Ansible\u662f\u4e00\u79cd\u5f00\u6e90\u8f6f\u4ef6\u5de5\u5177\uff0c\u7528\u4e8e\u81ea\u52a8\u5316\u670d\u52a1\u5668\u548c\u5e94\u7528\u7a0b\u5e8f\u7684\u914d\u7f6e\u7ba1\u7406\u3001\u90e8\u7f72\u548c\u4f9b\u5e94\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528Ansible\u81ea\u52a8\u5316\u6267\u884c\u4e00\u4e2a\u6216\u591a\u4e2a\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u52a1\uff0c\u6216\u8005\u5728\u591a\u4e2a\u670d\u52a1\u5668\u4e0a\u8fd0\u884c\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u3002\u5bf9\u4e8e\u591a\u670d\u52a1\u5668\u914d\u7f6e\uff0c\u4e3a\u6bcf\u4e2a\u670d\u52a1\u5668\u5b8c\u6210\u521d\u59cb\u670d\u52a1\u5668\u8bbe\u7f6e\u53ef\u80fd\u8017\u65f6\u5f88\u957f\uff0c\u800c\u4f7f\u7528Ansible\u53ef\u4ee5\u901a\u8fc7\u81ea\u52a8\u5316\u5267\u672c\u52a0\u5feb\u8fd9\u4e2a\u8fc7\u7a0b\u3002<\/p>\n
Ansible\u662f\u65e0\u9700\u4ee3\u7406\u7684\uff0c\u56e0\u6b64\u60a8\u65e0\u9700\u5728\u8981\u8fd0\u884cAnsible\u7684\u670d\u52a1\u5668\u4e0a\u5b89\u88c5\u4efb\u4f55Ansible\u7ec4\u4ef6\u3002\u8fd9\u4e9b\u670d\u52a1\u5668\u662fAnsible\u4e3b\u673a\uff0c\u5fc5\u987b\u8fd0\u884cPython 3\u548cOpenSSH\uff0c\u8fd9\u4e24\u8005\u90fd\u9884\u5148\u5b89\u88c5\u5728Ubuntu 22.04\u548c\u6240\u6709Linux\u53d1\u884c\u7248\u4e0a\u3002Ansible\u63a7\u5236\u8282\u70b9\u662f\u5c06\u53d1\u8d77\u81ea\u52a8\u5316\u7684\u673a\u5668\uff0c\u5b83\u53ef\u4ee5\u8fd0\u884c\u4efb\u4f55\u517c\u5bb9\u7684\u7c7bUnix\u64cd\u4f5c\u7cfb\u7edf\uff0c\u6216\u8005\u5982\u679c\u5df2\u5b89\u88c5\u4e86Windows\u5b50\u7cfb\u7edf\u7528\u4e8eLinux\uff08WSL\uff09\uff0c\u5219\u53ef\u4ee5\u8fd0\u884cWindows\u3002<\/p>\n
\u5728\u672c\u6559\u7a0b\u4e2d\uff0c\u60a8\u5c06\u4f7f\u7528Ansible\u81ea\u52a8\u5316\u591a\u4e2aUbuntu 22.04\u670d\u52a1\u5668\u7684\u521d\u59cb\u670d\u52a1\u5668\u8bbe\u7f6e\u3002\u60a8\u5c06\u5bf9\u6240\u6709\u670d\u52a1\u5668\u6267\u884c\u4ee5\u4e0b\u521d\u59cb\u8bbe\u7f6e\u4efb\u52a1\uff1a<\/p>\n
\u56e0\u4e3a\u60a8\u5c06\u4f7f\u7528Ansible\u6765\u8fd0\u884c\u4e00\u4e2a\u5305\u542b\u6bcf\u4e2a\u4efb\u52a1\u7684\u5168\u9762playbook\uff0c\u8fd9\u4e9b\u4efb\u52a1\u5c06\u4f7f\u7528\u4e00\u4e2a\u547d\u4ee4\u5b8c\u6210\uff0c\u800c\u65e0\u9700\u60a8\u5355\u72ec\u767b\u5f55\u670d\u52a1\u5668\u3002\u5728\u521d\u59cb\u670d\u52a1\u5668\u8bbe\u7f6e\u4e4b\u540e\uff0c\u60a8\u53ef\u4ee5\u8fd0\u884c\u4e00\u4e2a\u53ef\u9009\u7684\u6b21\u8981playbook\u6765\u81ea\u52a8\u5316\u670d\u52a1\u5668\u7ba1\u7406\u3002<\/p>\n
\u5b8c\u6210\u6b64\u6559\u7a0b\uff0c\u60a8\u9700\u8981\u4ee5\u4e0b\u7269\u54c1\uff1a<\/p>\n
If your control node is a remote Ubuntu 22.04 server, be sure to set it up using the Initial Server Setup and create its SSH key pair as well.
\nGit installed on the control node. Follow the How To Install Git tutorials for popular Linux distributions.
\n(Optional) In Step 5, you will use Ansible Vault to create an encrypted password file for your hosts\u2019 users. Ansible Vault uses vi as its default editor. If your control node is a Linux machine and you prefer using nano, use the section on Setting the Ansible Vault Editor in the How To Use Ansible Vault tutorial to change the text editor linked to the EDITOR environment shell variable. This tutorial will use nano as the editor for Ansible Vault.<\/p>\n<\/li>\n
If your control node is a remote Ubuntu 22.04 server, be sure to use ssh-copy-id to connect the key pair to the hosts.<\/p>\n<\/li>\n<\/ul>\n
\u5728\u8fd9\u4e00\u6b65\u4e2d\uff0c\u4f60\u5c06\u4fee\u6539\u63a7\u5236\u8282\u70b9\u7684SSH\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u6307\u4ee4\u3002\u5728\u8fdb\u884c\u6b64\u66f4\u6539\u540e\uff0c\u5c06\u4e0d\u518d\u9700\u8981\u624b\u52a8\u786e\u8ba4\u8fdc\u7a0b\u673a\u5668\u7684SSH\u5bc6\u94a5\u6307\u7eb9\uff0c\u56e0\u4e3a\u5b83\u4eec\u5c06\u88ab\u81ea\u52a8\u63a5\u53d7\u3002\u5bf9\u6bcf\u53f0\u8fdc\u7a0b\u673a\u5668\u624b\u52a8\u63a5\u53d7SSH\u5bc6\u94a5\u6307\u7eb9\u53ef\u80fd\u4f1a\u5f88\u7e41\u7410\uff0c\u56e0\u6b64\u8fd9\u4e2a\u4fee\u6539\u89e3\u51b3\u4e86\u4f7f\u7528Ansible\u81ea\u52a8\u5316\u591a\u4e2a\u670d\u52a1\u5668\u7684\u521d\u59cb\u8bbe\u7f6e\u65f6\u7684\u6269\u5c55\u95ee\u9898\u3002<\/p>\n
