安装和配置Ansible

安装Ansible

  1. [root@bastion ~]#安装Ansible服务
  2. [root@bastion ~]yum install ansible.noarch -y

配置Ansible

  1. [greg@bastion ~]$ # 定义静态清单文件
  2. [greg@bastion ~]$ vim ./ansible/inventory
  3. [greg@bastion ~]$ cat ./ansible/inventory 
  4. [dev]
  5. 172.25.250.9
  7. [test]
  8. 172.25.250.10
  10. [prod]
  11. 172.25.250.11
  12. 172.25.250.12
  14. [balancers]
  15. 172.25.250.13
  17. [webservers:children]
  18. prod
  20. [greg@bastion ansible]$ cat ansible.cfg 
  22. [defaults]
  23. inventory      = /home/greg/ansible/inventory
  24. roles_path    = /home/greg/ansible/roles
  25. [privilege_escalation]
  26. become=True
  27. become_method=sudo
  28. become_user=root
  30. [greg@bastion ansible]$ mkdir /home/greg/ansible/roles
  31. [greg@bastion ansible]$ #可通过Ansible默认的配置文件来参考,路径为/etc/ansible/ansible.cfg

配置yum源

  1. [greg@bastion ansible]$ cat /home/greg/ansible/adhoc.sh
  2. #!/bin/bash
  4. ansible all -m yum_repository -a "name=EX294_BASE description='EX294 base software' baseurl=ftp://host.domain8.example.com/dvd/BaseOS enabled=yes gpgcheck=yes gpgkey=tp://host.domain8.example.com/dvd/RPM-GPG-KEY-redhat-release "
  6. ansible all -m yum_repository -a "name=EX294_STREAM description='EX294 stream software' baseurl=ftp://host.domain8.example.com/dvd/AppStream enabled=yes gpgcheck=yes gpgkey=ftp://host.domain8.example.com/dvd/RPM-GPG-KEY-redhat-release "
  7. [greg@bastion ansible]$ chmod +x /home/greg/ansible/adhoc.sh

安装软件包

  1. ---
  2. - hosts: [dev,test,prod]
  3.   tasks:
  4.   - name: Install php and mariadb services
  5.     yum:
  6.      name: php,mariadb
  7.      state: installed
  9. - hosts: [dev]
  10.   tasks:
  11.   - name: Install RPM Development Tools
  12.     yum:
  13.      name: '@RPM Development Tools'
  14.      state: installed
  16.   - name: Update the service version
  17.     yum:
  18.      name: '*'
  19.      state: latest

使用RHEL系统角色之 rhel-system-roles.timesync

  1. #按照题目要求将系统rhel-system-roles.timesync角色内容复制到题目指定位置
  2. [greg@bastion roles]$ cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ /home/greg/ansible/roles/timesync
  3. [greg@bastion ansible]$ cat timesync.yml 
  4. ---
  5. - hosts: all
  6.   vars: 
  7.         timesync_ntp_servers:
  8.                 - hostname: 172.25.250.250
  9.                   pool: yes
  10.                   iburst: yes
  12.   roles:
  13.           - role: timesync
  14. [greg@bastion ansible]$ #运行playbook
  15. [greg@bastion ansible]$ ansible-playbook timesync.yml

使用Ansible Galaxy安装角色

  1. #通过角色文件安装
  2. [greg@bastion ansible]$ ansible-galaxy install -r roles/requirements.yml -p roles
  3. [greg@bastion roles]$ cat requirements.yml 
  5. ---
  6. - src: http://host.domain8.example.com/ex300/haproxy.tar.gz
  7.   name: balancer
  9. - src: http://host.domain8.example.com/ex300/phpinfo.tar.gz
  10.   name: phpinfo
  11. [greg@bastion roles]$ 
  12. #查看已下载角色
  13. [greg@bastion ansible]$ ansible-galaxy list
  14. # /home/greg/ansible/roles
  15. - timesync, (unknown version)
  16. - balancer, (unknown version)
  17. - phpinfo, (unknown version)
  18. [greg@bastion ansible]$

