ansible 批量配置初始化主机环境
2018-06-14 本文已影响0人
泡面_b7f5
Tree
my_init/
├── hosts
├── roles
│ ├── 1_copy_repo
│ │ ├── files
│ │ │ ├── CentOS-Base.repo
│ │ │ └── epel-7.repo
│ │ └── tasks
│ │ ├── main.retry
│ │ └── main.yml
│ ├── 2_copy_ssh_key
│ │ └── tasks
│ │ ├── main.retry
│ │ └── main.yml
│ ├── 3_close_selinux
│ │ └── tasks
│ │ ├── main.yml
│ │ └── selinux.yml
│ ├── 4_crontab
│ │ └── tasks
│ │ └── main.yml
│ ├── 5_firewalld
│ │ └── tasks
│ │ └── main.yml
│ ├── 6_kernal_optimization
│ │ ├── files
│ │ └── task
│ ├── 7_install_some_must
│ │ └── tasks
│ │ ├── jdk.yml
│ │ ├── main.yml
│ │ ├── mysql.yml
│ │ ├── nginx.yml
│ │ └── php.yml
│ ├── 8_yum_some_common
│ │ └── tasks
│ │ └── main.yml
│ └── 9_sshconfig
│ ├── files
│ │ └── ssh.sh
│ └── tasks
│ └── main.yml
├── site.retry
└── site.yml
site.yml
---
- hosts: all
roles:
- 1_copy_repo
- 2_copy_ssh_key
- 3_close_selinux
- 4_crontab
- 5_firewalld
#- 6_kernal_optimization
- 7_install_some_must
- 8_yum_some_common
- 9_sshconfig
- 一共9个角色
- 1_copy_repo:拷贝阿里云的repo源到目标主机
- 2_copy_ssh_key:拷贝SSHkey到目标主机
- 3_close_selinux:关闭selinux
- 4_crontab:设置时间
- 5_firewalld:配置一些允许访问的端口和主机
- 6_kernal_optimization:内核优化,,还没写好
- 7_install_some_must:安装一些需求的软件
- 8_yum_some_common:安装一些普通软件vim等
- 9_sshconfig:优化ssh连接速度
1_copy_repo
参照我写的ansible 一键部署HAproxy+lnmp中base角色
2_copy_ssh_key
---
- name: set authorized key took from file
authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
- 调用authorized_key模块完成拷贝ssh公钥的操作
3_close_selinux
main.yml
---
- name: get selinux
shell: getenforce
register: sestatus
- include: selinux.yml
when: sestatus.stdout != "Disabled"
- getenforce获取远程主机selinux是否开启
- 开启则包含执行selinux.yml
- 不进行判断的话,如果selinux已经关闭了,就会报错
selinux.yml
---
- shell: setenforce 0
- shell: sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
- shell: sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
- shell: sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
- shell: sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
- 关闭/etc/sysconfig/selinux
- 关闭/etc/selinux/config
另一种关闭selinux的写法
# Enable SELinux
- selinux:
policy: targeted
state: enforcing
# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
policy: targeted
state: permissive
# Disable SELinux
- selinux:
state: disabled
- 直接调用selinux模块进行selinux配置
还有种就是使用script模块调用脚本,不写了不写了- -
4_crontab
---
- cron:
minute: '*/40'
state: present
job: "/usr/sbin/ntpdate time7.aliyun.com >/dev/null 2>&1"
- 调用设置40分钟一次
- 然后设置任务
-使用crontab -e可以查看到
5_firewalld
---
- shell: systemctl enable firewalld
- firewalld:
port: "{{ item }}"
permanent: true
state: enabled
loop:
- 80/tcp
- 8089/tcp
- firewalld:
source: 192.168.65.0/24
zone: internal
state: enabled
permanent: true
- shell: systemctl restart firewalld
- 在公网开放80 8089端口
- 在内网网段开放192.168.65.0/24网段
6_kernal_optimization
- &%*(&(&&%没写好
7_install_some_must
tree
└── tasks
├── jdk.yml
├── main.yml
├── mysql.yml
├── nginx.yml
└── php.yml
nginx.yml
---
- name: Install nginx
yum: name=nginx state=present
- name: restart nginx
service: name=nginx state=restarted
- 有这么多的要安装,其实都类似,会一个其他的都会
---
- include: nginx.yml
when: install_nginx
- include: php.yml
when: install_php
- include: mysql.yml
when: install_mysql
- 判断install_nginx这个值是否为真,再去安装nginx,其他同理
- install_nginx的值在hosts里边定义
- 若是还想安装别的软件可以继续include包含yml文件
放hosts
#安装lnmp
[setup_lnmp]
192.168.65.144
[common]
#安装mysql
[setup_mysql]
[setup_mysql_slave]
#安装java
[setup_java]
#安装java+mysql
[setup_java_mysql]
#安装java+lnmp
[setup_java_lnmp]
#安装nginx
[setup_nginx]
#######################根据实际情况调整##########################
#默认参数
[all:vars]
install_php=false
install_nginx=false
install_mysql=false
is_slave=false
install_jdk=false
[setup_lnmp:vars]
install_php=true
install_nginx=true
install_mysql=true
[setup_mysql:vars]
install_mysql=true
is_slave=false
[setup_mysql_slave:vars]
install_mysql=true
is_slave=true
[setup_java:vars]
install_jdk=true
[setup_java_mysql:vars]
install_jdk=true
install_mysql=true
[setup_java_lnmp:vars]
install_jdk=true
install_php=true
install_nginx=true
install_mysql=true
[setup_nginx:vars]
install_nginx=true
[common:vars]
- 例如:要安装lnmp,就把ip写到setup_lnmp组里边
- 再在下方组里定义变量install_php的值,这是这个组特有的变量,这样来配置主机,妙啊妙啊~
- 而其他角色照常工作,这个只是用来控制7_install_some_must角色
8_yum_some_common
- name: install some sotfware
yum:
name: "{{item}}"
state: latest
loop:
- vim
#- upzip
- ntpdate
- 安装vim
- 安装ntpdate
9_sshconfig
ssh.sh
#!/usr/bin/sh
sed -i 's/\#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/.*GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
- 修改UseDNS为no
- 修改GSSAPIAuthentication为no
main.yml
---
- script: ssh.sh
- service: name=sshd state=restarted
- scrpit模块调用脚本
- 重启服务
结果
部分截图
部分截图
总结
- 除了用yum安装,还可以用rpm包去安装,还不用联网,不过我暂时不想弄(好吧,太麻烦,我不会= =)
- 通过一台安装ansible的主机可以批量初始化主机,节省时间
- 脚本只要编写一遍就可以一直用着
- 运维人员只需要优化脚本就可以了
欢迎关注、点赞、收藏、留言交流。
