Ansible-playbook服务器初始化
一、什么是Playbook
playbook可以理解为ansible的shell脚本,它是一个编排工具,作用是使用编排出能够重复利用的ansible脚本,并并发处理多台服务器。
二、playbook使用事件
1.服务器初始化
(1)playbook的task任务
#本脚本用来进行Centos7系统初始化,请谨慎使用 ########Yum Tools########
- name: Update yum repo
copy: src={{ item }} dest=/etc/yum.repos.d/
with_fileglob:
- yum/CentOS-Base.repo
- yum/docker-ce.repo - name: Basic lib install
yum: name={{ item }} state=latest update_cache=yes
with_items:
- epel-release
- libselinux-python
- glibc
- gcc
- make
- cmake
- zlib
- python-pip - name: Basic tools install
yum: name={{ item }} state=latest update_cache=yes
with_items:
- zip
- net-tools
- lrzsz
- htop
- axel
- wget
- curl
- telnet
- iotop
- vim
- dmidecode
- sysstat
- ntp
- net-snmp
- rsync ########Selinux Firewalld Disable########
- name: Selinux dsiable
lineinfile:
dest: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled' - name: Selinux stop
selinux: state=disabled - name: Firewalld disable
service: name=firewalld state=stopped enabled=no ########Ulimit Init########
- name: Ulimit change
shell: ulimit -SHn 102400 - name: Ulimit change rc.local
lineinfile:
dest: /etc/rc.local
regexp: 'ulimit -SHn 102400'
backrefs: no
line: 'ulimit -SHn 102400' - name: Change limits.conf soft
lineinfile:
dest: /etc/security/limits.conf
regexp: '\* soft nofile [0-9]+'
backrefs: no
line: '* soft nofile 102400' - name: Change limits.conf hard
lineinfile:
dest: /etc/security/limits.conf
regexp: '\* hard nofile [0-9]+'
backrefs: no
line: '* hard nofile 102400' - name: Change system.conf DefaultLimitCORE
lineinfile:
dest: /etc/systemd/system.conf
regexp: 'DefaultLimitCORE'
backrefs: no
line: 'DefaultLimitCORE=infinity' - name: Change system.conf DefaultLimitNOFILE
lineinfile:
dest: /etc/systemd/system.conf
regexp: 'DefaultLimitNOFILE'
backrefs: no
line: 'DefaultLimitNOFILE=100000' - name: Change system.conf
lineinfile:
dest: /etc/systemd/system.conf
regexp: 'DefaultLimitNPROC'
backrefs: no
line: 'DefaultLimitNPROC=100000' ########Change Hostname########
- hostname : name={{ hostname }} - name: Add hosts
lineinfile:
dest: /etc/hosts
line: '{{ ansible_eth0.ipv4.address }} {{ hostname }}' ########Disk Init########
#- name: New Disk Partition
# script: scripts/disk.sh "{{ disk }}" #执行 disk.sh 参数{{ disk }} 对应xfs.yml的disk: /dev/vdb #磁盘名字
# become: yes
# become_method: sudo #- name: New Disk Format(xfs)
# filesystem: fstype=xfs dev="{{ partition }}" opts="-fn ftype=1" #格式化磁盘分区
# become: yes
# become_method: sudo #- name: New Disk Mount
# mount: name="{{ mountDir }}" src="{{ partition }}" fstype=xfs state=mounted #挂在目录
# become: yes
# become_method: sudo ########Create Directory########
- name: Create Directory
file: path={{ item }} state=directory
with_items:
- /opt/hxapps
- /opt/hxwww
- /opt/hxlog/
- /opt/hxscripts
- /opt/hxupload
- /opt/hxbackup ########Docker install########
- name: Install docker
yum: name=docker-ce state=present
async: 0
poll: 10 - name: config docker Storage type and location
lineinfile:
dest: /usr/lib/systemd/system/docker.service
regexp: '^ExecStart='
line: 'ExecStart=/usr/bin/dockerd --graph=/opt/docker' - service: name=docker enabled=yes state=started - name: Install docker-compose
shell: pip install docker-compose
async: 0
poll: 10 ########Ssh Init#######
- name: Open ssh PubkeyAuthentication
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '#PubkeyAuthentication yes'
backrefs: yes
line: 'PubkeyAuthentication yes' - name: Open ssh AuthorizedKeysFile
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '#AuthorizedKeysFile'
backrefs: yes
line: 'AuthorizedKeysFile' - name: Close ssh PasswordAuthentication
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication yes'
backrefs: yes
line: 'PasswordAuthentication no' - name: Change ssh port
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '#Port 22'
backrefs: yes
line: 'Port 8022' - name: Echo /etc/ssh/sshd_config
shell: egrep "Port|AuthorizedKeysFile|PubkeyAuthentication|PasswordAuthentication" /etc/ssh/sshd_config - name: Create .ssh
file: path=/root/.ssh owner=root group=root mode=700 state=directory - name: Add keys
copy: src=public_key/authorized_keys dest=/root/.ssh/authorized_keys owner=root group=root mode=600 - name: Restart sshd
service: name=sshd state=restarted enabled=yes
(2)引用的disk.sh
#!/bin/bash DISK=$ CHECK_EXIST=`/sbin/fdisk -l > /dev/null | grep -o "$DISK"`
[ ! "$CHECK_EXIST" ] && { echo "Error: Disk is not found !"; exit ;} echo "" > /tmp/disk.log CHECK_DISK_EXIST=`/sbin/fdisk -l > /dev/null | grep -o "$DISK[1-9]"`
[ ! "$CHECK_DISK_EXIST" ] || { echo "WARNING: ${CHECK_DISK_EXIST} is Partition already !"; exit ;} echo "" > /tmp/disk.log /sbin/fdisk /dev/sdb<<EOF
d
n
p t w
EOF
(3)执行的sysinit.yml
- hosts: sysinit
vars:
disk: /dev/vdb
partition: /dev/vdb1
mountDir: /opt
roles:
- sysinit
(4)inventory文件
########Init hosts list########
#[groups:children]
#group
#[groups:vars]
#ansible_ssh_port=
#ansible_user=root [sysinit:vars]
ansible_user=root #远程用户
ansible_port= #远程端口
ansible_ssh_pass=dingkai. #远程密码 [sysinit]
#服务器IP hostname=服务器主机名
Ansible-playbook服务器初始化的更多相关文章
- Ansible playbook 批量修改服务器密码 先普通后root用户
fsckzy Ansible playbook 批量修改服务器密码 客户的需求:修改所有服务器密码,密码规则为Rfv5%+主机名后3位 背景:服务器有CentOS6.7,SuSE9.10.11,r ...
