[root@localhost httpd]# head -20 ansible.cfg
# config file for ansible -- https://ansible.com/
# ===============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults]
# some basic default values...
inventory = inventory # 修改如下
#library = /usr/share/my_modules/
#module_utils = /usr/share/my_module_utils/
#remote_tmp = ~/.ansible/tmp
#local_tmp = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks = 5
[root@localhost httpd]# cat inventory # 在清单文件添加受控主机账号,登录密码 。
[webservers]
web01.example.com ansible_user=root ansible_password=023654 [root@localhost httpd]# ssh web01.example.com# 第一次登录手动连接一下,这种方法不是很安全,建议做免密登录
[root@localhost httpd]# vim inventory
[webservers]
web01.example.com # 只添加受管主机域名或者id
[root@localhost httpd]# ansible all -m ping # 此时就ping不通了
web01.example.com | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: root@web01.example.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
[root@localhost httpd]# cd
[root@localhost ~]# ls .ssh # 家目录有个这个文件
known_hosts
[root@localhost ~]# rm -f .ssh/known_hosts # 应为以前练过删除掉模拟没有连过
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
[root@localhost ~]# ssh-keygen -t rsa # 生成密钥 3下回车
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8BIhaMYPmoH7SU9gmdU4sy24AZ3ggain6GCSk9+5/dQ root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|== *oo. |
|B # +... |
|.@ = =o |
|= = = .+ |
|.B * .. S |
|O.+ . . . |
|=o . . . E |
| .. o. . |
| ..... |
+----[SHA256]-----+
[root@localhost ~]# ls .ssh/ # 查看生成一对密钥
id_rsa id_rsa.pub
[root@localhost ~]# ssh-copy-id root@web01.example.com # 把密钥复制过去,清单文件写的ip就写ip,域名就写域名要一致
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'web01.example.com (192.168.149.136)' can't be established.
ECDSA key fingerprint is SHA256:i8Xb7+YMK3TJE75BLHw5jRSl0TzbxeZELkitVnaZ7+s.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes # 第一次登录会让你输yes
root@web01.example.com's password: # 输入密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@web01.example.com'"
and check to make sure that only the key(s) you wanted were added. # 完成
[root@localhost ~]# ssh web01.example.com # 尝试连接成功
Last failed login: Tue May 31 22:33:00 CST 2022 from 192.168.149.135 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Tue May 31 21:33:13 2022 from 192.168.149.1
[root@web01 ~]# exit # 连接上退出
[root@localhost httpd]# ansible all -m ping # 用ping模块可以ping通
web01.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@localhost httpd]# ls # 配置文件有了
ansible.cfg files inventory test.yml
[root@localhost httpd]# cat inventory # 网站服务器也相当于有了
[webservers]
web01.example.com
[root@localhost httpd]# ls files/ 这里面是yum源
CentOS-Base.repo
--- # 开头3个-
- hosts: webservers # 那台主机,我就一台主机所以写主机组也行
tasks: # 有那些任务
- name: provides repo file # 任务叫提供repo文件
copy: # 用copy模块
src: files/CentOS-Base.repo #源文件路径
dest: /etc/yum.repos.d/ #复制到目标的路
- name: install apache # 任务叫安装apache
dnf: # 用到的模块
name: httpd # 安装软件的名字
state: latest # 状态是最新的
[root@localhost httpd]# ansible-playbook install.yml # 跑一遍没有报错
PLAY [webservers] ***************************************************************
TASK [Gathering Facts] **********************************************************
ok: [web01.example.com]
TASK [provides repo file] *******************************************************
ok: [web01.example.com]
TASK [install apache] ***********************************************************
changed: [web01.example.com]
PLAY RECAP **********************************************************************
web01.example.com : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@web01 ~]# rpm -qa|grep httpd # 受管主机上已经装好
centos-logos-httpd-85.8-2.el8.noarch
httpd-tools-2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64
httpd-filesystem-2.4.37-43.module_el8.5.0+1022+b541f3b1.noarch
httpd-2.4.37-43.module_el8.5.0+1022+b541f3b1.x86_64
[root@web01 ~]# ls /etc/httpd/conf.d
autoindex.conf README userdir.conf welcome.conf
[root@web01 ~]# find / -name *vhosts.conf
/usr/share/doc/httpd/httpd-vhosts.conf
[root@localhost files]# scp web01.example.com:/usr/share/doc/httpd/httpd-vhosts.conf .
