1.安装和配置 Ansible
安装和配置 Ansible 按照下方所述,在控制节点 control 上安装和配置 Ansible: 安装所需的软件包 创建名为 /home/greg/ansible/inventory 的静态清单文件,以满足以下要求: node1 是 dev 主机组的成员 node2 是 test 主机组的成员 node3 和 node4 是 prod 主机组的成员 node5 是 balancers 主机组的成员 prod 组是 webservers 主机组的成员 创建名为 /home/greg/ansible/ansible.cfg 的配置文件,以满足以下要求: 主机清单文件为 /home/greg/ansible/inventory playbook 中使用的角色的位置包括 /home/greg/ansible/roles
#1.连接至普通用户greg,控制节点control [kiosk@foundation0 ~]$ ssh greg@control #2.安装ansible软件包 [greg@control ~]$ sudo yum install -y ansible [greg@control ~]$ rpm -q ansible ansible-2.9.15-1.el8ae.noarch #3.创建角色路径,并进入ansible目录 [greg@control ~]$ mkdir -p /home/greg/ansible/roles [greg@control ~]$ cd ansible/ [greg@control ansible]$ #4.创建名为 /home/greg/ansible/ansible.cfg 的配置文件 [greg@control ansible]$ ansible --version config file = /etc/ansible/ansible.cfg [greg@control ansible]$ cp /etc/ansible/ansible.cfg . [greg@control ansible]$ ansible --version config file = /home/greg/ansible/ansible.cfg [greg@control ansible]$ ls ansible.cfg roles #5.修改配置文件,在配置文件做免密操作 [greg@control ansible]$ vim ansible.cfg inventory = /home/greg/ansible/inventory #清单文件路径 #inventory = /etc/ansible/hosts /host host_key_checking = False #是否指纹解锁 #host_key_checking = False /remote remote_user = root #远程用户身份为root #remote_user = root /become [privilege_escalation] become=True #sudo提权 become_method=sudo become_user=root become_ask_pass=False #6.编写主机清单,在主机清单做免密操作 [greg@control ansible]$ vim /home/greg/ansible/inventory [all:vars] ansible_password=flectrag [dev] node1 [test] node2 [prod] node3 node4 [balancers] node5 [webservers:children] prod #7.进入ansible主配置文件,修改角色路径 [greg@control ansible]$ vim ansible.cfg roles_path = /home/greg/ansible/roles #roles_path = /etc/ansible/roles #8.检查清单是否正确 [greg@control ansible]$ ansible-inventory --graph #查看清单树 @all: |--@balancers: | |--node5 |--@dev: | |--node1 |--@test: | |--node2 |--@ungrouped: |--@webservers: | |--@prod: | | |--node3 | | |--node4 #9.测试免密 [greg@control ansible]$ ansible all -a "hostname" node4 | CHANGED | rc=0 >> node4.lab.example.com
2.创建和运行 Ansible 临时命令
创建和运行 Ansible 临时命令 作为系统管理员,您需要在受管节点上安装软件。 请按照正文所述,创建一个名为 /home/greg/ansible/adhoc.sh 的 shell 脚本,该脚本将使用 Ansible 临时命令在各个受管节点上安装 yum 存储库: 存储库1: 存储库的名称为 EX294_BASE 描述为 EX294 base software 基础 URL 为 http://content/rhel8.4/x86_64/dvd/BaseOS GPG 签名检查为启用状态 GPG 密钥 URL 为 http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release 存储库为启用状态 存储库2: 存储库的名称为 EX294_STREAM 描述为 EX294 stream software 基础 URL 为 http://content/rhel8.4/x86_64/dvd/AppStream GPG 签名检查为启用状态 GPG 密钥 URL 为 http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release 存储库为启用状态
#ansible-doc查询文档 [greg@control ansible]$ ansible-doc -l | grep yum yum yum_repository [greg@control ansible]$ ansible-doc yum_repository /EX gg /gpgkey /enabled #2.创建shell脚本文件 [greg@control ansible]$ vim /home/greg/ansible/adhoc.sh ========================================================================================= #!/bin/bash ansible all -m yum_repository -a "name=EX294_BASE description='EX294 base software' baseurl=http://content/rhel8.4/x86_64/dvd/BaseOS gpgcheck=yes gpgkey=http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes" ansible all -m yum_repository -a "name=EX294_STREAM description='EX294 stream software' baseurl=http://content/rhel8.4/x86_64/dvd/AppStream gpgcheck=yes gpgkey=http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes" ========================================================================================= #3.shell脚本文件添加执行权限,并运行 [greg@control ansible]$ chmod +x /home/greg/ansible/adhoc.sh [greg@control ansible]$ vim /home/greg/ansible/adhoc.sh [greg@control ansible]$ /home/greg/ansible/adhoc.sh #4.测试,验证 [greg@control ansible]$ ansible all -a "yum install -y ftp" Complete!
