Linux-Ansible管理变量和事实 ansible定义变量的方式
作者:快盘下载 人气:
个人主页;;wei_shuo的个人主页
; Hello World ;;
管理变量和事实
1.删除仓库;自己写仓库
前提准备
[devops;workstation ansible]$ ansible all -m shell -a ;rm -rf /etc/yum.repos.d/*;
[devops;workstation ansible]$ ansible all -a ;ls /etc/yum.repos.d/;
//仓库已经被挂载到f0上
[kiosk;foundation0 ~]$ df -h
/dev/loop0 6.7G 6.7G 0 100% /content/rhel8.0/x86_64/dvd
通过firefox浏览器访问content/即可看到仓库
写仓库的playbook
[devops;workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 tasks:
5 - name: Add multiple repositories
6 yum_repository:
7 name: baseOS
8 description: baseOS YUM repo
9 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
10 gpgcheck: yes
11 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
12 enabled: yes
13 - name: Add multiple repositories
14 yum_repository:
15 name: app
16 description: app YUM repo
17 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
18 gpgcheck: yes
19 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
20 enabled: yes
[devops;workstation ansible]$ ansible-playbook yumrepo.yml
验证
[devops;workstation ansible]$ ansible all -a ;yum install -y FTP;
[devops;workstation ansible]$ ansible all -a ;rpm -q ftp;
vars
[devops;workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 vars:
5 repo_name1: baseOS
6 repo_name2: app
7 tasks:
8 - name: Add multiple repositories
9 yum_repository:
10 name: ;{{ repo_name1 }};
11 description: baseOS YUM repo
12 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
13 gpgcheck: yes
14 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
15 enabled: yes
16 - name: Add multiple repositories
17 yum_repository:
18 name: hh {{ repo_name2 }}
19 description: app YUM repo
20 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
21 gpgcheck: yes
22 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
23 enabled: yes
[devops;workstation ansible]$ ansible-playbook yumrepo.yml
vars_files
[devops;workstation ansible]$ mkdir test
[devops;workstation ansible]$ cat test/vfs.yml
repo_name1: baseOS
repo_name2: app
[devops;workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 vars_files:
5 - test/vfs.yml
6 tasks:
7 - name: Add multiple repositories
8 yum_repository:
9 name: ;{{ repo_name1 }};
10 description: baseOS YUM repo
11 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
12 gpgcheck: yes
13 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
14 enabled: yes
15 - name: Add multiple repositories
16 yum_repository:
17 name: ;{{ repo_name2 }};
18 description: app YUM repo
19 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
20 gpgcheck: yes
21 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
22 enabled: yes
[devops;workstation ansible]$ ansible-playbook yumrepo.yml
group_vars
[devops;workstation ansible]$ mkdir group_vars
[devops;workstation ansible]$ ansible-inventory --graph
;all:
|--;QQ:
| |--servera
|--;ungrouped:
|--;webservers:
| |--;wx:
| | |--bastion
[devops;workstation ansible]$ vim group_vars/qq.yml
qq必须是存在的主机组
1 repo_name1: baseOS
2 repo_name2: app
[devops;workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 vars_files:
5 - group_vars/qq.yml
6 tasks:
7 - name: Add multiple repositories
8 yum_repository:
9 name: ;{{ repo_name1 }};
10 description: baseOS YUM repo
11 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
12 gpgcheck: yes
13 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
14 enabled: yes
15 - name: Add multiple repositories
16 yum_repository:
17 name: ;{{ repo_name2 }};
18 description: app YUM repo
19 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
20 gpgcheck: yes
21 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
22 enabled: yes
host_vars
[devops;workstation ansible]$ mkdir host_vars
[devops;workstation ansible]$ ansible-inventory --graph
;all:
|--;qq:
| |--servera
|--;ungrouped:
|--;webservers:
| |--;wx:
| | |--bastion
[devops;workstation ansible]$ vim host_vars/servera.yml
servera必须是存在的主机
1 repo_name1: baseOS
2 repo_name2: app
[devops;workstation ansible]$ vim yumrepo.yml
1 ---
2 - name: yumrepo
3 hosts: all
4 vars_files:
5 - host_vars/servera.yml
6 tasks:
7 - name: Add multiple repositories
8 yum_repository:
9 name: ;{{ repo_name1 }};
10 description: baseOS YUM repo
11 baseurl: http://content/rhel8.0/x86_64/dvd/BaseOS/
12 gpgcheck: yes
13 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
14 enabled: yes
15 - name: Add multiple repositories
16 yum_repository:
17 name: ;{{ repo_name2 }};
18 description: app YUM repo
19 baseurl: http://content/rhel8.0/x86_64/dvd/AppStream/
20 gpgcheck: yes
21 gpgkey: http://content/rhel8.0/x86_64/dvd/RPM-GPG-KEY-redhat-release
22 enabled: yes
数组
[devops;workstation ansible]$ cat test/user.yml
users:
bob:
first_name: bob1
last_name: user1
home_dir: /home/bob
tom:
first_name: tom1
last_name: user2
home_dir: /home/tom
[devops;workstation ansible]$ vim users.yml
1 ---
2 - name: users
3 hosts: qq
4 vars_files:
5 - test/user.yml
6 tasks:
7 - debug:
8 msg: ;{{ users.bob.home_dir }}; //散列写法
9 - debug:
10 msg: ;{{ users[;tom;][;first_name;] }}; //字典写法
[devops;workstation ansible]$ ansible-playbook users.yml
