文章目录
- 第一题、安装和配置ansible
- 第二题、创建和运行ansible临时命令
- 第三题、使用剧本安装软件包
- 第四题、使用RHEL系统脚色
- 第一问、配置时间同步
- 第二问、配置selinux
- 第五题、使用Ansible Galaxy安装角色
- 第六题、创建和使用角色
- 第七题、从Ansible Galaxy使用角色
- 第八题、创建和使用逻辑卷
- 第一问
- 第二问
第一题、安装和配置ansible
在workstation上安装
sudo yum install -y ansible
mkdir ansile/roles -p
cd ansible
[student@workstation ansible]$ cat ansible.cfg
[defaults]
inventory = inventory
remote_user = devops
roles_path = ./roles
host_key_checking = false
ask_pass = false
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
[student@workstation ansible]$
编写主机清单
[student@workstation ansible]$ cat inventory
[dev]
servera
[test]
serverb
[prod]
server[c:d]
[balancers]
bastion
[webservers:children]
prod
[student@workstation ansible]$
检查可用性
[student@workstation ansible]$ ansible all -a id
serverd | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
serverc | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
serverb | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
servera | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
bastion | CHANGED | rc=0 >>
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[student@workstation ansible]$
第二题、创建和运行ansible临时命令
[student@workstation ansible]$ cat adhoc.sh
#! /bin/bash
ansible all -m yum_repository -a "name=rh294_BASE
description='rhce base software'
file=rhel_dvd
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
gpgcheck=yes
gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
enabled=yes"
ansible all -m yum_repository -a "name=rh294_STREAM
description='rh294 stream software'
file=rhel_dvd
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream
gpgcheck=yes
gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
enabled=yes"
[student@workstation ansible]$
第三题、使用剧本安装软件包
设置tab键,方便编写ymal文件
[student@workstation ansible]$ cat ~/.vimrc
autocmd FileType yaml setlocal ai ts=2 sw=2 et
[student@workstation ansible]$
编写安装相关软件包的剧本
[student@workstation ansible]$ cat packages.yml
---
- name: install pkgs
hosts: dev,test,prod
tasks:
- name: install php and mariadb
yum:
name:
- php
- mariadb
- mariadb-server
state: present
- name: install group pkgs
hosts: dev
tasks:
- name: install Development Tools
yum:
name: "@RPM Development Tools"
state: present
- name: update installed pkgs
yum:
name: "*"
state: latest
update_only: true
[student@workstation ansible]$
检查剧本是否有语法错误,执行剧本
[student@workstation ansible]$ ansible-playbook --syntax-check packages.yml
playbook: packages.yml
[student@workstation ansible]$
[student@workstation ansible]$ ansible-playbook packages.yml
第四题、使用RHEL系统脚色
第一问、配置时间同步
[student@workstation ansible]$ ls
adhoc.sh ansible.cfg inventory packages.yml roles timesync.yml
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ roles/timesync/
编写剧本
[student@workstation ansible]$ cat timesync.yml
---
- name: set time sync
hosts: all
roles:
- timesync
vars:
timesync_ntp_servers:
- hostname: classroom.example.com
iburst: yes
[student@workstation ansible]$
[student@workstation ansible]$ ansible-playbook --syntax-check timesync.yml
playbook: timesync.yml
[student@workstation ansible]$ ansible-playbook timesync.yml
验证是否同步
[student@workstation ansible]$ ansible all -a "chronyc sources -v"
serverc | CHANGED | rc=0 >>
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 17 8 -5796ns[ -69us] +/- 355us
serverd | CHANGED | rc=0 >>
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 17 9 +641ns[ +43us] +/- 430us
servera | CHANGED | rc=0 >>
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 17 9 +760ns[ -42us] +/- 624us
bastion | CHANGED | rc=0 >>
