Ansible基本规划
~/
Inventory/
production/
hosts
roles/
CM/
files/
krb5.conf
ntp.conf
handlers/
main.yml
templates/
tasks/
main.yml
vars/
main.yml
meta/
site.yml #主文件
CDH主机规划
#/etc/ansible/hosts
[cmserver]
inv2cm01 ansible_connection=local
[dataservers]
inv2master[01:02]
inv2data[01:03]
[dataservers:vars]
ansible_user=root
ansible_ssh_pass=password
[cdswservers]
inv2cdsw[01:02]
#/etc/ansible/ansible.cfg
[defaults]
host_key_checking = False
工作安排
-
准备hosts文件,并分发。每台服务器的hosts文件必须一致。
-
设置免密登陆。免密用户为root,免密发起主机为 inv2cm01
-
设置yum源,并分发。确保每台服务器,都有相同的yum源,后续安装软件不会有问题。
-
统一卸载预装的openjdk, 安装oracle jdk 1.8
-
关闭防火墙
-
关闭虚拟网卡
playbook实现
---
- name: prepare local SSH Keys
hosts: cmserver
vars:
- new_pub_key: ~/.ssh/id_rsa.pub
- new_priv_key: ~/.ssh/id_rsa
tasks:
- name: delete ssh keys
#在生成ssh key之前,先确保key文件不存在,否则生成key的动作会失败。
file:
path: "{{ item }}"
state: absent
with_items:
- "{{ new_pub_key }}"
- "{{ new_priv_key }}"
tags:
# 通过设置标签,可以在执行过程中,有选择的执行特定任务
- keytask
- name: Create new ssh key-pair
#直接产生ssh key , 无需人工干预
command: ssh-keygen -t rsa -N "" -q
-f {{ new_priv_key }}
tags:
- keytask
- name: prepare remote ssh login with key
hosts: dataservers
vars:
- new_pub_key: ~/.ssh/id_rsa.pub
tasks:
- name: upload public key
# 上传pub key到其他主机,实现免密登录
authorized_key: key="{{ lookup('file', new_pub_key) }}"
user=root state=present exclusive=yes
tags:
- copykeys
- name: install the libvirt-devel first
#一次性安装多个软件包
yum:
name: "{{ item }}"
state: present
with_items:
- libvirt-devel
- python-pip
- python-devel
tags:
- virtualnet
- name: install python libvirt
#安装python包,也不在话下
pip:
name: http://10.0.0.1/other/libvirt-python-3.10.0.tar.gz
tags:
- virtualnet
playbook 执行方法
1. 为了产生公、私钥,可以执行:
ansible-playbook cdh.yml --tags "keytask"
或者
ansible-playbook cdh.yml --skip-tags "copykeys"
或者
ansible-playbook cdh.yml
后者不仅产生公钥、私钥,而且还分发出去。但是这只能做一次。
2. 执行上面的命令后,免密登录就实现了,接下来要修改/etc/ansible/hosts文件,将密码登录改为key登录。
ansible_ssh_private_key_file=/root/.ssh/id_rsa
#ansible_ssh_pass=password
3. 如果对目录结构规范化,那么还可以执行以下命令:
ansible-playbook -i inventories/production -s site.yml