案例一

控制主机上的普通用户控制受控主机

控制端1台，受控端两台

1.将两台受控主机添加到/etc/hosts文件中

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.197.153 node1 node1.example.com
192.168.197.154 node2 node1.example.com

2.控制端和受控端都需要有student用户，并设置密码

[student@control ~]$ id student
uid=1001(student) gid=1001(student) groups=1001(student)

[student@control  ~]# passwd student

[root@node1 ~]# id student
uid=1002(student) gid=1002(student) groups=1002(student),10(wheel)
[root@node1 ~]# passwd student

[root@node2 ~]# id student
uid=1002(student) gid=1002(student) groups=1002(student),10(wheel)
[root@node2 ~]# passwd  student

 3.修改配置文件，控制端  需要root用户权限

 4.测试

[student@control ~]$ ansible all -m command -a 'hostname'
SSH password:
node1 | CHANGED | rc=0 >>
node1.example.com
node2 | CHANGED | rc=0 >>
node2.example.com

 

---

案例二

关闭主机密钥验证

1.设置host-key-checking=False

 

 相当于发送了密钥段，不用再用ssh-keygen命令

2.发送主机ssh-copy-id

主机少可用   ssh-copy-id -i node1或者node2

但是多台主机，可以使用循环：

创建一个shell脚本  如  a.sh

for host in node{1..2};do
        ssh-copy-id -i $host;
done

 执行a.sh

[student@control ~]$ bash a.sh
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@node1's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node1'"
and check to make sure that only the key(s) you wanted were added.

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@node2's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node2'"
and check to make sure that only the key(s) you wanted were added.

 3.验证：

[student@control ~]$ ssh node1 hostname
node1.example.com

---

 ansible.cfg配置文件详解

 

[root@ansible ~]# vim /etc/ansible/ansible.cfg 
[defaults] 默认配置 
# some basic default values... 
#inventory = /etc/ansible/hosts #主机列表配置文件 
#library = /usr/share/my_modules/ #库文件存放目录，ansible默认搜寻模块的位置
#module_utils = /usr/share/my_module_utils/ #模块存放目录 
#remote_tmp = ~/.ansible/tmp #临时py命令文件存放在远程主机目录 
#local_tmp = ~/.ansible/tmp #本机的临时命令执行目录 
#forks = 5 #默认并发数 
#poll_interval = 15 #时间间隔 
#sudo_user = root #默认sudo用户 
#ask_sudo_pass = True #每次执行ansible命令是否询问sudo用户密码，默认值为no
#ask_pass = True #每次执行ansible命令是否询问ssh密码，默认值为no
#transport = smart #传输方式 
#remote_port = 22 #远程端口号 
#remote_user = root ----远程用户，受控主机使用什么用户进行执行ansible任务
#roles_path    = /etc/ansible/roles
#host_key_checking = False

[privilege_escalation]  定义对受管主机执行特权升级，默认普通用户是没有权限来执行很多ansible任务的，但是我们可以给普通用户提权，让它有权限去执行ansible任务
become = true
become_method = sudo
become_user = root
become_ask_pass = false

[paramiko_connection]、[ssh_connection]、[accelerate]用于优化与受管主机的连接

[selinux] 定义如何配置selinux交互