W9 ansible Batch Management and Maintenance

SSH key authentication

Password-based security verification

[[email protected] ~]# ssh 10.0.0.41 hostname[email protected]‘s password:backup[[email protected] ~]# ssh 10.0.0.41 whoami[email protected]‘s password:root[[email protected] ~]# ssh [email protected] whoami[email protected]‘s password:oldboy

View

1. Generate the key and lock Header

[[email protected] ~]# hostnamem01[[email protected] ~]# ssh-keygen -t dsaGenerating public/private dsa key pair.Enter file in which to save the key (/root/.ssh/id_dsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_dsa.Your public key has been saved in /root/.ssh/id_dsa.pub.The key fingerprint is:29:37:1b:e1:9f:0a:ab:77:a0:fc:60:41:2d:bc:85:dd [email protected]The key‘s randomart image is:+--[ DSA 1024]----+| || . + . || = + E || . + . o || o . S || ..o = . || .o.... o || .o..o.. || .+o.. |+-----------------+

View

2. Send the lock header to backup and nfs01.

Send to backup [[email protected] ~] # Ssh-copy-ID-I/root /. SSH/id_dsa.pub [email protected] the authenticity of host' 172. 16.1.41 (172.16.1.41) 'Can't be established. RSA key fingerprint is AC: 0f: AA: D2: 5b: FF: Cf: AC: F0: 76: 37: A6: Be: 31: B9: f9.are you sure you want to continue connecting (Yes/No )? Yplease type 'yes' or 'no': yeswarning: Permanently added' 172. 16.1.41 '(RSA) to the list of known hosts. [email protected]'s password: Now try logging into the machine, with "ssh '[email protected]'", and check in :. SSH/authorized_keysto make sure we haven't added extra keys that You weren' t expecting. [[email protected] ~] # SSH 10.0.0.41 hostnamebackup ?? # Nfs01 [[email protected] ~] # Ssh-copy-ID-I/root /. SSH/id_dsa.pub [email protected] the authenticity of host' 172. 16.1.31 (172.16.1.31) 'Can't be established. RSA key fingerprint is AC: 0f: AA: D2: 5b: FF: Cf: AC: F0: 76: 37: A6: Be: 31: B9: f9.are you sure you want to continue connecting (Yes/No )? Yeswarning: Permanently added '2017. 16.1.31 '(RSA) to the list of known hosts. [email protected]'s password: Now try logging into the machine, with "ssh '[email protected]'", and check in :. SSH/authorized_keysto make sure we haven't added extra keys that You weren' t expecting. [[email protected] ~] # SSH 172.16.1.31 hostnamenfs01

View

3. Send the lock header to backup and nfs01-password-free

Yum install sshpass-y # sshpass provides the password for the SSH class [[email protected] ~] # Sshpass-p123456 SSH 172.16.1.41 hostnamebackupsshpass-p123456 ssh-O stricthostkeychecking = No 172.16.1.41 hostnamebackup

View

 

Create key lock headers in non-interactive mode

[[email protected] ~]# ssh-keygen -t dsa -P ‘‘ -f ~/.ssh/id_dsaGenerating public/private dsa key pair./root/.ssh/id_dsa already exists.Overwrite (y/n)? yYour identification has been saved in /root/.ssh/id_dsa.Your public key has been saved in /root/.ssh/id_dsa.pub.The key fingerprint is:e0:8d:9b:00:99:fe:fc:67:be:65:8c:b0:b1:cc:fc:8c [email protected]The key‘s randomart image is:+--[ DSA 1024]----+| || o || + . || . . . + || . . = S || o = B o || o O . + || . +oo || E+=. |+-----------------+

