventory/hosts> remote_user = root> host_key_checking = False> EOF[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ls -ltr ansible/total 4-rw-r--r-- 1 root root 93 Jul 17 21:28 ansible.cfg[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# cat ansible/ansible.cfg[defaults]inventory = ansible/inventory/hostsremote_user = roothost_key_checking = False[root@iZuf6ft8kvzxhme7svd96pZ ~]#
配置「hosts」文件:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# mkdir ansible/inventory[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# cat > ansible/inventory/hosts << EOF> [manager]> 172.20.139.110>> [oracle]> 172.28.247.72> 172.28.247.73>> [all:children]> manager> oracle> EOF[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# cat ansible/inventory/hosts[manager]172.20.139.110[oracle]172.28.247.72172.28.247.73[all:children]manageroracle[root@iZuf6ft8kvzxhme7svd96pZ ~]#
03
SSH免密
以下是其中一台机器上的配置方式。
生成SSH密钥:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# whoamiroot[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ls -ltra | grep sshdrwx------ 2 root root 4096 Jun 28 12:36 .ssh[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ls -ltr .ssh/total 0-rw------- 1 root root 0 Jul 17 15:09 authorized_keys[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# cat .ssh/authorized_keys[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ssh-keygen -t rsa -b 2048Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in root/.ssh/id_rsa.Your public key has been saved in root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:6Bu4dGMrpw7CaUERaejxhfJjeK6FsOpo0lMh00J/I08 root@iZuf6ft8kvzxhme7svd96pZThe key's randomart image is:+---[RSA 2048]----+|.oo . ||.=o. . ||oo*o. ||oo+*= E. ||.o=+.*..S ||o.oo.o. ||o=+.o * ||=+oo.+.= ||=. o++o |+----[SHA256]-----+[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ls -ltr .ssh/total 8-rw------- 1 root root 0 Jul 17 15:09 authorized_keys-rw-r--r-- 1 root root 410 Jul 17 23:06 id_rsa.pub-rw------- 1 root root 1675 Jul 17 23:06 id_rsa[root@iZuf6ft8kvzxhme7svd96pZ ~]#
通过「ssh-copy-id」分发SSH公钥到所有主机:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# vi etc/hosts[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# cat etc/hosts::1 localhost localhost.localdomain localhost6 localhost6.localdomain6127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4172.20.139.110 iZuf6ft8kvzxhme7svd96pZ iZuf6ft8kvzxhme7svd96pZ# Ansible172.20.139.110 manage# oracle 1172.28.247.72 oracle1# oracle 2172.28.247.73 oracle2[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ssh-copy-id root@oracle1/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host 'oracle1 (172.28.247.72)' can't be established.ECDSA key fingerprint is SHA256:g01ndUi/5Xy/TgxcCqspKJcwNYPx/T4vhauoX7t81qE.ECDSA key fingerprint is MD5:54:62:30:a2:03:c6:f6:c0:c1:f1:cb:7e:16:a7:f2:cf.Are you sure you want to continue connecting (yes/no)? yesWarning: the ECDSA host key for 'oracle1' differs from the key for the IP address '172.28.247.72'Offending key for IP in root/.ssh/known_hosts:3Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installedWarning: the ECDSA host key for 'oracle1' differs from the key for the IP address '172.28.247.72'Offending key for IP in root/.ssh/known_hosts:3Matching host key in root/.ssh/known_hosts:4Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysWarning: the ECDSA host key for 'oracle1' differs from the key for the IP address '172.28.247.72'Offending key for IP in root/.ssh/known_hosts:3Matching host key in root/.ssh/known_hosts:4Are you sure you want to continue connecting (yes/no)? yesroot@oracle1's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@oracle1'"and check to make sure that only the key(s) you wanted were added.