3.安装软件包
安装软件包 创建一个名为 /home/greg/ansible/packages.yml 的 playbook : 将 php 和 mariadb 软件包安装到 dev、test 和 prod 主机组中的主机上 将 RPM Development Tools 软件包组安装到 dev 主机组中的主机上 将 dev 主机组中主机上的所有软件包更新为最新版本
#1.设置行号显示,设置Tab格式 [greg@control ansible]$ vim ~/.vimrc set number ts=2 sw=2 et #2.创建playbook,编写playbook [greg@control ansible]$ ansible-doc yum /EX - name: ensure a list of packages installed yum: name: "{{ packages }}" vars: packages: - httpd - httpd-tools - name: install the 'Development tools' package group yum: name: "@Development tools" state: present - name: upgrade all packages yum: name: '*' state: latest [greg@control ansible]$ vim /home/greg/ansible/packages.yml ========================================================================================= 1 --- 2 - name: 安装软件包 3 hosts: dev,test,prod 4 tasks: 5 - name: ensure a list of packages installed 6 yum: 7 name: "{{ packages }}" 8 vars: 9 packages: 10 - php 11 - mariadb 12 13 - name: 安装软件包2 14 hosts: dev 15 tasks: 16 - name: install the package group 17 yum: 18 name: "@RPM Development Tools" 19 state: present 20 - name: upgrade all packages 21 yum: 22 name: '*' 23 state: latest ========================================================================================= #3.playbook安装 [greg@control ansible]$ ansible-playbook packages.yml #4.验证 [greg@control ansible]$ ansible dev,test,prod -a "rpm -q php mariadb" [greg@control ansible]$ ansible dev -a "yum grouplist" [greg@control ansible]$ ansible dev -a "yum update"
4.A 使用 RHEL 系统角色(NEW)
使用 RHEL 系统角色 安装 RHEL 系统角色软件包,并创建符合以下条件的 playbook /home/greg/ansible/selinux.yml : 在所有受管节点上运行 使用 selinux 角色 配置该角色,配置被管理节点的 selinux 为enforcing
#1.搜索软件包 [greg@control ansible]$ yum search roles rhel-system-roles.noarch #2.安装角色软件包 [greg@control ansible]$ sudo yum install -y rhel-system-roles.noarch #3.查看角色路径,角色路径放到配置文件 [greg@control ansible]$ rpm -ql rhel-system-roles.noarch /usr/share/ansible/roles [greg@control ansible]$ vim ansible.cfg 70 roles_path = /home/greg/ansible/roles:/usr/share/ansible/roles [greg@control ansible]$ ansible-galaxy list # /home/greg/ansible/roles - apache, (unknown version) # /usr/share/ansible/roles #4.查找配置文件样例,复制样例到playbook,修改playbook [greg@control ansible]$ rpm -ql rhel-system-roles.noarch | grep example /usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml [greg@control ansible]$ cp /usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml /home/greg/ansible/selinux.yml [greg@control ansible]$ vim /home/greg/ansible/selinux.yml #5.运行playbook [greg@control ansible]$ ansible-playbook selinux.yml #6.验证 [greg@control ansible]$ ansible all -a "grep ^SELINUX /etc/selinux/config" node4 | CHANGED | rc=0 >> SELINUX=enforcing SELINUXTYPE=targeted
1 --- 2 - hosts: all 3 vars: 4 timesync_ntp_servers: 5 - hostname: 172.25.254.254 6 iburst: yes 7 roles: 8 - rhel-system-roles.timesync
5.使用 Ansible Galaxy 安装角色
使用 Ansible Galaxy 安装角色 使用 Ansible Galaxy 和要求文件 /home/greg/ansible/roles/requirements.yml 。从以下 URL 下载角色并安装到 /home/greg/ansible/roles : http://materials/haproxy.tar 此角色的名称应当为 balancer http://materials/phpinfo.tar 此角色的名称应当为 phpinfo
