{"id":34910,"date":"2024-08-22T14:23:18","date_gmt":"2024-08-22T07:23:18","guid":{"rendered":"http:\/\/jupitek.maudemo.vip\/index.php\/2024\/08\/22\/automate-server-configuration-with-ansible-playbooks\/"},"modified":"2024-08-22T14:23:18","modified_gmt":"2024-08-22T07:23:18","slug":"automate-server-configuration-with-ansible-playbooks","status":"publish","type":"post","link":"https:\/\/jupitek.maudemo.vip\/index.php\/2024\/08\/22\/automate-server-configuration-with-ansible-playbooks\/","title":{"rendered":"T\u1ef1 \u0111\u1ed9ng c\u1ea5u h\u00ecnh server v\u1edbi Ansible Playbooks"},"content":{"rendered":"<p><strong>Playbook<\/strong>&nbsp;\u0111\u1ecbnh ngh\u0129a m\u1ed9t t\u1eadp h\u1ee3p c\u00e1c t\u00e1c v\u1ee5 \u0111\u01b0\u1ee3c Ansible th\u1ef1c hi\u1ec7n tr\u00ean m\u1ed9t nh\u00f3m c\u00e1c n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd. Trong khi b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng Ansible \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 m\u1ed9t l\u1ea7n th\u00f4ng qua d\u00f2ng l\u1ec7nh, Playbook c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng l\u1ea1i, chia s\u1ebb gi\u1eefa c\u00e1c nh\u00f3m, ki\u1ec3m so\u00e1t phi\u00ean b\u1ea3n v\u00e0 h\u1ed7 tr\u1ee3 c\u00e1c y\u00eau c\u1ea7u tri\u1ec3n khai v\u00e0 tri\u1ec3n khai ph\u1ee9c t\u1ea1p. B\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng c\u00e1c t\u00ednh n\u0103ng nh\u01b0 tr\u00ecnh x\u1eed l\u00fd, bi\u1ebfn, m\u1eabu, x\u1eed l\u00fd l\u1ed7i v\u00e0 logic \u0111i\u1ec1u khi\u1ec3n trong Playbook c\u1ee7a m\u00ecnh \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng h\u00f3a th\u00f4ng minh c\u00e1c quy tr\u00ecnh CNTT c\u1ee7a b\u1ea1n tr\u00ean m\u1ed9t nh\u00f3m m\u00e1y ch\u1ee7.<\/p>\n<h2 id=\"scope-of-this-guide\">Ph\u1ea1m vi c\u1ee7a H\u01b0\u1edbng d\u1eabn n\u00e0y<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#scope-of-this-guide\"><\/a><\/h2>\n<p>H\u01b0\u1edbng d\u1eabn n\u00e0y cung c\u1ea5p ph\u1ea7n gi\u1edbi thi\u1ec7u v\u1ec1 c\u00e1c kh\u00e1i ni\u1ec7m Ansible Playbook, nh\u01b0 t\u00e1c v\u1ee5, v\u1edf k\u1ecbch, bi\u1ebfn v\u00e0 m\u1eabu Jinja. Trong c\u00e1c v\u00ed d\u1ee5 c\u1ee7a h\u01b0\u1edbng d\u1eabn n\u00e0y, b\u1ea1n s\u1ebd t\u1ea1o Playbook \u0111\u1ec3 t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c m\u1ee5c sau:<\/p>\n<ul>\n<li>T\u1ea1o t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng gi\u1edbi h\u1ea1n tr\u00ean Linode<\/li>\n<li>C\u00e1c t\u00e1c v\u1ee5 thi\u1ebft l\u1eadp m\u00e1y ch\u1ee7 ph\u1ed5 bi\u1ebfn, nh\u01b0 \u0111\u1eb7t t\u00ean m\u00e1y ch\u1ee7, m\u00fai gi\u1edd v\u00e0 c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m h\u1ec7 th\u1ed1ng<\/li>\n<li>C\u00e0i \u0111\u1eb7t ng\u0103n x\u1ebfp LAMP<\/li>\n<\/ul>\n<h2 id=\"before-you-begin\">Tr\u01b0\u1edbc khi b\u1ea1n b\u1eaft \u0111\u1ea7u<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#before-you-begin\"><\/a><\/h2>\n<ul>\n<li>N\u1ebfu b\u1ea1n ch\u01b0a quen v\u1edbi Ansible, h\u00e3y xem l\u1ea1i ph\u1ea7n&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/getting-started-with-ansible\/#what-is-ansible\">\u0110\u1ecbnh ngh\u0129a v\u1ec1 Ansible<\/a>&nbsp;trong h\u01b0\u1edbng d\u1eabn&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/getting-started-with-ansible\/\">B\u1eaft \u0111\u1ea7u v\u1edbi Ansible<\/a>&nbsp;.<\/li>\n<li>C\u00e0i \u0111\u1eb7t Ansible tr\u00ean m\u00e1y t\u00ednh ho\u1eb7c Linode c\u1ee7a b\u1ea1n b\u1eb1ng c\u00e1ch l\u00e0m theo c\u00e1c b\u01b0\u1edbc trong ph\u1ea7n&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/getting-started-with-ansible\/#set-up-the-control-node\">Thi\u1ebft l\u1eadp N\u00fat \u0111i\u1ec1u khi\u1ec3n<\/a>&nbsp;c\u1ee7a h\u01b0\u1edbng d\u1eabn&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/getting-started-with-ansible\/\">B\u1eaft \u0111\u1ea7u v\u1edbi Ansible<\/a>&nbsp;.<\/li>\n<li>Tri\u1ec3n khai Linode ch\u1ea1y Ubuntu 22.04 LTS \u0111\u1ec3 qu\u1ea3n l\u00fd b\u1eb1ng Ansible. T\u1ea5t c\u1ea3 Playbook \u0111\u01b0\u1ee3c t\u1ea1o trong h\u01b0\u1edbng d\u1eabn n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c th\u1ef1c thi tr\u00ean Linode n\u00e0y. L\u00e0m theo&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/getting-started-with-ansible\/#set-up-the-control-node\">B\u1eaft \u0111\u1ea7u v\u1edbi Ansible &#8211; C\u00e0i \u0111\u1eb7t v\u00e0 thi\u1ebft l\u1eadp c\u01a1 b\u1ea3n<\/a>&nbsp;\u0111\u1ec3 t\u00ecm hi\u1ec3u c\u00e1ch thi\u1ebft l\u1eadp k\u1ebft n\u1ed1i gi\u1eefa n\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible v\u00e0 Linode c\u1ee7a b\u1ea1n.Ghi ch\u00faKhi l\u00e0m theo h\u01b0\u1edbng d\u1eabn&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/getting-started-with-ansible\/#set-up-the-control-node\">B\u1eaft \u0111\u1ea7u v\u1edbi Ansible<\/a>&nbsp;\u0111\u1ec3 tri\u1ec3n khai Linode, b\u1ea1n kh\u00f4ng c\u1ea7n ph\u1ea3i th\u00eam c\u1eb7p kh\u00f3a SSH c\u1ee7a n\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible v\u00e0o Linode \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd c\u1ee7a m\u00ecnh. B\u01b0\u1edbc n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c ho\u00e0n th\u00e0nh b\u1eb1ng Playbook sau trong h\u01b0\u1edbng d\u1eabn n\u00e0y.