2. 科技
  3. ansible测试环境

ansible测试环境

it2022-05-05  175
ansible测试环境 ipusersudo_userportusage192.168.48.81ansibleroot29922nagios & ansible control192.168.48.82ansibleroot29922nagios node1 & boston1192.168.48.83ansibleroot29922target host192.168.48.84ansibleroot29922target host192.168.48.85ansibleroot29922nagios node1 & boston2192.168.48.86ansibleroot29922target host192.168.48.87ansibleroot29922target host

需求

1) 81不能直接访问83,84,86,87,可以通过82,85堡垒机变更部署 2) 所有服务器变更ssh端口22->29922,同时禁用root远程登录,允许ansible用户sudo到root 3) sshkey 81->82,85,82->83,84,85->86,87

控制机

安装方法 http://www.cnblogs.com/liujitao79/p/4193368.html

inventory

#/etc/ansible/hosts [center] 192.168.48.81 [idc1] 192.168.48.82 192.168.48.83 192.168.48.84 [idc2] 192.168.48.85 192.168.48.86 192.168.48.87

ssh管理方式测试

# ansible idc1 -u root -k -m ping SSH password: # results 192.168.48.82 | success >> { "changed": false, "ping": "pong" } 192.168.48.83 | success >> { "changed": false, "ping": "pong" } 192.168.48.84 | success >> { "changed": false, "ping": "pong" }

服务器初始化

使用ssh password方式变更运维环境, 包括以下内容 1)建立ansible用户 2)sshd配置 3)sshkey 变更完成后,使用sshkey方式部署应用环境

控制机->堡垒机

81

ssh-keygen -b 2048 -t rsa -f /tmp/ansible.pem -q -N '' ssh-keygen -b 2048 -t rsa -f /tmp/bastion82.pem -q -N '' ssh-keygen -b 2048 -t rsa -f /tmp/bastion85.pem -q -N '' mkdir -p /etc/ansible/keys cp /tmp/{*.pem, *.pem.pub} -> /etc/ansible/keys

82 & 85

useradd ansible su - ansible -c 'mkdir -p /home/ansible/.ssh' su - ansible -c 'chmod 700 .ssh' su - ansible -c 'echo "ssh-rsa ABBAB3NzaC1yc2EAAAADAQABAAABAQD4pbUECUaCod6dnNPJuqerZBOcqKiHc+JiXsJmJijOiTe7Xxyh0FEXqEAV7EOSOOe79LzZIsjq5iD6aPLZS7IKm/j8oGU0pB7s6Wz/Z8SWWBEpainBETIi0JgR2v/AmqSWi72o+d9isDSxkhfDZxIHXtlHo+rQ6iKytxTmlrplZwj+MDIo7g8Q3UXCa84b85HUaahS0VPATm8SM+YG89I6IV6NKL43N5guzfOKdxRrwOS6J2aGlq2UYMnC6emYXi/lKN92xvFbebyo5+KtbeLXjHuS1YvYdtvdpxvkOd2TboI9fB2qPKyt0LMv70nCJAUix7kBYcnaO4xe4vebfHpd ken@ken-HP6531s" > .ssh/authorized_keys' or su - ansible -c 'curl http://install.local/dc.pem.pub -O .ssh/authorized_keys' su - ansible -c 'chmod 600 .ssh/authorized_keys'

测试

ansible 192.168.48.82 -u ansible --private-key=/etc/ansible/keys/ansible.pem -m ping 192.168.48.82 | success >> { "changed": false, "ping": "pong" } ansible 192.168.48.85 -u ansible --private-key=/etc/ansible/keys/ansible.pem -m ping 192.168.48.85 | success >> { "changed": false, "ping": "pong" }

堡垒机->目标机

83 & 84 & 86 & 87

groupadd -g 501 ansible useradd -u 501 -g 501 ansible mkdir -p /home/ansible/.ssh && chown -R ansible:ansible /home/ansible/.ssh && chmod 700 /home/ansible/.ssh cp bastion82.pem.pub(83,84),bastion85.pem.pub(86,87) -> /home/ansible/.ssh/authorized_keys chown ansible:ansible /home/ansible/.ssh/authorized_keys && chmod 600 /home/ansible/.ssh/authorized_keys

82

# cp bastion82.pem -> /tmp ssh -i /tmp/bastion82.pem ansible@192.168.48.83 ssh -i /tmp/bastion82.pem ansible@192.168.48.84 # rm /tmp/bastion82.pem

控制机->目标机

/etc/ansitble/ssh.config

192.168.48.82 bastion-82 192.168.48.82 bastion-85

/etc/ansitble/ssh.config

ost bastion-82 User ansible Hostname 192.168.48.82 IdentityFile /etc/ansible/keys/ansible.pem StrictHostKeyChecking no Host bastion-85 User ansible Hostname 192.168.48.85 IdentityFile /etc/ansible/keys/ansible.pem StrictHostKeyChecking no Host server-83 User ansible Hostname 192.168.48.83 IdentityFile /etc/ansible/keys/bastion82.pem StrictHostKeyChecking no ProxyCommand ssh -q -A -x -l ansible -i /etc/ansible/keys/ansible.pem bastion-82 -o 'StrictHostKeyChecking=no' -W %h:%p Host server-84 User ansible Hostname 192.168.48.84 IdentityFile /etc/ansible/keys/bastion82.pem StrictHostKeyChecking no ProxyCommand ssh -q -A -x -l ansible -i /etc/ansible/keys/ansible.pem bastion-82 -o 'StrictHostKeyChecking=no' -W %h:%p Host server-86 User ansible Hostname 192.168.48.86 IdentityFile /etc/ansible/keys/bastion85.pem StrictHostKeyChecking no ProxyCommand ssh -q -A -x -l ansible -i /etc/ansible/keys/ansible.pem bastion-85 -o 'StrictHostKeyChecking=no' -W %h:%p Host server-87 User ansible Hostname 192.168.48.87 IdentityFile /etc/ansible/keys/bastion85.pem StrictHostKeyChecking no ProxyCommand ssh -q -A -x -l ansible -i /etc/ansible/keys/ansible.pem bastion-85 -o 'StrictHostKeyChecking=no' -W %h:%p ssh -F /etc/ansible/ssh.config bastion-82 ssh -F /etc/ansible/ssh.config bastion-85 ssh -F /etc/ansible/ssh.config server-83 ssh -F /etc/ansible/ssh.config server-84 ssh -F /etc/ansible/ssh.config server-86 ssh -F /etc/ansible/ssh.config server-87 posted on 2015-01-05 10:23 北京涛子 阅读( ...) 评论( ...) 编辑 收藏

转载于:https://www.cnblogs.com/liujitao79/p/4202895.html

相关资源:各显卡算力对照表!

专利

最新回复(0)