使用Ansible为集群初始化并配置免密

前情概要

集群的36台服务器安装好了centos7.9设置了统一的root密码，并配置好了主机名和ip。现在需要实现：

1. 每台关闭防火墙和selinux
2. 删除安装操作系统时创建的默认用户user及其家目录
3. 将集群的36台主机和ip信息添加到/etc/hosts文件
4. 删除默认yum源配置文件，添加指定的repo文件
5. 为集群36台主机配置ssh相互免密

Ansible实现

感觉Ansible比使用脚本来得更方便，所以使用Ansible。

playbook的yaml文件：

<code>---

- name: Initialize servers

hosts: all_servers

gather_facts: no

become: no

tasks:

- name: Disable firewall

service:

name: firewalld

state: stopped

enabled: no

- name: Disable SELinux

selinux:

state: disabled

policy: targeted

- name: Disable SELinux immediately

command: setenforce 0

ignore_errors: yes

- name: Ensure user is absent and home directory removed

user:

name: user

state: absent

remove: yes

- name: Remove default yum repos

file:

path: "{{ item }}"

state: absent

with_fileglob:

- /etc/yum.repos.d/*.repo

- name: Copy http.repo to all servers

copy:

src: /root/http.repo

dest: /etc/yum.repos.d/http.repo

owner: root

group: root

mode: '0644'

- name: Add hostname into /etc/hosts

lineinfile:

path: /etc/hosts

line: "{{ hostvars[item]['ansible_host'] }} {{ item }}"

state: present

create: yes

regexp: "^{{ hostvars[item]['ansible_host'] }}\\s+{{ item }}$"

with_items: "{{ groups['all_servers'] }}"

- name: Check /root/.ssh exists

file:

path: /root/.ssh

state: directory

mode: '0700'

- name: Check id_rsa exists

stat:

path: /root/.ssh/id_rsa

register: ssh_key

- name: Generate SSH keypair if not already present

openssh_keypair:

path: /root/.ssh/id_rsa

type: rsa

size: 2048

state: present

mode: '0600'

when: not ssh_key.stat.exists

- name: Gather SSH public keys from all servers

slurp:

src: /root/.ssh/id_rsa.pub

register: public_key

- name: Set up authorized_keys for all servers

authorized_key:

user: root

key: "{{ hostvars[item]['public_key']['content'] | b64decode }}"

state: present

with_items: "{{ groups['all_servers'] }}"

inventory文件

[all_servers]

hpc_mgr_1 ansible_user=root ansible_host=10.2.1.9 ansible_connection=local

hpc_mgr_2 ansible_user=root ansible_host=10.2.1.11

hpc_node_1 ansible_user=root ansible_host=10.2.1.13

hpc_node_2 ansible_user=root ansible_host=10.2.1.15

hpc_node_3 ansible_user=root ansible_host=10.2.1.17

hpc_node_4 ansible_user=root ansible_host=10.2.1.19

hpc_node_5 ansible_user=root ansible_host=10.2.1.21

hpc_node_6 ansible_user=root ansible_host=10.2.1.23

hpc_node_7 ansible_user=root ansible_host=10.2.1.25

hpc_node_8 ansible_user=root ansible_host=10.2.1.27

hpc_node_9 ansible_user=root ansible_host=10.2.1.29

hpc_node_10 ansible_user=root ansible_host=10.2.1.31

hpc_node_11 ansible_user=root ansible_host=10.2.1.33

hpc_node_12 ansible_user=root ansible_host=10.2.1.35

hpc_node_13 ansible_user=root ansible_host=10.2.1.37

hpc_node_14 ansible_user=root ansible_host=10.2.1.39

hpc_node_15 ansible_user=root ansible_host=10.2.1.41

hpc_node_16 ansible_user=root ansible_host=10.2.1.43

hpc_node_17 ansible_user=root ansible_host=10.2.1.45

hpc_node_18 ansible_user=root ansible_host=10.2.1.47

hpc_node_19 ansible_user=root ansible_host=10.2.1.49

hpc_node_20 ansible_user=root ansible_host=10.2.1.51

hpc_node_21 ansible_user=root ansible_host=10.2.1.53

hpc_node_22 ansible_user=root ansible_host=10.2.1.55

hpc_node_23 ansible_user=root ansible_host=10.2.1.57

hpc_node_24 ansible_user=root ansible_host=10.2.1.59

hpc_node_25 ansible_user=root ansible_host=10.2.1.61

hpc_node_26 ansible_user=root ansible_host=10.2.1.63

hpc_node_27 ansible_user=root ansible_host=10.2.1.65

hpc_node_28 ansible_user=root ansible_host=10.2.1.67

hpc_node_29 ansible_user=root ansible_host=10.2.1.69

hpc_node_30 ansible_user=root ansible_host=10.2.1.71

hpc_node_31 ansible_user=root ansible_host=10.2.1.73

hpc_node_32 ansible_user=root ansible_host=10.2.1.75

hpc_fnode_1 ansible_user=root ansible_host=10.2.1.77

hpc_fnode_2 ansible_user=root ansible_host=10.2.1.79

执行playbook：

ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory.ini a.yaml --ask-pass

总结

临时使用，体验很不错。