http://szgb2016.blog.51cto.com/340201/1669731
安装
yum -y install ansible expect
生成key,ssh-keygen -t rsa -f ~/.ssh/id_rsa
两种办法
-
ssh+expect 出自oldbody
cat /etc/ansible/hosts
[web]
web1 ansible_ssh_host=192.168.1.21
web2 ansible_ssh_host=192.168.1.22
提供修改的exp.sh
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
. /etc/init.d/functionsip=$1function KNOWN_HOST_REBUILD(){[ ! -e ~/.ssh/known_hosts ] && mkdir -p ~/.ssh/ && touch ~/.ssh/known_hostslocal i=$1sed -i "/^${i} /d" ~/.ssh/known_hostsexpect -c "spawn /usr/bin/ssh root@${i} echo ok;expect "*yes/no)?";send "yes
";expect eof " return 0[[ $? -ne 0 ]] && echo "$i know host rebuild fail,maybe the server connect error"}function PASS_PASSWD(){ip=$1expect -c "set timeout -1spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@$ipexpect "*password:"send "你的密码
"expect eof" }KNOWN_HOST_REBUILD $1PASS_PASSWD $1 |
使用方法:./exp.sh ip,就会自动建立ssh了,然后ansible各种命令测试
2.authorized_key模块
分两步走
1.known_host
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
. /etc/init.d/functionsip=$1function KNOWN_HOST_REBUILD(){[ ! -e ~/.ssh/known_hosts ] && mkdir -p ~/.ssh/ && touch ~/.ssh/known_hostslocal i=$1sed -i "/^${i} /d" ~/.ssh/known_hostsexpect -c "spawn /usr/bin/ssh root@${i} echo ok;expect "*yes/no)?";send "yes
";expect "*?assword:*"send -- "�03
"expect eof " return 0[[ $? -ne 0 ]] && echo "$i know host rebuild fail,maybe the server connect error"}KNOWN_HOST_REBUILD $1 |
2.编写简单的yml
基础资料
http://docs.ansible.com/authorized_key_module.html
简单例子
|
1
2
|
# Example using key data from a local file on the management machine- authorized_key: user=charlie key="{{ lookup('file', '/home/charlie/.ssh/id_rsa.pub') }}" |
cat /etc/ansible/hosts
[unknow]
web3 ansible_ssh_user=root ansible_ssh_host=192.168.1.21 ansible_ssh_pass="你的密码"
简单的使用
|
1
2
3
4
5
6
7
|
cat rsync_key.ymal--- - hosts: web3 user: root tasks: - name: ssh authorized_key: user="root" key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" |
使用方法:ansible-playbook rsync_key.ymal
出自马哥
http://mageedu.blog.51cto.com/4265610/1412028
authorized_key ymal格式不会写,Google到的
(Ansible Cookbook 2014) http://ansiblecookbook.com/html/en.html
网上的例子
第一种方式:手动安装 cd ~/Downloads curl -O -L http://downloads.sourceforge.net/project/sshpass/sshpass/1.05/sshpass-1.05.tar.gz tar xvzf sshpass-1.05.tar.gz cd sshpass-1.05 ./configure make sudo make install
``` 第二种方式,安装Mac os包管理器之外第三方包 brew install https://raw.github.com/eugeneoden/homebrew/eca9de1/Library/Formula/sshpass.rb
3.配置文件
/etc/ansible/hosts — 默认资源文件 /usr/share/ansible/ — 默认模块库 /etc/ansible/ansible.cfg — 默认配置文件 ~/.ansible.cfg — 用户配置文件,如果使用优先级高于ansible.cfg配置文件
具体配置文件参考:http://docs.ansible.com/intro_configuration.html#pipelining
step2:远程执行命令
ansible是基于ssh协议之上进行远程管理,所以无须安装客户端,直接只要能ssh连接过去,就可以进行管理了
1.配置管理客户端和秘钥登录
cp hosts hosts.bak vim hosts [test] //group_name,名称可以自定义,可以将不同的作用的机器放在不同的组里 192.168.122.134 192.168.122.131 [test] 192.168.122.134 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=skstserver #ssh无秘钥登录ssh-keygen -t rsa -P ''ssh-copy-id -i .ssh/id_rsa.pub root@192.168.122.131
2、批量发送公钥
为ansible开始管理节点传递公钥
如果是可以直接使用root的环境,则直接使用这个脚本
vim tra_pub.exp
#!/usr/bin/expect -f
set timeout -1
set user root
set passwd "123456"
for { set i 201 } { $i < 208 } { incr i } {
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $user@192.168.1.$i
expect {
"yes/no" { send "yes
";exp_continue }
"id_rsa" { send "yes
";exp_continue }
"*assword" { send "$passwd
" }
}
}
expect eof
如果需要使用普通用户进行切换的环境则可以使用以下的脚本
#!/usr/bin/expect -f
set timeout -1
set user test
set passwd "123456"
for { set i 100 } { $i < 120 } { incr i } {
spawn ssh -l $user 172.41.30.$i
expect {
"yes/no" { send "yes
";exp_continue }
"id_rsa" { send "yes
";exp_continue }
"*assword" { send "$passwd
" ;exp_continue }
"test@" {
send "sudo su -
"
expect {
"password for test" { send "$passwd
";exp_continue }
}
}
}
}
expect eof
exit 0
3、批量定义inventory
直接利用for循环进行批量的写入
for i in $(seq 200 240);do echo 192.168.1.$i >> /etc/ansible/hosts;done