使用Ansible为集群初始化并配置免密

使用Ansible为集群初始化并配置免密

前情概要

集群的36台服务器安装好了centos7.9设置了统一的root密码,并配置好了主机名和ip。现在需要实现:

  1. 每台关闭防火墙和selinux
  2. 删除安装操作系统时创建的默认用户user及其家目录
  3. 将集群的36台主机和ip信息添加到/etc/hosts文件
  4. 删除默认yum源配置文件,添加指定的repo文件
  5. 为集群36台主机配置ssh相互免密

Ansible实现

感觉Ansible比使用脚本来得更方便,所以使用Ansible。

playbook的yaml文件:

---
- name: Initialize servers
  hosts: all_servers
  gather_facts: no
  become: no

  tasks:
    - name: Disable firewall
      service:
        name: firewalld
        state: stopped
        enabled: no

    - name: Disable SELinux
      selinux:
        state: disabled
        policy: targeted
    - name: Disable SELinux immediately
      command: setenforce 0
      ignore_errors: yes

    - name: Ensure user is absent and home directory removed
      user:
        name: user
        state: absent
        remove: yes

    - name: Remove default yum repos
      file:
        path: "{{ item }}"
        state: absent
      with_fileglob:
        - /etc/yum.repos.d/*.repo
    - name: Copy http.repo to all servers
      copy:
        src: /root/http.repo
        dest: /etc/yum.repos.d/http.repo
        owner: root
        group: root
        mode: '0644'

    - name: Add hostname into /etc/hosts
      lineinfile:
        path: /etc/hosts
        line: "{{ hostvars[item]['ansible_host'] }} {{ item }}"
        state: present
        create: yes
        regexp: "^{{ hostvars[item]['ansible_host'] }}\\s+{{ item }}$"
      with_items: "{{ groups['all_servers'] }}"

    - name: Check /root/.ssh exists
      file:
        path: /root/.ssh
        state: directory
        mode: '0700'
    - name: Check id_rsa exists
      stat:
        path: /root/.ssh/id_rsa
      register: ssh_key
    - name: Generate SSH keypair if not already present
      openssh_keypair:
        path: /root/.ssh/id_rsa
        type: rsa
        size: 2048
        state: present
        mode: '0600'
      when: not ssh_key.stat.exists

    - name: Gather SSH public keys from all servers
      slurp:
        src: /root/.ssh/id_rsa.pub
      register: public_key

    - name: Set up authorized_keys for all servers
      authorized_key:
        user: root
        key: "{{ hostvars[item]['public_key']['content'] | b64decode }}"
        state: present
      with_items: "{{ groups['all_servers'] }}"

inventory文件

[all_servers]
hpc_mgr_1 ansible_user=root ansible_host=10.2.1.9 ansible_connection=local
hpc_mgr_2 ansible_user=root ansible_host=10.2.1.11
hpc_node_1 ansible_user=root ansible_host=10.2.1.13
hpc_node_2 ansible_user=root ansible_host=10.2.1.15
hpc_node_3 ansible_user=root ansible_host=10.2.1.17
hpc_node_4 ansible_user=root ansible_host=10.2.1.19
hpc_node_5 ansible_user=root ansible_host=10.2.1.21
hpc_node_6 ansible_user=root ansible_host=10.2.1.23
hpc_node_7 ansible_user=root ansible_host=10.2.1.25
hpc_node_8 ansible_user=root ansible_host=10.2.1.27
hpc_node_9 ansible_user=root ansible_host=10.2.1.29
hpc_node_10 ansible_user=root ansible_host=10.2.1.31
hpc_node_11 ansible_user=root ansible_host=10.2.1.33
hpc_node_12 ansible_user=root ansible_host=10.2.1.35
hpc_node_13 ansible_user=root ansible_host=10.2.1.37
hpc_node_14 ansible_user=root ansible_host=10.2.1.39
hpc_node_15 ansible_user=root ansible_host=10.2.1.41
hpc_node_16 ansible_user=root ansible_host=10.2.1.43
hpc_node_17 ansible_user=root ansible_host=10.2.1.45
hpc_node_18 ansible_user=root ansible_host=10.2.1.47
hpc_node_19 ansible_user=root ansible_host=10.2.1.49
hpc_node_20 ansible_user=root ansible_host=10.2.1.51
hpc_node_21 ansible_user=root ansible_host=10.2.1.53
hpc_node_22 ansible_user=root ansible_host=10.2.1.55
hpc_node_23 ansible_user=root ansible_host=10.2.1.57
hpc_node_24 ansible_user=root ansible_host=10.2.1.59
hpc_node_25 ansible_user=root ansible_host=10.2.1.61
hpc_node_26 ansible_user=root ansible_host=10.2.1.63
hpc_node_27 ansible_user=root ansible_host=10.2.1.65
hpc_node_28 ansible_user=root ansible_host=10.2.1.67
hpc_node_29 ansible_user=root ansible_host=10.2.1.69
hpc_node_30 ansible_user=root ansible_host=10.2.1.71
hpc_node_31 ansible_user=root ansible_host=10.2.1.73
hpc_node_32 ansible_user=root ansible_host=10.2.1.75
hpc_fnode_1 ansible_user=root ansible_host=10.2.1.77
hpc_fnode_2 ansible_user=root ansible_host=10.2.1.79

执行playbook:

ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory.ini a.yaml --ask-pass

总结

临时使用,体验很不错。