#1.编写playbook文件 [greg@control ansible]$ vim /home/greg/ansible/roles/requirements.yml #2.安装角色 [greg@control ansible]$ ansible-galaxy role install -r /home/greg/ansible/roles/requirements.yml #3.验证 [greg@control ansible]$ ansible-galaxy list # /home/greg/ansible/roles - apache, (unknown version) - balancer, (unknown version) - phpinfo, (unknown version) # /usr/share/ansible/roles
1 --- 2 - src: http://materials/haproxy.tar 3 name: balancer 4 - src: http://materials/phpinfo.tar 5 name: phpinfo
6.创建和使用角色
创建和使用角色 根据下列要求,在 /home/greg/ansible/roles 中创建名为 apache 的角色: httpd 软件包已安装,设为在系统启动时启用并启动 防火墙已启用并正在运行,并使用允许访问 Web 服务器的规则 模板文件 index.html.j2 已存在,用于创建具有以下输出的文件 /var/www/html/index.html : 1 Welcome to HOSTNAME on IPADDRESS 其中,HOSTNAME 是受管节点的完全限定域名,IPADDRESS 则是受管节点的 IP 地址。 创建一个名为 /home/greg/ansible/apache.yml 的 playbook: 该 play 在 webservers 主机组中的主机上运行并将使用 apache 角色
[greg@control ansible]$ ansible-doc service /EX - name: Start service httpd, if not started service: name: httpd state: started [greg@control ansible]$ ansible-doc firewalld /EX /imm #立即生效 - firewalld: service: https permanent: yes state: enabled [greg@control ansible]$ ansible-doc template /EX - name: Template a file to /etc/files.conf template: src: /mytemplates/foo.j2 dest: /etc/file.conf owner: bin group: wheel mode: '0644' [greg@control ansible]$ ansible dev -m setup -a "filter=*name*" [greg@control ansible]$ ansible dev -m setup -a "filter=*ipv4*"
#1.进入角色路径,创建名为 apache 的角色 [greg@control ansible]$ cd roles/ [greg@control roles]$ ansible-galaxy init apache - Role apache was created successfully [greg@control roles]$ tree apache/ apache/ ├── defaults │ └── main.yml ├── files ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── README.md ├── tasks │ └── main.yml ├── templates ├── tests │ ├── inventory │ └── test.yml └── vars └── main.yml #2.编写任务tasks文件 [greg@control roles]$ vim apache/tasks/main.yml #3.编写模板文件 [greg@control roles]$ vim apache/templates/index.html.j2 Welcome to {{ ansible_nodename }} on {{ ansible_default_ipv4.address }} #4.编写playbook文件 [greg@control roles]$ vim /home/greg/ansible/apache.yml 1 --- 2 - name: 创建和使用角色 3 hosts: webservers 4 roles: 5 - apache #5.回到ansible路径,执行playbook文件 [greg@control roles]$ cd .. [greg@control ansible]$ ansible-playbook apache.yml #6.验证 [greg@control ansible]$ ansible-inventory --graph [greg@control ansible]$ curl node3 Welcome to node3.lab.example.com on 172.25.250.11 [greg@control ansible]$ curl node4 Welcome to node4.lab.example.com on 172.25.250.12
1 --- 2 # tasks file for apache 3 - name: Start service httpd, if not started 4 service: 5 name: httpd 6 state: started 7 enabled: yes 8 - name: Start service httpd, if not started 9 service: 10 name: firewalld 11 state: started 12 enabled: yes 13 - firewalld: 14 service: http 15 permanent: yes 16 state: enabled 17 immediate: yes 18 - name: Template a file to /etc/files.conf 19 template: 20 src: index.html.j2 21 dest: /var/www/html/index.html
7.从 Ansible Galaxy 使用角色
