💗wei_shuo的个人主页
💫wei_shuo的学习社区
🌐Hello World !
RHCE
1.安装和配置 Ansible
安装和配置 Ansible
按照下方所述,在控制节点 control 上安装和配置 Ansible:
安装所需的软件包
创建名为 /home/greg/ansible/inventory 的静态清单文件,以满足以下要求:
node1 是 dev 主机组的成员
node2 是 test 主机组的成员
node3 和 node4 是 prod 主机组的成员
node5 是 balancers 主机组的成员
prod 组是 webservers 主机组的成员
创建名为 /home/greg/ansible/ansible.cfg 的配置文件,以满足以下要求:
主机清单文件为 /home/greg/ansible/inventory
playbook 中使用的角色的位置包括 /home/greg/ansible/roles
#1.连接至普通用户greg,控制节点control
[kiosk@foundation0 ~]$ ssh greg@control
#2.安装ansible软件包
[greg@control ~]$ sudo yum install -y ansible
[greg@control ~]$ rpm -q ansible
ansible-2.9.15-1.el8ae.noarch
#3.创建角色路径,并进入ansible目录
[greg@control ~]$ mkdir -p /home/greg/ansible/roles
[greg@control ~]$ cd ansible/
[greg@control ansible]$
#4.创建名为 /home/greg/ansible/ansible.cfg 的配置文件
[greg@control ansible]$ ansible --version
config file = /etc/ansible/ansible.cfg
[greg@control ansible]$ cp /etc/ansible/ansible.cfg .
[greg@control ansible]$ ansible --version
config file = /home/greg/ansible/ansible.cfg
[greg@control ansible]$ ls
ansible.cfg roles
#5.修改配置文件,在配置文件做免密操作
[greg@control ansible]$ vim ansible.cfg
inventory = /home/greg/ansible/inventory #清单文件路径
#inventory = /etc/ansible/hosts
/host
host_key_checking = False #是否指纹解锁
#host_key_checking = False
/remote
remote_user = root #远程用户身份为root
#remote_user = root
/become
[privilege_escalation]
become=True #sudo提权
become_method=sudo
become_user=root
become_ask_pass=False
#6.编写主机清单,在主机清单做免密操作
[greg@control ansible]$ vim /home/greg/ansible/inventory
[all:vars]
ansible_password=flectrag
[dev]
node1
[test]
node2
[prod]
node3
node4
[balancers]
node5
[webservers:children]
prod
#7.进入ansible主配置文件,修改角色路径
[greg@control ansible]$ vim ansible.cfg
roles_path = /home/greg/ansible/roles
#roles_path = /etc/ansible/roles
#8.检查清单是否正确
[greg@control ansible]$ ansible-inventory --graph #查看清单树
@all:
|--@balancers:
| |--node5
|--@dev:
| |--node1
|--@test:
| |--node2
|--@ungrouped:
|--@webservers:
| |--@prod:
| | |--node3
| | |--node4
#9.测试免密
[greg@control ansible]$ ansible all -a "hostname"
node4 | CHANGED | rc=0 >>
node4.lab.example.com
2.创建和运行 Ansible 临时命令
创建和运行 Ansible 临时命令
作为系统管理员,您需要在受管节点上安装软件。
请按照正文所述,创建一个名为 /home/greg/ansible/adhoc.sh 的 shell 脚本,该脚本将使用 Ansible 临时命令在各个受管节点上安装 yum 存储库:
存储库1:
存储库的名称为 EX294_BASE
描述为 EX294 base software
基础 URL 为 http://content/rhel8.4/x86_64/dvd/BaseOS
GPG 签名检查为启用状态
GPG 密钥 URL 为 http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为启用状态
存储库2:
存储库的名称为 EX294_STREAM
描述为 EX294 stream software
基础 URL 为 http://content/rhel8.4/x86_64/dvd/AppStream
GPG 签名检查为启用状态
GPG 密钥 URL 为 http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release
存储库为启用状态
#ansible-doc查询文档
[greg@control ansible]$ ansible-doc -l | grep yum
yum
yum_repository
[greg@control ansible]$ ansible-doc yum_repository
/EX
gg
/gpgkey
/enabled
#2.创建shell脚本文件
[greg@control ansible]$ vim /home/greg/ansible/adhoc.sh
=========================================================================================
#!/bin/bash
ansible all -m yum_repository -a "name=EX294_BASE description='EX294 base software' baseurl=http://content/rhel8.4/x86_64/dvd/BaseOS gpgcheck=yes gpgkey=http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
ansible all -m yum_repository -a "name=EX294_STREAM description='EX294 stream software' baseurl=http://content/rhel8.4/x86_64/dvd/AppStream gpgcheck=yes gpgkey=http://content/rhel8.4/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes"
=========================================================================================
#3.shell脚本文件添加执行权限,并运行
[greg@control ansible]$ chmod +x /home/greg/ansible/adhoc.sh
[greg@control ansible]$ vim /home/greg/ansible/adhoc.sh
[greg@control ansible]$ /home/greg/ansible/adhoc.sh
#4.测试,验证
[greg@control ansible]$ ansible all -a "yum install -y ftp"
Complete!
