2.ansible的安装和基本配置

1.ansible的安装方式
1).rpm安装(一般使用yum安装) (推荐使用)
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum -y install ansible
# 或着
# yum install epel-release
# yum -y install ansible

2).pip安装(比较麻烦)
# yum install python3 python3-deve1 python3-pip -y
# pip3 install --upgrade pip -i https://pypi.douban.com/simple/
# pip3 install ansible -i https://pypi.douban.com/simple/
# /usr/local/bin/ansible --version

推荐使用yum安装，因为使用ansible就是因为它的简单、方便，如果为了使用它，仅安装就大费周折，还不如不用

2.确认ansible是否安装和版本号
[root@localhost ~]# ansible --version              #查看是否安装和版本号
ansible 2.9.27
 config file = /etc/ansible/ansible.cfg
 configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
 ansible python module location = /usr/lib/python2.7/site-packages/ansible
 executable location = /usr/bin/ansible
 python version = 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]

[root@localhost ~]# ansible localhost -m ping    #调用模块测试
localhost | SUCCESS => {
   "changed": false,
   "ping": "pong"
}

3.ansible的安装
[root@localhost ~]# yum -y install epel-release        #先安装epel-release
[root@localhost ~]# yum -y install ansible
[root@localhost ~]# ansible --version
ansible 2.9.27
 config file = /etc/ansible/ansible.cfg
 configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
 ansible python module location = /usr/lib/python2.7/site-packages/ansible
 executable location = /usr/bin/ansible
 python version = 2.7.5 (default, Oct 14 2020, 14:45:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]

4.ansible的基本配置
1)管理端配置主机管理:  在hosts文件中添加被管理主机的IP地址列表：
[root@localhost ~]# vim /etc/ansible/hosts
……
[test]                           #添加一个组名
192.168.171.129           #添加被管理主机的IP
192.168.171.130           #添加被管理主机的IP

2).修改ansible的配置文件
[root@localhost ~]# vim /etc/ansible/ansible.cfg
……
host_key_checking = False        #禁用每次执行ansbile命令检查ssh key host ,默认注释,开启即可
                                              #首次连接是否需要检查key认证，建议放开注释设为False
log_path = /var/log/ansible.log   #开启日志记录, 默认注释,开启即可
……
[accelerate]
accelerate_port = 5099             #加速连接端口，释放，默认注释，也可改变端口号，此处没改
#accelerate_timeout = 30
#accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
#accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
accelerate_multi_key = yes      #释放，默认注释
[root@localhost ~]# cat /etc/ansible/ansible.cfg |grep "/etc/ansible/hosts"    #查看Inventory定义的被管理主机清单文件
#inventory      = /etc/ansible/hosts    #Inventory文件主要用来填写被管理主机列表信息,默认Inventory 文件为/etc/ansible/hosts
                                                    #当然也可以自定义一个文件，当执行ansible 命令时使用-i选项指定Inventory文件位置也可
                     
3).配置管理端到被管理端的免密登录，以方便ansible进行管理
管理端机器上生成ssh密钥对,实现能无密码连接登录到被管理机器:
[root@localhost ~]# ssh-keygen -t rsa  #下面一路回车，不用输密码
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rZn0m2eUdeYzqZUEYE2W8cAZJ2ElF/6/XvvP7aoq7EQ root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|           o=@B=.|
|          . o*O  |
|              .o |
|         .    ..+|
|        E .  o.++|
|       o =  o  *o|
|       .= ..  o =|
|       .o  oo. .=|
|       ...++..o*O|
+----[SHA256]-----+
[root@localhost ~]# ls /root/.ssh/
id_rsa  id_rsa.pub
[root@localhost ~]# yum  -y install openssh openssh-clients openssh-server #若没有ssh命令和ssh-copy-id等时候的安装
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.171.129 #或仅IP也可
#第一次需要输入对方用户密码：123456
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.171.130 #或仅IP也可
#第一次需要输入对方用户密码：123456
[root@localhost ~]# ssh root@192.168.171.129 ifconfig |head -3
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
       inet 192.168.171.129  netmask 255.255.255.0  broadcast 192.168.171.255
       inet6 fe80::2fab:326:734f:2936  prefixlen 64  scopeid 0x20<link>
[root@localhost ~]# ssh root@192.168.171.130 ifconfig |head -3
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
       inet 192.168.171.130  netmask 255.255.255.0  broadcast 192.168.171.255
       inet6 fe80::eaa2:384e:60ac:87b1  prefixlen 64  scopeid 0x20<link>
注意:ssh-copy命令格式有两种：
1)ssh-copy-id  远端用户@远端IP  #或仅IP
2)ssh-copy-id -i /root/.ssh/id_rsa.pub  远端用户@远端IP     #或仅IP

4).配置管理端到被管理端的登录另一种方式(无需免密，将密码直接写入ansible配置文件方式)，以方便ansible进行管理
被管理机器的密码也可（不过第一次连接时需要输入yes确认，后面就不需要了）
格式例子如：
[root@keeper-01 ~]# cat /etc/ansible/hosts     ssh默认22端口时候
[maya]
keeper-01 ansible_ssh_host="192.168.14.128"  ansible_ssh_user="root" ansible_ssh_pass="123456"
maya-001-129 ansible_ssh_host="192.168.14.129"  ansible_ssh_user="root" ansible_ssh_pass="123456"
[mem]
mem1 ansible_ssh_host="192.168.14.130"   ansible_ssh_user="root" ansible_ssh_pass="123456"
mem2 ansible_ssh_host="192.168.14.131"   ansible_ssh_user="root" ansible_ssh_pass="123456"

格式例子2又如： ansible批量发送文件时，远端机器ssh的端口号不是22，而是已经改变了的22115时候的配置
[root@keeper-01 ~]# cat /etc/ansible/hosts  ssh端口改变时候
[app-girl]
app-girl1 ansible_ssh_host="172.17.133.212"  ansible_ssh_user="root" ansible_ssh_pass="b6eMWV2VQQ" ansible_ssh_port=22115
app-girl2 ansible_ssh_host="172.17.133.213"  ansible_ssh_user="root" ansible_ssh_pass="C4NMcSyBrQ" ansible_ssh_port=22115