- ansible roles实践——服务器初始化
1.服务器初始化可以做哪些工作 关闭selinux ntp同步时间 修改dns为自建dns 配置ssh互信 修改yum源 设置主机名 内核参数优化 安装jdk 2.roles编写
- Ansible:roles初始化系统
简介 本文介绍ansible的roles,通过roles来实现系统的初始化,其相当于将ansible的playbook拆分.本文通过Jenkins,传参,调用playbook来初始化系统. Githu ...
- ansible-playbook编写服务器初始化脚本
1.原理:通过limit的参数,限制新定义的服务器.即可给新买的服务器初始化优化.(如下图所示) 首先我们编写一个总入口的palybook脚本: init.yml --- - hosts: all u ...
- ansible playbook批量改ssh配置文件,远程用户Permission denied
最近手里的数百台服务器需要改/etc/ssh/sshd_config的参数,禁止root直接登陆,也就是说 [root@t0 ~]# cat /etc/ssh/sshd_config | grep R ...
- ansible笔记(10):初识ansible playbook
ansible笔记():初识ansible playbook 假设,我们想要在test70主机上安装nginx并启动,我们可以在ansible主机中执行如下3条命令 ansible test70 -m ...
- 写Ansible playbook添加zabbix被监控的对象
本主题达到的效果是能通过编写Ansible Playbook,创建zabbix主机组,把被监控的对象加入到zabbix监控系统中,同时链接到对象的模板. 1.准备工作 在zabbix服务器上面,我们需 ...
- ansible playbook模式及语法
一.什么是playbook及其组成 什么是playbook playbook 翻译过来就是"剧本" playbook的组成 play:定义的是主机的角色 task:定义的是具体执行 ...
- ansible - playbook(剧组)
目录 ansible - playbook(剧组) 常用命令 五种传参方式 常用元素详解 tags handlers template when 循环 嵌套循环 ansible - playbook( ...
随机推荐
- linux上开启和分析mysql慢查询日志
本人qq群也有许多的技术文档,希望可以为你提供一些帮助(非技术的勿加). QQ群: 281442983 (点击链接加入群:http://jq.qq.com/?_wv=1027&k=29Lo ...
- 使用tensorflow训练word2vec
from http://blog.csdn.net/wangyangzhizhou/article/details/77530479?locationNum=1&fps=1 使用了tensor ...
- C2MIF软件使用说明
1.右击---管理员身份运行 2.打开文件txt---搞定!
- Python 爬虫十六式 - 第二式:urllib 与 urllib3
Python请求标准库 urllib 与 urllib3 学习一时爽,一直学习一直爽! 大家好,我是 Connor,一个从无到有的技术小白.上一次我们说到了什么是HTTP协议,那么这一次我们就要动 ...
- _vimrc
set nocompatible source $VIMRUNTIME/vimrc_example.vim source $VIMRUNTIME/mswin.vim behave mswin set ...
- MySQL的(@i:=@i+1)用处及用法
今天写一个为查询的数据排序列号的SQL语句,整理出来下面的笔记: 这是语法: SELECT (@i:=@i+1),t.* FROM table_name t,(SELECT @i:=0) AS j ...
- Unity PlayerPrefs 存储的位置
Mac OS 在Mac OS X上PlayerPrefs是存储在~/Library/Preferences文件夹,名为unity.[company name].[product name].plist ...
- wannalfy 挑战赛7 E 珂朵莉与GCD (离线+线段树/树状数组)
链接:https://www.nowcoder.com/acm/contest/56/E 时间限制:C/C++ 5秒,其他语言10秒 空间限制:C/C++ 716800K,其他语言1433600K 6 ...
- android 对话框显示工具类
这个工具类非常简单,但是将显示dialog的方法统一封装,能够大大减少代码重复 package com.ctbri.weather.utils; import android.app.AlertDia ...
- mysqli使用localhost问题
<?php $mysqli = new mysqli('localhost', 'root', '123456', 'mysql'); if ($mysqli->connect_error ...