3.安装软件包
安装软件包
创建一个名为 /home/greg/ansible/packages.yml 的 playbook :
将 php 和 mariadb 软件包安装到 dev、test 和 prod 主机组中的主机上
将 RPM Development Tools 软件包组安装到 dev 主机组中的主机上
将 dev 主机组中主机上的所有软件包更新为最新版本
#1.设置行号显示,设置Tab格式
[greg@control ansible]$ vim ~/.vimrc
set number ts=2 sw=2 et
#2.创建playbook,编写playbook
[greg@control ansible]$ ansible-doc yum
/EX
- name: ensure a list of packages installed
yum:
name: "{{ packages }}"
vars:
packages:
- httpd
- httpd-tools
- name: install the 'Development tools' package group
yum:
name: "@Development tools"
state: present
- name: upgrade all packages
yum:
name: '*'
state: latest
[greg@control ansible]$ vim /home/greg/ansible/packages.yml
========================================================================================= 1 ---
2 - name: 安装软件包
3 hosts: dev,test,prod
4 tasks:
5 - name: ensure a list of packages installed
6 yum:
7 name: "{{ packages }}"
8 vars:
9 packages:
10 - php
11 - mariadb
12
13 - name: 安装软件包2
14 hosts: dev
15 tasks:
16 - name: install the package group
17 yum:
18 name: "@RPM Development Tools"
19 state: present
20 - name: upgrade all packages
21 yum:
22 name: '*'
23 state: latest
=========================================================================================
#3.playbook安装
[greg@control ansible]$ ansible-playbook packages.yml
#4.验证
[greg@control ansible]$ ansible dev,test,prod -a "rpm -q php mariadb"
[greg@control ansible]$ ansible dev -a "yum grouplist"
[greg@control ansible]$ ansible dev -a "yum update"
4.A 使用 RHEL 系统角色(NEW)
使用 RHEL 系统角色
安装 RHEL 系统角色软件包,并创建符合以下条件的 playbook /home/greg/ansible/selinux.yml :
在所有受管节点上运行
使用 selinux 角色
配置该角色,配置被管理节点的 selinux 为enforcing
#1.搜索软件包
[greg@control ansible]$ yum search roles
rhel-system-roles.noarch
#2.安装角色软件包
[greg@control ansible]$ sudo yum install -y rhel-system-roles.noarch
#3.查看角色路径,角色路径放到配置文件
[greg@control ansible]$ rpm -ql rhel-system-roles.noarch
/usr/share/ansible/roles
[greg@control ansible]$ vim ansible.cfg
70 roles_path = /home/greg/ansible/roles:/usr/share/ansible/roles
[greg@control ansible]$ ansible-galaxy list
# /home/greg/ansible/roles
- apache, (unknown version)
# /usr/share/ansible/roles
#4.查找配置文件样例,复制样例到playbook,修改playbook
[greg@control ansible]$ rpm -ql rhel-system-roles.noarch | grep example
/usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml
[greg@control ansible]$ cp /usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml /home/greg/ansible/selinux.yml
[greg@control ansible]$ vim /home/greg/ansible/selinux.yml
#5.运行playbook
[greg@control ansible]$ ansible-playbook selinux.yml
#6.验证
[greg@control ansible]$ ansible all -a "grep ^SELINUX /etc/selinux/config"
node4 | CHANGED | rc=0 >>
SELINUX=enforcing
SELINUXTYPE=targeted
4.B 使用 RHEL 系统角色(OLD)
使用 RHEL 系统角色
安装 RHEL 系统角色软件包,并创建符合以下条件的 playbook /home/greg/ansible/timesync.yml :
在所有受管节点上运行
使用 timesync 角色
配置该角色,以使用当前有效的 NTP 提供商
配置该角色,以使用时间服务器 172.25.254.254
配置该角色,以启用 iburst 参数
#1.搜索软件包
[greg@control ansible]$ yum search roles
#2.查找配置文件样例,复制样例到playbook,修改playbook
