\u6709\u5173\u5728Ansible\u4e2d\u6307\u5b9a\u5bc6\u7801\u7684\u603b\u7ed3(\u4f7f\u7528\u65b9\u6cd5)\u3002<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
\u56e0\u6b64\uff0c\u5982\u679c\u5c06\u5bc6\u94a5\u6587\u4ef6\u547d\u540d\u4e3a”assword”\uff0c\u90a3\u4e48\u5373\u4f7f\u5728ansible\u4e2d\u4e5f\u53ef\u4ee5\u81ea\u52a8\u8f93\u5165\u5bc6\u7801\u3002<\/p>\n
<\/p>\n
\u63a7\u5236\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\uff1aUbuntu 18.04
\n\u76ee\u6807\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\uff1aUbuntu 18.04 \uff08docker\uff09\u00d7 2<\/p>\n
NAME=\"Ubuntu\"\r\nVERSION=\"18.04.3 LTS (Bionic Beaver)\"\r\nID=ubuntu\r\nID_LIKE=debian\r\nPRETTY_NAME=\"Ubuntu 18.04.3 LTS\"\r\nVERSION_ID=\"18.04\"\r\nHOME_URL=\"https:\/\/www.ubuntu.com\/\"\r\nSUPPORT_URL=\"https:\/\/help.ubuntu.com\/\"\r\nBUG_REPORT_URL=\"https:\/\/bugs.launchpad.net\/ubuntu\/\"\r\nPRIVACY_POLICY_URL=\"https:\/\/www.ubuntu.com\/legal\/terms-and-policies\/privacy-policy\"\r\nVERSION_CODENAME=bionic\r\nUBUNTU_CODENAME=bionic\r\n<\/code><\/pre>\nPython\u73af\u5883<\/h2>\n(ansible) $<\/span> pip freeze\r\nansible==2.9.2\r\ncffi==1.13.2\r\ncryptography==2.8\r\nJinja2==2.10.3\r\nMarkupSafe==1.1.1\r\npasslib==1.7.2\r\npkg-resources==0.0.0\r\npycparser==2.19\r\nPyYAML==5.2\r\nsix==1.13.0\r\n<\/span>(ansible) $<\/span>\r\n<\/code><\/pre>\n\u8fde\u63a5\u9009\u9879\u548c\u8fde\u63a5\u73af\u5883\u7684\u5bc6\u7801\u7b49\u76f8\u5173\u4fe1\u606f\u3002<\/h2>\n\n\u63a5\u7d9a\u5148 IP addressssh \u63a5\u7d9a\u79d8\u5bc6\u9375\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u30e6\u30fc\u30b6\u540d&sudo \u5229\u7528172.17.0.2\u516c\u958b\u9375\u65b9\u5f0f”privkey_passphrase<\/code>“pubkeyuser<\/p>\n\u30d1\u30b9\u30ef\u30fc\u30c9: “pubkeyuser_password<\/code>“172.17.0.3\u30d1\u30b9\u30ef\u30fc\u30c9\u5165\u529b-pwduser<\/p>\n\u30d1\u30b9\u30ef\u30fc\u30c9: “pwduser_password<\/code>“<\/div>\n<\/div>\nAnsible \u73af\u5883 – Ansible Environment<\/h2>\n\u5b89\u88c5 Ansible \u7684\u7248\u672c<\/h3>\n(ansible) $<\/span> ansible --version<\/span>\r\nansible 2.9.2\r\n config file = \/home\/luser\/work\/ansible.cfg\r\n configured module search path = ['\/home\/luser\/.ansible\/plugins\/modules', '\/usr\/share\/ansible\/plugins\/modules']\r\n ansible python module location = \/home\/luser\/work\/Python.d\/envs\/ansible\/lib\/python3.6\/site-packages\/ansible\r\n executable location = \/home\/luser\/work\/Python.d\/envs\/ansible\/bin\/ansible\r\n python version = 3.6.9 (default, Nov 7 2019, 10:44:02) [GCC 8.3.0]\r\n<\/span>(ansible) $<\/span>\r\n<\/code><\/pre>\nAnsible \u4e3b\u673a\u6587\u4ef6<\/h3>\n[hostgroup]<\/span>\r\n172.17.0.2<\/span>\r\n172.17.0.3<\/span>\r\n<\/code><\/pre>\n\u6291\u5236Ansible\u7684DEPRECATION WARNING\u3002<\/h2>\n
