1. 安装 Ansible
1.1 安装必要的软件
sudo apt update
sudo apt install -y python3-venv python3-pip sshpass
1.2 使用 venv 方式安装 Ansible
python3 -m venv ~/ansible_venv
source ~/ansible_venv/bin/activate
pip install --upgrade pip
pip install ansible
每次使用 Ansible 时,需激活环境:
source ~/ansible_venv/bin/activate
ansible --version
可选:创建全局命令软链接
sudo ln -s ~/ansible_venv/bin/ansible /usr/local/bin/ansible
sudo ln -s ~/ansible_venv/bin/ansible-playbook /usr/local/bin/ansible-playbook
2. 安装 Ansible 网络管理插件
ansible-galaxy collection install \
amazon.aws:9.1.1 \
ansible.netcommon:7.1.0 \
ansible.posix:1.6.2 \
ansible.utils:5.1.2 \
ansible.windows:2.7.0 \
arista.eos:10.0.1 \
awx.awx:24.6.1 \
azure.azcollection:3.1.0 \
check_point.mgmt:6.2.1 \
chocolatey.chocolatey:1.5.3 \
cisco.aci:2.10.1 \
cisco.asa:6.1.0 \
cisco.dnac:6.28.0 \
cisco.intersight:2.0.20 \
cisco.ios:9.1.0 \
cisco.iosxr:10.3.0 \
cisco.ise:2.10.0 \
cisco.meraki:2.20.5 \
cisco.mso:2.9.0 \
cisco.nxos:9.3.0 \
cisco.ucs:1.15.0 \
cloud.common:4.0.0 \
cloudscale_ch.cloud:2.4.1 \
community.aws:9.0.0 \
community.ciscosmb:1.0.10 \
community.crypto:2.24.0 \
community.digitalocean:1.27.0 \
community.dns:3.1.2 \
community.docker:4.3.1 \
community.general:10.3.0 \
community.grafana:2.1.0 \
community.hashi_vault:6.2.0 \
community.hrobot:2.1.0 \
community.library_inventory_filtering_v1:1.0.2 \
community.libvirt:1.3.1 \
community.mongodb:1.7.9 \
community.mysql:3.12.0 \
community.network:5.1.0 \
community.okd:4.0.1 \
community.postgresql:3.10.2 \
community.proxysql:1.6.0 \
community.rabbitmq:1.4.0 \
community.routeros:3.3.0 \
community.sap_libs:1.4.2 \
community.sops:2.0.1 \
community.vmware:5.3.0 \
community.windows:2.3.0 \
community.zabbix:3.2.0 \
containers.podman:1.16.2 \
cyberark.conjur:1.3.2 \
cyberark.pas:1.0.30 \
dellemc.enterprise_sonic:2.5.1 \
dellemc.openmanage:9.10.0 \
dellemc.powerflex:2.6.0 \
dellemc.unity:2.0.0 \
f5networks.f5_modules:1.34.1 \
fortinet.fortimanager:2.8.2 \
fortinet.fortios:2.3.9 \
google.cloud:1.5.0 \
grafana.grafana:5.7.0 \
hetzner.hcloud:4.2.2 \
ibm.qradar:4.0.0 \
ibm.spectrum_virtualize:2.0.0 \
ibm.storage_virtualize:2.6.0 \
ieisystem.inmanage:3.0.0 \
infinidat.infinibox:1.4.5 \
infoblox.nios_modules:1.7.1 \
inspur.ispim:2.2.3 \
junipernetworks.junos:9.1.0 \
kaytus.ksmanage:2.0.0 \
kubernetes.core:5.1.0 \
kubevirt.core:2.1.0 \
lowlydba.sqlserver:2.5.0 \
microsoft.ad:1.8.0 \
netapp.cloudmanager:21.24.0 \
netapp.ontap:22.13.0 \
netapp.storagegrid:21.13.0 \
netapp_eseries.santricity:1.4.1 \
netbox.netbox:3.20.0 \
ngine_io.cloudstack:2.5.0 \
openstack.cloud:2.4.1 \
ovirt.ovirt:3.2.0 \
purestorage.flasharray:1.32.0 \
purestorage.flashblade:1.19.2 \
sensu.sensu_go:1.14.0 \
splunk.es:4.0.0 \
telekom_mms.icinga_director:2.2.2 \
theforeman.foreman:4.2.0 \
vmware.vmware:1.9.0 \
vmware.vmware_rest:4.5.0 \
vultr.cloud:1.13.0 \
vyos.vyos:5.0.0 \
wti.remote:1.0.10
3. 配置 /etc/ansible/hosts
sudo mkdir -p /etc/ansible
sudo touch /etc/ansible/hosts
sudo chmod 644 /etc/ansible/hosts
