[devops@workstation ansible]$ ansible all -m shell -a "rm -rf /etc/yum.repos.d/*"
[devops@workstation ansible]$ ansible all -a "ls /etc/yum.repos.d/"
//仓库已经被挂载到f0上
[kiosk@foundation0 ~]$ df -h
/dev/loop0 6.7G 6.7G 0 100% /content/rhel8.0/x86_64/dvd
通过firefox浏览器访问content/即可看到仓库
[devops@workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 tasks:
5 - name: Add multiple repositories
6 yum_repository:
7 name: baseOS
8 description: baseOS YUM repo
9 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
10 gpgcheck: yes
11 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
12 enabled: yes
13 - name: Add multiple repositories
14 yum_repository:
15 name: app
16 description: app YUM repo
17 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
18 gpgcheck: yes
19 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
20 enabled: yes
[devops@workstation ansible]$ ansible-playbook yumrepo.yml
验证
[devops@workstation ansible]$ ansible all -a "yum install -y ftp"
[devops@workstation ansible]$ ansible all -a "rpm -q ftp"
[devops@workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 vars:
5 repo_name1: baseOS
6 repo_name2: app
7 tasks:
8 - name: Add multiple repositories
9 yum_repository:
10 name: "{{ repo_name1 }}"
11 description: baseOS YUM repo
12 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
13 gpgcheck: yes
14 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
15 enabled: yes
16 - name: Add multiple repositories
17 yum_repository:
18 name: hh {{ repo_name2 }}
19 description: app YUM repo
20 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
21 gpgcheck: yes
22 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
23 enabled: yes
[devops@workstation ansible]$ ansible-playbook yumrepo.yml
[devops@workstation ansible]$ mkdir test
[devops@workstation ansible]$ cat test/vfs.yml
repo_name1: baseOS
repo_name2: app
[devops@workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 vars_files:
5 - test/vfs.yml
6 tasks:
7 - name: Add multiple repositories
8 yum_repository:
9 name: "{{ repo_name1 }}"
10 description: baseOS YUM repo
11 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
12 gpgcheck: yes
13 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
14 enabled: yes
15 - name: Add multiple repositories
16 yum_repository:
17 name: "{{ repo_name2 }}"
18 description: app YUM repo
19 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
20 gpgcheck: yes
21 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
22 enabled: yes
[devops@workstation ansible]$ ansible-playbook yumrepo.yml
[devops@workstation ansible]$ mkdir group_vars
[devops@workstation ansible]$ ansible-inventory --graph
@all:
|--@qq:
| |--servera
|--@ungrouped:
|--@webservers:
| |--@wx:
| | |--bastion
[devops@workstation ansible]$ vim group_vars/qq.yml
qq必须是存在的主机组
1 repo_name1: baseOS
2 repo_name2: app
[devops@workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 vars_files:
5 - group_vars/qq.yml
6 tasks:
7 - name: Add multiple repositories
8 yum_repository:
9 name: "{{ repo_name1 }}"
10 description: baseOS YUM repo
11 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
12 gpgcheck: yes
13 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
14 enabled: yes
15 - name: Add multiple repositories
16 yum_repository:
17 name: "{{ repo_name2 }}"
18 description: app YUM repo
19 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
20 gpgcheck: yes
21 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
22 enabled: yes
[devops@workstation ansible]$ mkdir host_vars
[devops@workstation ansible]$ ansible-inventory --graph
@all:
|--@qq:
| |--servera
|--@ungrouped:
|--@webservers:
| |--@wx:
| | |--bastion
[devops@workstation ansible]$ vim host_vars/servera.yml
servera必须是存在的主机
1 repo_name1: baseOS
2 repo_name2: app
[devops@workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 vars_files:
5 - host_vars/servera.yml
6 tasks:
7 - name: Add multiple repositories
8 yum_repository:
9 name: "{{ repo_name1 }}"
10 description: baseOS YUM repo
11 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
12 gpgcheck: yes
13 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
14 enabled: yes
15 - name: Add multiple repositories
16 yum_repository:
17 name: "{{ repo_name2 }}"
18 description: app YUM repo
19 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
20 gpgcheck: yes
21 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
22 enabled: yes
[devops@workstation ansible]$ cat test/user.yml
users:
bob:
first_name: bob1
last_name: user1
home_dir: /home/bob
tom:
first_name: tom1
last_name: user2
home_dir: /home/tom
[devops@workstation ansible]$ vim users.yml
1 ---
2 - name: users
3 hosts: qq
4 vars_files:
5 - test/user.yml
6 tasks:
7 - debug:
8 msg: "{{ users.bob.home_dir }}" //散列写法
9 - debug:
10 msg: "{{ users['tom']['first_name'] }}" //字典写法
[devops@workstation ansible]$ ansible-playbook users.yml