\u867d\u7136\u60a8\u53ef\u4ee5\u4f7f\u7528Ansible\u7684known_hosts\u6a21\u5757\u6765\u81ea\u52a8\u63a5\u53d7\u5355\u4e2a\u4e3b\u673a\u7684SSH\u5bc6\u94a5\u6307\u7eb9\uff0c\u4f46\u672c\u6559\u7a0b\u5904\u7406\u7684\u662f\u591a\u4e2a\u4e3b\u673a\uff0c\u56e0\u6b64\u5728\u63a7\u5236\u8282\u70b9\u4e0a\uff08\u901a\u5e38\u662f\u60a8\u7684\u672c\u5730\u673a\u5668\uff09\u4fee\u6539SSH\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6\u66f4\u4e3a\u6709\u6548\u3002<\/p>\n
\u9996\u5148\uff0c\u5728\u63a7\u5236\u8282\u70b9\u4e0a\u542f\u52a8\u7ec8\u7aef\u5e94\u7528\u7a0b\u5e8f\uff0c\u7136\u540e\u4f7f\u7528nano\u6216\u60a8\u559c\u6b22\u7684\u6587\u672c\u7f16\u8f91\u5668\u6253\u5f00SSH\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6\u3002<\/p>\n
- sudo<\/span> nano<\/span> \/etc\/ssh\/ssh_config\r\n<\/li><\/ol>\r\n<\/code><\/pre>\n
\u627e\u5230\u5305\u542bStrictHostKeyChecking\u6307\u4ee4\u7684\u884c\u3002\u5220\u9664\u6ce8\u91ca\uff0c\u5e76\u5c06\u5176\u503c\u66f4\u6539\u4e3a\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n
\/etc\/ssh\/ssh_config \u53ef\u4ee5\u7528\u4e0b\u9762\u7684\u53e6\u5916\u4e00\u79cd\u4e2d\u6587\u8868\u8fbe\u65b9\u5f0f\uff1a<\/p>\nssh \u914d\u7f6e\u6587\u4ef6\u4f4d\u4e8e \/etc\/ssh\/ssh_config<\/p><\/div>\n
..<\/span>.\r\n StrictHostKeyChecking accept-new<\/mark>\r\n..<\/span>.\r\n<\/code><\/pre>\n\u4fdd\u5b58\u5e76\u5173\u95ed\u6587\u4ef6\u3002\u60a8\u4e0d\u9700\u8981\u91cd\u65b0\u52a0\u8f7d\u6216\u91cd\u542fSSH\u5b88\u62a4\u7a0b\u5e8f\uff0c\u56e0\u4e3a\u60a8\u53ea\u4fee\u6539\u4e86SSH\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6\u3002<\/p>\n
\n\n
Note<\/p>\n
\u6ce8\u610f\uff1a\u5982\u679c\u60a8\u4e0d\u5e0c\u671b\u5c06StrictHostKeyChecking\u7684\u503c\u4eceask\u6c38\u4e45\u66f4\u6539\u4e3aaccept-new\uff0c\u60a8\u53ef\u4ee5\u5728\u7b2c7\u6b65\u8fd0\u884cplaybook\u540e\u5c06\u5176\u6062\u590d\u4e3a\u9ed8\u8ba4\u503c\u3002\u5c3d\u7ba1\u66f4\u6539\u8be5\u503c\u610f\u5473\u7740\u60a8\u7684\u7cfb\u7edf\u5c06\u81ea\u52a8\u63a5\u53d7SSH\u5bc6\u94a5\u6307\u7eb9\uff0c\u4f46\u5982\u679c\u6307\u7eb9\u53d1\u751f\u53d8\u5316\uff0c\u5b83\u5c06\u62d2\u7edd\u6765\u81ea\u540c\u4e00\u4e3b\u673a\u7684\u540e\u7eed\u8fde\u63a5\u3002\u8fd9\u4e2a\u7279\u6027\u610f\u5473\u7740accept-new\u7684\u66f4\u6539\u5e76\u4e0d\u50cf\u5c06\u8be5\u6307\u4ee4\u7684\u503c\u66f4\u6539\u4e3ano\u90a3\u6837\u5177\u6709\u5b89\u5168\u98ce\u9669\u3002<\/div>\n<\/div>\n\u73b0\u5728\uff0c\u60a8\u5df2\u7ecf\u66f4\u65b0\u4e86SSH\u6307\u4ee4\uff0c\u4e0b\u4e00\u6b65\u5c06\u5f00\u59cb\u8fdb\u884cAnsible\u914d\u7f6e\u3002<\/p>\n
\u7b2c\u4e8c\u6b65 – \u914d\u7f6eAnsible\u4e3b\u673a\u6587\u4ef6<\/h2>\n
Ansible\u4e3b\u673a\u6587\u4ef6\uff08\u4e5f\u79f0\u4e3a\u6e05\u5355\u6587\u4ef6\uff09\u5305\u542b\u6709\u5173Ansible\u4e3b\u673a\u7684\u4fe1\u606f\u3002\u6b64\u4fe1\u606f\u53ef\u80fd\u5305\u62ec\u7ec4\u540d\u3001\u522b\u540d\u3001\u57df\u540d\u548cIP\u5730\u5740\u3002\u8be5\u6587\u4ef6\u9ed8\u8ba4\u4f4d\u4e8e\/etc\/ansible\u76ee\u5f55\u4e2d\u3002\u5728\u6b64\u6b65\u9aa4\u4e2d\uff0c\u60a8\u5c06\u6dfb\u52a0\u5148\u51b3\u6761\u4ef6\u90e8\u5206\u6240\u521b\u5efa\u7684Ansible\u4e3b\u673a\u7684IP\u5730\u5740\uff0c\u4ee5\u4fbf\u60a8\u53ef\u4ee5\u9488\u5bf9\u5b83\u4eec\u8fd0\u884c\u60a8\u7684Ansible\u5267\u672c\u3002<\/p>\n
\u9996\u5148\uff0c\u4f7f\u7528nano\u6216\u4f60\u949f\u7231\u7684\u6587\u672c\u7f16\u8f91\u5668\u6253\u5f00hosts\u6587\u4ef6\u3002<\/p>\n
- sudo<\/span> nano<\/span> \/etc\/ansible\/hosts\r\n<\/li><\/ol>\r\n<\/code><\/pre>\n
\u5728\u6587\u4ef6\u7684\u4ecb\u7ecd\u6027\u8bc4\u8bba\u4e4b\u540e\uff0c\u6dfb\u52a0\u4ee5\u4e0b\u51e0\u884c\u5185\u5bb9\uff1a<\/p>\n
\/etc\/ansible\/hosts \u53ef\u4ee5\u7528\u4ee5\u4e0b\u65b9\u5f0f\u8fdb\u884c\u8f6c\u8ff0\uff1a<\/div>\n...<\/span>\r\n\r\nhost1<\/mark> ansible_host=host1-<\/span>public-<\/span>ip-<\/span>address<\/mark>\r\nhost2<\/mark> ansible_host=host2-<\/span>public-<\/span>ip-<\/span>address<\/mark>\r\nhost3<\/mark> ansible_host=host3-<\/span>public-<\/span>ip-<\/span>address<\/mark>\r\n\r\n[<\/span>initial<\/mark>]<\/span>\r\nhost1<\/mark>\r\nhost2<\/mark>\r\nhost3<\/mark>\r\n\r\n[<\/span>ongoing<\/mark>]<\/span>\r\nhost1<\/mark>\r\nhost2<\/mark>\r\nhost3<\/mark>\r\n<\/code><\/pre>\nhost1\u3001host2\u548chost3\u90fd\u662f\u4f60\u60f3\u8981\u81ea\u52a8\u5316\u521d\u59cb\u670d\u52a1\u5668\u8bbe\u7f6e\u7684\u6bcf\u4e2a\u4e3b\u673a\u7684\u522b\u540d\u3002\u4f7f\u7528\u522b\u540d\u53ef\u4ee5\u66f4\u5bb9\u6613\u5730\u5728\u5176\u4ed6\u5730\u65b9\u5f15\u7528\u4e3b\u673a\u3002ansible_host\u662fAnsible\u8fde\u63a5\u53d8\u91cf\uff0c\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u6307\u5411\u76ee\u6807\u4e3b\u673a\u7684IP\u5730\u5740\u3002<\/p>\n
