1. Installation of Ansible

epel source
dnf install ansible -y
ansible --viersion

Basic information of ansible:
/etc/ansible/ansible.conf          ## Global configuration file, rarely modified by default
/etc/ansible/hosts                       ## Global host manifest file

dnf install sshpass-1.06-9.el8.x86_64.rpm -y
dnf install ansible-2.9.11-1.el8.noarch.rpm -y

  2. Secret free connection between main control computer and controlled computer

[root@ansible111 ~]# ssh-keygen
[root@ansible111 ~]# dnf install expect -y
[root@ansible111 mnt]# cat sshkey.sh 
#!/bin/bash
AUTOSSH()
{
/usr/bin/expect << EOF
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.$i
expect {
"yes/no" { send "yes\r";exp_continue }
"password" { send "westos\r" }
}
expect eof
EOF
}
for i in 211 210
do
	AUTOSSH
done
[root@ansible111 mnt]# sh sshkey.sh 
[root@ansible111 mnt]# ssh -l root 172.25.254.210  ##You can log in directly without secret

3. Build Anisble list

Listing is a list of ansible control hosts
/etc/ansible/hosts         ## Global manifest file

1. Write the managed host name or ip directly, one per line

node1.westos.com
node2.westos.com
172.25.254.240

2. Set the Group [group name] of the managed host

#List view:
Group name in ansible manifest [- i manifest file]   -- list-hosts
ansible ungrouped --list-hosts
ansible all --list-hosts

 

 

Single layer list

[list1]
node1.westos.com
node2.westos.com
[list2]
node2.westos.com
[list3]
172.25.254.240

Nested list

[westos:children]
list1
list3

 

  3. Scope operation of host specifications

#The Ansible host list can be simplified by specifying the host name or IP range
#Syntax:
#[start:end]
[westostest]
172.25.254.[100:108]

 

  4. Specify other inventory documents

vim inventory
172.25.254.240
[westostest]
172.25.254.100
172.25.254.200

 

  The ansible command specifies the regular expression of the manifest

*                 ## All
                  ##172.25.254.*
                  ##westos*
:                 ## Logical or
                  ##westos1:linux
                  ##172.25.254.100:172.25.254.200
:&               ## Logic and
                 ##westos1:&linux
                 ## The host is in both the westos1 list and the linux list
:!               ## Logical non
                ##westos1:!linux
                ## In westos1, not in linux
~              ## Start with keyword
~(str1|str2)           ## Start with condition 1 or condition 2

 

 

 

 

 

 

 

  4. Detailed explanation of Ansible configuration file parameters

Group name in ansible list - m module - u remote_user

1. Classification and priority of configuration files

etc/ansible/ansible.cfg         # Basic configuration file, no other configuration file found. This file takes effect
~/.ansible.cfg                         # The user does not have ansible.cfg in the current directory. This file takes effect
./ansible.cfg                           # Highest priority

2. Common configuration parameters

#[default]                 ## Basic information setting
inventory=                 ## Specify manifest path
remote_user=                 ## The user name logged in on the managed host. The current user is not specified
ask_pass=                 ## Whether to prompt for SSH password. If public key login is set to false
library=                 ## Storage directory of library files
local_tmp=                 ## Local temporary command execution directory
remote_tmp=                 ## Remote host temporary py command file storage directory
forks=                 ## Default concurrency
host_key_checking=                 ## Do you want to enter yes to establish the host when connecting to the managed host for the first time_ key
sudo_user=                 ## Default sudo user
ask_sudo_pass=                 ## Whether to ask sudo password every time the controlled host executes the ansible command
module_name=                 ## The default module uses command by default and can be modified to shell
log_path=                 ## log file path

[privilege_escalation]          ## Identity information setting
become=                         ## Whether to automatically switch users after connection
become_method=         ## Set the user switching mode, usually sudo
become_user=                 ## The user to switch to in the managed host, usually root
become_ask_pass                ## Do you need to be a become_method prompts for the password, which is false by default

5. Build user level Ansible operating environment

[root@ansible111 mnt]# vim sshkey.sh ##Delete previously set key
#!/bin/bash
AUTOSSH()
{
/usr/bin/expect << EOF
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.$i
expect {
"yes/no" { send "yes\r";exp_continue }
"password" { send "westos\r" }
}
expect eof
EOF
}
for i in 211 210 203
do
        ssh -l root 172.25.254.$i rm -fr /root/.ssh
done
[root@ansible111 mnt]# sh sshkey.sh 