httpd-vhosts.conf 100% 1477 657.7KB/s 00:00
[root@localhost files]# ls # 把虚拟主机文件移到当前目录
CentOS-Base.repo httpd-vhosts.conf
[root@localhost files]# vim httpd-vhosts.conf #修改
<VirtualHost *:80> #修改如下
DocumentRoot "/var/www/html/game"
ServerName game.example.com # 别名
ErrorLog "/var/log/httpd/game.example.com-error_log" #日志存放的位子
CustomLog "/var/log/httpd/game.example.com-access_log" common
</VirtualHost>
---
- hosts: webservers
tasks:
- name: provides repo file
copy:
src: files/CentOS-Base.repo
dest: /etc/yum.repos.d/
- name: install apache
dnf:
name: httpd
state: latest
- name: config apache # 任务是配置apache
copy: # 用copy模块
src: files/httpd-vhosts.conf # 源文件位子
dest: /etc/httpd/conf.d/ # 目标文件位子
[root@web01 ~]# ls /etc/httpd/conf.d # 受管主机现在这个位子是没有httpd-vhosts.conf文件
autoindex.conf README userdir.conf welcome.conf
[root@localhost httpd]# ansible-playbook install.yml # 跑一遍
[root@web01 ~]# ls /etc/httpd/conf.d # 控制主机跑完就有了
autoindex.conf httpd-vhosts.conf README userdir.conf welcome.conf
[root@web01 conf.d]# cat httpd-vhosts.conf # 就是刚才在控制主机修改的传过来的
<VirtualHost *:80>
DocumentRoot "/var/www/html/game"
ServerName game.example.com
ErrorLog "/var/log/httpd/game.example.com-error_log"
CustomLog "/var/log/httpd/game.example.com-access_log" common
</VirtualHost>
[root@localhost files]# ls
CentOS-Base.repo htmlxunakuhei.zip httpd-vhosts.conf # 用xftp把在网上找的网站放到当前目录
[root@localhost files]# dnf -y install unzip # 安装一个解压软件
[root@localhost files]# unzip htmlxunakuhei.zip # 解压
[root@localhost files]# mv htmlxunakuhei game # 把解压的网站放到game下面
[root@localhost files]# ls
CentOS-Base.repo game htmlxunakuhei.zip httpd-vhosts.conf
[root@localhost files]# rm -rf htmlxunakuhei.zip # 删除之前的压缩包
[root@localhost files]# ls
CentOS-Base.repo game httpd-vhosts.conf
[root@localhost files]# ls game/ # 网站已经在game目录了
服务器之家.url css images js
精品免费商业源码下载.url fonts index.html m
---
- hosts: webservers
tasks:
- name: provides repo file
copy:
src: files/CentOS-Base.repo
dest: /etc/yum.repos.d/
- name: install apache
dnf:
name: httpd
state: latest
- name: provides web site # 任务是提供网站
copy: # 用copy模块
src: files/game # 源文件位子
dest: /var/www/html/ # 目标文件位子
- name: config apache
copy:
src: files/httpd-vhosts.conf
dest: /etc/httpd/conf.d/
[root@web01 conf.d]# cd /var/www/html/ # 此时受管主机这个位子是没有东西的
[root@web01 html]# ls
[root@web01 html]#
[root@localhost httpd]# ansible-playbook install.yml # 在跑一次把网站传过去
[root@web01 html]# ls # 已经传过来了
game
[root@web01 html]# ls game/
服务器之家.url css images js
精品免费商业源码下载.url fonts index.html m
---
- hosts: webservers
tasks:
- name: provides repo file
copy:
src: files/CentOS-Base.repo
dest: /etc/yum.repos.d/
- name: install apache
dnf:
name: httpd
state: latest
- name: provides web site
copy:
src: files/game
dest: /var/www/html/
- name: config apache
copy:
src: files/httpd-vhosts.conf
dest: /etc/httpd/conf.d/
- name: run httpd # 运行
service: # 用到的模块
name: httpd # 名字
state: started # 启动
enabled: yes # 状态开机自启
- name: close firewalld # 关闭防火墙
service: # 用的模块
name: firewalld # 名字
state: stopped # 状态关闭
enabled: no # 开机不自起
[root@localhost httpd]# ansible-playbook install.yml
PLAY [webservers] ***************************************************************
TASK [Gathering Facts] **********************************************************
ok: [web01.example.com]
TASK [provides repo file] *******************************************************
ok: [web01.example.com]
TASK [install apache] ***********************************************************
ok: [web01.example.com]
TASK [provides web site] ********************************************************
ok: [web01.example.com]
TASK [config apache] ************************************************************
ok: [web01.example.com]
TASK [run httpd] ****************************************************************
changed: [web01.example.com]
TASK [close firewalld] **********************************************************
changed: [web01.example.com]
PLAY RECAP **********************************************************************
web01.example.com : ok=7 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 # 成功
[root@web01 html]# ss -antl # 查看受管主机已经有80端口号,服务起来了
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 32 *:21 *:*
LISTEN 0 128 [::]:22 [::]:*
[root@web01 html]# systemctl status firewalld # 防火墙也被设置关了,开机不自启
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor p>
Active: inactive (dead)
Docs: man:firewalld(1)
5月 31 09:33:19 web01.example.com systemd[1]: Starting firewalld - dynamic firew>
5月 31 09:33:25 web01.example.com systemd[1]: Started firewalld - dynamic firewa>
5月 31 09:33:26 web01.example.com firewalld[1096]: WARNING: AllowZoneDrifting is>
6月 01 11:34:47 web01.example.com systemd[1]: Stopping firewalld - dynamic firew>
6月 01 11:34:48 web01.example.com systemd[1]: firewalld.service: Succeeded.
6月 01 11:34:48 web01.example.com systemd[1]: Stopped firewalld - dynamic firewa>
lines 1-11/11 (END)
在真机上做个域名映射就可以访问了
![]()
浙公网安备 33010602011771号