主控机:安装了ansible的主机,称为主控机。
被控机:一切需要被ansible控制的主机可以称为被控机。
如:在192.168.110.10上安装了ansible,通过ansible工具,在192.168.110.11上部署一个Apache服务。此时,192.168.110.10就是主控机,而192.168.110.11就是被控机。
打通主控机到被控机的通道如下:
-
在/etc/ansible/hosts文件中添加如下内容
格式:主机IP 远程主机用户名 远程主机用户对应的密码
[test]
192.168.110.11 ansible_user=root ansible_ssh_pass=“password”
……
[test]是对远程主机进行分组,一个组下可以有多台主机,当前的test组下就只有一台主机。 -
互信设置
使用ssh-keygen命令生成密钥,一直回车即可
[root@VM-0-7-centos .ssh]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:vO1Bag3Svoh8rK4ODpxOOeWdsnsq057oXxuwbsj2g2Q root@VM-0-7-centos The key's randomart image is: +---[RSA 2048]----+ | | | | | | | o | | o . S . | |.E= + .o B | |**++ * = + | |=O+==o=o o . | |o*X%X+. . . | +----[SHA256]-----+
使用ssh-copy-id拷贝密钥到被控机完成互信设置
[root@VM-0-7-centos ~]# ssh-copy-id root@172.27.0.7 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '172.27.0.7 (172.27.0.7)' can't be established. ECDSA key fingerprint is SHA256:ettRek/OxGM2fIQPFA5oO77JMaR7ot3ZJs1r9SK8WpQ. ECDSA key fingerprint is MD5:3d:32:a9:24:2d:db:9a:08:5e:76:b0:29:89:c7:77:f8. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@172.27.0.7's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@172.27.0.7'" and check to make sure that only the key(s) you wanted were added.
- 测试互信
执行如下命令,发现返回结果为 SUCCESS表示成功。ansible all -m ping也是当前的第一条ansible命令。
[root@VM-0-7-centos ~]# ansible all -m ping 172.27.0.12 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
至此,主控机与被控机的通道已经打通,可以知道,此方法是利用了ssh的互信原理来完成的。当前使用方式打通主控机与被控机的方法效率较低,后面我们会使用playbook的方式完成,一次可以完成成百上千台互信设置。
最后修改时间:2022-02-11 15:56:13
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
