1、给受管主机部署yum仓库,示例如下:
仓库1 : Name: base Description: baseos Base url: Index of /centos-vault/8.5.2111/BaseOS/x86_64/os/ 需要验证软件包 GPG 签名 GPG key 在 /etc/pki/rpm-gpg/RPM-GPG-KEY-* 启用此软件仓库
仓库 2: Name: app Description: appstream Base url: Index of /centos-vault/8.5.2111/AppStream/x86_64/os/ 需要验证软件包 GPG 签名 GPG key 在: /etc/pki/rpm-gpg/RPM-GPG-KEY-* 启用此软件仓库
注:检查你自己的linux系统版本,并选择相应版本仓库。
部署成功后在受管主机上安装vsftpd软件包
2、给web主机组写一个playbook,该playbook有两个play,第一个play可以保证在web主机组上安装httpd和php,确保web主机组的/var/www/html/目录下面有一个文件为index.php,内容如下:
$ cat /var/www/html/index.php
<?php
phpinfo();
该playbook里面的第二个play用于测试该web主机组的web服务能否被成功访问index.php内容。
3、在受控节点上添加一个普通用户xiaohong,配置当前控制节点的用户可以免密登录xiaohong用户,并且xiaohong可以sudo。
一、部署受管主机yum仓库和安装vsftpd软件包
#用playbook配置不同版本的yum源
#编写centos7.9版本的剧本文件
[root@server79 ansible]# vim v79.yml
---
- name: fist play
hosts: version79 #受控组或受控用户名
tasks: #任务
- name: yum repository config #任务名
yum_repository:
name: aliyun #仓库名,[]中的内容
description: aliyun #仓库描述,name后面的内容
file: remote-aliyun #仓库文件名
baseurl: https://mirrors.aliyun.com/centos/7.9.2009/os/x86_64/ #仓库网络源
gpgcheck: yes #是否使用gpg密钥
gpgkey: https://mirrors.aliyun.com/centos/7.9.2009/os/x86_64/RPM-GPG-KEY-CentOS-7 #gpg密钥源
#测试剧本文件语法格式
[root@server79 ansible]# ansible-playbook --syntax-check v79.yml
playbook: v79.yml #没有报错表示语法没有问题
#测试剧本文件执行情况
[root@server79 ansible]# ansible-playbook v79.yml
PLAY [fist play] ***********************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [server79]
ok: [node1]
TASK [yum repository config] ***********************************************************
ok: [node1]
ok: [server79]
PLAY RECAP *****************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
server79 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
#在受控端查看repo文件
[root@node1-79 yum.repos.d]# ll | grep remote
-rw-r--r-- 1 root root 184 Nov 27 16:05 remote-aliyun.repo
[root@node1-79 yum.repos.d]# vim remote-aliyun.repo
[aliyun]
baseurl = https://mirrors.aliyun.com/centos/7.9.2009/os/x86_64/
gpgcheck = 1
gpgkey = https://mirrors.aliyun.com/centos/7.9.2009/os/x86_64/RPM-GPG-KEY-CentOS-7
name = aliyun
#编写centos8.2版本的yum剧本文件
[root@server79 ansible]# vim v82.yml
---
- name: fist play
hosts: version82
tasks:
- name: yum appstream repository config
yum_repository:
name: AppStream #appstream仓库
description: app
baseurl: https://mirrors.aliyun.com/centos-vault/8.2.2004/AppStream/x86_64/os/
gpgcheck: yes
gpgkey: https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official #仓库gpg密钥源
file: remote-aliyun
- name: yum baseos repository config
yum_repository:
name: BaseOS #baseos仓库
description: base
baseurl: https://mirrors.aliyun.com/centos-vault/8.2.2004/BaseOS/x86_64/os/ #仓库gpg密钥源
gpgcheck: yes
gpgkey: https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
file: remote-aliyun #cento8版本是两个仓库源,这里把两个仓库写在同一个文件里
#测试剧本文件语法格式
[root@server79 ansible]# ansible-playbook --syntax-check v82.yml
playbook: v82.yml #没有报错表示语法没有问题
#测试剧本文件执行情况
[root@server79 ansible]# ansible-playbook v82.yml
PLAY [fist play] ***********************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node0]
TASK [yum appstream repository config] *************************************************
ok: [node0]
TASK [yum baseos repository config] ****************************************************
ok: [node0]
PLAY RECAP *****************************************************************************
node0 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
#在受控端查看repo文件
[root@node0-8 yum.repos.d]# ll | grep remote
-rw-r--r-- 1 root root 371 Nov 27 16:32 remote-aliyun.repo
[root@node0-8 yum.repos.d]# cat remote-aliyun.repo
[AppStream]
baseurl = https://mirrors.aliyun.com/centos-vault/8.2.2004/AppStream/x86_64/os/
gpgcheck = 1
gpgkey = https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
name = app
[BaseOS]
baseurl = https://mirrors.aliyun.com/centos-vault/8.2.2004/BaseOS/x86_64/os/
gpgcheck = 1
gpgkey = https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-Official
name = base
#在所有受管主机上安装vsftpd软件包
#编写所有受管主机的剧本文件
[root@server79 ansible]# vim all.yml
---
- name: fist play
hosts: all #所有受管主机
tasks:
- name: install vsftpd
yum: #使用yum模块安装
name: vsftpd
state: latest
#测试剧本文件语法格式
[root@server79 ansible]# ansible-playbook --syntax-check all.yml
playbook: all.yml
#测试剧本文件执行情况
[root@server79 ansible]# ansible-playbook all.yml
PLAY [fist play] ***********************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
ok: [node0]
ok: [server79]
TASK [install vsftpd] ******************************************************************
changed: [node0]
changed: [node1]
changed: [server79]
PLAY RECAP *****************************************************************************