[greg@control ansible]$ rpm -ql rhel-system-roles.noarch | grep example
/usr/share/doc/rhel-system-roles/timesync/example-timesync-playbook.yml
[greg@control ansible]$ cp /usr/share/doc/rhel-system-roles/timesync/example-timesync-playbook.yml /home/greg/ansible/timesync.yml
[greg@control ansible]$ vim /home/greg/ansible/timesync.yml
#3.运行playbook
[greg@control ansible]$ ansible-playbook timesync.yml
#4.验证
[greg@control ansible]$ ansible all -m shell -a "timedatectl"
[greg@control ansible]$ ansible all -m shell -a 'chronyc sources -v | grep classroom'
1 ---
2 - hosts: all
3 vars:
4 timesync_ntp_servers:
5 - hostname: 172.25.254.254
6 iburst: yes
7 roles:
8 - rhel-system-roles.timesync
5.使用 Ansible Galaxy 安装角色
使用 Ansible Galaxy 安装角色
使用 Ansible Galaxy 和要求文件 /home/greg/ansible/roles/requirements.yml 。从以下 URL 下载角色并安装到 /home/greg/ansible/roles :
http://materials/haproxy.tar 此角色的名称应当为 balancer
http://materials/phpinfo.tar 此角色的名称应当为 phpinfo
#1.编写playbook文件
[greg@control ansible]$ vim /home/greg/ansible/roles/requirements.yml
#2.安装角色
[greg@control ansible]$ ansible-galaxy role install -r /home/greg/ansible/roles/requirements.yml
#3.验证
[greg@control ansible]$ ansible-galaxy list
# /home/greg/ansible/roles
- apache, (unknown version)
- balancer, (unknown version)
- phpinfo, (unknown version)
# /usr/share/ansible/roles
1 ---
2 - src: http://materials/haproxy.tar
3 name: balancer
4 - src: http://materials/phpinfo.tar
5 name: phpinfo
6.创建和使用角色
创建和使用角色
根据下列要求,在 /home/greg/ansible/roles 中创建名为 apache 的角色:
httpd 软件包已安装,设为在系统启动时启用并启动
防火墙已启用并正在运行,并使用允许访问 Web 服务器的规则
模板文件 index.html.j2 已存在,用于创建具有以下输出的文件 /var/www/html/index.html :
1 Welcome to HOSTNAME on IPADDRESS
其中,HOSTNAME 是受管节点的完全限定域名,IPADDRESS 则是受管节点的 IP 地址。
创建一个名为 /home/greg/ansible/apache.yml 的 playbook:
该 play 在 webservers 主机组中的主机上运行并将使用 apache 角色
[greg@control ansible]$ ansible-doc service
/EX
- name: Start service httpd, if not started
service:
name: httpd
state: started
[greg@control ansible]$ ansible-doc firewalld
/EX /imm #立即生效
- firewalld:
service: https
permanent: yes
state: enabled
[greg@control ansible]$ ansible-doc template
/EX
- name: Template a file to /etc/files.conf
template:
src: /mytemplates/foo.j2
dest: /etc/file.conf
owner: bin
group: wheel
mode: '0644'
[greg@control ansible]$ ansible dev -m setup -a "filter=*name*"
[greg@control ansible]$ ansible dev -m setup -a "filter=*ipv4*"
#1.进入角色路径,创建名为 apache 的角色
[greg@control ansible]$ cd roles/
[greg@control roles]$ ansible-galaxy init apache
- Role apache was created successfully
[greg@control roles]$ tree apache/
apache/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
#2.编写任务tasks文件
[greg@control roles]$ vim apache/tasks/main.yml
#3.编写模板文件
[greg@control roles]$ vim apache/templates/index.html.j2
Welcome to {{ ansible_nodename }} on {{ ansible_default_ipv4.address }}
#4.编写playbook文件
[greg@control roles]$ vim /home/greg/ansible/apache.yml
1 ---
2 - name: 创建和使用角色
3 hosts: webservers
4 roles:
5 - apache
#5.回到ansible路径,执行playbook文件
[greg@control roles]$ cd ..