PLAY [users] *****************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************
ok: [servera]
TASK [debug] *****************************************************************************************************************
ok: [servera] => {
"msg": "/home/bob"
}
TASK [debug] *****************************************************************************************************************
ok: [servera] => {
"msg": "tom1"
}
PLAY RECAP *******************************************************************************************************************
servera : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[devops@workstation ansible]$ ansible-vault -h
[devops@workstation ansible]$ ansible-vault create 1.txt
New Vault password: 123456
Confirm New Vault password: 123456
redhat
[devops@workstation ansible]$ cat 1.txt
$ANSIBLE_VAULT;1.1;AES256
38353961383739633238653434653035333130323065373865396464383332343834343837666164
3432316436633662316161343938636431396236633237380a386632343632306666646632313933
37366162623832643035353661323062636462613433623635643530613063303165613562623033
3639656661636262380a303838343230616534643539663332356263393236653863633564356666
3562
[devops@workstation ansible]$ ansible-vault view 1.txt
Vault password:
redhat
[devops@workstation ansible]$ ansible-vault edit 1.txt
Vault password:
[devops@workstation ansible]$ ansible-vault view 1.txt
Vault password:
redhat
flectrag
[devops@workstation ansible]$ ansible-vault rekey 1.txt
Vault password: 123456
New Vault password: qaz
Confirm New Vault password: qaz
Rekey successful
[devops@workstation ansible]$ ansible-vault decrypt 1.txt
Vault password:
Decryption successful
[devops@workstation ansible]$ cat 1.txt
redhat
flectrag
[devops@workstation ansible]$ ansible qq -m setup |grep bios
[devops@workstation ansible]$ ansible qq -m setup -a "filter=*bios*"
[devops@workstation ansible]$ vim users.yml
1 ---
2 - name: users
3 hosts: qq
4 vars_files:
5 - test/user.yml
6 tasks:
7 - debug:
8 msg: "{{ users.bob.home_dir }}"
9 - debug:
10 msg: "{{ users['tom']['first_name'] }}"
11 - debug:
12 var: ansible_facts['hostname'] //ansible_facts是固定写法
[devops@workstation ansible]$ ansible qq -m debug -a "var=inventory_hostname"
servera | SUCCESS => {
"inventory_hostname": "servera"
}
[devops@workstation ansible]$ vim users.yml
1 ---
2 - name: users
3 hosts: qq
4 vars_files:
5 - test/user.yml
6 tasks:
7 - debug:
8 msg: "{{ users.bob.home_dir }}"
9 - debug:
10 msg: "{{ users['tom']['first_name'] }}"
11 - debug:
12 var: ansible_facts['hostname']
[devops@workstation ansible]$ ansible-playbook users.yml
PLAY [users] *************************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [servera]
TASK [debug] *************************************************************************
ok: [servera] => {
"msg": "/home/bob"
}
TASK [debug] *************************************************************************
ok: [servera] => {
"msg": "tom1"
}
TASK [debug] *************************************************************************
ok: [servera] => {
"ansible_facts['hostname']": "servera"
}
[devops@workstation ansible]$ vim users.yml
1 ---
2 - name: users
3 hosts: qq
4 gather_facts: no
5 vars_files:
6 - test/user.yml
7 tasks:
8 - debug:
9 msg: "{{ users.bob.home_dir }}"
10 - debug:
11 msg: "{{ users['tom']['first_name'] }}"
12 - debug:
13 var: ansible_facts['hostname']
[devops@workstation ansible]$ ansible-playbook users.yml
PLAY [users] *************************************************************************
TASK [debug] *************************************************************************
ok: [servera] => {
"msg": "/home/bob"
}
TASK [debug] *************************************************************************
ok: [servera] => {
"msg": "tom1"
}
TASK [debug] *************************************************************************
ok: [servera] => {
"ansible_facts['hostname']": "VARIABLE IS NOT DEFINED!"
区别
[greg@control ansible]$ ansible dev -m setup -a "filter=*bios*"
node1 | SUCCESS => {
"ansible_facts": {
"ansible_bios_date": "04/01/2014",
"ansible_bios_version": "1.11.1-3.module+el8+2529+a9686a4d",
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false
}
[greg@control ansible]$ vim vars.yml
1 ---
2 - name: vars
3 hosts: dev
4 tasks:
5 - debug:
6 var: ansible_facts['nodename']
7 - debug:
8 var: ansible_facts['ansible_bios_version']
9 - debug:
10 var: ansible_facts['bios_version']
[greg@control ansible]$ ansible-playbook vars.yml
PLAY [vars] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [debug] *******************************************************************
ok: [node1] => {
"ansible_facts['nodename']": "node1.lab.example.com"
}
TASK [debug] *******************************************************************
ok: [node1] => {
"ansible_facts['ansible_bios_version']": "VARIABLE IS NOT DEFINED!"