PLAY [users] *****************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************
ok: [servera]
TASK [debug] *****************************************************************************************************************
ok: [servera] => {
;msg;: ;/home/bob;
}
TASK [debug] *****************************************************************************************************************
ok: [servera] => {
;msg;: ;tom1;
}
PLAY RECAP *******************************************************************************************************************
servera : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
vault
[devops;workstation ansible]$ ansible-vault -h
create;创建加密文件
[devops;workstation ansible]$ ansible-vault create 1.txt
New Vault password: 123456
Confirm New Vault password: 123456
redhat
view;查看加密文件内容
[devops;workstation ansible]$ cat 1.txt
$ANSIBLE_VAULT;1.1;AES256
38353961383739633238653434653035333130323065373865396464383332343834343837666164
3432316436633662316161343938636431396236633237380a386632343632306666646632313933
37366162623832643035353661323062636462613433623635643530613063303165613562623033
3639656661636262380a303838343230616534643539663332356263393236653863633564356666
3562
[devops;workstation ansible]$ ansible-vault view 1.txt
Vault password:
redhat
edit;编辑加密文件内容
[devops;workstation ansible]$ ansible-vault edit 1.txt
Vault password:
[devops;workstation ansible]$ ansible-vault view 1.txt
Vault password:
redhat
flectrag
rekey;重置密码
[devops;workstation ansible]$ ansible-vault rekey 1.txt
Vault password: 123456
New Vault password: qaz
Confirm New Vault password: qaz
Rekey successful
decrypt;解密文件
[devops;workstation ansible]$ ansible-vault decrypt 1.txt
Vault password:
Decryption successful
[devops;workstation ansible]$ cat 1.txt
redhat
flectrag
facts事实变量;系统存在的事实;可以用setup提取出来的变量
临时命令;setup模块
[devops;workstation ansible]$ ansible qq -m setup |grep bios
[devops;workstation ansible]$ ansible qq -m setup -a ;filter=*bios*;
playbook;debug模块
[devops;workstation ansible]$ vim users.yml
1 ---
2 - name: users
3 hosts: qq
4 vars_files:
5 - test/user.yml
6 tasks:
7 - debug:
8 msg: ;{{ users.bob.home_dir }};
9 - debug:
10 msg: ;{{ users[;tom;][;first_name;] }};
11 - debug:
12 var: ansible_facts[;hostname;] //ansible_facts是固定写法
magic魔法变量;系统存在但用setup取不出来的变量
用debug模块提取
[devops;workstation ansible]$ ansible qq -m debug -a ;var=inventory_hostname;
servera | SUCCESS => {
;inventory_hostname;: ;servera;
}
关闭事实变量
关闭之前
[devops;workstation ansible]$ vim users.yml
1 ---
2 - name: users
3 hosts: qq
4 vars_files:
5 - test/user.yml
6 tasks:
7 - debug:
8 msg: ;{{ users.bob.home_dir }};
9 - debug:
10 msg: ;{{ users[;tom;][;first_name;] }};
11 - debug:
12 var: ansible_facts[;hostname;]
[devops;workstation ansible]$ ansible-playbook users.yml
PLAY [users] *************************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [servera]
TASK [debug] *************************************************************************
ok: [servera] => {
;msg;: ;/home/bob;
}
TASK [debug] *************************************************************************
ok: [servera] => {
;msg;: ;tom1;
}
TASK [debug] *************************************************************************
ok: [servera] => {
;ansible_facts[;hostname;];: ;servera;
}
关闭之后
[devops;workstation ansible]$ vim users.yml
1 ---
2 - name: users
3 hosts: qq
4 gather_facts: no
5 vars_files:
6 - test/user.yml
7 tasks:
8 - debug:
9 msg: ;{{ users.bob.home_dir }};
10 - debug:
11 msg: ;{{ users[;tom;][;first_name;] }};
12 - debug:
13 var: ansible_facts[;hostname;]
[devops;workstation ansible]$ ansible-playbook users.yml
PLAY [users] *************************************************************************
TASK [debug] *************************************************************************
ok: [servera] => {
;msg;: ;/home/bob;
}
TASK [debug] *************************************************************************
ok: [servera] => {
;msg;: ;tom1;
}
TASK [debug] *************************************************************************
ok: [servera] => {
;ansible_facts[;hostname;];: ;VARIABLE IS NOT DEFINED!;
区别
[greg;control ansible]$ ansible dev -m setup -a ;filter=*bios*;
node1 | SUCCESS => {
;ansible_facts;: {
;ansible_bios_date;: ;04/01/2014;,
;ansible_bios_version;: ;1.11.1-3.module;el8;2529;a9686a4d;,
;discovered_interpreter_python;: ;/usr/libexec/platform-python;
},
;changed;: false
}
[greg;control ansible]$ vim vars.yml
1 ---
2 - name: vars
3 hosts: dev
4 tasks:
5 - debug:
6 var: ansible_facts[;nodename;]
7 - debug:
8 var: ansible_facts[;ansible_bios_version;]
9 - debug:
10 var: ansible_facts[;bios_version;]
[greg;control ansible]$ ansible-playbook vars.yml
PLAY [vars] ********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [debug] *******************************************************************
ok: [node1] => {
;ansible_facts[;nodename;];: ;node1.lab.example.com;
}
TASK [debug] *******************************************************************
ok: [node1] => {
