controller和agent2必须为红帽8,红帽8才能安装ansible,agent1为红帽7
1、配置系统3台机器的ip和主机名如下(10分)
| 主机名 | IP地址 | 性质 |
|---|---|---|
| controller | 192.x.y.200 | 管理端 |
| agent1 | 192.x.y.201 | 受管端1 |
| agent2 | 192.x.y.202 | 受管端2 |
其中x为班级号,y为学号后两位|
红帽7配置本地yum和IP地址
红帽8配置本地yum源
[cdrom-base]
name=cdrom-base
baseurl=file:///mnt/BaseOS
enable=1
gpgcheck=0
[cdrom-App]
name=cdrom-app
baseurl=file:///mnt/AppStream
enable=1
gpgcheck=0
注意子网划分是24位不是32位
检查镜像一定要点亮,不然配置好本地yum源后是无法挂载的
查看挂载,安装高亮vim
修改主机名和shell语法补全
关机快照链接克隆+配置agent1和agent2的IP和主机名
image.png
nmtui先配网关和DNS(指向IP) ---->nmcli con up ens160
vim /etc/resolv.conf
加上一行谷歌的DNS:nameserver 8.8.8.8
机房用:nameserver 10.16.20.15
yum install wget -y
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
ls
rpm -ivh epel-release-latest-8.noarch.rpm
yum install -y ansible
ansible必须是红帽8才能安装执行,agent2克隆的是红帽8
2、创建免密码登录,让controller能够免密码登录agent1和agent2,ansible ping成功[15分]
cd /etc
mkdir .ansible
cd .ansible
vim hosts
生成密钥
发送密钥
ssh-copy-id -i 192.3.31.201
ssh-copy-id -i 192.3.31.202
输入密码
尝试免密登录
ssh root@192.3.31.201
ssh root@192.3.31.202
exit
ansible ping查看一下受管理主机是否ping成功。
2、在 controller 上创建名为/ansible/playbooks/users.yml 的 playbook 完成以下任务:
(1) 在agent1和agent2上分别建立如下的用户和组,并设置所有用户密码为123456。(尽量使用循环)
(2) 在agent1上删除webtest用户,并删除其家目录。 [15分]
| 用户组 | 用户 | 家目录 |
|---|---|---|
| manager | 1ma1, ma2, ma3 | /home/ma* |
| consumer | con1,con2,con3 | /home/con* |
- hosts: agent1
gather_facts: no
ignore_errors: yes
tasks:
- name: create manager group for agent1
group:
name: manager
state: present
- name: create user for agent1
user:
name: "{{item.userlist}}"
group: manager
password: "{{item.passwd}}"
state: present
loop:
- {userlist: ma1, passwd: 123456}
- {userlist: ma2, passwd: 123456}
- {userlist: ma3, passwd: 123456}
- name: remove user
user:
name: webtest
state: absent
remove: yes
force: yes
- hosts: agent2
gather_facts: no
ignore_errors: yes
tasks:
- name: create consumer group for agent2
group:
name: consumer
state: present
- name: create user for agent2
user:
name: "{{item.userlist2}}"
group: consumer
password: "{{item.passwd}}"
state: present
loop:
- {userlist2: con1, passwd: 123456}
- {userlist2: con2, passwd: 123456}
- {userlist2: con3, passwd: 123456}
cat /etc/passwd
cat /etc/group
groupdel groupname
userdel -rf username
- 在 controller 上创建名为/ansible/playbooks/safty.yml,
实现远程关闭agent1和agent2防火墙和selinux,并分别实现重启后保持生效。
- hosts: all
gather_facts: no
tasks:
- name: stopped firewalld
shell:
cmd: 'systemctl disable --now firewalld'
- name: stopped selinux
selinux:
state: disabled
- name: reboot agent1 and agent2
reboot:
查文档:
ansible-doc firewalld
ansible-doc selinux
ansible-doc reboot
- 在 controller 上创建名为/ansible/playbooks/facts.yml 的 playbook 显示主机的信息:
(1)在所有受管主机中运行此 playbook
(2)此 playbook 在 /var/www/html/ansible_details.html 文件中创建一行信息,包含以下内容:”受管主机的短主机名;受管主机的物理内核数量;受管主机默认网卡的 IPV4 地址;受管主机默认网卡的MAC地址”
(3)内容如下例:
Example output: node7 4 123.123.123.123 DE:AD:BE:EF:DE:AD:BE:EF
(4)并上传到管理主机的/ansible/data目录,用ad-hoc或剧本实现。 [20分]
ansible agent1 -m setup -a 'filter=*hostname*'
ansible agent1 -m setup | grep -C 3 macaddress
ansible agent1 -m setup | grep -B 3 macaddress
ansible agent1 -m setup | grep macaddress