<\/li>\n<\/ul>\n<h2 id=\"playbook-basics\">C\u01a1 b\u1ea3n v\u1ec1 Playbook<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#playbook-basics\"><\/a><\/h2>\n<p>Ansible Playbook \u0111\u01b0\u1ee3c vi\u1ebft b\u1eb1ng c\u00fa ph\u00e1p YAML, m\u1ed9t ng\u00f4n ng\u1eef khai b\u00e1o, \u0111\u1ec3 m\u00f4 t\u1ea3 c\u00e1c t\u00e1c v\u1ee5 ho\u1eb7c h\u00e0nh \u0111\u1ed9ng th\u1ef1c thi tr\u00ean m\u1ed9t nh\u00f3m c\u00e1c n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd. C\u00e1c t\u00e1c v\u1ee5 Playbook \u0111\u01b0\u1ee3c ch\u1ea1y theo th\u1ee9 t\u1ef1 t\u1eeb tr\u00ean xu\u1ed1ng d\u01b0\u1edbi. B\u1ea1n n\u00ean thi\u1ebft k\u1ebf Playbook c\u1ee7a m\u00ecnh \u0111\u1ec3 c\u00f3 t\u00ednh b\u1ea5t bi\u1ebfn, ngh\u0129a l\u00e0 Playbook c\u00f3 th\u1ec3 ch\u1ea1y m\u1ed9t l\u1ea7n ho\u1eb7c nhi\u1ec1u l\u1ea7n v\u1edbi c\u00f9ng m\u1ed9t k\u1ebft qu\u1ea3 mong \u0111\u1ee3i. V\u00ed d\u1ee5: Playbook c\u00f3 th\u1ec3 khai b\u00e1o m\u1ed9t t\u00e1c v\u1ee5 \u0111\u1ec3 thi\u1ebft l\u1eadp t\u1ec7p c\u1ea5u h\u00ecnh m\u00e1y ch\u1ee7 b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng m\u1eabu v\u00e0 \u0111\u01b0a c\u00e1c gi\u00e1 tr\u1ecb bi\u1ebfn \u0111\u00e3 khai b\u00e1o v\u00e0o t\u1ec7p. Trong tr\u01b0\u1eddng h\u1ee3p n\u00e0y, Ansible ph\u1ea3i c\u00f3 kh\u1ea3 n\u0103ng so s\u00e1nh t\u1ec7p c\u1ea5u h\u00ecnh m\u1eabu v\u1edbi t\u1ec7p th\u1ef1c t\u1ebf tr\u00ean m\u00e1y ch\u1ee7 v\u00e0 ch\u1ec9 t\u1ea1o ho\u1eb7c c\u1eadp nh\u1eadt t\u1ec7p \u0111\u00f3 n\u1ebfu c\u1ea7n thi\u1ebft.<\/p>\n<h3 id=\"anatomy-of-a-playbook\">Gi\u1ea3i ph\u1eabu c\u1ee7a m\u1ed9t Playbook<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#anatomy-of-a-playbook\"><\/a><\/h3>\n<p>V\u00ed d\u1ee5 b\u00ean d\u01b0\u1edbi hi\u1ec3n th\u1ecb b\u1ed9 khung c\u1ee7a Playbook. V\u1ec1 c\u01a1 b\u1ea3n nh\u1ea5t, Playbook s\u1ebd \u0111\u1ecbnh ngh\u0129a m\u1ed9t nh\u00f3m m\u00e1y ch\u1ee7 \u0111\u00edch, c\u00e1c bi\u1ebfn \u0111\u1ec3 s\u1eed d\u1ee5ng trong Playbook, m\u1ed9t ng\u01b0\u1eddi d\u00f9ng t\u1eeb xa \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 nh\u01b0, v\u00e0 m\u1ed9t t\u1eadp h\u1ee3p c\u00e1c t\u00e1c v\u1ee5 \u0111\u01b0\u1ee3c \u0111\u1eb7t t\u00ean \u0111\u1ec3 th\u1ef1c hi\u1ec7n b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/modules\/modules_by_category.html\" target=\"_blank\" rel=\"noreferrer noopener\">c\u00e1c m\u00f4-\u0111un Ansible<\/a>&nbsp;kh\u00e1c nhau . Nh\u00f3m n\u00e0y trong Playbook \u0111\u01b0\u1ee3c g\u1ecdi l\u00e0&nbsp;<strong>play<\/strong>&nbsp;v\u00e0 m\u1ed9t Playbook c\u00f3 th\u1ec3 ch\u1ee9a nhi\u1ec1u play.<\/p>\n<figure class=\"wp-block-table\">\n<table>\n<thead>\n<tr>\n<th><strong>M\u00f4-\u0111un<\/strong><\/th>\n<th><strong>C\u00e1ch s\u1eed d\u1ee5ng<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/collections\/ansible\/builtin\/command_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">y\u00eau c\u1ea7u<\/a><\/td>\n<td>Th\u1ef1c hi\u1ec7n l\u1ec7nh tr\u00ean m\u1ed9t n\u00fat t\u1eeb xa.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"http:\/\/docs.ansible.com\/ansible\/latest\/collections\/ansible\/builtin\/script_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">k\u1ecbch b\u1ea3n<\/a><\/td>\n<td>Chuy\u1ec3n m\u1ed9t t\u1eadp l\u1ec7nh c\u1ee5c b\u1ed9 \u0111\u1ebfn m\u1ed9t n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd v\u00e0 sau \u0111\u00f3 ch\u1ea1y t\u1eadp l\u1ec7nh \u0111\u00f3 tr\u00ean n\u00fat t\u1eeb xa.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"http:\/\/docs.ansible.com\/ansible\/latest\/collections\/ansible\/builtin\/command_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">v\u1ecf b\u1ecdc<\/a><\/td>\n<td>Th\u1ef1c hi\u1ec7n l\u1ec7nh th\u00f4ng qua shell (&nbsp;<code>\/bin\/sh<\/code>) tr\u00ean m\u1ed9t n\u00fat t\u1eeb xa.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"http:\/\/docs.ansible.com\/ansible\/latest\/collections\/ansible\/builtin\/template_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">b\u1ea3n m\u1eabu<\/a><\/td>\n<td>S\u1eed d\u1ee5ng m\u1eabu t\u1ec7p c\u1ee5c b\u1ed9 \u0111\u1ec3 t\u1ea1o t\u1ec7p tr\u00ean m\u1ed9t n\u00fat t\u1eeb xa.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"http:\/\/docs.ansible.com\/ansible\/latest\/collections\/ansible\/builtin\/apt_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">th\u00edch h\u1ee3p<\/a><\/td>\n<td>Qu\u1ea3n l\u00fd c\u00e1c g\u00f3i apt tr\u00ean h\u1ec7 th\u1ed1ng Debian ho\u1eb7c Ubuntu.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"http:\/\/docs.ansible.com\/ansible\/latest\/collections\/ansible\/builtin\/git_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">git<\/a><\/td>\n<td>Tri\u1ec3n khai ph\u1ea7n m\u1ec1m ho\u1eb7c t\u1ec7p tin t\u1eeb git checkouts.<\/td>\n<\/tr>\n<tr>\n<td><a href=\"http:\/\/docs.ansible.com\/ansible\/latest\/collections\/ansible\/builtin\/service_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">d\u1ecbch v\u1ee5<\/a><\/td>\n<td>Qu\u1ea3n l\u00fd c\u00e1c d\u1ecbch v\u1ee5 tr\u00ean h\u1ec7 th\u1ed1ng n\u00fat t\u1eeb xa c\u1ee7a b\u1ea1n. H\u1ed7 tr\u1ee3 BSD init, OpenRC, SysV, Solaris SMF, systemd, upstart init systems.