设置 Ansible 控制节点
要设置 Ansible 控制节点,请在 SUSE Multi-Linux Manager Web UI 中执行以下步骤。
|
To configure a client as the Ansible Control Node, the Ansible package must be installed on that system. Usually, the Ansible package should be obtained from the operating system vendor’s official repositories. For example, on SUSE Linux Enterprise 15 SP6 and SP7, Ansible is available through the |
In the SUSE Multi-Linux Manager Web UI, navigate to , verify that
SUSE Linux Enterprise Server 15 SP6 x86_64(or later) with theSystems Management Moduleand the requiredPython 3 Moduleare selected and synchronized.部署 SUSE Linux Enterprise 15 SP6(或更高版本)客户端。
In the SUSE Multi-Linux Manager Web UI, navigate to the page of the client. Select and subscribe the client to the
SUSE Linux Enterprise Server 15 SP6 x86_64(or later SP),Systems Management ModuleandPython 3 Modulechannels.Select of your client. From the
Add-On System Typeslist enableAnsible Control Nodeand click Update Properties.导航到客户端概览页面,选择,然后单击 应用 Highstate。
选择事件选项卡并校验 Highstate 的状态。
If you want to install a newer Ansible on a SUSE Linux Enterprise 15 SP4 or SP5 client, you must enable the Python 3 Module.
|
较新的 Ansible 版本已不再支持管理使用过时 Python 版本的节点。如果受管节点仍然默认使用较旧 Python 版本,在运行剧本时可能会遇到连接错误或执行失败。为解决此问题,用户应在条件允许的情况下升级受管节点上的 Python,并在 Ansible 清单或配置中设置正确的 Python 解释器。 |
1. 创建 Ansible 清单文件
Ansible 集成工具会将剧本部署为清单文件。请为表 1 中列出的每个操作系统创建一个清单文件。
Create and add your hosts to an inventory file to be managed by Ansible. The default path for an Ansible inventory is
/etc/ansible/hosts.Listing 1. 清单示例client240.mgr.example.org client241.mgr.example.org client242.mgr.example.org client243.mgr.example.org ansible_ssh_private_key_file=/etc/ansible/some_ssh_key [mygroup1] client241.mgr.example.org client242.mgr.example.org [mygroup2] client243.mgr.example.org [all:vars] ansible_ssh_public_key_file=/etc/ansible/my_ansible_private_keyIn the SUSE Multi-Linux Manager Web UI, from the
Ansibletab navigate to to add inventory files to the control node.Under the
Playbook Directoriessection add/usr/share/scap-security-guide/ansibleto theAdd a Playbook Directoriesfield and click Save.Under
Inventory Filesadd your inventory file locations to theAdd an Inventory filefield and click Save.Listing 2. 示例/etc/ansible/sles15 /etc/ansible/sles12 /etc/ansible/centos7有关更多剧本示例,请参见 https://github.com/ansible/ansible-examples。
-
创建您要在清单中使用的 SSH 密钥。
ssh-keygen -f /etc/ansible/my_ansible_private_key
-
将生成的 SSH 密钥复制到 Ansible 受管客户端。示例:
ssh-copy-id -i /etc/ansible/my_ansible_public_key root@client240.mgr.example.org
-
Declare the private key in
/etc/ansible/ansible.cfgas follows:private_key_file = /etc/ansible/my_ansible_private_key
Replace
my_ansible_private_keywith the name of the file containing the private key. -
通过从控制节点执行以下命令来测试 Ansible 是否正常运行:
ansible all -m ping ansible mygroup1 -m ping ansible client240.mgr.example.org -m ping
现在您可以运行更新。有关详细信息,请参见 合规性即代码。