256 字
1 分钟
运行 Ansible 的前期准备
运行ansible的前期准备
安装三台虚拟机
我们选择open euler
在VMware Workstation Pro 安装一台虚拟机
第二台完整克隆
第三台链接克隆
配置固化三台虚拟机的网络
发现固化网络时使用vim编辑固化失败推荐使用nmcli进行固化
使用nmcli命令进行固化网络
先规划三台虚拟机的IP地址
分别为
- 192.168.177.129
- 192.168.177.130
- 192.168.177.131
开始进行网络固化
#首先查看网卡名字[example@example01 ansible]$ nmcli connection showNAME UUID TYPE DEVICEens33 c73e89a6-5104-4b44-a476-63589c85c332 ethernet ens33lo bd380bce-eade-45f0-badd-e49172d16314 loopback lo#看到网卡名字为 ens33,分别更改ip,网关,dns,切换为静态IP[example@example01 ansible]$ nmcli connection modify ens33 \ipv4.addresses 192.168.177.129/24nmcli connection modify ens33 \ipv4.gateway 192.168.177.2nmcli connection modify ens33 \ipv4.dns 114.114.114.114nmcli connection modify ens33 \ipv4.method manual#重启网卡[example@example01 ansible]$ nmcli connection down ens33 && nmcli connection up ens33#查看是否固化成功[example@example01 ansible]$ nmcli connection show ens33 | grep ipv4.method#成功[root@example01 ansible]# nmcli connection show ens33 | grep ipv4.methodipv4.method: manual#查看详细配置root@example01 ansible]# nmcli connection show ens33 | grep ipv4ipv4.method: manualipv4.dns: 114.114.114.114ipv4.dns-search: --ipv4.dns-options: --ipv4.dns-priority: 0ipv4.addresses: 192.168.177.129/24ipv4.gateway: 192.168.177.2ipv4.routes: --ipv4.route-metric: -1ipv4.route-table: 0 (unspec)ipv4.routing-rules: --ipv4.replace-local-rule: -1(default)ipv4.ignore-auto-routes: 否ipv4.ignore-auto-dns: 否ipv4.dhcp-client-id: --ipv4.dhcp-iaid: --ipv4.dhcp-timeout: 0 (default)ipv4.dhcp-send-hostname: 是ipv4.dhcp-hostname: --ipv4.dhcp-fqdn: --ipv4.dhcp-hostname-flags: 0x0(none)ipv4.never-default: 否ipv4.may-fail: 是ipv4.required-timeout: -1 (default)ipv4.dad-timeout: -1 (default)ipv4.dhcp-vendor-class-identifier: --ipv4.link-local: 0(default)ipv4.dhcp-reject-servers: --ipv4.auto-route-ext-gw: -1(default)为三台虚拟机创建用户修改主机名
修改主机名
#修改主机名为你的姓名简拼+01/02/03[root@example01 /]# hostnamectl set-hostname example01创建用户
#在三台虚拟机上创建三同名用户[root@example01 /]# useradd example[root@example01 /]# passwd example为创建的用户提权
在/etc/sudores 中使用vim提权
[root@example01 /]# visudo /etc/sudoersDefaults secure_path = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
## Next comes the main part: which users can run what software on## which machines (the sudoers file can be shared between multiple## systems).## Syntax:#### user MACHINE=COMMANDS#### The COMMANDS section may have other options added to it.#### Allow root to run any commands anywhereroot ALL=(ALL) ALLexample ALL=(ALL) NOPASSWD: ALL## Allows members of the 'sys' group to run networking, software,## service management apps and more.# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands%wheel ALL=(ALL) ALL
## Same thing without a password# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the## cdrom as root# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)#includedir /etc/sudoers.d检验提权是否成功
[example@example01 /]$ sudo cat /etc/shadowroot:$y$j9T$1urtbduE.3TtjoQ9tiKnSmTY$gv.ivHasgflb/6czuPgxHRC6nSZTtrFUXtO5BFm7tu2::0:99999:7:::bin:*:20443:0:99999:7:::daemon:*:20443:0:99999:7:::adm:*:20443:0:99999:7:::lp:*:20443:0:99999:7:::sync:*:20443:0:99999:7:::shutdown:*:20443:0:99999:7:::halt:*:20443:0:99999:7:::mail:*:20443:0:99999:7:::operator:*:20443:0:99999:7:::games:*:20443:0:99999:7:::ftp:*:20443:0:99999:7:::nobody:*:20443:0:99999:7:::systemd-coredump:!:20526::::::dbus:!:20526::::::polkitd:!:20526::::::saslauth:!:20526::::::dhcpd:!:20526::::::sshd:!:20526::::::tss:!:20526::::::unbound:!:20526::::::chrony:!:20526::::::example:$6$WkwUiZDosTU45NRX$MLpLOdKC.qC0lFAOS9aXIcdX3Te8.GQ/NTC7TtiRrOi0YPQjKvHn2hX.p2KZavbE5sVKBOePukiKvhiLLJkiq0:20532:0:99999:7:::qq:!:20532:0:99999:7:::提权成功example 用户可以不输入用户密码进行root操作
免密登录
首先三台虚拟机在/etc/hosts 中修改目标IP的主机名做一个本地DNS
[root@example01 /]# vim /etc/hosts# Loopback entries; do not change.# For historical reasons, localhost precedes localhost.localdomain:127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6# See hosts(5) for proper format and other examples:# 192.168.1.10 foo.example.org foo# 192.168.1.13 bar.example.org bar 192.168.177.129 example01 192.168.177.130 example02 192.168.177.131 example03开始生成SSH证书密钥
[root@example01 /]# ssh-keygen -t rsa[root@example01 /]# ssh-copy-id example@example01[root@example01 /]# ssh example@openeuler01可以免密登录
检查网络仓库
[root@example01 /]# dnf repolist allrepo id repo name statusEPOL EPOL enabledOS OS enableddebuginfo debuginfo enabledeverything everything enabledsource source enabledupdate update enabledupdate-source前期准备完成,下一步安装ansible
分享
如果这篇文章对你有帮助,欢迎分享给更多人!
部分信息可能已经过时
随机文章 随机推荐
暂无数据