# Cisco IOS 设备
[cisco_ios]
2960-1 ansible_host=xxxxxxx ansible_user=admin ansible_password=”xxxxxxx” ansible_port=22 ansible_network_os=cisco.ios ansible_connection=network_cli
2960-2 ansible_host=xxxxxxx ansible_user=admin ansible_password=”xxxxxxx” ansible_port=22 ansible_network_os=cisco.ios ansible_connection=network_cli
2960-3 ansible_host=xxxxxxx ansible_user=admin ansible_password=”xxxxxxx” ansible_port=22 ansible_network_os=cisco.ios ansible_connection=network_cli
2960-4 ansible_host=xxxxxxx ansible_user=admin ansible_password=”xxxxxxx” ansible_port=22 ansible_network_os=cisco.ios ansible_connection=network_cli
# Cisco NX-OS 设备
[cisco_nxos]
N9K ansible_host=xxxxxxx ansible_user=admin ansible_password=”xxxxxxx” ansible_port=22 ansible_network_os=cisco.nxos ansible_connection=network_cli
N3K ansible_host=xxxxxxx ansible_user=admin ansible_password=”xxxxxxx” ansible_port=22 ansible_network_os=cisco.nxos ansible_connection=network_cli
N5K ansible_host=xxxxxxx ansible_user=admin ansible_password=”xxxxxxx” ansible_port=22 ansible_network_os=cisco.nxos ansible_connection=network_cli
# 设备分组
[all_network_devices:children]
cisco_ios
cisco_nxos
4. SSH 跳板机功能
4.1 设备列表查看
创建 /usr/local/bin/show_devices:
4.2 选择设备登录
创建 /usr/local/bin/jump
#!/bin/bash
echo “===== 请选择要连接的设备 =====”
# **过滤空行和注释,解析设备列表**
mapfile -t devices < <(awk ‘!/^#|^$/ && /ansible_host/ {print $1}’ /etc/ansible/hosts)
# **显示设备列表(确保序号正确)**
for i in “${!devices[@]}”; do
echo “$((i+1)). ${devices[$i]}”
done
# **用户选择设备**
read -p “输入设备编号: ” choice
if [[ -z “$choice” || “$choice” -lt 1 || “$choice” -gt “${#devices[@]}” ]]; then
echo “无效选择,请输入正确编号。”
exit 1
fi
# **解析所选设备的 IP、用户名、密码、端口**
selected_device_line=$(awk ‘!/^#|^$/ && /ansible_host/ {print $1, $2, $3, $4, $5}’ /etc/ansible/hosts | sed -n “${choice}p”)
device_name=$(echo “$selected_device_line” | awk ‘{print $1}’)
ip=$(echo “$selected_device_line” | awk ‘{print $2}’ | sed ‘s/ansible_host=//g’)
user=$(echo “$selected_device_line” | awk ‘{print $3}’ | sed ‘s/ansible_user=//g’)
pass=$(echo “$selected_device_line” | awk ‘{print $4}’ | sed ‘s/ansible_password=//g’ | sed ‘s/”//g’)
port=$(echo “$selected_device_line” | awk ‘{print $5}’ | sed ‘s/ansible_port=//g’)
# **检查解析是否成功**
if [[ -z “$ip” || -z “$user” || -z “$pass” || -z “$port” || ! “$port” =~ ^[0-9]+$ ]]; then
echo “解析端口错误!请检查 /etc/ansible/hosts,确保 ansible_password 和 ansible_port 存在,并按正确顺序排列。”
echo “当前解析结果: device_name=’$device_name’, ip=’$ip’, user=’$user’, pass=’$pass’, port=’$port'”
exit 1
fi
echo “正在连接到设备 $device_name ($ip:$port) …”
# **使用特定的加密算法**
sshpass -p “$pass” ssh -tt -p “$port” \
-o KexAlgorithms=+diffie-hellman-group14-sha1 \
-o HostKeyAlgorithms=+ssh-rsa \
-o StrictHostKeyChecking=no \
“$user@$ip”
chmod +x /usr/local/bin/jump
修改 ~/.ssh/config 以自动适配老旧 Cisco 设备
Host xxxxx.*
KexAlgorithms +diffie-hellman-group14-sha1
HostKeyAlgorithms +ssh-rsa
手动测试
sshpass -p “Password” ssh -vvv -o KexAlgorithms=+diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa admin@IP -p 22