虚拟机:1G内存,20G硬盘,可上网
2. 软件要求操作系统:CentOS 7.x / CentOS 8.x(区别在于CentOS 8.x 有两个YUM源)
3. 角色分配| 角色 | 主机名 | IP |
|---|---|---|
| ansiblehost | student | 192.168.3.30 |
| ansiblenode1 | node1 | 192.168.3.31 |
| ansiblenode2 | node2 | 192.168.3.32 |
| ansiblenode3 | node3 | 192.168.3.33 |
# 查看当前主机名
[root@root ~]# hostname
root
# 修改当前主机名为student
[root@root ~]# hostnamectl set-hostname student
# 注意:需要重启后生效,node{1..3}同理修改即可
[root@root ~]# reboot
(2)配置EPEL源
点击 阿里云镜像站 进行配置即可
(3)hosts解析student主机上修改hosts文件,在最末尾加上机器的ip和hostname
[root@student ~]# vim /etc/hosts 192.168.3.30 student 192.168.3.31 node1 192.168.3.32 node2 192.168.3.33 node3(4)student 以root 用户配置到所有机器免密钥
xshell 点击【工具】-【发送键输入到所有会话】
# 分发密钥
[root@student ~]# ssh-keygen -f ~/.ssh/id_rsa -P '' -q
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
[root@student ssh]# ssh-copy-id student
[root@student ssh]# for i in node{1..3}
> do
> ssh-copy-id $i
> done
Are you sure you want to continue connecting (yes/no)? yes
root@node1's password:
# 依次输入被管理主机的密码
测试:
[root@student ssh]# ssh student hostname
student
[root@student ssh]# for name in node{1..3}; do ssh $name hostname; done
node1
node2
node3
(5)管理端安装 ansible
因为已经配置了EPEL源,直接执行 yum -y install ansible即可
[root@student ~]# yum -y install ansible # 查看ansible版本 [root@node1 ~]# ansible --version ansible 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)](6)配置文件和清单文件 自定义编辑 Ansible 配置文件
[root@student ansible]# pwd /home/student/ansible [root@student ansible]# touch inventory [root@student ansible]# mkdir roles [root@student ansible]# vim /etc/ansible/ansible.cfg inventory = /home/student/ansible/inventory # 修改清单文件路径 roles_path = /home/student/ansible/roles/ # 修改roles的路径 host_key_checking = False # 设置不检查 SSH 主机的密钥二、ansible 实战
在student用户在控制节点(workstation)上安装并配置 Ansible, 要求如下 :
1、安装所需的软件包Ansible的安装方式有很多种,常用的安装方法是基于yum或者源码,如果是基于yum安装,需要配置 epel 源,点击阿里云镜像站,然后直接执行 yum -y install ansible 即可。
[root@student ~]# yum -y install ansible # 查看ansible版本 [root@student ~]# ansible --version ansible 2.9.25 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]2、创建静态 inventory 文件 /home/student/ansible/inventory,要求如下:
node1 属于 dev 主机组
node2 属于 test 和 balancers 主机组
node3 属于prod主机组
prod 主机组属于 webservers 主机组
[root@student ansible]# touch inventory [root@student ansible]# vim invnetory [dev] node1 [test] node2 [balancers] node2 [prod] node3 [webservers:children] prod [root@student ~]# ansible-inventory --graph @all: |--@balancers: | |--node2 |--@dev: | |--node1 |--@test: | |--node2 |--@ungrouped: |--@webservers: | |--@prod: | | |--node3
主机连通性测试:
[root@student ansible]# ansible all -m ping -o
node1 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
node3 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
node2 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
3、创建 ansible 配置文件 /home/student/ansible/ansible.cfg,要求如下:
使用 /home/student/ansible/inventory 清单文件
角色存放在 /home/student/ansible/roles/ 目录
[root@student ansible]# pwd /home/student/ansible [root@student ansible]# touch inventory [root@student ansible]# mkdir -p /home/student/ansible/roles/ [root@student ansible]# vim /etc/ansible/ansible.cfg inventory = /home/student/ansible/inventory # 修改清单文件路径 roles_path = /home/student/ansible/roles/ # 修改roles的路径二、创建一个 shell 脚本名为 adhoc.sh 用以运行 ad-hoc 命令 。为每个受控节点配罝 yum仓库。要求如下:
仓库1 :
Name:RH294_base
Description:RH294 base software
base url:http://content.example.com/rhel8.0/x86_64/dvd/baseOS
需要验证钦件包 GPG 签名
GPG key 在: /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
启用此软件仓库
------------------------------------------------------------------------------------
仓库 2:
Name:RH294_Stream
Description:RH294 stream software
base url:http://content.example.com/rhel8.0/x86_64/dvd/AppStream
需要验证软件包 GPG 签名
GPG key 在:/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
启用此软件仓库
[student@workstation ansible]$ ansible-doc -l | grep yum
yum Manages packages with the `yum' package manager
yum_repository Add or remove YUM repositories
[root@student day1]# vim adhoc.sh
#!/bin/bash
ansible all -m yum_repository -a 'name=RH294_base description="RH294 base software"
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/baseOS
gpgcheck=yes gpgkey=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=yes'
ansible all -m yum_repository -a 'name=RH294_Stream description="RH294 stream software"
baseurl=http://content.example.com/rhel8.0/x86_64/dvd/AppStream
gpgcheck=yes gpgkey=/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
enabled=yes'
# 添加执行权限,执行脚本
[root@student day1]# chmod +x adhoc.sh
[root@student day1]# ./adhoc.sh
