Linux cloud computing O & M Architect (serialized) - automated O & M ansible-03

User 1880875 2022-06-24 07:10:08 阅读数:516

linuxcloudcomputingarchitectserialized

1.1Ansible Installation and deployment of

Ansible It's one ( machine ) For more than ( machine ) The operation of , In order to avoid authorization problems between different machines during operation Ansible One click deployment failed , So before the experiment, we first introduce the secret free login technology between different servers .

1.1.1 Deploy Ansible

Ansible It is a one to many operation , One is used here Ansible Server to control 3 Explain the example of a slave machine . Now let's deploy the experimental environment , Get ready 4 Servers , The server role and configuration are shown in the table 1.1 Shown .

surface 1.1 Ansible Experiment preparation

Server role

Application configuration

IP Address

Ansible The server

Ansible

192.168.226.11

host1

IP

192.168.226.12

host2

IP

192.168.226.13

host3

IP

192.168.226.14

Be careful : In this experiment, all servers need to shut down the firewall and SElinux. After the environmental preparation required for the experiment is completed, it shall be conducted in Ansible Do domain name resolution in the server , The specific code is as follows .

[[email protected] ~]# vim /etc/hosts

[[email protected] ~]# tail -4 /etc/hosts

192.168.226.11 ansible

192.168.226.12 host1

192.168.226.13 host2

192.168.226.14 host3

stay Ansible The client only needs to be set up IP and YUM Source can , No need to install any Ansible Program . In order to facilitate the reader to observe the experimental effect , Here, modify the host name of each server to its corresponding role , The specific code is as follows .

#192.168.226.11

[[email protected] ~]# hostnamectl set-hostname ansible

#192.168.226.12

[[email protected] ~]# hostnamectl set-hostname host1

#192.168.226.13

[[email protected] ~]# hostnamectl set-hostname host2

#192.168.226.14

[[email protected] ~]# hostnamectl set-hostname host3

2. install Ansible

After the environment preparation required for the experiment is completed , The next in Ansible Installed in the controller Ansible.Ansible Installation of depends on EPEL Warehouse , So in installation Ansible It needs to be installed before EPEL Source , The specific code is as follows .

[[email protected] ~]# yum -y install epel-release

already installed :

epel-release.noarch 0:7-11

complete !

EPEL After the source installation is completed , You can start the installation Ansible, The specific code is as follows .

[[email protected] ~]# yum -y install ansible

When the following prompt appears , That is to say Ansible installation is complete .

already installed :

ansible.noarch 0:2.9.10-1.el7

Installed as a dependency :

PyYAML.x86_64 0:3.10-11.el7

libyaml.x86_64 0:0.1.4-11.el7_0

······ Omitted code ······

python-setuptools.noarch

0:0.9.8-7.el7 python-six.noarch 0:1.9.0-2.el7

python2-cryptography.x86_64

0:1.7.2-2.el7 python2-httplib2.noarch 0:0.18.1-3.el7

python2-jmespath.noarch

0:0.9.4-2.el7 python2-pyasn1.noarch 0:0.1.9-7.el7

sshpass.x86_64 0:1.06-2.el7

complete !

3. Preliminary use Ansible

Ansible After installation , You can view and understand the basic information about it through the command , Here are some examples for reference .

l List Ansible All files for

[[email protected] ~]# rpm -ql ansible

/usr/share/man/man1/ansible-galaxy.1.gz

/usr/share/man/man1/ansible-inventory.1.gz

/usr/share/man/man1/ansible-playbook.1.gz

/usr/share/man/man1/ansible-pull.1.gz

/usr/share/man/man1/ansible-vault.1.gz

/usr/share/man/man1/ansible.1.gz

l see Ansible Configuration file for

[[email protected] ~]# rpm -qc ansible

/etc/ansible/ansible.cfg

/etc/ansible/hosts

l see Ansible All modules of

[[email protected] ~]# ansible-doc -l

fortios_router_community_list Configure community lists in Fortinet's For...

azure_rm_devtestlab_info Get Azure DevTest Lab facts

ecs_taskdefinition register a task definition in ecs

avi_alertscriptconfig Module for setup of AlertScriptConfig Avi R...

tower_receive Receive assets from Ansible Tower

netapp_e_iscsi_target NetApp E-Series manage iSCSI target configu...

azure_rm_acs Manage an Azure Container Service(ACS) inst...

fortios_log_syslogd2_filter Filters for remote system server in Fortine...

junos_rpc Runs an arbitrary RPC over NetConf on an Ju...

na_elementsw_vlan NetApp Element Software Manage VLAN

pn_ospf CLI command to add/remove ospf protocol to ...

pn_snmp_vacm CLI command to create/modify/delete snmp-va...