从 Ansible Galaxy 使用角色 根据下列要求,创建一个名为 /home/greg/ansible/roles.yml 的 playbook : playbook 中包含一个 play, 该 play 在 balancers 主机组中的主机上运行并将使用 balancer 角色。 此角色配置一项服务,以在 webservers 主机组中的主机之间平衡 Web 服务器请求的负载。 浏览到 balancers 主机组中的主机(例如 http://172.25.250.13 )将生成以下输出: 1 Welcome to node3.lab.example.com on 172.25.250.11 重新加载浏览器将从另一 Web 服务器生成输出: 1 Welcome to node4.lab.example.com on 172.25.250.12 playbook 中包含一个 play, 该 play 在 webservers 主机组中的主机上运行并将使用 phpinfo 角色。 请通过 URL /hello.php 浏览到 webservers 主机组中的主机将生成以下输出: 1 Hello PHP World from FQDN 其中,FQDN 是主机的完全限定名称。 1 Hello PHP World from node3.lab.example.com 另外还有 PHP 配置的各种详细信息,如安装的 PHP 版本等。 同样,浏览到 http://172.25.250.12/hello.php 会生成以下输出: 1 Hello PHP World from node4.lab.example.com 另外还有 PHP 配置的各种详细信息,如安装的 PHP 版本等。
#1.编写playbook [greg@control ansible]$ vim /home/greg/ansible/roles.yml #2.执行playbook [greg@control ansible]$ ansible-playbook /home/greg/ansible/roles.yml #3.验证 浏览器访问http://172.25.250.13 Welcome to node4.lab.example.com on 172.25.250.11 Welcome to node4.lab.example.com on 172.25.250.12 浏览器访问http://172.25.250.13/hello.php Hello PHP World from node4.lab.example.com
1 --- 2 - name: 从 Ansible Galaxy 使用角色 3 hosts: webservers 4 roles: 5 - phpinfo 6 - name: 从 Ansible Galaxy 使用角色 7 hosts: balancers 8 roles: 9 - balancer
8.A 创建和使用分区(NEW)
创建和使用分区 创建一个名为 /home/greg/ansible/partition.yml 的 playbook ,它将在所有受管节点上创建分区: 在vdb创建一个1500M主分区,分区号1,并格式化ext4 prod组将分区永久挂载到/data 如果磁盘空间不够, 给出提示信息Could not create partition of that size 创建800MiB分区 如果 vdb不存在,则给出提示信息this disk is not exist
[greg@control ansible]$ ansible-doc parted /EX - name: Create a new primary partition with a size of 1GiB parted: device: /dev/sdb number: 1 state: present part_end: 1GiB [greg@control ansible]$ ansible-doc filesystem /EX - name: Create a ext2 filesystem on /dev/sdb1 filesystem: fstype: ext2 dev: /dev/sdb1 [greg@control ansible]$ ansible-doc mount /EX - name: Mount DVD read-only mount: path: /mnt/dvd src: /dev/sr0 fstype: iso9660 opts: ro,noauto state: present [greg@control ansible]$ ansible-doc debug /EX - debug: msg: System {{ inventory_hostname }} has gateway {{ ansible_default_ipv4.gatewa> when: ansible_default_ipv4.gateway is defined [greg@control ansible]$ ansible dev -m setup -a "filter=*device*"
#1.创建playbook [greg@control ansible]$ vim /home/greg/ansible/partition.yml #2.执行playbook [greg@control ansible]$ ansible-playbook partition.yml #3.验证 [greg@control ansible]$ ansible all -a "blkid | grep /dev/vdb1"
1 --- 2 - name: 创建和使用分区 3 hosts: all 4 tasks: 5 - block: 6 - name: Create a new primary partition 7 parted: 8 device: /dev/vdb 9 number: 1 10 state: present 11 part_end: 1500MiB 12 - name: Create a ext2 filesystem on /dev/sdb1 13 filesystem: 14 fstype: ext4 15 dev: /dev/vdb1 16 - name: Mount DVD read-only 17 mount: 18 path: /data 19 src: /dev/vdb1 20 fstype: ext4 21 state: mounted 22 when: inventory_hostname in groups.prod 23 rescue: 24 - debug: 25 msg: Could not create partition of that size 26 - name: Create a new primary partition 27 parted: 28 device: /dev/vdb 29 number: 1 30 state: present 31 part_end: 800MiB 32 when: ansible_devices.vdb is defined 33 - debug: 34 msg: this disk is not exist 35 when: ansible_devices.vdb is not defined
9.B 创建和使用逻辑卷(OLD)
创建和使用逻辑卷 创建一个名为 /home/greg/ansible/lv.yml 的 playbook ,它将在所有受管节点上运行以执行下列任务: 创建符合以下要求的逻辑卷: 逻辑卷创建在 research 卷组中 逻辑卷名称为 data 逻辑卷大小为 1500 MiB 使用 ext4 文件系统格式化逻辑卷 如果无法创建请求的逻辑卷大小,应显示错误信息 1 Could not create logical volume of that size ,并且应改为使用大小 800 MiB。 如果卷组 research 不存在,应显示错误信息 1 Volume group done not exist。 不要以任何方式挂载逻辑卷