Add user, add list

[root@ansible111 ~]# useradd devops
[root@ansible111 ~]# su - devops
[devops@ansible111 ~]$ ls
[devops@ansible111 ~]$ mkdir .ansible
[devops@ansible111 ~]$ cd .ansible/
[devops@ansible111 .ansible]$ vim inventory  ##Create list
[westos]
172.25.254.211
~                                                                               [devops@ansible111 .ansible]$ logout

Modify the previous master profile and delete the previous settings. Write user profile

[root@ansible111 ~]# vim /etc/ansible/hosts  ##Modify the previous master profile and delete the previous settings
[root@ansible111 ~]# su - devops 
Last login: Fri Nov 26 14:37:59 CST 2021 on pts/1


[devops@ansible111 .ansible]$ vim ansible.cfg
                                                                                    
[defaults]
inventory    = ~/.ansible/inventory
host_key_checking = False
remote_user = root
module_name = shell

[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False

Create a user for the controlled machine in the main control machine

[devops@ansible111 .ansible]$ ansible 172.25.254.211 -m shell -a 'useradd devops' -k -u root ##Establish user
SSH password: 
172.25.254.211 | CHANGED | rc=0 >>

[devops@ansible111 .ansible]$ ansible 172.25.254.211 -m shell -a 'echo westos | passwd --stdin devops' -k -u root  ##Change Password
SSH password: 
172.25.254.211 | CHANGED | rc=0 >>
Changing password for user devops.
passwd: all authentication tokens updated successfully.

[devops@ansible111 .ansible]$ ansible 172.25.254.211 -m shell -a 'echo "devops ALL=(root) NOPASSWD: ALL" >> /etc/sudoers' -k -u root ##No password is required to set sudo
SSH password: 
172.25.254.211 | CHANGED | rc=0 >>

[devops@ansible111 .ansible]$ vim ansible.cfg 

[defaults]
inventory    = ~/.ansible/inventory
host_key_checking = False
remote_user = devops
module_name = shell

[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False



[devops@ansible111 .ansible]$ ansible westos -m shell -a 'whoami' -k
SSH password: 
172.25.254.211 | CHANGED | rc=0 >>
devops

devops@ansible111 .ansible]$ ansible westos -m shell -a 'whoami' -k
SSH password: 
172.25.254.211 | CHANGED | rc=0 >>
devops


[devops@ansible111 .ansible]$ vim ansible.cfg ##Remove the comments and log in to Devops sudo to root 

[defaults]
inventory    = ~/.ansible/inventory
host_key_checking = False
remote_user = devops
module_name = shell

[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
[devops@ansible111 .ansible]$ ansible westos -m shell -a 'whoami' -k
SSH password: 
172.25.254.211 | CHANGED | rc=0 >>
root

[devops@ansible111 .ansible]$ ansible westos -m shell -a 'mkdir -p /home/devops/.ssh' -k  ##Establish key user
SSH password: 
[WARNING]: Consider using the file module with state=directory rather than
running 'mkdir'.  If you need to use command because file is insufficient you
can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
172.25.254.211 | CHANGED | rc=0 >>

[devops@ansible111 .ansible]$ ansible westos -m shell -a 'chown devops.devops /home/devops/.ssh' -k  ##Change everyone and all groups
SSH password: 
[WARNING]: Consider using the file module with owner rather than running
'chown'.  If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
172.25.254.211 | CHANGED | rc=0 >>

[devops@ansible111 .ansible]$ ansible westos -m shell -a 'chmod 700 /home/devops/.ssh' -k   ##change permission
SSH password: 
[WARNING]: Consider using the file module with mode rather than running
'chmod'.  If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
172.25.254.211 | CHANGED | rc=0 >>

[devops@ansible111 .ansible]$ ansible westos -m copy -a 'src=/home/devops/.ssh/id_rsa.pub dest=/home/devops/.ssh/authorized_keys mode=0600 owner=devops group=devops' -k  ##Copy key
SSH password: 
172.25.254.211 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "2c0b47b02c780dce7c3fd89ace281ffe1a0e85d8",
    "dest": "/home/devops/.ssh/authorized_keys",
    "gid": 1001,
    "group": "devops",
    "md5sum": "ffdacd640ae7f4e8301e028bd46ae941",
    "mode": "0600",
    "owner": "devops",
    "secontext": "unconfined_u:object_r:ssh_home_t:s0",
    "size": 582,
    "src": "/home/devops/.ansible/tmp/ansible-tmp-1637913887.458308-33950-98330280400164/source",
    "state": "file",
    "uid": 1001
}

[devops@ansible111 .ansible]$ ansible westos -m ping ##Password free executable module
172.25.254.211 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}