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<pre class=\"wp-block-code\"><code>---\n- hosts: &#91;target hosts]\n  vars:\n    var1: &#91;value 1]\n    var2: &#91;value 2]\n  remote_user: &#91;yourname]\n  tasks:\n    - name: &#91;task 1]\n      module:\n    - name: &#91;task 2]\n      module:<\/code><\/pre>\n<p>V\u00ed d\u1ee5 th\u1ee9 hai Playbook nh\u1eafm m\u1ee5c ti\u00eau \u0111\u1ebfn t\u1ea5t c\u1ea3 c\u00e1c m\u00e1y ch\u1ee7 trong&nbsp;<code>marketing_servers<\/code>nh\u00f3m v\u00e0 \u0111\u1ea3m b\u1ea3o Apache \u0111\u01b0\u1ee3c kh\u1edfi \u0111\u1ed9ng. Nhi\u1ec7m v\u1ee5 \u0111\u01b0\u1ee3c ho\u00e0n th\u00e0nh v\u1edbi t\u01b0 c\u00e1ch l\u00e0&nbsp;<code>webadmin<\/code>ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<pre class=\"wp-block-code\"><code>---\n- hosts: &#91;marketing_servers]\n  remote_user: webadmin\n  tasks:\n    - name: Ensure the Apache daemon has started\n      service: name=httpd state=started\n      become: yes\n      become_method: sudo<\/code><\/pre>\n<h2 id=\"web-server-setup-with-ansible-playbooks\">Thi\u1ebft l\u1eadp m\u00e1y ch\u1ee7 web v\u1edbi Ansible Playbooks<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#web-server-setup-with-ansible-playbooks\"><\/a><\/h2>\n<p>Trong v\u00ed d\u1ee5 n\u00e0y, b\u1ea1n s\u1ebd t\u1ea1o ba Playbook kh\u00e1c nhau \u0111\u1ec3 c\u1ea5u h\u00ecnh Linode c\u1ee7a b\u1ea1n nh\u01b0 m\u1ed9t m\u00e1y ch\u1ee7 web ch\u1ea1y ng\u0103n x\u1ebfp LAMP. B\u1ea1n c\u0169ng s\u1ebd c\u1ea5u h\u00ecnh Linode \u0111\u1ec3 th\u00eam m\u1ed9t t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng gi\u1edbi h\u1ea1n. C\u00e1c Playbook s\u1ebd cung c\u1ea5p c\u00e1c c\u1ea5u h\u00ecnh c\u01a1 b\u1ea3n m\u00e0 b\u1ea1n c\u00f3 th\u1ec3 m\u1edf r\u1ed9ng n\u1ebfu c\u1ea7n.<\/p>\n<p class=\"has-background\" style=\"background-color:#f32a2a33\">Quan tr\u1ecdng: C\u00e1c Playbook \u0111\u01b0\u1ee3c t\u1ea1o trong ph\u1ea7n n\u00e0y nh\u1eb1m m\u1ee5c \u0111\u00edch h\u1ecdc t\u1eadp v\u00e0 s\u1ebd kh\u00f4ng t\u1ea1o ra m\u1ed9t m\u00e1y ch\u1ee7 \u0111\u01b0\u1ee3c b\u1ea3o m\u1eadt ho\u1eb7c an to\u00e0n ho\u00e0n to\u00e0n. \u0110\u1ec3 b\u1ea3o m\u1eadt Linode c\u1ee7a b\u1ea1n h\u01a1n n\u1eefa, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/modules\/firewalld_module.html\" target=\"_blank\" rel=\"noreferrer noopener\">m\u00f4-\u0111un firewalld<\/a>&nbsp;c\u1ee7a Ansible .<\/p>\n<h3 id=\"add-a-limited-user-account\">Th\u00eam t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng c\u00f3 gi\u1edbi h\u1ea1n<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#add-a-limited-user-account\"><\/a><\/h3>\n<p>Trong ph\u1ea7n n\u00e0y, b\u1ea1n s\u1ebd t\u1ea1o m\u1ed9t Playbook \u0111\u1ec3 th\u00eam t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng gi\u1edbi h\u1ea1n v\u00e0o Linode c\u1ee7a m\u00ecnh.<\/p>\n<h4 id=\"create-a-password-hash\">T\u1ea1o m\u1ed9t Hash m\u1eadt kh\u1ea9u<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#create-a-password-hash\"><\/a><\/h4>\n<p>Khi t\u1ea1o t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng gi\u1edbi h\u1ea1n, b\u1ea1n ph\u1ea3i t\u1ea1o m\u1eadt kh\u1ea9u \u0111\u0103ng nh\u1eadp m\u00e1y ch\u1ee7 cho ng\u01b0\u1eddi d\u00f9ng m\u1edbi. V\u00ec b\u1ea1n kh\u00f4ng bao gi\u1edd n\u00ean \u0111\u01b0a m\u1eadt kh\u1ea9u d\u1ea1ng v\u0103n b\u1ea3n thu\u1ea7n t\u00fay v\u00e0o Playbook c\u1ee7a m\u00ecnh, trong ph\u1ea7n n\u00e0y, b\u1ea1n s\u1ebd s\u1eed d\u1ee5ng th\u01b0 vi\u1ec7n Python passlib \u0111\u1ec3 t\u1ea1o b\u0103m m\u1eadt kh\u1ea9u m\u00e0 b\u1ea1n c\u00f3 th\u1ec3 \u0111\u01b0a v\u00e0o Playbook c\u1ee7a m\u00ecnh m\u1ed9t c\u00e1ch an to\u00e0n.<\/p>\n<p class=\"has-background\" style=\"background-color:#74f78c33\">Ghi ch\u00fa: <a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/user_guide\/vault.html#encrypt-string-for-use-in-yaml\" target=\"_blank\" rel=\"noreferrer noopener\">Ansible Vault<\/a>&nbsp;c\u0169ng c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 m\u00e3 h\u00f3a d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m. H\u01b0\u1edbng d\u1eabn n\u00e0y s\u1ebd kh\u00f4ng s\u1eed d\u1ee5ng Ansible Vault, tuy nhi\u00ean, b\u1ea1n c\u00f3 th\u1ec3 tham kh\u1ea3o h\u01b0\u1edbng d\u1eabn&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/deploy-linodes-using-ansible\/\">C\u00e1ch s\u1eed d\u1ee5ng M\u00f4-\u0111un Linode Ansible \u0111\u1ec3 Tri\u1ec3n khai Linode<\/a>&nbsp;\u0111\u1ec3 xem v\u00ed d\u1ee5 s\u1eed d\u1ee5ng t\u00ednh n\u0103ng n\u00e0y.<\/p>\n<p>1.Tr\u00ean n\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible c\u1ee7a b\u1ea1n, h\u00e3y t\u1ea1o m\u1ed9t b\u0103m m\u1eadt kh\u1ea9u \u0111\u1ec3 Ansible s\u1eed d\u1ee5ng \u1edf b\u01b0\u1edbc sau. M\u1ed9t ph\u01b0\u01a1ng ph\u00e1p d\u1ec5 d\u00e0ng l\u00e0 s\u1eed d\u1ee5ng th\u01b0 vi\u1ec7n PassLib c\u1ee7a Python, c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t b\u1eb1ng c\u00e1c l\u1ec7nh sau:<\/p>\n<p>2.C\u00e0i \u0111\u1eb7t pip, tr\u00ecnh c\u00e0i \u0111\u1eb7t g\u00f3i cho Python, tr\u00ean n\u00fat \u0111i\u1ec1u khi\u1ec3n c\u1ee7a b\u1ea1n n\u1ebfu b\u1ea1n ch\u01b0a c\u00e0i \u0111\u1eb7t:<code> <\/code><\/p>\n<pre class=\"wp-block-code\"><code>sudo apt install python-pip<\/code><\/pre>\n<p>3.C\u00e0i \u0111\u1eb7t th\u01b0 vi\u1ec7n passlib:<code> <\/code><\/p>\n<pre class=\"wp-block-code\"><code>sudo pip install passlib\n<\/code><\/pre>\n<p>4.T\u1ea1o b\u0103m m\u1eadt kh\u1ea9u b\u1eb1ng passlib. Thay th\u1ebf&nbsp;<code>myPlainTextPassword<\/code>b\u1eb1ng m\u1eadt kh\u1ea9u b\u1ea1n mu\u1ed1n s\u1eed d\u1ee5ng \u0111\u1ec3 truy c\u1eadp Linode c\u1ee7a m\u00ecnh.