Anisble自动化部署配置:
①选择控制节点和受控节点
我选择使用192.168.220.129的主机作为控制节点,将192.168.220.138和192.168.220.200作为我的受控节点。
首先我将192.168.220.129的主机名修改为master,受控节点也是
[root@111 ~]# hostnamectl set-hostname lxb
[root@111 ~]# bash
[root@lxb ~]#
//受控节点也是(目的是为了区分)
②在控制节点和受控节点上创建用户,并用sudo给予root权限
因为是使用控制节点下的class用户去控制其他受控节点的分用户
[root@lxb /]# useradd class
[root@lxb /]# useradd student
//在控制节点上,增加用户class,student
[root@lxb /]# vim /etc/sudoers
root ALL=(ALL) ALL
class ALL=(ALL) NOPASSWD:ALL
student ALL=(ALL) NOPASSWD:ALL
//在/etc/sudoers下给这两个用户提权
#控制节点也是一样的(控制用户)
③进入控制节点的用户下,实现免密登录
因为ansible需要做到免密登录和控制其他受控节点
#产生class用户的密钥
[class@lxb ~]$ ssh-keygen
[class@lxb ~]$ ssh-copy-id student@csa
[class@lxb ~]$ ssh-copy-id student@rhce
//通过ssh-copy-id发送给受控节点的用户
#需要注意的是,我现在/etc/hosts下修改好了主机的别名
192.168.220.129 master
192.168.220.138 csa
192.168.220.200 rhce
④在控制节点上下载ansible软件包
ansible数据包需要配置yun源,步骤如下:
[root@lxb yum.repos.d]# cat epel-qinghua.repo
[epel]
name=epel
baseurl=https://mirrors.aliyun.com/epel-archive/8/Everything/x86_64/
gpgcheck=0
//ansible的源配置包,我使用的网络源配置
然后进行下载ansible包
[class@lxb ~]$ sudo yum install ansible -y
⑤在受控节点上下载python数据包
ansible需要利用python来进行解析和部署
#控制节点上的配置
[root@lxb yum.repos.d]# cat qinghua.repo
[base]
name=base
baseurl=https://mirrors.163.com/rocky/8.5/AppStream/x86_64/os/
gpgcheck=0
[app]
name=app
baseurl=https://mirrors.163.com/rocky/8.5/BaseOS/x86_64/os/
gpgcheck=0
[root@lxb yum.repos.d]# yum install python -y
//下载python数据包
#受控节点也是一样的
[root@csa yum.repos.d]# yum install python38 -y
⑥此时已经完成了配置,进行检查
[class@lxb ~]$ ssh student@rhce
Warning: Permanently added the ECDSA host key for IP address '192.168.220.134' to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Sat Feb 19 04:39:58 2022 from 192.168.220.141
[student@rhce ~]$ exit
logout
Connection to rhce closed.
[class@lxb ~]$ ssh student@csa
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Mon Feb 21 16:49:39 2022 from 192.168.220.141
[student@csa ~]$ exit
logout
Connection to csa closed.
//使用控制节点去ssh远程登录受控节点,此时已经实现免密登录
⑦此时在控制节点上进行ansible清单配置操作:
[class@lxb ~]$ cat inventory
csa
rhce
//配置cfg执行文件
[class@lxb ~]$ cat .ansible.cfg
[defaults]
inventory = ./inventory #指定清单文件
remote_user = student #指定连接受控主机的student用户
ask_pass = false #远程登录受控主机时要求不输入密码,所以要优先配置ssh的密钥登录
[privilege_escalation]
become=true #登录到受控主机后是否变为其他用户
become_method=sudo
#可以使用su或者sudo的方式变为其他用户,当前使用sudo方式,默认是sudo
become_user=root #sudo到哪个用户
become_ask_pass=false #sudo是否输入密码
⑧测试节点
[class@lxb ~]$ ansible all -m ping
csa | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
rhce | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}