;ansible_facts[;ansible_bios_version;];: ;VARIABLE IS NOT DEFINED!;
}
TASK [debug] *******************************************************************
ok: [node1] => {
;ansible_facts[;bios_version;];: ;1.11.1-3.module;el8;2529;a9686a4d;
}
PLAY RECAP *********************************************************************
node1 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
loop
不做循环
[greg;control ansible]$ vim useradd.yml
1 ---
2 - name: useradd user
3 hosts: dev
4 tasks:
5 - name: Add the user
6 user:
7 name: user1
8 - name: Add the user
9 user:
10 name: user2
11 - name: Add the user
12 user:
13 name: user3
[greg;control ansible]$ ansible-playbook useradd.yml -C
用loop循环
[greg;control ansible]$ vim useradd.yml
1 ---
2 - name: useradd user
3 hosts: dev
4 tasks:
5 - name: Add the user
6 user:
7 name: ;{{ item }};
8 loop:
9 - user1
10 - user2
11 - user3
[greg;control ansible]$ ansible-playbook useradd.yml
验证
[greg;control ansible]$ ansible dev -m shell -a ;id user1 ; id user2 ; id user3;
[greg;control ansible]$ vim yum.yml
1 ---
2 - name: install
3 hosts: dev
4 vars:
5 packages:
6 - httpd
7 - php
8 tasks:
9 - name: install the latest version of Apache
10 yum:
11 name: ;{{ item }};
12 loop: ;{{ packages }};
[greg;control ansible]$ ansible-playbook yum.yml -C
item.name/item.groups/item.uid
[greg;control ansible]$ vim useradd.yml
1 ---
2 - name: useradd user
3 hosts: dev
4 tasks:
5 - name: Add the user
6 user:
7 name: ;{{ item }};
8 loop:
9 - user1
10 - user2
11 - user3
12 - name: Ensure group ;somegroup; exists
13 group:
14 name: ;{{ item }};
15 loop:
16 - group1
17 - group2
18 - group3
19 - group4
[greg;control ansible]$ vim useradd.yml
1 ---
2 - name: useradd user
3 hosts: dev
4 tasks:
5 - name: Add the user
6 user:
7 name: ;{{ item.name }};
8 uid: ;{{ item.uid }};
9 groups: ;{{ item.groups }};
10 loop:
11 - name: user10
12 uid: 1100
13 groups: group1
14 - name: user11
15 uid: 1120
16 groups: group2
[greg;control ansible]$ ansible-playbook useradd.yml
PLAY [useradd user] *************************************************************************************
TASK [Gathering Facts] **********************************************************************************
ok: [node1]
TASK [Add the user] *************************************************************************************
changed: [node1] => (item={;name;: ;user10;, ;uid;: 1100, ;groups;: ;group1;})
changed: [node1] => (item={;name;: ;user11;, ;uid;: 1120, ;groups;: ;group2;})
PLAY RECAP **********************************************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
when:条件限定
when: inventory_hostname in groups.dev
ignore_errors
[greg;control ansible]$ vim test.yml
1 ---
2 - name: error
3 hosts: dev
4 tasks:
5 - name: Execute the command in remote she>
6 shell:
7 mkdir a/b/c
8 ignore_errors: yes
9 - name: Add the user ;johnd; with a speci>
10 user:
11 name: user15
[greg;control ansible]$ ansible-playbook test.yml -C
PLAY [error] *******************************************************************
TASK [Gathering Facts] *********************************************************
ok: [node1]
TASK [Execute the command in remote she>] **************************************
skipping: [node1]
TASK [Add the user ;johnd; with a speci>] **************************************
changed: [node1]
PLAY RECAP *********************************************************************
node1 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
考题;第14题
[greg;control ansible]$ vim /home/greg/ansible/users.yml
1 ---
2 - name: 创建用户帐户
3 hosts: dev,test
4 vars_files:
5 - /home/greg/ansible/locker.yml
6 - /home/greg/ansible/user_list.yml
7 tasks:
8 - name: Ensure group ;somegroup; exists
9 group:
10 name: devops
11 state: present
12 - name: Add the user
13 user:
14 name: ;{{ item.name }};
15 groups: devops
16 password: ;{{ pw_developer | password_hash(;sha512;) }};
17 append: yes
18 loop: ;{{ users }};
19 when: item.job == ;developer;
20
21 - name: 创建用户帐户
22 hosts: prod
23 vars_files:
24 - /home/greg/ansible/locker.yml
25 - /home/greg/ansible/user_list.yml
26 tasks:
27 - name: Ensure group ;somegroup; exists
28 group:
29 name: opsmgr
30 state: present
31 - name: Add the user
32 user:
33 name: ;{{ item.name }};
34 groups: opsmgr
35 password: ;{{ pw_manager | password_hash(;sha512;) }};
36 append: yes
37 loop: ;{{ users }};
38 when: item.job == ;manager;
[greg;control ansible]$ ansible-playbook /home/greg/ansible/users.yml
验证
[greg;control ansible]$ ansible test,dev -m shell -a ;id bob; id sally; id fred;
node2 | CHANGED | rc=0 >>
uid=1003(bob) gid=1003(bob) groups=1003(bob),1001(devops)
uid=1004(fred) gid=1004(fred) groups=1004(fred),1001(devops)
id: ‘sally’: no such user
node1 | CHANGED | rc=0 >>
uid=1121(bob) gid=1121(bob) groups=1121(bob),1001(devops)
uid=1122(fred) gid=1122(fred) groups=1122(fred),1001(devops)
id: ‘sally’: no such user
[greg;control ansible]$ ansible prod -m shell -a ;id bob; id sally; id fred;
node3 | FAILED | rc=1 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)
id: ‘bob’: no such user