node0 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
server79 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
#在受管主机上查看安装情况
[root@node1-79 ~]# rpm -qa vsftpd #centos7主机上
vsftpd-3.0.2-28.el7.x86_64
[root@node0-8 yum.repos.d]# rpm -qa vsftpd #centos8主机上
vsftpd-3.0.3-31.el8.x86_64
二、编写playbook文件
[root@server79 ansible]# vim web.yml
---
- name: fist play #第一个play内容
hosts: web
tasks:
- name: install httpd #安装httpd软件包
yum:
name: httpd
state: latest
- name: install php #安装php包
yum:
name: php
state: present
- name: start httpd #重启hpptd服务
service:
name: httpd
state: restarted
- name: start firewalld #开启防火墙
service:
name: firewalld
state: started
- firewalld: #设置防火墙允许
service: http
permanent: yes
immediate: yes
state: enabled
- name: crean index.php #创建编写php文件
copy:
content: '<?php phpinfo();'
dest: /var/www/html/index.php
- name: second play #第二个play内容
hosts: web
tasks:
- name: visit node url #访问测试node的php网址首页
uri:
url: http://node{{item}} #循环访问多个主机的php网址首页
loop:
- 0
- 1
#测试playbook文件语法
[root@server79 ansible]# ansible-playbook --syntax-check web.yml
playbook: web.yml
#运行playbook文件
[root@server79 ansible]# ansible-playbook web.yml
PLAY [fist play] ***********************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
ok: [node0]
TASK [install httpd] *******************************************************************
ok: [node0]
ok: [node1]
TASK [install php] *********************************************************************
ok: [node0]
ok: [node1]
TASK [start httpd] *********************************************************************
changed: [node1]
changed: [node0]
TASK [start firewalld] *****************************************************************
ok: [node1]
ok: [node0]
TASK [firewalld] ***********************************************************************
ok: [node1]
ok: [node0]
TASK [crean index.php] *****************************************************************
ok: [node1]
ok: [node0]
PLAY [second play] *********************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
ok: [node0]
TASK [visit node url] ******************************************************************
ok: [node1] => (item=0)
ok: [node0] => (item=0)
ok: [node1] => (item=1)
ok: [node0] => (item=1)
PLAY RECAP *****************************************************************************
node0 : ok=9 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node1 : ok=9 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
三、添加xiaohong用户,免密登录,并且可以使用sudo
[root@server79 ansible]# vim user-add.yml #编写创建xiaohong用户的playbook文件
---
- name: fist play
hosts: web
tasks:
- name: add user xiaohong #添加xiaohong用户
user:
name: xiaohong
- name: set xiaohong passwd #设置xiaohong用户登录密码
shell: echo xiaohong:123 | chpasswd
- name: crean directory #创建xiaohong用户家目录下面的.ssh隐藏目录
file:
path: /home/xiaohong/.ssh
state: directory
- name: copy key #复制控制端的公钥到xiaohong用户的.ssh目录下
copy:
src: /root/.ssh/id_rsa.pub
dest: /home/xiaohong/.ssh/authorized_keys
- name: configure sudoers #配置xiaohong用户可以使用sudo
lineinfile:
path: /etc/sudoers
line: "xiaohong ALL=(ALL) NOPASSWD: ALL"
#测试playbook文件语法
[root@server79 ansible]# ansible-playbook --syntax-check user-add.yml
playbook: user-add.yml
#运行playbook文件
[root@server79 ansible]# ansible-playbook user-add.yml
PLAY [fist play] ***********************************************************************
TASK [Gathering Facts] *****************************************************************
ok: [node1]
ok: [node0]
TASK [add user xiaohong] ***************************************************************
ok: [node1]
ok: [node0]
TASK [set xiaohong passwd] *************************************************************
changed: [node1]
changed: [node0]
TASK [crean directory] *****************************************************************
ok: [node1]
ok: [node0]
TASK [copy key] ************************************************************************
ok: [node1]
ok: [node0]
TASK [configure sudoers] ***************************************************************
ok: [node1]
ok: [node0]
PLAY RECAP *****************************************************************************
node0 : ok=6 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node1 : ok=6 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
#测试是否能够免密登录xiaohong用户和sudo
[root@server79 ansible]# ssh xiaohong@node0
welcome to ansible #免密登录地址为192.168.32.137的xiaohong用户
Last login: Mon Nov 28 01:00:46 2022 from 192.168.32.137
[xiaohong@node0-8 ~]$ ll / -d #查看xiaohong用户对根目录的权限
dr-xr-xr-x. 17 root root 244 Nov 18 12:45 /
[xiaohong@node0-8 ~]$ sudo touch /xiaohong #使用sudo在根目录下创建文件
[xiaohong@node0-8 ~]$ ll / | grep xiaohong
-rw-r--r-- 1 root root 0 Nov 28 01:14 xiaohong