文章目录
1.安装和配置Ansible
sudo yum-config-manager --add-repo=http://content.example.com/rhel8.0/x86_64/ucfupdates/
inventory
node1
node2
node3
node4
node5
[dev]
node1
[test]
node2
[prod]
node3
node4
[balancers]
node5
[webservers:children]
prod
ansible.cfg
[defaults]
inventory = /home/greg/ansible/inventory
remote_user = greg
ask_pass = false
roles_path = /home/greg/ansible/roles
[privilege_escalation]
become=yes
become_method=sudo
become_user=root
become_ask_pass=False
记得创建roles目录
mkdir /home/greg/ansible/roles
2.创建和运行Ansible临时命令
adhoc.sh
#!/bin/bash
ansible all -m yum_repository -a 'name="EX294_BASE" description="EX294 base software" baseurl="http://repo.domainx.example.com/BaseOS" gpgcheck=yes gpgkey="http://repo.domainx.example.com/RPM-GPG-KEY-redhat-release"'
ansible all -m yum_repository -a 'name="EX294_STREAM" description="EX294 stream software" baseurl="http://repo.domainx.example.com/AppStream" gpgcheck=yes gpgkey="http://repo.domainx.example.com/RPM-GPG-KEY-redhat-release"'
3.安装软件包
packages.yml
---
- name: install pkg
hosts: dev,test,prod
tasks:
- name: use yum module install pkg
yum:
name:
- php
- mariadb
state: latest
- name: install pkg
hosts: dev
tasks:
- name: install rpm tools
yum:
name: "@RPM Development Tools"
state: latest
- name: update all version
yum:
name: "*"
state: latest
adhoc使用shell模块检查现象
ansible all -m shell -a 'rpm -qa | grep php'
ansible dev,test,prod -m shell -a 'rpm -qa | grep mariadb'
ansible dev,test,prod -m shell -a 'yum group list'
4.使用RHEL系统角色
安装RHEL系统角色软件包,并创建符合条件的timesync.yml
1.在所有受管理节点上运行
2.使用timesync角色
3.配置该角色,以使用当前有效的NTP提供商
4.配置该角色,以使用时间服务器172.25.254.254
5.配置该角色,以启用iburst参数
第一步,查询系统role的安装包并安装
yum list | grep role
sudo yum -y install rhel-system-roles
第二步,查询安装包的路径
#查询安装的roles路径
[greg@control ansible]$ rpm -qa | grep role
rhel-system-roles-1.0-5.el8.noarch
[greg@control ansible]$ rpm -ql rhel-system-roles
第三步,将系统role的安装路径配置到ansible.cfg中
roles_path = /home/greg/ansible/roles:/usr/share/ansible/roles/
4.查看系统role里本题需要使用的变量
vim /usr/share/ansible/roles/linux-system-roles.timesync/tasks/main.yml
5.timesync.yml:
---
- name: use system role
hosts: all
vars:
timesync_ntp_servers:
- hostname: 172.25.254.254
iburst: yes
roles:
- rhel-system-roles.timesync
playbook运行之前检查所有主机的NTP的状况
运行playbook之后
创建符合条件的selinux.yml
1.在所有受管节点上运行
2.使用selinux角色
3.设置所有的节点selinux状态为enforcing
selinux.yml
---
- name