[greg@control ansible]$ ansible-playbook apache.yml
#6.验证
[greg@control ansible]$ ansible-inventory --graph
[greg@control ansible]$ curl node3
Welcome to node3.lab.example.com on 172.25.250.11
[greg@control ansible]$ curl node4
Welcome to node4.lab.example.com on 172.25.250.12
1 ---
2 # tasks file for apache
3 - name: Start service httpd, if not started
4 service:
5 name: httpd
6 state: started
7 enabled: yes
8 - name: Start service httpd, if not started
9 service:
10 name: firewalld
11 state: started
12 enabled: yes
13 - firewalld:
14 service: http
15 permanent: yes
16 state: enabled
17 immediate: yes
18 - name: Template a file to /etc/files.conf
19 template:
20 src: index.html.j2
21 dest: /var/www/html/index.html
7.从 Ansible Galaxy 使用角色
从 Ansible Galaxy 使用角色
根据下列要求,创建一个名为 /home/greg/ansible/roles.yml 的 playbook :
playbook 中包含一个 play, 该 play 在 balancers 主机组中的主机上运行并将使用 balancer 角色。
此角色配置一项服务,以在 webservers 主机组中的主机之间平衡 Web 服务器请求的负载。
浏览到 balancers 主机组中的主机(例如 http://172.25.250.13 )将生成以下输出:
1 Welcome to node3.lab.example.com on 172.25.250.11
重新加载浏览器将从另一 Web 服务器生成输出:
1 Welcome to node4.lab.example.com on 172.25.250.12
playbook 中包含一个 play, 该 play 在 webservers 主机组中的主机上运行并将使用 phpinfo 角色。
请通过 URL /hello.php 浏览到 webservers 主机组中的主机将生成以下输出:
1 Hello PHP World from FQDN
其中,FQDN 是主机的完全限定名称。
1 Hello PHP World from node3.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的 PHP 版本等。
同样,浏览到 http://172.25.250.12/hello.php 会生成以下输出:
1 Hello PHP World from node4.lab.example.com
另外还有 PHP 配置的各种详细信息,如安装的 PHP 版本等。
#1.编写playbook
[greg@control ansible]$ vim /home/greg/ansible/roles.yml
#2.执行playbook
[greg@control ansible]$ ansible-playbook /home/greg/ansible/roles.yml
#3.验证
浏览器访问http://172.25.250.13
Welcome to node4.lab.example.com on 172.25.250.11
Welcome to node4.lab.example.com on 172.25.250.12
浏览器访问http://172.25.250.13/hello.php
Hello PHP World from node4.lab.example.com
1 ---
2 - name: 从 Ansible Galaxy 使用角色
3 hosts: webservers
4 roles:
5 - phpinfo
6 - name: 从 Ansible Galaxy 使用角色
7 hosts: balancers
8 roles:
9 - balancer
8.A 创建和使用分区(NEW)
创建和使用分区
创建一个名为 /home/greg/ansible/partition.yml 的 playbook ,它将在所有受管节点上创建分区:
在vdb创建一个1500M主分区,分区号1,并格式化ext4
prod组将分区永久挂载到/data
如果磁盘空间不够,
给出提示信息Could not create partition of that size
创建800MiB分区
如果 vdb不存在,则给出提示信息this disk is not exist
[greg@control ansible]$ ansible-doc parted
/EX
- name: Create a new primary partition with a size of 1GiB
parted:
device: /dev/sdb
number: 1
state: present
part_end: 1GiB
[greg@control ansible]$ ansible-doc filesystem
/EX
- name: Create a ext2 filesystem on /dev/sdb1
filesystem:
fstype: ext2
dev: /dev/sdb1
[greg@control ansible]$ ansible-doc mount
/EX
- name: Mount DVD read-only
mount:
path: /mnt/dvd
src: /dev/sr0
fstype: iso9660
opts: ro,noauto
state: present
[greg@control ansible]$ ansible-doc debug
/EX
- debug:
msg: System {{ inventory_hostname }} has gateway {{ ansible_default_ipv4.gatewa>
when: ansible_default_ipv4.gateway is defined
[greg@control ansible]$ ansible dev -m setup -a "filter=*device*"
#1.创建playbook
[greg@control ansible]$ vim /home/greg/ansible/partition.yml
#2.执行playbook
[greg@control ansible]$ ansible-playbook partition.yml
#3.验证
[greg@control ansible]$ ansible all -a "blkid | grep /dev/vdb1"
1 ---
2 - name: 创建和使用分区
3 hosts: all
4 tasks:
5 - block:
6 - name: Create a new primary partition
