Location>code7788 >text

ansible open configuration-openEuler

Popularity:794 ℃/2024-10-30 09:46:34

This article focuses on ansible installation, opening configuration, and secret login.

ansible installation

  1. View system version
cat /etc/openEuler-latest

The output is as follows:

openeulerversion=openEuler-24.03-LTS

compiletime=2024-05-27-21-31-28

gccversion=12.3.1-30.oe2403

kernelversion=6.6.0-28.0.0.34.oe2403

openjdkversion=1.8.0.412.b08-5.oe2403

  1. Clearing the repository cache
dnf clean all
  1. Recommended repository caching
dnf makecache 
  1. Installation of the epel-release software warehouse
    1. Download the repository for the corresponding version of epel-release
# Different versions of epel-release are required for different systems
wget /repo/
2. Re-indexing of software repositories
mv  /etc//
dnf clean all 
dnf makecache 

  1. Install ansible
dnf -y install ansible

Just wait for the installation to complete

Opening Configuration

  1. Introduction to Common Documents

/etc/ansible/hosts ## Used to store host IPs or host names that need to be managed in bulk

/etc/ansible/ ## This file is the main ansible configuration file.

  1. Adding hosts to ansible
192.168.0.10 ansible_ssh_pass=host password ansible_ssh_user=host account
192.168.0.11 ansible_ssh_pass=host password ansible_ssh_user=host account
192.168.0.12 ansible_ssh_pass=host password ansible_ssh_user=host account

ansible_ssh_pass: remote host login password

ansible_ssh_user: remote host login account

  1. Executing the ping command remotely will result in an execution error
ansible all -m ping

The output is as follows:

192.168.0.10 | FAILED! => {

"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support
this. Please add this host's fingerprint to your known_hosts file to
manage this host."

}

192.168.0.11 | FAILED! => {

"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support
this. Please add this host's fingerprint to your known_hosts file to
manage this host."

}

192.168.0.12 | FAILED! => {

"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support
this. Please add this host's fingerprint to your known_hosts file to
manage this host."

}

This problem occurs mainly because ansible does not enable account password login by default, and uses certificate login by default, you just need to turn off certificate login in the configuration file to execute successfully.

Just go to the /etc/ansible/ file and uncomment host_key_checking = False or add it

Re-execute it again and there will be no problem, after success the output will be as follows

192.168.0.11 | SUCCESS => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

192.168.0.10 | SUCCESS => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

192.168.0.12 | SUCCESS => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

Configure Password-Free Login

  1. Generating Keys
ssh-keygen

Just enter all the way, and the output is as follows:

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa

Your public key has been saved in /root/.ssh/id_rsa.pub

The key fingerprint is:

SHA256:+RGyyNnrIHOLllk+e2hpNyTmxjBZkMY5vvDmTGuEh5g root@ecs-5352

The key's randomart image is:

+---[RSA 3072]----+

| . o |

| B |

| o o . . |

| . ...+ + . |

| o = ++ S . |

|E o @ + .o . |

| Bo%o=. . |

| O=@++ |

| o.+o=.. |

+----[SHA256]-----+

  1. Writing playbook script files
- hosts: # main unit
  remote_user: # user ID
  tasks:
    - name: push ansible key
      authorized_key: user=root key="{{ lookup('file' ,'Key storage location')}}" state=present

Example:

- hosts: all
  remote_user: root
  tasks:
    - name: push ansible key
      authorized_key: user=root key="{{ lookup('file' ,'/root/.ssh/id_rsa.pub')}}" state=present
  1. Execute the playbook script file
ansible-playbook push_key.yml

The following output indicates successful execution:

[root@ecs-5352 yml]# ansible-playbook push_key.yml

PLAY [all]


TASK [Gathering Facts]


ok: [192.168.0.10]

ok: [192.168.0.12]

ok: [192.168.0.11]

TASK [push ansible key]


changed: [192.168.0.10]

changed: [192.168.0.12]

changed: [192.168.0.11]

PLAY RECAP


192.168.0.10 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

192.168.0.11 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

192.168.0.12 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

  1. Test to see if it's password-free
    1. Comment out host_key_checking = False in the configuration file

2. Delete the username and password after the hosts file hosts

3. Test execution of the ping command
ansible all -m ping

The output is as follows:

192.168.0.10 | SUCCESS => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

192.168.0.12 | SUCCESS => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

192.168.0.11 | SUCCESS => {

"ansible_facts": {

    "discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"ping": "pong"

}

  1. Retesting

Directly on the ansible host, use the ssh command to test if you can log in without passwords

ssh [email protected]

Successful login without password