W9 ansible Batch Management and Maintenance

Source: Internet
Author: User
Tags aliyun
SSH key authentication

Password-based security verification

[[email protected] ~]# ssh 10.0.0.41 hostname[email protected]‘s password:backup[[email protected] ~]# ssh 10.0.0.41 whoami[email protected]‘s password:root[[email protected] ~]# ssh [email protected] whoami[email protected]‘s password:oldboy
View

1. Generate the key and lock Header

[[email protected] ~]# hostnamem01[[email protected] ~]# ssh-keygen -t dsaGenerating public/private dsa key pair.Enter file in which to save the key (/root/.ssh/id_dsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_dsa.Your public key has been saved in /root/.ssh/id_dsa.pub.The key fingerprint is:29:37:1b:e1:9f:0a:ab:77:a0:fc:60:41:2d:bc:85:dd [email protected]The key‘s randomart image is:+--[ DSA 1024]----+| || . + . || = + E || . + . o || o . S || ..o = . || .o.... o || .o..o.. || .+o.. |+-----------------+
View

2. Send the lock header to backup and nfs01.

Send to backup [[email protected] ~] # Ssh-copy-ID-I/root /. SSH/id_dsa.pub [email protected] the authenticity of host' 172. 16.1.41 (172.16.1.41) 'Can't be established. RSA key fingerprint is AC: 0f: AA: D2: 5b: FF: Cf: AC: F0: 76: 37: A6: Be: 31: B9: f9.are you sure you want to continue connecting (Yes/No )? Yplease type 'yes' or 'no': yeswarning: Permanently added' 172. 16.1.41 '(RSA) to the list of known hosts. [email protected]'s password: Now try logging into the machine, with "ssh '[email protected]'", and check in :. SSH/authorized_keysto make sure we haven't added extra keys that You weren' t expecting. [[email protected] ~] # SSH 10.0.0.41 hostnamebackup ?? # Nfs01 [[email protected] ~] # Ssh-copy-ID-I/root /. SSH/id_dsa.pub [email protected] the authenticity of host' 172. 16.1.31 (172.16.1.31) 'Can't be established. RSA key fingerprint is AC: 0f: AA: D2: 5b: FF: Cf: AC: F0: 76: 37: A6: Be: 31: B9: f9.are you sure you want to continue connecting (Yes/No )? Yeswarning: Permanently added '2017. 16.1.31 '(RSA) to the list of known hosts. [email protected]'s password: Now try logging into the machine, with "ssh '[email protected]'", and check in :. SSH/authorized_keysto make sure we haven't added extra keys that You weren' t expecting. [[email protected] ~] # SSH 172.16.1.31 hostnamenfs01
View

3. Send the lock header to backup and nfs01-password-free

Yum install sshpass-y # sshpass provides the password for the SSH class [[email protected] ~] # Sshpass-p123456 SSH 172.16.1.41 hostnamebackupsshpass-p123456 ssh-O stricthostkeychecking = No 172.16.1.41 hostnamebackup
View

 

Create key lock headers in non-interactive mode

[[email protected] ~]# ssh-keygen -t dsa -P ‘‘ -f ~/.ssh/id_dsaGenerating public/private dsa key pair./root/.ssh/id_dsa already exists.Overwrite (y/n)? yYour identification has been saved in /root/.ssh/id_dsa.Your public key has been saved in /root/.ssh/id_dsa.pub.The key fingerprint is:e0:8d:9b:00:99:fe:fc:67:be:65:8c:b0:b1:cc:fc:8c [email protected]The key‘s randomart image is:+--[ DSA 1024]----+| || o || + . || . . . + || . . = S || o = B o || o O . + || . +oo || E+=. |+-----------------+
View