[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ssh-copy-id root@oracle2/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host 'oracle2 (172.28.247.73)' can't be established.ECDSA key fingerprint is SHA256:oHLtD6fm8RXLi2ud2ydhaRAF427ie5h7mpYzulob3Lg.ECDSA key fingerprint is MD5:4e:e3:27:16:75:d1:82:a0:01:99:d1:91:61:d6:e8:34.Are you sure you want to continue connecting (yes/no)? yesWarning: the ECDSA host key for 'oracle2' differs from the key for the IP address '172.28.247.73'Offending key for IP in /root/.ssh/known_hosts:2Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installedWarning: the ECDSA host key for 'oracle2' differs from the key for the IP address '172.28.247.73'Offending key for IP in /root/.ssh/known_hosts:2Matching host key in /root/.ssh/known_hosts:5Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysWarning: the ECDSA host key for 'oracle2' differs from the key for the IP address '172.28.247.73'Offending key for IP in /root/.ssh/known_hosts:2Matching host key in /root/.ssh/known_hosts:5Are you sure you want to continue connecting (yes/no)? yesroot@oracle2's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@oracle2'"and check to make sure that only the key(s) you wanted were added.[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ssh-copy-id root@manage/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host 'manage (172.20.139.110)' can't be established.ECDSA key fingerprint is SHA256:7aOnmL6YAp9lmKu2oAZPunWCGOSIlhz/2SFyk8vZLJ4.ECDSA key fingerprint is MD5:c1:ba:01:9c:e1:93:6f:83:17:d1:1f:3b:9e:97:ec:29.Are you sure you want to continue connecting (yes/no)? yesWarning: the ECDSA host key for 'manage' differs from the key for the IP address '172.20.139.110'Offending key for IP in /root/.ssh/known_hosts:1Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installedWarning: the ECDSA host key for 'manage' differs from the key for the IP address '172.20.139.110'Offending key for IP in /root/.ssh/known_hosts:1Matching host key in /root/.ssh/known_hosts:6Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysWarning: the ECDSA host key for 'manage' differs from the key for the IP address '172.20.139.110'Offending key for IP in /root/.ssh/known_hosts:1Matching host key in /root/.ssh/known_hosts:6Are you sure you want to continue connecting (yes/no)? yesroot@manage's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@manage'"and check to make sure that only the key(s) you wanted were added.[root@iZuf6ft8kvzxhme7svd96pZ ~]#
测试:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# ssh root@manage hostnameWarning: the ECDSA host key for 'manage' differs from the key for the IP address '172.20.139.110'Offending key for IP in /root/.ssh/known_hosts:1Matching host key in /root/.ssh/known_hosts:6Are you sure you want to continue connecting (yes/no)? yesiZuf6ft8kvzxhme7svd96pZ[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ssh root@oracle1 hostnameWarning: the ECDSA host key for 'oracle1' differs from the key for the IP address '172.28.247.72'Offending key for IP in /root/.ssh/known_hosts:3Matching host key in /root/.ssh/known_hosts:4Are you sure you want to continue connecting (yes/no)? yesiZuf6avcdf340d6qvgospfZ[root@iZuf6ft8kvzxhme7svd96pZ ~]#[root@iZuf6ft8kvzxhme7svd96pZ ~]# ssh root@oracle2 hostnameWarning: the ECDSA host key for 'oracle2' differs from the key for the IP address '172.28.247.73'Offending key for IP in /root/.ssh/known_hosts:2Matching host key in /root/.ssh/known_hosts:5Are you sure you want to continue connecting (yes/no)? yesiZuf6avcdf340d6qvgospeZ[root@iZuf6ft8kvzxhme7svd96pZ ~]#
04
Ansible「测试连通性」
Ansible提供了模块「ping」可以测试连通性:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# ansible all -i /ansible/inventory/hosts -m ping172.20.139.110 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"}172.28.247.72 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"}172.28.247.73 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"ping": "pong"}[root@iZuf6ft8kvzxhme7svd96pZ ~]#