}
TASK [debug] *******************************************************************
ok: [node1] => {
"ansible_facts['bios_version']": "1.11.1-3.module+el8+2529+a9686a4d"
}
PLAY RECAP *********************************************************************
node1 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[greg@control ansible]$ vim useradd.yml
1 ---
2 - name: useradd user
3 hosts: dev
4 tasks:
5 - name: Add the user
6 user:
7 name: user1
8 - name: Add the user
9 user:
10 name: user2
11 - name: Add the user
12 user:
13 name: user3
[greg@control ansible]$ ansible-playbook useradd.yml -C
[greg@control ansible]$ vim useradd.yml
1 ---
2 - name: useradd user
3 hosts: dev
4 tasks:
5 - name: Add the user
6 user:
7 name: "{{ item }}"
8 loop:
9 - user1
10 - user2
11 - user3
[greg@control ansible]$ ansible-playbook useradd.yml
验证
[greg@control ansible]$ ansible dev -m shell -a "id user1 ; id user2 ; id user3"
[greg@control ansible]$ vim yum.yml
1 ---
2 - name: install
3 hosts: dev
4 vars:
5 packages:
6 - httpd
7 - php
8 tasks:
9 - name: install the latest version of Apache
10 yum:
11 name: "{{ item }}"
12 loop: "{{ packages }}"
[greg@control ansible]$ ansible-playbook yum.yml -C
[greg@control ansible]$ vim useradd.yml
1 ---
2 - name: useradd user
3 hosts: dev
4 tasks:
5 - name: Add the user
6 user:
7 name: "{{ item }}"
8 loop:
9 - user1
10 - user2
11 - user3
12 - name: Ensure group "somegroup" exists
13 group:
14 name: "{{ item }}"
15 loop:
16 - group1
17 - group2
18 - group3
19 - group4
[greg@control ansible]$ vim useradd.yml
1 ---
2 - name: useradd user
3 hosts: dev
4 tasks:
5 - name: Add the user
6 user:
7 name: "{{ item.name }}"
8 uid: "{{ item.uid }}"
9 groups: "{{ item.groups }}"
10 loop:
11 - name: user10
12 uid: 1100
13 groups: group1
14 - name: user11
15 uid: 1120
16 groups: group2
[greg@control ansible]$ ansible-playbook useradd.yml
PLAY [useradd user] *************************************************************************************
TASK [Gathering Facts] **********************************************************************************
ok: [node1]
TASK [Add the user] *************************************************************************************
changed: [node1] => (item={'name': 'user10', 'uid': 1100, 'groups': 'group1'})
changed: [node1] => (item={'name': 'user11', 'uid': 1120, 'groups': 'group2'})
PLAY RECAP **********************************************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
when: inventory_hostname in groups.dev
[greg@control ansible]$ vim test.yml
1 ---
2 - name: error
3 hosts: dev
4 tasks:
5 - name: Execute the command in remote she>
6 shell:
7 mkdir a/b/c
8 ignore_errors: yes
9 - name: Add the user 'johnd' with a speci>
10 user:
11 name: user15
[greg@control ansible]$ ansible-playbook test.yml -C
PLAY [error] *******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [Execute the command in remote she>] **************************************
skipping: [node1]
TASK [Add the user 'johnd' with a speci>] **************************************
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
[greg@control ansible]$ vim /home/greg/ansible/users.yml
1 ---
2 - name: 创建用户帐户
3 hosts: dev,test
4 vars_files:
5 - /home/greg/ansible/locker.yml
6 - /home/greg/ansible/user_list.yml
7 tasks:
8 - name: Ensure group "somegroup" exists
9 group:
10 name: devops
11 state: present
12 - name: Add the user
13 user:
14 name: "{{ item.name }}"
15 groups: devops
16 password: "{{ pw_developer | password_hash('sha512') }}"
17 append: yes
18 loop: "{{ users }}"
19 when: item.job == 'developer'
20
21 - name: 创建用户帐户
22 hosts: prod
23 vars_files:
24 - /home/greg/ansible/locker.yml
25 - /home/greg/ansible/user_list.yml
26 tasks:
27 - name: Ensure group "somegroup" exists
28 group:
29 name: opsmgr
30 state: present
31 - name: Add the user
32 user:
33 name: "{{ item.name }}"
34 groups: opsmgr
35 password: "{{ pw_manager | password_hash('sha512') }}"
36 append: yes
37 loop: "{{ users }}"
38 when: item.job == 'manager'
[greg@control ansible]$ ansible-playbook /home/greg/ansible/users.yml
验证
[greg@control ansible]$ ansible test,dev -m shell -a "id bob; id sally; id fred"
node2 | CHANGED | rc=0 >>
uid=1003(bob) gid=1003(bob) groups=1003(bob),1001(devops)
uid=1004(fred) gid=1004(fred) groups=1004(fred),1001(devops)
id: ‘sally’: no such user
node1 | CHANGED | rc=0 >>
uid=1121(bob) gid=1121(bob) groups=1121(bob),1001(devops)
uid=1122(fred) gid=1122(fred) groups=1122(fred),1001(devops)
id: ‘sally’: no such user
[greg@control ansible]$ ansible prod -m shell -a "id bob; id sally; id fred"
node3 | FAILED | rc=1 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)
id: ‘bob’: no such user
id: ‘fred’: no such usernon-zero return code
node4 | FAILED | rc=1 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)
id: ‘bob’: no such user
id: ‘fred’: no such usernon-zero return code
[greg@control ansible]$ ansible-inventory --graph
@all:
|--@balancers:
| |--node5
|--@dev:
| |--node1
|--@test:
| |--node2
|--@ungrouped:
|--@webservers:
| |--@prod:
| | |--node3
| | |--node4
[greg@control ansible]$ ssh bob@node1
bob@node1's password: Imadev
[greg@control ansible]$ ssh sally@node3
sally@node3's password: Imamgr
[greg@control ansible]$ vim cp.yml
1 ---
2 - name: copy
3 hosts: dev
4 tasks:
5 - name: Copy file with owner and permissions
6 copy:
7 src: /etc/fstab
8 dest: /var
9 owner: fred
10 group: bob
11 mode: '0744'
[greg@control ansible]$ ansible-playbook cp.yml
验证
[greg@control ansible]$ ansible dev -a "ls -ld /var/fstab"
node1 | CHANGED | rc=0 >>
-rwxr--r--. 1 fred bob 142 Jul 8 11:43 /var/fstab
[greg@control ansible]$ vim cpy1.yml
执行playbook之前文件内容