\u521d\u59cb\u548c\u6301\u7eed\u662fAnsible\u4e3b\u673a\u7684\u793a\u4f8b\u7ec4\u540d\u79f0\u3002\u9009\u62e9\u80fd\u591f\u6e05\u695a\u4e86\u89e3\u4e3b\u673a\u7528\u9014\u7684\u7ec4\u540d\u79f0\u3002\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u5bf9\u4e3b\u673a\u8fdb\u884c\u5206\u7ec4\uff0c\u53ef\u4ee5\u5c06\u5b83\u4eec\u4f5c\u4e3a\u4e00\u4e2a\u5355\u5143\u6765\u5904\u7406\u3002\u4e3b\u673a\u53ef\u4ee5\u5c5e\u4e8e\u591a\u4e2a\u7ec4\u3002\u672c\u6559\u7a0b\u4e2d\u7684\u4e3b\u673a\u5df2\u5206\u914d\u5230\u4e24\u4e2a\u4e0d\u540c\u7684\u7ec4\uff0c\u56e0\u4e3a\u5b83\u4eec\u5c06\u5728\u4e24\u4e2a\u4e0d\u540c\u7684playbook\u4e2d\u4f7f\u7528\uff1a\u521d\u59cb\u7ec4\u7528\u4e8e\u7b2c6\u6b65\u7684\u521d\u59cb\u670d\u52a1\u5668\u8bbe\u7f6e\uff0c\u6301\u7eed\u7ec4\u7528\u4e8e\u7b2c8\u6b65\u7684\u540e\u7eed\u670d\u52a1\u5668\u7ba1\u7406\u3002<\/p>\n
hostN\u7684\u516c\u5171IP\u5730\u5740\u662f\u6bcf\u4e2aAnsible\u4e3b\u673a\u7684IP\u5730\u5740\u3002\u8bf7\u786e\u4fdd\u7528\u5c06\u53c2\u4e0e\u81ea\u52a8\u5316\u7684\u670d\u52a1\u5668\u7684IP\u5730\u5740\u66ff\u6362host1\u7684\u516c\u5171IP\u5730\u5740\u548c\u968f\u540e\u7684\u884c\u3002<\/p>\n
\u5f53\u60a8\u5b8c\u6210\u5bf9\u6587\u4ef6\u7684\u4fee\u6539\u540e\uff0c\u8bf7\u4fdd\u5b58\u5e76\u5173\u95ed\u5b83\u3002<\/p>\n
\u5728\u6e05\u5355\u6587\u4ef6\u4e2d\u5b9a\u4e49\u4e3b\u673a\u53ef\u4ee5\u5e2e\u52a9\u60a8\u6307\u5b9a\u8981\u4f7f\u7528Ansible\u81ea\u52a8\u5316\u8bbe\u7f6e\u7684\u4e3b\u673a\u3002\u5728\u4e0b\u4e00\u6b65\u4e2d\uff0c\u60a8\u5c06\u514b\u9686\u5305\u542b\u793a\u4f8b\u5267\u672c\u7684\u5b58\u50a8\u5e93\uff0c\u4ee5\u5b9e\u73b0\u591a\u670d\u52a1\u5668\u8bbe\u7f6e\u7684\u81ea\u52a8\u5316\u3002<\/p>\n
\u6b65\u9aa43 \u2014 \u514b\u9686Ansible Ubuntu\u521d\u59cb\u670d\u52a1\u5668\u8bbe\u7f6e\u5b58\u50a8\u5e93<\/h2>\n
\u5728\u8fd9\u4e2a\u6b65\u9aa4\u4e2d\uff0c\u60a8\u5c06\u4eceGitHub\u514b\u9686\u4e00\u4e2a\u5305\u542b\u6b64\u81ea\u52a8\u5316\u6240\u9700\u6587\u4ef6\u7684\u793a\u4f8b\u4ed3\u5e93\u3002<\/p>\n
\u8fd9\u4e2a\u4ed3\u5e93\u5305\u542b\u4e86\u4e00\u4e2a\u6837\u4f8b\u591a\u670d\u52a1\u5668\u81ea\u52a8\u5316\u7684\u4e09\u4e2a\u6587\u4ef6\uff1ainitial.yml\uff0congoing.yml\uff0c\u548cvars\/default.yml\u3002initial.yml\u6587\u4ef6\u662f\u5305\u542b\u7740\u5bf9Ansible\u4e3b\u673a\u8fdb\u884c\u521d\u59cb\u8bbe\u7f6e\u7684plays\u548ctasks\u7684\u4e3b\u8981playbook\u3002ongoing.yml\u6587\u4ef6\u5305\u542b\u4e86\u5bf9\u4e3b\u673a\u8fdb\u884c\u521d\u59cb\u670d\u52a1\u5668\u8bbe\u7f6e\u540e\u7684\u6301\u7eed\u7ef4\u62a4\u7684\u4efb\u52a1\u3002vars\/default.yml\u6587\u4ef6\u5305\u542b\u4e86\u5728\u7b2c6\u6b65\u548c\u7b2c8\u6b65\u4e24\u4e2aplaybooks\u4e2d\u5c06\u88ab\u8c03\u7528\u7684\u53d8\u91cf\u3002<\/p>\n
\u8981\u514b\u9686\u8fd9\u4e2a\u4ed3\u5e93\uff0c\u8bf7\u8f93\u5165\u4ee5\u4e0b\u547d\u4ee4\uff1a<\/p>\n
- git<\/span> clone https:\/\/github.com\/do-community\/ansible-ubuntu.git\r\n<\/li><\/ol>\r\n<\/code><\/pre>\n
\u6216\u8005\uff0c\u5982\u679c\u60a8\u5df2\u5c06SSH\u5bc6\u94a5\u6dfb\u52a0\u5230\u60a8\u7684GitHub\u8d26\u6237\u4e2d\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u65b9\u5f0f\u514b\u9686\u5b58\u50a8\u5e93\uff1a<\/p>\n
- git@github.com:do-community\/ansible-ubuntu.git\r\n<\/li><\/ol>\r\n<\/code><\/pre>\n
\u4f60\u73b0\u5728\u7684\u5de5\u4f5c\u76ee\u5f55\u4e0b\u4f1a\u6709\u4e00\u4e2a\u540d\u4e3aansible-ubuntu\u7684\u6587\u4ef6\u5939\u3002\u8fdb\u5165\u5b83\uff1a<\/p>\n
- cd<\/span> ansible-ubuntu\r\n<\/li><\/ol>\r\n<\/code><\/pre>\n
\u5728\u63a5\u4e0b\u6765\u7684\u6559\u7a0b\u4e2d\uff0c\u90a3\u5c06\u662f\u4f60\u7684\u5de5\u4f5c\u76ee\u5f55\u3002<\/p>\n
\u5728\u8fd9\u4e00\u6b65\u9aa4\u4e2d\uff0c\u60a8\u901a\u8fc7Ansible\u83b7\u53d6\u4e86\u81ea\u52a8\u5316\u591a\u4e2aUbuntu 22.04\u670d\u52a1\u5668\u7684\u793a\u4f8b\u6587\u4ef6\u3002\u4e3a\u4e86\u51c6\u5907\u4e0e\u60a8\u7684\u4e3b\u673a\u76f8\u5173\u7684\u4fe1\u606f\u6587\u4ef6\uff0c\u60a8\u63a5\u4e0b\u6765\u5c06\u66f4\u65b0vars\/default.yml\u6587\u4ef6\u4ee5\u4f7f\u5176\u9002\u7528\u4e8e\u60a8\u7684\u7cfb\u7edf\u3002<\/p>\n