通过角色创建http服务

  1. #在roles目录下创建apache角色
  2. [greg@bastion roles]$ ansible-galaxy init apache
  3. - apache was created successfully
  4. [greg@bastion roles]$ ls
  5. apache   balancer  requirements.yml  timesync
  6. [greg@bastion roles]$ 
  7. #编写task文件
  8. [greg@bastion apache]$ cd tasks/
  9. [greg@bastion tasks]$ cat main.yml 
  10. ---
  11. # tasks file for apache
  12. - name: Install httpd service
  13.   yum:
  14.           name: httpd
  15.           state: installed
  17. - name: Enable httpd service
  18.   service:
  19.           name: httpd
  20.           state: started
  21.           enabled: true
  23. - name: Enable firewall service
  24.   service:
  25.           name: firewalld
  26.           state: started
  27.           enabled: true
  29. - name: Enable http service in firewall
  30.   firewalld:
  31.           service: http
  32.           immediate: yes
  33.           permanent: yes
  34.           state: enabled
  36. - name: Copy http index.html
  37.   template:
  38.           src: index.html.j2
  39.           dest: /var/www/html/index.html
  40. [greg@bastion tasks]$ 
  41. # 创建j2文件
  42. [greg@bastion apache]$ 
  43. [greg@bastion apache]$ cd ./templates/
  44. [greg@bastion templates]$ cat index.html.j2 
  45. Welcome to {{ansible_fqdn}} on {{ansible_default_ipv4.address}}
  46. [greg@bastion templates]$ 
  47. # 创建playbook
  48. [greg@bastion ansible]$ cat newroles.yml 
  49. ---
  50. - hosts: webservers
  51.   name: Init http service
  53.   roles:
  54.           - role: apache
  55. [greg@bastion ansible]$

从Ansible Galaxy中使用角色

  1. [greg@bastion ansible]$ cat roles.yml 
  2. ---
  3. - hosts: all
  5. - hosts: balancers
  7.   roles:
  8.           - role: balancer
  10. - hosts: webservers
  12.   roles:
  13.           - role: phpinfo

创建和使用逻辑卷

  1. [greg@bastion ansible]$ cat /home/greg/ansible/lv.yml
  2. ---
  3. - hosts: lvgroup
  4.   tasks:
  5.           - name: volume exsit or not
  6.             shell: 'vgdisplay research'
  7.             register: exsit_or_not
  8.             ignore_errors: yes
  10.           - name: if not exsit, will display the message
  11.             fail: 
  12.               msg: "Volume group done not exist"
  13.             when: exsit_or_not.rc != 0
  15.           - name: if exsit, will create the lv
  16.             block:
  17.                     - name: Create the lv for 1500M
  18.                       lvol: 
  19.                         vg: research 
  20.                         lv: data 
  21.                         size: 1500m
  22.             rescue:
  23.                     - name: Display the message,if does not have enough spaces
  24.                       debug: 
  25.                         msg: "Could not create logical volume of that size"
  27.                     - name: Create the lv for 800M
  28.                       lvol: 
  29.                         vg: research 
  30.                         lv: data 
  31.                         size: 800m
  33.           - name: Format the lv for ext4
  34.             filesystem: 
  35.               dev: /dev/research/data 
  36.               fstype: ext4 
  37.               force: yes

创建并使用磁盘分区

  1. [greg@bastion ansible]$ cat partition.yml 
  2. ---
  3. - hosts: diskgroup
  4.   tasks:
  5.           - name: Disk exist or not
  6.             shell: 'ls /dev/vdb'
  7.             register: disk_exist_or_not
  8.             ignore_errors: yes
  10.           - name: If disk does not exsit, will display message
  11.             fail: 
  12.               msg: "disk does not exist"
  13.             when: disk_exist_or_not.rc != 0
  15.           - name: If disk exsit, Create a main partition
  16.             block:
  17.                     - name: Create a main partition for 1500M
  18.                       parted: 
  19.                         device: /dev/vdb 
  20.                         number: 1 
  21.                         part_end: 1500MiB 
  22.                         state: present
  24.             rescue:
  25.                     - name: Can not create a 1500M partition
  26.                       debug: 
  27.                         msg: 'could not create partation of that size'
  29.                     - name: Create a main partition for 800M
  30.                       parted: 
  31.                         device: /dev/vdb 
  32.                         number: 1 
  33.                         part_end: 800MiB 
  34.                         state: present
  36.           - name: Format the partition
  37.             filesystem: 
  38.               dev: /dev/vdb1 
  39.               fstype: ext4 
  40.               force: yes
  42.           - name: Mount the partition
  43.             mount: 
  44.               src: /dev/vdb1 
  45.               path: /newpart 
  46.               fstype: ext4 
  47.               state: mounted

