01.yum安装ansible(推荐)
02.配置被管理端主机IP清单
[root@ansible_50 ansible]$ cp /etc/ansible/hosts /etc/ansible/hosts.bak
[root@ansible_50 ansible]$ cat /etc/ansible/hosts
[app]
10.0.0.51
[elk]
10.0.0.52
[monitor]
10.0.0.53
[jenkins]
10.0.0.54
03.配置密钥对验证
[root@ansible_50 ansible]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #回车,使用默认秘钥对
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #设置ssh协议密码123456
Enter same passphrase again: #在输入一遍ssh协议密码123456
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
:fe::2b:::e4:c0::::f1::9c:8a:d9 root@ansible_50
The key's randomart image is:
+--[ RSA ]----+
|+=o. |
|o== |
|o=o. . . |
|=.E . . . |
| + . S |
| o . |
| . . . o |
| + . o . |
| o .. |
+-----------------+
[root@ansible_50 ansible]$
04.ssh协议免交互代理
[root@ansible_50 ansible]$ ssh-agent bash
[root@ansible_50 ansible]$ ssh-add
Enter passphrase for /root/.ssh/id_rsa: #输入密码123456
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
05.批量发送公钥到被管理端(当被管理端主机密码一样)
[root@ansible_50 ansible]$ yum install expect -y
[root@ansible_50 ansible]$ cd /root/.ssh/
[root@ansible_50 .ssh]$ vim push_ssh.sh
#!/bin/bash
#ip地址文件
>ip_list.txt
>/root/.ssh/known_hosts
#生成公钥
if [ ! -f ~/.ssh/id_rsa.pub ];then
ssh-keygen -P "" -f ~/.ssh/id_rsa
exit
fi
#下载expect
rpm -q expect &>/dev/null
if [ $? -ne ];then
yum -y install expect
fi
#推送公钥到被管理端
for i in {..} #被管理主机IP
do
{
ip=10.0..$i
ping -c1 -W1 $ip &>/dev/null
if [ $? -eq ];then
echo $ip >> ip_list.txt
/usr/bin/expect <<-EOF
set timeout
spawn ssh-copy-id -i $ip
expect {
"*yes/no" { send "yes\r"; exp_continue}
"*password:" { send "123456\r" } #被管理端密码
}
expect "#"
send "exit\r"
expect eof
EOF
fi
}&
done
wait
echo "finish...."
#测试秘钥是否推送成功
[root@ansible_50 ansible]$ ansible all -m ping
10.0.0.52 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.53 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.54 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.51 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@ansible_50 ansible]$
06.批量发送公钥到被管理端(当被管理端主机密码不一样)
#在管理机添加客户机的IP
[root@ansible_50 ansible]$ vim /etc/ansible/hosts
[client_ip]
ansible_ssh_user="root" ansible_ssh_host=10.0.0.51 ansible_ssh_port= ansible_ssh_pass=""
ansible_ssh_user="root" ansible_ssh_host=10.0.0.52 ansible_ssh_port= ansible_ssh_pass=""
ansible_ssh_user="root" ansible_ssh_host=10.0.0.53 ansible_ssh_port= ansible_ssh_pass=""
ansible_ssh_user="root" ansible_ssh_host=10.0.0.54 ansible_ssh_port= ansible_ssh_pass=""
#修改ansible配置文件
[root@ansible_50 ansible]$ vim /etc/ansible/ansible.cfg
# uncomment this to disable SSH key host checking
host_key_checking = False
#编写推送公钥的yml文件
[root@ansible_50 .ssh]$ cd /etc/ansible/
[root@ansible_50 .ssh]$ vim push-ssh.yaml
- hosts: client_ip
user: root
tasks:
- name: ssh-copy-id
authorized_key: user=root key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
tags:
- sshkey
[root@ansible_50 .ssh]$ ansible-playbook push-ssh.yaml
#测试是否成功推送公钥
[root@ansible_50 ansible]$ ansible all -m command -a date
10.0.0.52 | CHANGED | rc= >>
2019年 02月 23日 星期六 :: CST
10.0.0.53 | CHANGED | rc= >>
2019年 02月 23日 星期六 :: CST
10.0.0.54 | CHANGED | rc= >>
2019年 02月 23日 星期六 :: CST
10.0.0.51 | CHANGED | rc= >>
2019年 02月 23日 星期六 :: CST