\u7b2c\u56db\u6b65 – \u4fee\u6539Ansible\u53d8\u91cf<\/h2>\n
\u8fd9\u4e2a\u624b\u518c\u5c06\u5f15\u7528\u4e00\u4e9b\u81ea\u52a8\u5316\u6240\u9700\u7684\u4fe1\u606f\uff0c\u8fd9\u4e9b\u4fe1\u606f\u53ef\u80fd\u9700\u8981\u968f\u65f6\u95f4\u66f4\u65b0\u3002\u5c06\u8fd9\u4e9b\u4fe1\u606f\u653e\u5728\u4e00\u4e2a\u53d8\u91cf\u6587\u4ef6\u4e2d\uff0c\u5e76\u5728\u624b\u518c\u4e2d\u8c03\u7528\u8fd9\u4e9b\u53d8\u91cf\uff0c\u6bd4\u5728\u624b\u518c\u5185\u90e8\u786c\u7f16\u7801\u66f4\u9ad8\u6548\u3002\u5728\u6b64\u6b65\u9aa4\u4e2d\uff0c\u60a8\u5c06\u4fee\u6539\u53d8\u91cf\u6587\u4ef6vars\/default.yml\u4e2d\u7684\u53d8\u91cf\uff0c\u4ee5\u7b26\u5408\u60a8\u7684\u504f\u597d\u548c\u8bbe\u7f6e\u9700\u6c42\u3002<\/p>\n
\u9996\u5148\uff0c\u4f7f\u7528nano\u6216\u60a8\u559c\u6b22\u7684\u6587\u672c\u7f16\u8f91\u5668\u6253\u5f00\u6587\u4ef6\u3002<\/p>\n
- nano<\/span> vars\/default.yml\r\n<\/li><\/ol>\r\n<\/code><\/pre>\n
\u4f60\u5c06\u4f1a\u5ba1\u6838\u6587\u4ef6\u5185\u5bb9\uff0c\u5176\u4e2d\u5305\u62ec\u4ee5\u4e0b\u53d8\u91cf:<\/p>\n
\u9ed8\u8ba4.yml\u6587\u4ef6\u4e2d\u7684\u53d8\u91cf<\/div>\ncreate_user<\/span>:<\/span> sammy<\/mark>\r\n\r\nssh_port<\/span>:<\/span> 5995<\/span><\/mark>\r\n\r\ncopy_local_key<\/span>:<\/span> \"{{ lookup('file', lookup('env','HOME') + '\/.ssh\/id_rsa.pub<\/mark>') }}\"<\/span>\r\n<\/code><\/pre>\ncreate_user\u53d8\u91cf\u7684\u503c\u5e94\u8be5\u662f\u5c06\u5728\u6bcf\u4e2a\u4e3b\u673a\u4e0a\u521b\u5efa\u7684sudo\u7528\u6237\u7684\u540d\u79f0\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u5b83\u662fsammy\uff0c\u4f46\u60a8\u53ef\u4ee5\u6839\u636e\u559c\u597d\u6765\u547d\u540d\u8be5\u7528\u6237\u3002<\/p>\n
ssh_port\u53d8\u91cf\u4fdd\u5b58\u4e86\u5728\u8bbe\u7f6e\u5b8c\u6210\u4e4b\u540e\u8fde\u63a5\u5230Ansible\u4e3b\u673a\u65f6\u4f7f\u7528\u7684SSH\u7aef\u53e3\u3002SSH\u7684\u9ed8\u8ba4\u7aef\u53e3\u662f22\uff0c\u4f46\u662f\u66f4\u6539\u5b83\u5c06\u663e\u8457\u51cf\u5c11\u5bf9\u670d\u52a1\u5668\u7684\u81ea\u52a8\u653b\u51fb\u6b21\u6570\u3002\u8fd9\u4e2a\u66f4\u6539\u662f\u53ef\u9009\u7684\uff0c\u4f46\u5c06\u63d0\u5347\u4e3b\u673a\u7684\u5b89\u5168\u6027\u3002\u60a8\u5e94\u8be5\u9009\u62e9\u4e00\u4e2a\u57281024\u523065535\u4e4b\u95f4\u7684\u8f83\u5c11\u77e5\u540d\u7684\u7aef\u53e3\uff0c\u5e76\u4e14\u6b64\u7aef\u53e3\u5728Ansible\u4e3b\u673a\u4e0a\u6ca1\u6709\u88ab\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u3002\u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d\uff0c\u60a8\u6b63\u5728\u4f7f\u7528\u7aef\u53e35995\u3002<\/p>\n
\n\n
Note<\/p>\n
\u6ce8\u610f\uff1a\u5982\u679c\u4f60\u7684\u63a7\u5236\u8282\u70b9\u6b63\u5728\u8fd0\u884c\u4e00\u4e2aLinux\u53d1\u884c\u7248\uff0c\u8bf7\u9009\u62e9\u4e00\u4e2a\u5927\u4e8e1023\u7684\u6570\u5b57\uff0c\u5e76\u5728\/etc\/services\u4e2d\u4f7f\u7528grep\u547d\u4ee4\u8fdb\u884c\u67e5\u627e\u3002\u4f8b\u5982\uff0c\u8fd0\u884cgrep 5995 \/etc\/services\u4ee5\u68c0\u67e55995\u662f\u5426\u88ab\u4f7f\u7528\u3002\u5982\u679c\u6ca1\u6709\u8f93\u51fa\uff0c\u5219\u8bf4\u660e\u8be5\u7aef\u53e3\u4e0d\u5b58\u5728\u4e8e\u8be5\u6587\u4ef6\u4e2d\uff0c\u4f60\u53ef\u4ee5\u5c06\u5176\u5206\u914d\u7ed9\u53d8\u91cf\u3002\u5982\u679c\u4f60\u7684\u63a7\u5236\u8282\u70b9\u4e0d\u662f\u4e00\u4e2aLinux\u53d1\u884c\u7248\uff0c\u800c\u4e14\u4f60\u4e0d\u77e5\u9053\u5728\u4f60\u7684\u7cfb\u7edf\u4e0a\u5982\u4f55\u627e\u5230\u5176\u76f8\u5f53\u4e8e\u7684\u4fe1\u606f\uff0c\u4f60\u53ef\u4ee5\u53c2\u8003\u670d\u52a1\u540d\u79f0\u548c\u4f20\u8f93\u534f\u8bae\u7aef\u53e3\u53f7\u6ce8\u518c\u8868\u3002<\/div>\n<\/div>\ncopy_local_key\u53d8\u91cf\u5f15\u7528\u4e86\u63a7\u5236\u8282\u70b9\u7684SSH\u516c\u94a5\u6587\u4ef6\u3002\u5982\u679c\u8be5\u6587\u4ef6\u7684\u540d\u79f0\u662fid_rsa.pub\uff0c\u5219\u5728\u8be5\u884c\u4e2d\u4e0d\u9700\u8981\u8fdb\u884c\u4efb\u4f55\u66f4\u6539\u3002\u5426\u5219\uff0c\u8bf7\u5c06\u5176\u66f4\u6539\u4e3a\u4e0e\u60a8\u7684\u63a7\u5236\u8282\u70b9\u7684SSH\u516c\u94a5\u6587\u4ef6\u5339\u914d\u3002\u60a8\u53ef\u4ee5\u5728\u63a7\u5236\u8282\u70b9\u7684~\/.ssh\u76ee\u5f55\u4e0b\u627e\u5230\u8be5\u6587\u4ef6\u3002\u5f53\u60a8\u5728\u7b2c5\u6b65\u4e2d\u8fd0\u884c\u4e3b\u8981\u7684playbook\u5e76\u521b\u5efa\u5177\u6709sudo\u6743\u9650\u7684\u7528\u6237\u540e\uff0cAnsible\u63a7\u5236\u5668\u5c06\u628a\u516c\u94a5\u6587\u4ef6\u590d\u5236\u5230\u7528\u6237\u7684\u4e3b\u76ee\u5f55\u4e2d\uff0c\u8fd9\u6837\u60a8\u5c31\u53ef\u4ee5\u5728\u670d\u52a1\u5668\u8fdb\u884c\u521d\u59cb\u5316\u8bbe\u7f6e\u4e4b\u540e\u4f7f\u7528\u8be5\u7528\u6237\u901a\u8fc7SSH\u8fdb\u884c\u767b\u5f55\u3002<\/p>\n
