1、给受管主机部署yum仓库
需要验证软件包 GPG 签名
GPG key 在 /etc/pki/rpm-gpg/RPM-GPG-KEY-*启用此软件仓库
部署成功后在受管主机上安装vsftpd软件包。
[xiaoming@centos7 ~]$ cd /home/xiaoming/ansible/
[xiaoming@centos7 ansible]$ cd chap01/
[xiaoming@centos7 chap01]$ pwd
/home/xiaoming/ansible/chap01
//编写配置文件.yml
[xiaoming@centos7 chap01]$ vim test1.yml
---
- name: first play
hosts: node01
tasks:
//创建仓库
- name: create base
yum_repository:
name: base
description: baseos
baseurl: https://mirrors.aliyun.com/centos/8/BaseOS/x86_64/os/
gpgcheck: no
- name: create app
yum_repository:
name: app
description: appsteam
baseurl: https://mirrors.aliyun.com/centos/8/AppStream/x86_64/os/
gpgcheck: no
//安装vsftpd
- name: install vsftpd
yum:
name: vsftpd
state: latest
//检查playbook.yml文件是否有语法错误:
[xiaoming@centos7 chap01]$ ansible-playbook --syntax-check test1.yml
playbook: test1.yml //语法无误
//运行playbook文件:
[xiaoming@centos7 chap01]$ ansible-playbook test1.yml(配置文件)
PLAY [first play] *****************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [node01]
TASK [create base] ****************************************************************************************************
changed: [node01]
TASK [create app] *****************************************************************************************************
changed: [node01]
TASK [install vsftpd] *************************************************************************************************
changed: [node01]
PLAY RECAP ************************************************************************************************************
node01 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2、给web主机组写一个playbook,该playbook有两个play,第一个play可以保证在web主机组上安装httpd和php,确保web主机组的/var/www/html/目录下面有一个文件为index.php,内容如下:
$ cat /var/www/html/index.php <?php phpinfo();
该playbook里面的第二个play用于测试该web主机组的web服务能否被成功访问index.php内容。
[xiaoming@centos7 chap01]$ ll
总用量 20
-rw-r--r--. 1 xiaoming xiaoming 164 11月 22 22:35 ansible.cfg
-rw-rw-r--. 1 xiaoming xiaoming 30 11月 26 14:43 inventory
-rw-rw-r--. 1 xiaoming xiaoming 505 11月 26 14:07 test1.yml
-rw-rw-r--. 1 xiaoming xiaoming 359 11月 26 15:31 test2.yml
//配置inventory文件
[xiaoming@centos7 chap01]$ cat inventory
[webservers]
node01
centos7
//配置.yml文件
[xiaoming@centos7 chap01]$ cat test2.yml
---
- name: play1
hosts: webservers
tasks:
- name: install //安装httpd php
yum:
name:
- httpd
- php
state: latest
- name: text //给相关文件copy内容
copy:
content: "<?php\nphpinfo();\n"
dest: /var/www/html/index.php
- name: httpd //启动httpd服务
service:
name: httpd
state: started
- name: play2 //测试web服务是否能被访问
hosts: centos7
tasks:
- name: ceshi
uri:
url: http://centos7
//运行playbook
[xiaoming@centos7 chap01]$ ansible-playbook test2.yml
PLAY [play1] **********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [centos7]
ok: [node01]
TASK [install] ********************************************************************************************************
ok: [node01]
ok: [centos7]
TASK [text] ***********************************************************************************************************
ok: [centos7]
ok: [node01]
TASK [httpd] **********************************************************************************************************
ok: [centos7]
ok: [node01]
PLAY [play2] **********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [centos7]
TASK [ceshi] **********************************************************************************************************
ok: [centos7]
PLAY RECAP ************************************************************************************************************
centos7 : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node01 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
//web主机组的/var/www/html/目录下面有一个文件为index.php
[xiaoming@centos7 chap01]$ cd /var/www/html/
[xiaoming@centos7 html]$ ll
总用量 4
-rw-r--r--. 1 root root 17 11月 26 15:00 index.php
[xiaoming@centos7 html]$ cat index.php
<?php
phpinfo();
[root@node01 html]# pwd
/var/www/html
[root@node01 html]# cat index.php
<?php
phpinfo();
//测试:
-I :显示访问状态信息;
[xiaoming@centos7 html]$ curl 192.168.40.121/index.php -I
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 09:03:01 GMT
Server: Apache/2.4.37 (centos)
X-Powered-By: PHP/7.2.24
Content-Type: text/html; charset=UTF-8
3、在受控节点上添加一个普通用户xiaohong,配置当前控制节点的用户可以免密登录xiaohong用户,并且xiaohong可以sudo。
[xiaoming@centos7 chap01]$ ll
总用量 20
-rw-r--r--. 1 xiaoming xiaoming 164 11月 22 22:35 ansible.cfg
-rw-rw-r--. 1 xiaoming xiaoming 30 11月 26 14:43 inventory
-rw-rw-r--. 1 xiaoming xiaoming 505 11月 26 14:07 test1.yml
-rw-rw-r--. 1 xiaoming xiaoming 359 11月 26 15:31 test2.yml
-rw-rw-r--. 1 xiaoming xiaoming 398 11月 26 16:04 test3.yml
//编写playbook先配置.yml文件
[xiaoming@centos7 chap01]$ vim test3.yml
---
- name: play1
hosts: node01
tasks:
- name: xiaohong //添加用户xiaohong
user:
name: xiaohong
state: present
- name: sudoers //xiaohong用户sudo提权
lineinfile:
line: "xiaohong ALL=(ALL) NOPASSWD:ALL"
path: /etc/sudoers
- name: set key //主机免密连接小红
authorized_key:
user: xiaohong
state: present
key: "{{ lookup('file', '/home/xiaoming/.ssh/id_rsa.pub') }}"
[xiaoming@centos7 chap01]$ ansible-playbook test3.yml
PLAY [play1] **********************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************
ok: [node01]
TASK [xiaohong] *******************************************************************************************************
ok: [node01]
TASK [sudoers] ********************************************************************************************************
ok: [node01]
TASK [set key] ********************************************************************************************************
changed: [node01]
PLAY RECAP ************************************************************************************************************
node01 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
//免密登录xiaohong用户
[xiaoming@centos7 chap01]$ ssh xiaohong@node01
welcom to ansible
//xiaohong可以sudo
[xiaohong@node01 ~]$ sudo ls /root
anaconda-ks.cfg download.cgi