使用Ansible為叢集初始化並配置免密
前情概要
叢集的36臺伺服器安裝好了centos7.9設定了統一的root密碼,並配置好了主機名和ip。現在需要實現:
- 每臺關閉防火牆和selinux
- 刪除安裝作業系統時建立的預設使用者user及其家目錄
- 將叢集的36臺主機和ip資訊新增到/etc/hosts檔案
- 刪除預設yum源配置檔案,新增指定的repo檔案
- 為叢集36臺主機配置ssh相互免密
Ansible實現
感覺Ansible比使用指令碼來得更方便,所以使用Ansible。
playbook的yaml檔案:
---
- name: Initialize servers
hosts: all_servers
gather_facts: no
become: no
tasks:
- name: Disable firewall
service:
name: firewalld
state: stopped
enabled: no
- name: Disable SELinux
selinux:
state: disabled
policy: targeted
- name: Disable SELinux immediately
command: setenforce 0
ignore_errors: yes
- name: Ensure user is absent and home directory removed
user:
name: user
state: absent
remove: yes
- name: Remove default yum repos
file:
path: "{{ item }}"
state: absent
with_fileglob:
- /etc/yum.repos.d/*.repo
- name: Copy http.repo to all servers
copy:
src: /root/http.repo
dest: /etc/yum.repos.d/http.repo
owner: root
group: root
mode: '0644'
- name: Add hostname into /etc/hosts
lineinfile:
path: /etc/hosts
line: "{{ hostvars[item]['ansible_host'] }} {{ item }}"
state: present
create: yes
regexp: "^{{ hostvars[item]['ansible_host'] }}\\s+{{ item }}$"
with_items: "{{ groups['all_servers'] }}"
- name: Check /root/.ssh exists
file:
path: /root/.ssh
state: directory
mode: '0700'
- name: Check id_rsa exists
stat:
path: /root/.ssh/id_rsa
register: ssh_key
- name: Generate SSH keypair if not already present
openssh_keypair:
path: /root/.ssh/id_rsa
type: rsa
size: 2048
state: present
mode: '0600'
when: not ssh_key.stat.exists
- name: Gather SSH public keys from all servers
slurp:
src: /root/.ssh/id_rsa.pub
register: public_key
- name: Set up authorized_keys for all servers
authorized_key:
user: root
key: "{{ hostvars[item]['public_key']['content'] | b64decode }}"
state: present
with_items: "{{ groups['all_servers'] }}"
inventory檔案
[all_servers]
hpc_mgr_1 ansible_user=root ansible_host=10.2.1.9 ansible_connection=local
hpc_mgr_2 ansible_user=root ansible_host=10.2.1.11
hpc_node_1 ansible_user=root ansible_host=10.2.1.13
hpc_node_2 ansible_user=root ansible_host=10.2.1.15
hpc_node_3 ansible_user=root ansible_host=10.2.1.17
hpc_node_4 ansible_user=root ansible_host=10.2.1.19
hpc_node_5 ansible_user=root ansible_host=10.2.1.21
hpc_node_6 ansible_user=root ansible_host=10.2.1.23
hpc_node_7 ansible_user=root ansible_host=10.2.1.25
hpc_node_8 ansible_user=root ansible_host=10.2.1.27
hpc_node_9 ansible_user=root ansible_host=10.2.1.29
hpc_node_10 ansible_user=root ansible_host=10.2.1.31
hpc_node_11 ansible_user=root ansible_host=10.2.1.33
hpc_node_12 ansible_user=root ansible_host=10.2.1.35
hpc_node_13 ansible_user=root ansible_host=10.2.1.37
hpc_node_14 ansible_user=root ansible_host=10.2.1.39
hpc_node_15 ansible_user=root ansible_host=10.2.1.41
hpc_node_16 ansible_user=root ansible_host=10.2.1.43
hpc_node_17 ansible_user=root ansible_host=10.2.1.45
hpc_node_18 ansible_user=root ansible_host=10.2.1.47
hpc_node_19 ansible_user=root ansible_host=10.2.1.49
hpc_node_20 ansible_user=root ansible_host=10.2.1.51
hpc_node_21 ansible_user=root ansible_host=10.2.1.53
hpc_node_22 ansible_user=root ansible_host=10.2.1.55
hpc_node_23 ansible_user=root ansible_host=10.2.1.57
hpc_node_24 ansible_user=root ansible_host=10.2.1.59
hpc_node_25 ansible_user=root ansible_host=10.2.1.61
hpc_node_26 ansible_user=root ansible_host=10.2.1.63
hpc_node_27 ansible_user=root ansible_host=10.2.1.65
hpc_node_28 ansible_user=root ansible_host=10.2.1.67
hpc_node_29 ansible_user=root ansible_host=10.2.1.69
hpc_node_30 ansible_user=root ansible_host=10.2.1.71
hpc_node_31 ansible_user=root ansible_host=10.2.1.73
hpc_node_32 ansible_user=root ansible_host=10.2.1.75
hpc_fnode_1 ansible_user=root ansible_host=10.2.1.77
hpc_fnode_2 ansible_user=root ansible_host=10.2.1.79
執行playbook:
ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory.ini a.yaml --ask-pass
總結
臨時使用,體驗很不錯。