7 parted:
8 device: /dev/vdb
9 number: 1
10 state: present
11 part_end: 1500MiB
12 - name: Create a ext2 filesystem on /dev/sdb1
13 filesystem:
14 fstype: ext4
15 dev: /dev/vdb1
16 - name: Mount DVD read-only
17 mount:
18 path: /data
19 src: /dev/vdb1
20 fstype: ext4
21 state: mounted
22 when: inventory_hostname in groups.prod
23 rescue:
24 - debug:
25 msg: Could not create partition of that size
26 - name: Create a new primary partition
27 parted:
28 device: /dev/vdb
29 number: 1
30 state: present
31 part_end: 800MiB
32 when: ansible_devices.vdb is defined
33 - debug:
34 msg: this disk is not exist
35 when: ansible_devices.vdb is not defined
8.B 创建和使用逻辑卷(OLD)
创建和使用逻辑卷
创建一个名为 /home/greg/ansible/lv.yml 的 playbook ,它将在所有受管节点上运行以执行下列任务:
创建符合以下要求的逻辑卷:
逻辑卷创建在 research 卷组中
逻辑卷名称为 data
逻辑卷大小为 1500 MiB
使用 ext4 文件系统格式化逻辑卷
如果无法创建请求的逻辑卷大小,应显示错误信息
1 Could not create logical volume of that size
,并且应改为使用大小 800 MiB。
如果卷组 research 不存在,应显示错误信息
1 Volume group done not exist。
不要以任何方式挂载逻辑卷
[greg@control ansible]$ ansible-doc lvol
/EX
- name: Create a logical volume of 512m
lvol:
vg: firefly
lv: test
size: 512
[greg@control ansible]$ ansible-doc filesystem
/EX
- name: Create a ext2 filesystem on /dev/sdb1
filesystem:
fstype: ext2
dev: /dev/sdb1
[greg@control ansible]$ ansible-doc debug
/EX
- debug:
msg: System {{ inventory_hostname }} has gatew>
when: ansible_default_ipv4.gateway is defined
[greg@control ansible]$ ansible dev -m setup -a "filter=*lvm*"
#1.创建playbook文件
[greg@control ansible]$ vim /home/greg/ansible/lv.yml
#2.执行playbook文件
[greg@control ansible]$ ansible-playbook lv.yml
#3.验证
[greg@control ansible]$ ansible all -a "lvs"
1 ---
2 - name: 创建和使用逻辑卷
3 hosts: all
4 tasks:
5 - block:
6 - name: Create a logical volume of 512m
7 lvol:
8 vg: research
9 lv: data
10 size: 1500
11 - name: Create a ext2 filesystem on /dev/sdb1
12 filesystem:
13 fstype: ext4
14 dev: /dev/research/data
15 rescue:
16 - debug:
17 msg: Could not create logical volume of that size
18 - name: Create a logical volume of 512m
19 lvol:
20 vg: research
21 lv: data
22 size: 800
23 when: ansible_lvm.vgs.research is defined
24 - debug:
25 msg: Volume group done not exist
26 when: ansible_lvm.vgs.research is not defined
9.生成主机文件
生成主机文件
将一个初始模板文件从 http://materials/hosts.j2 下载到 /home/greg/ansible
完成该模板,以便用它生成以下文件:针对每个清单主机包含一行内容,其格式与 /etc/hosts 相同
创建名为 /home/greg/ansible/hosts.yml 的 playbook ,它将使用此模板在 dev 主机组中的主机上生成文件 /etc/myhosts 。
该 playbook 运行后, dev 主机组中主机上的文件 /etc/myhosts 应针对每个受管主机包含一行内容:
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
3
4 172.25.250.9 node1.lab.example.com node1
5 172.25.250.10 node2.lab.example.com node2
6 172.25.250.11 node3.lab.example.com node3
7 172.25.250.12 node4.lab.example.com node4
8 172.25.250.13 node5.lab.example.com node5
[greg@control ansible]$ ansible-doc template
/EX
- name: Template a file to /etc/files.conf
template:
src: /mytemplates/foo.j2
dest: /etc/file.conf
owner: bin
group: wheel
mode: '0644'
[greg@control ansible]$ ansible dev -m setup -a "filter=*address*"
[greg@control ansible]$ ansible dev -m setup -a "filter=*name*"
#1.下载初始模板文件
[greg@control ansible]$ wget http://materials/hosts.j2
#2.创建playbook
[greg@control ansible]$ vim /home/greg/ansible/hosts.yml
#3.编写hosts.j2文件
[greg@control ansible]$ vim hosts.j2
#4.运行playbook