[greg@control ansible]$ ansible dev -a "cat /tmp/fstab"
node1 | CHANGED | rc=0 >>
UUID=d47ead13-ec24-428e-9175-46aefa764b26 / xfs defaults00
UUID=7B77-95E7 /boot/efi vfat defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2
1 ---
2 - name: copy1
3 hosts: dev
4 tasks:
5 - name: Copy using inline content
6 copy:
7 content: 'qqqqqqqq'
8 dest: /tmp/fstab
[greg@control ansible]$ ansible-playbook cpy1.yml
验证
[greg@control ansible]$ ansible dev -a "cat /tmp/fstab"
node1 | CHANGED | rc=0 >>
qqqqqqqq
[greg@control ansible]$ vim /home/greg/ansible/issue.yml
1 ---
2 - name: 修改文件内容
3 hosts: all
4 tasks:
5 - name: Copy using inline content
6 copy:
7 content: 'Development'
8 dest: /etc/issue
9 when: inventory_hostname in groups.dev
10 - name: 修改文件内容
11 hosts: all
12 tasks:
13 - name: Copy using inline content
14 copy:
15 content: 'Test'
16 dest: /etc/issue
17 when: inventory_hostname in groups.test
18 - name: 修改文件内容
19 hosts: all
20 tasks:
21 - name: Copy using inline content
22 copy:
23 content: 'Production'
24 dest: /etc/issue
25 when: inventory_hostname in groups.prod
[greg@control ansible]$ ansible-playbook /home/greg/ansible/issue.yml
[greg@control ansible]$ ansible all -a "cat /etc/issue"
node4 | CHANGED | rc=0 >>
Production
node5 | CHANGED | rc=0 >>
\S
Kernel \r on an \m
node3 | CHANGED | rc=0 >>
Production
node2 | CHANGED | rc=0 >>
Test
node1 | CHANGED | rc=0 >>
Development
[greg@control ansible]$ vim file.yml
1 ---
2 - name: file
3 hosts: dev
4 tasks:
5 - name: Change file ownership, group and permissions
6 file:
7 path: /etc/foo.conf
8 state: touch
9 owner: bob
10 group: bob
11 mode: '0644'
[greg@control ansible]$ ansible-playbook file.yml
[greg@control ansible]$ ansible dev -a "ls -l /etc/foo.conf"
node1 | CHANGED | rc=0 >>
-rw-r--r--. 1 bob bob 0 Jul 9 04:05 /etc/foo.conf
[greg@control ansible]$ vim file.yml
1 ---
2 - name: file
3 hosts: dev
4 tasks:
5 - name: Change file ownership, group and permissions
6 file:
7 path: /etc/foo.conf1
8 state: touch
9 owner: bob
10 group: bob
11 mode: 644
[greg@control ansible]$ ansible-playbook file.yml
[greg@control ansible]$ ansible dev -a "ls -l /etc/foo.conf1"
node1 | CHANGED | rc=0 >>
--w---xrwt. 1 bob bob 0 Jul 9 04:06 /etc/foo.conf1
[greg@control ansible]$ vim file.yml
1 ---
2 - name: file
3 hosts: dev
4 tasks:
5 - name: Change file ownership, group and permissions
6 file:
7 path: /etc/foo.conf4
8 state: touch
9 owner: bob
10 group: bob
11 mode: 644
12 setype: httpd_sys_content_t
[greg@control ansible]$ ansible-playbook file.yml
[greg@control ansible]$ ansible dev -a "ls -lZ /etc/foo.conf4"
node1 | CHANGED | rc=0 >>
-rw-rw-rw-. 1 bob bob unconfined_u:object_r:httpd_sys_content_t:s0 0 Jul 9 04:13 /etc/foo.conf4
考题:第10题
[greg@control ansible]$ vim /home/greg/ansible/webcontent.yml
1 ---
2 - name: 创建 Web 内容目录
3 hosts: dev
4 tasks:
5 - name: Change file
6 file:
7 path: /webdev
8 state: directory
9 group: webdev
10 mode: '2775'
11 - name: Create a symbolic link
12 file:
13 src: /webdev
14 dest: /var/www/html/webdev
15 state: link
16 - name: Copy using inline content
17 copy:
18 content: 'Development'
19 dest: /webdev/index.html
20 setype: httpd_sys_content_t
21 - name: Start service httpd, if not started
22 service:
23 name: httpd
24 state: started
25 enabled: yes
[greg@control ansible]$ ansible-playbook /home/greg/ansible/webcontent.yml
lineinfile模块
1 ---
2 - name: line
3 hosts: dev
4 tasks:
5 - name: Ensure SELinux is set to enforcing mode
6 lineinfile:
7 path: /etc/selinux/config
8 regexp: '^SELINUX='
9 line: SELINUX=disabled
1 ---
2 - name: line
3 hosts: dev
4 tasks:
5 - name: Ensure SELinux is set to enforcing mode
6 lineinfile:
7 path: /etc/httpd/conf/httpd.conf
8 regexp: '^Listen'
9 line: Listen 82
[greg@control ansible]$ vim line.yml
1 ---
2 - name: line
3 hosts: dev
4 tasks:
5 - name: Ensure the default Apache port is 8080
6 lineinfile:
7 path: /etc/httpd/conf/httpd.conf
8 regexp: '^Listen '
9 insertafter: '^#Listen '
10 line: Listen 8080
源文件
[root@node1 ~]# vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen 80
[greg@control ansible]$ ansible-playbook line.yml
[root@node1 ~]# vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen 8080
删除行
[greg@control ansible]$ vim line.yml
1 ---
2 - name: line
3 hosts: dev
4 tasks:
5 - name: Make sure group wheel is not in the sudoers>
6 lineinfile:
7 path: /etc/test
8 state: absent
9 regexp: 'Listen 8080'
源文件
[root@node1 ~]# vim /etc/test
1 123
2 qwer
3 iqwe
4 ee
5 rr
6 Listen 8080
7 Listen 80
[greg@control ansible]$ ansible-playbook line.yml
[root@node1 ~]# vim /etc/test
1 123
2 qwer
3 iqwe
4 ee
5 rr
6 Listen 80
template:复制模板
[greg@control ansible]$ vim template.yml
[greg@control ansible]$ sudo cp /etc/hosts /etc/hosts.j2
1 ---
2 - name: template
3 hosts: dev
4 tasks:
5 - name: Template a file to /etc/files.conf
6 template:
7 src: /etc/hosts.j2
8 dest: /tmp
9 owner: bin
10 group: wheel
11 mode: '0644'
[greg@control ansible]$ ansible-playbook template.yml
[root@node1 ~]# cat /tmp/hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.254 classroom.example.com classroom
172.25.254.254 content.example.com content
172.25.254.254 materials.example.com materials
10.30.0.10 satellite-dle.ole.redhat.com satellite-dle
### rht-vm-hosts file listing the entries to be appended to /etc/hosts
172.25.250.254 control.lab.example.com control
172.25.250.9 node1.lab.example.com node1
172.25.250.10 node2.lab.example.com node2
172.25.250.11 node3.lab.example.com node3
172.25.250.12 node4.lab.example.com node4
172.25.250.13 node5.lab.example.com node5
[greg@control ansible]$ vim selinux.yml
1 ---
2 - name:
3 hosts: dev
4 tasks:
5 - name: Allow apache to modify files in /srv/git_repos
6 sefcontext:
7 target: '/etc/test(/.*)?'