\u5f53\u4f60\u4fee\u6539\u5b8c\u6587\u4ef6\u540e\uff0c\u8bf7\u4fdd\u5b58\u5e76\u5173\u95ed\u5b83\u3002<\/p>\n
\u73b0\u5728\u4f60\u5df2\u7ecf\u5728vars\/default.yml\u6587\u4ef6\u4e2d\u4e3a\u53d8\u91cf\u8d4b\u503c\uff0c\u5f53\u6267\u884c\u7b2c6\u6b65\u548c\u7b2c8\u6b65\u7684playbook\u65f6\uff0cAnsible\u5c06\u80fd\u591f\u8c03\u7528\u8fd9\u4e9b\u53d8\u91cf\u3002\u5728\u4e0b\u4e00\u6b65\u4e2d\uff0c\u4f60\u5c06\u4f7f\u7528Ansible Vault\u6765\u521b\u5efa\u5e76\u4fdd\u62a4\u6bcf\u4e2a\u4e3b\u673a\u4e0a\u5c06\u8981\u521b\u5efa\u7684\u7528\u6237\u7684\u5bc6\u7801\u3002<\/p>\n
\u7b2c\u4e94\u6b65-\u4f7f\u7528Ansible Vault\u521b\u5efa\u52a0\u5bc6\u5bc6\u7801\u6587\u4ef6\u3002<\/h2>\n
\u4f7f\u7528 Ansible Vault \u53ef\u4ee5\u521b\u5efa\u548c\u52a0\u5bc6\u6587\u4ef6\u548c\u53d8\u91cf\uff0c\u8fd9\u4e9b\u6587\u4ef6\u548c\u53d8\u91cf\u53ef\u4ee5\u5728 playbooks \u4e2d\u5f15\u7528\u3002\u4f7f\u7528 Ansible Vault \u53ef\u4ee5\u786e\u4fdd\u5728\u6267\u884c playbook \u65f6\u654f\u611f\u4fe1\u606f\u4e0d\u4ee5\u660e\u6587\u5f62\u5f0f\u4f20\u8f93\u3002\u5728\u6b64\u6b65\u9aa4\u4e2d\uff0c\u60a8\u5c06\u521b\u5efa\u548c\u52a0\u5bc6\u4e00\u4e2a\u5305\u542b\u53d8\u91cf\u7684\u6587\u4ef6\uff0c\u8fd9\u4e9b\u53d8\u91cf\u7684\u503c\u5c06\u7528\u4e8e\u4e3a\u6bcf\u4e2a\u4e3b\u673a\u7684 sudo \u7528\u6237\u521b\u5efa\u5bc6\u7801\u3002\u901a\u8fc7\u4ee5\u8fd9\u79cd\u65b9\u5f0f\u4f7f\u7528 Ansible Vault\uff0c\u53ef\u4ee5\u786e\u4fdd\u5728\u521d\u59cb\u670d\u52a1\u5668\u8bbe\u7f6e\u671f\u95f4\u548c\u4e4b\u540e\u7684 playbook \u4e2d\uff0c\u5bc6\u7801\u4e0d\u4f1a\u4ee5\u660e\u6587\u65b9\u5f0f\u5f15\u7528\u3002<\/p>\n
\u4ecd\u7136\u5728ansible-ubuntu\u76ee\u5f55\u4e2d\uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u521b\u5efa\u5e76\u6253\u5f00\u4e00\u4e2a\u4fdd\u9669\u5e93\u6587\u4ef6\uff1a<\/p>\n
- ansible-vault create secret<\/mark>\r\n<\/li><\/ol>\r\n<\/code><\/pre>\n
\u5f53\u63d0\u793a\u65f6\uff0c\u8f93\u5165\u5e76\u786e\u8ba4\u4e00\u4e2a\u5bc6\u7801\uff0c\u7528\u4e8e\u52a0\u5bc6\u79d8\u5bc6\u6587\u4ef6\u3002\u8fd9\u5c31\u662f\u4fdd\u9669\u5e93\u5bc6\u7801\u3002\u5728\u6267\u884c\u7b2c6\u6b65\u548c\u7b2c8\u6b65\u7684playbook\u65f6\uff0c\u60a8\u5c06\u9700\u8981\u4fdd\u9669\u5e93\u5bc6\u7801\uff0c\u56e0\u6b64\u8bf7\u8bb0\u4f4f\u5b83\u3002<\/p>\n
\u8f93\u5165\u5e76\u786e\u8ba4\u4fdd\u9669\u5e93\u5bc6\u7801\u540e\uff0c\u79d8\u5bc6\u6587\u4ef6\u5c06\u5728\u4e0eshell\u7684EDITOR\u73af\u5883\u53d8\u91cf\u94fe\u63a5\u7684\u6587\u672c\u7f16\u8f91\u5668\u4e2d\u6253\u5f00\u3002\u5c06\u4ee5\u4e0b\u884c\u6dfb\u52a0\u5230\u6587\u4ef6\u4e2d\uff0c\u540c\u65f6\u66ff\u6362type_a_strong_password_here\u548ctype_a_salt_here\u7684\u503c\uff1a<\/p>\n
~\/ansible-ubuntu\/secret \u7684\u4e2d\u6587\u539f\u6587\u5982\u4e0b\uff1a<\/div>\n- password: type_a_strong_password_here<\/mark>\r\n<\/li>
- password_salt: type_a_salt_here<\/mark>\r\n<\/li><\/ol>\r\n<\/code><\/pre>\n
`password`\u53d8\u91cf\u7684\u503c\u5c06\u662f\u5728\u6bcf\u4e2a\u4e3b\u673a\u4e0a\u521b\u5efa\u7684sudo\u7528\u6237\u7684\u5b9e\u9645\u5bc6\u7801\u3002`password_salt`\u53d8\u91cf\u4f7f\u7528\u76d0\u4f5c\u4e3a\u5176\u503c\u3002\u76d0\u662f\u4efb\u4f55\u957f\u4e14\u968f\u673a\u7684\u503c\uff0c\u7528\u4e8e\u751f\u6210\u54c8\u5e0c\u5bc6\u7801\u3002\u60a8\u53ef\u4ee5\u4f7f\u7528\u5b57\u6bcd\u6216\u5b57\u6bcd\u6570\u5b57\u5b57\u7b26\u4e32\uff0c\u4f46\u4ec5\u4f7f\u7528\u6570\u5b57\u5b57\u7b26\u4e32\u53ef\u80fd\u65e0\u6548\u3002\u5728\u751f\u6210\u54c8\u5e0c\u5bc6\u7801\u65f6\u6dfb\u52a0\u76d0\u4f7f\u5f97\u731c\u6d4b\u5bc6\u7801\u6216\u7834\u89e3\u54c8\u5e0c\u66f4\u52a0\u56f0\u96be\u3002\u5728\u6267\u884c\u6b65\u9aa46\u548c\u6b65\u9aa48\u4e2d\u7684playbooks\u65f6\uff0c\u8fd9\u4e24\u4e2a\u53d8\u91cf\u5c06\u88ab\u8c03\u7528\u3002<\/p>\n
\n\n
Note<\/p>\n
