使用Ansible为集群初始化并配置免密
使用Ansible为集群初始化并配置免密
前情概要
集群的36台服务器安装好了centos7.9设置了统一的root密码,并配置好了主机名和ip。现在需要实现:
- 每台关闭防火墙和selinux
- 删除安装操作系统时创建的默认用户user及其家目录
- 将集群的36台主机和ip信息添加到/etc/hosts文件
- 删除默认yum源配置文件,添加指定的repo文件
- 为集群36台主机配置ssh相互免密
Ansible实现
感觉Ansible比使用脚本来得更方便,所以使用Ansible。
playbook的yaml文件:
---
- name: Initialize servers
hosts: all_servers
gather_facts: no
become: no
tasks:
- name: Disable firewall
service:
name: firewalld
state: stopped
enabled: no
- name: Disable SELinux
selinux:
state: disabled
policy: targeted
- name: Disable SELinux immediately
command: setenforce 0
ignore_errors: yes
- name: Ensure user is absent and home directory removed
user:
name: user
state: absent
remove: yes
- name: Remove default yum repos
file:
path: "{{ item }}"
state: absent
with_fileglob:
- /etc/yum.repos.d/*.repo
- name: Copy http.repo to all servers
copy:
src: /root/http.repo
dest: /etc/yum.repos.d/http.repo
owner: root
group: root
mode: '0644'
- name: Add hostname into /etc/hosts
lineinfile:
path: /etc/hosts
line: "{{ hostvars[item]['ansible_host'] }} {{ item }}"
state: present
create: yes
regexp: "^{{ hostvars[item]['ansible_host'] }}\\s+{{ item }}$"
with_items: "{{ groups['all_servers'] }}"
- name: Check /root/.ssh exists
file:
path: /root/.ssh
state: directory
mode: '0700'
- name: Check id_rsa exists
stat:
path: /root/.ssh/id_rsa
register: ssh_key
- name: Generate SSH keypair if not already present
openssh_keypair:
path: /root/.ssh/id_rsa
type: rsa
size: 2048
state: present
mode: '0600'
when: not ssh_key.stat.exists
- name: Gather SSH public keys from all servers
slurp:
src: /root/.ssh/id_rsa.pub
register: public_key
- name: Set up authorized_keys for all servers
authorized_key:
user: root
key: "{{ hostvars[item]['public_key']['content'] | b64decode }}"
state: present
with_items: "{{ groups['all_servers'] }}"
inventory文件
[all_servers]
hpc_mgr_1 ansible_user=root ansible_host=10.2.1.9 ansible_connection=local
hpc_mgr_2 ansible_user=root ansible_host=10.2.1.11
hpc_node_1 ansible_user=root ansible_host=10.2.1.13
hpc_node_2 ansible_user=root ansible_host=10.2.1.15
hpc_node_3 ansible_user=root ansible_host=10.2.1.17
hpc_node_4 ansible_user=root ansible_host=10.2.1.19
hpc_node_5 ansible_user=root ansible_host=10.2.1.21
hpc_node_6 ansible_user=root ansible_host=10.2.1.23
hpc_node_7 ansible_user=root ansible_host=10.2.1.25
hpc_node_8 ansible_user=root ansible_host=10.2.1.27
hpc_node_9 ansible_user=root ansible_host=10.2.1.29
hpc_node_10 ansible_user=root ansible_host=10.2.1.31
hpc_node_11 ansible_user=root ansible_host=10.2.1.33
hpc_node_12 ansible_user=root ansible_host=10.2.1.35
hpc_node_13 ansible_user=root ansible_host=10.2.1.37
hpc_node_14 ansible_user=root ansible_host=10.2.1.39
hpc_node_15 ansible_user=root ansible_host=10.2.1.41
hpc_node_16 ansible_user=root ansible_host=10.2.1.43
hpc_node_17 ansible_user=root ansible_host=10.2.1.45
hpc_node_18 ansible_user=root ansible_host=10.2.1.47
hpc_node_19 ansible_user=root ansible_host=10.2.1.49
hpc_node_20 ansible_user=root ansible_host=10.2.1.51
hpc_node_21 ansible_user=root ansible_host=10.2.1.53
hpc_node_22 ansible_user=root ansible_host=10.2.1.55
hpc_node_23 ansible_user=root ansible_host=10.2.1.57
hpc_node_24 ansible_user=root ansible_host=10.2.1.59
hpc_node_25 ansible_user=root ansible_host=10.2.1.61
hpc_node_26 ansible_user=root ansible_host=10.2.1.63
hpc_node_27 ansible_user=root ansible_host=10.2.1.65
hpc_node_28 ansible_user=root ansible_host=10.2.1.67
hpc_node_29 ansible_user=root ansible_host=10.2.1.69
hpc_node_30 ansible_user=root ansible_host=10.2.1.71
hpc_node_31 ansible_user=root ansible_host=10.2.1.73
hpc_node_32 ansible_user=root ansible_host=10.2.1.75
hpc_fnode_1 ansible_user=root ansible_host=10.2.1.77
hpc_fnode_2 ansible_user=root ansible_host=10.2.1.79
执行playbook:
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory.ini a.yaml --ask-pass
总结
临时使用,体验很不错。