由於開始接觸 ansible 佈署工具,但有一些麻煩的地方:
沒有連外部網路的環境,是很麻煩的,東西得預先備妥
ansible 對版本對齊這件事還蠻要求的,不同版本的 playbook 或模組會有差異,套錯版本可能會有意料之外的狀況(通常是少一些步驟,變成雪球越滾越大)
對使用的 python 環境,也有不同版本:不過這一點稍微鬆一點,ansible 目前還能向下支援到很古老的 python 版本
如何方便的攜帶相依模組與對應的模組版本,這也是很痛苦的地方:雖然有 pip requirements.txt,但這沒有網路就無用武之地
部份公司的部門可能有設置 ansible tower 管理,這種狀況還有機會偷懶,只放置 ansible galaxy 帶過來的 collection 和預備好的 playbook;但更多時候,是面對接好線,灌好 RHEL/Debian 系列的電腦,直接開始表演。。。
因此要使用 ansible 佈署,最好是了解怎麼攜帶需要的環境。
以下筆記簡單的紀錄一種偷吃步方式:這邊以 CentOS 8 Stream 示範,不過原理上適用市面上熱門的 Linux distribution~
這邊的偷吃步大概描述如下:
打包行囊
在外部環境啟動一個需要版本的 Linux
安裝 OS 本身提供的 Python virtualenv 模組
啟動一個 virtualenv 環境
進入 virtualenv 環境安裝指定版本的 ansible
把整個 virtualenv 環境壓縮起來
把需要的 ansible galaxy collection 裝起來壓縮 $HOME/.ansible/collections/,或是用 v2.10 提供的 ansible-galaxy download 功能下載相依的 collection 壓縮檔
到沒有網路的目標環境
安裝 OS 本身提供的 Python virtualenv 模組
把上面解壓縮的 virtualenv 環境解開
把相依的 collection 壓縮檔放置定位,或是用 ansible-galaxy 安裝相依的壓縮檔
這樣就順利完成,可以開始真正的作業~
這邊盡量以 OS 本身提供的套件作為背景環境,主因是 OS 提供的套件最能夠避免客製化編譯環境,可能有缺少功能的狀況;此外,Python 的 pip 套件庫通常會對常見的 Python 環境提供編譯好的模組,可以省去 pip install 時編譯花費的時間;此外,遇到不知道的問題,OS 套件最容易找到解答~
以下就分兩段紀錄。使用 LXD 的仿真 CentOS 8-Stream:這步驟不熟的人,可以直接安裝一個 VM~
lxd_user@lxdlab:~$ lxc launch images:centos/8-Stream/amd64 ansible-control-node Creating ansible-control-node Starting ansible-control-node lxd_user@lxdlab:~$ lxd_user@lxdlab:~$ lxc launch images:centos/8-Stream/amd64 test Creating test Starting test lxd_user@lxdlab:~$ lxd_user@lxdlab:~$ lxd_user@lxdlab:~$ lxc list +----------------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +----------------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | ansible-control-node | RUNNING | 10.208.102.106 (eth0) | fd42:d985:155b:9a98:216:3eff:fe49:dae6 (eth0) | CONTAINER | 0 | +----------------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ | test | RUNNING | 10.208.102.252 (eth0) | fd42:d985:155b:9a98:216:3eff:fea7:50c6 (eth0) | CONTAINER | 0 | +----------------------+---------+-----------------------+-----------------------------------------------+-----------+-----------+ lxd_user@lxdlab:~$
打包行囊
首先進入 ansible-control-node 環境,安裝 virtualenv:這邊用 OS 預設的 Python 3.6 與 AppStream Repo 提供的 virtualenv,啟動一個裝 ansible 的環境,並且進入這個 virtualenv
lxd_user@lxdlab:~$ lxc shell ansible-control-node [root@ansible-control-node ~]# [root@ansible-control-node ~]# dnf install -y tar [root@ansible-control-node ~]# dnf install -y python3-virtualenv Last metadata expiration check: 0:00:06 ago on Tue Jul 27 10:07:36 2021. Dependencies resolved. ============================================================================================== Package Arch Version Repository Size ============================================================================================== Installing: python3-virtualenv noarch 15.1.0-20.module_el8.5.0+761+faacb0fb appstream 101 k Installing dependencies: libpkgconf x86_64 1.4.2-1.el8 baseos 35 k pkgconf x86_64 1.4.2-1.el8 baseos 38 k pkgconf-m4 noarch 1.4.2-1.el8 baseos 17 k pkgconf-pkg-config x86_64 1.4.2-1.el8 baseos 15 k platform-python-devel x86_64 3.6.8-39.el8 appstream 249 k python-rpm-macros noarch 3-41.el8 appstream 15 k python-srpm-macros