8 setype: httpd_sys_content_t
9 state: present
10 - name: Apply new SELinux file context to filesystem
11 command: restorecon -irv /etc/test
[greg@control ansible]$ ansible-playbook selinux.yml
[root@node1 ~]# ls -ldZ /etc/test
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0 30 Jul 9 08:39 /etc/test
[root@node1 ~]# ls -ldZ /etc/test
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 30 Jul 9 08:39 /etc/test
考题第9题
[greg@control ansible]$ wget http://materials/hosts.j2
[greg@control ansible]$ vim /home/greg/ansible/hosts.yml
1 ---
2 - name: 生成主机文件
3 hosts: all
4 tasks:
5 - name: Template a file to /etc/files.conf
6 template:
7 src: hosts.j2
8 dest: /etc/myhosts
9 when: inventory_hostname in groups.dev
[greg@control ansible]$ vim hosts.j2
[greg@control ansible]$ ansible dev -m setup -a "filter=*ipv4*"
[greg@control ansible]$ ansible dev -m setup -a "filter=*name*"
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.loca ldomain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomai n6
3
4 {% for host in groups['all'] %}
5 {{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host]. ansible_nodename }} {{ hostvars[host].ansible_hostname }}
6 {% endfor %}
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.loca ldomain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomai n6
3
4 {% for host in groups['all'] %}
5 {{ hostvars[host]['ansible_facts']['default_ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['nodename'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}
6 {% endfor %}
[greg@control ansible]$ ansible-playbook /home/greg/ansible/hosts.yml
[greg@control ansible]$ ansible dev -a "cat /etc/myhosts"
node1 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.250.9 node1.lab.example.com node1
172.25.250.10 node2.lab.example.com node2
172.25.250.13 node5.lab.example.com node5
172.25.250.11 node3.lab.example.com node3
172.25.250.12 node4.lab.example.com node4
管理大项目
[devops@workstation ansible]$ ansible-inventory --graph
[devops@workstation ansible]$ ansible --list-hosts webs,dev //列出webs和dev主机组中主机
[devops@workstation ansible]$ ansible --list-hosts server* //列出以server开头的主机
[devops@workstation ansible]$ ansible --list-hosts test,dev //列出test和dev主机组中主机
[devops@workstation ansible]$ ansible --list-hosts 'test,&dev' //列出dev主机组中主机
[devops@workstation ansible]$ ansible --list-hosts 'test,!dev' //列出test主机组中主机
[devops@workstation ansible]$ ansible --list-hosts '!test,webs' //列出webs主机组中主机
[devops@workstation ansible]$ ansible --list-hosts 'test,!webs' //列出test主机组中主机
动态主机清单
[greg@control ansible]$ wget http://materials/dynamic/binventory.py
此链接去考题中的链接复制
[greg@control ansible]$ ls -ld binventory.py
-rw-rw-r--. 1 greg greg 643 Aug 12 2021 binventory.py
[greg@control ansible]$ chmod +x binventory.py
[greg@control ansible]$ pwd
/home/greg/ansible
[greg@control ansible]$ /home/greg/ansible/binventory.py
/usr/bin/env: ‘python’: No such file or directory
[greg@control ansible]$ python3 /home/greg/ansible/binventory.py --list
{"internetweb": {"hosts": [], "vars": {}}}
cron
[greg@control ansible]$ vim /home/greg/ansible/cron.yml
1 ---
2 - name: 配置 cron 作业(增加)
3 hosts: test
4 tasks:
5 - name: Ensure a job
6 cron:
7 name: "check dirs"
8 minute: "*/2"
9 job: 'logger "EX200 in progress"'
10 user: bob
[greg@control ansible]$ ansible-playbook /home/greg/ansible/cron.yml
验证
[greg@control ansible]$ ansible test -a "crontab -l -u bob"
node2 | CHANGED | rc=0 >>
#Ansible: check dirs
*/2 * * * * logger "EX200 in progress"
配置并行
方法一:修改主配置文件
[greg@control ansible]$ ansible --version
ansible 2.9.15
config file = /home/greg/ansible/ansible.cfg
[greg@control ansible]$ vim ansible.cfg
21 forks = 10
22 #forks = 5
方法二:执行playbook
[greg@control ansible]$ vim forks.yml
1 ---
2 - name: forks
3 hosts: dev
4 tasks:
5 - name: Ensure group "somegroup" exists
6 group:
7 name: qqwx
8 state: present
[greg@control ansible]$ ansible-playbook forks.yml -f 5
[greg@control ansible]$ ansible-playbook forks.yml --forks 5
[greg@control ansible]$ vim user1.yml
1 ---
2 - name: useradd user
3 hosts: prod
4 tasks:
5 - name: Add the user
6 user:
7 name: user10
8 - name: Add the user
9 user:
10 name: user20
[greg@control ansible]$ ansible-playbook user1.yml
PLAY [useradd user] ******************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [node4]
ok: [node3]
TASK [Add the user] ******************************************************************