[greg@control ansible]$ ansible-doc lvol /EX - name: Create a logical volume of 512m lvol: vg: firefly lv: test size: 512 [greg@control ansible]$ ansible-doc filesystem /EX - name: Create a ext2 filesystem on /dev/sdb1 filesystem: fstype: ext2 dev: /dev/sdb1 [greg@control ansible]$ ansible-doc debug /EX - debug: msg: System {{ inventory_hostname }} has gatew> when: ansible_default_ipv4.gateway is defined [greg@control ansible]$ ansible dev -m setup -a "filter=*lvm*"
#1.创建playbook文件 [greg@control ansible]$ vim /home/greg/ansible/lv.yml #2.执行playbook文件 [greg@control ansible]$ ansible-playbook lv.yml #3.验证 [greg@control ansible]$ ansible all -a "lvs"
1 --- 2 - name: 创建和使用逻辑卷 3 hosts: all 4 tasks: 5 - block: 6 - name: Create a logical volume of 512m 7 lvol: 8 vg: research 9 lv: data 10 size: 1500 11 - name: Create a ext2 filesystem on /dev/sdb1 12 filesystem: 13 fstype: ext4 14 dev: /dev/research/data 15 rescue: 16 - debug: 17 msg: Could not create logical volume of that size 18 - name: Create a logical volume of 512m 19 lvol: 20 vg: research 21 lv: data 22 size: 800 23 when: ansible_lvm.vgs.research is defined 24 - debug: 25 msg: Volume group done not exist 26 when: ansible_lvm.vgs.research is not defined
10.生成主机文件
生成主机文件 将一个初始模板文件从 http://materials/hosts.j2 下载到 /home/greg/ansible 完成该模板,以便用它生成以下文件:针对每个清单主机包含一行内容,其格式与 /etc/hosts 相同 创建名为 /home/greg/ansible/hosts.yml 的 playbook ,它将使用此模板在 dev 主机组中的主机上生成文件 /etc/myhosts 。 该 playbook 运行后, dev 主机组中主机上的文件 /etc/myhosts 应针对每个受管主机包含一行内容: 1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 3 4 172.25.250.9 node1.lab.example.com node1 5 172.25.250.10 node2.lab.example.com node2 6 172.25.250.11 node3.lab.example.com node3 7 172.25.250.12 node4.lab.example.com node4 8 172.25.250.13 node5.lab.example.com node5
[greg@control ansible]$ ansible-doc template /EX - name: Template a file to /etc/files.conf template: src: /mytemplates/foo.j2 dest: /etc/file.conf owner: bin group: wheel mode: '0644'
[greg@control ansible]$ ansible dev -m setup -a "filter=*address*" [greg@control ansible]$ ansible dev -m setup -a "filter=*name*"
#1.下载初始模板文件 [greg@control ansible]$ wget http://materials/hosts.j2 #2.创建playbook [greg@control ansible]$ vim /home/greg/ansible/hosts.yml #3.编写hosts.j2文件 [greg@control ansible]$ vim hosts.j2 #4.运行playbook [greg@control ansible]$ ansible-playbook hosts.yml #5.验证 [greg@control ansible]$ ansible dev -a "cat /etc/myhosts"
1 --- 2 - name: 生成主机文件 3 hosts: all 4 tasks: 5 - name: Template 6 template: 7 src: /home/greg/ansible/hosts.j2 8 dest: /etc/myhosts 9 when: inventory_hostname in groups.dev
方法一:
1 127.0.0.1 localhost localhost.localdomain localhost4 localho st4.localdomain4 2 ::1 localhost localhost.localdomain localhost6 localhost6.lo caldomain6 3 4 {% for host in groups['all'] %} 5 {{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host].ansible_nodename }} {{ hostvars[host].ansible_hostname }} 6 {% endfor %}
方法二:
{% for host in groups['all'] %} {{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['nodename'] }} {{ hostvars[host] ['ansible_facts']['hostname'] }} {% endfor %}
方法三:
#直接复制 /etc/hosts 内容到 hosts.j2 文件 #运行playbook