noarch 3-41.el8 appstream 15 k python3-pip noarch 9.0.3-20.el8 appstream 20 k python3-rpm-generators noarch 5-6.el8 appstream 24 k python3-rpm-macros noarch 3-41.el8 appstream 14 k python3-setuptools noarch 39.2.0-6.el8 baseos 163 k python3-wheel-wheel noarch 1:0.31.1-2.module_el8.5.0+761+faacb0fb appstream 44 k python36 x86_64 3.6.8-37.module_el8.5.0+771+e5d9a225 appstream 19 k python36-devel x86_64 3.6.8-37.module_el8.5.0+771+e5d9a225 appstream 16 k Enabling module streams: python36 3.6 Transaction Summary ============================================================================================== Install 15 Packages Total download size: 786 k Installed size: 1.7 M Downloading Packages: (1/15): python-srpm-macros-3-41.el8.noarch.rpm 110 kB/s | 15 kB 00:00 (2/15): python-rpm-macros-3-41.el8.noarch.rpm 110 kB/s | 15 kB 00:00 (3/15): python3-pip-9.0.3-20.el8.noarch.rpm 434 kB/s | 20 kB 00:00 (4/15): python3-rpm-generators-5-6.el8.noarch.rpm 375 kB/s | 24 kB 00:00 (5/15): python3-rpm-macros-3-41.el8.noarch.rpm 241 kB/s | 14 kB 00:00 (6/15): python3-wheel-wheel-0.31.1-2.module_el8.5.0+761+faacb 480 kB/s | 44 kB 00:00 (7/15): python3-virtualenv-15.1.0-20.module_el8.5.0+761+faacb 569 kB/s | 101 kB 00:00 (8/15): python36-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64. 379 kB/s | 19 kB 00:00 (9/15): platform-python-devel-3.6.8-39.el8.x86_64.rpm 522 kB/s | 249 kB 00:00 (10/15): python36-devel-3.6.8-37.module_el8.5.0+771+e5d9a225. 133 kB/s | 16 kB 00:00 (11/15): libpkgconf-1.4.2-1.el8.x86_64.rpm 247 kB/s | 35 kB 00:00 (12/15): pkgconf-pkg-config-1.4.2-1.el8.x86_64.rpm 485 kB/s | 15 kB 00:00 (13/15): pkgconf-1.4.2-1.el8.x86_64.rpm 303 kB/s | 38 kB 00:00 (14/15): pkgconf-m4-1.4.2-1.el8.noarch.rpm 134 kB/s | 17 kB 00:00 (15/15): python3-setuptools-39.2.0-6.el8.noarch.rpm 1.3 MB/s | 163 kB 00:00 ---------------------------------------------------------------------------------------------- Total 933 kB/s | 786 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : python3-setuptools-39.2.0-6.el8.noarch 1/15 Installing : python36-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 2/15 Running scriptlet: python36-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 2/15 Installing : python3-pip-9.0.3-20.el8.noarch 3/15 Installing : pkgconf-m4-1.4.2-1.el8.noarch 4/15 Installing : libpkgconf-1.4.2-1.el8.x86_64 5/15 Installing : pkgconf-1.4.2-1.el8.x86_64 6/15 Installing : pkgconf-pkg-config-1.4.2-1.el8.x86_64 7/15 Installing : python3-wheel-wheel-1:0.31.1-2.module_el8.5.0+761+faacb0fb.noarc 8/15 Installing : python3-rpm-generators-5-6.el8.noarch 9/15 Installing : python-srpm-macros-3-41.el8.noarch 10/15 Installing : python-rpm-macros-3-41.el8.noarch 11/15 Installing : python3-rpm-macros-3-41.el8.noarch 12/15 Installing : platform-python-devel-3.6.8-39.el8.x86_64 13/15 Installing : python36-devel-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 14/15 Running scriptlet: python36-devel-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 14/15 Installing : python3-virtualenv-15.1.0-20.module_el8.5.0+761+faacb0fb.noarch 15/15 Running scriptlet: python3-virtualenv-15.1.0-20.module_el8.5.0+761+faacb0fb.noarch 15/15 Verifying : platform-python-devel-3.6.8-39.el8.x86_64 1/15 Verifying : python-rpm-macros-3-41.el8.noarch 2/15 Verifying : python-srpm-macros-3-41.el8.noarch 3/15 Verifying : python3-pip-9.0.3-20.el8.noarch 4/15 Verifying : python3-rpm-generators-5-6.el8.noarch 5/15 Verifying : python3-rpm-macros-3-41.el8.noarch 6/15 Verifying : python3-virtualenv-15.1.0-20.module_el8.5.0+761+faacb0fb.noarch 7/15 Verifying : python3-wheel-wheel-1:0.31.1-2.module_el8.5.0+761+faacb0fb.noarc 8/15 Verifying : python36-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 9/15 Verifying : python36-devel-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 10/15 Verifying : libpkgconf-1.4.2-1.el8.x86_64 11/15 Verifying : pkgconf-1.4.2-1.el8.x86_64 12/15 Verifying : pkgconf-m4-1.4.2-1.el8.noarch 13/15 Verifying : pkgconf-pkg-config-1.4.2-1.el8.x86_64 14/15 Verifying : python3-setuptools-39.2.0-6.el8.noarch 15/15 Installed: libpkgconf-1.4.2-1.el8.x86_64 pkgconf-1.4.2-1.el8.x86_64 pkgconf-m4-1.4.2-1.el8.noarch pkgconf-pkg-config-1.4.2-1.el8.x86_64 platform-python-devel-3.6.8-39.el8.x86_64 python-rpm-macros-3-41.el8.noarch python-srpm-macros-3-41.el8.noarch python3-pip-9.0.3-20.el8.noarch python3-rpm-generators-5-6.el8.noarch python3-rpm-macros-3-41.el8.noarch python3-setuptools-39.2.0-6.el8.noarch python3-virtualenv-15.1.0-20.module_el8.5.0+761+faacb0fb.noarch python3-wheel-wheel-1:0.31.1-2.module_el8.5.0+761+faacb0fb.noarch python36-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 python36-devel-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 Complete! [root@ansible-control-node ~]# [root@ansible-control-node ~]# virtualenv ansible-v210 Using base prefix '/usr' New python executable in /root/ansible-v210/bin/python3.6 Also creating executable in /root/ansible-v210/bin/python Installing setuptools, pip, wheel...done. [root@ansible-control-node ~]# source ~/ansible-v210/bin/activate (ansible-v210) [root@ansible-control-node ~]# (ansible-v210) [root@ansible-control-node ~]# which python /root/ansible-v210/bin/python (ansible-v210) [root@ansible-control-node ~]#
接著就安裝 ansible:這邊指定 v2.10:這份筆記紀錄時,最新的是 v2.11,不過差一個小版號,就足以造成執行失敗了。
(ansible-v210) [root@ansible-control-node ~]# pip install ansible==2.10
Collecting ansible==2.10
Downloading ansible-2.10.0.tar.gz (25.5 MB)
|████████████████████████████████| 25.5 MB 56 kB/s
Collecting ansible-base<2.11,>=2.10.1
Downloading ansible-base-2.10.12.tar.gz (6.0 MB)
|████████████████████████████████| 6.0 MB 8.0 MB/s
Collecting jinja2
Downloading Jinja2-3.0.1-py3-none-any.whl (133 kB)
|████████████████████████████████| 133 kB 12.7 MB/s
Collecting PyYAML
Downloading PyYAML-5.4.1-cp36-cp36m-manylinux1_x86_64.whl (640 kB)
|████████████████████████████████| 640 kB 9.2 MB/s
Collecting cryptography
Downloading cryptography-3.4.7-cp36-abi3-manylinux2014_x86_64.whl (3.2 MB)
|████████████████████████████████| 3.2 MB 14.7 MB/s
Collecting packaging
Downloading packaging-21.0-py3-none-any.whl (40 kB)
|████████████████████████████████| 40 kB 1.8 MB/s
Collecting cffi>=1.12
Downloading cffi-1.14.6-cp36-cp36m-manylinux1_x86_64.whl (401 kB)
