ansible 普通用户

使用密码方式认证

修改配置文件

sed -i 's/.*\(host_key_checking\)/\1/' /etc/ansible/ansible.cfg
# 去掉配置文件中的注释
#host_key_checking = False
host_key_checking = False

密码格式：

[root@uat-ansible-server01 ~]# cat /etc/ansible/hosts 
[uat]
10.182.220.83 ansible_ssh_port=22 ansible_ssh_user=chroot ansible_ssh_pass="!QAZ2wsx" ansible_become_pass="!Q2w3e4r"
10.182.220.84 ansible_ssh_port=22 ansible_ssh_user=chroot ansible_ssh_pass="!QAZ2wsx" ansible_become_pass="!Q2w3e4r"
10.182.220.85 ansible_ssh_port=22 ansible_ssh_user=chroot ansible_ssh_pass="!QAZ2wsx" ansible_become_pass="!Q2w3e4r"
10.182.220.86 ansible_ssh_port=22 ansible_ssh_user=chroot ansible_ssh_pass="!QAZ2wsx" ansible_become_pass="!Q2w3e4r"
#10.182.220.[81:250] ansible_ssh_port=22 ansible_ssh_user=chroot ansible_ssh_pass="!QAZ2wsx" ansible_become_pass="!Q2w3e4r"
[root@uat-ansible-server01 ~]#

ansible添加host主机列表

[root@uat-ansible-server01 ansible]# vim  /etc/ansible/hosts 
[uat]
10.182.220.83

ansible ssh认证 批量分发认证

[root@uat-ansible-server01 ansible]# 
[root@uat-ansible-server01 ansible]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:SHzGqdG+Px/+rLfoTvPha61ToV89fRei+XuneyaSzMA root@uat-ansible-server01.novalocal
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|     . o .       |
|      + *        |
|     . B     . o |
|      o S.  o o =|
|         .Eo . .B|
|        .  +=.oo=|
|         ..o=O=+=|
|          .=BB&@.|
+----[SHA256]-----+
[root@uat-ansible-server01 ansible]#

[root@uat-ansible-server01 ~]# 
[root@uat-ansible-server01 ~]# vim  /etc/ansible/hosts 
[root@uat-ansible-server01 ~]# 
[root@uat-ansible-server01 ~]# ansible all -m authorized_key -a "user=root key='{{ lookup('file','/root/.ssh/id_rsa.pub')}}' path='/root/.ssh/authorized_keys' manage_dir=no" --ask-pass -c paramiko
SSH password: 
paramiko: The authenticity of host '10.182.220.84' can't be established.
The ssh-rsa key fingerprint is 6d96e2e5e6f35970ef8b3be9bdfdaf2f.
Are you sure you want to continue connecting (yes/no)?
[WARNING]: Platform linux on host 10.182.220.84 is using the discovered Python interpreter at /usr/bin/python, but future installation of another
Python interpreter could change this. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
10.182.220.84 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": null, 
    "exclusive": false, 
    "follow": false, 
    "gid": 0, 
    "group": "root", 
    "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDh88TFqncVmoT3zRbTXbAkAjvhfzAA4eZeUbOmq4fMn3tT+/uiE2Uy5w/jRfjD/mO5V+inWghL4D8CB7oTkL66VdH/e32bktG42/BkxNBcQoOVr2Y1KNjdXIgLUsazB/AzVqIhypsFDYbyippkdVDP9EVbPW0nFoOGyg53vuEMa/u8F5k3/0sWn5XlN3XC3yqAgkY9rJczztecATE02C1nWeo1Mz2I/Kb7aYvmqsaCl63Y2hxgpGyM503D3gZDnX5BLj9SycyyTAlCP/8Hn7fPAjx1HE5RbOTHcaBQn/h5wQiLYRwrMKjSNxJ7PcG3PF0w+KKXjhxdaDqiUBR4qWYKpgsTb2JvWRst8MNldBvibMaLBME13mY1OPAXW8InOg5BX8Qe/aYKshdByZJfCvQbR1s7rRQXsdpCHHUxe4iUnRoC/pH8p+27rXkqn3RiogkDSVINZwiaNLtGCxZAhpZs6IVz2NYKElH2mMVPSGakj8jrmn8KObVYqrs6h1BYQtU= root@uat-ansible-server01.novalocal", 
    "key_options": null, 
    "keyfile": "/root/.ssh/authorized_keys", 
    "manage_dir": false, 
    "mode": "0600", 
    "owner": "root", 
    "path": "/root/.ssh/authorized_keys", 
    "size": 589, 
    "state": "file", 
    "uid": 0, 
    "user": "root", 
    "validate_certs": true
}
[root@uat-ansible-server01 ~]#