11.修改文件内容
修改文件内容 按照下方所述,创建一个名为 /home/greg/ansible/issue.yml 的 playbook : 该 playbook 将在所有清单主机上运行 该 playbook 会将 /etc/issue 的内容替换为下方所示的一行文本: 在 dev 主机组中的主机上,这行文本显示 为:Development 在 test 主机组中的主机上,这行文本显示 为:Test 在 prod 主机组中的主机上,这行文本显示 为:Production
[greg@control ansible]$ ansible-doc copy - name: Copy using inline content copy: content: '# This file was moved to /etc/other.con> dest: /etc/mine.conf #1.创建playbook,并编写 [greg@control ansible]$ vim /home/greg/ansible/issue.yml #2.运行playbook [greg@control ansible]$ ansible-playbook issue.yml #3.验证 [greg@control ansible]$ ansible all -a "cat /etc/issue" [greg@control ansible]$ ansible-inventory --graph
1 --- 2 - name: 修改文件内容 3 hosts: all 4 tasks: 5 - name: Copy using inline content 6 copy: 7 content: 'Development' 8 dest: /etc/issue 9 when: inventory_hostname in groups.dev 10 - name: Copy using inline content 11 copy: 12 content: 'Test' 13 dest: /etc/issue 14 when: inventory_hostname in groups.test 15 - name: Copy using inline content 16 copy: 17 content: 'Production' 18 dest: /etc/issue 19 when: inventory_hostname in groups.prod
12.创建 Web 内容目录
创建 Web 内容目录 按照下方所述,创建一个名为 /home/greg/ansible/webcontent.yml 的 playbook : 该 playbook 在 dev 主机组中的受管节点上运行 创建符合下列要求的目录 /webdev : 所有者为 webdev 组 具有常规权限:owner=read+write+execute , group=read+write+execute ,other=read+execute 具有特殊权限:设置组 ID 用符号链接将 /var/www/html/webdev 链接到 /webdev 创建文件 /webdev/index.html ,其中包含如下所示的单行文件: Development 在 dev 主机组中主机上浏览此目录(例如 http://172.25.250.9/webdev/ )将生成以下输出: 1 Development
#1.检查webdev 组是否存在 [greg@control ansible]$ ansible dev -a "grep webdev /etc/group" node1 | CHANGED | rc=0 >> webdev:x:1003: #2.创建playbook [greg@control ansible]$ /home/greg/ansible/webcontent.yml #3.运行playbook [greg@control ansible]$ ansible-playbook webcontent.yml #3.浏览器浏览http://172.25.250.9/webdev/ Development
[greg@control ansible]$ ansible-doc file /EX - name: Change file ownership, group and permissions file: path: /etc/foo.conf owner: foo group: foo mode: '0644' - name: Create a directory if it does not exist file: path: /etc/some_directory state: directory mode: '0755' - name: Create a symbolic link file: src: /file/to/link/to dest: /path/to/symlink owner: foo group: foo state: link [greg@control ansible]$ ansible-doc copy /EX - name: Copy using inline content copy: content: '# This file was moved to /etc/other.conf' dest: /etc/mine.conf - setype The type part of the SELinux file context. When set to `_default', it will use the `type' portion of> policy if available. [Default: (null)] type: str - name: Start service httpd, if not started service: name: httpd state: started enabled: yes
1 --- 2 - name: 创建 Web 内容目录 3 hosts: dev 4 tasks: 5 - name: Change file ownership 6 file: 7 path: /webdev 8 state: directory 9 group: webdev 10 mode: '2775' 11 - name: Create a symbolic link 12 file: 13 src: /webdev 14 dest: /var/www/html/webdev 15 state: link 16 - name: Copy using inline content 17 copy: 18 content: 'Development' 19 dest: /webdev/index.html 20 setype: httpd_sys_content_t 21 - name: Start service httpd, if not started 22 service: 23 name: httpd 24 state: started 25 enabled: yes
13.生成硬件报告
