SSH and ansible deployment methods

Deployment environment

Management server 172.16.1.61

NFS Server 172.16.1.31

Backup server 172.16.1.41

1 Check whether the SSH service is running and start the service

Netstat-lntup | grep SSH Check whether the current service is running

/ etc/init.d/sshd status Start SSH Service

2. DSA key authentication for creating SSH service (three confirmations: confirming the private key path, confirming whether to set the private key password, reconfirming)

[root@Manager-61 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):  Default location of private and public keys
Enter passphrase (empty for no passphrase): Whether to set a password or not
Enter same passphrase again: Reconfirmation
Your identification has been saved in /root/.ssh/id_dsa.   Location where the private key is stored
Your public key has been saved in /root/.ssh/id_dsa.pub. Location where the public key is stored
The key fingerprint is:
de:15:6d:ae:2c:27:e3:6a:80:4a:a3:be:8b:be:4b:eb root@Manager-61
The key's randomart image is:
+--[ DSA 1024]----+
|                 |
|             .   |
|            . o  |
|             +   |
|     .  S   . .  |
|  o . .. . o .   |
| + o   .. = +    |
|+ o     .. =     |
|=E=    ....      |
+-----------------+

3 Send public key information to nfs server (172.16.1.31)

[root@Manager-61 ~]# ssh-copy-id -i /root/.ssh/id_dsa 172.16.1.31
root@172.16.1.31's password: Need confirmation nfs Server password
Now try logging into the machine, with "ssh '172.16.1.31'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
     //Create key pairs without interaction
[root@Manager-61 ~]ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""

4. Implementing public key distribution through non-interaction (select the dependency package yum install sshpass that needs to be installed)

 [root@Manager-61 ~]# sshpass ssh-copy-id -i /root/.ssh/id_dsa.pub  172.16.1.31
     //Non-interactive distribution
[root@Manager-61~]#sshpass -p123123 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.31"

5 Implementing Method of Creating Key and Distributing Public Key in Batch by Using Script

 [root@Manager-61 scripts]# cat piliang.sh 
#!bin/bash
rm -f /root/.ssh/id_dsa*
ssh-keygen -t dsa -f /root/.ssh/id_dsa -N ""
for ip in 31 41 7
do
sshpass ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 172.16.1.$ip"
done

Execute script testing

[root@Manager-61 scripts]# sh piliang.sh 
Generating public/private dsa key pair.
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
27:8d:70:e4:c5:2e:d3:8a:62:5f:0b:1e:e6:d6:de:f0 root@Manager-61
The key's randomart image is:
+--[ DSA 1024]----+
|        ...      |
|       o ..      |
|      . oo       |
|       oooo      |
|       .S+o      |
|    o = oo       |
|   . * =..       |
|      = o+       |
|     . .. E      |
+-----------------+
Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no 172.16.1.31'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no 172.16.1.41'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting

6 Batch Check Test Scripts

[root@Manager-61 scripts]# cat piliang_chack.sh 
#!bin/bash
if [ $# -ne 1 ]
then
     echo "pleash input one agrs"
     exit 1
fi
for ip in 31 41 7
do 
  echo =====info 172.16.1.$ip======
  ssh 172.16.1.$ip $1
  echo ""
done
[root@Manager-61 scripts]# sh piliang_chack.sh ls
=====info 172.16.1.31======
anaconda-ks.cfg
install.log
install.log.syslog

=====info 172.16.1.41======
anaconda-ks.cfg
install.log
install.log.syslog

7 Installation of Ansible Software

Yum install-y ansible (based on epor source)

Client-side installable software

yum inistall -y libselinux-python

8 Adding Address and Group Name of Administered Host to Realize Batch Management (hosts file is hosts in ansible software)

[root@Manager-61 ansible]# cat hosts

[server 1] - > Set up the management group name

172.16.1.31 - > Host Address to be Administered

172.16.1.41 ansible_user=root ansible_password=123123 - > Setting login password without public key can also be remote

Introduction to Common Batch Management Module Commands in Ansible

Ansible Software Document Official Address docs.ansible.com

Grammatical Format:

ansible manages host / remote host group / all hosts - m module name - a "related module parameters"

- m. Specify the corresponding module

- a) Parameter functions in modules

- k) Using passwords for management (interactive mode)

