@

ssh "$@" "
exec sh -c '

         cd ; 
         umask 077 ; 
         mkdir -p .ssh && 
         cat >> .ssh/authorized_keys || exit 1 ; if type restore
         con >/dev/null 2>&1 ; 
         then restorecon -F .ssh .ssh/authorized_keys ; 
         fi'"

sshpass -p123456 ssh 172.16.1.7 hostname

ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''

-t 指定秘钥类型 das rsa

-f 指定私钥位置

-P 指定密码短语

sshpass -p 123456 ssh -oStrictHostKeyChecking=no 172.16.1.7 hostname
web01

sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no 172.16.1.7

for循环
格式:
for 变量 in 列表（清单）
do
命令
done

for ip in 7 41 {1..6}
do
echo 172.16.1.$ip
done

批量分发秘钥到 172.16.1.7 和172.16.1.41 写出for循环

创建秘钥 ：
ssh-keygen -t dsa   -f ~/.ssh/id_dsa -P ''



[root@m01 ~]# vim /server/scripts/fenfa.sh
#!/bin/bash

#make  key pair 
ssh-keygen -t dsa   -f ~/.ssh/id_dsa -P ''

#fenfa  public key 
for  ip  in    7 41  31
do 
   sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no  172.16.1.$ip
done 


for  ip  in    7 41  31 ; 
do 
   sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no  172.16.1.$ip
   sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no  172.16.1.$ip
   sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no  172.16.1.$ip
   sshpass -p123456 ssh-copy-id -oStrictHostKeyChecking=no  172.16.1.$ip
done 

/etc/ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts
/etc/ansible/roles








[root@m01 ~]# tail -3 /etc/ansible/hosts
[oldboy]
172.16.1.7
172.16.1.41
[root@m01 ~]# ansible oldboy  -m ping 
172.16.1.41 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
172.16.1.7 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
[root@m01 ~]# ansible oldboy  -m command   -a 'hostname '
172.16.1.41 | CHANGED | rc=0 >>
backup

172.16.1.7 | CHANGED | rc=0 >>
web01

[root@m01 ~]# ansible oldboy     -a 'hostname '
172.16.1.41 | CHANGED | rc=0 >>
backup

172.16.1.7 | CHANGED | rc=0 >>
web01

[root@m01 ~]# ansible 172.16.1.7     -a 'hostname '
172.16.1.7 | CHANGED | rc=0 >>
web01
[root@m01 ~]# ansible all     -a 'hostname '
172.16.1.7 | CHANGED | rc=0 >>
web01

172.16.1.41 | CHANGED | rc=0 >>
backup

[root@m01 ~]# #ansible all   -m copy -a 'src=/etc/hostname   dest=/tmp/'
[root@m01 ~]# 
[root@m01 ~]# 
[root@m01 ~]# ansible all   -a 'cat /tmp/hostname '
172.16.1.7 | CHANGED | rc=0 >>
m01

172.16.1.41 | CHANGED | rc=0 >>
m01

ansible-doc -s copy
https://docs.ansible.com/ansible/latest/modules/modules_by_category.html

scipt 模块

[root@m01 ~]# #ansible all  -m script  -a "/server/scripts/yum.sh"
[root@m01 ~]# ansible all -a 'rpm -qa ipvsadm'
 [WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.  If you need to use command because
yum, dnf or zypper is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.

172.16.1.41 | CHANGED | rc=0 >>
ipvsadm-1.27-7.el7.x86_64

172.16.1.7 | CHANGED | rc=0 >>
ipvsadm-1.27-7.el7.x86_64

yum模块

ansible all   -m yum  -a 'name=sl state=present'

file模块

[root@m01 ~]# #ansible all -m file  -a 'path=/tmp/a/b/c/d/e/f/g   state=directory '
[root@m01 ~]# #ansible all -m file  -a 'path=/tmp/a/b/c/d/e/f/g/oldboy.txt   state=touch '
[root@m01 ~]# ansible all  -a 'tree  /tmp/ '

caiav 创建用户指定uid和gid 1111，不创建家目录也不允许登陆

groupadd -g 1111 caiav
useradd -u 1111 -g caiav -s /sbin/nologin -M caiav

ansible all -m group -a 'name=caiav gid=1111 state=present'
ansible all -m user -a 'name=caiav uid=1111 group=caiav shell=/sbin/nologin create_home=no '