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 17 9 -3282ns[ -64us] +/- 1160us
serverb | CHANGED | rc=0 >>
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* classroom.example.com 8 6 17 9 +611ns[ +41us] +/- 731us
[student@workstation ansible]$
第二问、配置selinux
拉取角色
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux/ roles/selinux
[student@workstation ansible]$ ls roles/selinux/
COPYING library meta README.html README.md semaphore tasks tests vars
[student@workstation ansible]$
编写剧本
[student@workstation ansible]$ vim selinux.yml
[student@workstation ansible]$ cat selinux.yml
---
- name: use system roles to configure selinux
hosts: all
roles:
- role: selinux
vars:
selinux_policy: targeted
selinux_state: enforcing
[student@workstation ansible]$
检查语法,执行剧本
[student@workstation ansible]$ ansible-playbook --syntax-check selinux.yml
playbook: selinux.yml
[student@workstation ansible]$ ansible-playbook selinux.yml
第五题、使用Ansible Galaxy安装角色
编写剧本
[student@workstation ansible]$ vim roles/requirements.yml
[student@workstation ansible]$ cat roles/requirements.yml
---
- name: balancer
src: http://content.example.com/haproxy.tar.gz
- name: phpinfo
src: http://content.example.com/phpinfo.tar.gz
[student@workstation ansible]$
执行剧本
[student@workstation ansible]$ ansible-galaxy install -r roles/requirements.yml -p roles/
- downloading role from http://content.example.com/haproxy.tar.gz
- extracting balancer to /home/student/ansible/roles/balancer
- balancer was installed successfully
- downloading role from http://content.example.com/phpinfo.tar.gz
- extracting phpinfo to /home/student/ansible/roles/phpinfo
- phpinfo was installed successfully
[student@workstation ansible]$
验证
[student@workstation ansible]$ pwd
/home/student/ansible
[student@workstation ansible]$ ls roles/
balancer phpinfo requirements.yml selinux timesync
第六题、创建和使用角色
初始化角色
[student@workstation roles]$ pwd
/home/student/ansible/roles
[student@workstation roles]$
[student@workstation roles]$ ansible-galaxy init apache
- apache was created successfully
[student@workstation roles]$
[student@workstation roles]$ ls
apache balancer phpinfo requirements.yml selinux timesync
[student@workstation roles]$ vim apache/tasks/main.yml
[student@workstation roles]$ cat apache/tasks/main.yml
---
# tasks file for apache
- name: install http
yum:
name: httpd
state: present
- name: config system service
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- httpd
- firewalld
- name: firewalld service
firewalld:
zone: public
service: http
permanent: yes
immediate: yes
state: enabled
- name: user templates
template:
src: index.html.j2
dest: /var/www/html/index.html
owner: apache
group: apache
mode: '0644'
[student@workstation roles]$
[student@workstation roles]$ vim apache/templates/index.html.j2
[student@workstation roles]$ cat apache/templates/index.html.j2
Welcome to {{ ansible_facts.fqdn }} on {{ ansible_facts.default_ipv4.address }}
[student@workstation roles]$
[student@workstation roles]$ vim ../newrole.yml
[student@workstation roles]$ cat ../newrole.yml
---
- name: use http role
hosts: webservers
roles:
- apache
[student@workstation roles]$
执行剧本
[student@workstation ansible]$ pwd
/home/student/ansible
[student@workstation ansible]$
[student@workstation ansible]$ ansible-playbook newrole.yml
第七题、从Ansible Galaxy使用角色
环境配置【考试不用】
[student@workstation ansible]$ ssh root@bastion
[root@bastion ~]# systemctl stop httpd
[root@bastion ~]# systemctl disable httpd
Removed /etc/systemd/system/multi-user.target.wants/httpd.service.
[root@bastion ~]# exit
logout
Connection to bastion closed.