ansible查看主机列表清单

[root@uat-ansible-server01 ~]# ansible all --list-host
  hosts (1):
    10.182.220.84
[root@uat-ansible-server01 ~]#

ansible 连通性测试

[root@uat-ansible-server01 ~]# ansible 10.182.220.84 -m ping
10.182.220.84 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
[root@uat-ansible-server01 ~]# 
[root@uat-ansible-server01 ~]#

常用模块示例

列出ansible所支持的模块 ansible -doc -l
[root@uat-ansible-server01 ~]# ansible-doc -l |wc -l
3387
[root@uat-ansible-server01 ~]#

查看模块帮助
ansible-doc -s fetch

调用模块 ansible all -m ping

调用模块传入模块参数
ansible 10.182.220.84 -m fetch -a “src=/etc/fstab det=/tmp/ansible/“

fetch 模块

查看帮助

[root@uat-ansible-server01 ~]# ansible-doc -s fetch
- name: Fetch files from remote nodes
  fetch:
      dest:                  # (required) A directory to save the file into. For example, if the `dest' directory is `/backup' a `src' file named
                               `/etc/profile' on host `host.example.com', would be saved into
                               `/backup/host.example.com/etc/profile'. The host name is based on the inventory name.
      fail_on_missing:       # When set to `yes', the task will fail if the remote file cannot be read for any reason. Prior to Ansible 2.5, setting
                               this would only fail if the source file was missing. The default was changed to `yes'
                               in Ansible 2.5.
      flat:                  # Allows you to override the default behavior of appending hostname/path/to/file to the destination. If `dest' ends with
                               '/', it will use the basename of the source file, similar to the copy module. This can
                               be useful if working with a single host, or if retrieving files that are uniquely named
                               per host. If using multiple hosts with the same filename, the file will be overwritten
                               for each host.
      src:                   # (required) The file on the remote system to fetch. This `must' be a file, not a directory. Recursive fetching may be
                               supported in a later release.
      validate_checksum:     # Verify that the source and destination checksums match after the files are fetched.
[root@uat-ansible-server01 ~]#

拷贝远端机器文件到指定目录
如本地机器目录不存在自动新建目录

[root@uat-ansible-server01 ~]# ansible uat -m fetch -a "src=/etc/fstab dest=/tmp/fstab" 
10.182.220.84 | CHANGED => {
    "changed": true, 
    "checksum": "5261d6f27b6648b9db485626014f69ae0bc11ebd", 
    "dest": "/tmp/fstab/10.182.220.84/etc/fstab", 
    "md5sum": "6c097bb53e1e7e71d595798975a23bdc", 
    "remote_checksum": "5261d6f27b6648b9db485626014f69ae0bc11ebd", 
    "remote_md5sum": null
}
[root@uat-ansible-server01 ~]# ll -l /tmp/fstab/
total 4
drwxr-xr-x 3 root root 4096 Jul  8 22:51 10.182.220.84
[root@uat-ansible-server01 ~]#

copy模块

拷贝文件
copy模块是将本机文件拷贝到远端主机上

 #!/bin/bash
 echo `date` > /tmp/ansible_test.txt
 然后把该脚本分发到各个机器上
 ansible testhost -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mode=0755"
 最后是批量执行该shell脚本
 ansible testhost -m shell -a "/tmp/test.sh"

