Ansible部署

环境介绍

一台ansible服务器
四台ansible客户机

ansible服务器配置（客户机不需要任何配置）

1. 配置域名解析

sudo vim /etc/hosts

172.139.20.181 ansible
172.139.20.210 client1
172.139.20.215 client2
172.139.20.158 client3
172.139.20.163 client4

2. 验证域名解析
   

3. 安装ansible

• 安装yum源

wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo

• 查看yum源

sudo yum list | grep ansible

• 安装ansible

sudo yum install -y ansible

4. 验证ansible是否安装成功

rpm -ql ansible 列出所有文件
ls /etc/ansible 查看配置文件
ansible --help 查看ansible帮助
ansible-doc -l 看所有模块（A10，华为，docker，EC2，aws等等广大厂商设备）
ansible-doc -s yum 看yum模块，了解其功能

配置免密登录

1. 在ansible服务器生成密钥，然后给host1配置免密（免密不要求全部配置，可以选一台客户机配置然后对比跟没配置的客户机的区别）
   服务器上操作

• 生成密钥

ssk-keygen

[ops@localhost ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ops/.ssh/id_rsa): 
Created directory '/home/ops/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/ops/.ssh/id_rsa.
Your public key has been saved in /home/ops/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:g4HC47AcwvKxRW5YCenzFWbMQW8h5Biqi+PD8CGNiKQ ops@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|  .o+*=..        |
|...*.=*o .       |
|++B *oo.o        |
|+B+B  .+         |
|B++o .. S        |
|E.o .    .       |
|*o .             |
|.+.              |
| ..              |
+----[SHA256]-----+

• 给client1配置免密登录

ssh-copy-id 172.139.20.210

[ops@localhost ~]$ ssh-copy-id 172.139.20.210
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/ops/.ssh/id_rsa.pub"
The authenticity of host '172.139.20.210 (172.139.20.210)' can't be established.
ECDSA key fingerprint is SHA256:kWrHZabGo2X8WszJ3zJyA02WXuh8eY2TtM6EP74wknc.
ECDSA key fingerprint is MD5:06:73:9d:a6:3d:13:b5:2c:4c:7f:50:04:94:a4:3f:40.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ops@172.139.20.210's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '172.139.20.210'"
and check to make sure that only the key(s) you wanted were added.

• 验证免密钥登录

ssh ops@172.139.20.210