Non-interactive distribution Public Key

[[email protected] ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected]"Now try logging into the machine, with "ssh ‘-o StrictHostKeyChecking=no [email protected]‘",and check in:.ssh/authorized_keysto make sure we haven‘t added extra keys that you weren‘t expecting.??[[email protected] ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no [email protected]"Now try logging into the machine, with "ssh ‘-o StrictHostKeyChecking=no [email protected]‘",and check in:.ssh/authorized_keysto make sure we haven‘t added extra keys that you weren‘t expecting.??[[email protected] ~]# ssh 172.16.1.41 hostnamebackup[[email protected] ~]# ssh 172.16.1.31 hostnamenfs01
Viewansible deployment
Wget-O/etc/yum. Repos. d/epel. Repo http://mirrors.aliyun.com/repo/epel-6.repo? # M01yum install ansible-yyum install libselinux-Python-y? # Backup nfs01yum install libselinux-Python-y [[email protected] ~] # Tree/etc/ansible/── ansible. CFG # ansible configuration file ── hosts # ansible manages the Server LIST └ ── roles1 directory, 2 files [[email protected] ~] # Cat/etc/ansible/hosts [oldboy] 172.16.1.31172.16.1.41? Ansible oldboy-M command-a "hostname" ansible oldboy-M command-a "yum install cowsay-y"
Install

 

Test: copy a file

[[email protected] ~]# ansible oldboy -m copy -a "src=/etc/hosts dest=/tmp owner=oldboy mode=0755"172.16.1.41 | SUCCESS => {"changed": true,"checksum": "bc07bb4d3a780f4fd8cae94ec7bff04edb1a5a4e","dest": "/tmp/hosts","gid": 0,"group": "root","md5sum": "55ee21bf1168f9be70abd35bf29d8e4a","mode": "0755","owner": "oldboy","size": 364,"src": "/root/.ansible/tmp/ansible-tmp-1517744820.18-259504826638509/source","state": "file","uid": 500}172.16.1.31 | SUCCESS => {"changed": true,"checksum": "bc07bb4d3a780f4fd8cae94ec7bff04edb1a5a4e","dest": "/tmp/hosts","gid": 0,"group": "root","md5sum": "55ee21bf1168f9be70abd35bf29d8e4a","mode": "0755","owner": "oldboy","size": 364,"src": "/root/.ansible/tmp/ansible-tmp-1517744820.17-14642605512978/source","state": "file","uid": 500}??[[email protected] ~]# ansible oldboy -m command -a "ls -l /tmp/hosts"172.16.1.31 | SUCCESS | rc=0 >>-rwxr-xr-x 1 oldboy root 364 Feb 4 19:47 /tmp/hosts172.16.1.41 | SUCCESS | rc=0 >>-rwxr-xr-x 1 oldboy root 364 Feb 4 19:47 /tmp/hosts
Install
Ansible oldboy-M copy-a "src =/etc/hosts DEST =/tmp backup = yes" ansible-doc-L | WC-lansible-doc-s copy # view document ansible oldboy-M copy-a "src =/Server/scripts/yum-htop.sh DEST =/Server/scripts/" ansible oldboy-M shell-a "/bin/sh/Server/scripts/ yum-htop.sh "ansible oldboy-M script-a"/Server/scripts/yum. sh"
View

 