通过Ansible分发SSH公钥到所有主机:
[root@iZuf6ft8kvzxhme7svd96pZ ~]# ansible all -i /ansible/inventory/hosts -m authorized_key -a "user=root key='{{ lookup('file', '/root/.ssh/id_rsa.pub') }}' path=/root/.ssh/authorized_keys manage_dir=no" --ask-pass -c paramikoSSH password:[WARNING]: Platform linux on host 172.20.139.110 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. Seehttps://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.172.20.139.110 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"comment": null,"exclusive": false,"follow": false,"gid": 0,"group": "root","key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7olAbavkUcPTjEsV89m12Zu9A3kX70yi0SMCNV4EWC/MgczoHi7nE30I3ODza517ZknG1/hQZECyI0w1r3+RAoDUkMGdIWZIetXCisfTHVPcPHUOrpQp9JVd2FsI/JY8038s/Gt0q5yjUDAhkcg9x1CBvg6ea7hANBF9QDPnMFJDrk+BXbMhpUK/fkk05zprFK4CjssBMbxZZnv7udXDVjcwVjaK0kPj/XmWIiscfOY/JTta1FveDJmNcVcllLXquTj36Y5S5+75mbigzZrjxRIrGNahXhPm7KHw+LZx1h8qLfo5l4r8b1YOt9hloqd2x/fo8CFSJKcW3o1KNJ5zN root@iZuf6ft8kvzxhme7svd96pZ","key_options": null,"keyfile": "/root/.ssh/authorized_keys","manage_dir": false,"mode": "0600","owner": "root","path": "/root/.ssh/authorized_keys","size": 410,"state": "file","uid": 0,"user": "root","validate_certs": true}[WARNING]: Platform linux on host 172.28.247.72 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. Seehttps://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.172.28.247.72 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"comment": null,"exclusive": false,"follow": false,"gid": 0,"group": "root","key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7olAbavkUcPTjEsV89m12Zu9A3kX70yi0SMCNV4EWC/MgczoHi7nE30I3ODza517ZknG1/hQZECyI0w1r3+RAoDUkMGdIWZIetXCisfTHVPcPHUOrpQp9JVd2FsI/JY8038s/Gt0q5yjUDAhkcg9x1CBvg6ea7hANBF9QDPnMFJDrk+BXbMhpUK/fkk05zprFK4CjssBMbxZZnv7udXDVjcwVjaK0kPj/XmWIiscfOY/JTta1FveDJmNcVcllLXquTj36Y5S5+75mbigzZrjxRIrGNahXhPm7KHw+LZx1h8qLfo5l4r8b1YOt9hloqd2x/fo8CFSJKcW3o1KNJ5zN root@iZuf6ft8kvzxhme7svd96pZ","key_options": null,"keyfile": "/root/.ssh/authorized_keys","manage_dir": false,"mode": "0600","owner": "root","path": "/root/.ssh/authorized_keys","size": 410,"state": "file","uid": 0,"user": "root","validate_certs": true}[WARNING]: Platform linux on host 172.28.247.73 is using the discovered Python interpreter at /usr/bin/python, but future installation of another Python interpreter could change this. Seehttps://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.172.28.247.73 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"},"changed": false,"comment": null,"exclusive": false,"follow": false,"gid": 0,"group": "root","key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7olAbavkUcPTjEsV89m12Zu9A3kX70yi0SMCNV4EWC/MgczoHi7nE30I3ODza517ZknG1/hQZECyI0w1r3+RAoDUkMGdIWZIetXCisfTHVPcPHUOrpQp9JVd2FsI/JY8038s/Gt0q5yjUDAhkcg9x1CBvg6ea7hANBF9QDPnMFJDrk+BXbMhpUK/fkk05zprFK4CjssBMbxZZnv7udXDVjcwVjaK0kPj/XmWIiscfOY/JTta1FveDJmNcVcllLXquTj36Y5S5+75mbigzZrjxRIrGNahXhPm7KHw+LZx1h8qLfo5l4r8b1YOt9hloqd2x/fo8CFSJKcW3o1KNJ5zN root@iZuf6ft8kvzxhme7svd96pZ","key_options": null,"keyfile": "/root/.ssh/authorized_keys","manage_dir": false,"mode": "0600","owner": "root","path": "/root/.ssh/authorized_keys","size": 410,"state": "file","uid": 0,"user": "root","validate_certs": true}[root@iZuf6ft8kvzxhme7svd96pZ ~]#
05
Ansible「在被管理主机上执行命令」
命令详情如下所示:
[root@iZuf6ft8kvzxhme7svd96pZ ansible]# ansible all -i /ansible/inventory/hosts -m shell -a 'hostname'172.28.247.73 | CHANGED | rc=0 >>iZuf6avcdf340d6qvgospeZ172.20.139.110 | CHANGED | rc=0 >>iZuf6ft8kvzxhme7svd96pZ172.28.247.72 | CHANGED | rc=0 >>iZuf6avcdf340d6qvgospfZ[root@iZuf6ft8kvzxhme7svd96pZ ansible]#
END
温馨提示
如果你喜欢本文,请分享到朋友圈,想要获得更多信息,请关注我。
文章转载自Nephilim,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