<code> <\/code><\/p>\n<pre class=\"wp-block-code\"><code> sudo python -c \"from passlib.hash import sha512_crypt; print (sha512_crypt.hash('myPlainTextPassword'))\"\n<\/code><\/pre>\n<p>M\u1ed9t k\u1ebft qu\u1ea3 t\u01b0\u01a1ng t\u1ef1 s\u1ebd xu\u1ea5t hi\u1ec7n hi\u1ec3n th\u1ecb m\u00e3 b\u0103m m\u1eadt kh\u1ea9u c\u1ee7a b\u1ea1n:<\/p>\n<pre class=\"wp-block-code\"><code>$6$rounds=656000$dwgOSA\/I9yQVHIjJ$rSk8VmlZSlzig7tEwIN\/tkT1rqyLQp\/S\/cD08dlbYctPjdC9ioSp1ykFtSKgLmAnzWVM9T3dTinrz5IeH41\/K1\n<\/code><\/pre>\n<p>5.Sao ch\u00e9p v\u00e0 d\u00e1n m\u00e3 b\u0103m v\u00e0o n\u01a1i n\u00e0o \u0111\u00f3 m\u00e0 b\u1ea1n c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng truy c\u1eadp \u0111\u1ec3 th\u1ef1c hi\u1ec7n b\u01b0\u1edbc sau.<\/p>\n<h4 id=\"disable-host-key-checking\">V\u00f4 hi\u1ec7u h\u00f3a ki\u1ec3m tra kh\u00f3a m\u00e1y ch\u1ee7<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#disable-host-key-checking\"><\/a><\/h4>\n<p>Ansible s\u1eed d\u1ee5ng ch\u01b0\u01a1ng tr\u00ecnh tr\u1ee3 gi\u00fap sshpass \u0111\u1ec3 x\u00e1c th\u1ef1c SSH.<\/p>\n<p>1.\u0110\u1ea3m b\u1ea3o sshpass \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t tr\u00ean n\u00fat \u0111i\u1ec1u khi\u1ec3n c\u1ee7a b\u1ea1n:<code> <\/code><\/p>\n<pre class=\"wp-block-code\"><code><code>sudo apt-install sshpass<\/code><\/code><\/pre>\n<p>2.sshpass y\u00eau c\u1ea7u ki\u1ec3m tra kh\u00f3a m\u00e1y ch\u1ee7 ph\u1ea3i b\u1ecb v\u00f4 hi\u1ec7u h\u00f3a tr\u00ean n\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible c\u1ee7a b\u1ea1n. M\u1edf&nbsp;<code>\/etc\/ansible\/ansible.cfg<\/code>t\u1ec7p c\u1ea5u h\u00ecnh trong tr\u00ecnh so\u1ea1n th\u1ea3o v\u0103n b\u1ea3n b\u1ea1n ch\u1ecdn, thay \u0111\u1ed5i gi\u00e1 tr\u1ecb sau th\u00e0nh \u201cFalse\u201d v\u00e0 l\u01b0u c\u00e1c thay \u0111\u1ed5i c\u1ee7a b\u1ea1n.<\/p>\n<pre class=\"wp-block-code\"><code>;host_key_checking=False<\/code><\/pre>\n<h4 id=\"create-the-inventory-file\">T\u1ea1o t\u1ec7p h\u00e0ng t\u1ed3n kho<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#create-the-inventory-file\"><\/a><\/h4>\n<p>\u0110\u1ec3 nh\u1eafm m\u1ee5c ti\u00eau Linode c\u1ee7a b\u1ea1n trong Playbook, b\u1ea1n s\u1ebd c\u1ea7n th\u00eam n\u00f3 v\u00e0o t\u1ec7p ki\u1ec3m k\u00ea c\u1ee7a n\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible.<\/p>\n<p>1.Ch\u1ec9nh s\u1eeda t\u1ec7p h\u00e0ng t\u1ed3n kho c\u1ee7a b\u1ea1n \u0111\u1ec3 t\u1ea1o&nbsp;<code>webserver<\/code>nh\u00f3m v\u00e0 th\u00eam Linode c\u1ee7a b\u1ea1n v\u00e0o nh\u00f3m. M\u1edf t\u1ec7p&nbsp;<code>\/etc\/ansible\/hosts<\/code>trong tr\u00ecnh so\u1ea1n th\u1ea3o v\u0103n b\u1ea3n \u01b0a th\u00edch c\u1ee7a b\u1ea1n v\u00e0 th\u00eam th\u00f4ng tin sau. Thay th\u1ebf&nbsp;<code>192.0.2.0<\/code>b\u1eb1ng \u0111\u1ecba ch\u1ec9 IP c\u1ee7a Linode.<\/p>\n<pre class=\"wp-block-code\"><code>&#91;webserver]\n192.0.2.17<\/code><\/pre>\n<h4 id=\"create-the-limited-user-account-playbook\">T\u1ea1o s\u1ed5 tay h\u01b0\u1edbng d\u1eabn t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng c\u00f3 gi\u1edbi h\u1ea1n<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#create-the-limited-user-account-playbook\"><\/a><\/h4>\n<p>B\u00e2y gi\u1edd b\u1ea1n \u0111\u00e3 s\u1eb5n s\u00e0ng \u0111\u1ec3 t\u1ea1o S\u1ed5 tay T\u00e0i kho\u1ea3n Ng\u01b0\u1eddi d\u00f9ng Gi\u1edbi h\u1ea1n. S\u1ed5 tay n\u00e0y s\u1ebd t\u1ea1o m\u1ed9t ng\u01b0\u1eddi d\u00f9ng m\u1edbi tr\u00ean Linode c\u1ee7a b\u1ea1n, th\u00eam kh\u00f3a c\u00f4ng khai SSH c\u1ee7a n\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible v\u00e0o Linode v\u00e0 th\u00eam ng\u01b0\u1eddi d\u00f9ng m\u1edbi v\u00e0o t\u1ec7p Linode&nbsp;<code>sudoers<\/code>.<\/p>\n<p>1.Trong th\u01b0 m\u1ee5c home c\u1ee7a b\u1ea1n, h\u00e3y t\u1ea1o m\u1ed9t t\u1ec7p c\u00f3 t\u00ean&nbsp;<code>limited_user_account.yml<\/code>v\u00e0 th\u00eam n\u1ed9i dung c\u1ee7a v\u00ed d\u1ee5. Thay th\u1ebf c\u00e1c gi\u00e1 tr\u1ecb sau trong t\u1ec7p:<\/p>\n<p><code>yourusername<\/code>v\u1edbi t\u00ean ng\u01b0\u1eddi d\u00f9ng b\u1ea1n mu\u1ed1n t\u1ea1o tr\u00ean Linode<\/p>\n<p><code>$6$rounds=656000$W.dSl<\/code>b\u1eb1ng m\u00e3 b\u0103m m\u1eadt kh\u1ea9u m\u00e0 b\u1ea1n t\u1ea1o trong ph\u1ea7n&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#create-a-password-has\">T\u1ea1o m\u00e3 b\u0103m m\u1eadt kh\u1ea9u<\/a>&nbsp;c\u1ee7a h\u01b0\u1edbng d\u1eabn.