2、生成主机文件(自己主机)
将一个初始模板文件从http://content.example.com/hosts.j2下载到/home/student/ansible
完成该模板,以便用它生成以下文件:针对每个清单主机包含一行内容,其格式与 /etc/hosts 相同
创建名为 /home/student/ansible/hosts.yml 的playbook,它将使用此模板在 dev 主机组中的主机上生成文件 /etc/myhosts。
该 playbook 运行后,dev 主机组中主机上的文件/etc/myhosts 应针对每个受管主机包含一行内容:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[student@ansible ansible]$ cat hosts.yml
---
- name: get all facts
hosts: all
- name: cp to myhosts
hosts: dev
tasks:
- name: touch myhosts
file:
path: /etc/myhosts
state: touch
- name: cp file
template:
src: /home/student/ansible/hosts.j2
dest: /etc/myhosts
[student@ansible ansible]$
[root@node1 ~]# cat /etc/myhosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.20 node1.example.com node1
192.168.100.30 node2.example.com node2
192.168.100.40 node3.example.com node3
3、创建密码库
按照下方所述,创建一个 Ansible 库来存储用户密码:
库名称为 /home/student/ansible/locker.yml
库中含有两个变量,名称如下:
pw_developer,值为 Imadev
pw_manager,值为 Imamgr
用于加密和解密该库的密码为whenyouwishuponastar
密码存储在文件 /home/student/ansible/secret.txt中
[student@workstation ansible]$ vim locker.yml
---
pw_developer: lmadev
pw_manager: lmamgr
[student@workstation ansible]$ echo whenyouwishuponastar > secret.txt
[student@workstation ansible]$ chmod 600 secret.txt
[student@workstation ansible]$ ansible-vault encrypt locker.yml --vault-id=/home/student/ansible/secret.txt
Encryption successful
4、创建用户账户
从 http://content.example.com/user_list.yml 下载要创建的用户的列表,并将它保存到 /home/student/ansible
在本次考试中使用在其他位置创建的密码库 /home/student/ansible/locker.yml,创建名为/home/student/ansible/users.yml 的playbook,从而按以下所述创建用户帐户:
职位描述为 developer 的用户应当:
在 dev 和 test 主机组中的受管节点上创建
从 pw_developer 变量分配密码,密码有效期为30天
是附加组 student 的成员
职位描述为 manager 的用户应当:
在 prod 主机组中的受管节点上创建
从 pw_manager 变量分配密码,密码有效期为30天
是附加组 opsmgr 的成员
密码应采用 SHA512 哈希格式。
您的 playbook 应能够在本次考试中使用在其他位置创建的库密码文件/home/student/ansible/secret.txt 正常运行
[student@workstation ansible]$ wget http://content.example.com/user_list.yml
[student@workstation ansible]$ vim ---
- name: create developer
hosts: dev,test
vars_files:
- /home/student/ansible/locker.yml
- /home/student/ansible/user_list.yml
tasks:
- name: create group
group:
name: student
state: present
- name: create user
user:
name: "{{ item.name }}"
groups: student
password: "{{ pw_developer | password_hash('sha512') }}"
state: present
loop: "{{ users }}"
when: item.job == "developer"
- name: chage
shell:
cmd: chage -M 30 {{ item.name }}
loop: "{{ users }}"
when: item.job == "developer"
- name: create manager
hosts: prod
vars_files:
- /home/student/ansible/locker.yml
- /home/student/ansible/user_list.yml
tasks:
- name: create group
group:
name: opsmgr
- name: create manager
user:
name: "{{ item.name }}"
groups: opsmgr
password: "{{ pw_manager | password_hash('sha512') }}"
state: present
loop: "{{ users }}"
when: item.job == "manager"
- name: chage 30
shell:
cmd: chage -M 30 {{ item.name }}
loop: "{{ users }}"
when: item.job == "manager"
[student@workstation ansible]$ ansible-playbook users.yml --vault-id secret.txt
PLAY [create developer] ******************************************************************
TASK [Gathering Facts] *******************************************************************
ok: [serverb]
ok: [servera]
TASK [create group] **********************************************************************
ok: [servera]
ok: [serverb]
TASK [create user] ***********************************************************************
changed: [servera] => (item={'name': 'bob', 'job': 'developer'})
skipping: [servera] => (item={'name': 'sally', 'job': 'manager'})
changed: [serverb] => (item={'name': 'bob', 'job': 'developer'})
skipping: [serverb] => (item={'name': 'sally', 'job': 'manager'})
changed: [servera] => (item={'name': 'fred', 'job': 'developer'})
changed: [serverb] => (item={'name': 'fred', 'job': 'developer'})
TASK [chage] *****************************************************************************
changed: [servera] => (item={'name': 'bob', 'job': 'developer'})
skipping: [servera] => (item={'name': 'sally', 'job': 'manager'})
changed: [serverb] => (item={'name': 'bob', 'job': 'developer'})
skipping: [serverb] => (item={'name': 'sally', 'job': 'manager'})
changed: [servera] => (item={'name': 'fred', 'job': 'developer'})
changed: [serverb] => (item={'name': 'fred', 'job': 'developer'})
PLAY [create manager] ********************************************************************
TASK [Gathering Facts] *******************************************************************
ok: [serverd]
ok: [serverc]
TASK [create group] **********************************************************************
changed: [serverd]
changed: [serverc]
TASK [create manager] ********************************************************************
skipping: [serverc] => (item={'name': 'bob', 'job': 'developer'})
skipping: [serverd] => (item={'name': 'bob', 'job': 'developer'})
changed: [serverc] => (item={'name': 'sally', 'job': 'manager'})
skipping: [serverc] => (item={'name': 'fred', 'job': 'developer'})
changed: [serverd] => (item={'name': 'sally', 'job': 'manager'})
skipping: [serverd] => (item={'name': 'fred', 'job': 'developer'})
TASK [chage 30] **************************************************************************
skipping: [serverc] => (item={'name': 'bob', 'job': 'developer'})
skipping: [serverd] => (item={'name': 'bob', 'job': 'developer'})
changed: [serverc] => (item={'name': 'sally', 'job': 'manager'})
skipping: [serverc] => (item={'name': 'fred', 'job': 'developer'})
changed: [serverd] => (item={'name': 'sally', 'job': 'manager'})
skipping: [serverd] => (item={'name': 'fred', 'job': 'developer'})
PLAY RECAP *******************************************************************************
servera : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverb : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverc : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverd : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0