\u6ce8\u610f\uff1a\u5728\u6d4b\u8bd5\u4e2d\uff0c\u6211\u4eec\u53d1\u73b0\u4ec5\u4f7f\u7528\u6570\u5b57\u5b57\u7b26\u7ec4\u6210\u7684\u76d0\u5728\u6b65\u9aa46\u548c\u6b65\u9aa48\u4e2d\u8fd0\u884cplaybook\u65f6\u4f1a\u51fa\u73b0\u95ee\u9898\u3002\u7136\u800c\uff0c\u4ec5\u4f7f\u7528\u5b57\u6bcd\u5b57\u7b26\u7ec4\u6210\u7684\u76d0\u662f\u6709\u6548\u7684\u3002\u540c\u65f6\uff0c\u4f7f\u7528\u5b57\u6bcd\u548c\u6570\u5b57\u7684\u7ec4\u5408\u4e5f\u662f\u6709\u6548\u7684\u3002\u8bf7\u8bb0\u4f4f\u8fd9\u4e00\u70b9\uff0c\u5728\u6307\u5b9a\u76d0\u503c\u65f6\u8981\u8003\u8651\u8fd9\u4e9b\u60c5\u51b5\u3002<\/div>\n<\/div>\n\u5f53\u60a8\u5b8c\u6210\u4fee\u6539\u6587\u4ef6\u65f6\uff0c\u8bf7\u4fdd\u5b58\u5e76\u5173\u95ed\u5b83\u3002<\/p>\n
\u60a8\u73b0\u5728\u5df2\u7ecf\u521b\u5efa\u4e86\u4e00\u4e2a\u5305\u542b\u53d8\u91cf\u7684\u52a0\u5bc6\u5bc6\u7801\u6587\u4ef6\uff0c\u8fd9\u4e9b\u53d8\u91cf\u5c06\u7528\u4e8e\u4e3a\u4e3b\u673a\u4e0a\u7684sudo\u7528\u6237\u521b\u5efa\u5bc6\u7801\u3002\u5728\u4e0b\u4e00\u6b65\u4e2d\uff0c\u60a8\u5c06\u901a\u8fc7\u8fd0\u884c\u4e3bAnsible playbook\u6765\u81ea\u52a8\u5b8c\u6210\u5728\u7b2c2\u6b65\u4e2d\u6307\u5b9a\u7684\u670d\u52a1\u5668\u7684\u521d\u59cb\u8bbe\u7f6e\u3002<\/p>\n
\u7b2c\u516d\u6b65 \u2014 \u5728\u4f60\u7684Ansible\u4e3b\u673a\u4e0a\u8fd0\u884c\u4e3b\u8981\u7684Playbook\u3002<\/h2>\n
\u5728\u8fd9\u4e00\u6b65\u9aa4\u4e2d\uff0c\u60a8\u5c06\u4f7f\u7528Ansible\u81ea\u52a8\u5316\u521d\u59cb\u670d\u52a1\u5668\u8bbe\u7f6e\uff0c\u6570\u91cf\u4e0e\u60a8\u5728\u6e05\u5355\u6587\u4ef6\u4e2d\u6307\u5b9a\u7684\u670d\u52a1\u5668\u76f8\u540c\u3002\u60a8\u5c06\u9996\u5148\u68c0\u67e5\u4e3b\u8981\u5267\u672c\u4e2d\u5b9a\u4e49\u7684\u4efb\u52a1\u3002\u7136\u540e\uff0c\u60a8\u5c06\u5bf9\u4e3b\u673a\u6267\u884c\u8be5\u5267\u672c\u3002<\/p>\n
\u4e00\u4e2aAnsible playbook\u7531\u4e00\u4e2a\u6216\u591a\u4e2aplay\u7ec4\u6210\uff0c\u6bcf\u4e2aplay\u5305\u542b\u4e00\u4e2a\u6216\u591a\u4e2a\u4efb\u52a1\u3002\u4f60\u5c06\u5bf9\u4f60\u7684Ansible\u4e3b\u673a\u8fd0\u884c\u7684\u793a\u4f8bplaybook\u5305\u542b\u4e86\u4e24\u4e2aplay\uff0c\u5171\u670914\u4e2a\u4efb\u52a1\u3002<\/p>\n
\u5728\u8fd0\u884c\u5267\u672c\u4e4b\u524d\uff0c\u60a8\u5c06\u5ba1\u67e5\u5176\u8bbe\u7f6e\u8fc7\u7a0b\u4e2d\u6d89\u53ca\u7684\u6bcf\u4e2a\u4efb\u52a1\u3002\u9996\u5148\uff0c\u4f7f\u7528nano\u6216\u60a8\u559c\u6b22\u7684\u6587\u672c\u7f16\u8f91\u5668\u6253\u5f00\u6587\u4ef6\u3002<\/p>\n
- nano<\/span> initial.yml\r\n<\/li><\/ol>\r\n<\/code><\/pre>\n
\u5267\u76ee1: \u6f14\u51fa<\/h3>\n
\u6587\u4ef6\u7684\u7b2c\u4e00\u90e8\u5206\u5305\u542b\u4ee5\u4e0b\u5173\u952e\u5b57\uff0c\u8fd9\u4e9b\u5173\u952e\u5b57\u4f1a\u5f71\u54cd\u5267\u672c\u7684\u884c\u4e3a\u3002<\/p>\n
initial.yml\u7684\u521d\u59cb\u8bbe\u7f6e\u3002<\/div>\n-<\/span> name<\/span>:<\/span> Initial server setup tasks<\/mark>\r\n hosts<\/span>:<\/span> initial<\/mark>\r\n remote_user<\/span>:<\/span> root\r\n vars_files<\/span>:<\/span>\r\n -<\/span> vars\/default.yml\r\n -<\/span> secret\r\n...<\/span>\r\n<\/code><\/pre>\n\u540d\u79f0\u662f\u620f\u5267\u7684\u4e00\u4e2a\u7b80\u77ed\u63cf\u8ff0\uff0c\u5b83\u5c06\u5728\u620f\u5267\u8fd0\u884c\u65f6\u663e\u793a\u5728\u7ec8\u7aef\u4e2d\u3002hosts\u5173\u952e\u5b57\u6307\u793a\u620f\u5267\u7684\u76ee\u6807\u4e3b\u673a\u3002\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\uff0c\u4f20\u9012\u7ed9\u5173\u952e\u5b57\u7684\u6a21\u5f0f\u662f\u4f60\u5728\u7b2c2\u6b65\u4e2d\u5728\/etc\/ansible\/hosts\u6587\u4ef6\u4e2d\u6307\u5b9a\u7684\u4e3b\u673a\u7ec4\u540d\u79f0\u3002\u4f60\u4f7f\u7528remote_user\u5173\u952e\u5b57\u544a\u8bc9Ansible\u63a7\u5236\u5668\u8981\u4f7f\u7528\u7684\u7528\u6237\u540d\u6765\u767b\u5f55\u4e3b\u673a\uff08\u5728\u8fd9\u79cd\u60c5\u51b5\u4e0b\u662froot\uff09\u3002vars_files\u5173\u952e\u5b57\u6307\u5411\u5305\u542b\u620f\u5267\u5728\u6267\u884c\u4efb\u52a1\u65f6\u5c06\u5f15\u7528\u7684\u53d8\u91cf\u7684\u6587\u4ef6\u3002<\/p>\n
\u901a\u8fc7\u8fd9\u4e2a\u8bbe\u7f6e\uff0cAnsible \u63a7\u5236\u5668\u4f1a\u5c1d\u8bd5\u901a\u8fc7 SSH \u7684 22 \u7aef\u53e3\u4ee5 root \u7528\u6237\u8eab\u4efd\u767b\u5f55\u5230\u4e3b\u673a\u3002\u5bf9\u4e8e\u6bcf\u4e2a\u6210\u529f\u767b\u5f55\u7684\u4e3b\u673a\uff0c\u5b83\u4f1a\u62a5\u544a\u4e00\u4e2a\u201cok\u201d\u7684\u54cd\u5e94\u3002\u5426\u5219\uff0c\u5b83\u4f1a\u62a5\u544a\u670d\u52a1\u5668\u4e0d\u53ef\u8bbf\u95ee\uff0c\u5e76\u5f00\u59cb\u6267\u884c\u4e0e\u6210\u529f\u767b\u5f55\u7684\u4e3b\u673a\u76f8\u5173\u7684 play \u7684\u4efb\u52a1\u3002\u5982\u679c\u60a8\u8981\u624b\u52a8\u5b8c\u6210\u6b64\u8bbe\u7f6e\uff0c\u8fd9\u4e2a\u81ea\u52a8\u5316\u8fc7\u7a0b\u4f1a\u53d6\u4ee3\u4f7f\u7528 ssh root@host-ip-address \u767b\u5f55\u5230\u4e3b\u673a\u3002<\/p>\n