src参数    用于指定需要copy的文件或目录
dest参数    用于指定文件将被拷贝到远程主机的哪个目录
content参数    当不使用src指定拷贝的文件时，可以使用content直接指定文件内容，src与content两个参数必有其一，否则会报错。
force参数    当远程主机的目标路径中已经存在同名文件，并且与ansible主机中的文件内容不同时，是否强制覆盖，可选值有yes和no,果 状认值为yes,表示覆盖，如果设置为no，则不会执行覆盖拷贝操作，远程主机中的文件保持不变。
backup参数    当远程主机的目标路径中已经存在同名文件，并且与ansible主机中的文件内容不同时，是否对远程主机的文件进行备份，可选值有yes和no,当设i为yes时，会先备份远程主机中的文件，然后再将ansible主机中的文件拷贝到远程主机。
owner参数    指定文件拷贝到远程主机后的属主，但是远程主机上必须有对应的用户，否则会报错。
group参数    指定文件拷贝到远程主机后的属组，但是远程主机.上必须有对应的组，否则会报错。
mode参数    指定文件拷贝到远程主机后的权限，如果你想将权限设置为"rw-r–r--",则可以使用mode =0644表示，如果你想要在user对应的权限位上添加执行权限，则可以使用mode: =u+ x表示

[root@uat-ansible-server01 tmp]# cd fstab/
[root@uat-ansible-server01 fstab]# 
[root@uat-ansible-server01 fstab]# ll
total 4
drwxr-xr-x 3 root root 4096 Jul  8 22:51 10.182.220.84
[root@uat-ansible-server01 fstab]# mv 10.182.220.84/ 10.182.220.84-83
[root@uat-ansible-server01 fstab]# 
[root@uat-ansible-server01 fstab]# ansible uat -m copy -a "src=/tmp/fstab dest=/tmp"
10.182.220.84 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "dest": "/tmp/fstab/10.182.220.84-83/etc", 
    "gid": 0, 
    "group": "root", 
    "mode": "0755", 
    "owner": "root", 
    "path": "/tmp/fstab/10.182.220.84-83/etc", 
    "size": 4096, 
    "state": "directory", 
    "uid": 0
}
[root@uat-ansible-server01 fstab]# ansible uat -m command -a "ls -l /tmp/"
10.182.220.84 | CHANGED | rc=0 >>
total 28
drwx------ 2 root root 4096 Jul  8 22:57 ansible_command_payload_RVKEDj
drwxr-xr-x 3 root root 4096 Jul  8 22:57 fstab
drwxr-xr-x 2 root root 4096 Jun 26 11:44 hsperfdata_root
drwx------ 3 root root 4096 Jul  8 00:43 systemd-private-c565ae5029b443f898b504016830d233-chronyd.service-QM5ODg
drwx------ 3 root root 4096 Jun 26 11:50 systemd-private-c565ae5029b443f898b504016830d233-httpd.service-21rpPF
drwx------ 3 root root 4096 Jul  8 09:21 systemd-private-c565ae5029b443f898b504016830d233-mariadb.service-540HdZ
drwx------ 3 root root 4096 Jun 26 11:50 systemd-private-c565ae5029b443f898b504016830d233-rh-php72-php-fpm.service-kQ9eub
prw-r--r-- 1 root root    0 Jul  8 22:57 wrapper-1375-1-in
prw-r--r-- 1 root root    0 Jul  8 22:57 wrapper-1375-1-out
[root@uat-ansible-server01 fstab]# ansible uat -m command -a "ls -l /tmp/fstab"
10.182.220.84 | CHANGED | rc=0 >>
total 4
drwxr-xr-x 3 root root 4096 Jul  8 22:57 10.182.220.84-83
[root@uat-ansible-server01 fstab]#

[root@ansible-server-prod ansible]# tree 
.
├── 1.txt
├── ansible.cfg
├── hosts
├── hosts.bak
└── roles
    └── metribeat
        ├── defaults
        │   └── main.yml
        ├── files
        ├── handlers
        │   └── main.yml
        ├── meta
        │   └── main.yml
        ├── README.md
        ├── tasks
        │   └── main.yml
        ├── templates
        ├── tests
        │   ├── inventory
        │   └── test.yml
        └── vars
            └── main.yml
10 directories, 12 files
[root@ansible-server-prod ansible]# cat hosts
[zyxf]
10.82.100.[94:217] ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass='!Q2w3e4r'
[root@ansible-server-prod ansible]#

普通用户登录 指定hosts文件执行

10.82.100.[80:240] ansible_ssh_port=22 ansible_ssh_user=mauser ansible_ssh_pass='1qaz@WSX' ansible_become_pass='!Q2w3e4r'