changed: [node4]
changed: [node3]
TASK [Add the user] ******************************************************************
changed: [node3]
changed: [node4]
PLAY RECAP ***************************************************************************
node3 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[greg@control ansible]$ vim user1.yml
1 ---
2 - name: useradd user
3 hosts: prod
4 serial: 1
5 tasks:
6 - name: Add the user
7 user:
8 name: user11
9 - name: Add the user
10 user:
11 name: user22
[greg@control ansible]$ ansible-playbook user1.yml
PLAY [useradd user] ******************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [node3]
TASK [Add the user] ******************************************************************
ok: [node3]
TASK [Add the user] ******************************************************************
ok: [node3]
PLAY [useradd user] ******************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [node4]
TASK [Add the user] ******************************************************************
ok: [node4]
TASK [Add the user] ******************************************************************
changed: [node4]
PLAY RECAP ***************************************************************************
node3 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[greg@control ansible]$ ansible-doc -l | grep -e import -e include
[greg@control ansible]$ ansible-doc import_playbook
[greg@control ansible]$ vim import.yml
1 - name: Include a play after another play
2 import_playbook: httpd_service.yml
[greg@control ansible]$ vim httpd_service.yml
1 ---
2 - name: httpd_service
3 hosts: dev
4 tasks:
5 - name: install the latest version of Apache
6 yum:
7 name: httpd
8 state: latest
9 - name: Start service httpd, if not started
10 service:
11 name: httpd
12 state: started
[greg@control ansible]$ ansible-playbook httpd_service.yml
[greg@control ansible]$ ansible-doc -l | grep -e import -e include
[greg@control ansible]$ ansible-doc include
[greg@control ansible]$ vim include.yml
1 - name: Include a play after another play
2 include: mariadb_service.yml
[greg@control ansible]$ vim mariadb_service.yml
1 ---
2 - name: service
3 hosts: dev
4 tasks:
5 - name: Start service httpd, if not started
6 service:
7 name: httpd
8 state: started
[greg@control ansible]$ ansible-playbook mariadb_service.yml
[greg@control ansible]$ cd roles/
[greg@control roles]$ ansible-galaxy init apache
- Role apache was created successfully
[greg@control roles]$ cd ..
[greg@control ansible]$ ansible-galaxy list
# /home/greg/ansible/roles
- apache, (unknown version)
[greg@control ansible]$ tree roles/apache/
[greg@control ansible]$ cd roles/
[greg@control roles]$ vim apache/tasks/main.yml
1 ---
2 - name: Start service httpd, if not started
3 service:
4 name: httpd
5 state: started
6 enabled: yes
7 - name: Start service httpd, if not started
8 service:
9 name: firewalld
10 state: started
11 enabled: yes
12 - firewalld:
13 service: http
14 permanent: yes
15 state: enabled
16 immediate: yes
17 - name: Template a file to /etc/files.conf
18 template:
19 src: index.html.j2
20 dest: /var/www/html/index.html
[greg@control roles]$ vim apache/templates/index.html.j2
1 Welcome to {{ ansible_nodename }} on {{ ansible_default_ipv4.address }}
[greg@control roles]$ vim /home/greg/ansible/apache.yml
1 ---
2 - name: 创建和使用角色
3 hosts: webservers
4 roles:
5 - apache
[greg@control ansible]$ ansible-playbook /home/greg/ansible/apache.yml
[greg@control ansible]$ curl node3
Welcome to node3.lab.example.com on 172.25.250.11
[greg@control ansible]$ curl node4
Welcome to node4.lab.example.com on 172.25.250.12
[greg@control ansible]$ vim part.yml
1 ---
2 - name: parter
3 hosts: test
4 tasks:
5 - name: Create a new primary partition with a size of 1GiB
6 parted:
7 device: /dev/vdb
8 number: 1
9 state: present
10 part_end: 100MiB
11 - name: Create a ext2 filesystem on /dev/sdb1
12 filesystem:
13 fstype: ext3
14 dev: /dev/vdb1
15 - name: Mount DVD read-only
16 mount:
17 path: /mnt
18 src: /dev/vdb1
19 fstype: ext3
20 state: present
[greg@control ansible]$ ansible-playbook part.yml
验证
[greg@control ansible]$ ansible test -a "lsblk"
[greg@control ansible]$ ansible test -a "blkid"
[greg@control ansible]$ ansible test -a "grep mnt /etc/fstab"
[greg@control ansible]$ vim /home/greg/ansible/partition.yml
1 ---
2 - name: 创建和使用分区(NEW)
3 hosts: all
4 tasks:
5 - block:
6 - name: Create a new primary partition
