##ansible集中化自动管理
目标:1、生成公钥,并上传ssh的公钥到被控端主机
2、在ansible的主控端配置本地yum源和网络yum源
3、安装ansible,用ansible上传yum源目录到被控端主机。
4、用ansible管理被控端主机的系统、软件和服务。
5、用playbooks剧本(yaml脚本文件)来管理被控端。
各种网络yum仓库:
6zabbix-2.4: rpm -ivh http://repo.zabbix.com/zabbix/2.4/rhel/6/x86_64/zabbix-release-2.4-1.el6.noarch.rpm
6zabbix-3.2(兼容性不好,可能无法安装): http://repo.zabbix.com/zabbix/3.4/rhel/6/x86_64/
7zabbix-2.4: rpm -ivh http://repo.zabbix.com/zabbix/2.4/rhel/7/x86_64/zabbix-release-2.4-1.el7.noarch.rpm
7zabbix-3.2: rpm -ivh http://repo.zabbix.com/zabbix/3.4/rhel/7/x86_64/zabbix-release-3.4-1.el7.centos.noarch.rpm
centos6: wget -O /etc/yum.repos.d/6CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
6epel源:wget -O /etc/yum.repos.d/6epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
centos7: wget -O /etc/yum.repos.d/7CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
7epel源:wget -O /etc/yum.repos.d/7epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
网络环境:
asible主控端:192.168.10.1
ansible被控端:192.168.10.10~192.168.10.20
具体实施:
1、生成公钥,并上传ssh的公钥到被控端主机
第1步,在asible主控端生成公钥。
ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''
yum install -y expect
第2步,批量上传公钥到被控端。
for i in 11
do
ssh-copy-id [email protected].$i
ssh [email protected].$i ip a
done
ssh-add
sed -ri '/^#UseDNS/c\UseDNS no' /etc/ssh/sshd_config
sed -ri '/^GSSAPIAuthentication/c\GSSAPIAuthentication no' /etc/ssh/sshd_config
grep -En '^UseDNS|^GSSAPIAuth' /etc/ssh/sshd_config
2、在ansible的主控端配置本地yum源和网络yum源。
cd /etc/yum.repos.d
mkdir -pv bak
mv -vf *.repo bak/
wget -O /etc/yum.repos.d/6epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
wget -O /etc/yum.repos.d/6CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
rpm -ivh http://repo.zabbix.com/zabbix/2.4/rhel/6/x86_64/zabbix-release-2.4-1.el6.noarch.rpm
sed -ri 's/\$releasever/6/g' 6CentOS-Base.repo
cat > rhel6.5.repo <<-EOF
[rhel6.5]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=file:///dvd
enabled=1
gpgcheck=0
EOF
yum clean all
yum makecache fast
yum list zabbix ansible
yum install zabbix-server-mysql zabbix-web-mysql zabbix-agent --enablerepo=zabbix -y
rpm -qa |grep zabbix
3、安装ansible,用ansible上传yum源到被控端主机。
yum install -y ansible
yum install -y curl elinks lynx createrepo
grep -b2 '^\[test\]' /etc/ansible/hosts || echo -e '[test]\n192.168.10.11\n192.168.10.12' >> /etc/ansible/hosts
ansible test -m ping
ansible test -m copy -a 'src=/etc/ssh/sshd_config dest=/etc/ssh/'
ansible test -m shell -a 'service sshd restart'
ansible test -m shell -a 'rm -rf /etc/yum.repos.d/*;ls /etc/yum.repos.d/'
ansible test -m copy -a 'src=/etc/yum.repos.d/ dest=/etc/yum.repos.d/ force=yes mode=755'
ansible test -m shell -a 'ls /etc/yum.repos.d'
4、用ansible管理被控端主机的系统、软件和服务。
ansible test -m shell -a 'rpm -q httpd mysql-server php'
ansible test -m yum -a 'name=httpd state=present'
ansible test -m yum -a 'name=mysql-server state=present'
ansible test -m yum -a 'name=php state=present'
ansible test -m shell -a 'rpm -q httpd mysql-server php'
ansible test -m service -a 'name=httpd state=restarted enabled=1'
ansible test -m service -a 'name=mysqld state=restarted enabled=1'
ansible test -m shell -a 'yum install -y curl elinks lynx createrepo --enablerepo=rhel6.5'
ansible test -m shell -a 'rpm -q curl elinks lynx createrepo'
ansible test -m shell -a "echo '' > /var/www/html/p.php"
ansible test -m shell -a "echo 'apache test' > /var/www/html/a.html"
ansible test -m shell -a 'curl 127.0.0.1/a.html'
ansible test -m shell -a 'mysql -e "grant all on *.* to admin identified by 'admin with grant option;flush privileges'"'
ansible test -m shell -a 'mysql -uadmin -padmin -e "show databases;select user,host,password from mysql.user;"'
5、用playbooks剧本(yaml脚本文件)来管理被控端。
目标1:编写一个playbooks剧本install_lamp.yaml,实现全自动部署LAMP环境。
vim install_lamp.yaml
- hosts: all
vars:
http_port: 80
remote_user: root
tasks:
- name: apache
yum: pkg=httpd state=present
notify:
- apache restart
- name: mysql-server
yum: pkg=mysql-server state=present
notify:
- mysqld restart
- name: php
yum: pkg=php state=present
handlers:
- name: apache restart
service: name=httpd state=restarted
- name: mysqld restart
service: name=mysqld state=restarted
运行剧本:ansible-playbook install_lamp.yaml
验证:ansible test -m shell -a 'rpm -q httpd mysql-server php'
目标2:编写一个playbooks剧本remove_lamp.yaml,实现全自动卸载LAMP环境。
vim remove_lamp.yaml
- hosts: all
vars:
http_port: 80
remote_user: root
tasks:
- name: apache
yum: pkg=httpd state=absent
- name: mysql-server
yum: pkg=mysql-server state=absent
- name: php
yum: pkg=php state=absent
运行剧本:ansible-playbook remove_lamp.yaml
验证:ansible test -m shell -a 'rpm -q httpd mysql-server php'