生成主机文件

  1. [greg@bastion ansible]$ cat hosts.j2
  2. 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
  3. ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
  4. {% for host in groups['all'] %}
  5. {{ hostvars[host]['ansible_default_ipv4']['address']}} {{ hostvars[host]['ansible_fqdn'] }} {{ hostvars[host]['ansible_hostname'] }}
  6. {% endfor %}
  8. [greg@bastion ansible]$ 
  9. [greg@bastion ansible]$ cat hosts.yml 
  10. ---
  12. - hosts: all
  15. - hosts: dev
  16.   tasks:
  17.           - name: Generate the host file of server
  18.             template: 
  19.               src: /home/greg/ansible/hosts.j2 
  20.               dest:  /etc/myhosts
  22. [greg@bastion ansible]$

修改文件内容

  1. [greg@bastion ansible]$ cat issue.yml 
  2. ---
  3. - hosts: all
  4.   tasks:
  5.           - name: For dev
  6.             copy: 
  7.               content: "Development\n" 
  8.               dest: /etc/issue
  9.             when: inventory_hostname in groups['dev']
  10.           - name: For test
  11.             copy: 
  12.               content: "Test\n" 
  13.               dest: /etc/issue
  14.             when: inventory_hostname in groups['test']
  15.           - name: For production
  16.             copy: 
  17.               content: "Production\n" 
  18.               dest: /etc/issue
  19.             when: inventory_hostname in groups['prod']
  20. [greg@bastion ansible]$

创建Web内容目录

  1. [greg@bastion ansible]$ cat webcontent.yml 
  2. ---
  3. - hosts: dev
  4.   roles:
  5.           - role: apache
  7.   tasks:
  8.           - name: Create group
  9.             group: 
  10.               name: webdev
  12.           - name: Create Directory
  13.             file: 
  14.               path: /webdev 
  15.               group: webdev 
  16.               state: directory 
  17.               mode: 2775 
  18.               setype: httpd_sys_content_t
  20.           - name: Create softlink
  21.             file: 
  22.               src: /webdev 
  23.               dest: /var/www/html/webdev 
  24.               state: link
  26.           - name: Create a file
  27.             copy: 
  28.               content: "Development\n" 
  29.               dest: /webdev/index.html 
  30.               setype: httpd_sys_content_t
  31. [greg@bastion ansible]$

生成硬件报告

  1. [greg@bastion ansible]$ cat hwreport.yml 
  2. ---
  3. - hosts: all
  4.   tasks:
  5.           - name: Remove the file, if exist
  6.             shell: "rm -rf /root/hwreport.txt"
  8.           - name: Download the file
  9.             get_url: 
  10.               url: "http://host/ex300/hwreport.empty" 
  11.               dest: /root/hwreport.txt
  13.           - name: Edit the value of the HOST
  14.             lineinfile: 
  15.               path: /root/hwreport.txt 
  16.               regexp: '^HOST' 
  17.               line: 'HOST={{inventory_hostname}}'
  19.           - name: Edit the value of the MEMORY
  20.             lineinfile: 
  21.               path: /root/hwreport.txt 
  22.               regexp: '^MEMORY' 
  23.               line: 'MEMORY={{ansible_memtotal_mb}}MB'
  25.           - name: Edit the value of the BIOS
  26.             lineinfile: 
  27.               path: /root/hwreport.txt 
  28.               regexp: '^BIOS' 
  29.               line: 'BIOS={{ansible_bios_version}}'
  31.           - name: Edit the value of the DISK_SIZE_VDA
  32.             lineinfile: 
  33.               path: /root/hwreport.txt 
  34.               regexp: '^DISK_SIZE_VDA' 
  35.               line: 'DISK_SIZE_VDA={{ansible_devices.vda.size}}'
  37.           - name: Edit the value of the DISK_SIZE_VDB
  38.             block:
  39.                     - name: If DISK VDB exist
  40.                       lineinfile: 
  41.                         path: /root/hwreport.txt 
  42.                         regexp: '^DISK_SIZE_VDB' 
  43.                         line: 'DISK_SIZE_VDB={{ansible_devices.vdb.size}}'
  45.             rescue:
  46.                     - name: If DISK VDB does not exist
  47.                       lineinfile: 
  48.                         path: /root/hwreport.txt 
  49.                         regexp: '^DISK_SIZE_VDB' 
  50.                         line: 'DISK_SIZE_VDB=NONE' 
  51. [greg@bastion ansible]$ 
  52. [greg@bastion ansible]$ 
  53. [greg@bastion ansible]$ 
  54. [greg@bastion ansible]$

