Ansible-playbook服务器初始化
一、什么是Playbook
playbook可以理解为ansible的shell脚本,它是一个编排工具,作用是使用编排出能够重复利用的ansible脚本,并并发处理多台服务器。
二、playbook使用事件
1.服务器初始化
(1)playbook的task任务
#本脚本用来进行Centos7系统初始化,请谨慎使用 ########Yum Tools########
- name: Update yum repo
copy: src={{ item }} dest=/etc/yum.repos.d/
with_fileglob:
- yum/CentOS-Base.repo
- yum/docker-ce.repo - name: Basic lib install
yum: name={{ item }} state=latest update_cache=yes
with_items:
- epel-release
- libselinux-python
- glibc
- gcc
- make
- cmake
- zlib
- python-pip - name: Basic tools install
yum: name={{ item }} state=latest update_cache=yes
with_items:
- zip
- net-tools
- lrzsz
- htop
- axel
- wget
- curl
- telnet
- iotop
- vim
- dmidecode
- sysstat
- ntp
- net-snmp
- rsync ########Selinux Firewalld Disable########
- name: Selinux dsiable
lineinfile:
dest: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled' - name: Selinux stop
selinux: state=disabled - name: Firewalld disable
service: name=firewalld state=stopped enabled=no ########Ulimit Init########
- name: Ulimit change
shell: ulimit -SHn 102400 - name: Ulimit change rc.local
lineinfile:
dest: /etc/rc.local
regexp: 'ulimit -SHn 102400'
backrefs: no
line: 'ulimit -SHn 102400' - name: Change limits.conf soft
lineinfile:
dest: /etc/security/limits.conf
regexp: '\* soft nofile [0-9]+'
backrefs: no
line: '* soft nofile 102400' - name: Change limits.conf hard
lineinfile:
dest: /etc/security/limits.conf
regexp: '\* hard nofile [0-9]+'
backrefs: no
line: '* hard nofile 102400' - name: Change system.conf DefaultLimitCORE
lineinfile:
dest: /etc/systemd/system.conf
regexp: 'DefaultLimitCORE'
backrefs: no
line: 'DefaultLimitCORE=infinity' - name: Change system.conf DefaultLimitNOFILE
lineinfile:
dest: /etc/systemd/system.conf
regexp: 'DefaultLimitNOFILE'
backrefs: no
line: 'DefaultLimitNOFILE=100000' - name: Change system.conf
lineinfile:
dest: /etc/systemd/system.conf
regexp: 'DefaultLimitNPROC'
backrefs: no
line: 'DefaultLimitNPROC=100000' ########Change Hostname########
- hostname : name={{ hostname }} - name: Add hosts
lineinfile:
dest: /etc/hosts
line: '{{ ansible_eth0.ipv4.address }} {{ hostname }}' ########Disk Init########
#- name: New Disk Partition
# script: scripts/disk.sh "{{ disk }}" #执行 disk.sh 参数{{ disk }} 对应xfs.yml的disk: /dev/vdb #磁盘名字
# become: yes
# become_method: sudo #- name: New Disk Format(xfs)
# filesystem: fstype=xfs dev="{{ partition }}" opts="-fn ftype=1" #格式化磁盘分区
# become: yes
# become_method: sudo #- name: New Disk Mount
# mount: name="{{ mountDir }}" src="{{ partition }}" fstype=xfs state=mounted #挂在目录
# become: yes
# become_method: sudo ########Create Directory########
- name: Create Directory
file: path={{ item }} state=directory
with_items:
- /opt/hxapps
- /opt/hxwww
- /opt/hxlog/
- /opt/hxscripts
- /opt/hxupload
- /opt/hxbackup ########Docker install########
- name: Install docker
yum: name=docker-ce state=present
async: 0
poll: 10 - name: config docker Storage type and location
lineinfile:
dest: /usr/lib/systemd/system/docker.service
regexp: '^ExecStart='
line: 'ExecStart=/usr/bin/dockerd --graph=/opt/docker' - service: name=docker enabled=yes state=started - name: Install docker-compose
shell: pip install docker-compose
async: 0
poll: 10 ########Ssh Init#######
- name: Open ssh PubkeyAuthentication
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '#PubkeyAuthentication yes'
backrefs: yes
line: 'PubkeyAuthentication yes' - name: Open ssh AuthorizedKeysFile
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '#AuthorizedKeysFile'
backrefs: yes
line: 'AuthorizedKeysFile' - name: Close ssh PasswordAuthentication
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication yes'
backrefs: yes
line: 'PasswordAuthentication no' - name: Change ssh port
lineinfile:
dest: /etc/ssh/sshd_config
regexp: '#Port 22'
backrefs: yes
line: 'Port 8022' - name: Echo /etc/ssh/sshd_config
shell: egrep "Port|AuthorizedKeysFile|PubkeyAuthentication|PasswordAuthentication" /etc/ssh/sshd_config - name: Create .ssh
file: path=/root/.ssh owner=root group=root mode=700 state=directory - name: Add keys
copy: src=public_key/authorized_keys dest=/root/.ssh/authorized_keys owner=root group=root mode=600 - name: Restart sshd
service: name=sshd state=restarted enabled=yes
(2)引用的disk.sh
#!/bin/bash DISK=$ CHECK_EXIST=`/sbin/fdisk -l > /dev/null | grep -o "$DISK"`
[ ! "$CHECK_EXIST" ] && { echo "Error: Disk is not found !"; exit ;} echo "" > /tmp/disk.log CHECK_DISK_EXIST=`/sbin/fdisk -l > /dev/null | grep -o "$DISK[1-9]"`
[ ! "$CHECK_DISK_EXIST" ] || { echo "WARNING: ${CHECK_DISK_EXIST} is Partition already !"; exit ;} echo "" > /tmp/disk.log /sbin/fdisk /dev/sdb<<EOF
d
n
p t w
EOF
(3)执行的sysinit.yml
- hosts: sysinit
vars:
disk: /dev/vdb
partition: /dev/vdb1
mountDir: /opt
roles:
- sysinit
(4)inventory文件
########Init hosts list########
#[groups:children]
#group
#[groups:vars]
#ansible_ssh_port=
#ansible_user=root [sysinit:vars]
ansible_user=root #远程用户
ansible_port= #远程端口
ansible_ssh_pass=dingkai. #远程密码 [sysinit]
#服务器IP hostname=服务器主机名
Ansible-playbook服务器初始化的更多相关文章
- Ansible playbook 批量修改服务器密码 先普通后root用户
fsckzy Ansible playbook 批量修改服务器密码 客户的需求:修改所有服务器密码,密码规则为Rfv5%+主机名后3位 背景:服务器有CentOS6.7,SuSE9.10.11,r ...
