使用Ansible为集群初始化并配置免密
前情概要
集群的36台服务器安装好了centos7.9设置了统一的root密码,并配置好了主机名和ip。现在需要实现:
- 每台关闭防火墙和selinux
- 删除安装操作系统时创建的默认用户user及其家目录
- 将集群的36台主机和ip信息添加到/etc/hosts文件
- 删除默认yum源配置文件,添加指定的repo文件
- 为集群36台主机配置ssh相互免密
Ansible实现
感觉Ansible比使用脚本来得更方便,所以使用Ansible。
playbook的yaml文件:
---- name: Initialize servers hosts: all_servers gather_facts: no become: no tasks: - name: Disable firewall service: name: firewalld state: stopped enabled: no - name: Disable SELinux selinux: state: disabled policy: targeted - name: Disable SELinux immediately command: setenforce 0 ignore_errors: yes - name: Ensure user is absent and home directory removed user: name: user state: absent remove: yes - name: Remove default yum repos file: path: "{{ item }}" state: absent with_fileglob: - /etc/yum.repos.d/*.repo - name: Copy http.repo to all servers copy: src: /root/http.repo dest: /etc/yum.repos.d/http.repo owner: root group: root mode: '0644' - name: Add hostname into /etc/hosts lineinfile: path: /etc/hosts line: "{{ hostvars[item]['ansible_host'] }} {{ item }}" state: present create: yes regexp: "^{{ hostvars[item]['ansible_host'] }}\\s+{{ item }}$" with_items: "{{ groups['all_servers'] }}" - name: Check /root/.ssh exists file: path: /root/.ssh state: directory mode: '0700' - name: Check id_rsa exists stat: path: /root/.ssh/id_rsa register: ssh_key - name: Generate SSH keypair if not already present openssh_keypair: path: /root/.ssh/id_rsa type: rsa size: 2048 state: present mode: '0600' when: not ssh_key.stat.exists - name: Gather SSH public keys from all servers slurp: src: /root/.ssh/id_rsa.pub register: public_key - name: Set up authorized_keys for all servers authorized_key: user: root key: "{{ hostvars[item]['public_key']['content'] | b64decode }}" state: present with_items: "{{ groups['all_servers'] }}"inventory文件
[all_servers]hpc_mgr_1 ansible_user=root ansible_host=10.2.1.9 ansible_connection=localhpc_mgr_2 ansible_user=root ansible_host=10.2.1.11hpc_node_1 ansible_user=root ansible_host=10.2.1.13hpc_node_2 ansible_user=root ansible_host=10.2.1.15hpc_node_3 ansible_user=root ansible_host=10.2.1.17hpc_node_4 ansible_user=root ansible_host=10.2.1.19hpc_node_5 ansible_user=root ansible_host=10.2.1.21hpc_node_6 ansible_user=root ansible_host=10.2.1.23hpc_node_7 ansible_user=root ansible_host=10.2.1.25hpc_node_8 ansible_user=root ansible_host=10.2.1.27hpc_node_9 ansible_user=root ansible_host=10.2.1.29hpc_node_10 ansible_user=root ansible_host=10.2.1.31hpc_node_11 ansible_user=root ansible_host=10.2.1.33hpc_node_12 ansible_user=root ansible_host=10.2.1.35hpc_node_13 ansible_user=root ansible_host=10.2.1.37hpc_node_14 ansible_user=root ansible_host=10.2.1.39hpc_node_15 ansible_user=root ansible_host=10.2.1.41hpc_node_16 ansible_user=root ansible_host=10.2.1.43hpc_node_17 ansible_user=root ansible_host=10.2.1.45hpc_node_18 ansible_user=root ansible_host=10.2.1.47hpc_node_19 ansible_user=root ansible_host=10.2.1.49hpc_node_20 ansible_user=root ansible_host=10.2.1.51hpc_node_21 ansible_user=root ansible_host=10.2.1.53hpc_node_22 ansible_user=root ansible_host=10.2.1.55hpc_node_23 ansible_user=root ansible_host=10.2.1.57hpc_node_24 ansible_user=root ansible_host=10.2.1.59hpc_node_25 ansible_user=root ansible_host=10.2.1.61hpc_node_26 ansible_user=root ansible_host=10.2.1.63hpc_node_27 ansible_user=root ansible_host=10.2.1.65hpc_node_28 ansible_user=root ansible_host=10.2.1.67hpc_node_29 ansible_user=root ansible_host=10.2.1.69hpc_node_30 ansible_user=root ansible_host=10.2.1.71hpc_node_31 ansible_user=root ansible_host=10.2.1.73hpc_node_32 ansible_user=root ansible_host=10.2.1.75hpc_fnode_1 ansible_user=root ansible_host=10.2.1.77hpc_fnode_2 ansible_user=root ansible_host=10.2.1.79执行playbook:
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory.ini a.yaml --ask-pass总结
临时使用,体验很不错。