[greg@control ansible]$ ansible-playbook hosts.yml
#5.验证
[greg@control ansible]$ ansible dev -a "cat /etc/myhosts"
1 ---
2 - name: 生成主机文件
3 hosts: all
4 tasks:
5 - name: Template
6 template:
7 src: /home/greg/ansible/hosts.j2
8 dest: /etc/myhosts
9 when: inventory_hostname in groups.dev
方法一:
1 127.0.0.1 localhost localhost.localdomain localhost4 localho st4.localdomain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.lo caldomain6
3
4 {% for host in groups['all'] %}
5 {{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host].ansible_nodename }} {{ hostvars[host].ansible_hostname }}
6 {% endfor %}
方法二:
{% for host in groups['all'] %} {{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['nodename'] }} {{ hostvars[host] ['ansible_facts']['hostname'] }} {% endfor %}
方法三:
#直接复制 /etc/hosts 内容到 hosts.j2 文件
#运行playbook
10.修改文件内容
修改文件内容
按照下方所述,创建一个名为 /home/greg/ansible/issue.yml 的 playbook :
该 playbook 将在所有清单主机上运行
该 playbook 会将 /etc/issue 的内容替换为下方所示的一行文本:
在 dev 主机组中的主机上,这行文本显示 为:Development
在 test 主机组中的主机上,这行文本显示 为:Test
在 prod 主机组中的主机上,这行文本显示 为:Production
[greg@control ansible]$ ansible-doc copy
- name: Copy using inline content
copy:
content: '# This file was moved to /etc/other.con>
dest: /etc/mine.conf
#1.创建playbook,并编写
[greg@control ansible]$ vim /home/greg/ansible/issue.yml
#2.运行playbook
[greg@control ansible]$ ansible-playbook issue.yml
#3.验证
[greg@control ansible]$ ansible all -a "cat /etc/issue"
[greg@control ansible]$ ansible-inventory --graph
1 ---
2 - name: 修改文件内容
3 hosts: all
4 tasks:
5 - name: Copy using inline content
6 copy:
7 content: 'Development'
8 dest: /etc/issue
9 when: inventory_hostname in groups.dev
10 - name: Copy using inline content
11 copy:
12 content: 'Test'
13 dest: /etc/issue
14 when: inventory_hostname in groups.test
15 - name: Copy using inline content
16 copy:
17 content: 'Production'
18 dest: /etc/issue
19 when: inventory_hostname in groups.prod
11.创建 Web 内容目录
创建 Web 内容目录
按照下方所述,创建一个名为 /home/greg/ansible/webcontent.yml 的 playbook :
该 playbook 在 dev 主机组中的受管节点上运行
创建符合下列要求的目录 /webdev :
所有者为 webdev 组
具有常规权限:owner=read+write+execute , group=read+write+execute ,other=read+execute
具有特殊权限:设置组 ID
用符号链接将 /var/www/html/webdev 链接到 /webdev
创建文件 /webdev/index.html ,其中包含如下所示的单行文件: Development
在 dev 主机组中主机上浏览此目录(例如 http://172.25.250.9/webdev/ )将生成以下输出:
1 Development
#1.检查webdev 组是否存在
[greg@control ansible]$ ansible dev -a "grep webdev /etc/group"
node1 | CHANGED | rc=0 >>
webdev:x:1003:
#2.创建playbook
[greg@control ansible]$ /home/greg/ansible/webcontent.yml
#3.运行playbook
[greg@control ansible]$ ansible-playbook webcontent.yml
#3.浏览器浏览http://172.25.250.9/webdev/
Development
[greg@control ansible]$ ansible-doc file
/EX
- name: Change file ownership, group and permissions
file:
path: /etc/foo.conf
owner: foo
group: foo
mode: '0644'
- name: Create a directory if it does not exist
file:
path: /etc/some_directory
state: directory
mode: '0755'
- name: Create a symbolic link
file:
src: /file/to/link/to
dest: /path/to/symlink
owner: foo
group: foo
state: link
[greg@control ansible]$ ansible-doc copy
/EX
- name: Copy using inline content
copy:
content: '# This file was moved to /etc/other.conf'
dest: /etc/mine.conf
- setype
The type part of the SELinux file context.
When set to `_default', it will use the `type' portion of>
policy if available.