\u4e3a\u4e86\u6291\u5236DEPRECATION WARNING\uff0c\u6211\u4eec\u8981\u5728\u8fde\u63a5\u7684\u4e3b\u673a\u4e0a\u660e\u786e\u6307\u5b9a\u4f7f\u7528python3\u800c\u4e0d\u662fpython2\uff0c\u5219\u5728\u5f53\u524d\u76ee\u5f55\u4e0b\u653e\u7f6e\u5982\u4e0b\u7684ansible.cfg\u6587\u4ef6\u3002\uff08\u867d\u7136\u4e5f\u53ef\u4ee5\u8bbe\u7f6edeprecation_warnings=False\uff0c\u4f46\u4e0d\u8981\u8ba9\u5176\u4ed6\u8b66\u544a\u4e5f\u6d88\u5931\uff09<\/p>\n
ansible.cfg \u6587\u4ef6<\/h3>\n[defaults]<\/span>\r\ninterpreter_python<\/span> =<\/span> \/usr\/bin\/python3<\/span>\r\n<\/code><\/pre>\n\u4fdd\u5bc6\u94a5\u5319<\/h2>\n
\u5c06\u7528\u4e8e\u52a8\u4f5c\u786e\u8ba4\u7684\u79d8\u5bc6\u94a5\u5319\u653e\u7f6e\u5728\u5f53\u524d\u76ee\u5f55\u4e2d\u3002<\/p>\n
pubkeyuser_id_rsa \u6587\u4ef6<\/h3>\n(ansible) $<\/span> ls<\/span> -l<\/span> pubkeyuser_id_rsa\r\n-rw------- 1 luser luser 1766 Jan 11 02:19 pubkeyuser_id_rsa\r\n<\/span><\/code><\/pre>\n\u6587\u4ef6\u7ed3\u6784<\/h2>\n(ansible) $<\/span> tree -a<\/span> .\/\r\n.\/\r\n|-- ansible.cfg\r\n|-- host_vars\r\n| |-- 172.17.0.2.yml\r\n| `-- 172.17.0.3.yml\r\n|-- hosts\r\n|-- pubkeyuser_id_rsa\r\n<\/span>`-- pubkeyuser_id_rsa_assword -><\/span> pubkeyuser_id_rsa\r\n\r\n1 directory, 6 files\r\n<\/span>(ansible) $<\/span>\r\n<\/code><\/pre>\n\u524d\u63d0\u5230\u6b64\u4e3a\u6b62\u3002<\/p>\n
\n\u4f7f\u7528Ansible\u65f6\u7684\u5bc6\u7801(\u53e3\u4ee4)\u7c7b\u578b<\/h1>\n\n- \n
\u901a\u8fc7ssh\u8fde\u63a5\u65f6\u7684\u5bc6\u7801\/\u5bc6\u7801\u77ed\u8bed<\/ol>\n<\/li>\n<\/ol>\n <\/p>\n
\u901a\u8fc7sudo\uff08\u53d8\u6210\uff09\u65f6\u7684\u5bc6\u7801<\/ol>\nSSH\u8fde\u63a5\u7684\u5bc6\u7801\/\u5bc6\u7801\u77ed\u8bed\u8bbe\u7f6e<\/h2>\n
\u53c2\u8003\u6587\u732e\uff1assh – \u901a\u8fc7ssh\u5ba2\u6237\u7aef\u4e8c\u8fdb\u5236\u6587\u4ef6\u8fde\u63a5 – Ansible\u6587\u6863<\/p>\n
\u5728\u4e2d\u56fd\uff0cSSH\u8fde\u63a5\u4e3b\u8981\u6709\u4ee5\u4e0b\u4e24\u79cd\u65b9\u6cd5\u8fdb\u884c\u3002<\/p>\n
\n- \n
\u4f7f\u7528\u516c\u5f00\u5bc6\u94a5\u52a0\u5bc6\u7684\u8fde\u63a5<\/ol>\n<\/li>\n<\/ol>\n <\/p>\n