[student@workstation ansible]$
编写剧本
[student@workstation ansible]$ vim roles.yml
[student@workstation ansible]$ cat roles.yml
- name: gather all need vars
hosts: all
- name: deploy haproxy
hosts: balancers
roles:
- balancer
- name: deploy basic php env on webwerver
hosts: webservers
roles:
- phpinfo
[student@workstation ansible]$
执行剧本
[student@workstation ansible]$ ansible-playbook --syntax-check roles.yml
playbook: roles.yml
[student@workstation ansible]$ ansible-playbook roles.yml
访问,考试时,hello.php用浏览器访问验证
[student@workstation ansible]$ curl bastion
Welcome to serverc.lab.example.com on 172.25.250.12
[student@workstation ansible]$ curl bastion
Welcome to serverd.lab.example.com on 172.25.250.13
[student@workstation ansible]$ curl serverc/hello.php
Hello PHP World form serverc.lab.example.com
[student@workstation ansible]$ curl serverd/hello.php
Hello PHP World form serverd.lab.example.com
第八题、创建和使用逻辑卷
第一问
因为虚拟机只有一块盘,做完题要还原磁盘才能做第二问。下载还原磁盘的剧本【考试环境不用这个操作】
[student@workstation ansible]$ wget http://content.example.com/lv_pre.yml
--2023-06-04 19:54:09-- http://content.example.com/lv_pre.yml
Resolving content.example.com (content.example.com)... 172.25.254.254
Connecting to content.example.com (content.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 623
Saving to: ‘lv_pre.yml’
lv_pre.yml 100%[======================================================>] 623 --.-KB/s in 0s
2023-06-04 19:54:09 (41.2 MB/s) - ‘lv_pre.yml’ saved [623/623]
[student@workstation ansible]$
[student@workstation ansible]$ ansible-playbook lv_pre.yml
[student@workstation ansible]$ ansible all -a 'vgs'
serverd | CHANGED | rc=0 >>
VG #PV #LV #SN Attr VSize VFree
research 1 0 0 wz--n- 1020.00m 1020.00m
serverc | CHANGED | rc=0 >>
VG #PV #LV #SN Attr VSize VFree
research 1 0 0 wz--n- 1020.00m 1020.00m
serverb | CHANGED | rc=0 >>
VG #PV #LV #SN Attr VSize VFree
research 1 0 0 wz--n- <2.00g <2.00g
servera | CHANGED | rc=0 >>
VG #PV #LV #SN Attr VSize VFree
research 1 0 0 wz--n- <2.00g <2.00g
bastion | CHANGED | rc=0 >>
[student@workstation ansible]$
编写剧本创建逻辑卷
[student@workstation ansible]$ vim lv.yml
[student@workstation ansible]$ cat lv.yml
---
- name: create lvm
hosts: all
tasks:
- name: create a lvm
block:
- name: create 1500M ;v
lvol:
vg: research
lv: data
size: 1500m
rescue:
- name: sorry lvm too big
debug:
msg: "Could not create logical volume with that size"
- name: create 800m lv
lvol:
vg: research
lv: data
size: 800m
always:
- name: make demand fs
filesystem:
dev: /dev/research/data
fstype: ext4
when: "'research' in ansible_facts.lvm.vgs"
- name: show other debug info
debug:
msg: "Volume group does not exist"
when: "'research' not in ansible_facts.lvm.vgs"
[student@workstation ansible]$
检查语法,执行剧本
[student@workstation ansible]$ ansible-playbook --syntax-check lv.yml
playbook: lv.yml
[student@workstation ansible]$ ansible-playbook lv.yml
验证
第二问
下载并执行环境准备剧本【考试时不用】
[student@workstation ansible]$ wget http://content.example.com/part_pre.yml
--2023-06-04 21:20:12-- http://content.example.com/part_pre.yml
Resolving content.example.com (content.example.com)... 172.25.254.254
Connecting to content.example.com (content.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 386
Saving to: ‘part_pre.yml’
part_pre.yml 100%[======================================================>] 386 --.-KB/s in 0s
2023-06-04 21:20:12 (33.8 MB/s) - ‘part_pre.yml’ saved [386/386]
[student@workstation ansible]$
[student@workstation ansible]$ vim part_pre.yml
[student@workstation ansible]$ ansible-playbook part_pre.yml
编写剧本
[student@workstation ansible]$ vim partition.yml
[student@workstation ansible]$ cat partition.yml
---
- name: create partition with a proper size
hosts: all
tasks:
- name: show if vdb exits
debug:
msg: "Disk does not exits "
when: "ansible_facts.devices.vdb is not defined"
failed_when: "ansible_facts.devices.vdb is not defined"
- name: create a partition
block:
- name: create 1500m partiton
parted:
device: /dev/vdb
number: 1
state: present
part_start: 1MiB
part_end: 1500MiB
force: true
rescue:
- name: show debug info1
debug:
msg: "Could not create partion of that size"
- name: create 800m partition
parted:
device: /dev/vdb
number: 1
state: present
part_start: 1MiB
part_end: 800MiB
force: true
always:
- name: create fs
filesystem:
dev: /dev/vdb1
fstype: ext4
force: true
when: ansible_facts.devices.vdb
- name: mount fs
mount:
path: /newpart
src: /dev/vdb1
state: mounted
fstype: ext4
when: ansible_facts.devices.vdb
[student@workstation ansible]$
检查语法,执行
[student@workstation ansible]$ ansible-playbook --syntax-check partition.yml
playbook: partition.yml
[student@workstation ansible]$ ansible-playbook partition.yml
![[EuroSys2023 Best Poster] 面向动态图的极低时延GNN推理采样服务](https://img-blog.csdnimg.cn/img_convert/c6ea9550ac6681d9293fa316c4ab9a44.png)
