- A+
所属分类:linux技术
使用Ansible为集群初始化并配置免密
前情概要
集群的36台服务器安装好了centos7.9设置了统一的root密码,并配置好了主机名和ip。现在需要实现:
- 每台关闭防火墙和selinux
- 删除安装操作系统时创建的默认用户user及其家目录
- 将集群的36台主机和ip信息添加到/etc/hosts文件
- 删除默认yum源配置文件,添加指定的repo文件
- 为集群36台主机配置ssh相互免密
Ansible实现
感觉Ansible比使用脚本来得更方便,所以使用Ansible。
playbook的yaml文件:
--- - name: Initialize servers hosts: all_servers gather_facts: no become: no tasks: - name: Disable firewall service: name: firewalld state: stopped enabled: no - name: Disable SELinux selinux: state: disabled policy: targeted - name: Disable SELinux immediately command: setenforce 0 ignore_errors: yes - name: Ensure user is absent and home directory removed user: name: user state: absent remove: yes - name: Remove default yum repos file: path: "{{ item }}" state: absent with_fileglob: - /etc/yum.repos.d/*.repo - name: Copy http.repo to all servers copy: src: /root/http.repo dest: /etc/yum.repos.d/http.repo owner: root group: root mode: '0644' - name: Add hostname into /etc/hosts lineinfile: path: /etc/hosts line: "{{ hostvars[item]['ansible_host'] }} {{ item }}" state: present create: yes regexp: "^{{ hostvars[item]['ansible_host'] }}\s+{{ item }}$" with_items: "{{ groups['all_servers'] }}" - name: Check /root/.ssh exists file: path: /root/.ssh state: directory mode: '0700' - name: Check id_rsa exists stat: path: /root/.ssh/id_rsa register: ssh_key - name: Generate SSH keypair if not already present openssh_keypair: path: /root/.ssh/id_rsa type: rsa size: 2048 state: present mode: '0600' when: not ssh_key.stat.exists - name: Gather SSH public keys from all servers slurp: src: /root/.ssh/id_rsa.pub register: public_key - name: Set up authorized_keys for all servers authorized_key: user: root key: "{{ hostvars[item]['public_key']['content'] | b64decode }}" state: present with_items: "{{ groups['all_servers'] }}" inventory文件
[all_servers] hpc_mgr_1 ansible_user=root ansible_host=10.2.1.9 ansible_connection=local hpc_mgr_2 ansible_user=root ansible_host=10.2.1.11 hpc_node_1 ansible_user=root ansible_host=10.2.1.13 hpc_node_2 ansible_user=root ansible_host=10.2.1.15 hpc_node_3 ansible_user=root ansible_host=10.2.1.17 hpc_node_4 ansible_user=root ansible_host=10.2.1.19 hpc_node_5 ansible_user=root ansible_host=10.2.1.21 hpc_node_6 ansible_user=root ansible_host=10.2.1.23 hpc_node_7 ansible_user=root ansible_host=10.2.1.25 hpc_node_8 ansible_user=root ansible_host=10.2.1.27 hpc_node_9 ansible_user=root ansible_host=10.2.1.29 hpc_node_10 ansible_user=root ansible_host=10.2.1.31 hpc_node_11 ansible_user=root ansible_host=10.2.1.33 hpc_node_12 ansible_user=root ansible_host=10.2.1.35 hpc_node_13 ansible_user=root ansible_host=10.2.1.37 hpc_node_14 ansible_user=root ansible_host=10.2.1.39 hpc_node_15 ansible_user=root ansible_host=10.2.1.41 hpc_node_16 ansible_user=root ansible_host=10.2.1.43 hpc_node_17 ansible_user=root ansible_host=10.2.1.45 hpc_node_18 ansible_user=root ansible_host=10.2.1.47 hpc_node_19 ansible_user=root ansible_host=10.2.1.49 hpc_node_20 ansible_user=root ansible_host=10.2.1.51 hpc_node_21 ansible_user=root ansible_host=10.2.1.53 hpc_node_22 ansible_user=root ansible_host=10.2.1.55 hpc_node_23 ansible_user=root ansible_host=10.2.1.57 hpc_node_24 ansible_user=root ansible_host=10.2.1.59 hpc_node_25 ansible_user=root ansible_host=10.2.1.61 hpc_node_26 ansible_user=root ansible_host=10.2.1.63 hpc_node_27 ansible_user=root ansible_host=10.2.1.65 hpc_node_28 ansible_user=root ansible_host=10.2.1.67 hpc_node_29 ansible_user=root ansible_host=10.2.1.69 hpc_node_30 ansible_user=root ansible_host=10.2.1.71 hpc_node_31 ansible_user=root ansible_host=10.2.1.73 hpc_node_32 ansible_user=root ansible_host=10.2.1.75 hpc_fnode_1 ansible_user=root ansible_host=10.2.1.77 hpc_fnode_2 ansible_user=root ansible_host=10.2.1.79 执行playbook:
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory.ini a.yaml --ask-pass 总结
临时使用,体验很不错。