7 parted:
8 device: /dev/vdb
9 number: 1
10 state: present
11 part_end: 1500MiB
12 - name: Create a ext2 filesystem on /dev/sdb1
13 filesystem:
14 fstype: ext4
15 dev: /dev/vdb1
16 - name: Mount DVD read-only
17 mount:
18 path: /data
19 src: /dev/vdb1
20 fstype: ext4
21 state: mounted
22 when: inventory_hostname in groups.prod
23 rescue:
24 - debug:
25 msg: Could not create partition of that size
26 - name: Create a new primary partition
27 parted:
28 device: /dev/vdb
29 number: 1
30 state: present
31 part_end: 800MiB
32 when: ansible_devices.vdb is defined
33 - debug:
34 msg: this disk is not exist
35 when: ansible_devices.vdb is not defined
lv
[greg@control ansible]$ vim vg.yml
1 ---
2 - name: vg
3 hosts: test
4 tasks:
5 - name: Create a volume group
6 lvg:
7 vg: vg.services
8 pvs: /dev/vdb2
9 pesize: 32
10 - name: Create a logical volume of 512m
11 lvol:
12 vg: vg.services
13 lv: test
14 size: 10
[greg@control ansible]$ ansible-playbook vg.yml
验证:
查看卷组信息
[greg@control ansible]$ ansible test -a "vgs"
[greg@control ansible]$ ansible test -a "vgdisable"
查看逻辑卷信息
[greg@control ansible]$ ansible test -a "lvs"
[greg@control ansible]$ ansible test -a "lvdisable"
lvm
[greg@control ansible]$ vim /home/greg/ansible/lv.yml
1 ---
2 - name: 创建和使用逻辑卷(OLD)
3 hosts: all
4 tasks:
5 - block:
6 - name: Create a logical volume
7 lvol:
8 vg: research
9 lv: data
10 size: 1500
11 - name: Create a ext4
12 filesystem:
13 fstype: ext4
14 dev: /dev/research/data
15 rescue:
16 - debug:
17 msg: Could not create logical volume of that size
18 - name: Create a logical volume
19 lvol:
20 vg: research
21 lv: data
22 size: 800
23 when: ansible_lvm.vgs.research is defined
24 - debug:
25 msg: Volume group done not exist
26 when: ansible_lvm.vgs.research is not defined
[greg@control ansible]$ ansible-playbook /home/greg/ansible/lv.yml
[greg@control ansible]$ ansible all -a "lvs"
[greg@control ansible]$ ansible all -a "blkid /dev/research/data"
node3 | FAILED | rc=2 >>
non-zero return code
node2 | CHANGED | rc=0 >>
/dev/research/data: UUID="019eb44b-4b8d-4fd6-87fd-8e4fe16af97a" BLOCK_SIZE="4096" TYPE="ext4"
node5 | CHANGED | rc=0 >>
/dev/research/data: UUID="01a56d6e-3f6c-4432-91df-a148b52f9f8f" BLOCK_SIZE="4096" TYPE="ext4"
node4 | CHANGED | rc=0 >>
/dev/research/data: UUID="9f04e0a8-22e7-4dfe-9a51-eff54d6d45d2" BLOCK_SIZE="4096" TYPE="ext4"
node1 | FAILED | rc=2 >>
non-zero return code
9.排除错误
[devops@workstation ~]$ mkdir ansible
[devops@workstation ~]$ cd ansible/
[devops@workstation ansible]$ cp /etc/ansible/ansible.cfg .
[devops@workstation ansible]$ ansible --version
ansible 2.9.21
config file = /home/devops/ansible/ansible.cfg
[devops@workstation ansible]$ vim ansible.cfg
14 inventory = /home/devops/ansible/inventory
15 #inventory = /etc/ansible/hosts
[devops@workstation ansible]$ vim inventory
[devops@workstation ansible]$ ansible-inventory --graph
@all:
|--@dev:
| |--servera
|--@test:
| |--serverb
|--@ungrouped:
[devops@workstation ansible]$ ansible-config dump | grep -i log
DEFAULT_LOG_PATH(default) = None
[devops@workstation ansible]$ vim ansible.cfg
112 log_path = /var/log/ansible.log
113 #log_path = /var/log/ansible.log
[devops@workstation ansible]$ ls -ld /var/log/ansible.log
ls: cannot access '/var/log/ansible.log': No such file or directory
[devops@workstation ansible]$ sudo chown devops:devops /var/log/
[devops@workstation ansible]$ ansible all -m setup -a "filter=*name*"
servera | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "servera",
"ansible_nodename": "servera.lab.example.com",
"ansible_product_name": "KVM",
"discovered_interpreter_python": "/usr/libexec/platform-python"
[devops@workstation ansible]$ cat /var/log/ansible.log
2022-07-13 06:47:29,958 p=2913 u=devops n=ansible | servera | SUCCESS => {
"ansible_facts": {
"ansible_hostname": "servera",
"ansible_nodename": "servera.lab.example.com",
"ansible_product_name": "KVM",
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false
lab
[root@workstation ~]# lab troubleshoot-playbook
[root@workstation ~]# su - student
Last login: Wed Jul 13 06:50:12 EDT 2022 from 172.25.250.250 on pts/0
[student@workstation ~]$ ls
troubleshoot-playbook
报错信息
第一步:没有配置文件
[student@workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match 'all'
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
解决方法
[student@workstation troubleshoot-playbook]$ cp /etc/ansible/ansible.cfg .
