日拱一卒
0%

Posted on

配置 cron 作业

该 playbook 在 test 主机组中的受管节点上运行

配置 cron 作业,该作业 每隔 2 分钟 运行并执行以下命令:

logger "EX200 in progress",以用户 bob 身份运行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[greg@control ansible]$ vim /home/greg/ansible/cron.yml
---
- name: 配置 cron 作业
  hosts: test
  tasks:
  - name: Cron job
    cron:
      name: "a job for logger"
      minute: "*/2"
      job: 'logger "EX200 in progress"'
      user: bob
[greg@control ansible]$ ansible-playbook cron.yml 
[greg@control ansible]$ ansible test -a 'crontab -l -u bob'
node2 | CHANGED | rc=0 >>
#Ansible: logger
*/2 * * * * logger "EX200 in progress"

Posted on

更新 Ansible 库的密钥

按照下方所述,更新现有 Ansible 库的密钥:

http://materials/salaries.yml 下载 Ansible 库到 /home/greg/ansible

当前的库密码为 insecure8sure

新的库密码为 bbs2you9527

库使用 新密码 保持加密状态

1
2
3
4
5
6
7
8
9
[greg@control ansible]$ wget http://materials/salaries.yml
[greg@control ansible]$ ansible-vault rekey --ask-vault-pass salaries.yml 
Vault password: insecure8sure
New Vault password: bbs2you9527
Confirm New Vault password: bbs2you9527
Rekey successful
[greg@control ansible]$ ansible-vault view --ask-vault-pass salaries.yml 
Vault password: bbs2you9527
haha

Posted on

创建用户帐户

http://materials/user_list.yml 下载要创建的用户的列表,并将它保存到 /home/greg/ansible

在本次练习中使用在其他位置创建的密码库 /home/greg/ansible/locker.yml。创建名为 /home/greg/ansible/users.yml 的 playbook ,从而按以下所述创建用户帐户:

职位描述为 developer 的用户应当:

devtest 主机组中的受管节点上创建

pw_developer 变量分配密码

是补充组 devops 的成员

职位描述为 manager 的用户应当:

prod 主机组中的受管节点上创建

pw_manager 变量分配密码

是补充组 opsmgr 的成员

密码采用 SHA512 哈希格式。

您的 playbook 应能够在本次练习中使用在其他位置创建的库密码文件 /home/greg/ansible/secret.txt 正常运行。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
[greg@control ansible]$ wget http://materials/user_list.yml
[greg@control ansible]$ cat user_list.yml 
users:
  - name: bob
    job: developer
  - name: sally
    job: manager
  - name: fred
    job: developer
[greg@control ansible]$ vim /home/greg/ansible/users.yml
---
- name: 创建用户帐户_1
  hosts: dev,test
  vars_files:
  - locker.yml
  - user_list.yml
  tasks:
  - name: Ensure group "devops" exists
    group:
      name: devops
      state: present
  - name: Add the user
    user:
      name: "{{ item.name }}"
      password: "{{ pw_developer | password_hash('sha512') }}"
      groups: devops
      append: yes
    when: item.job == "developer"
    loop: "{{ users }}"

- name: 创建用户帐户_2
  hosts: prod
  vars_files:
  - locker.yml
  - user_list.yml
  tasks:
  - name: Ensure group "opsmgr" exists
    group:
      name: opsmgr
      state: present
  - name: Add the user
    user:
      name: "{{ item.name }}"
      password: "{{ pw_manager | password_hash('sha512') }}"
      groups: opsmgr
      append: yes
    when: item.job == "manager"
    loop: "{{ users }}"
[greg@control ansible]$ ansible-playbook users.yml 
[greg@control ansible]$ ansible dev,test -m shell -a 'id bob; id fred'
node2 | CHANGED | rc=0 >>
uid=1003(bob) gid=1003(bob) groups=1003(bob),1001(devops)
uid=1004(fred) gid=1004(fred) groups=1004(fred),1001(devops)
node1 | CHANGED | rc=0 >>
uid=1003(bob) gid=1004(bob) groups=1004(bob),1001(devops)
uid=1004(fred) gid=1005(fred) groups=1005(fred),1001(devops)
[greg@control ansible]$ ansible prod -m shell -a 'id sally'
node3 | CHANGED | rc=0 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)
node4 | CHANGED | rc=0 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)

Posted on

创建密码库

按照下方所述,创建一个 Ansible 库来存储用户密码:

库名称为 /home/greg/ansible/locker.yml

库中含有两个变量,名称如下:

pw_developer,值为 Imadev

pw_manager,值为 Imamgr

用于加密和解密该库的密码为 whenyouwishuponastar

密码存储在文件 /home/greg/ansible/secret.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[greg@control ansible]$ vim /home/greg/ansible/secret.txt
whenyouwishuponastar
[greg@control ansible]$ chmod 400 /home/greg/ansible/secret.txt
[greg@control ansible]$ vim ansible.cfg 
...
# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
vault_password_file = /home/greg/ansible/secret.txt
...
[greg@control ansible]$ ansible-vault create /home/greg/ansible/locker.yml
pw_developer: Imadev
pw_manager: Imamgr
[greg@control ansible]$ ansible-vault view locker.yml 
pw_developer: Imadev
pw_manager: Imamgr

Posted on

生成硬件报告

创建一个名为 /home/greg/ansible/hwreport.yml 的 playbook,它将在所有受管节点上生成含有以下信息的输出文件 /root/hwreport.txt

清单主机名称

MB 表示的 总内存大小

BIOS 版本

磁盘设备 vda 的大小

磁盘设备 vdb 的大小

输出文件中的每一行含有一个 key=value 对

您的 playbook 应当:

http://materials/hwreport.empty 下载文件,并将它保存为 /root/hwreport.txt

使用 正确的值 改为 /root/hwreport.txt

如果硬件项不存在,相关的值应设为 NONE

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
[greg@control ansible]$ vim /home/greg/ansible/hwreport.yml
---
- name: 生成硬件报告
  hosts: all
  tasks:
  - name: Download hwreport.txt
    get_url:
      url: http://materials/hwreport.empty
      dest: /root/hwreport.txt
  - name: Ensure HOST
    lineinfile:
      path: /root/hwreport.txt
      regexp: '^HOST='
      line: HOST={{ inventory_hostname }}
  - name: Ensure MEMORY
    lineinfile:
      path: /root/hwreport.txt
      regexp: '^MEMORY='
      line: MEMORY={{ ansible_facts['memtotal_mb'] }}
  - name: Ensure BIOS
    lineinfile:
      path: /root/hwreport.txt
      regexp: '^BIOS='
      line: BIOS={{ ansible_facts['bios_version'] }}
  - name: Ensure DISK_SIZE_VDA
    lineinfile:
      path: /root/hwreport.txt
      regexp: '^DISK_SIZE_VDA='
      line: DISK_SIZE_VDA={{ ansible_facts['devices']['vda']['size'] | default('NONE',true) }}
  - name: Ensure DISK_SIZE_VDB
    lineinfile:
      path: /root/hwreport.txt
      regexp: '^DISK_SIZE_VDB='
      line: DISK_SIZE_VDB={{ ansible_facts['devices']['vdb']['size'] | default('NONE',true) }}
[greg@control ansible]$ ansible-playbook hwreport.yml 
[greg@control ansible]$ ansible all -a 'cat /root/hwreport.txt'