一:搭建生产环境
一般安全起见,不给root账户。添加其他用户admin进行授权
[root@localhost ~]# vim /etc/sudoers
。。。略
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
admin ALL=(ALL) NOPASSWD: /usr/sbin/useradd
。。。略
先生成密钥方便以后运行管理
[admin@localhost ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
Created directory '/home/admin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:nyfGjiCAtLk+njK/L2u3RKhMSFjm1dinr5vlTZjwzdQ admin@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| o .+ |
|.+ .. o . |
|.o. o |
|+.o. . . |
|o+o . ..S . E |
|o..o o.O . |
|.o o ..= X . |
|+.+....= * o |
|oB=*o.o.o o |
+----[SHA256]-----+
将主控机密钥分享给其它受控机
[admin@localhost ~]$ ssh-copy-id
192.168.163.137
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/admin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
admin@192.168.163.137's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.163.137'"
and check to make sure that only the key(s) you wanted were added.
二:playbook
[root@localhost ~]# vim users.yml
---
- name: 所有受控机的网络仓库从主控机上复制
hosts: all
tasks:
- name: copy /etc/yum.repos.d/CentOS-Base.repo
copy:
src: /etc/yum.repos.d/CentOS-Base.repo
dest: /etc/yum.repos.d/
- name: 安装阿帕奇
hosts: all
tasks:
- name: yum install httpd
yum:
name: httpd
state: present
- name: 启动服务
hosts: all
tasks:
- name: stard httpd service
service:
name: httpd
state: started
enabled: yes
-- INSERT -- 2,1 Top