id: ‘fred’: no such usernon-zero return code
node4 | FAILED | rc=1 >>
uid=1003(sally) gid=1004(sally) groups=1004(sally),1003(opsmgr)
id: ‘bob’: no such user
id: ‘fred’: no such usernon-zero return code
[greg;control ansible]$ ansible-inventory --graph
;all:
|--;balancers:
| |--node5
|--;dev:
| |--node1
|--;test:
| |--node2
|--;ungrouped:
|--;webservers:
| |--;prod:
| | |--node3
| | |--node4
[greg;control ansible]$ ssh bob;node1
bob;node1;s password: Imadev
[greg;control ansible]$ ssh sally;node3
sally;node3;s password: Imamgr
copy模块
[greg;control ansible]$ vim cp.yml
1 ---
2 - name: copy
3 hosts: dev
4 tasks:
5 - name: Copy file with owner and permissions
6 copy:
7 src: /etc/fstab
8 dest: /var
9 owner: fred
10 group: bob
11 mode: ;0744;
[greg;control ansible]$ ansible-playbook cp.yml
验证
[greg;control ansible]$ ansible dev -a ;ls -ld /var/fstab;
node1 | CHANGED | rc=0 >>
-rwxr--r--. 1 fred bob 142 Jul 8 11:43 /var/fstab
content分支
[greg;control ansible]$ vim cpy1.yml
执行playbook之前文件内容
[greg;control ansible]$ ansible dev -a ;cat /tmp/fstab;
node1 | CHANGED | rc=0 >>
UUID=d47ead13-ec24-428e-9175-46aefa764b26 / xfs defaults00
UUID=7B77-95E7 /boot/efi vfat defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2
1 ---
2 - name: copy1
3 hosts: dev
4 tasks:
5 - name: Copy using inline content
6 copy:
7 content: ;qqqqqqqq;
8 dest: /tmp/fstab
[greg;control ansible]$ ansible-playbook cpy1.yml
验证
[greg;control ansible]$ ansible dev -a ;cat /tmp/fstab;
node1 | CHANGED | rc=0 >>
qqqqqqqq
考题;第10题
[greg;control ansible]$ vim /home/greg/ansible/issue.yml
1 ---
2 - name: 修改文件内容
3 hosts: all
4 tasks:
5 - name: Copy using inline content
6 copy:
7 content: ;Development;
8 dest: /etc/issue
9 when: inventory_hostname in groups.dev
10 - name: 修改文件内容
11 hosts: all
12 tasks:
13 - name: Copy using inline content
14 copy:
15 content: ;Test;
16 dest: /etc/issue
17 when: inventory_hostname in groups.test
18 - name: 修改文件内容
19 hosts: all
20 tasks:
21 - name: Copy using inline content
22 copy:
23 content: ;Production;
24 dest: /etc/issue
25 when: inventory_hostname in groups.prod
[greg;control ansible]$ ansible-playbook /home/greg/ansible/issue.yml
[greg;control ansible]$ ansible all -a ;cat /etc/issue;
node4 | CHANGED | rc=0 >>
Production
node5 | CHANGED | rc=0 >>
S
Kernel
on an m
node3 | CHANGED | rc=0 >>
Production
node2 | CHANGED | rc=0 >>
Test
node1 | CHANGED | rc=0 >>
Development
file
所属;权限
[greg;control ansible]$ vim file.yml
1 ---
2 - name: file
3 hosts: dev
4 tasks:
5 - name: Change file ownership, group and permissions
6 file:
7 path: /etc/foo.conf
8 state: touch
9 owner: bob
10 group: bob
11 mode: ;0644;
[greg;control ansible]$ ansible-playbook file.yml
[greg;control ansible]$ ansible dev -a ;ls -l /etc/foo.conf;
node1 | CHANGED | rc=0 >>
-rw-r--r--. 1 bob bob 0 Jul 9 04:05 /etc/foo.conf
[greg;control ansible]$ vim file.yml
1 ---
2 - name: file
3 hosts: dev
4 tasks:
5 - name: Change file ownership, group and permissions
6 file:
7 path: /etc/foo.conf1
8 state: touch
9 owner: bob
10 group: bob
11 mode: 644
[greg;control ansible]$ ansible-playbook file.yml
[greg;control ansible]$ ansible dev -a ;ls -l /etc/foo.conf1;
node1 | CHANGED | rc=0 >>
--w---xrwt. 1 bob bob 0 Jul 9 04:06 /etc/foo.conf1
selinux上下文
[greg;control ansible]$ vim file.yml
1 ---
2 - name: file
3 hosts: dev
4 tasks:
5 - name: Change file ownership, group and permissions
6 file:
7 path: /etc/foo.conf4
8 state: touch
9 owner: bob
10 group: bob
11 mode: 644
12 setype: httpd_sys_content_t
[greg;control ansible]$ ansible-playbook file.yml
[greg;control ansible]$ ansible dev -a ;ls -lZ /etc/foo.conf4;
node1 | CHANGED | rc=0 >>
-rw-rw-rw-. 1 bob bob unconfined_u:object_r:httpd_sys_content_t:s0 0 Jul 9 04:13 /etc/foo.conf4
考题;第10题
[greg;control ansible]$ vim /home/greg/ansible/webcontent.yml
1 ---
2 - name: 创建 Web 内容目录
3 hosts: dev
4 tasks:
5 - name: Change file
6 file:
7 path: /webdev
8 state: directory
9 group: webdev
10 mode: ;2775;
11 - name: Create a symbolic link
12 file:
13 src: /webdev
14 dest: /var/www/html/webdev
15 state: link
16 - name: Copy using inline content
17 copy:
18 content: ;Development;
19 dest: /webdev/index.html
20 setype: httpd_sys_content_t
21 - name: Start service httpd, if not started
22 service:
23 name: httpd
24 state: started
25 enabled: yes
[greg;control ansible]$ ansible-playbook /home/greg/ansible/webcontent.yml
lineinfile模块
1 ---
2 - name: line
3 hosts: dev
4 tasks:
5 - name: Ensure SELinux is set to enforcing mode
6 lineinfile:
7 path: /etc/selinux/config
8 regexp: ;^SELINUX=;
9 line: SELINUX=disabled
1 ---
2 - name: line
3 hosts: dev
4 tasks:
5 - name: Ensure SELinux is set to enforcing mode
6 lineinfile:
7 path: /etc/httpd/conf/httpd.conf
8 regexp: ;^Listen;
9 line: Listen 82
[greg;control ansible]$ vim line.yml
1 ---
2 - name: line
3 hosts: dev
4 tasks:
5 - name: Ensure the default Apache port is 8080
6 lineinfile:
7 path: /etc/httpd/conf/httpd.conf
8 regexp: ;^Listen ;
9 insertafter: ;^#Listen ;
10 line: Listen 8080
源文件
[root;node1 ~]# vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen 80