View

Non-interactive distribution Public Key

[[email protected] ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected]"Now try logging into the machine, with "ssh ‘-o StrictHostKeyChecking=no [email protected]‘",and check in:.ssh/authorized_keysto make sure we haven‘t added extra keys that you weren‘t expecting.??[[email protected] ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected]"Now try logging into the machine, with "ssh ‘-o StrictHostKeyChecking=no [email protected]‘",and check in:.ssh/authorized_keysto make sure we haven‘t added extra keys that you weren‘t expecting.??[[email protected] ~]# ssh 172.16.1.41 hostnamebackup[[email protected] ~]# ssh 172.16.1.31 hostnamenfs01

Viewansible deployment

Wget-O/etc/yum. Repos. d/epel. Repo http://mirrors.aliyun.com/repo/epel-6.repo? # M01yum install ansible-yyum install libselinux-Python-y? # Backup nfs01yum install libselinux-Python-y [[email protected] ~] # Tree/etc/ansible/── ansible. CFG # ansible configuration file ── hosts # ansible manages the Server LIST └ ── roles1 directory, 2 files [[email protected] ~] # Cat/etc/ansible/hosts [oldboy] 172.16.1.31172.16.1.41? Ansible oldboy-M command-a "hostname" ansible oldboy-M command-a "yum install cowsay-y"

Install

 

Test: copy a file

[[email protected] ~]# ansible oldboy -m copy -a "src=/etc/hosts dest=/tmp owner=oldboy mode=0755"172.16.1.41 | SUCCESS => {"changed": true,"checksum": "bc07bb4d3a780f4fd8cae94ec7bff04edb1a5a4e","dest": "/tmp/hosts","gid": 0,"group": "root","md5sum": "55ee21bf1168f9be70abd35bf29d8e4a","mode": "0755","owner": "oldboy","size": 364,"src": "/root/.ansible/tmp/ansible-tmp-1517744820.18-259504826638509/source","state": "file","uid": 500}172.16.1.31 | SUCCESS => {"changed": true,"checksum": "bc07bb4d3a780f4fd8cae94ec7bff04edb1a5a4e","dest": "/tmp/hosts","gid": 0,"group": "root","md5sum": "55ee21bf1168f9be70abd35bf29d8e4a","mode": "0755","owner": "oldboy","size": 364,"src": "/root/.ansible/tmp/ansible-tmp-1517744820.17-14642605512978/source","state": "file","uid": 500}??[[email protected] ~]# ansible oldboy -m command -a "ls -l /tmp/hosts"172.16.1.31 | SUCCESS | rc=0 >>-rwxr-xr-x 1 oldboy root 364 Feb 4 19:47 /tmp/hosts172.16.1.41 | SUCCESS | rc=0 >>-rwxr-xr-x 1 oldboy root 364 Feb 4 19:47 /tmp/hosts

Install

Ansible oldboy-M copy-a "src =/etc/hosts DEST =/tmp backup = yes" ansible-doc-L | WC-lansible-doc-s copy # view document ansible oldboy-M copy-a "src =/Server/scripts/yum-htop.sh DEST =/Server/scripts/" ansible oldboy-M shell-a "/bin/sh/Server/scripts/ yum-htop.sh "ansible oldboy-M script-a"/Server/scripts/yum. sh"

View

 