- doc, View Module Information, Help Command

- s) Find the specified command parameters

Color Representation

Green: View remote information without making any changes to the remote host

Red: Exceptional error reporting during execution

Yellow: Modify remote hosts

Pink: Warning Tips

a) command command module

(chdir) Switch directories before executing commands

Create to determine whether a file exists, exists, skips, and executes after nonexistence

removes determines whether a file exists, executes if it exists, and does not skip

[root@m01 ansible]# ansible 172.16.1.31 -m command -a "chdir=/tmp/ pwd"
172.16.1.31 | SUCCESS | rc=0 >>
/tmp 

[root@Manager-61 ~]# ansible 172.16.1.31 -m command -a "creates=/etc/rsyncd.conf hostname" 
172.16.1.31 | SUCCESS | rc=0 >>
NFS-31

[root@Manager-61 ~]# ansible 172.16.1.41 -m command -a "creates=/etc/rsyncd.conf hostname" 
172.16.1.41 | SUCCESS | rc=0 >>
skipped, since /etc/rsyncd.conf exists

b) shell module (universal module)

chdir Switching Directories Before Executing Commands

Create to determine whether a file exists, skip exists, and follow-up commands are executed if none exists

removes determines whether a file exists, executes subsequent commands if it exists, and does not skip

free_form Execution Module Information Must Have linux Legal Command Information

c) script script module

chdir Switching Directories Before Executing Commands

Create to determine whether a file exists, skip exists, and follow-up commands are executed if none exists

removes determines whether a file exists, executes subsequent commands if it exists, and does not skip

free_form Execution Module Information Must Have linux Legal Command Information

 ansible 172.16.1.41 -m script -a "/server/script/yum.sh"

File Type Module

d) copy push module

backup

owner Sets the copyed file to be sovereign

grop Setting File Group Permissions After Copying

mode. Set file permissions after copying (600 755)

src. Source Address - Push Data Information

dest. Remote Target Directory

 ansible 172.16.1.41 -m copy -a "src=/tmp/file01.txt dest=/tmp"
 ansible 172.16.1.41 -m copy -a "src=/tmp/file01.txt dest=/tmp backup=yes" 

e) file File Properties Module (Modification/Creation)

owner sets the sovereignty of copied files

grop Sets Copied File Group Permissions

mode. Set file permissions after copying (600 755)

state Specifies Creating Files or Directories = touch Creating Files = directory Creating Directories

[root@Manager-61 ~]# ansible 172.16.1.41 -m file -a "dest=/tmp/fil01.txt owner=oldboy group=oldboy mode=600"
[root@Manager-61 ~]# ansible 172.16.1.41 -m file -a "dest=/tmp/fil01.txt state=touch"
172.16.1.41 | SUCCESS => {
    "changed": true, 
    "dest": "/tmp/fil01.txt", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}

f) yum package management module

Name. Execute the name of the software to be installed

state = installed / latest (installation) = abset / removed (uninstall)

list. Specify the name of the software to see if it is installed

  ansible 172.16.1.41 -m yum -a "name=iftop state=installed"
  ansible 172.16.1.41 -m yum -a "name=iftop state=removed"
  ansible 172.16.1.41 -m yum -a "list=iftop"

System module type

g) service Management service Status Module

Name: Specify the name of the management service (which must be visible in chkconfig)

state = stop = start = restarted = Reloaded

Whether enable d boot is self-starting (yes/on)

 ansible 172.16.1.41 -m service -a "name=crond state=stopped enabled=no"   
             Timing Task Stops and does not Boot Self-Start

h) cron Timing Task Module

name Setting Timing Task name

Set Minutes

Set hour s

Set up the day

month

Wekday Setting Week

job Setting Tasks

absent Delete Timing Tasks

Disabled = yes (add comments) = no (cancel comments)

 ansible 172.16.1.41 -m cron -a "name=oldboy minute=0 hour=0 job='/bin/sh /service/scripts/test.sh &>/dev/null'"
  //Add Timing Tasks
 ansible 172.16.1.41 -m cron -a "name=oldboy minute=0 hour=0 job='/bin/sh /service/scripts/test.sh &>/dev/null' state=absent"
 ansible 172.16.1.41 -m cron -a "name=oldboy state=absent"
  //Delete the specified timing task

ansible command

- k) Using passwords for management (interactive mode)

- doc, View Module Information, Help Command

- s) Find the specified command parameters

Colour summary

Green: View remote information without making any changes to the remote host

Red: Exceptional error reporting during execution

Yellow: Modify remote hosts

Pink: Warning Tips