[greg;control ansible]$ ansible-playbook line.yml
[root;node1 ~]# vim /etc/httpd/conf/httpd.conf
#Listen 12.34.56.78:80
Listen 8080
删除行
[greg;control ansible]$ vim line.yml
1 ---
2 - name: line
3 hosts: dev
4 tasks:
5 - name: Make sure group wheel is not in the sudoers>
6 lineinfile:
7 path: /etc/test
8 state: absent
9 regexp: ;Listen 8080;
源文件
[root;node1 ~]# vim /etc/test
1 123
2 qwer
3 iqwe
4 ee
5 rr
6 Listen 8080
7 Listen 80
[greg;control ansible]$ ansible-playbook line.yml
[root;node1 ~]# vim /etc/test
1 123
2 qwer
3 iqwe
4 ee
5 rr
6 Listen 80
template;复制模板
[greg;control ansible]$ vim template.yml
[greg;control ansible]$ sudo cp /etc/hosts /etc/hosts.j2
1 ---
2 - name: template
3 hosts: dev
4 tasks:
5 - name: Template a file to /etc/files.conf
6 template:
7 src: /etc/hosts.j2
8 dest: /tmp
9 owner: bin
10 group: wheel
11 mode: ;0644;
[greg;control ansible]$ ansible-playbook template.yml
[root;node1 ~]# cat /tmp/hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.254 classroom.example.com classroom
172.25.254.254 content.example.com content
172.25.254.254 materials.example.com materials
10.30.0.10 satellite-dle.ole.redhat.com satellite-dle
### rht-vm-hosts file listing the entries to be appended to /etc/hosts
172.25.250.254 control.lab.example.com control
172.25.250.9 node1.lab.example.com node1
172.25.250.10 node2.lab.example.com node2
172.25.250.11 node3.lab.example.com node3
172.25.250.12 node4.lab.example.com node4
172.25.250.13 node5.lab.example.com node5
sefcontext
[greg;control ansible]$ vim selinux.yml
1 ---
2 - name:
3 hosts: dev
4 tasks:
5 - name: Allow apache to modify files in /srv/git_repos
6 sefcontext:
7 target: ;/etc/test(/.*)?;
8 setype: httpd_sys_content_t
9 state: present
10 - name: Apply new SELinux file context to filesystem
11 command: restorecon -irv /etc/test
[greg;control ansible]$ ansible-playbook selinux.yml
执行playbook之前及之后结果对比
[root;node1 ~]# ls -ldZ /etc/test
-rw-r--r--. 1 root root unconfined_u:object_r:etc_t:s0 30 Jul 9 08:39 /etc/test
[root;node1 ~]# ls -ldZ /etc/test
-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 30 Jul 9 08:39 /etc/test
jinja2模板文件
考题第9题
[greg;control ansible]$ wget http://materials/hosts.j2
[greg;control ansible]$ vim /home/greg/ansible/hosts.yml
1 ---
2 - name: 生成主机文件
3 hosts: all
4 tasks:
5 - name: Template a file to /etc/files.conf
6 template:
7 src: hosts.j2
8 dest: /etc/myhosts
9 when: inventory_hostname in groups.dev
[greg;control ansible]$ vim hosts.j2
取变量
[greg;control ansible]$ ansible dev -m setup -a ;filter=*ipv4*;
[greg;control ansible]$ ansible dev -m setup -a ;filter=*name*;
写法一;散列形式
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.loca ldomain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomai n6
3
4 {% for host in groups[;all;] %}
5 {{ hostvars[host].ansible_default_ipv4.address }} {{ hostvars[host]. ansible_nodename }} {{ hostvars[host].ansible_hostname }}
6 {% endfor %}
写法二;字典形式
1 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.loca ldomain4
2 ::1 localhost localhost.localdomain localhost6 localhost6.localdomai n6
3
4 {% for host in groups[;all;] %}
5 {{ hostvars[host][;ansible_facts;][;default_ipv4;][;address;] }} {{ hostvars[host][;ansible_facts;][;nodename;] }} {{ hostvars[host][;ansible_facts;][;hostname;] }}
6 {% endfor %}
[greg;control ansible]$ ansible-playbook /home/greg/ansible/hosts.yml
[greg;control ansible]$ ansible dev -a ;cat /etc/myhosts;
node1 | CHANGED | rc=0 >>
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.250.9 node1.lab.example.com node1
172.25.250.10 node2.lab.example.com node2
172.25.250.13 node5.lab.example.com node5
172.25.250.11 node3.lab.example.com node3
172.25.250.12 node4.lab.example.com node4
管理大项目
[devops;workstation ansible]$ ansible-inventory --graph
[devops;workstation ansible]$ ansible --list-hosts webs,dev //列出webs和dev主机组中主机
[devops;workstation ansible]$ ansible --list-hosts server* //列出以server开头的主机
[devops;workstation ansible]$ ansible --list-hosts test,dev //列出test和dev主机组中主机
[devops;workstation ansible]$ ansible --list-hosts ;test,&dev; //列出dev主机组中主机
[devops;workstation ansible]$ ansible --list-hosts ;test,!dev; //列出test主机组中主机
[devops;workstation ansible]$ ansible --list-hosts ;!test,webs; //列出webs主机组中主机
[devops;workstation ansible]$ ansible --list-hosts ;test,!webs; //列出test主机组中主机
动态主机清单
[greg;control ansible]$ wget http://materials/dynamic/binventory.py
此链接去考题中的链接复制
[greg;control ansible]$ ls -ld binventory.py
-rw-rw-r--. 1 greg greg 643 Aug 12 2021 binventory.py
[greg;control ansible]$ chmod ;x binventory.py
[greg;control ansible]$ pwd
/home/greg/ansible
[greg;control ansible]$ /home/greg/ansible/binventory.py
/usr/bin/env: ‘python’: No such file or directory
[greg;control ansible]$ python3 /home/greg/ansible/binventory.py --list
{;internetweb;: {;hosts;: [], ;vars;: {}}}
cron
[greg;control ansible]$ vim /home/greg/ansible/cron.yml
1 ---
2 - name: 配置 cron 作业;增加;
3 hosts: test
4 tasks:
5 - name: Ensure a job
6 cron:
7 name: ;check dirs;
8 minute: ;*/2;
