Ansible-playbook服务器初始化

Posted dingkailinux

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Ansible-playbook服务器初始化相关的知识,希望对你有一定的参考价值。

一、什么是Playbook

playbook可以理解为ansible的shell脚本,它是一个编排工具,作用是使用编排出能够重复利用的ansible脚本,并并发处理多台服务器。

 

二、playbook使用事件

1.服务器初始化

(1)playbook的task任务

#本脚本用来进行Centos7系统初始化,请谨慎使用

########Yum Tools########
- name: Update yum repo
  copy: src={{ item  }} dest=/etc/yum.repos.d/
  with_fileglob:
  - yum/CentOS-Base.repo
  - yum/docker-ce.repo

- name: Basic lib install
  yum: name={{ item }} state=latest update_cache=yes
  with_items:
  - epel-release
  - libselinux-python
  - glibc
  - gcc
  - make
  - cmake
  - zlib
  - python-pip

- name: Basic tools install
  yum: name={{ item }} state=latest update_cache=yes
  with_items:
  - zip
  - net-tools
  - lrzsz
  - htop
  - axel
  - wget
  - curl
  - telnet
  - iotop
  - vim
  - dmidecode
  - sysstat
  - ntp
  - net-snmp
  - rsync

########Selinux Firewalld Disable########
- name: Selinux dsiable
  lineinfile:
    dest: /etc/selinux/config
    regexp: ‘^SELINUX=‘
    line: ‘SELINUX=disabled‘

- name: Selinux stop
  selinux: state=disabled

- name: Firewalld disable
  service: name=firewalld state=stopped enabled=no

########Ulimit Init########
- name: Ulimit change
  shell: ulimit -SHn 102400

- name: Ulimit change rc.local
  lineinfile:
    dest: /etc/rc.local
    regexp: ‘ulimit -SHn 102400‘
    backrefs: no
    line: ‘ulimit -SHn 102400‘

- name: Change limits.conf soft
  lineinfile:
    dest: /etc/security/limits.conf
    regexp: ‘\* soft nofile [0-9]+‘
    backrefs: no
    line: ‘* soft nofile 102400‘

- name: Change limits.conf hard
  lineinfile:
    dest: /etc/security/limits.conf
    regexp: ‘\* hard nofile [0-9]+‘
    backrefs: no
    line: ‘* hard nofile 102400‘

- name: Change system.conf DefaultLimitCORE
  lineinfile:
    dest: /etc/systemd/system.conf
    regexp: ‘DefaultLimitCORE‘
    backrefs: no
    line: ‘DefaultLimitCORE=infinity‘

- name: Change system.conf DefaultLimitNOFILE
  lineinfile:
    dest: /etc/systemd/system.conf
    regexp: ‘DefaultLimitNOFILE‘
    backrefs: no
    line: ‘DefaultLimitNOFILE=100000‘

- name: Change system.conf 
  lineinfile:
    dest: /etc/systemd/system.conf
    regexp: ‘DefaultLimitNPROC‘
    backrefs: no
    line: ‘DefaultLimitNPROC=100000‘

########Change Hostname########
- hostname : name={{ hostname }}

- name: Add hosts
  lineinfile:
    dest: /etc/hosts
    line: ‘{{ ansible_eth0.ipv4.address }}  {{ hostname }}‘

########Disk Init########
#- name: New Disk Partition
#  script: scripts/disk.sh "{{ disk }}" #执行 disk.sh 参数{{ disk }} 对应xfs.yml的disk:  /dev/vdb #磁盘名字
#  become: yes
#  become_method: sudo

#- name: New Disk Format(xfs)
#  filesystem: fstype=xfs dev="{{ partition }}" opts="-fn ftype=1" #格式化磁盘分区
#  become: yes
#  become_method: sudo

#- name: New Disk Mount
#  mount: name="{{ mountDir }}" src="{{ partition }}" fstype=xfs state=mounted #挂在目录
#  become: yes
#  become_method: sudo

########Create Directory########
- name: Create Directory
  file: path={{ item }} state=directory
  with_items:
    - /opt/hxapps
    - /opt/hxwww
    - /opt/hxlog/
    - /opt/hxscripts
    - /opt/hxupload
    - /opt/hxbackup

########Docker install########
- name: Install docker
  yum: name=docker-ce state=present
  async: 0
  poll: 10

- name: config docker Storage type and location
  lineinfile:
    dest: /usr/lib/systemd/system/docker.service
    regexp: ‘^ExecStart=‘
    line: ‘ExecStart=/usr/bin/dockerd --graph=/opt/docker‘

- service: name=docker enabled=yes state=started

- name: Install docker-compose
  shell: pip install docker-compose
  async: 0
  poll: 10

########Ssh Init#######
- name: Open ssh PubkeyAuthentication
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ‘#PubkeyAuthentication yes‘
    backrefs: yes
    line: ‘PubkeyAuthentication yes‘

- name: Open ssh AuthorizedKeysFile
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ‘#AuthorizedKeysFile‘
    backrefs: yes
    line: ‘AuthorizedKeysFile‘

- name: Close ssh PasswordAuthentication
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ‘^PasswordAuthentication yes‘
    backrefs: yes
    line: ‘PasswordAuthentication no‘

- name: Change ssh port
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ‘#Port 22‘
    backrefs: yes
    line: ‘Port 8022‘

- name: Echo /etc/ssh/sshd_config
  shell: egrep "Port|AuthorizedKeysFile|PubkeyAuthentication|PasswordAuthentication" /etc/ssh/sshd_config

- name: Create .ssh
  file: path=/root/.ssh owner=root group=root mode=700 state=directory

- name: Add keys
  copy: src=public_key/authorized_keys dest=/root/.ssh/authorized_keys owner=root group=root mode=600

- name: Restart sshd
  service: name=sshd state=restarted enabled=yes

(2)引用的disk.sh

#!/bin/bash

DISK=$1

CHECK_EXIST=`/sbin/fdisk -l 2> /dev/null | grep -o "$DISK"`
[ ! "$CHECK_EXIST" ] && { echo "Error: Disk is not found !"; exit 1;}

echo "1" > /tmp/disk.log

CHECK_DISK_EXIST=`/sbin/fdisk -l 2> /dev/null | grep -o "$DISK[1-9]"`
[ ! "$CHECK_DISK_EXIST" ] || { echo "WARNING: ${CHECK_DISK_EXIST} is Partition already !"; exit 1;}

echo "2" > /tmp/disk.log

/sbin/fdisk /dev/sdb<<EOF
d
n
p
1


t
83
w
EOF

 

(3)执行的sysinit.yml

- hosts: sysinit
  vars:
    disk: /dev/vdb
    partition: /dev/vdb1
    mountDir: /opt
  roles:
     - sysinit

(4)inventory文件

########Init hosts list########
#[groups:children]
#group
#[groups:vars]
#ansible_ssh_port=8022
#ansible_user=root

[sysinit:vars]
ansible_user=root    #远程用户
ansible_port=22        #远程端口
ansible_ssh_pass=dingkai.123    #远程密码

[sysinit]
#服务器IP   hostname=服务器主机名

 

以上是关于Ansible-playbook服务器初始化的主要内容,如果未能解决你的问题,请参考以下文章

ansible-playbook批量部署zabbix

[Docker][ansible-playbook]3 持续集成环境初探

ansible-playbook权限提升多种方式

ansible-playbook权限提升多种方式

Ansible-playbook自动部署MySQL主从

ansible-playbook批量修改密码