ansible企业应用实战

⼀、为新系统添加安全认证SSHKey ⼀、ansible密码认证 　　1、配置inventory，默认配置/etc/ansible/hosts，添加配置如下#定义k8s node主机组[ops-k8s]

ops-k8s-node01ops-k8s-node02

#冒号分隔，vars定义变量，改变k8s node主机组默认连接信息[ops-k8s:vars]

#指定默认连接的⽤户和密码ansible_ssh_user = \"root\"ansible_ssh_pass = \"admin@123\"

　　2、测试默认变量是否⽣效# ansible ops-k8s -m shell -a \"whoami\"ops-k8s-node02 | SUCCESS | rc=0 >>root

ops-k8s-node01 | SUCCESS | rc=0 >>root

ops-k8s-master02 | SUCCESS | rc=0 >>root

　　3、调⽤Ansible authorized_key模块，添加认证⾄远程主机　　⽅式⼀：使⽤认证模块

ansible ops-k8s -m authorized_key -a \"user=root key='{{ lookup('file', '/root/.ssh/id_rsa.pub') }}' path=/root/.ssh/authorized_keys manage_dir=no\" 　　⽅式⼆：调⽤ansible的copy模块和shell模块#copy公钥远程主机/tmp⽬录下

ansible ops-k8s -m copy -a \"src=/root/.ssh/id_rsa.pub dest=/tmp/id_rsa.pub\"#添加公钥到指定⽬录下

ansible ops-k8s -m shelll -a \"cat /tmp/id_rsa.pub >>/root/.ssh/authorized_keys\"

　　4、删除连接⽤户信息，使⽤ansible命令进⾏验收#定义k8s node主机组[ops-k8s]

ops-k8s-node01ops-k8s-node02##将下⾯的内容删除

#冒号分隔，vars定义变量，改变k8s node主机组默认连接信息#[ops-k8s:vars]

#指定默认连接的⽤户和密码#ansible_ssh_user = \"root\"

#ansible_ssh_pass = \"admin@123\"

⼆、ssh-copy-id秘钥分发　　使⽤ssh-copy-id⽤于复制指定⽤户的公钥⾄远程服务器，同时修改~/.ssh的⽬录权限。

　　1、向单台服务器秘钥分发　　⾮交互性创建秘钥

ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1　　分发公钥

sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub \"-o StrictHostKeyChecking=no -p52113 172.16.1.41\"

　　2、基于sshpass批量秘钥分发#安装sshpass

yum install sshpass

#/bin/bash

#fenfa all pub key by wzs at 20161014

ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1for n in 31 61 41 7 8do

sshpass -p 123456 ssh -o StrictHostKeyChecking=no 172.16.1.$n \"mkdir -m 700 -p ~/.ssh/\"

sshpass -p 123456 scp -o StrictHostKeyChecking=no ~/.ssh/id_dsa.pub wzs@172.16.1.$n:~/.ssh/authorized_keys sshpass -p 123456 ssh -o StrictHostKeyChecking=no 172.16.1.$n \"chmod 600 ~/.ssh/authorized_keys\" /bin/ls -ld /home/wzs/.ssh /bin/ls -l /home/wzs/.sshdone

　　3、使⽤expect配置免密码登录#!/bin/bash

keypath=/root/.ssh

[ -d ${keypath} ] || mkdir -p ${keypath}

rpm -q expect &> /dev/null || yum install expect -yssh-keygen -t rsa -f /root/.ssh/id_rsa -P \"\"password=centos

for host in `seq 10 14`;doexpect <spawn ssh-copy-id 192.168.2.$hostexpect {

\"yes/no\" { send \"yes\\n\";exp_continue }\"password\" { send \"$password\\n\" }}

expect eofEOFdone

⼆、企业⾼可⽤架构的ansible应⽤　　《Ansible权威指南》第九章　　9.2 企业⾼可⽤架构的Ansible应⽤　　9.3 ELK⽇志系统基于Ansible的⾃动化实现　　9.4 实时⽇志系统基于Ansible的⾃动化实现　　9.5 Zabbix基于Ansible的⾃动化实现　　9.6 Ansible+Git+GitLab实现⾃动化发布　　9.7 Docker的Ansible⾃动化应⽤

三、ansible图形化界⾯ ansible tower 安装⽅法四、ansible管理Windows服务器实践五、部署分布式⽇志系统六、ansible全⾯学习实战