cp_mgmt_service_sctp Manages service-sctp objects on Check Point...

onyx_ospf Manage OSPF protocol on Mellanox ONYX netwo...

icx_command Run arbitrary commands on remote Ruckus ICX...

cs_snapshot_policy Manages volume snapshot policies on Apache ...

nxos_install_os Set boot options like boot, kickstart image...

cnos_static_route Manage static IP routes on Lenovo CNOS netw...

win_eventlog Manage Windows event logs

vmware_category Manage VMware categories

vmware_host_feature_info Gathers info about an ESXi host's feature c...

avi_cluster Module for setup of Cluster Avi RESTful Obj...

l see Ansible Version number of

View the current through the command Ansible Version of , The specific codes and results are as follows .

[[email protected] ~]# ansible --version

ansible 2.9.18

config file = /etc/ansible/ansible.cfg

configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

ansible python module location = /usr/lib/python2.7/site-packages/ansible

executable location = /usr/bin/ansible

python version = 2.7.5 (default, Oct 30 2018, 23:45:53) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

From the feedback of the code, we can see , At present Ansible The version is 2.9.18.

1.1.2 Password free login

In order to use SSH Reduce the tedious authentication operation during remote login , Add... To each server here SSH secret key ( Private key and public key ) Configure password free login .SSH Generate a pair of keys through encryption algorithm , By default RSA 2048 Bit encryption . Here in Ansible The host generates the key , And send the public key to each client to realize remote secret free login .

1. Generate the key

First, in the Ansible The host generates the key through the command , The specific code is as follows .

[[email protected] ~]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Created directory '/root/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:8ukjOhvlALDj/syAChOXvqV3VB12OJWJyVNbJUYeqPM [email protected]

The key's randomart image is:

+---[RSA 2048]----+

|. . *o=*..|

| o X == o |

|o . o *. . |

|.. o . + |

|..o . o.S o |

|o+ +.o . E |

|+o. o.. o |

|o.=+o.o.. |

|. o=o= ... |

+----[SHA256]-----+

During key pair generation , The system will ask for the file path to save the key , Press enter to save the key to by default /root/.ssh/ Under the table of contents . Then enter the password twice , It can also be an empty password , But you must enter the same password twice . The key is then saved to the specified file path , And display the final generated key .

2. Send a key

After key generation , And then Ansible The server sends the generated key to another client , Note: add the controlled host at the end of the command IP Address , The specific code is as follows .

[[email protected] ~]# ssh-copy-id [email protected]

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

The authenticity of host '192.168.226.12 (192.168.226.12)' can't be established.

ECDSA key fingerprint is SHA256:NOq3/BJFu5pnnoFB0HH0a31KfFfU2uoZZ5xd8/U9ut0.

ECDSA key fingerprint is MD5:f1:9e:11:69:d3:39:d9:0e:4c:a9:21:e3:a9:79:b1:fc.

Are you sure you want to continue connecting (yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '[email protected]'"

and check to make sure that only the key(s) you wanted were added.

# And then send them to the other two hosts , The result is omitted here .

[[email protected] ~]# ssh-copy-id [email protected]

[[email protected] ~]# ssh-copy-id [email protected]

When first sent , The system will display the file path of the command and the file path of the key , Before the backup, the user will be prompted that the authenticity of the host cannot be determined , Ask if you want to continue connecting to the target host . After confirming that the target host is correct , Input “yes” Then start to use the password to connect to the host for a series of operations .

3. Log on to the test

After sending , adopt Ansible Log in to a client that has established a password free login , First, in the host1 Create a file or folder for detection on the host , The code is as follows .

[[email protected] ~]# mkdir host111

Next use Ansible Sign in host1 To test , The specific code is as follows .

# Login client host1

[[email protected] ~]# ssh host1

Last login: Mon Dec 9 10:35:01 2019

[[email protected] ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

valid_lft forever preferred_lft forever

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

link/ether 00:0c:29:1a:2c:bf brd ff:ff:ff:ff:ff:ff

inet 192.168.226.12/24 brd 192.168.226.255 scope global noprefixroute ens33

valid_lft forever preferred_lft forever

inet6 fe80::c083:b4f5:860e:1ce2/64 scope link noprefixroute

valid_lft forever preferred_lft forever

From the feedback of the code, you can see ,Ansible The host automatically logs in to the client directly . see IP Also for the host1 Of IP, This indicates that the password free login configuration is successful . After the operation is completed , Input exit You can log out .

# Exit client

[[email protected] ~]# exit

Log out

Connection to host1 closed.

[[email protected] ~]#

copyright:author[User 1880875],Please bring the original link to reprint, thank you. https://en.javamana.com/2022/175/20210705110514393M.html