|████████████████████████████████| 401 kB 14.7 MB/s
Collecting pycparser
Downloading pycparser-2.20-py2.py3-none-any.whl (112 kB)
|████████████████████████████████| 112 kB 10.4 MB/s
Collecting MarkupSafe>=2.0
Downloading MarkupSafe-2.0.1-cp36-cp36m-manylinux2010_x86_64.whl (30 kB)
Collecting pyparsing>=2.0.2
Downloading pyparsing-2.4.7-py2.py3-none-any.whl (67 kB)
|████████████████████████████████| 67 kB 3.0 MB/s
Building wheels for collected packages: ansible, ansible-base
Building wheel for ansible (setup.py) ... done
Created wheel for ansible: filename=ansible-2.10.0-py3-none-any.whl size=43068838 sha256=4a179d5cfebfba06b7800b3f8d8ae568250704c3a08960e272c58aff4ac4e0d8
Stored in directory: /root/.cache/pip/wheels/a6/07/fe/d3e0b1bb3832059d5186a3f3c5e5cf339cc94cd2983c0efa73
Building wheel for ansible-base (setup.py) ... done
Created wheel for ansible-base: filename=ansible_base-2.10.12-py3-none-any.whl size=1877594 sha256=748601005d98154ecccd637503cfdc5989ed5db4a73c44dbd7fd6025676bcebf
Stored in directory: /root/.cache/pip/wheels/bc/ee/2e/5318d3f5a450f6cd6fd32929f9da338d03155ad7cbabf83427
Successfully built ansible ansible-base
Installing collected packages: pycparser, pyparsing, MarkupSafe, cffi, PyYAML, packaging, jinja2, cryptography, ansible-base, ansible
Successfully installed MarkupSafe-2.0.1 PyYAML-5.4.1 ansible-2.10.0 ansible-base-2.10.12 cffi-1.14.6 cryptography-3.4.7 jinja2-3.0.1 packaging-21.0 pycparser-2.20 pyparsing-2.4.7
(ansible-v210) [root@ansible-control-node ~]#
(ansible-v210) [root@ansible-control-node ~]# ls ~/ansible-v210/lib64/python3.6/site-packages/
Jinja2-3.0.1.dist-info distutils-precedence.pth
MarkupSafe-2.0.1.dist-info jinja2
PyYAML-5.4.1.dist-info markupsafe
__pycache__ packaging
_cffi_backend.cpython-36m-x86_64-linux-gnu.so packaging-21.0.dist-info
_distutils_hack pip
_yaml pip-21.2.1.dist-info
ansible pkg_resources
ansible-2.10.0.dist-info pycparser
ansible_base-2.10.12.dist-info pycparser-2.20.dist-info
ansible_collections pyparsing-2.4.7.dist-info
ansible_test pyparsing.py
cffi setuptools
cffi-1.14.6.dist-info setuptools-57.4.0.dist-info
cffi.libs wheel
cryptography wheel-0.36.2.dist-info
cryptography-3.4.7.dist-info yaml
(ansible-v210) [root@ansible-control-node ~]#
(ansible-v210) [root@ansible-control-node ~]# pip list
Package Version
------------ -------
ansible 2.10.0
ansible-base 2.10.12
cffi 1.14.6
cryptography 3.4.7
Jinja2 3.0.1
MarkupSafe 2.0.1
packaging 21.0
pip 21.2.1
pycparser 2.20
pyparsing 2.4.7
PyYAML 5.4.1
setuptools 57.4.0
wheel 0.36.2
(ansible-v210) [root@ansible-control-node ~]#
為了 ansible 的使用便利,可以加裝 Tab 按鈕的自動補完功能(auto-completion):沒有這個,就如同少了一個手指一樣~
這部份安裝完畢後,要登出重新登入才會生效