<\/p>\n<pre class=\"wp-block-code\"><code>---\n- hosts: webserver\n  remote_user: root\n  vars:\n    NORMAL_USER_NAME: 'yourusername'\n  tasks:\n    - name: \"Create a secondary, non-root user\"\n      user: name={{ NORMAL_USER_NAME }}\n            password='$6$rounds=656000$W.dSl'\n            shell=\/bin\/bash\n    - name: Add remote authorized key to allow future passwordless logins\n      authorized_key: user={{ NORMAL_USER_NAME }} key=\"{{ lookup('file', '~\/.ssh\/id_rsa.pub') }}\"\n    - name: Add normal user to sudoers\n      lineinfile: dest=\/etc\/sudoers\n                  regexp=\"{{ NORMAL_USER_NAME }} ALL\"\n                  line=\"{{ NORMAL_USER_NAME }} ALL=(ALL) ALL\"\n                  state=present\n\n<\/code><\/pre>\n<ul>\n<li>Hai d\u00f2ng \u0111\u1ea7u ti\u00ean c\u1ee7a t\u1ec7p y\u00eau c\u1ea7u Ansible nh\u1eafm m\u1ee5c ti\u00eau v\u00e0o&nbsp;<code>webserver<\/code>nh\u00f3m m\u00e1y ch\u1ee7 trong t\u1ec7p ki\u1ec3m k\u00ea v\u00e0 th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 m\u00e1y ch\u1ee7 t\u1eeb xa v\u1edbi t\u01b0 c\u00e1ch l\u00e0&nbsp;<code>root<\/code>ng\u01b0\u1eddi d\u00f9ng.<\/li>\n<li>Ph\u1ea7n n\u00e0y&nbsp;<code>vars<\/code>t\u1ea1o ra nh\u1eefng&nbsp;<code>NORMAL_USER_NAME<\/code>th\u1ee9 c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng l\u1ea1i trong to\u00e0n b\u1ed9 Playbook. Ansible c\u0169ng cho ph\u00e9p b\u1ea1n t\u1ea1o v\u00e0 s\u1eed d\u1ee5ng c\u00e1c bi\u1ebfn trong c\u00e1c t\u1ec7p ri\u00eang bi\u1ec7t, thay v\u00ec tr\u1ef1c ti\u1ebfp trong Playbook c\u1ee7a b\u1ea1n. \u0110\u1ec3 t\u00ecm hi\u1ec3u s\u00e2u h\u01a1n v\u1ec1 nhi\u1ec1u c\u00e1ch b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng c\u00e1c bi\u1ebfn v\u1edbi Ansible, h\u00e3y xem t\u00e0i li\u1ec7u ch\u00ednh th\u1ee9c c\u1ee7a Ansible v\u1ec1&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/user_guide\/playbooks_variables.html#defining-variables-in-files\" target=\"_blank\" rel=\"noreferrer noopener\">S\u1eed d\u1ee5ng Bi\u1ebfn<\/a>&nbsp;.<\/li>\n<li>Kh\u1ed1i&nbsp;<code>tasks<\/code>Playbook khai b\u00e1o ba t\u00e1c v\u1ee5. T\u00e1c v\u1ee5 \u0111\u1ea7u ti\u00ean t\u1ea1o ng\u01b0\u1eddi d\u00f9ng m\u1edbi v\u00e0 m\u1eadt kh\u1ea9u ng\u01b0\u1eddi d\u00f9ng. T\u00e1c v\u1ee5 th\u1ee9 hai th\u00eam kh\u00f3a SSH c\u00f4ng khai c\u1ee7a n\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible v\u00e0o Linode. T\u00e1c v\u1ee5 th\u1ee9 ba th\u00eam ng\u01b0\u1eddi d\u00f9ng m\u1edbi v\u00e0o t\u1ec7p sudoers.<\/li>\n<li>M\u1ed7i t\u00e1c v\u1ee5 \u0111\u1ec1u s\u1eed d\u1ee5ng Jinja template, (t\u1ee9c l\u00e0&nbsp;<code>{{ NORMAL_USER_NAME }}<\/code>), \u0111\u1ec3 truy c\u1eadp c\u00e1c gi\u00e1 tr\u1ecb bi\u1ebfn \u0111\u01b0\u1ee3c tham chi\u1ebfu. Jinja template l\u00e0 m\u1ed9t t\u00ednh n\u0103ng m\u1ea1nh m\u1ebd c\u1ee7a Ansible cho ph\u00e9p b\u1ea1n truy c\u1eadp v\u00e0o logic \u0111i\u1ec1u khi\u1ec3n, b\u1ed9 l\u1ecdc, tra c\u1ee9u v\u00e0 ch\u1ee9c n\u0103ng trong Playbook c\u1ee7a b\u1ea1n. \u0110\u1ec3 t\u00ecm hi\u1ec3u th\u00eam, h\u00e3y tham kh\u1ea3o&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/user_guide\/playbooks_templating.html#templating-jinja2\" target=\"_blank\" rel=\"noreferrer noopener\">t\u00e0i li\u1ec7u ch\u00ednh th\u1ee9c c\u1ee7a Ansible<\/a>&nbsp;.<\/li>\n<\/ul>\n<p>2.Ch\u1ea1y&nbsp;<code>limited_user_account.yml<\/code>Playbook.&nbsp;<code>--ask-pass<\/code>T\u00f9y ch\u1ecdn n\u00e0y y\u00eau c\u1ea7u Ansible \u0111\u0103ng nh\u1eadp v\u00e0o Linode b\u1eb1ng x\u00e1c th\u1ef1c m\u1eadt kh\u1ea9u, thay v\u00ec SSH, v\u00ec kh\u00f3a SSH c\u00f4ng khai c\u1ee7a b\u1ea1n v\u1eabn ch\u01b0a \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef \u1edf \u0111\u00f3.&nbsp;<code>-u root<\/code>T\u00f9y ch\u1ecdn n\u00e0y h\u01b0\u1edbng d\u1eabn Ansible \u0111\u0103ng nh\u1eadp v\u1edbi t\u01b0 c\u00e1ch l\u00e0 ng\u01b0\u1eddi d\u00f9ng root. Theo m\u1eb7c \u0111\u1ecbnh, Ansible s\u1ebd s\u1eed d\u1ee5ng t\u00ean ng\u01b0\u1eddi d\u00f9ng c\u1ee5c b\u1ed9 hi\u1ec7n t\u1ea1i c\u1ee7a b\u1ea1n l\u00e0 m\u1ed9t t\u00ean ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng \u0111\u01b0\u1ee3c cung c\u1ea5p.<code> <\/code><\/p>\n<pre class=\"wp-block-code\"><code><code>ansible-playbook --ask-pass -u root limited_user_account.yml <\/code><\/code><\/pre>\n<p>B\u1ea1n s\u1ebd th\u1ea5y \u0111\u1ea7u ra t\u1eeb Ansible b\u00e1o c\u00e1o r\u1eb1ng c\u1ea3 ba t\u00e1c v\u1ee5 \u0111\u1ec1u ho\u00e0n th\u00e0nh th\u00e0nh c\u00f4ng v\u1edbi tr\u1ea1ng th\u00e1i &#8220;\u0111\u00e3 thay \u0111\u1ed5i&#8221;. B\u00e2y gi\u1edd ch\u00fang ta c\u00f3 th\u1ec3 l\u00e0m vi\u1ec7c v\u1edbi playbook m\u1edbi b\u1eb1ng t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng v\u00e0 kh\u00f3a gi\u1edbi h\u1ea1n c\u1ee7a m\u00ecnh.<\/p>\n<h3 id=\"configure-the-base-system\">C\u1ea5u h\u00ecnh h\u1ec7 th\u1ed1ng c\u01a1 s\u1edf<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#configure-the-base-system\"><\/a><\/h3>\n<p>Playbook ti\u1ebfp theo s\u1ebd h\u01b0\u1edbng d\u1eabn m\u1ed9t s\u1ed1 t\u00e1c v\u1ee5 thi\u1ebft l\u1eadp m\u00e1y ch\u1ee7 ph\u1ed5 bi\u1ebfn, ch\u1eb3ng h\u1ea1n nh\u01b0 c\u00e0i \u0111\u1eb7t m\u00fai gi\u1edd, c\u1eadp nh\u1eadt t\u1ec7p m\u00e1y ch\u1ee7 v\u00e0 c\u1eadp nh\u1eadt c\u00e1c g\u00f3i.