[Default: (null)]
type: str
- name: Start service httpd, if not started
service:
name: httpd
state: started
enabled: yes
1 ---
2 - name: 创建 Web 内容目录
3 hosts: dev
4 tasks:
5 - name: Change file ownership
6 file:
7 path: /webdev
8 state: directory
9 group: webdev
10 mode: '2775'
11 - name: Create a symbolic link
12 file:
13 src: /webdev
14 dest: /var/www/html/webdev
15 state: link
16 - name: Copy using inline content
17 copy:
18 content: 'Development'
19 dest: /webdev/index.html
20 setype: httpd_sys_content_t
21 - name: Start service httpd, if not started
22 service:
23 name: httpd
24 state: started
25 enabled: yes
12.生成硬件报告
生成硬件报告
创建一个名为 /home/greg/ansible/hwreport.yml 的 playbook ,它将在所有受管节点上生成含有以下信息的输出文件 /root/hwreport.txt :
清单主机名称
以 MB 表示的总内存大小
BIOS 版本
磁盘设备 vda 的大小
磁盘设备 vdb 的大小
输出文件中的每一行含有一个 key=value 对。
您的 playbook 应当:
从 http://materials/hwreport.empty 下载文件,并将它保存为 /root/hwreport.txt
使用正确的值改为 /root/hwreport.txt
如果硬件项不存在,相关的值应设为 NONE
#1.创建playbook
[greg@control ansible]$ vim /home/greg/ansible/hwreport.yml
#2.运行playbook
[greg@control ansible]$ ansible-playbook hwreport.yml
#3.验证
[greg@control ansible]$ ansible all -a 'cat /root/hwreport.txt'
[greg@control ansible]$ ansible-doc lineinfile
/EX
- name: Ensure SELinux is set to enforcing mode
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=enforcing
[greg@control ansible]$ ansible-doc get_url
/EX
- name: Download foo.conf
get_url:
url: http://example.com/path/file.conf
dest: /etc/foo.conf
mode: '0440'
[greg@control ansible]$ ansible dev -m debug -a "var=inventory_hostname"
[greg@control ansible]$ ansible dev -m setup -a "filter=*mem*"
[greg@control ansible]$ ansible dev -m setup -a "filter=*bios*"
[greg@control ansible]$ ansible dev -m setup -a "filter=*device*"
1 ---
2 - name: 生成硬件报告
3 hosts: all
4 tasks:
5 - name: Download
6 get_url:
7 url: http://materials/hwreport.empty
8 dest: /root/hwreport.txt
9 - name: Ensure1
10 lineinfile:
11 path: /root/hwreport.txt
12 regexp: '^HOST='
13 line: HOST={{ inventory_hostname }}
14 - name: Ensure2
15 lineinfile:
16 path: /root/hwreport.txt
17 regexp: '^MEMORY='
18 line: MEMORY={{ ansible_memtotal_mb }}
19
20 - name: Ensure3
21 lineinfile:
22 path: /root/hwreport.txt
23 regexp: '^BIOS='
24 line: BIOS={{ ansible_bios_version }}
25 - name: Ensure4
26 lineinfile:
27 path: /root/hwreport.txt
28 regexp: '^DISK_SIZE_VDA='
29 line: DISK_SIZE_VDA={{ ansible_devices.vda.size }}
30
31 - name: Ensure5
32 lineinfile:
33 path: /root/hwreport.txt
34 regexp: '^DISK_SIZE_VDB='
35 line: DISK_SIZE_VDB={{ ansible_devices.vdb.size | default('NONE', true) }}
13.创建密码库
(15题先,13题后,再14题)
创建密码库
按照下方所述,创建一个 Ansible 库来存储用户密码:
库名称为 /home/greg/ansible/locker.yml
库中含有两个变量,名称如下:
pw_developer,值为 Imadev
pw_manager,值为 Imamgr
用于加密和解密该库的密码为 whenyouwishuponastar
密码存储在文件 /home/greg/ansible/secret.txt 中
#1.密码导入密码存储文件
[greg@control ansible]$ echo "whenyouwishuponastar" > /home/greg/ansible/secret.txt
#2.修改配置文件存储路径
[greg@control ansible]$ vim ansible.cfg
/password
144 #vault_password_file = /path/to/vault_password_file
145 vault_password_file = /home/greg/ansible/secret.txt
#3.创建Ansible 库,存储用户密码
[greg@control ansible]$ ansible-vault create /home/greg/ansible/locker.yml
pw_developer: Imadev
pw_manager: Imamgr
#4.验证
[greg@control ansible]$ ansible-vault view /home/greg/ansible/locker.yml
---
pw_developer: Imadev
pw_manager: Imamgr
[greg@control ansible]$ cat /home/greg/ansible/locker.yml
14.创建用户帐户
(15题先,13题后,再14题)
创建用户帐户
从 http://materials/user_list.yml 下载要创建的用户的列表,并将它保存到 /home/greg/ansible
