首页 > 其他分享 >Playbook 从0到1

Playbook 从0到1

时间:2023-01-12 14:35:17浏览次数:65  
标签:control myx 主机 ansible Playbook node2 root

  • 一 环境配置


角色

主机名

ip 地址

组名

控制节点

control

192.168.188.60

localhost

被控制节点1

node1

192.168.188.61

nodes

被控制节点2

node2

192.168.188.62

nodes


  •  

  • 1.配置三个主机/etc/hosts文件,实现通过主机名互相访问

  • 在三个主机上均需要配置

  •  

  • Vim 
[rootecontrol cat 
127.0.0 
local host 
local host 
cont rot 
192.168. Idd.5e 
nodel 
192. 168. 188. 51 
192 
'etc/ hosts 
'etc/ hosts 
localhost. localdomain localhost4 localhost4. localdomain4 
localhost. localdomain localhost6 localhost6. localdomain6

  •  

  • 2.配置ssh远程免密连接

  • 2.1在控制主机control生成秘钥

  • Irootßcontrol ssh- keygen -t rsa 
Generating public/private r sa key pair. 
Enter file in which to save the key ('root/ .ssh/id_rsa); 
Created directory ' 'root/ . 
Enter passphrase (empty for no passphrase) 
Enter same passphrase again; 
Your identification has been saved in 'root/ .ssh/id_rsa. 
Your public key has been saved in 'root/ .ssh/id_rsa.pub. 
The key fingerprint is; 
SHA256 root@control 
The key's randomart image is; 
--IRSA 30721----+ 
El 
.01 
100

  •  

  •  

  • 2.2 发送公钥到受控主机node1 node2

  • [root@control ~]# ssh-copy-id -i node1

  • [root@control ~]# ssh-copy-id -i node2

  •  

  • 二 控制主机control上安装ansible

  • 1.确认控制主机可以上网

  • 2.挂载并配置 epel源

  • 2.1挂载

  • [root@control ~]# mount /dev/sr0 /mnt

  • mount: /mnt: WARNING: device write-protected, mounted read-only.

  •  

  • 2.2 配置epel源

  • [root@control ~]# cd /etc/yum.repos.d

  • [root@control yum.repos.d]# vim epel.repo

  • [root@control yum.repos.d]# cat epel.repo

  • [epel]

  • name = epel

  • baseurl = ​​https://mirrors.tuna.tsinghua.edu.cn/epel/8/Everything/x86_64/​

  • gpgcheck = 0

  • enabled = 1

  •  

  •  

  • 3、通过yum安装ansible

  • [root@control yum.repos.d]# yum install ansible

  • rcvat@control yum install 
Last retadata expiration 
check: ago on Thu 12 Jan 2623 PM CST. 
Dependencies resolved . 
python39 •pip-wheel 
Pac kage 
Installing: 
Arch 
noa rch 
Installing dependencies: 
an s ible- core 
gi t - core 
python" 
python" 
python39-idna 
python39•Iibs 
python39•pIy 
x86 64 
x86 64 
x86 64 
x86 64 
python39-cryptography 
x86 64 
noarch 
x86 64 
noa rch 
noa rch 
python39•pycparser 
noa rch 
Version 
6.3.o.1.e18 
2.13.5-1.e18 
2.31.1-2.e18 
3.9.14-2 .module 
1.14.3-2 e18.7.e+1178+eba513e8 
3.3.1-2 .module 
2.1e-3.modu1e e18.5.e+738+dc19af12 
3.9.14-2 .module 
20.2.4-7 .module e18.7.e+1213+291b6551 
3.11-10.modu1e e18.5+738+dc19af12 
2.2e-3.modu1e e18.5.e+738+dc19af12 
Repo 
epei 
appstream 
appstream 
appstream 
appstream 
appstream 
appstream 
appstream 
appstream 
appstream 
aoostream 
Size 
35 
2.8 
4.7 
33 
250 
556 
88 
8.2 
1.1 
131