<\/p>\n<p>1.T\u1ea1o m\u1ed9t t\u1ec7p trong th\u01b0 m\u1ee5c g\u1ed1c c\u1ee7a b\u1ea1n c\u00f3 t\u00ean&nbsp;<code>common_server_setup.yml<\/code>v\u00e0 th\u00eam n\u1ed9i dung c\u1ee7a v\u00ed d\u1ee5. Thay th\u1ebf c\u00e1c gi\u00e1 tr\u1ecb sau trong t\u1ec7p:<\/p>\n<p><code>yourusername<\/code>v\u1edbi t\u00ean ng\u01b0\u1eddi d\u00f9ng b\u1ea1n \u0111\u00e3 t\u1ea1o trong ph\u1ea7n&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#create-the-limited-user-account-playbook\">T\u1ea1o s\u1ed5 tay h\u01b0\u1edbng d\u1eabn t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng c\u00f3 gi\u1edbi h\u1ea1n<\/a>&nbsp;c\u1ee7a h\u01b0\u1edbng d\u1eabn<\/p>\n<p><code>web01<\/code>b\u1eb1ng t\u00ean m\u00e1y ch\u1ee7 b\u1ea1n mu\u1ed1n \u0111\u1eb7t cho Linode c\u1ee7a m\u00ecnh.<\/p>\n<p>N\u1ebfu b\u1ea1n c\u00f3 t\u00ean mi\u1ec1n mu\u1ed1n thi\u1ebft l\u1eadp, h\u00e3y thay th\u1ebf&nbsp;<code>www.example.com<\/code>b\u1eb1ng t\u00ean mi\u1ec1n \u0111\u00f3.<\/p>\n<pre class=\"wp-block-code\"><code>---\n- hosts: webserver\n  remote_user: yourusername\n  become: yes\n  become_method: sudo\n  vars:\n    LOCAL_HOSTNAME: 'web01'\n    LOCAL_FQDN_NAME: 'www.example.com'\n  tasks:\n    - name: Set the timezone for the server to be UTC\n      command: ln -sf \/usr\/share\/zoneinfo\/UTC \/etc\/localtime\n    - name: Set up a unique hostname\n      hostname: name={{ LOCAL_HOSTNAME }}\n    - name: Add the server's domain to the hosts file\n      lineinfile: dest=\/etc\/hosts\n                  regexp='.*{{ item }}$'\n                  line=\"{{ hostvars&#91;item].ansible_default_ipv4.address }} {{ LOCAL_FQDN_NAME }} {{ LOCAL_HOSTNAME }}\"\n                  state=present\n      when: hostvars&#91;item].ansible_default_ipv4.address is defined\n      with_items: \"{{ groups&#91;'webserver'] }}\"\n    - name: Update packages\n      apt: update_cache=yes upgrade=dist\n<\/code><\/pre>\n<ul>\n<li>Nhi\u1ec7m v\u1ee5 \u0111\u1ea7u ti\u00ean trong Playbook n\u00e0y s\u1eed d\u1ee5ng&nbsp;<code>command<\/code>m\u00f4-\u0111un \u0111\u1ec3 thi\u1ebft l\u1eadp m\u00fai gi\u1edd c\u1ee7a Linode theo gi\u1edd UTC.<\/li>\n<li>Nhi\u1ec7m v\u1ee5 th\u1ee9 hai s\u1eed d\u1ee5ng&nbsp;<code>hostname<\/code>m\u00f4-\u0111un \u0111\u1ec3 \u0111\u1eb7t t\u00ean m\u00e1y ch\u1ee7 c\u1ee7a h\u1ec7 th\u1ed1ng.<\/li>\n<li>Nhi\u1ec7m v\u1ee5 th\u1ee9 ba c\u1eadp nh\u1eadt t\u1ec7p m\u00e1y ch\u1ee7 c\u1ee7a Linode b\u1eb1ng&nbsp;<code>lineinfile<\/code>m\u00f4-\u0111un. Nhi\u1ec7m v\u1ee5 n\u00e0y d\u00f9ng&nbsp;<code>hostvars<\/code>\u0111\u1ec3 truy xu\u1ea5t \u0111\u1ecba ch\u1ec9 IP c\u1ee7a m\u00e1y ch\u1ee7 v\u00e0 s\u1eed d\u1ee5ng n\u00f3 \u0111\u1ec3 c\u1eadp nh\u1eadt t\u1ec7p m\u00e1y ch\u1ee7.&nbsp;<code>hostvars<\/code>l\u00e0 m\u1ed9t&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/reference_appendices\/special_variables.html#special-variables\" target=\"_blank\" rel=\"noreferrer noopener\">bi\u1ebfn \u0111\u1eb7c bi\u1ec7t<\/a>&nbsp;\u0111\u01b0\u1ee3c d\u00e0nh ri\u00eang m\u00e0 b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng \u0111\u1ec3 truy c\u1eadp nhi\u1ec1u th\u00f4ng tin kh\u00e1c nhau v\u1ec1 m\u00e1y ch\u1ee7 c\u1ee7a m\u00ecnh.<\/li>\n<li>Nhi\u1ec7m v\u1ee5 th\u1ee9 t\u01b0 l\u00e0 c\u1eadp nh\u1eadt c\u00e1c g\u00f3i h\u1ec7 th\u1ed1ng c\u1ee7a b\u1ea1n b\u1eb1ng&nbsp;<code>apt<\/code>m\u00f4-\u0111un.<\/li>\n<\/ul>\n<p>2.Ch\u1ea1y&nbsp;<code>common_server_setup.yml<\/code>Playbook. \u0110i\u1ec1u n\u00e0y&nbsp;<code>--ask-become-pass<\/code>y\u00eau c\u1ea7u Ansible y\u00eau c\u1ea7u b\u1ea1n nh\u1eadp m\u1eadt kh\u1ea9u c\u1ee7a t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng b\u1ecb gi\u1edbi h\u1ea1n \u0111\u1ec3&nbsp;<code>become<\/code>ng\u01b0\u1eddi d\u00f9ng sudo v\u00e0 th\u1ef1c thi Playbook th\u00f4ng qua t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng b\u1ecb gi\u1edbi h\u1ea1n.<\/p>\n<p class=\"has-background\" style=\"background-color:#74f78c33\">Ghi ch\u00fa: Theo m\u1eb7c \u0111\u1ecbnh, Ansible s\u1ebd s\u1eed d\u1ee5ng t\u00ean ng\u01b0\u1eddi d\u00f9ng h\u1ec7 th\u1ed1ng c\u1ee5c b\u1ed9 hi\u1ec7n t\u1ea1i c\u1ee7a b\u1ea1n \u0111\u1ec3 x\u00e1c th\u1ef1c v\u1edbi Linode. N\u1ebfu t\u00ean ng\u01b0\u1eddi d\u00f9ng c\u1ee5c b\u1ed9 c\u1ee7a b\u1ea1n kh\u00f4ng gi\u1ed1ng v\u1edbi t\u00ean t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng gi\u1edbi h\u1ea1n c\u1ee7a Linode, b\u1ea1n s\u1ebd c\u1ea7n ph\u1ea3i chuy\u1ec3n t\u00f9y&nbsp;<code>-u<\/code> ch\u1ecdn c\u00f9ng v\u1edbi t\u00ean t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng gi\u1edbi h\u1ea1n \u0111\u1ec3 x\u00e1c th\u1ef1c ph\u00f9 h\u1ee3p. \u0110\u1ea3m b\u1ea3o b\u1ea1n thay th\u1ebf&nbsp;<code>limitedUserAccountName<\/code>b\u1eb1ng t\u00ean t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng gi\u1edbi h\u1ea1n m\u00e0 b\u1ea1n \u0111\u00e3 t\u1ea1o trong ph\u1ea7n&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#create-the-limited-user-account-playbook\">T\u1ea1o s\u1ed5 tay h\u01b0\u1edbng d\u1eabn t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng gi\u1edbi h\u1ea1n<\/a>&nbsp;c\u1ee7a h\u01b0\u1edbng d\u1eabn.<\/p>\n<pre class=\"wp-block-code\"><code> ansible-playbook common_server_setup.yml --ask-become-pass -u limitedUserAccountName\n<\/code><\/pre>\n<ul>\n<li>Khi Playbook b\u1eaft \u0111\u1ea7u th\u1ef1c thi, b\u1ea1n s\u1ebd \u0111\u01b0\u1ee3c nh\u1eafc nh\u1eadp&nbsp;<code>BECOME password:<\/code>. \u0110\u00e2y l\u00e0 m\u1eadt kh\u1ea9u b\u1ea1n \u0111\u00e3 t\u1ea1o trong ph\u1ea7n&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#create-a-password-hash\">T\u1ea1o b\u0103m m\u1eadt kh\u1ea9u<\/a>&nbsp;c\u1ee7a h\u01b0\u1edbng d\u1eabn.