1.添加epel源
yum install epel-release -y
2.安裝ansible
yum -y install ansible
3.配置ssh免密登錄
ssh-keygen -t rsa
ssh-copy-id 192.168.56.10
ssh-copy-id 192.168.56.11
ssh-copy-id 192.168.56.12
ssh-copy-id 192.168.56.13
4.配置ansible(開啟日志以及關閉ssh_key_check)
[root@node1 ~]# egrep "key_check|log_path" /etc/ansible/ansible.cfg
host_key_checking = False
log_path = /var/log/ansible.log
5.配置ansible主機倉庫(etc/ansible/hosts)
[root@node1 ~]# egrep -A5 "apps|test" /etc/ansible/hosts
[test]
192.168.56.10
[apps]
192.168.56.10
192.168.56.11
192.168.56.12
192.168.56.13
6.批量創建用戶
[root@node1 ~]# ansible apps -m user -a 'name=test shell=/bin/bash home=/home/test state=present'
7.查看創建的用戶
[root@node1 ~]# ansible apps -a 'getent passwd test'
192.168.56.13 | CHANGED | rc=0 >>
test:x:1001:1001::/home/test:/bin/bash
192.168.56.11 | CHANGED | rc=0 >>
test:x:1001:1001::/home/test:/bin/bash
192.168.56.12 | CHANGED | rc=0 >>
test:x:1001:1001::/home/test:/bin/bash
192.168.56.10 | CHANGED | rc=0 >>
test:x:1001:1001::/home/test:/bin/bash
8.為用戶配置密碼並記錄(編寫playbook)
#設定特定密碼
---
- hosts: apps
remote_user: root
tasks:
- name: change password for om
shell: echo '{{ item.password }}' |passwd --stdin test
when: ansible_eth1.ipv4.address == '{{ item.ip }}'
with_items:
- { ip: "192.168.56.10", password: 'admin123' }
- { ip: "192.168.56.11", password: 'admin456' }
- { ip: "192.168.56.12", password: 'admin789' }
- { ip: "192.168.56.13", password: 'admin223' }
#設定隨機密碼
---
- hosts: all
remote_user: root
tasks:
- name: generate random number
shell: openssl rand -base64 12 | cut -b 1-12 > /tmp/.openssl
- name: create user spaf
user: name=spaf shell=/bin/bash home=/home/spaf state=present
- name: set passwd for user
shell: echo `cat /tmp/.openssl`|passwd --stdin spaf
- name: fetch remote file
fetch: src=/tmp/.openssl dest=/root/fetch/passwd-{{ inventory_hostname }} flat=yes
- name: delete passwd file
shell: rm -rf /tmp/.openssl
- name: create passwd note
shell: for i in `ls ~/fetch`;do echo -e ${i##passwd-},`cat ~/fetch/$i` >> ~/fetch/.`date +%F`-passwd;done
- name: conf sudoer
shell: 'echo "spaf ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/spaf'
- name: conf secret expires
shell: chage -M 90 -m 7 -W 7 spaf
- name: mkdir dir .ssh for spaf
shell: mkdir -p /home/spaf/.ssh
- name: generate ssh keysecret for spaf
shell: ssh-keygen -t rsa -N '' -f /home/spaf/.ssh/id_rsa -q -b 2048
- name: chmod file for spaf
shell: chown spaf.spaf /home/spaf -R
- name: install ssh key for spaf
authorized_key: user=spaf key="{{ lookup('file', '/home/spaf/.ssh/id_rsa.pub')}}"
9.配置免密登錄(ansible)
---
- hosts: apps
user: root
tasks:
- name: install ssh key
authorized_key: user=root key="{{ lookup('file', '/root/.ssh/id_rsa.pub')}}"
10.驗證及加密配置文件方法
生成秘鑰
ssh-keygen -t rsa
配置免費登錄
ansible-playbook ssh.yml
驗證ssh免密登陸
ansible -i /etc/ansible/hosts apps -m shell -a "whoami"
ansible-vault encrypt hello.yml 加密
ansible-vault decrypt hello.yml 解密