(ansible-v210) [root@ansible-control-node ~]# pip install argcomplete Collecting argcomplete Downloading argcomplete-1.12.3-py2.py3-none-any.whl (38 kB) Collecting importlib-metadata<5,>=0.23 Downloading importlib_metadata-4.6.3-py3-none-any.whl (17 kB) Collecting typing-extensions>=3.6.4 Downloading typing_extensions-3.10.0.0-py3-none-any.whl (26 kB) Collecting zipp>=0.5 Downloading zipp-3.5.0-py3-none-any.whl (5.7 kB) Installing collected packages: zipp, typing-extensions, importlib-metadata, argcomplete Successfully installed argcomplete-1.12.3 importlib-metadata-4.6.3 typing-extensions-3.10.0.0 zipp-3.5.0 (ansible-v210) [root@ansible-control-node ~]# (ansible-v210) [root@ansible-control-node ~]# which activate-global-python-argcomplete /root/ansible-v210/bin/activate-global-python-argcomplete (ansible-v210) [root@ansible-control-node ~]# (ansible-v210) [root@ansible-control-node ~]# ~/ansible-v210/bin/activate-global-python-argcomplete --dest=- >> ~/.bashrc (ansible-v210) [root@ansible-control-node ~]#
接著就可以打包環境帶著走了
(ansible-v210) [root@ansible-control-node ~]# tar -p --keep-directory-symlink -czvf ansible-v210.tgz ansible-v210/ (ansible-v210) [root@ansible-control-node ~]#
(ansible-v210) [root@ansible-control-node ~]# ansible-galaxy collection download edb_devops.edb_postgres Process install dependency map Starting collection download process to '/root/collections' Downloading collection 'edb_devops.edb_postgres' to '/root/collections/edb_devops-edb_postgres-3.4.0.tar.gz' Downloading https://galaxy.ansible.com/download/edb_devops-edb_postgres-3.4.0.tar.gz to /root/.ansible/tmp/ansible-local-1567ywuv860c/tmpiimhebm3 edb_devops.edb_postgres (3.4.0) was downloaded successfully Downloading collection 'ansible.posix' to '/root/collections/ansible-posix-1.1.1.tar.gz' Downloading https://galaxy.ansible.com/download/ansible-posix-1.1.1.tar.gz to /root/.ansible/tmp/ansible-local-1567ywuv860c/tmpiimhebm3 ansible.posix (1.1.1) was downloaded successfully Downloading collection 'community.crypto' to '/root/collections/community-crypto-1.4.0.tar.gz' Downloading https://galaxy.ansible.com/download/community-crypto-1.4.0.tar.gz to /root/.ansible/tmp/ansible-local-1567ywuv860c/tmpiimhebm3 community.crypto (1.4.0) was downloaded successfully Downloading collection 'community.general' to '/root/collections/community-general-2.1.1.tar.gz' Downloading https://galaxy.ansible.com/download/community-general-2.1.1.tar.gz to /root/.ansible/tmp/ansible-local-1567ywuv860c/tmpiimhebm3 community.general (2.1.1) was downloaded successfully Downloading collection 'community.postgresql' to '/root/collections/community-postgresql-1.1.1.tar.gz' Downloading https://galaxy.ansible.com/download/community-postgresql-1.1.1.tar.gz to /root/.ansible/tmp/ansible-local-1567ywuv860c/tmpiimhebm3 community.postgresql (1.1.1) was downloaded successfully Writing requirements.yml file of downloaded collections to '/root/collections/requirements.yml' (ansible-v210) [root@ansible-control-node ~]# ls ~/collections/ ansible-posix-1.1.1.tar.gz community-postgresql-1.1.1.tar.gz community-crypto-1.4.0.tar.gz edb_devops-edb_postgres-3.4.0.tar.gz community-general-2.1.1.tar.gz requirements.yml (ansible-v210) [root@ansible-control-node ~]# (ansible-v210) [root@ansible-control-node ~]# tar -cvf edb-ansible-collection.tar collections/ (ansible-v210) [root@ansible-control-node ~]# exit lxd_user@lxdlab:~$
行李打包到此結束。
到沒有網路的目標環境
這邊懶的準備真的沒網路的 VM,因此直接進隔壁 container 作業,不過執行過程都不會有連網路取得東西的行為,因此仍可以適用。
取出檔案,放到目標環境