\u4f7f\u7528PAM\u5bc6\u7801\u8fdb\u884c\u8fde\u63a5<\/ol>\n\u4f7f\u7528\u516c\u5f00\u5bc6\u94a5\u52a0\u5bc6\u7684\u8fde\u63a5\u3002<\/h2>\n(ansible) $<\/span> ssh -i<\/span> .\/pubkeyuser_id_rsa pubkeyuser@172.17.0.2\r\nEnter passphrase for key '.\/pubkeyuser_id_rsa': \u2190 \u3053\u3053\u3067\u79d8\u5bc6\u9375\u306e\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\r\nLast login: Tue Jan 7 08:00:57 2020 from 172.17.0.1\r\n<\/span>$<\/span> id<\/span> -a<\/span>\r\nuid=1001(pubkeyuser) gid=1001(pubkeyuser) groups=1001(pubkeyuser),27(sudo)\r\n<\/span>$<\/span> exit<\/span>\r\nConnection to 172.17.0.2 closed.\r\n<\/span>(ansible) $<\/span>\r\n<\/code><\/pre>\nAnsible\u8fde\u63a5\u5982\u4e0b\u6240\u793a\u3002<\/p>\n
(ansible) $<\/span> ansible -i<\/span> hosts -u<\/span> pubkeyuser --private-key<\/span> pubkeyuser_id_rsa 172.17.0.2 -m<\/span> ping\r\nEnter passphrase for key 'pubkeyuser_id_rsa': \u2190 \u3053\u3053\u3067\u79d8\u5bc6\u9375\u306e\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u5165\u529b\r\n<\/span>172.17.0.2 | SUCCESS =><\/span> {<\/span>\r\n \"changed\": false,\r\n \"ping\": \"pong\"\r\n}\r\n<\/span>(ansible) $<\/span>\r\n<\/code><\/pre>\n\u4f7f\u7528ssh-agent\/ssh-add<\/h3>\n
\u53ef\u4ee5\u4f7f\u7528ssh-agent\/ssh-add\u6765\u907f\u514d\u8f93\u5165\u5bc6\u7801\u3002<\/p>\n
\u5f53\u4f7f\u7528\u9ed8\u8ba4\u7684\u8fde\u63a5\u63d2\u4ef6\u65f6\uff0cAnsible\u4e0d\u4f1a\u63d0\u4f9b\u4e00\u4e2a\u901a\u9053\u6765\u5141\u8bb8\u7528\u6237\u4e0essh\u8fc7\u7a0b\u8fdb\u884c\u901a\u4fe1\uff0c\u624b\u52a8\u8f93\u5165\u5bc6\u7801\u4ee5\u89e3\u5bc6ssh\u5bc6\u94a5\u3002\u5f3a\u70c8\u5efa\u8bae\u4f7f\u7528ssh-agent\u3002<\/p><\/blockquote>\n
Ansible\u7684\u6587\u4ef6\u4e2d\u4e5f\u5f3a\u70c8\u63a8\u8350\u4f7f\u7528ssh-agent\u3002<\/p>\n
(ansible) $<\/span> eval<\/span> `<\/span>ssh-agent`<\/span>\r\nAgent pid 3256\r\n<\/span>(ansible) $<\/span> echo<\/span> $SSH_AUTH_SOCK<\/span>\r\n\/tmp\/ssh-dcXxsNEXR7zu\/agent.3254\r\n<\/span>(ansible) $<\/span> ssh-add pubkeyuser_id_rsa\r\nEnter passphrase for pubkeyuser_id_rsa:\r\nIdentity added: pubkeyuser_id_rsa (pubkeyuser_id_rsa)\r\n<\/span>(ansible) $<\/span> ssh-add -l<\/span>\r\n2048 SHA256:Skhwkjn4nNRdRzWxNZBRGSPamcZikVkeBVpPhtFzgXw pubkeyuser_id_rsa (RSA)\r\n<\/span>(ansible) $<\/span> ansible -i<\/span> hosts -u<\/span> pubkeyuser --private-key<\/span> pubkeyuser_id_rsa 172.17.0.2 -m<\/span> ping\r\n172.17.0.2 | SUCCESS =><\/span> {<\/span>\r\n \"changed\": false,\r\n \"ping\": \"pong\"\r\n}\r\n<\/span>(ansible) $<\/span>\r\n<\/code><\/pre>\n\u5982\u679c\u4f7f\u7528csh\u7cfb\u5217\u547d\u4ee4\u65f6\uff0c\u9700\u8981\u5728\u547d\u4ee4\u4e2d\u6dfb\u52a0-c\u9009\u9879\uff0c\u5982eval `ssh-agent -c`\u3002<\/p>\n
