1、使用ansible的playbook实现自动化安装httpd
主控机:192.168.45.202
被控机:192.168.45.203
1)建立key验证,在主控机上生成秘钥
[root@s202 ansible]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:L7aOX7p8JfgddAQ38KuAREQPAG3ilIzIpOSQOZHg4Kg root@s202
The key's randomart image is:
+---[RSA 2048]----+
|OO o.+.+= ooo |
|/.. = o. o o.. |
|o= o o . . .. |
|. . . . . .. |
|E S... .. |
| ....o. |
| o.o+.. |
| + =o . |
| .oBo |
+----[SHA256]-----+
2)完成自身验证
[root@s202 ansible]# ssh-copy-id 192.168.45.202
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.45.202 (192.168.45.202)' can't be established.
ECDSA key fingerprint is SHA256:IJSDPnogSYHD4HFYJdnm3q4DwUrEiMYNa71KRXUt69Q.
ECDSA key fingerprint is MD5:5d:c0:86:72:92:64:2d:09:b2:7e:33:ea:2b:35:71:75.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.45.202'"
and check to make sure that only the key(s) you wanted were added.
3)在主控机测试免密登录
[root@s202 ansible]# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is SHA256:IJSDPnogSYHD4HFYJdnm3q4DwUrEiMYNa71KRXUt69Q.
ECDSA key fingerprint is MD5:5d:c0:86:72:92:64:2d:09:b2:7e:33:ea:2b:35:71:75.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Last login: Thu Aug 20 21:54:09 2020 from 192.168.45.200
4)将key拷贝到被控机上,并测试免费登录效果
[root@s202 ~]# scp -r .ssh/ 192.168.45.203:
[email protected]'s password:
known_hosts 100% 523 400.7KB/s 00:00
id_rsa 100% 1679 1.3MB/s 00:00
id_rsa.pub 100% 391 352.3KB/s 00:00
authorized_keys 100% 391 251.6KB/s 00:00
[root@s202 ~]# ssh 192.168.45.203
Last login: Sat Jul 4 17:15:05 2020 from 192.168.45.200
[root@s203 ~]# exit
logout
Connection to 192.168.45.203 closed.
5)在主控机安装ansible(需要repl源)
[root@s202 ~]# yum install ansible
6)在主控机ansible中的hosts文件中加入被控机
[root@s202 ansible]# cat /etc/ansible/hosts
[httpd]
192.168.45.203
7)创建httpd.yml文件
[root@s202 ansible]# cat /etc/ansible/httpd.yml
- hosts: httpd
tasks:
- name: Install httpd
yum: name=httpd state=present
- name: start service
service: name=httpd state=started enabled=yes
8)验证yml文件
[root@s202 ansible]# ansible-playbook -C httpd.yml
PLAY [httpd] *************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************
ok: [192.168.45.203]
TASK [Install httpd] *****************************************************************************************
changed: [192.168.45.203]
TASK [start service] *****************************************************************************************
changed: [192.168.45.203]
PLAY RECAP ***************************************************************************************************
192.168.45.203 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
9)验证通过后,执行安装操作
[root@s202 ansible]# ansible-playbook httpd.yml
PLAY [httpd] *************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************
ok: [192.168.45.203]
TASK [Install httpd] *****************************************************************************************
changed: [192.168.45.203]
TASK [start service] *****************************************************************************************
changed: [192.168.45.203]
PLAY RECAP ***************************************************************************************************
192.168.45.203 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
使用ansible安装httpd成功
2、建立httpd服务器,要求提供两个基于名称的虚拟主机:
(1)www.X.com,页面文件目录为/web/vhosts/x;错误日志为
/var/log/httpd/x.err,访问日志为/var/log/httpd/x.access
(2)www.Y.com,页面文件目录为/web/vhosts/y;错误日志为 /var/log/httpd/www2.err,访问日志为/var/log/httpd/y.access
(3)为两个虚拟主机建立各自的主页文件index.html,内容分别为其对应的主机名
- 安装httpd
[root@s203 ~]# yum install httpd -y
- 建立页面文件目录
[root@s203 ~]# mkdir -p /web/vhosts/{x,y}
- 创建虚拟主机
[root@s203 conf.d]# cat /etc/httpd/conf.d/web.conf
ServerName www.X.com
DocumentRoot "/web/vhosts/x"
ErrorLog "/var/log/httpd/x.err"
CustomLog "/var/log/httpd/x.access" combined
Options None
AllowOverride None
Require all granted
ServerName www.Y.com
DocumentRoot "/web/vhosts/y"
ErrorLog "/var/log/httpd/www2.err"
CustomLog "/var/log/httpd/y.access" combined
Options None
AllowOverride None
Require all granted
- 创建各自的主页面index.html文件
[root@s203 conf.d]# echo www.X.com > /web/vhosts/x/index.html
[root@s203 conf.d]# echo www.Y.com > /web/vhosts/y/index.html
- 在hosts文件中添加自定义域名解析
[root@s203 etc]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.45.203 www.X.com www.Y.com
- 启动服务进行验证
[root@s203 etc]# systemctl start httpd
[root@s203 etc]# curl www.x.com
www.X.com
[root@s203 etc]# curl www.y.com
www.Y.com