lxd_user@lxdlab:~$ lxc file pull ansible-control-node/root/ansible-v210.tgz ~ lxd_user@lxdlab:~$ lxc file pull ansible-control-node/root/edb-ansible-collection.tar ~ lxd_user@lxdlab:~$ lxc launch images:centos/8-Stream/amd64 test Creating test Starting test lxd_user@lxdlab:~$ lxd_user@lxdlab:~$ lxc file push ansible-v210.tgz test/root/ lxd_user@lxdlab:~$ lxc file push edb-ansible-collection.tar test/root/ lxd_user@lxdlab:~$ lxc shell test [root@test ~]# [root@test ~]# dnf install -y tar python3-virtualenv [root@test ~]#
然後解開打包的檔案,就可以進入 virtualenv 環境了
[root@test ~]# tar -xvf ansible-v210.tgz [root@test ~]# tar -xvf edb-ansible-collection.tar [root@test ~]# source ~/ansible-v210/bin/activate (ansible-v210) [root@test ~]# pip list Package Version ------------ ------- ansible 2.10.0 ansible-base 2.10.12 cffi 1.14.6 cryptography 3.4.7 Jinja2 3.0.1 MarkupSafe 2.0.1 packaging 21.0 pip 21.2.1 pycparser 2.20 pyparsing 2.4.7 PyYAML 5.4.1 setuptools 57.4.0 wheel 0.36.2 (ansible-v210) [root@test ~]#
把手指拿回來(具體來說是左手無名指。。):補上 bash completion~
(ansible-v210) [root@test ~]# ~/ansible-v210/bin/activate-global-python-argcomplete --dest=- >> ~/.bashrc (ansible-v210) [root@test ~]#
然後來安裝 ansible collections
(ansible-v210) [root@test ~]# cd ~/collections/ (ansible-v210) [root@test collections]# ansible-galaxy collection install -r ./requirements.yml Starting galaxy collection install process Process install dependency map Starting collection install process Installing 'edb_devops.edb_postgres:3.4.0' to '/root/.ansible/collections/ansible_collections/edb_devops/edb_postgres' edb_devops.edb_postgres (3.4.0) was installed successfully Installing 'ansible.posix:1.1.1' to '/root/.ansible/collections/ansible_collections/ansible/posix' ansible.posix (1.1.1) was installed successfully Installing 'community.crypto:1.4.0' to '/root/.ansible/collections/ansible_collections/community/crypto' community.crypto (1.4.0) was installed successfully Installing 'community.general:2.1.1' to '/root/.ansible/collections/ansible_collections/community/general' community.general (2.1.1) was installed successfully Installing 'community.postgresql:1.1.1' to '/root/.ansible/collections/ansible_collections/community/postgresql' community.postgresql (1.1.1) was installed successfully (ansible-v210) [root@test collections]#
最後可以用以下指令查詢,這邊就列最後部份自己裝的內容
(ansible-v210) [root@test collections]# ansible-galaxy collection list . . . 略 . . . # /root/.ansible/collections/ansible_collections Collection Version ----------------------- ------- ansible.posix 1.1.1 community.crypto 1.4.0 community.general 2.1.1 community.postgresql 1.1.1 edb_devops.edb_postgres 3.4.0 (ansible-v210) [root@test collections]#
最後,這邊雖然用 root 帳號,不過 ansible 執行主機不需要用 root:不過被操作的主機則需要暫時貢獻 root 或是用 sudoer 才行。
下面作一點小小補充,限定 root 帳號可以 ssh 登入的來源 IP,作為這篇筆記的結束:
使用以下方式,限定來源 IP 為 10.128.0.xxx 網段可以從 ssh 登入 root 帳號;注意 PermitRootLogin no 要設定在檔案內(通常是 RHEL 系列 OS 的預設值)
[iamsudoer@vm-test ~]$ sudo tee -a /etc/ssh/sshd_config << EOF
Match Address 10.128.0.0/24
PermitRootLogin yes
PasswordAuthentication yes
Match all
EOF
[iamsudoer@vm-test ~]$ sudo service sshd restart
[iamsudoer@vm-test ~]$
沒有留言:
張貼留言