ansible第一次作业
1.安装并配置Ansible
在控制节点上安装并配置 Ansible, 要求如下:
安装所需的钦件包
- 创建静态 inventory 文件 /home/devops/ansible/inventory, 要求如下:
- servera 属于dev 主机组
- serverb 属于 test 和 balancers 主机组
- serverc 和 serverd 满于 prod 主机组
- prod 主机组属于 Webserver 主机组
- 创建 ansible配置文件/home/devops/ansible/ansible.cfg , 要求如下 :
- 使用 /home/devaps/ansible/inventory 清单文件
- 角色 role目录存放在 /home/devops/ansible/roles
1.通过SSH连接到devops用户中
ssh devops@workstation
2.安装ansible
[devops@workstation ~]$ sudo yum install ansible -y
Last metadata expiration check: 0:41:52 ago on Sat 02 Apr 2022 03:35:12 PM GMT.
Package ansible-2.8.0-1.el8ae.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
3.创建ansible,roles目录,并在此目录创建inventory文件;
[devops@workstation ~]$ mkdir ansible
[devops@workstation ~]$ cd ansible
[devops@workstation ~]$ mkdir -p ansible/roles
[devops@workstation ansible]$ vim /home/devops/ansible/inventory
4.在inventory文件中创建相应的主机组
[devops@workstation ansible]$ vim /home/devops/ansible/inventory
[dev]
servera
[blancers]
serverb
[test]
serverb
[prod]
server[c:d]
[Webserver:children]
prod
5.创建清单文件
vim /home/devops/ansible/ansible.cfg
不会写,可以在连一个终端
ssh devops@workstation
vim /etc/ansible/ansible.cfg
[defaults]
inventory = /home/devops/ansible/inventory
roles_path = /home/devops/ansible/roles
host_key_checking = False
6.在配置主机中的文件中添加变量
[devops@workstation ansible]$ vim inventory
[dev]
servera
[blancers]
serverb
[test]
serverb
[prod]
server[c:d]
[Webserver:children]
prod
[all:vars]
ansible_user = root
ansible_password = redhat
7.验证
ansible all -m ping
方法2:
vim inventory
[dev]
servera
[blancers]
serverb
[test]
serverb
[prod]
server[c:d]
[Webserver:children]
prod
vim ansible.cfg
[defaults]
inventory = /home/devops/ansible/inventory
roles_path = /home/devops/ansible/roles
remote_user = devops
ask_pass = False
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
cd
cd .ssh
ssh-keygen -f ~/.ssh/id_rsa -P '' -q
ls
id_rsa id_rsa.pub known_hosts
for i in {a..d};do echo server$i;done
for i in {a..d};do ssh-copy-id server$i;done
密码:redhat
for i in {a..d};do ssh server$i hostname;done
cd /home/devops/ansible/
ansible all -m ping
补充:
logout
ssh root@serverc
visudo
cd /etc/sudoers.d/
ls devops
vim devops
devops ALL=(ALL) NOPASSWD:ALL
2.创建并运行 Ansibie ad-hoc 命令
创建一个 shell 脚本名为 adhoc.sh 用以运行 ad-hoc 命令 . 为每个受控节点配罝 yum仓库. 要求如下:
仓库1 :
- Name: RH294_Base
- Description: RH294 base software
- Base urt: http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
- 需要验证钦件包 GPG 签名
- GPG key 在: /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
- 启用此软件仓库
仓库 2:
- Name: RH294_Stream
- Description : RH294 stream software
- Base url: http://content.example.com/rhel8.0/x86_64/dvd/AppStream
- 需要验证软件包 GPG 签名
- GPG key 在: /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
- 启用此软件仓库
如果不会
ansible-doc -l | grep yum
yum Manages packages with the 'yum' package manager
yum_repository Add or remove YUM repositories
查看帮助:
ansible-doc yum_repository
:EXAM
ansible dev -m yum_repository \
> -a 'name="RH294_Base" description="RH294 base software" \
> baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS \
> gpgcheck=yes \
> gpgkey=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \
> enabled=yes'
验证:ansible dev -a ‘ls /etc/yum.repods.d’
开始:
vim adhoc.sh
#! /bin/bash
ansible all -m yum_repository \
-a 'name="RH294_Base" description="RH294 base software" \
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS \
gpgcheck=yes \
gpgkey=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \
enabled=yes'
ansible all -m yum_repository \
-a 'name="RH294_Stream" description="RH294 stream software" \
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream \
gpgcheck=yes \
gpgkey=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release \
enabled=yes'
:x保存
增加执行权限:
chmod +x adhoc.sh
运行:
./adhoc.sh
验证:
ansible all -a 'yum repolist'