  •  

  • 4、通过 ansible --version 判断是否安装成功

  • [root@control ~]# ansible --version

  • [root@control ansible - -version 
ansible [core 2.13.51 
config file = 
/etc/ansible/ansible. cfg 
configured module search path 
I ' / root/. ansible/plugins/modules' , 
/usr/share 
,'ansible/pl 'I 
ansible python module location 
= /usr/Iib/python3. "site-packages/ansible 
ansible collection location 
/ root/. ansible/conections:/usr/share/ansible/co 
nections 
executable location 
/usr/bin/ansible 
python version 
3.9.14 (main, Dec 5 2022, 13:41:22) IGCC 8.5.0 20210514 (Red 
Hat 8.5.0-17)1 
3.1.2 
JlnJa verslon 
lib','am

  • 三. 定义主机清单

  • 默认安装ansible匹配的主机清单文件是/etc/ansible/hosts

 

创建一个自己的目录来做ansible测试

[root@control ~]# cd myx

[root@control myx]# vim inventory

[root@control myx]# cat inventory

[nodes]

node1

node2

 

 

I rootacontrol 
I rootacontrol 
I rootßcontrol 
I rootacontrol 
Inodesl 
nodeL 
mkdir myx 
cd myx 
myxl# vim inventory.yml 
myxl# cat inventory.yml

 

 

四、ansible使用ssh连接受管主机并配置免密登录,一般不建议用管理用户,要求通过普通用户 myx进行链接

1、将公钥发送给node1主机和node2主机的myx用户

root@control myx]# ssh-copy-id myx@node1

root@control myx]# ssh-copy-id myx@node2

2、配置ansible文件

[root@control myx]# vim ansible.cfg

[root@control myx]# cat ansible.cfg

[defaults]

inventory = ./inventory

remote_user = myx

ask_pass = false

 

3、测试

 

[root@control myx]# ansible all -a "whoami"

node1 | CHANGED | rc=0 >>

myx

node2 | CHANGED | rc=0 >>

myx

 

五、远程用户sudo提权

1、对myx用户下放权限(特权升级也要做这一步)

 

[root@node1 ~]# vim /etc/sudoers

 

root    ALL=(ALL)       ALL

myx  ALL=(ALL)   NOPASSWD: ALL //授权myx用户在所有计算机上以所有用户身份免密执行所有命令

 

[root@node2 ~]# vim /etc/sudoers

 

root    ALL=(ALL)       ALL

myx  ALL=(ALL)   NOPASSWD: ALL

 

 

2、设置默认sudo用户为root,关闭提权时的密码验证

[root@control myx]# vim ansible.cfg

[root@control myx]# cat ansible.cfg

 

[defaults]

inventory=./inventory

remote_user=myx

ask_pass=False

sudo_user=root   //默认的sudo用户

ask_sudo_pass=False   //提权时是否密码验证

 

//特权升级

[privilege_escalation]  

become=True              //连接后是否在受管主机上切换用户,默认会切换到root下

become_method=sudo       //如何切换用户

become_user=root         //受管主机切换到的哪个用户

become_ask_pass=False    //是否为become_method提示输入密码

 

3、测试

[root@control myx]# ansible nodes -m ping

node1 | SUCCESS => {

    "ansible_facts": {

        "discovered_interpreter_python": "/usr/libexec/platform-python"

    },

    "changed": false,

    "ping": "pong"

}

node2 | SUCCESS => {

    "ansible_facts": {

        "discovered_interpreter_python": "/usr/libexec/platform-python"

    },

    "changed": false,

    "ping": "pong"

}

[root@control myx]# ansible all -a "id"

node2 | CHANGED | rc=0 >>

uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

node1 | CHANGED | rc=0 >>

uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

 