<\/li>\n<li>Khi Playbook th\u1ef1c thi, b\u1ea1n s\u1ebd l\u1ea1i th\u1ea5y c\u00e1c t\u00e1c v\u1ee5 hi\u1ec3n th\u1ecb l\u00e0 \u201c\u0111\u00e3 thay \u0111\u1ed5i\u201d.<\/li>\n<li>Vi\u1ec7c c\u1eadp nh\u1eadt c\u00e1c g\u00f3i c\u00f3 th\u1ec3 m\u1ea5t v\u00e0i ph\u00fat.<\/li>\n<\/ul>\n<h3 id=\"install-the-stack\">C\u00e0i \u0111\u1eb7t Stack<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#install-the-stack\"><\/a><\/h3>\n<p>B\u00e2y gi\u1edd b\u1ea1n \u0111\u00e3 s\u1eb5n s\u00e0ng t\u1ea1o&nbsp;<code>setup_webserver.yml<\/code>Playbook \u0111\u1ec3 thi\u1ebft l\u1eadp Linode c\u1ee7a b\u1ea1n v\u1edbi Apache, PHP v\u00e0 c\u01a1 s\u1edf d\u1eef li\u1ec7u MySQL th\u1eed nghi\u1ec7m.<\/p>\n<p>1.Th\u1ef1c hi\u1ec7n theo c\u00e1c b\u01b0\u1edbc trong ph\u1ea7n&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#create-a-password-hash\">T\u1ea1o b\u0103m m\u1eadt kh\u1ea9u<\/a>&nbsp;c\u1ee7a h\u01b0\u1edbng d\u1eabn \u0111\u1ec3 t\u1ea1o b\u0103m m\u1eadt kh\u1ea9u m\u1edbi \u0111\u1ec3 s\u1eed d\u1ee5ng trong Playbook n\u00e0y.<\/p>\n<p>2.T\u1ea1o m\u1ed9t t\u1ec7p trong th\u01b0 m\u1ee5c g\u1ed1c c\u1ee7a b\u1ea1n c\u00f3 t\u00ean&nbsp;<code>setup_webserver.yml<\/code>v\u00e0 th\u00eam n\u1ed9i dung c\u1ee7a v\u00ed d\u1ee5. Thay th\u1ebf c\u00e1c gi\u00e1 tr\u1ecb sau trong t\u1ec7p:<\/p>\n<p><code>yourusername<\/code>v\u1edbi t\u00ean ng\u01b0\u1eddi d\u00f9ng b\u1ea1n \u0111\u00e3 t\u1ea1o trong ph\u1ea7n&nbsp;<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#create-the-limited-user-account-playbook\">T\u1ea1o s\u1ed5 tay h\u01b0\u1edbng d\u1eabn t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng c\u00f3 gi\u1edbi h\u1ea1n<\/a>&nbsp;c\u1ee7a h\u01b0\u1edbng d\u1eabn<\/p>\n<p>Trong&nbsp;<code>Create a new user for connections<\/code>t\u00e1c v\u1ee5, h\u00e3y thay th\u1ebf gi\u00e1 tr\u1ecb&nbsp;<code>password<\/code>b\u1eb1ng m\u1eadt kh\u1ea9u b\u1ea1n mu\u1ed1n.<\/p>\n<p class=\"has-background\" style=\"background-color:#74f78c33\">Ghi ch\u00fa: \u0110\u1ec3 tr\u00e1nh s\u1eed d\u1ee5ng m\u1eadt kh\u1ea9u d\u1ea1ng v\u0103n b\u1ea3n thu\u1ea7n t\u00fay trong Playbook c\u1ee7a b\u1ea1n, b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/user_guide\/vault.html#encrypt-string-for-use-in-yaml\" target=\"_blank\" rel=\"noreferrer noopener\">Ansible-Vault<\/a>&nbsp;v\u00e0 c\u00e1c bi\u1ebfn \u0111\u1ec3 m\u00e3 h\u00f3a d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m. B\u1ea1n c\u00f3 th\u1ec3 tham kh\u1ea3o h\u01b0\u1edbng d\u1eabn<a href=\"https:\/\/www.linode.com\/docs\/guides\/deploy-linodes-using-ansible\/\">C\u00e1ch s\u1eed d\u1ee5ng M\u00f4-\u0111un Linode Ansible \u0111\u1ec3 Tri\u1ec3n khai Linodes<\/a>&nbsp;\u0111\u1ec3 xem v\u00ed d\u1ee5 s\u1eed d\u1ee5ng t\u00ednh n\u0103ng n\u00e0y.<\/p>\n<pre class=\"wp-block-code\"><code>---\n- hosts: webserver\n  remote_user: yourusername\n  become: yes\n  become_method: sudo\n  tasks:\n    - name: \"Install Apache, MySQL, and PHP\"\n      apt:\n        pkg:\n          - apache2\n          - mysql-server\n          - python3-mysqldb\n          - php\n          - php-pear\n          - php-mysql\n        state: present\n\n    - name: \"Turn on Apache and MySQL and set them to run on boot\"\n      service: name={{ item }} state=started enabled=yes\n      with_items:\n        - apache2\n        - mysql\n\n    - name: Create a test database\n      community.mysql.mysql_db:\n      name: testDb\n      state: present\n\n    - name: Create a new user for connections\n      community.mysql.mysql_user:\n        name: webapp\n        password: 'yourpassword'\n        priv: '*.*:ALL'\n        state: present\n<\/code><\/pre>\n<ul>\n<li>Nhi\u1ec7m v\u1ee5 \u0111\u1ea7u ti\u00ean x\u1eed l\u00fd vi\u1ec7c c\u00e0i \u0111\u1eb7t Apache, MySQL v\u00e0 PHP.<\/li>\n<li>Nhi\u1ec7m v\u1ee5 ti\u1ebfp theo \u0111\u1ea3m b\u1ea3o Apache v\u00e0 MySQL v\u1eabn ch\u1ea1y sau khi kh\u1edfi \u0111\u1ed9ng l\u1ea1i h\u1ec7 th\u1ed1ng. Nhi\u1ec7m v\u1ee5 n\u00e0y s\u1eed d\u1ee5ng v\u00f2ng&nbsp;<a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/user_guide\/playbooks_loops.html\" target=\"_blank\" rel=\"noreferrer noopener\">l\u1eb7p<\/a>&nbsp;\u0111\u1ec3 \u0111i\u1ec1n gi\u00e1 tr\u1ecb c\u1ee7a&nbsp;<code>service<\/code>t\u00ean.<\/li>\n<li>Ti\u1ebfp theo, Playbook t\u1ea1o m\u1ed9t c\u01a1 s\u1edf d\u1eef li\u1ec7u MySQL c\u00f3 t\u00ean l\u00e0<code>testDB<\/code><\/li>\n<li>Cu\u1ed1i c\u00f9ng, m\u1ed9t ng\u01b0\u1eddi d\u00f9ng MySQL m\u1edbi c\u00f3 t\u00ean&nbsp;<code>webapp<\/code>\u0111\u01b0\u1ee3c t\u1ea1o ra.<\/li>\n<\/ul>\n<p>3.Ch\u1ea1y playbook t\u1eeb m\u00e1y \u0111i\u1ec1u khi\u1ec3n c\u1ee7a b\u1ea1n b\u1eb1ng l\u1ec7nh sau:<\/p>\n<pre class=\"wp-block-code\"><code>ansible-playbook setup_webserver.yml --ask-become-pass\n<\/code><\/pre>\n<p>4.Khi playbook n\u00e0y th\u1ef1c thi xong, h\u00e3y truy c\u1eadp \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c FQDN c\u1ee7a Linode \u0111\u1ec3 xem trang ch\u1ec9 m\u1ee5c Ubuntu Apache m\u1eb7c \u0111\u1ecbnh.<\/p>\n<p>5.