\u5173\u952e\u8bcd\u90e8\u5206\u4e4b\u540e\u662f\u4e00\u4e2a\u6309\u987a\u5e8f\u6267\u884c\u7684\u4efb\u52a1\u5217\u8868\u3002\u4e0e\u620f\u5267\u4e00\u6837\uff0c\u6bcf\u4e2a\u4efb\u52a1\u90fd\u4ee5\u4e00\u4e2a\u540d\u79f0\u5f00\u59cb\uff0c\u8be5\u540d\u79f0\u63d0\u4f9b\u4e86\u4efb\u52a1\u5c06\u5b8c\u6210\u7684\u7b80\u8981\u63cf\u8ff0\u3002<\/p>\n
\u4efb\u52a11\uff1a\u66f4\u65b0\u7f13\u5b58<\/h4>\n
\u5728playbook\u4e2d\u7684\u7b2c\u4e00\u4e2a\u4efb\u52a1\u662f\u66f4\u65b0\u8f6f\u4ef6\u5305\u6570\u636e\u5e93\u3002<\/p>\n
\u521d\u59cb.yml<\/div>\n...<\/span>\r\n-<\/span> name<\/span>:<\/span> update cache<\/mark>\r\n ansible.builtin.apt<\/span>:<\/span>\r\n update_cache<\/span>:<\/span> yes\r\n...<\/span>\r\n<\/code><\/pre>\n\u8fd9\u4e2a\u4efb\u52a1\u5c06\u4f7f\u7528ansible.builtin.apt\u6a21\u5757\u66f4\u65b0\u8f6f\u4ef6\u5305\u6570\u636e\u5e93\uff0c\u8fd9\u4e5f\u662f\u4e3a\u4ec0\u4e48\u5b83\u88ab\u5b9a\u4e49\u4e3aupdate_cache: yes\u3002\u8be5\u4efb\u52a1\u5b9e\u73b0\u4e86\u4e0e\u767b\u5f55\u5230Ubuntu\u670d\u52a1\u5668\u5e76\u8f93\u5165sudo apt update\u76f8\u540c\u7684\u529f\u80fd\uff0c\u901a\u5e38\u662f\u66f4\u65b0\u6240\u6709\u5df2\u5b89\u88c5\u7684\u8f6f\u4ef6\u5305\u4e4b\u524d\u7684\u51c6\u5907\u5de5\u4f5c\u3002<\/p>\n
\u4efb\u52a12\uff1a\u66f4\u65b0\u6240\u6709\u5df2\u5b89\u88c5\u7684\u8f6f\u4ef6\u5305<\/h4>\n
\u5267\u672c\u4e2d\u7684\u7b2c\u4e8c\u4e2a\u4efb\u52a1\u662f\u66f4\u65b0\u8f6f\u4ef6\u5305\u3002<\/p>\n
\u521d\u59cb.yml<\/div>\n...<\/span>\r\n-<\/span> name<\/span>:<\/span> Update all installed packages<\/mark>\r\n ansible.builtin.apt<\/span>:<\/span>\r\n name<\/span>:<\/span> \"*\"<\/span>\r\n state<\/span>:<\/span> latest\r\n...<\/span>\r\n<\/code><\/pre>\n\u5c31\u50cf\u7b2c\u4e00\u4e2a\u4efb\u52a1\u4e00\u6837\uff0c\u8fd9\u4e2a\u4efb\u52a1\u4e5f\u4f7f\u7528\u4e86ansible.builtin.apt\u6a21\u5757\u3002\u5728\u8fd9\u91cc\uff0c\u4f60\u901a\u8fc7\u4f7f\u7528\u901a\u914d\u7b26\uff08\u540d\u79f0\uff1a”*”\uff09\u548c\u72b6\u6001\u4e3a\u6700\u65b0\uff08state\uff1alatest\uff09\u6765\u786e\u4fdd\u6240\u6709\u5df2\u5b89\u88c5\u7684\u8f6f\u4ef6\u5305\u90fd\u662f\u6700\u65b0\u7684\uff0c\u8fd9\u76f8\u5f53\u4e8e\u767b\u5f55\u5230\u4f60\u7684\u670d\u52a1\u5668\u4e0a\u5e76\u8fd0\u884csudo apt upgrade -y\u547d\u4ee4\u3002<\/p>\n
\u4efb\u52a13\uff1a\u786e\u4fddNTP\u670d\u52a1\u6b63\u5728\u8fd0\u884c\u3002<\/h4>\n
\u5728playbook\u4e2d\u7684\u7b2c\u4e09\u4e2a\u4efb\u52a1\u662f\u786e\u4fdd\u7f51\u7edc\u65f6\u95f4\u534f\u8bae\uff08NTP\uff09\u5b88\u62a4\u8fdb\u7a0b\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u3002<\/p>\n
\u521d\u59cb\u7684.yml\u6587\u4ef6<\/div>\n...<\/span>\r\n-<\/span> name<\/span>:<\/span> Make sure NTP service is running<\/mark>\r\n ansible.builtin.systemd<\/span>:<\/span>\r\n state<\/span>:<\/span> started\r\n name<\/span>:<\/span> systemd-<\/span>timesyncd\r\n...<\/span>\r\n<\/code><\/pre>\n\u8fd9\u4e2a\u4efb\u52a1\u8c03\u7528ansible.builtin.systemd\u6a21\u5757\u6765\u786e\u4fddsystemd-timesyncd\uff0c\u5373NTP\u5b88\u62a4\u7a0b\u5e8f\u6b63\u5728\u8fd0\u884c\uff08\u72b6\u6001\uff1a\u5df2\u542f\u52a8\uff09\u3002\u5f53\u60a8\u5e0c\u671b\u786e\u4fdd\u60a8\u7684\u670d\u52a1\u5668\u4fdd\u6301\u76f8\u540c\u7684\u65f6\u95f4\u65f6\uff0c\u53ef\u4ee5\u8fd0\u884c\u8fd9\u6837\u7684\u4efb\u52a1\uff0c\u8fd9\u53ef\u4ee5\u5e2e\u52a9\u5728\u8fd9\u4e9b\u670d\u52a1\u5668\u4e0a\u8fd0\u884c\u5206\u5e03\u5f0f\u5e94\u7528\u7a0b\u5e8f\u3002<\/p>\n
\u4efb\u52a14: \u786e\u4fdd\u6211\u4eec\u6709\u4e00\u4e2asudo\u7ec4<\/h4>\n
\u5267\u672c\u4e2d\u7684\u7b2c\u56db\u4e2a\u4efb\u52a1\u662f\u9a8c\u8bc1\u662f\u5426\u5b58\u5728sudo\u7fa4\u7ec4\u3002<\/p>\n
\u521d\u59cb.yml<\/div>\n...<\/span>\r\n-<\/span> name<\/span>:<\/span> Make sure we have a 'sudo' group<\/mark>\r\n ansible.builtin.group<\/span>:<\/span>\r\n name<\/span>:<\/span> sudo\r\n state<\/span>:<\/span> present\r\n...<\/span>\r\n<\/code><\/pre>\n\u6b64\u4efb\u52a1\u8c03\u7528ansible.builtin.group\u6a21\u5757\u6765\u68c0\u67e5\u4e3b\u673a\u4e0a\u662f\u5426\u5b58\u5728\u540d\u4e3asudo\u7684\u7ec4\uff08\u72b6\u6001\uff1a\u51fa\u73b0\uff09\u3002\u56e0\u4e3a\u60a8\u7684\u4e0b\u4e00\u4e2a\u4efb\u52a1\u4f9d\u8d56\u4e3b\u673a\u4e0a\u5b58\u5728sudo\u7ec4\uff0c\u6240\u4ee5\u6b64\u4efb\u52a1\u4f1a\u68c0\u67e5sudo\u7ec4\u7684\u5b58\u5728\uff0c\u4ee5\u786e\u4fdd\u4e0b\u4e00\u4e2a\u4efb\u52a1\u4e0d\u4f1a\u5931\u8d25\u3002<\/p>\n
