1、基础配置

1.1、环境

主机配置
ansible版本：2.7.4
控制端：centos7.4，IP：192.168.1.213，主机名：operation
被控制端：
centos6.5，IP：192.168.1.216，主机名：master；
centos6.5，IP：192.168.1.217，主机名：slave
centos7.3，IP：192.168.1.214，主机名：lzcx

# 系统设置
# centos6.5
service iptables stop
chkconfig iptables off
sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config
setenforce Permissive
# 控制端
sed -i 's/localhost.localdomain/master/' /etc/hosts
# 被控制端
sed -i 's/localhost.localdomain/slave/' /etc/hosts
# centos7.4
systemctl stop firewalld
systemctl disable firewalld
sed -i '/^SELINUX=/s/enforcing/disabled/' /etc/selinux/config
# 3台机器重启
shutdown -r now
# 安装常命令
yum install wget vim lrzsz gcc xz -y

控制端安装python3.7和ansible

# 依赖安装
yum -y install epel-release
yum -y install openssl openssl-devel openssl-static python-pip python-devel zlib-devel libffi-devel python-rpm-macros
# 下载python3.7
wget -c https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tar.xz
tar -Jxf Python-3.7.0.tar.xz
mkdir -p /usr/local/python3
cd ./Python-3.7.0
./configure --prefix=/usr/local/python3/
make
make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
# 安装ansible
pip3 install ansible

1.2、创建ansible管理用户

生产环境中，不允许root通过ssh登录，所以选择一个普通用户做ansible的管理账户。这里的环境是新主机，刚刚申请后只有一个root用户，以下脚本完成ansible新建管理用户和实现管理用户的密钥分发，注意需要安装sshpass，脚本会检查，默认所有机器的root密码一样。

以下是批量部署，创建ansible用户、密钥分发和实现sudo权限，可以自定义用户名和密码

#!/bin/bash########################################################################## File Name: batch_users.sh# file_path: /root/script/batch_users.sh # Author: 浪子尘心# Mail: 536418286@qq.com# Created Time: 2018-11-09 17:43:02# Last Changed: 2018-11-09 17:58:53# Description: batch create users in linux# Version: 0.1#########################################################################which sshpass > /dev/null 2>&1
if [ $? -ne 0 ];then
echo "don't exist sshpass,please install sshpas"
exit;
fi# select a user for ansible manager
ansible_user='ansible'# passwd of ansible user
user_passwd='123456@Ap'# root passwd
root_passwd='123456!Ab'# creater a user
useradd ${ansible_user}# change user passwd
echo ${user_passwd} | passwd --stdin ${ansible_user}# make user to be the power of root
sed -i "92a ${ansible_user}     ALL=(ALL)       NOPASSWD: ALL" /etc/sudoers# create private key
su - ${ansible_user} -c "ssh-keygen -t rsa -f /home/${ansible_user}/.ssh/id_rsa -N '' -q"# config the public key
su - ${ansible_user} -c "sshpass -p${user_passwd} ssh-copy-id -i /home/${ansible_user}/.ssh/id_rsa.pub ${ansible_user}@127.0.0.1 -o StrictHostKeyChecking=no"# batch create users and send public key
for line in `cat /root/script/ip_list.txt`
do
# create a user and change user passwd and make user to be root on remote
sshpass -p"${root_passwd}" ssh -o StrictHostKeyChecking=no root@${line} "useradd ${ansible_user} ; echo ${user_passwd} | passwd --stdin ${ansible_user} ; sed -i '92a ${ansible_user}     ALL=(ALL)       NOPASSWD: ALL' /etc/sudoers"# send public key
su - ${ansible_user} -c "sshpass -p${user_passwd} ssh-copy-id -i /home/${ansible_user}/.ssh/id_rsa.pub ${ansible_user}@${line} -o StrictHostKeyChecking=no"
done`

1.3、配置清单

下文中组名为 yuhui 的修改为 lzcx ，ip不变

[monitor]
192.168.1.213[centos6]
192.168.1.[216:217][lzcx]
192.168.1.214# 额外添加测试机器
[mysql]
192.168.1.20
192.168.1.21[gzyk]
192.168.1.130
192.168.1.38[dgyk]
192.168.1.162[uim]
192.168.1.98[yhgl]
192.168.1.172