创建密码库

  1. [greg@bastion ansible]$ cat /home/greg/ansible/secret.txt
  2. redhat
  3. [greg@bastion ansible]$ cat locker.yml 
  4. pw_developer: redhat
  5. pw_manager: redhat
  6. [greg@bastion ansible]$ ansible-vault encrypt --vault-id=secret.txt locker.yml
  7. Encryption successful
  8. [greg@bastion ansible]$ ansible-vault view --vault-id=secret.txt locker.yml
  9. pw_developer: redhat
  10. pw_manager: redhat
  11. [greg@bastion ansible]$ cat locker.yml 
  12. $ANSIBLE_VAULT;1.1;AES256
  13. 31343035333566653262653461353839316365373937393961343732386431386262373838323830
  14. 6163323965323630346330346461623362663964623666610a343536653564303464373535376530
  15. 35623033353330663666613234363539656666633132656531663333646532363935643164313633
  16. 3636653166373039620a376536623764643137346333646335383139633039353063356162663466
  17. 66643830623933336634336530366162366363633861333465393532303235376363643238326262
  18. 6436363666633533396461383264346635396136343130383134
  19. [greg@bastion ansible]$

创建用户账号

  1. ---
  2. - hosts: [dev,test]
  3.   vars_files:
  4.           - user_list.yml
  5.           - locker.yml
  7.   tasks:
  8.           - name: Create a group
  9.             group:
  10.                     name: devops
  11.                     state: present
  12.           - name: Create a user
  13.             user:
  14.                     name: "{{ item.name }}"
  15.                     comment: "{{ item.job }}"
  16.                     groups: devops
  17.                     password: "{{ pw_developer | password_hash('sha512') }}"
  19.             when: item.job == 'developer'
  20.             loop: "{{users}}"
  22. - hosts: [prod]
  23.   vars_files:
  24.           - user_list.yml
  25.           - locker.yml
  27.   tasks:
  28.           - name: Create a group
  29.             group:
  30.                     name: opsmgr
  31.                     state: present
  32.           - name: Create a user
  33.             user:
  34.                     name: "{{ item.name }}"
  35.                     groups: opsmgr
  36.                     comment: "{{ item.job }}"
  37.                     password: "{{ pw_manager | password_hash('sha512') }}"
  38.             when: item.job == 'manager'
  39.             loop: "{{users}}"

更新Ansible库的密码

  1. [greg@bastion ansible]$ ansible-vault rekey salaries.yml 
  2. Vault password: 
  3. New Vault password: 
  4. Confirm New Vault password: 
  5. Rekey successful
  6. [greg@bastion ansible]$

配置Selinux

  1. [greg@bastion ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux/ roles/selinux
  2. [greg@bastion ansible]$ ls
  3. [greg@bastion ansible]$ cp /usr/share/doc/rhel-system-roles/selinux/example-selinux-playbook.yml selinux.yml
  4. [greg@bastion ansible]$ ls

配置Cron任务

  1. [greg@bastion ansible]$ cat cron.yml 
  2. ---
  3. - hosts: all
  4.   tasks:
  5.           - name: Create a user for cron task
  6.             user:
  7.                     name: natasha
  8.                     state: present
  10.           - name: Create a cron task
  11.             cron: 
  12.                     name: logger
  13.                     minute: '*/2' 
  14.                     user: natasha 
  15.                     job: logger "EX200 in progress"
  17. [greg@bastion ansible]$