生成硬件报告 创建一个名为 /home/greg/ansible/hwreport.yml 的 playbook ,它将在所有受管节点上生成含有以下信息的输出文件 /root/hwreport.txt : 清单主机名称 以 MB 表示的总内存大小 BIOS 版本 磁盘设备 vda 的大小 磁盘设备 vdb 的大小 输出文件中的每一行含有一个 key=value 对。 您的 playbook 应当: 从 http://materials/hwreport.empty 下载文件,并将它保存为 /root/hwreport.txt 使用正确的值改为 /root/hwreport.txt 如果硬件项不存在,相关的值应设为 NONE
#1.创建playbook [greg@control ansible]$ vim /home/greg/ansible/hwreport.yml #2.运行playbook [greg@control ansible]$ ansible-playbook hwreport.yml #3.验证 [greg@control ansible]$ ansible all -a 'cat /root/hwreport.txt'
[greg@control ansible]$ ansible-doc lineinfile /EX - name: Ensure SELinux is set to enforcing mode lineinfile: path: /etc/selinux/config regexp: '^SELINUX=' line: SELINUX=enforcing [greg@control ansible]$ ansible-doc get_url /EX - name: Download foo.conf get_url: url: http://example.com/path/file.conf dest: /etc/foo.conf mode: '0440' [greg@control ansible]$ ansible dev -m debug -a "var=inventory_hostname" [greg@control ansible]$ ansible dev -m setup -a "filter=*mem*" [greg@control ansible]$ ansible dev -m setup -a "filter=*bios*" [greg@control ansible]$ ansible dev -m setup -a "filter=*device*"
1 --- 2 - name: 生成硬件报告 3 hosts: all 4 tasks: 5 - name: Download 6 get_url: 7 url: http://materials/hwreport.empty 8 dest: /root/hwreport.txt 9 - name: Ensure1 10 lineinfile: 11 path: /root/hwreport.txt 12 regexp: '^HOST=' 13 line: HOST={{ inventory_hostname }} 14 - name: Ensure2 15 lineinfile: 16 path: /root/hwreport.txt 17 regexp: '^MEMORY=' 18 line: MEMORY={{ ansible_memtotal_mb }} 19 20 - name: Ensure3 21 lineinfile: 22 path: /root/hwreport.txt 23 regexp: '^BIOS=' 24 line: BIOS={{ ansible_bios_version }} 25 - name: Ensure4 26 lineinfile: 27 path: /root/hwreport.txt 28 regexp: '^DISK_SIZE_VDA=' 29 line: DISK_SIZE_VDA={{ ansible_devices.vda.size }} 30 31 - name: Ensure5 32 lineinfile: 33 path: /root/hwreport.txt 34 regexp: '^DISK_SIZE_VDB=' 35 line: DISK_SIZE_VDB={{ ansible_devices.vdb.size | default('NONE', true) }}
14.创建密码库
(16题先,14题后,再15题)
创建密码库 按照下方所述,创建一个 Ansible 库来存储用户密码: 库名称为 /home/greg/ansible/locker.yml 库中含有两个变量,名称如下: pw_developer,值为 Imadev pw_manager,值为 Imamgr 用于加密和解密该库的密码为 whenyouwishuponastar 密码存储在文件 /home/greg/ansible/secret.txt 中
#1.密码导入密码存储文件 [greg@control ansible]$ echo "whenyouwishuponastar" > /home/greg/ansible/secret.txt #2.修改配置文件存储路径 [greg@control ansible]$ vim ansible.cfg /password 144 #vault_password_file = /path/to/vault_password_file 145 vault_password_file = /home/greg/ansible/secret.txt #3.创建Ansible 库,存储用户密码 [greg@control ansible]$ ansible-vault create /home/greg/ansible/locker.yml pw_developer: Imadev pw_manager: Imamgr #4.验证 [greg@control ansible]$ ansible-vault view /home/greg/ansible/locker.yml --- pw_developer: Imadev pw_manager: Imamgr [greg@control ansible]$ cat /home/greg/ansible/locker.yml
15.创建用户帐户
创建用户帐户 从 http://materials/user_list.yml 下载要创建的用户的列表,并将它保存到 /home/greg/ansible 在本次练习中使用在其他位置创建的密码库 /home/greg/ansible/locker.yml 。创建名为 /home/greg/ansible/users.yml 的 playbook ,从而按以下所述创建用户帐户: 职位描述为 developer 的用户应当: 在 dev 和 test 主机组中的受管节点上创建 从 pw_developer 变量分配密码 是补充组 devops 的成员 职位描述为 manager 的用户应当: 在 prod 主机组中的受管节点上创建 从 pw_manager 变量分配密码 是补充组 opsmgr 的成员 密码采用 SHA512 哈希格式。 您的 playbook 应能够在本次练习中使用在其他位置创建的库密码文件 /home/greg/ansible/secret.txt 正常运行。
