RHCE ansible second operation

1、 Deploy to the managed host yum Warehouse , Examples are as follows ：

Warehouse 1 ：
Name: base
​ Description: baseos
​ Base url: https://mirrors.163.com/centos-vault/8.5.2111/BaseOS/x86_64/os/
​ Need to validate the package GPG Signature
​ GPG key stay /etc/pki/rpm-gpg/RPM-GPG-KEY-*
​ Enable this software repository

Warehouse 2：
Name: app
Description: appstream
Base url： https://mirrors.163.com/centos-vault/8.5.2111/AppStream/x86_64/os/
Need to validate the package GPG Signature
GPG key stay ： /etc/pki/rpm-gpg/RPM-GPG-KEY-*
Enable this software repository

notes ： Check your own linux System version , And select the corresponding version warehouse .
After successful deployment, install on the managed host vsftpd software package

First, make sure that there is ansible.conf and inventory File and configuration is correct
then vim One by .yml Final document
Here we use 1-create-yum.yml For example ：
[[email protected] test1]$ vim 1-create-yum.yml
Then edit the following content in the file ：

The code is as follows ：

---
- name: play1
  hosts: all
  tasks:
    - name: create base
      yum_repository:
        name: base
        description: baseos
        baseurl: https://mirrors.aliyun.com/centos-vault/8.2.2004/BaseOS/x86_64/os/
        gpgcheck: yes
    - name: create appstream
      yum_repository:
        name: app
        description: appstream
        baseurl: https://mirrors.aliyun.com/centos-vault/8.2.2004/AppStream/x86_64/os/
        gpgcheck: yes
    - name: install vsftpd
      yum:
        name: vsftpd
        state: latest

2、 to web Host group write one playbook, The playbook There are two play, first play It can be guaranteed in web Install on host group httpd and php, Make sure web Of the host group /var/www/html/ There is a file under the directory named index.php, The contents are as follows ：

$ cat /var/www/html/index.php
<?php
phpinfo();

Among them playbook The second one play Used to test the web Of the host group web Whether the service can be successfully accessed index.php Content .

First go to the configuration file to set web Group

Then configure one .yml file
The contents of the document are as follows ：

The document code is as follows ：

---
- name: play1
  hosts: web
  tasks:
    - name: install httpd
      yum:
        name:
          - httpd
          - php
        state: latest
    - name: create index
      copy:
        content: "<?php\nphpinfo();\n"
        dest: /var/www/html/index.php
    - name: delete index.html
      file:
        path: /var/www/html/index.html
        state: absent
    - name: add a firewalld rule
      firewalld:
        service: http
        permanent: true
        state: enabled
        immediate: true
    - name: restart httpd
      service:
        name: httpd
        state: restarted

- name: play2
  hosts: master
  tasks:
    - name: ceshi master
      uri:
        url: http://master

3、 Add a normal user on the controlled node xiaohong, Users who configure the current control node can log in without secret xiaohong user , also xiaohong Sure sudo.

Configure on the control node .yml file

[[email protected] test1]$ vim 3-useradd.yml
The contents of the document are as follows

Because I configured password free login before , So there is no need to generate public-private key pairs
if necessary
Add

The verification results

The document code is as follows ：

---
- name: play1
  hosts: node01
  tasks:
    - name: useradd xiaohong
      user:
        name: xiaohong
        state: present

    - name: xiaohong sudoers
      lineinfile:
        line: "xiaohong ALL=(ALL) NOPASSWD:ALL"
        path: /etc/sudoers
    - authorized_key:
        state: present
        user: xiaohong
        key: "{
    { lookup('file', '/home/admin/.ssh/id_rsa.pub') }}"