\u0110\u0103ng nh\u1eadp v\u00e0o Linode m\u00e0 b\u1ea1n v\u1eeba c\u1ea5u h\u00ecnh qua SSH v\u00e0 ki\u1ec3m tra xem n\u00f3&nbsp;<code>testDb<\/code>\u0111\u00e3 th\u1ef1c s\u1ef1 \u0111\u01b0\u1ee3c t\u1ea1o hay ch\u01b0a:<\/p>\n<pre class=\"wp-block-code\"><code>sudo mysql -u webapp -p\nshow databases;<\/code><\/pre>\n<p>6.N\u1ebfu mu\u1ed1n, b\u1ea1n th\u1eadm ch\u00ed c\u00f3 th\u1ec3 t\u1ea1o m\u1ed9t trang PHP m\u1eabu v\u00e0 \u0111\u01b0a v\u00e0o&nbsp;<code>\/var\/www\/html<\/code>\u0111\u1ec3 ki\u1ec3m tra xem PHP c\u00f3 ho\u1ea1t \u0111\u1ed9ng tr\u00ean m\u00e1y ch\u1ee7 hay kh\u00f4ng.<\/p>\n<h2 id=\"next-steps\">C\u00e1c b\u01b0\u1edbc ti\u1ebfp theo<a href=\"https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/#next-steps\"><\/a><\/h2>\n<p>B\u00e2y gi\u1edd b\u1ea1n \u0111\u00e3 quen thu\u1ed9c v\u1edbi Playbooks, b\u1ea1n c\u00f3 th\u1ec3 ti\u1ebfp t\u1ee5c t\u00ecm hi\u1ec3u th\u00eam v\u1ec1 Ansible. GitHub c\u1ee7a Ansible cung c\u1ea5p m\u1ed9t s\u1ed1 v\u00ed d\u1ee5 v\u1ec1 Playbooks m\u00e0 b\u1ea1n c\u00f3 th\u1ec3 tham kh\u1ea3o \u0111\u1ec3 t\u00ecm hi\u1ec3u c\u00e1c t\u00f9y ch\u1ecdn v\u00e0 m\u1eabu tri\u1ec3n khai kh\u00e1c nhau. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t s\u1ed1 ch\u1ee7 \u0111\u1ec1 b\u1ea1n c\u00f3 th\u1ec3 kh\u00e1m ph\u00e1 \u0111\u1ec3 t\u00ecm hi\u1ec3u c\u00e1ch x\u00e2y d\u1ef1ng Playbooks ph\u1ee9c t\u1ea1p h\u01a1n:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/ansible\/ansible-examples\" target=\"_blank\" rel=\"noreferrer noopener\">S\u1ed5 tay h\u01b0\u1edbng d\u1eabn Ansible (GitHub)<\/a>\n<ul>\n<li><a href=\"https:\/\/github.com\/ansible\/ansible-examples\/tree\/master\/wordpress-nginx\" target=\"_blank\" rel=\"noreferrer noopener\">WordPress + nginx + PHP-FPM<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/ansible\/ansible-examples\/tree\/master\/lamp_simple\" target=\"_blank\" rel=\"noreferrer noopener\">\u0110\u01a1n gi\u1ea3n LAMP Stack<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/ansible\/ansible-examples\/tree\/master\/mongodb\" target=\"_blank\" rel=\"noreferrer noopener\">C\u1ee5m MongoDB \u0111\u01b0\u1ee3c ph\u00e2n m\u1ea3nh, s\u1eb5n s\u00e0ng cho s\u1ea3n xu\u1ea5t<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"http:\/\/docs.ansible.com\/ansible\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">T\u00e0i li\u1ec7u Ansible<\/a><\/li>\n<li>C\u00e1c ch\u1ee7 \u0111\u1ec1 quan tr\u1ecdng ti\u1ebfp theo:\n<ul>\n<li><a href=\"http:\/\/docs.ansible.com\/ansible\/playbooks_intro.html#hosts-and-users\" target=\"_blank\" rel=\"noreferrer noopener\">Ng\u01b0\u1eddi d\u00f9ng, v\u00e0 Chuy\u1ec3n \u0111\u1ed5i Ng\u01b0\u1eddi d\u00f9ng<\/a>&nbsp;v\u00e0&nbsp;<a href=\"http:\/\/docs.ansible.com\/ansible\/become.html\" target=\"_blank\" rel=\"noreferrer noopener\">T\u0103ng quy\u1ec1n<\/a><\/li>\n<li><a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/user_guide\/playbooks_handlers.html\" target=\"_blank\" rel=\"noreferrer noopener\">Ng\u01b0\u1eddi x\u1eed l\u00fd: Ch\u1ea1y c\u00e1c ho\u1ea1t \u0111\u1ed9ng khi thay \u0111\u1ed5i<\/a><\/li>\n<li><a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/user_guide\/playbooks_reuse_roles.html\" target=\"_blank\" rel=\"noreferrer noopener\">Vai tr\u00f2<\/a><\/li>\n<li><a href=\"https:\/\/docs.ansible.com\/ansible\/latest\/user_guide\/playbooks_variables.html\" target=\"_blank\" rel=\"noreferrer noopener\">Bi\u1ebfn s\u1ed1<\/a><\/li>\n<li><a href=\"http:\/\/docs.ansible.com\/ansible\/playbooks_best_practices.html\" target=\"_blank\" rel=\"noreferrer noopener\">Th\u1ef1c h\u00e0nh t\u1ed1t nh\u1ea5t c\u1ee7a Playbook<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Ngu\u1ed3n: https:\/\/www.linode.com\/docs\/guides\/running-ansible-playbooks\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Playbook&nbsp;\u0111\u1ecbnh ngh\u0129a m\u1ed9t t\u1eadp h\u1ee3p c\u00e1c t\u00e1c v\u1ee5 \u0111\u01b0\u1ee3c Ansible th\u1ef1c hi\u1ec7n tr\u00ean m\u1ed9t nh\u00f3m c\u00e1c n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd. Trong khi b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng Ansible \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c t\u00e1c v\u1ee5 m\u1ed9t l\u1ea7n th\u00f4ng qua d\u00f2ng l\u1ec7nh, Playbook c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng l\u1ea1i, chia s\u1ebb gi\u1eefa c\u00e1c nh\u00f3m, ki\u1ec3m so\u00e1t phi\u00ean<\/p>\n","protected":false},"author":1,"featured_media":35672,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129],"tags":[],"class_list":["post-34910","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ansible"],"_links":{"self":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts\/34910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/comments?post=34910"}],"version-history":[{"count":0,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts\/34910\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/media\/35672"}],"wp:attachment":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/media?parent=34910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/categories?post=34910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/tags?post=34910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}