#查看组是否存在 [greg@control ansible]$ ansible dev,test -a "grep devops /etc/group" #playbook查询文档 [greg@control ansible]$ ansible-doc group /EX - name: Ensure group "somegroup" exists group: name: somegroup state: present [greg@control ansible]$ ansible-doc user /EX - name: Add the user 'james' with a bash shell, appen> user: name: james shell: /bin/bash groups: admins,developers append: yes
#1.下载要创建的用户的列表 [greg@control ansible]$ wget http://materials/user_list.yml #2.创建playbook,并编写 [greg@control ansible]$ vim /home/greg/ansible/users.yml #3.运行playbook [greg@control ansible]$ ansible-playbook users.yml #4.验证 [greg@control ansible]$ ansible-inventory --graph [greg@control ansible]$ ansible dev,test -m shell -a "id bob; id sally; id fred" [greg@control ansible]$ ssh bob@node1 [greg@control ansible]$ ansible prod -m shell -a "id bob; id sally; id fred" [greg@control ansible]$ ssh sally@node3
1 --- 2 - name: 创建用户帐户 3 hosts: dev,test 4 vars_files: 5 - /home/greg/ansible/locker.yml 6 - /home/greg/ansible/user_list.yml 7 tasks: 8 - name: Ensure group "somegroup" exists 9 group: 10 name: devops 11 state: present 12 - name: Add the user 13 user: 14 name: "{{ item.name }}" 15 groups: devops 16 password: "{{ pw_developer | password_hash('sha512') }}" 17 append: yes 18 loop: "{{ users }}" 19 when: item.job == 'developer' 20 21 - name: 创建用户帐户 22 hosts: prod 23 vars_files: 24 - /home/greg/ansible/locker.yml 25 - /home/greg/ansible/user_list.yml 26 tasks: 27 - name: Ensure group "somegroup" exists 28 group: 29 name: opsmgr 30 state: present 31 - name: Add the user 32 user: 33 name: "{{ item.name }}" 34 groups: opsmgr 35 password: "{{ pw_manager | password_hash('sha512') }}" 36 append: yes 37 loop: "{{ users }}" 38 when: item.job == 'manager'
16.更新 Ansible 库的密钥
更新 Ansible 库的密钥 按照下方所述,更新现有 Ansible 库的密钥: 从 http://materials/salaries.yml 下载 Ansible 库到 /home/greg/ansible 当前的库密码为 insecure8sure 新的库密码为 bbs2you9527 库使用新密码保持加密状态
#1.下载Ansible 库 [greg@control ansible]$ wget http://materials/salaries.yml #2.重设密码 [greg@control ansible]$ ansible-vault rekey /home/greg/ansible/salaries.yml #3.验证 [greg@control ansible]$ ansible-vault view /home/greg/ansible/salaries.yml Vault password: haha
17.配置 cron 作业(增加)
配置 cron 作业 创建一个名为 /home/greg/ansible/cron.yml 的 playbook : 该 playbook 在 test 主机组中的受管节点上运行 配置 cron 作业,该作业每隔 2 分钟运行并执行以下命令: logger "EX200 in progress",以用户 bob 身份运行
[greg@control ansible]$ ansible-doc cron /EX - name: Creates a cron file under /etc/cron.d cron: name: yum autoupdate weekday: "2" minute: "0" hour: "12" user: root job: "YUMINTERACTIVE=0 /usr/sbin/yum-autoupdate" cron_file: ansible_yum-autoupdate #1.创建playbook [greg@control ansible]$ vim /home/greg/ansible/cron.yml #2.运行playbook [greg@control ansible]$ ansible-playbook cron.yml #3.验证 [greg@control ansible]$ ansible test -a "grep EX200 /var/log/cron" node2 | CHANGED | rc=0 >> Jul 8 15:34:02 node2 CROND[6182]: (bob) CMD (logger "EX200 in progress") [greg@control ansible]$ ansible test -a "crontab -l -u bob"
1 --- 2 - name: cron 3 hosts: test 4 tasks: 5 - name: Creates a cron 6 cron: 7 name: yum autoupdate 8 minute: "*/2" 9 user: bob 10 job: logger "EX200 in progress"