Documentation survey

设置 Ansible 控制节点

要设置 Ansible 控制节点,请在 SUSE Multi-Linux Manager Web UI 中执行以下步骤。

To configure a client as the Ansible Control Node, the Ansible package must be installed on that system. Usually, the Ansible package should be obtained from the operating system vendor’s official repositories. For example, on SUSE Linux Enterprise 15 SP6 and SP7, Ansible is available through the Systems Management Module.

Procedure: Setting up Ansible Control Node on a SUSE Linux Enterprise 15 SP6 or SP7 system
  1. In the SUSE Multi-Linux Manager Web UI, navigate to Admin  Setup Wizard  Products, verify that SUSE Linux Enterprise Server 15 SP6 x86_64 (or later) with the Systems Management Module and the required Python 3 Module are selected and synchronized.

  2. Deploy a SUSE Linux Enterprise 15 SP6 (or later) client.

  3. In the SUSE Multi-Linux Manager Web UI, navigate to the Systems  Overview page of the client. Select Software  Software Channels and subscribe the client to the SUSE Linux Enterprise Server 15 SP6 x86_64 (or later SP), Systems Management Module and Python 3 Module channels.

  4. 选择客户端的细节  属性。在附加系统类型列表中启用 Ansible 控制节点,然后单击 更新属性

  5. 导航到客户端概览页面,选择状态  Highstate,然后单击 应用 Highstate

  6. 选择事件选项卡并校验 Highstate 的状态。

If you want to install a newer Ansible on a SUSE Linux Enterprise 15 SP4 or SP5 client, you must enable the Python 3 Module.

Newer versions of Ansible no longer support managing nodes with outdated Python versions. If a managed node still defaults to an older Python version, you may encounter connection errors or failures during playbook runs. To address this, user should upgrade Python on the managed node, if possible and set the correct Python interpreter in the Ansible inventory or configuration.

1. 创建 Ansible 库存文件

Ansible 集成工具会将剧本部署为库存文件。请为表 1 中列出的每个操作系统创建一个库存文件。

过程:创建 Ansible 库存文件
  1. 创建主机并将其添加到由 Ansible 管理的库存文件。Ansible 库存的默认路径为 /etc/ansible/hosts

    Listing 1. 库存示例
    client240.mgr.example.org
    client241.mgr.example.org
    client242.mgr.example.org
    client243.mgr.example.org ansible_ssh_private_key_file=/etc/ansible/some_ssh_key
    
    [mygroup1]
    client241.mgr.example.org
    client242.mgr.example.org
    
    [mygroup2]
    client243.mgr.example.org
    
    [all:vars]
    ansible_ssh_private_key_file=/etc/ansible/my_ansible_private_key
  2. 在 SUSE Multi-Linux Manager Web UI 中的 Ansible 选项卡内,导航到 Ansible  控制节点,将库存文件添加到该控制节点中。

  3. 剧本目录部分下,将 /usr/share/scap-security-guide/ansible 添加到添加剧本目录字段中,然后单击 保存

  4. 库存文件下,将您的库存文件位置添加到添加库存文件字段,然后单击 保存

    Listing 2. 示例
    /etc/ansible/sles15
    /etc/ansible/sles12
    /etc/ansible/centos7

    有关更多剧本示例,请参见 https://github.com/ansible/ansible-examples

2. 与 Ansible 节点建立通信

过程:与 Ansible 节点建立通信
  1. 创建您要在库存中使用的 SSH 密钥。

    ssh-keygen -f /etc/ansible/my_ansible_private_key
  2. 将生成的 SSH 密钥复制到 Ansible 受管客户端。示例:

    ssh-copy-id -i /etc/ansible/my_ansible_private_key root@client240.mgr.example.org
  3. 如下所示在 /etc/ansible/ansible.cfg 中声明私用密钥:

    private_key_file = /etc/ansible/my_ansible_private_key

    请将 my_ansible_private_key 替换为包含私用密钥的文件的文件名。

  4. 通过从控制节点执行以下命令来测试 Ansible 是否正常运行:

    ansible all -m ping
    ansible mygroup1 -m ping
    ansible client240.mgr.example.org -m ping

现在您可以运行更新。有关详细信息,请参见 合规性即代码