This article focuses on ansible installation, opening configuration, and secret login.
ansible installation
- View system version
cat /etc/openEuler-latest
The output is as follows:
openeulerversion=openEuler-24.03-LTS
compiletime=2024-05-27-21-31-28
gccversion=12.3.1-30.oe2403
kernelversion=6.6.0-28.0.0.34.oe2403
openjdkversion=1.8.0.412.b08-5.oe2403
- Clearing the repository cache
dnf clean all
- Recommended repository caching
dnf makecache
- Installation of the epel-release software warehouse
- Download the repository for the corresponding version of epel-release
# Different versions of epel-release are required for different systems
wget /repo/
2. Re-indexing of software repositories
mv /etc//
dnf clean all
dnf makecache
- Install ansible
dnf -y install ansible
Just wait for the installation to complete
Opening Configuration
- Introduction to Common Documents
/etc/ansible/hosts ## Used to store host IPs or host names that need to be managed in bulk
/etc/ansible/ ## This file is the main ansible configuration file.
- Adding hosts to ansible
192.168.0.10 ansible_ssh_pass=host password ansible_ssh_user=host account
192.168.0.11 ansible_ssh_pass=host password ansible_ssh_user=host account
192.168.0.12 ansible_ssh_pass=host password ansible_ssh_user=host account
ansible_ssh_pass: remote host login password
ansible_ssh_user: remote host login account
- Executing the ping command remotely will result in an execution error
ansible all -m ping
The output is as follows:
192.168.0.10 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support
this. Please add this host's fingerprint to your known_hosts file to
manage this host."}
192.168.0.11 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support
this. Please add this host's fingerprint to your known_hosts file to
manage this host."}
192.168.0.12 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support
this. Please add this host's fingerprint to your known_hosts file to
manage this host."}
This problem occurs mainly because ansible does not enable account password login by default, and uses certificate login by default, you just need to turn off certificate login in the configuration file to execute successfully.
Just go to the /etc/ansible/ file and uncomment host_key_checking = False or add it
Re-execute it again and there will be no problem, after success the output will be as follows
192.168.0.11 | SUCCESS => {
"ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong"
}
192.168.0.10 | SUCCESS => {
"ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong"
}
192.168.0.12 | SUCCESS => {
"ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong"
}
Configure Password-Free Login
- Generating Keys
ssh-keygen
Just enter all the way, and the output is as follows:
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:+RGyyNnrIHOLllk+e2hpNyTmxjBZkMY5vvDmTGuEh5g root@ecs-5352
The key's randomart image is:
+---[RSA 3072]----+
| . o |
| B |
| o o . . |
| . ...+ + . |
| o = ++ S . |
|E o @ + .o . |
| Bo%o=. . |
| O=@++ |
| o.+o=.. |
+----[SHA256]-----+
- Writing playbook script files
- hosts: # main unit
remote_user: # user ID
tasks:
- name: push ansible key
authorized_key: user=root key="{{ lookup('file' ,'Key storage location')}}" state=present
Example:
- hosts: all
remote_user: root
tasks:
- name: push ansible key
authorized_key: user=root key="{{ lookup('file' ,'/root/.ssh/id_rsa.pub')}}" state=present
- Execute the playbook script file
ansible-playbook push_key.yml
The following output indicates successful execution:
[root@ecs-5352 yml]# ansible-playbook push_key.yml
PLAY [all]
TASK [Gathering Facts]
ok: [192.168.0.10]
ok: [192.168.0.12]
ok: [192.168.0.11]
TASK [push ansible key]
changed: [192.168.0.10]
changed: [192.168.0.12]
changed: [192.168.0.11]
PLAY RECAP
192.168.0.10 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.0.11 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.0.12 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
- Test to see if it's password-free
- Comment out host_key_checking = False in the configuration file
2. Delete the username and password after the hosts file hosts
3. Test execution of the ping command
ansible all -m ping
The output is as follows:
192.168.0.10 | SUCCESS => {
"ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong"
}
192.168.0.12 | SUCCESS => {
"ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong"
}
192.168.0.11 | SUCCESS => {
"ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong"
}
- Retesting
Directly on the ansible host, use the ssh command to test if you can log in without passwords
ssh [email protected]
Successful login without password