agent1和agent2需要创建
mkdir /var/www/html -p
- hosts: all
gather_facts: yes
tasks:
- name:
shell:
cmd: "echo 'Example Output:{{ansible_hostname}} {{ansible_processor_cores}} {{ansible_all_ipv4_addresses}} ' > /var/www/html/ansible_details.html"
- name:
fetch:
src: /var/www/html/ansible_details.html
dest: /ansible/data/
注:mac地址无法获取
agent1、2 验收:cat /var/www/html/ansible_details.html
controller验收: cd /ansible/data -> ls
- 在 controller 上创建名为/ansible/playbooks/saveabort.yml 完成以下任务:
在所有受管主机上运行(提前在agent#上创建/data/ansible_abort.txt 内容为“empty”,命令为:echo empty > /data/ansible_abort.txt,agent#上已经存在文件)
(1)在agent#创建 /data/ansible_abort.txt 的文件,包含my node is also agent#,
agent# 代表此 playbook 运行在 agent1, agent2
(2)如果agent#上文件 /data/ansible_abort.txt 已存在,则不要做任何修改
- hosts: all
gather_facts: yes
tasks:
- name: get /data stat
stat:
path: /data
register: datastat
- name: mkdir data
shell:
cmd: "mkdir /data"
when: datastat.stat.exists==false
- name: get /data/ansible_abort.txt stat
stat:
path: /data/ansible_abort.txt
register: filestat
- name: touch agent1's ansible_abort.txt
shell:
cmd: "echo 'my node is also agent1' >/data/ansible_abort.txt"
when: (filestat.stat.exists==false) and ( "'{{ansible_hostname}}' == 'hgp_agent1'" )
- name: toucn agent2's ansible_abort.txt
shell:
cmd: "echo 'my node is also agent2' >/data/ansible_abort.txt"
when: (filestat.stat.exists==false) and ( '"{{ansible_hostname}}" == "hgp_agent2"')
- 实现错误处理。在 controller 上创建名为/ansible/playbooks/mariadb.yml 的 playbook:[20分]
(1) 在 agent1 上尝试安装mariadb、mariadb-server,并启动服务
(2)如果软件包安装或服务启动失败,playbook 获取任务信息并显示
(3)即使一个任务执行失败,其它所有任务也必须被执行
(4)如果安装任务失败,为了便于排错,需要显示 debug 信息,以及 Installation failed
(5)如果配置任务失败,为了便于排错,需要显示服务启动失败的 debug 信息,以及 Starting failed
- hosts: agent1
gather_facts: no
ignore_errors: yes
tasks:
#挂载镜像
- name: prepare install
mount:
path: /mnt/
src: /dev/sr0
fstype: iso9660
opts: ro,noauto
state: mounted
#安装mariadb和mariadb-server包
- name: install mariadb
yum:
name: '{{item}}'
state: present
loop:
- mariadb
- mariadb-server
register: install
# - name: test install vars info
#debug:
# msg: the info is {{install.changed}}
#开启mariadb服务
- name: start maraidb
service:
name: mariadb
state: started
register: start
#输出debug信息
#服务运行失败
- name: print start info
debug:
msg: "{{start.msg}} Starting failed"
when: start.failed
#安装失败
- name: print install info
debug:
msg: "{{install.msg}} Installation failed"
when: install.changed == false
7 管理员将5位员工的姓名电话等信息存在/usr/userinfo.txt, 为了安全起见,需要对它加密,请使用ansible vault对它进行加密,密码为123456. 并编写loop循环实现对起个人信息的打印。如第一条记录的输出结果为:“您好,zhangqf,您的id是201101,职位是sale manager。”
文件:/usr/userinfo.txt
userInfo:
zhangqf:
id: 201101
position: sale manager
songwh:
id: 201802
position: office clerk
songwh:
id: 201904
position: office clerk
zhoumn:
id: 201307
position: accounting assistant
xusz:
id: 201621
position: administrative assistant
- hosts: localhost
gather_facts: no
vars_files: /usr/userinfo.txt
tasks:
- name: print all user infos
debug:
msg: " 您好,{{item.key}},
您的id是{{item.value.id}},
职位是{{item.value.position}} "
loop: "{{userInfo | dict2items}}"
批量创建用户
for u in {1..20}
do
useradd user$u
echo '123456' | passwd --stdin user$u
done
网友评论