Ansible 範例 – Chrony daemon

Loading

下面來看一下如何透過 Ansible 來做自動化部署 Chrony (NTP 網路時間通訊協定服務) ,參考文章 – https://www.redhat.com/sysadmin/ansible-chrony-daemon

測試環境 CentOS 9 Stream (虛擬機)

架構需求如下系統可以分為 Control node ( Ansible 控制端) 與 Managed nodes (被 Ansible 控制端)

  • Control node ( Ansible 控制端) IP: 192.168.31.131
  • Managed nodes (被 Ansible 控制端) IP: 192.168.31.133 與 192.168.31.178

如果需要重新設定 NTP 網路時間通訊協定服務 ( 現行 NTP 使用 Chrony Daemon , 詳細請參考 – https://benjr.tw/102661 ) ,大量的部署可以直接使用 Ansible Play Book 的方式來快速處理.

在開始前要先設定好你的 Managed nodes 的連線方式,我使用 public SSH key 的方式,詳細請參考 https://benjr.tw/106439

  • 建立一個測試用的資料夾
    [root@localhost ~]# mkdir ansible_quickstart && cd ansible_quickstart
    [root@localhost ansible_quickstart]#
    
  • 編輯要部署的 chrony.conf
    [root@localhost ansible_quickstart]# cat chrony.conf
    server 192.168.0.1 iburst
    server 192.168.0.2 iburst
    stratumweight 0
    driftfile /var/lib/chrony/drift
    rtcsync
    makestep 10 3
    bindcmdaddress 127.0.0.1
    bindcmdaddress ::1
    keyfile /etc/chrony.keys
    commandkey 1
    generatecommandkey
    noclientlog
    logchange 0.5
    logdir /var/log/chrony
    
  • 編輯 Managed nodes 的資訊
    前面已經設定好 public SSH key ,就不需輸入密碼或是寫到檔案內.

    [root@localhost ansible_quickstart]# cat remote.ini
    [CentOS]
    CentOS-VM1 ansible_host=192.168.31.133 ansible_connection=ssh ansible_port=22 ansible_user=root
    CentOS-VM2 ansible_host=192.168.31.178 ansible_connection=ssh ansible_port=22 ansible_user=root
    
  • 編輯 Ansible Play Book
    主要就是 3 個動作, 1. yum 2. copy 3. start service

    [root@localhost ansible_quickstart]# cat ntp.yaml
    ---
    - hosts: CentOS
      tasks:
      - name: make sure chronyd is installed
        yum:
         name: chrony
         state: latest
         update_cache: yes
    
      - name: deploy chrony.conf template
        template:
         src: /root/ansible_quickstart/chrony.conf
         dest: /etc/chrony.conf
         owner: root
         group: root
         mode: 0644
         backup: yes
    
      - name: Restart chronyd
        service:
          name: chronyd
          state: restarted
    

    可以透過 ansible-lint 檢查 ntp.yaml 設定檔.

    [root@localhost ansible_quickstart]# ansible-lint ntp.yaml
    WARNING  Listing 12 violation(s) that are fatal
    name[play]: All plays should be named.
    ntp.yaml:2
    
    fqcn[action-core]: Use FQCN for builtin module actions (yum).
    ntp.yaml:4 Use `ansible.builtin.yum` or `ansible.legacy.yum` instead.
    
    name[casing]: All names should start with an uppercase letter.
    ntp.yaml:4 Task/Handler: make sure chronyd is installed
    
    package-latest: Package installs should not use latest.
    ntp.yaml:4 Task/Handler: make sure chronyd is installed
    
    yaml[indentation]: Wrong indentation: expected at least 3
    ntp.yaml:4
    
    yaml[truthy]: Truthy value should be one of [false, true]
    ntp.yaml:8
    
    fqcn[action-core]: Use FQCN for builtin module actions (template).
    ntp.yaml:10 Use `ansible.builtin.template` or `ansible.legacy.template` instead.
    
    name[casing]: All names should start with an uppercase letter.
    ntp.yaml:10 Task/Handler: deploy chrony.conf template
    
    yaml[octal-values]: Forbidden implicit octal value "0644"
    ntp.yaml:16
    
    yaml[truthy]: Truthy value should be one of [false, true]
    ntp.yaml:17
    
    fqcn[action-core]: Use FQCN for builtin module actions (service).
    ntp.yaml:19 Use `ansible.builtin.service` or `ansible.legacy.service` instead.
    
    yaml[indentation]: Wrong indentation: expected 5 but found 6
    ntp.yaml:21
    
    Read documentation for instructions on how to ignore specific rule violations.
    
                      Rule Violation Summary
     count tag                profile    rule associated tags
         1 name[play]         basic      idiom
         2 yaml[indentation]  basic      formatting, yaml
         1 yaml[octal-values] basic      formatting, yaml
         2 yaml[truthy]       basic      formatting, yaml
         2 name[casing]       moderate   idiom
         1 package-latest     safety     idempotency
         3 fqcn[action-core]  production formatting
    
    Failed: 12 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'min'.
    A new release of ansible-lint is available: 6.22.2 → 24.6.1
    
  • 開始部署
    [root@localhost ansible_quickstart]# ansible-playbook -i remote.ini ntp.yaml
    
    PLAY [CentOS] **********************************************************************************************************
    
    TASK [Gathering Facts] *************************************************************************************************
    ok: [CentOS-VM1]
    ok: [CentOS-VM2]
    
    TASK [make sure chronyd is installed] **********************************************************************************
    ok: [CentOS-VM1]
    changed: [CentOS-VM2]
    
    TASK [deploy chrony.conf template] *************************************************************************************
    changed: [CentOS-VM1]
    changed: [CentOS-VM2]
    
    TASK [Restart chronyd] *************************************************************************************************
    changed: [CentOS-VM1]
    changed: [CentOS-VM2]
    
    PLAY RECAP *************************************************************************************************************
    CentOS-VM1                 : ok=4    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
    CentOS-VM2                 : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
    
  • 檢視 Managed nodes
    到 Managed nodes (被 Ansible 控制端) IP: 192.168.31.133 檢視 chrony.conf 與服務是否正確.

    [root@localhost ~]# cat  /etc/chrony.conf
    server 192.168.0.1 iburst
    server 192.168.0.2 iburst
    stratumweight 0
    driftfile /var/lib/chrony/drift
    rtcsync
    makestep 10 3
    bindcmdaddress 127.0.0.1
    bindcmdaddress ::1
    keyfile /etc/chrony.keys
    commandkey 1
    generatecommandkey
    noclientlog
    logchange 0.5
    logdir /var/log/chrony
    [root@localhost ~]# systemctl status chrony
    Unit chrony.service could not be found.
    
    [root@localhost ~]# systemctl status chronyd
    ● chronyd.service - NTP client/server
         Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; preset: enabled)
         Active: active (running) since Thu 2024-07-04 17:48:31 CST; 16h ago
           Docs: man:chronyd(8)
                 man:chrony.conf(5)
        Process: 10101 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
       Main PID: 10215 (chronyd)
          Tasks: 1 (limit: 22829)
         Memory: 1004.0K
            CPU: 115ms
         CGroup: /system.slice/chronyd.service
                 └─10215 /usr/sbin/chronyd -F 2
    
沒有解決問題,試試搜尋本站其他內容

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料