\u4efb\u52a15\uff1a\u521b\u5efa\u4e00\u4e2a\u5177\u6709sudo\u7279\u6743\u7684\u7528\u6237<\/h4>\n
\u64ad\u653e\u624b\u518c\u4e2d\u7684\u7b2c\u4e94\u4e2a\u4efb\u52a1\u662f\u4f7f\u7528sudo\u7279\u6743\u521b\u5efa\u60a8\u7684\u975eroot\u7528\u6237\u3002<\/p>\n
\u6700\u521d.yml<\/div>\n...<\/span>\r\n-<\/span> name<\/span>:<\/span> Create a user with sudo privileges<\/mark>\r\n ansible.builtin.user<\/span>:<\/span>\r\n name<\/span>:<\/span> \"{{ create_user }}\"<\/span>\r\n state<\/span>:<\/span> present\r\n groups<\/span>:<\/span> sudo\r\n append<\/span>:<\/span> true<\/span>\r\n create_home<\/span>:<\/span> true<\/span>\r\n shell<\/span>:<\/span> \/bin\/bash\r\n password<\/span>:<\/span> \"{{ password | password_hash('sha512', password_salt) }}\"<\/span>\r\n update_password<\/span>:<\/span> on_create\r\n...<\/span>\r\n<\/code><\/pre>\n\u8fd9\u91cc\uff0c\u60a8\u901a\u8fc7\u8c03\u7528ansible\u5185\u7f6e\u7684user\u6a21\u5757\u5728\u6bcf\u4e2a\u4e3b\u673a\u4e0a\u521b\u5efa\u4e00\u4e2a\u7528\u6237\uff0c\u5e76\u5c06sudo\u7ec4\u9644\u52a0\u5230\u7528\u6237\u7684\u7ec4\u4e2d\u3002\u7528\u6237\u7684\u540d\u79f0\u662f\u4ecevars\/default.yml\u4e2d\u6307\u5b9a\u7684create_user\u53d8\u91cf\u7684\u503c\u6d3e\u751f\u800c\u6765\u3002\u6b64\u4efb\u52a1\u8fd8\u786e\u4fdd\u4e3a\u7528\u6237\u521b\u5efa\u4e00\u4e2a\u4e3b\u76ee\u5f55\uff0c\u5e76\u6307\u5b9a\u6b63\u786e\u7684shell\u3002<\/p>\n
\u4f7f\u7528\u5bc6\u7801\u53c2\u6570\u548c\u5728\u6b65\u9aa45\u4e2d\u8bbe\u7f6e\u7684\u5bc6\u7801\u548c\u76d0\u7684\u7ec4\u5408\uff0c\u8c03\u7528SHA-512\u5bc6\u7801\u54c8\u5e0c\u7b97\u6cd5\u7684\u51fd\u6570\u4e3a\u7528\u6237\u751f\u6210\u4e86\u4e00\u4e2a\u54c8\u5e0c\u5bc6\u7801\u3002\u4e0e\u79d8\u5bc6\u4fdd\u9669\u5e93\u6587\u4ef6\u914d\u5bf9\uff0c\u5bc6\u7801\u6c38\u8fdc\u4e0d\u4f1a\u4ee5\u660e\u6587\u5f62\u5f0f\u4f20\u9012\u7ed9\u63a7\u5236\u5668\u3002\u901a\u8fc7\u4f7f\u7528update_password\uff0c\u53ef\u4ee5\u786e\u4fdd\u53ea\u6709\u5728\u521b\u5efa\u7528\u6237\u7684\u7b2c\u4e00\u6b21\u624d\u8bbe\u7f6e\u54c8\u5e0c\u5bc6\u7801\u3002\u5982\u679c\u91cd\u65b0\u8fd0\u884cplaybook\uff0c\u5bc6\u7801\u5c06\u4e0d\u4f1a\u91cd\u65b0\u751f\u6210\u3002<\/p>\n
\u4efb\u52a16: \u4e3a\u8fdc\u7a0b\u7528\u6237\u8bbe\u7f6e\u6388\u6743\u5bc6\u94a5<\/h4>\n
\u5267\u672c\u4e2d\u7684\u7b2c\u516d\u4e2a\u4efb\u52a1\u4e3a\u60a8\u7684\u7528\u6237\u8bbe\u5b9a\u4e86\u5173\u952e\u3002<\/p>\n
\u521d\u59cb\u7684.yml\u6587\u4ef6<\/div>\n...<\/span>\r\n-<\/span> name<\/span>:<\/span> Set authorized key for remote user<\/mark>\r\n ansible.posix.authorized_key<\/span>:<\/span>\r\n user<\/span>:<\/span> \"{{ create_user }}\"<\/span>\r\n state<\/span>:<\/span> present\r\n key<\/span>:<\/span> \"{{ copy_local_key }}\"<\/span>\r\n...<\/span>\r\n<\/code><\/pre>\n\u901a\u8fc7\u8c03\u7528ansible.posix.authorized_key\uff0c\u5728\u8fd9\u4e2a\u4efb\u52a1\u4e2d\uff0c\u4f60\u53ef\u4ee5\u5c06\u4f60\u7684\u516c\u5171SSH\u5bc6\u94a5\u590d\u5236\u5230\u4e3b\u673a\u4e0a\u3002\u53d8\u91cfuser\u7684\u503c\u662f\u5728\u524d\u4e00\u4e2a\u4efb\u52a1\u4e2d\u5728\u4e3b\u673a\u4e0a\u521b\u5efa\u7684\u7528\u6237\u540d\uff0c\u800ckey\u6307\u5411\u8981\u590d\u5236\u7684\u5bc6\u94a5\u3002\u8fd9\u4e24\u4e2a\u53d8\u91cf\u5728var\/default.yml\u6587\u4ef6\u4e2d\u5b9a\u4e49\u3002\u8fd9\u4e2a\u4efb\u52a1\u7684\u6548\u679c\u4e0e\u624b\u52a8\u8fd0\u884cssh-copy-id\u547d\u4ee4\u76f8\u540c\u3002<\/p>\n
\u4efb\u52a17\uff1a\u7981\u6b62root\u7528\u6237\u7684\u8fdc\u7a0b\u767b\u5f55<\/h4>\n
\u5728\u624b\u518c\u4e2d\u7684\u7b2c\u4e03\u4e2a\u4efb\u52a1\u662f\u7981\u7528\u6839\u7528\u6237\u7684\u8fdc\u7a0b\u767b\u5f55\u3002<\/p>\n
\u521d\u59cb.yml<\/div>\n...<\/span>\r\n-<\/span> name<\/span>:<\/span> Disable remote login for root<\/mark>\r\n ansible.builtin.lineinfile<\/span>:<\/span>\r\n path<\/span>:<\/span> \/etc\/ssh\/sshd_config\r\n state<\/span>:<\/span> present\r\n regexp<\/span>:<\/span> '^PermitRootLogin yes'<\/span>\r\n