文章目录
实验环境
| 主机IP【配置静态IP地址】 | 主机名字(身份) |
|---|---|
| 10.0.0.61 | m01(管理节点) |
| 10.0.0.31 | nfs(网络文件系统) |
安装ansible
安装ansible,只需要在主控节点进行安装ansible服务,配置ssh公私钥
bash
#使用yum安装ansible和依赖开发软件包,前提需要配置好阿里云的yum和epel源
[root@m01 yum.repos.d]# ls
CentOS-Base.repo epel.repo nginx.repo
[root@m01 yum.repos.d]# yum repolist
Loaded plugins: fastestmirror, langpacks
Determining fastest mirrors
repo id repo name status
!base/7/x86_64 CentOS-7 - Base - mirrors.aliyun.com 10,072
!epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,791
!extras/7/x86_64 CentOS-7 - Extras - mirrors.aliyun.com 526
!nginx-stable/7/x86_64 nginx stable repo 364
!updates/7/x86_64 CentOS-7 - Updates - mirrors.aliyun.com 6,173
repolist: 30,926
#安装ansible和依赖
yum -y install ansible libselinux-python
#配置主机文件,这里我同步配置了/etc/hosts文件,做了主机名和主机ip映射,这样在配置ansible主机
文件的时候可以使用主机名字,没有的话就直接配置主机IP地址
#注意ansible都是使用ssh进行登入的,需要保障管理节点和被管理的节点可以ssh登入
[root@m01 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.5 lb01
10.0.0.6 lb02
10.0.0.7 web01
10.0.0.8 web02
10.0.0.9 web03
10.0.0.31 nfs
10.0.0.41 backup
10.0.0.51 db01
10.0.0.61 m01
10.0.0.71 zabbix
#测试主机映射是否成功
[root@m01 ~]# ping nfs
PING nfs (10.0.0.31) 56(84) bytes of data.
64 bytes from nfs (10.0.0.31): icmp_seq=1 ttl=64 time=0.179 ms
64 bytes from nfs (10.0.0.31): icmp_seq=2 ttl=64 time=0.231 ms
64 bytes from nfs (10.0.0.31): icmp_seq=3 ttl=64 time=0.504 ms
^C
--- nfs ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.179/0.304/0.504/0.143 ms
#配置ansible的主机文件
[root@m01 ~]# tail -2 /etc/ansible/hosts
[test]
nfs
在test组里面,有主机nfs
#配置ssh的公私钥
#生成公私秘钥,-t 加密类型 -C描述信息
[root@m01 ~]# ssh-keygen -t rsa -C A-Server.com
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xO2DoVA16c+29mx39r1hbG90M4dEPXJszdW8tBWB/Fo A-Server.com
The key's randomart image is:
+---[RSA 2048]----+
| ..o. . o*B|
| . ..o +.*B|
| . .+ . .* =|
| . o.+ .E |
| . Soo .o. |
| +. .oo+|
| . . *=|
| o.. + B|
| . oo. =*|
+----[SHA256]-----+
#分发公钥到被管理节点,输入被管理节点的root密码
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub "root@10.0.0.31"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.31's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@10.0.0.31'"
and check to make sure that only the key(s) you wanted were added.
#检查管理节点的公私钥信息
[root@m01 ~]# cd /etc/ssh/
[root@m01 ssh]# ls
moduli ssh_host_ecdsa_key ssh_host_ed25519_key.pub
ssh_config ssh_host_ecdsa_key.pub ssh_host_rsa_key
sshd_config ssh_host_ed25519_key ssh_host_rsa_key.pub部署nfs网络文件系统
1、创建系统用户和组
php
[root@m01 ~]# ansible nfs -m group -a 'name=www gid=666 state=present'
nfs | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 666,
"name": "www",
"state": "present",
"system": false
}
[root@m01 ~]# ansible nfs -m user -a 'name=www uid=666 group=666 create_home=no shell=/sbin/nologin state=present'
nfs | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 666,
"home": "/home/www",
"name": "www",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 666
}2、在nfs上创建共享目录
php
[root@m01 ~]# ansible nfs -m file -a 'path=/data state=directory owner=666 group=666 recurse=yes'
nfs | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 666,
"group": "www",
"mode": "0755",
"owner": "www",
"path": "/data",
"size": 6,
"state": "directory",
"uid": 666
}3、编辑nfs配置文件
php
[root@m01 ~]# ansible nfs -m copy -a 'dest=/etc/exports content="/data 10.0.0.0/24(rw,all_squash,anonuid=666,anongid=666)" mode=600'
nfs | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "9595deab6719ad80dcef8a71f50a317dbfba5235",
"dest": "/etc/exports",
"gid": 0,
"group": "root",
"md5sum": "7c78689c50af25261f54f251b34c7e26",
"mode": "0600",
"owner": "root",
"size": 56,
"src": "/root/.ansible/tmp/ansible-tmp-1699072334.11-1365-90513311577736/source",
"state": "file",
"uid": 0
}4、开启nfs服务
php
[root@m01 ~]# ansible nfs -m systemd -a 'name=nfs state=started enabled=yes'
nfs | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"enabled": true, 5、进行挂载
php
[root@m01 ~]# ansible web -m mount -a 'src=10.0.0.31:/data path=/web fstype=nfs opts=defaults state=mounted'
web01 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "nfs",
"name": "/web",
"opts": "defaults",
"passno": "0",
"src": "10.0.0.31:/data"
}
web03 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "nfs",
"name": "/web",
"opts": "defaults",
"passno": "0",
"src": "10.0.0.31:/data"
}
web02 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"dump": "0",
"fstab": "/etc/fstab",
"fstype": "nfs",
"name": "/web",
"opts": "defaults",
"passno": "0",
"src": "10.0.0.31:/data"
}