五、写一个playbook并执行

[root@control myx]# vim createuser.yml

[root@control myx]# cat createuser.yml

---

- name: this is my first play

  hosts: nodes

  tasks:

          - name: create a new user

            user:

                    name: test0112

                    uid: 20230112

                    state: present

 

[root@control myx]# ansible-playbook createuser.yml

 

PLAY [this is my first play] ***************************************************

 

TASK [Gathering Facts] *********************************************************

ok: [node1]

ok: [node2]

 

TASK [create a new user] *******************************************************

changed: [node1]

changed: [node2]

 

PLAY RECAP *********************************************************************

node1                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  

node2                      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0  

 

[root@control myx]# cat createuser.yml 
name : 
hosts: 
tasks : 
this is my first play 
nodes 
name : 
user: 
create a new user 
name: test0112 
uid: 20230112 
state: present 
[root@control myx]# ansible-playbook createuser.yml 
PLAY [this is my first play] 
TASK [Gathering Facts] 
ok: 
[nodel] 
ok: [node2] 
TASK [create a new user] 
changed: [nodel] 
changed: [node2] 
nodel 
node2 
ok=2 
ok=2 
changed=l 
changed=l 
unreachable=o 
unreachable=o 
failed=O 
failed=O 
skipped—O 
skipped 
rescued=O 
rescued 
ignored=O 
ignored=O

标签:control,myx,主机,ansible,Playbook,node2,root
From: https://blog.51cto.com/u_14567835/6004163

相关文章

  • 使用ansible-playbook自动化安装redis哨兵
    【使用自动化安装MySQL主从架构】说明:使用ansible-playbook 自动化安装redis哨兵+redis-exporter的采集数据【剧本说明】以下文件在roles目录下treeroles/redis_s......
  • 使用ansible-playbook自动化安装MySQL主从
    【使用自动化安装MySQL主从架构】说明:使用ansible-playbook 自动化安装MySQL主从+ mysqld-exporter的采集数据+ xtrabackup备份【剧本说明】以下文件在roles目录......
  • 34-Ansible常用playbook和大型项目role角色拆分
    yaml简单示例#格式要求在单一文件第一行,用连续三个连字号"-"开始,还有选择性的连续三个点号(...)用来表示文件的结尾次行开始正常写Playbook的内容,一般建议写明该......
  • Ansible之Playbook介绍和使用
    1、https://blog.csdn.net/zfw_666666/article/details/1246918771.Playbook介绍       Playbook与ad-hoc相比,是一种完全不同的运用ansible的方式,类似与saltstac......
  • 关于如何控制Ansible Playbook的执行顺序、运行选定的剧本资源的一些笔记
    写在前面和小伙伴们分享一些​​Ansible​​​中​​Playbook​​执行顺序控制的手段以及运行选定的任务的方法不知道小伙伴们有么有遇到这样的情况一些运维场景,​​Github......
  • playbook变量(10)
    playbook变量的使用变量名:仅能由字母、数字和下划线组成,且只能以字母开头变量的定义variable=value示范http_port=80变量的调用方式通过{{variable_name}}调用变......
  • playbook核心元素(8)
    playbook核心元素Hosts执行的远程主机列表Tasks任务集Variables内置变量或自定义变量在playbook中调用Templates模板,可替换模板文件中的变量并实现一些简单逻辑的......
  • playbook(9)
    基本格式ansible-playbook<filename.yml>...[options]常见选项-C--check#只检测可能会发生的改变,但不真正执行操作--list-hosts#列出运行......
  • AnsiblePlaybook变量默认值设置
    ----hosts:localremote_user:roottasks:-name:debugdebug:msg:"vis{{item}}"with_items:-"{{v|default(10)}}......
  • Ansible-Playbook
    playbooks是一个不同于使用Ansible命令行执行方式的模式,其功能更强大灵活。简单来说,playbook是一个非常简单的配置管理和多主机部署系统,不同于任何已经存在的模式,可作为一......