\u5728\u6279\u5904\u7406\u4e2d\u8bbe\u7f6e\u5bc6\u7801\u53e3\u4ee4\u3002<\/h3>\n
\u53ea\u6709\u5728\u50cf\u6279\u5904\u7406\u90a3\u6837\u81ea\u52a8\u542f\u52a8\uff0c\u65e0\u9700\u4eba\u5de5\u5e72\u9884\u7684\u60c5\u51b5\u4e0b\uff0c\u624d\u9700\u8981\u8fdb\u884c\u8bbe\u7f6e\uff0c\u800c\u4e0d\u662f\u4ea4\u4e92\u5f0f\u7684\u3002<\/p>\n
\u4f7f\u7528 ssh-agent\/ssh-add<\/h4>\n\n- \n
ssh-agent \u306f\u3001(\u901a\u5e38)\u30ed\u30b0\u30a2\u30a6\u30c8\u3057\u3066\u3082\u30d7\u30ed\u30bb\u30b9\u304c\u6b8b\u308a\u3001\u30bd\u30b1\u30c3\u30c8\u304c\u5229\u7528\u53ef\u80fd\u3067\u3059\u3002<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\u3053\u308c\u3092\u5229\u7528\u3059\u308b\u3068\u3001\u975e\u30a4\u30f3\u30bf\u30e9\u30af\u30c6\u30a3\u30d6\u306a\u51e6\u7406\u3067\u3082\u30d1\u30b9\u30ef\u30fc\u30c9\u306e\u5165\u529b\u3092\u7701\u7565\u3067\u304d\u307e\u3059\u3002<\/ul>\n\u5f53\u60a8\u4ece~\/.bashrc\uff08\u6216\u76f4\u63a5\u5728.bashrc\u4e2d\u7f16\u5199\uff09\u8c03\u7528\u4ee5\u4e0b\u7684shell\u811a\u672c\u65f6\uff0c\u60a8\u53ef\u4ee5\u91cd\u590d\u4f7f\u7528\u73b0\u6709\u7684\u8fdb\u7a0b\u3002<\/p>\n
#!\/bin\/sh<\/span>\r\n\r\n[<\/span> $(<\/span>id<\/span> -u<\/span>)<\/span> -eq<\/span> 0 ]<\/span> &&<\/span> exit <\/span>255\r\n\r\nLANG<\/span>=<\/span>C\r\nSSH_AGENT<\/span>=<\/span>ssh-agent\r\nSSH_AGENT_SAVED<\/span>=<\/span>${<\/span>SSH_AGENT_SAVED<\/span>:-<\/span>\"<\/span>${<\/span>HOME<\/span>}<\/span>\/.ssh\/.<\/span>${<\/span>SSH_AGENT<\/span>}<\/span>\"<\/span>}<\/span>\r\n\r\nAGENT_ENV<\/span>=<\/span>\"\"<\/span>\r\n\r\nif<\/span> [<\/span> -f<\/span> ${<\/span>SSH_AGENT_SAVED<\/span>}<\/span> ]<\/span>\r\nthen\r\n <\/span>eval<\/span> $(<\/span>tail<\/span> -1<\/span> ${<\/span>SSH_AGENT_SAVED<\/span>}<\/span>)<\/span> ><\/span> \/dev\/null\r\n\r\n if<\/span> (<\/span>ps -fp<\/span> ${<\/span>SSH_AGENT_PID<\/span>}<\/span> | sed<\/span> -e<\/span> 's\/ *\/ \/g'<\/span> | cut<\/span> -d<\/span>' '<\/span> -f<\/span> 8 | grep<\/span> '^ssh-agent$'<\/span> ><\/span> \/dev\/null)<\/span>\r\n then\r\n <\/span>AGENT_ENV<\/span>=<\/span>$(<\/span>tail<\/span> -1<\/span> ${<\/span>SSH_AGENT_SAVED<\/span>}<\/span>)<\/span>\r\n else\r\n <\/span>AGENT_ENV<\/span>=<\/span>$(<\/span>${<\/span>SSH_AGENT<\/span>}<\/span>)<\/span>\r\n fi\r\nelse\r\n <\/span>AGENT_ENV<\/span>=<\/span>$(<\/span>${<\/span>SSH_AGENT<\/span>}<\/span>)<\/span>\r\nfi\r\n\r\n<\/span>echo<\/span> ${<\/span>AGENT_ENV<\/span>}<\/span> | tee<\/span> ${<\/span>SSH_AGENT_SAVED<\/span>}<\/span>\r\n