文章目录
1. 安装和配置 Ansible
在控制节点 workstation.lab.example.com 上安装和配置 Ansible:
- 安装所需的软件包
- 创建名为 /home/student/ansible/inventory 的静态清单文件, 以满足以下需求:
- servera 是 dev 主机组的成员
- serverb 是 test 主机组的成员
- serverc 和 serverd 是 prod 主机组的成员
- bastion 是 balancers 主机组的成员
- prod 组是 webservers 主机组的成员
- 创建名为 /home/student/ansible/ansible.cfg 的配置文件, 以满足以下要求:
- 主机清单文件为 /home/student/ansible/inventory
- playbook 中使用的角色的位置包括 /home/student/ansible/roles
[root@foundation0 ~]# ssh student@workstation
Activate the web console with: systemctl enable --now cockpit.socket
[student@workstation ~]$ mkdir ansible
[student@workstation ~]$ cd ansible/
[student@workstation ansible]$ mkdir roles
[student@workstation ansible]$ cp /etc/ansible/ansible.cfg .
[student@workstation ansible]$ vim inventory
[dev]
servera
[test]
serverb
[prod]
serverc
serverd
[balancers]
bastion
[webservers:children]
prod
[student@workstation ansible]$ vim ansible.cfg
......
inventory = /home/student/ansible/inventory
remote_user = student
......
roles_path = /home/student/ansible/roles
host_key_checking = False
......
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
......
验证:
[student@workstation ansible]$ ansible all -m ping
serverc | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
bastion | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
serverd | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
servera | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
serverb | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
2. 创建和运行 Ansible 临时命令
创建一个名为 /home/student/ansible/adhoc.sh 的 shell 脚本, 该脚本将使用 Ansible 临时命令在各个受管节点上安装 yum 存储库:
存储库 1:
- 存储库的名称为 rh294_BASE
- 描述为 rh294 base software
- 基础 URL为 http://content.example.com/rhel8.0/x86_64/dvd/BaseOS
- GPG 签名检查为启用状态
- GPG 密钥 URL 为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
- 存储库为开启状态
存储库 2:
- 存储库的名称为 rh294_STREAM
- 描述为 rh294 stream software
- 基础 URL 为 http://content.example.com/rhel8.0/x86_64/dvd/AppStream
- GPG 签名检查为启用状态
- GPG 密钥 URL 为 http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
- 存储库为开启状态
[student@workstation ansible]$ vim adhoc.sh
#!/bin/bash
ansible all -m yum_repository -a 'file=server name=rh294_BASE description="rh294 base software" baseurl=http://content.example.com/rhel8.0/x86_64/dvd/BaseOS gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes'
ansible all -m yum_repository -a 'file=server name=rh294_STREAM description="rh294 stream software" baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream gpgcheck=yes gpgkey=http://content.example.com/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release enabled=yes'
[student@workstation ansible]$ chmod +x adhoc.sh
[student@workstation ansible]$ ./adhoc.sh
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_BASE",
"state": "present"
}
serverc | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_BASE",
"state": "present"
}
bastion | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_BASE",
"state": "present"
}
serverb | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_BASE",
"state": "present"
}
serverd | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_BASE",
"state": "present"
}
bastion | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_STREAM",
"state": "present"
}
serverb | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_STREAM",
"state": "present"
}
servera | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_STREAM",
"state": "present"
}
serverc | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_STREAM",
"state": "present"
}
serverd | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"repo": "rh294_STREAM",
"state": "present"
}
3. 安装软件包
创建一个名为 /home/student/ansible/packages.yml 的 playbook:
- 将 php 和 mariadb 软件包安装到 dev、test 和 prod 主机组中的主机上
- 将 RPM Development Tools 软件包组安装到 dev 主机组中的主机上
- 将 dev 主机组中主机上的所有软件包更新为最新版本
[student@workstation ansible]$ vim packages.yml
---
- name: install pkgs
hosts: dev,test,prod
tasks:
- name: install php mariadb
yum:
name:
- php
- mariadb
state: present
- name: install group pkgs
hosts: dev
tasks:
- name: install group pkgs
yum:
name: "@RPM Development Tools"
state: present
- name: update all pkgs
yum:
name: '*'
state: latest
[student@workstation ansible]$ ansible-playbook packages.yml
PLAY [install pkgs] ************************************************************
TASK [Gathering Facts] *********************************************************
ok: [serverc]
ok: [serverd]
ok: [servera]
ok: [serverb]
TASK [install php mariadb] *****************************************************
changed: [serverc]
changed: [serverd]
changed: [serverb]
changed: [servera]
PLAY [install group pkgs] ******************************************************
TASK [Gathering Facts] *********************************************************
ok: [servera]
TASK [install group packages] **************************************************
changed: [servera]
TASK [update all pkgs] *********************************************************
ok: [servera]
PLAY RECAP *********************************************************************
servera : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverb : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverc : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverd : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4.1. 使用 RHEL 系统角色
安装 RHEL 系统角色软件包,并创建符合以下条件的 playbook /home/student/ansible/timesync.yml:
- 在所有受管节点上运行
- 使用 timesync 角色
- 配置该角色,以使用当前有效的 NTP 提供商
- 配置该角色,以使用时间服务器 classroom.example.com
- 配置该角色,以启用 iburst 参数
[student@workstation ansible]$ sudo yum -y install rhel-system-roles
[student@workstation ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ roles/timesync
[student@workstation ansible]$ ls roles/
timesync
[student@workstation ansible]$ vim timesync.yml
---
- name: set time sync
hosts: all
vars:
timesync_ntp_servers:
- hostname: classroom.example.com
iburst: yes
roles:
- timesync
[student@workstation ansible]$ ansible-playbook timesync.yml
......
PLAY RECAP ********************************************************************