[student@workstation troubleshoot-playbook]$ ls
ansible.cfg inventory samba.conf.j2 samba.yml
第二步:
报错信息
[student@workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match 'all'
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
mapping values are not allowed in this context
The error appears to be in '/home/student/troubleshoot-playbook/samba.yml': line 8, column 30, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
install_state: installed
random_var: This is colon: test
^ here
解决办法
8 random_var: This is colon: test
9 random_var: "This is colon: test"
第三步:
报错原因:
[student@workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match 'all'
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
did not find expected key
The error appears to be in '/home/student/troubleshoot-playbook/samba.yml': line 45, column 4, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: deliver samba config
^ here
解决方法
47 #src: samba.j2
48 src: samba.conf.j2
第四步:
报错原因
[student@workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match 'all'
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
did not find expected key
The error appears to be in '/home/student/troubleshoot-playbook/samba.yml': line 45, column 4, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: deliver samba config
^ here
解决方法:
缩进
第五步:
[student@workstation troubleshoot-playbook]$ ansible-playbook samba.yml
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
found unacceptable key (unhashable type: 'AnsibleMapping')
The error appears to be in '/home/student/troubleshoot-playbook/samba.yml': line 15, column 15, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
name: samba
state: {{ install_state }}
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- "{{ foo }}"
解决方法:
15 state: "{{ install_state }}"
16 #state: {{ install_state }}
第六步:
原因
[student@workstation troubleshoot-playbook]$ ansible-playbook samba.yml
PLAY [Install a samba server] ************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************
fatal: [servera.lab.exammple.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname servera.lab.exammple.com: Name or service not known", "unreachable": true}
PLAY RECAP *******************************************************************************************************************
servera.lab.exammple.com : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
解决方法:
[student@workstation troubleshoot-playbook]$ vim inventory
1 [samba_servers]
2 servera.lab.example.com
3 #servera.lab.exammple.com
执行成功
[root@workstation ~]# lab troubleshoot-review start
Starting troubleshoot-review exercise.
· Verifying Ansible installation.............................. SUCCESS
· Creating working directory.................................. SUCCESS
· Deploying ansible.cfg....................................... SUCCESS
· Deploying Ansible inventory................................. SUCCESS
· Downloading additional lab files
· secure-web.yml............................................ SUCCESS
· vhosts.conf............................................... SUCCESS
· html/index.html........................................... SUCCESS
· Removing web server packages on serverb..................... SUCCESS
· Configuring HTTP/HTTPS access to serverb.................... SUCCESS
第一步:
[student@workstation troubleshoot-review]$ ansible-playbook secure-web.yml
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
mapping values are not allowed in this context
The error appears to be in '/home/student/troubleshoot-review/secure-web.yml': line 7, column 30, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
vars:
random_var: This is colon: test
^ here
解决方法
7 #random_var: This is colon: test
8 random_var: "This is colon: test"
第二步:
报错原因
[student@workstation troubleshoot-review]$ ansible-playbook secure-web.yml
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
did not find expected '-' indicator
The error appears to be in '/home/student/troubleshoot-review/secure-web.yml': line 39, column 10, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: start and enable web services
^ here
解决方法
缩进
第二步:
报错原因
[student@workstation troubleshoot-review]$ ansible-playbook secure-web.yml
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
found unacceptable key (unhashable type: 'AnsibleMapping')
The error appears to be in '/home/student/troubleshoot-review/secure-web.yml': line 14, column 20, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
yum:
name: {{ item }}
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- "{{ foo }}"
解决方法
14 name: "{{ item }}"
15 #name: {{ item }}
第四步:
报错原因
解决方法
[root@serverc ~]# su - students
su: user students does not exist
[root@serverc ~]# vim /etc/passwd
[root@serverc ~]# grep studen /etc/passwd
student:x:1000:1000:Student User:/home/student:/bin/bash
5 #remote_user: students
6 remote_user: student
第五步:
报错原因
解决方法
[student@workstation troubleshoot-review]$ ssh student@serverb
Warning: Permanently added 'serverb,172.25.250.11' (ECDSA) to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
[student@serverb ~]$ ssh student@serverc
The authenticity of host 'serverc (172.25.250.12)' can't be established.
ECDSA key fingerprint is SHA256:NJAyJMx8B2AeIYHRnVLAuJ1XZwblomyOKowyfTwGrTY.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
TASK [install web server packages] *******************************************************************************************
failed: [serverb.lab.example.com] (item=httpd) => {"ansible_loop_var": "item", "changed": false, "item": "httpd", "msg": "This command has to be run under the root user.", "results": []}
failed: [serverb.lab.example.com] (item=mod_ssl) => {"ansible_loop_var": "item", "changed": false, "item": "mod_ssl", "msg": "This command has to be run under the root user.", "results": []}
TASK [recover original httpd config] *****************************************************************************************
ok: [serverb.lab.example.com]
TASK [email notification of httpd config status] *****************************************************************************
fatal: [serverb.lab.example.com]: FAILED! => {"msg": "The conditional check 'httpd_conf_syntax.stdout != 'Syntax OK'' failed. The error was: error while evaluating conditional (httpd_conf_syntax.stdout != 'Syntax OK'): 'httpd_conf_syntax' is undefined\n\nThe error appears to be in '/home/student/troubleshoot-review/secure-web.yml': line 75, column 11, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: email notification of httpd config status\n ^ here\n"}
PLAY RECAP *******************************************************************************************************************
serverb.lab.example.com : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=1 ignored=0
解决方法:
[student@workstation troubleshoot-review]$ vim inventory
1 [webservers]
2 serverb.lab.example.com ansible_host=serverc.lab.example.com ansible_become_user=root ansible_become_password=student ansi ble_become=yes