Scheduled task

[[email protected] scripts]# ansible oldboy -m cron -a "name=‘restart network‘ minute=00 hour=00 job=‘ /etc/init.d/network restart >/dev/null 2>&1‘"172.16.1.31 | SUCCESS => {"changed": true,"envs": [],"jobs": ["restart network"]}172.16.1.41 | SUCCESS => {"changed": true,"envs": [],"jobs": ["restart network"]}?[[email protected] scripts]# ansible oldboy -a "crontab -l"172.16.1.41 | SUCCESS | rc=0 >>#time sync by lidao at 2017-03-08*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1#check & send result lee at 2017-01-0100 03 * * * /bin/sh /server/scripts/check.sh >/dev/null 2>&1#Ansible: restart network00 00 * * * /etc/init.d/network restart >/dev/null 2>&1172.16.1.31 | SUCCESS | rc=0 >>#time sync by lidao at 2017-03-08*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1#Ansible: restart network00 00 * * * /etc/init.d/network restart >/dev/null 2>&1?mkdir -p /server/playbook?[[email protected] playbook]# cat ifconfig.yml- hosts: oldboytasks:- command: ifconfig- shell: ifconfig >/tmp/ip.log??ansible-playbook -C ifconfig.ymlansible-playbook ifconfig.yml[[email protected] ~]# ansible oldboy -m cron -a "name=‘restart network‘ minute=00 hour=00 job=‘/etc/init.d/network restart >/dev/null 2>&1‘"172.16.1.41 | SUCCESS => {    "changed": true,    "envs": [],    "jobs": [        "restart network"    ]}172.16.1.31 | SUCCESS => {    "changed": true,    "envs": [],    "jobs": [        "restart network"    ]}?????[[email protected] ~]# ansible oldboy -m cron -a "name=‘restart network‘ state=absent "172.16.1.31 | SUCCESS => {    "changed": true,    "envs": [],    "jobs": []}172.16.1.41 | SUCCESS => {    "changed": true,    "envs": [],    "jobs": []}?
View

Simple Example 1: execute commands in batches

Append the IP addresses of all servers to/tmp/IP. log.

[[Email protected] playbook] # Cat print-ip.yml-hosts: all tasks:-Name: Get IP address shell: ifconfig eth0 | awk-F "[:] + "'nr = 2 {print $4} '>/tmp/IP. logansible-playbook-C print-ip.ymlansible-playbook print-ip.ymlansible all-a "tail-1/tmp/IP. log "? Ansible oldboy-M Cron-a 'name = "restart network" minute = 00 hour = 00 job = "/etc/init. d/network restart>/dev/null 2> & 1 "state = present '?? [[Email protected] playbook] # Cat add-cron.yml-hosts: oldboy tasks:-Name: Add restart network cron: name = "restart network" minute = 00 hour = 00 job = "/etc/init. d/network restart>/dev/null 2> & 1 "state = present ?? Playbook add scheduled task [[email protected] playbook] # ansible oldboy-a "crontab-L" 172.16.1.41 | Success | rc = 0 >># time sync by lidao at */5 * ***/usr/sbin/ntpdate ntp1.aliyun.com>/dev/null 2> & 1 # Check & send result Lee at 2017-01-0100 03 ***/bin/sh /Server/scripts/check. sh>/dev/null 2> & 1172.16.1.31 | Success | rc = 0 >># time sync by lidao at */5 *****/usr/sbin/ntpdate ntp1.aliyun.com> /dev/null 2> & 1
View

2. Add scheduled tasks to playbook

Tab is not supported.
- hosts: oldboy  tasks:  - name: add restart network cron    cron: name="restart network" minute=00 hour=00 job="/etc/init.d/network restart >/dev/null 2>&1" state=present- hosts: oldboy  tasks:  - name: add restart network cron    cron:    name: restart network    minute: 00    hour: 00    job: /etc/init.d/network restart >/dev/null 2>&1    state: present
Two writing formats
 

Example 3: Configure multiple tasks for the same machine

Restart NETWORK SERVICE

Install software yum

Display time information to file date

[[Email protected] playbook] # cat manage. yml-hosts: all tasks:-Name: restart network service: # service name: Network # server name state: restarted # status-Name: Install tree NMAP lrzsz iftop htop iotop NC shell: yum install-y tree NMAP lrzsz iftop htop iotop nc-Name: print date to file shell: date + % F>/tmp/date. log
View
 
?
[[Email protected] playbook] # Cat hosts. yml-hosts: 172.16.1.41 tasks:-Name: mkdir shell: mkdir-P/oldboy/backup-hosts: 172.16.1.31 tasks:-Name: Find shell: find/etc-type F-name "*. conf ">/tmp/name. how to Use pssh (pssh pscp prsync) to configure sersync data synchronization on the NFS server of the rsync server installed on logansible)
View

W9 ansible Batch Management and Maintenance

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.