9 job: ;logger ;EX200 in progress;;
10 user: bob
[greg;control ansible]$ ansible-playbook /home/greg/ansible/cron.yml
验证
[greg;control ansible]$ ansible test -a ;crontab -l -u bob;
node2 | CHANGED | rc=0 >>
#Ansible: check dirs
*/2 * * * * logger ;EX200 in progress;
配置并行
方法一;修改主配置文件
[greg;control ansible]$ ansible --version
ansible 2.9.15
config file = /home/greg/ansible/ansible.cfg
[greg;control ansible]$ vim ansible.cfg
21 forks = 10
22 #forks = 5
方法二;执行playbook
[greg;control ansible]$ vim forks.yml
1 ---
2 - name: forks
3 hosts: dev
4 tasks:
5 - name: Ensure group ;somegroup; exists
6 group:
7 name: qqwx
8 state: present
[greg;control ansible]$ ansible-playbook forks.yml -f 5
[greg;control ansible]$ ansible-playbook forks.yml --forks 5
serial;滚动更新
[greg;control ansible]$ vim user1.yml
1 ---
2 - name: useradd user
3 hosts: prod
4 tasks:
5 - name: Add the user
6 user:
7 name: user10
8 - name: Add the user
9 user:
10 name: user20
[greg;control ansible]$ ansible-playbook user1.yml
PLAY [useradd user] ******************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [node4]
ok: [node3]
TASK [Add the user] ******************************************************************
changed: [node4]
changed: [node3]
TASK [Add the user] ******************************************************************
changed: [node3]
changed: [node4]
PLAY RECAP ***************************************************************************
node3 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serial:
[greg;control ansible]$ vim user1.yml
1 ---
2 - name: useradd user
3 hosts: prod
4 serial: 1
5 tasks:
6 - name: Add the user
7 user:
8 name: user11
9 - name: Add the user
10 user:
11 name: user22
[greg;control ansible]$ ansible-playbook user1.yml
PLAY [useradd user] ******************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [node3]
TASK [Add the user] ******************************************************************
ok: [node3]
TASK [Add the user] ******************************************************************
ok: [node3]
PLAY [useradd user] ******************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [node4]
TASK [Add the user] ******************************************************************
ok: [node4]
TASK [Add the user] ******************************************************************
changed: [node4]
PLAY RECAP ***************************************************************************
node3 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
import
[greg;control ansible]$ ansible-doc -l | grep -e import -e include
[greg;control ansible]$ ansible-doc import_playbook
[greg;control ansible]$ vim import.yml
1 - name: Include a play after another play
2 import_playbook: httpd_service.yml
[greg;control ansible]$ vim httpd_service.yml
1 ---
2 - name: httpd_service
3 hosts: dev
4 tasks:
5 - name: install the latest version of Apache
6 yum:
7 name: httpd
8 state: latest
9 - name: Start service httpd, if not started
10 service:
11 name: httpd
12 state: started
[greg;control ansible]$ ansible-playbook httpd_service.yml
include
[greg;control ansible]$ ansible-doc -l | grep -e import -e include
[greg;control ansible]$ ansible-doc include
[greg;control ansible]$ vim include.yml
1 - name: Include a play after another play
2 include: mariadb_service.yml
[greg;control ansible]$ vim mariadb_service.yml
1 ---
2 - name: service
3 hosts: dev
4 tasks:
5 - name: Start service httpd, if not started
6 service:
7 name: httpd
8 state: started
[greg;control ansible]$ ansible-playbook mariadb_service.yml
roles
[greg;control ansible]$ cd roles/
[greg;control roles]$ ansible-galaxy init apache
- Role apache was created successfully
[greg;control roles]$ cd ..
[greg;control ansible]$ ansible-galaxy list
# /home/greg/ansible/roles
- apache, (unknown version)
写tasks
[greg;control ansible]$ tree roles/apache/
[greg;control ansible]$ cd roles/
[greg;control roles]$ vim apache/tasks/main.yml
1 ---
2 - name: Start service httpd, if not started
3 service:
4 name: httpd
5 state: started
6 enabled: yes
7 - name: Start service httpd, if not started
8 service:
9 name: firewalld
10 state: started
11 enabled: yes
12 - firewalld:
13 service: http
14 permanent: yes
15 state: enabled
16 immediate: yes
17 - name: Template a file to /etc/files.conf
18 template:
19 src: index.html.j2
20 dest: /var/www/html/index.html
写模板
[greg;control roles]$ vim apache/templates/index.html.j2
1 Welcome to {{ ansible_nodename }} on {{ ansible_default_ipv4.address }}
写palybook
[greg;control roles]$ vim /home/greg/ansible/apache.yml
1 ---
2 - name: 创建和使用角色
3 hosts: webservers
4 roles:
5 - apache
[greg;control ansible]$ ansible-playbook /home/greg/ansible/apache.yml
验证
[greg;control ansible]$ curl node3
Welcome to node3.lab.example.com on 172.25.250.11
[greg;control ansible]$ curl node4
Welcome to node4.lab.example.com on 172.25.250.12
parted、filesystem、mount
[greg;control ansible]$ vim part.yml
1 ---
2 - name: parter
3 hosts: test
4 tasks:
5 - name: Create a new primary partition with a size of 1GiB
6 parted:
