设置 Ansible 控制节点

要设置 Ansible 控制节点,请在 SUSE Multi-Linux Manager Web UI 中执行以下步骤。

To configure a client as the Ansible Control Node, the Ansible package must be installed on that system. Usually, the Ansible package should be obtained from the operating system vendor’s official repositories. For example, on SUSE Linux Enterprise 15 SP6 and SP7, Ansible is available through the Systems Management Module.

过程:在 SUSE Linux Enterprise 15 SP6 或 SP7 系统上设置 Ansible 控制节点
  1. In the SUSE Multi-Linux Manager Web UI, navigate to Admin  Setup Wizard  Products, verify that SUSE Linux Enterprise Server 15 SP6 x86_64 (or later) with the Systems Management Module and the required Python 3 Module are selected and synchronized.

  2. 部署 SUSE Linux Enterprise 15 SP6(或更高版本)客户端。

  3. In the SUSE Multi-Linux Manager Web UI, navigate to the Systems  Overview page of the client. Select Software  Software Channels and subscribe the client to the SUSE Linux Enterprise Server 15 SP6 x86_64 (or later SP), Systems Management Module and Python 3 Module channels.

  4. Select Details  Properties of your client. From the Add-On System Types list enable Ansible Control Node and click Update Properties.

  5. 导航到客户端概览页面,选择状态  Highstate,然后单击 应用 Highstate

  6. 选择事件选项卡并校验 Highstate 的状态。

If you want to install a newer Ansible on a SUSE Linux Enterprise 15 SP4 or SP5 client, you must enable the Python 3 Module.

较新的 Ansible 版本已不再支持管理使用过时 Python 版本的节点。如果受管节点仍然默认使用较旧 Python 版本,在运行剧本时可能会遇到连接错误或执行失败。为解决此问题,用户应在条件允许的情况下升级受管节点上的 Python,并在 Ansible 清单或配置中设置正确的 Python 解释器。

1. 创建 Ansible 清单文件

Ansible 集成工具会将剧本部署为清单文件。请为表 1 中列出的每个操作系统创建一个清单文件。

过程:创建 Ansible 清单文件
  1. Create and add your hosts to an inventory file to be managed by Ansible. The default path for an Ansible inventory is /etc/ansible/hosts.

    Listing 1. 清单示例
    client240.mgr.example.org
    client241.mgr.example.org
    client242.mgr.example.org
    client243.mgr.example.org ansible_ssh_private_key_file=/etc/ansible/some_ssh_key
    
    [mygroup1]
    client241.mgr.example.org
    client242.mgr.example.org
    
    [mygroup2]
    client243.mgr.example.org
    
    [all:vars]
    ansible_ssh_public_key_file=/etc/ansible/my_ansible_private_key
  2. In the SUSE Multi-Linux Manager Web UI, from the Ansible tab navigate to Ansible  Control Node to add inventory files to the control node.

  3. Under the Playbook Directories section add /usr/share/scap-security-guide/ansible to the Add a Playbook Directories field and click Save.

  4. Under Inventory Files add your inventory file locations to the Add an Inventory file field and click Save.

    Listing 2. 示例
    /etc/ansible/sles15
    /etc/ansible/sles12
    /etc/ansible/centos7

    有关更多剧本示例,请参见 https://github.com/ansible/ansible-examples

过程:与 Ansible 节点建立通信
  1. 创建您要在清单中使用的 SSH 密钥。

    ssh-keygen -f /etc/ansible/my_ansible_private_key
  2. 将生成的 SSH 密钥复制到 Ansible 受管客户端。示例:

    ssh-copy-id -i /etc/ansible/my_ansible_public_key root@client240.mgr.example.org
  3. Declare the private key in /etc/ansible/ansible.cfg as follows:

    private_key_file = /etc/ansible/my_ansible_private_key

    Replace my_ansible_private_key with the name of the file containing the private key.

  4. 通过从控制节点执行以下命令来测试 Ansible 是否正常运行:

    ansible all -m ping
    ansible mygroup1 -m ping
    ansible client240.mgr.example.org -m ping

现在您可以运行更新。有关详细信息,请参见 合规性即代码