在本次练习中使用在其他位置创建的密码库 /home/greg/ansible/locker.yml 。创建名为 /home/greg/ansible/users.yml 的 playbook ,从而按以下所述创建用户帐户:
职位描述为 developer 的用户应当:
在 dev 和 test 主机组中的受管节点上创建
从 pw_developer 变量分配密码
是补充组 devops 的成员
职位描述为 manager 的用户应当:
在 prod 主机组中的受管节点上创建
从 pw_manager 变量分配密码
是补充组 opsmgr 的成员
密码采用 SHA512 哈希格式。
您的 playbook 应能够在本次练习中使用在其他位置创建的库密码文件 /home/greg/ansible/secret.txt 正常运行。
#查看组是否存在
[greg@control ansible]$ ansible dev,test -a "grep devops /etc/group"
#playbook查询文档
[greg@control ansible]$ ansible-doc group
/EX
- name: Ensure group "somegroup" exists
group:
name: somegroup
state: present
[greg@control ansible]$ ansible-doc user
/EX
- name: Add the user 'james' with a bash shell, appen>
user:
name: james
shell: /bin/bash
groups: admins,developers
append: yes
#1.下载要创建的用户的列表
[greg@control ansible]$ wget http://materials/user_list.yml
#2.创建playbook,并编写
[greg@control ansible]$ vim /home/greg/ansible/users.yml
#3.运行playbook
[greg@control ansible]$ ansible-playbook users.yml
#4.验证
[greg@control ansible]$ ansible-inventory --graph
[greg@control ansible]$ ansible dev,test -m shell -a "id bob; id sally; id fred"
[greg@control ansible]$ ssh bob@node1
[greg@control ansible]$ ansible prod -m shell -a "id bob; id sally; id fred"
[greg@control ansible]$ ssh sally@node3
1 ---
2 - name: 创建用户帐户
3 hosts: dev,test
4 vars_files:
5 - /home/greg/ansible/locker.yml
6 - /home/greg/ansible/user_list.yml
7 tasks:
8 - name: Ensure group "somegroup" exists
9 group:
10 name: devops
11 state: present
12 - name: Add the user
13 user:
14 name: "{{ item.name }}"
15 groups: devops
16 password: "{{ pw_developer | password_hash('sha512') }}"
17 append: yes
18 loop: "{{ users }}"
19 when: item.job == 'developer'
20
21 - name: 创建用户帐户
22 hosts: prod
23 vars_files:
24 - /home/greg/ansible/locker.yml
25 - /home/greg/ansible/user_list.yml
26 tasks:
27 - name: Ensure group "somegroup" exists
28 group:
29 name: opsmgr
30 state: present
31 - name: Add the user
32 user:
33 name: "{{ item.name }}"
34 groups: opsmgr
35 password: "{{ pw_manager | password_hash('sha512') }}"
36 append: yes
37 loop: "{{ users }}"
38 when: item.job == 'manager'
15.更新 Ansible 库的密钥
(15题先,13题后,再14题)
更新 Ansible 库的密钥
按照下方所述,更新现有 Ansible 库的密钥:
从 http://materials/salaries.yml 下载 Ansible 库到 /home/greg/ansible
当前的库密码为 insecure8sure
新的库密码为 bbs2you9527
库使用新密码保持加密状态
#1.下载Ansible 库
[greg@control ansible]$ wget http://materials/salaries.yml
#2.重设密码
[greg@control ansible]$ ansible-vault rekey /home/greg/ansible/salaries.yml
#3.验证
[greg@control ansible]$ ansible-vault view /home/greg/ansible/salaries.yml
Vault password:
haha
16.配置 cron 作业(增加)
配置 cron 作业
创建一个名为 /home/greg/ansible/cron.yml 的 playbook :
该 playbook 在 test 主机组中的受管节点上运行
配置 cron 作业,该作业每隔 2 分钟运行并执行以下命令:
logger "EX200 in progress",以用户 bob 身份运行
[greg@control ansible]$ ansible-doc cron
/EX
- name: Creates a cron file under /etc/cron.d
cron:
name: yum autoupdate
weekday: "2"
minute: "0"
hour: "12"
user: root
job: "YUMINTERACTIVE=0 /usr/sbin/yum-autoupdate"
cron_file: ansible_yum-autoupdate
#1.创建playbook
[greg@control ansible]$ vim /home/greg/ansible/cron.yml
#2.运行playbook
[greg@control ansible]$ ansible-playbook cron.yml
#3.验证
[greg@control ansible]$ ansible test -a "grep EX200 /var/log/cron"
node2 | CHANGED | rc=0 >>
Jul 8 15:34:02 node2 CROND[6182]: (bob) CMD (logger "EX200 in progress")
[greg@control ansible]$ ansible test -a "crontab -l -u bob"
1 ---
2 - name: cron
3 hosts: test
4 tasks:
5 - name: Creates a cron
6 cron:
7 name: yum autoupdate
8 minute: "*/2"
9 user: bob
10 job: logger "EX200 in progress"
🌼 结语:创作不易,如果觉得博主的文章赏心悦目,还请——
点赞👍收藏⭐️评论📝