7 device: /dev/vdb
8 number: 1
9 state: present
10 part_end: 100MiB
11 - name: Create a ext2 filesystem on /dev/sdb1
12 filesystem:
13 fstype: ext3
14 dev: /dev/vdb1
15 - name: Mount DVD read-only
16 mount:
17 path: /mnt
18 src: /dev/vdb1
19 fstype: ext3
20 state: present
[greg;control ansible]$ ansible-playbook part.yml
验证
[greg;control ansible]$ ansible test -a ;lsblk;
[greg;control ansible]$ ansible test -a ;blkid;
[greg;control ansible]$ ansible test -a ;grep mnt /etc/fstab;
[greg;control ansible]$ vim /home/greg/ansible/partition.yml
1 ---
2 - name: 创建和使用分区;NEW;
3 hosts: all
4 tasks:
5 - block:
6 - name: Create a new primary partition
7 parted:
8 device: /dev/vdb
9 number: 1
10 state: present
11 part_end: 1500MiB
12 - name: Create a ext2 filesystem on /dev/sdb1
13 filesystem:
14 fstype: ext4
15 dev: /dev/vdb1
16 - name: Mount DVD read-only
17 mount:
18 path: /data
19 src: /dev/vdb1
20 fstype: ext4
21 state: mounted
22 when: inventory_hostname in groups.prod
23 rescue:
24 - debug:
25 msg: Could not create partition of that size
26 - name: Create a new primary partition
27 parted:
28 device: /dev/vdb
29 number: 1
30 state: present
31 part_end: 800MiB
32 when: ansible_devices.vdb is defined
33 - debug:
34 msg: this disk is not exist
35 when: ansible_devices.vdb is not defined
lv
[greg;control ansible]$ vim vg.yml
1 ---
2 - name: vg
3 hosts: test
4 tasks:
5 - name: Create a volume group
6 lvg:
7 vg: vg.services
8 pvs: /dev/vdb2
9 pesize: 32
10 - name: Create a logical volume of 512m
11 lvol:
12 vg: vg.services
13 lv: test
14 size: 10
[greg;control ansible]$ ansible-playbook vg.yml
验证;
查看卷组信息
[greg;control ansible]$ ansible test -a ;vgs;
[greg;control ansible]$ ansible test -a ;vgdisable;
查看逻辑卷信息
[greg;control ansible]$ ansible test -a ;lvs;
[greg;control ansible]$ ansible test -a ;lvdisable;
lvm
[greg;control ansible]$ vim /home/greg/ansible/lv.yml
1 ---
2 - name: 创建和使用逻辑卷;OLD;
3 hosts: all
4 tasks:
5 - block:
6 - name: Create a logical volume
7 lvol:
8 vg: research
9 lv: data
10 size: 1500
11 - name: Create a ext4
12 filesystem:
13 fstype: ext4
14 dev: /dev/research/data
15 rescue:
16 - debug:
17 msg: Could not create logical volume of that size
18 - name: Create a logical volume
19 lvol:
20 vg: research
21 lv: data
22 size: 800
23 when: ansible_lvm.vgs.research is defined
24 - debug:
25 msg: Volume group done not exist
26 when: ansible_lvm.vgs.research is not defined
[greg;control ansible]$ ansible-playbook /home/greg/ansible/lv.yml
[greg;control ansible]$ ansible all -a ;lvs;
[greg;control ansible]$ ansible all -a ;blkid /dev/research/data;
node3 | FAILED | rc=2 >>
non-zero return code
node2 | CHANGED | rc=0 >>
/dev/research/data: UUID=;019eb44b-4b8d-4fd6-87fd-8e4fe16af97a; BLOCK_SIZE=;4096; TYPE=;ext4;
node5 | CHANGED | rc=0 >>
/dev/research/data: UUID=;01a56d6e-3f6c-4432-91df-a148b52f9f8f; BLOCK_SIZE=;4096; TYPE=;ext4;
node4 | CHANGED | rc=0 >>
/dev/research/data: UUID=;9f04e0a8-22e7-4dfe-9a51-eff54d6d45d2; BLOCK_SIZE=;4096; TYPE=;ext4;
node1 | FAILED | rc=2 >>
non-zero return code
9.排除错误
[devops;workstation ~]$ mkdir ansible
[devops;workstation ~]$ cd ansible/
[devops;workstation ansible]$ cp /etc/ansible/ansible.cfg .
[devops;workstation ansible]$ ansible --version
ansible 2.9.21
config file = /home/devops/ansible/ansible.cfg
[devops;workstation ansible]$ vim ansible.cfg
14 inventory = /home/devops/ansible/inventory
15 #inventory = /etc/ansible/hosts
[devops;workstation ansible]$ vim inventory
[devops;workstation ansible]$ ansible-inventory --graph
;all:
|--;dev:
| |--servera
|--;test:
| |--serverb
|--;ungrouped:
[devops;workstation ansible]$ ansible-config dump | grep -i log
DEFAULT_LOG_PATH(default) = None
[devops;workstation ansible]$ vim ansible.cfg
112 log_path = /var/log/ansible.log
113 #log_path = /var/log/ansible.log
[devops;workstation ansible]$ ls -ld /var/log/ansible.log
ls: cannot access ;/var/log/ansible.log;: No such file or directory
[devops;workstation ansible]$ sudo chown devops:devops /var/log/
[devops;workstation ansible]$ ansible all -m setup -a ;filter=*name*;
servera | SUCCESS => {
;ansible_facts;: {
;ansible_hostname;: ;servera;,
;ansible_nodename;: ;servera.lab.example.com;,
;ansible_product_name;: ;KVM;,
;discovered_interpreter_python;: ;/usr/libexec/platform-python;
[devops;workstation ansible]$ cat /var/log/ansible.log
2022-07-13 06:47:29,958 p=2913 u=devops n=ansible | servera | SUCCESS => {
;ansible_facts;: {
;ansible_hostname;: ;servera;,
;ansible_nodename;: ;servera.lab.example.com;,
;ansible_product_name;: ;KVM;,
;discovered_interpreter_python;: ;/usr/libexec/platform-python;
},
;changed;: false
lab
[root;workstation ~]# lab troubleshoot-playbook
[root;workstation ~]# su - student
Last login: Wed Jul 13 06:50:12 EDT 2022 from 172.25.250.250 on pts/0
[student;workstation ~]$ ls
troubleshoot-playbook
报错信息
第一步;没有配置文件
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match ;all;
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
解决方法
[student;workstation troubleshoot-playbook]$ cp /etc/ansible/ansible.cfg .
