下面來看一下如何透過 Ansible 來做自動化部署 Chrony (NTP 網路時間通訊協定服務) ,參考文章 – https://www.redhat.com/sysadmin/ansible-chrony-daemon
測試環境 CentOS 9 Stream (虛擬機)
架構需求如下系統可以分為 Control node ( Ansible 控制端) 與 Managed nodes (被 Ansible 控制端)
- Control node ( Ansible 控制端) IP: 192.168.31.131
- Managed nodes (被 Ansible 控制端) IP: 192.168.31.133 與 192.168.31.178
如果需要重新設定 NTP 網路時間通訊協定服務 ( 現行 NTP 使用 Chrony Daemon , 詳細請參考 – https://benjr.tw/102661 ) ,大量的部署可以直接使用 Ansible Play Book 的方式來快速處理.
在開始前要先設定好你的 Managed nodes 的連線方式,我使用 public SSH key 的方式,詳細請參考 https://benjr.tw/106439
- 建立一個測試用的資料夾
[root@localhost ~]# mkdir ansible_quickstart && cd ansible_quickstart [root@localhost ansible_quickstart]#
- 編輯要部署的 chrony.conf
[root@localhost ansible_quickstart]# cat chrony.conf server 192.168.0.1 iburst server 192.168.0.2 iburst stratumweight 0 driftfile /var/lib/chrony/drift rtcsync makestep 10 3 bindcmdaddress 127.0.0.1 bindcmdaddress ::1 keyfile /etc/chrony.keys commandkey 1 generatecommandkey noclientlog logchange 0.5 logdir /var/log/chrony
- 編輯 Managed nodes 的資訊
前面已經設定好 public SSH key ,就不需輸入密碼或是寫到檔案內.[root@localhost ansible_quickstart]# cat remote.ini [CentOS] CentOS-VM1 ansible_host=192.168.31.133 ansible_connection=ssh ansible_port=22 ansible_user=root CentOS-VM2 ansible_host=192.168.31.178 ansible_connection=ssh ansible_port=22 ansible_user=root
- 編輯 Ansible Play Book
主要就是 3 個動作, 1. yum 2. copy 3. start service[root@localhost ansible_quickstart]# cat ntp.yaml --- - hosts: CentOS tasks: - name: make sure chronyd is installed yum: name: chrony state: latest update_cache: yes - name: deploy chrony.conf template template: src: /root/ansible_quickstart/chrony.conf dest: /etc/chrony.conf owner: root group: root mode: 0644 backup: yes - name: Restart chronyd service: name: chronyd state: restarted可以透過 ansible-lint 檢查 ntp.yaml 設定檔.
[root@localhost ansible_quickstart]# ansible-lint ntp.yaml WARNING Listing 12 violation(s) that are fatal name[play]: All plays should be named. ntp.yaml:2 fqcn[action-core]: Use FQCN for builtin module actions (yum). ntp.yaml:4 Use `ansible.builtin.yum` or `ansible.legacy.yum` instead. name[casing]: All names should start with an uppercase letter. ntp.yaml:4 Task/Handler: make sure chronyd is installed package-latest: Package installs should not use latest. ntp.yaml:4 Task/Handler: make sure chronyd is installed yaml[indentation]: Wrong indentation: expected at least 3 ntp.yaml:4 yaml[truthy]: Truthy value should be one of [false, true] ntp.yaml:8 fqcn[action-core]: Use FQCN for builtin module actions (template). ntp.yaml:10 Use `ansible.builtin.template` or `ansible.legacy.template` instead. name[casing]: All names should start with an uppercase letter. ntp.yaml:10 Task/Handler: deploy chrony.conf template yaml[octal-values]: Forbidden implicit octal value "0644" ntp.yaml:16 yaml[truthy]: Truthy value should be one of [false, true] ntp.yaml:17 fqcn[action-core]: Use FQCN for builtin module actions (service). ntp.yaml:19 Use `ansible.builtin.service` or `ansible.legacy.service` instead. yaml[indentation]: Wrong indentation: expected 5 but found 6 ntp.yaml:21 Read documentation for instructions on how to ignore specific rule violations. Rule Violation Summary count tag profile rule associated tags 1 name[play] basic idiom 2 yaml[indentation] basic formatting, yaml 1 yaml[octal-values] basic formatting, yaml 2 yaml[truthy] basic formatting, yaml 2 name[casing] moderate idiom 1 package-latest safety idempotency 3 fqcn[action-core] production formatting Failed: 12 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'min'. A new release of ansible-lint is available: 6.22.2 → 24.6.1 - 開始部署
[root@localhost ansible_quickstart]# ansible-playbook -i remote.ini ntp.yaml PLAY [CentOS] ********************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************* ok: [CentOS-VM1] ok: [CentOS-VM2] TASK [make sure chronyd is installed] ********************************************************************************** ok: [CentOS-VM1] changed: [CentOS-VM2] TASK [deploy chrony.conf template] ************************************************************************************* changed: [CentOS-VM1] changed: [CentOS-VM2] TASK [Restart chronyd] ************************************************************************************************* changed: [CentOS-VM1] changed: [CentOS-VM2] PLAY RECAP ************************************************************************************************************* CentOS-VM1 : ok=4 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 CentOS-VM2 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
- 檢視 Managed nodes
到 Managed nodes (被 Ansible 控制端) IP: 192.168.31.133 檢視 chrony.conf 與服務是否正確.[root@localhost ~]# cat /etc/chrony.conf server 192.168.0.1 iburst server 192.168.0.2 iburst stratumweight 0 driftfile /var/lib/chrony/drift rtcsync makestep 10 3 bindcmdaddress 127.0.0.1 bindcmdaddress ::1 keyfile /etc/chrony.keys commandkey 1 generatecommandkey noclientlog logchange 0.5 logdir /var/log/chrony [root@localhost ~]# systemctl status chrony Unit chrony.service could not be found.
[root@localhost ~]# systemctl status chronyd ● chronyd.service - NTP client/server Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; preset: enabled) Active: active (running) since Thu 2024-07-04 17:48:31 CST; 16h ago Docs: man:chronyd(8) man:chrony.conf(5) Process: 10101 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS) Main PID: 10215 (chronyd) Tasks: 1 (limit: 22829) Memory: 1004.0K CPU: 115ms CGroup: /system.slice/chronyd.service └─10215 /usr/sbin/chronyd -F 2
沒有解決問題,試試搜尋本站其他內容