- ansible roles实践——服务器初始化
1.服务器初始化可以做哪些工作 关闭selinux ntp同步时间 修改dns为自建dns 配置ssh互信 修改yum源 设置主机名 内核参数优化 安装jdk 2.roles编写
- Ansible:roles初始化系统
简介 本文介绍ansible的roles,通过roles来实现系统的初始化,其相当于将ansible的playbook拆分.本文通过Jenkins,传参,调用playbook来初始化系统. Githu ...
- ansible-playbook编写服务器初始化脚本
1.原理:通过limit的参数,限制新定义的服务器.即可给新买的服务器初始化优化.(如下图所示) 首先我们编写一个总入口的palybook脚本: init.yml --- - hosts: all u ...
- ansible playbook批量改ssh配置文件,远程用户Permission denied
最近手里的数百台服务器需要改/etc/ssh/sshd_config的参数,禁止root直接登陆,也就是说 [root@t0 ~]# cat /etc/ssh/sshd_config | grep R ...
- ansible笔记(10):初识ansible playbook
ansible笔记():初识ansible playbook 假设,我们想要在test70主机上安装nginx并启动,我们可以在ansible主机中执行如下3条命令 ansible test70 -m ...
- 写Ansible playbook添加zabbix被监控的对象
本主题达到的效果是能通过编写Ansible Playbook,创建zabbix主机组,把被监控的对象加入到zabbix监控系统中,同时链接到对象的模板. 1.准备工作 在zabbix服务器上面,我们需 ...
- ansible playbook模式及语法
一.什么是playbook及其组成 什么是playbook playbook 翻译过来就是"剧本" playbook的组成 play:定义的是主机的角色 task:定义的是具体执行 ...
- ansible - playbook(剧组)
目录 ansible - playbook(剧组) 常用命令 五种传参方式 常用元素详解 tags handlers template when 循环 嵌套循环 ansible - playbook( ...
随机推荐
- Python 爬虫插件
#coding:utf-8import sys,urllib2,re,Queuesys.path.append("..") from lib.Http_Class import H ...
- 【NOIP2016提高A组集训第1场10.29】完美标号
题目 给定M个二元组(A_i, B_i),求X_1, ..., X_N满足:对于任意(A_i, B_i),有|X_{A_i} - X_{B_i}| = 1成立. 分析 显然,对于二元组(x,y),X_ ...
- 关于 ATL 中 CComControl 的构造
分享一篇 C++语言 & ATL 的高阶解读笔记,你需要在C++语言特性中上串下跳,应该算篇有质量的文章. class ATL_NO_VTABLE CHello : // ... public ...
- jmeter--单个接口通,自动化不通时
单个接口通,自动化不通时,对比两者请求 post 请求的格式,内容编码
- IDEA如何将git下来的是工程转为maven工程
1.在工程名称上右击并点击[Add Framework Support] 2.在打开的[Add Framework Support]窗口中在左侧栏找到[Maven]选项并勾上并点击[OK]按钮.
- CodeForces 1100F Ivan and Burgers
CodeForces题面 Time limit 3000 ms Memory limit 262144 kB Source Codeforces Round #532 (Div. 2) Tags da ...
- pyCharm报错"your evaluation license has expired, pycharm will now exit"解决方法(实测)
一.修改C:\Windows\System32\drivers\etc 目录下的hosts文件 1.打开hosts文件,路径是 c:\windows\system32\drivers\etc\host ...
- Vue中基本指令用法
指令在Vue中是个很重要的功能,在Vue项目中是必不可少的.根据官网的介绍,指令 (Directives) 是带有 v- 前缀的特殊属性.指令的职责是,当表达式的值改变时,将其产生的连带影响,响应式地 ...
- 关于spring data jpa的@query的传入参数是对象怎么匹配参数
/** * Specifies methods used to obtain and modify person related information * which is stored in th ...
- Java第一次学习总结
学习内容: 1.java是本学期刚刚接触新的一种编程语言,与大一C语言在语法上有很多相同之处,不同的是在很多问题上,更加简练,更加易于理解. 例如:输出水仙花数,从C语言近五十行代码缩短近十几行,数据 ...