Scheduled task

[[email protected] scripts]# ansible oldboy -m cron -a "name=‘restart network‘ minute=00 hour=00 job=‘ /etc/init.d/network restart >/dev/null 2>&1‘"172.16.1.31 | SUCCESS => {"changed": true,"envs": [],"jobs": ["restart network"]}172.16.1.41 | SUCCESS => {"changed": true,"envs": [],"jobs": ["restart network"]}?[[email protected] scripts]# ansible oldboy -a "crontab -l"172.16.1.41 | SUCCESS | rc=0 >>#time sync by lidao at 2017-03-08*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1#check & send result lee at 2017-01-0100 03 * * * /bin/sh /server/scripts/check.sh >/dev/null 2>&1#Ansible: restart network00 00 * * * /etc/init.d/network restart >/dev/null 2>&1172.16.1.31 | SUCCESS | rc=0 >>#time sync by lidao at 2017-03-08*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1#Ansible: restart network00 00 * * * /etc/init.d/network restart >/dev/null 2>&1?mkdir -p /server/playbook?[[email protected] playbook]# cat ifconfig.yml- hosts: oldboytasks:- command: ifconfig- shell: ifconfig >/tmp/ip.log??ansible-playbook -C ifconfig.ymlansible-playbook ifconfig.yml[[email protected] ~]# ansible oldboy -m cron -a "name=‘restart network‘ minute=00 hour=00 job=‘/etc/init.d/network restart >/dev/null 2>&1‘"172.16.1.41 | SUCCESS => {    "changed": true,    "envs": [],    "jobs": [        "restart network"    ]}172.16.1.31 | SUCCESS => {    "changed": true,    "envs": [],    "jobs": [        "restart network"    ]}?????[[email protected] ~]# ansible oldboy -m cron -a "name=‘restart network‘ state=absent "172.16.1.31 | SUCCESS => {    "changed": true,    "envs": [],    "jobs": []}172.16.1.41 | SUCCESS => {    "changed": true,    "envs": [],    "jobs": []}?

View

Simple Example 1: execute commands in batches

Append the IP addresses of all servers to/tmp/IP. log.

[[Email protected] playbook] # Cat print-ip.yml-hosts: all tasks:-Name: Get IP address shell: ifconfig eth0 | awk-F "[:] + "'nr = 2 {print $4} '>/tmp/IP. logansible-playbook-C print-ip.ymlansible-playbook print-ip.ymlansible all-a "tail-1/tmp/IP. log "? Ansible oldboy-M Cron-a 'name = "restart network" minute = 00 hour = 00 job = "/etc/init. d/network restart>/dev/null 2> & 1 "state = present '?? [[Email protected] playbook] # Cat add-cron.yml-hosts: oldboy tasks:-Name: Add restart network cron: name = "restart network" minute = 00 hour = 00 job = "/etc/init. d/network restart>/dev/null 2> & 1 "state = present ?? Playbook add scheduled task [[email protected] playbook] # ansible oldboy-a "crontab-L" 172.16.1.41 | Success | rc = 0 >># time sync by lidao at */5 * ***/usr/sbin/ntpdate ntp1.aliyun.com>/dev/null 2> & 1 # Check & send result Lee at 2017-01-0100 03 ***/bin/sh /Server/scripts/check. sh>/dev/null 2> & 1172.16.1.31 | Success | rc = 0 >># time sync by lidao at */5 *****/usr/sbin/ntpdate ntp1.aliyun.com> /dev/null 2> & 1

View

2. Add scheduled tasks to playbook

Tab is not supported.

- hosts: oldboy  tasks:  - name: add restart network cron    cron: name="restart network" minute=00 hour=00 job="/etc/init.d/network restart >/dev/null 2>&1" state=present- hosts: oldboy  tasks:  - name: add restart network cron    cron:    name: restart network    minute: 00    hour: 00    job: /etc/init.d/network restart >/dev/null 2>&1    state: present

Two writing formats

Example 3: Configure multiple tasks for the same machine

Restart NETWORK SERVICE

Install software yum

Display time information to file date

[[Email protected] playbook] # cat manage. yml-hosts: all tasks:-Name: restart network service: # service name: Network # server name state: restarted # status-Name: Install tree NMAP lrzsz iftop htop iotop NC shell: yum install-y tree NMAP lrzsz iftop htop iotop nc-Name: print date to file shell: date + % F>/tmp/date. log

View

?

[[Email protected] playbook] # Cat hosts. yml-hosts: 172.16.1.41 tasks:-Name: mkdir shell: mkdir-P/oldboy/backup-hosts: 172.16.1.31 tasks:-Name: Find shell: find/etc-type F-name "*. conf ">/tmp/name. how to Use pssh (pssh pscp prsync) to configure sersync data synchronization on the NFS server of the rsync server installed on logansible)

View

W9 ansible Batch Management and Maintenance