[student;workstation troubleshoot-playbook]$ ls
ansible.cfg inventory samba.conf.j2 samba.yml
第二步;
报错信息
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match ;all;
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
mapping values are not allowed in this context
The error appears to be in ;/home/student/troubleshoot-playbook/samba.yml;: line 8, column 30, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
install_state: installed
random_var: This is colon: test
^ here
解决办法
8 random_var: This is colon: test
9 random_var: ;This is colon: test;
第三步;
报错原因;
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match ;all;
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
did not find expected key
The error appears to be in ;/home/student/troubleshoot-playbook/samba.yml;: line 45, column 4, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: deliver samba config
^ here
解决方法
47 #src: samba.j2
48 src: samba.conf.j2
第四步;
报错原因
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml
[WARNING]: provided hosts list is empty, only localhost is available. Note that the
implicit localhost does not match ;all;
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
did not find expected key
The error appears to be in ;/home/student/troubleshoot-playbook/samba.yml;: line 45, column 4, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: deliver samba config
^ here
解决方法;
缩进
第五步;
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
found unacceptable key (unhashable type: ;AnsibleMapping;)
The error appears to be in ;/home/student/troubleshoot-playbook/samba.yml;: line 15, column 15, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
name: samba
state: {{ install_state }}
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- ;{{ foo }};
解决方法;
15 state: ;{{ install_state }};
16 #state: {{ install_state }}
第六步;
原因
[student;workstation troubleshoot-playbook]$ ansible-playbook samba.yml
PLAY [Install a samba server] ************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************
fatal: [servera.lab.exammple.com]: UNREACHABLE! => {;changed;: false, ;msg;: ;Failed to connect to the host via ssh: ssh: Could not resolve hostname servera.lab.exammple.com: Name or service not known;, ;unreachable;: true}
PLAY RECAP *******************************************************************************************************************
servera.lab.exammple.com : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
解决方法;
[student;workstation troubleshoot-playbook]$ vim inventory
1 [samba_servers]
2 servera.lab.example.com
3 #servera.lab.exammple.com
执行成功
[root;workstation ~]# lab troubleshoot-review start Starting troubleshoot-review exercise. · Verifying Ansible installation.............................. SUCCESS · Creating working directory.................................. SUCCESS · Deploying ansible.cfg....................................... SUCCESS · Deploying Ansible inventory................................. SUCCESS · Downloading additional lab files · secure-web.yml............................................ SUCCESS · vhosts.conf............................................... SUCCESS · html/index.html........................................... SUCCESS · Removing web server packages on serverb..................... SUCCESS · Configuring HTTP/HTTPS access to serverb.................... SUCCESS
第一步;
[student;workstation troubleshoot-review]$ ansible-playbook secure-web.yml
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
mapping values are not allowed in this context
The error appears to be in ;/home/student/troubleshoot-review/secure-web.yml;: line 7, column 30, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
vars:
random_var: This is colon: test
^ here
解决方法
7 #random_var: This is colon: test
8 random_var: ;This is colon: test;
第二步;
报错原因
[student;workstation troubleshoot-review]$ ansible-playbook secure-web.yml
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
did not find expected ;-; indicator
The error appears to be in ;/home/student/troubleshoot-review/secure-web.yml;: line 39, column 10, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: start and enable web services
^ here
解决方法
缩进
第二步;
报错原因
[student;workstation troubleshoot-review]$ ansible-playbook secure-web.yml
ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
JSON: Expecting value: line 1 column 1 (char 0)
Syntax Error while loading YAML.
found unacceptable key (unhashable type: ;AnsibleMapping;)
The error appears to be in ;/home/student/troubleshoot-review/secure-web.yml;: line 14, column 20, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
yum:
name: {{ item }}
^ here
We could be wrong, but this one looks like it might be an issue with
missing quotes. Always quote template expression brackets when they
start a value. For instance:
with_items:
- {{ foo }}
Should be written as:
with_items:
- ;{{ foo }};
解决方法
14 name: ;{{ item }};
15 #name: {{ item }}
第四步;
报错原因
解决方法
[root;serverc ~]# su - students
su: user students does not exist
[root;serverc ~]# vim /etc/passwd
[root;serverc ~]# grep studen /etc/passwd
student:x:1000:1000:Student User:/home/student:/bin/bash
5 #remote_user: students
6 remote_user: student
第五步;
报错原因
解决方法
[student;workstation troubleshoot-review]$ ssh student;serverb
Warning: Permanently added ;serverb,172.25.250.11; (ECDSA) to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
[student;serverb ~]$ ssh student;serverc
The authenticity of host ;serverc (172.25.250.12); can;t be established.
ECDSA key fingerprint is SHA256:NJAyJMx8B2AeIYHRnVLAuJ1XZwblomyOKowyfTwGrTY.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
TASK [install web server packages] *******************************************************************************************
failed: [serverb.lab.example.com] (item=httpd) => {;ansible_loop_var;: ;item;, ;changed;: false, ;item;: ;httpd;, ;msg;: ;This command has to be run under the root user.;, ;results;: []}
failed: [serverb.lab.example.com] (item=mod_ssl) => {;ansible_loop_var;: ;item;, ;changed;: false, ;item;: ;mod_ssl;, ;msg;: ;This command has to be run under the root user.;, ;results;: []}
TASK [recover original httpd config] *****************************************************************************************
ok: [serverb.lab.example.com]
TASK [email notification of httpd config status] *****************************************************************************
fatal: [serverb.lab.example.com]: FAILED! => {;msg;: ;The conditional check ;httpd_conf_syntax.stdout != ;Syntax OK;; failed. The error was: error while evaluating conditional (httpd_conf_syntax.stdout != ;Syntax OK;): ;httpd_conf_syntax; is undefined
The error appears to be in ;/home/student/troubleshoot-review/secure-web.yml;: line 75, column 11, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: email notification of httpd config status
^ here
;}
PLAY RECAP *******************************************************************************************************************
serverb.lab.example.com : ok=2 changed=0 unreachable=0 failed=1 skipped=0 rescued=1 ignored=0
解决方法;
[student;workstation troubleshoot-review]$ vim inventory
1 [webservers]
2 serverb.lab.example.com ansible_host=serverc.lab.example.com ansible_become_user=root ansible_become_password=student ansi ble_become=yes
加载全部内容