附加-ansible-playbook-roles初始化centos系統(tǒng)案例

[root@localhost ~]# tree ansible-playbook-centos7.x-init-roles
ansible-playbook-centos7.x-init-roles
├── host
│?? └── hosts
├── playbook-all-roles.yml
└── roles
? ?└── init
? ? ? ?├── default
? ? ? ?├── files
? ? ? ?│?? ├── cent7.9-zdy.repo
? ? ? ?│?? ├── change_root_pass.sh
? ? ? ?│?? ├── config_ntp_tongbu.sh
? ? ? ?│?? └── set_wenjian_jubing.sh
? ? ? ?├── handlers
? ? ? ?├── meta
? ? ? ?├── tasks
? ? ? ?│?? ├── 10_change_root_pass.yml
? ? ? ?│?? ├── 1_create_.ssh_dir.yml
? ? ? ?│?? ├── 2_cp_public_key.yml
? ? ? ?│?? ├── 3_stop_firewalld.yml
? ? ? ?│?? ├── 4_close_selinux.yml
? ? ? ?│?? ├── 5_set_wenjian_jubing.yml
? ? ? ?│?? ├── 6_config_zdy_yum.yml
? ? ? ?│?? ├── 7_install_yilai_tools.yml
? ? ? ?│?? ├── 8_config_ntp_tongbu.yml
? ? ? ?│?? ├── 9_change_ssh_port.yml
? ? ? ?│?? └── main.yml
? ? ? ?├── templates
? ? ? ?└── vars
? ? ? ? ? ?└── main.yml
[root@localhost ~]# cd ansible-playbook-centos7.x-init-roles
[root@localhost ansible-playbook-centos7.x-init-roles]# ls
host ?playbook-all-roles.yml ?roles
[root@localhost ansible-playbook-centos7.x-init-roles]# cat host/hosts
[test]
192.168.171.129 ?ansible_ssh_user="root" ansible_ssh_pass="123456" ansible_ssh_port=22
192.168.171.130 ?ansible_ssh_user="root" ansible_ssh_pass="123456" ansible_ssh_port=22
[root@localhost ansible-playbook-centos7.x-init-roles]# cat playbook-all-roles.yml
#test: 為/etc/ansible/hosts中的主機(jī)列表 ?#task: 執(zhí)行的任務(wù)
#name: 描述信息 ? ? ? ? ? ? ? ? ? ? ?#yum: yum模塊,安裝服務(wù)的
#copy: copy模塊,遠(yuǎn)程傳遞文件的 ? ? ? #file: file模塊,遠(yuǎn)程創(chuàng)建目錄的
#service: service模塊,遠(yuǎn)程管理服務(wù)的
#remote_user: root 是指定遠(yuǎn)程主機(jī)上使用的用戶
#gather_facts: no 是默認(rèn)執(zhí)行playbook時(shí)候,默認(rèn)會(huì)收集目標(biāo)主機(jī)的信息,禁用掉能提高效率
---
#httpd role
- hosts: test
?remote_user: root
?gather_facts: no
?#下面是調(diào)用相應(yīng)的role,調(diào)用哪些role就部署哪些
?roles:
? ?- role: init
? ?#- role: nginx
? ?#- role: httpd
[root@localhost ansible-playbook-centos7.x-init-roles]# ls
host ?playbook-all-roles.yml ?roles
[root@localhost ansible-playbook-centos7.x-init-roles]# cd roles/
[root@localhost roles]# ls
init
[root@localhost roles]# cd init/
[root@localhost init]# ls
default ?files ?handlers ?meta ?tasks ?templates ?vars
[root@localhost init]# ls default/
為空，沒(méi)用到
[root@localhost init]# ls meta/
為空，沒(méi)用到
[root@localhost init]# ls templates/
為空，沒(méi)用到
[root@localhost init]# ls handlers/
為空，沒(méi)用到
[root@localhost init]# ls files/ ? ? ? ? ? ? ? #準(zhǔn)備要傳輸?shù)南嚓P(guān)文件
cent7.9-zdy.repo ?change_root_pass.sh ?config_ntp_tongbu.sh ?set_wenjian_jubing.sh
[root@localhost init]# cat files/change_root_pass.sh
#!/bin/bash
echo 'QAZwsx!@#456' |passwd --stdin root
[root@localhost init]# cat files/config_ntp_tongbu.sh
#!/bin/bash
sed -i 's/server 0.centos.pool.ntp.org iburst/#server 0.centos.pool.ntp.org iburst/g' /etc/ntp.conf
sed -i 's/server 1.centos.pool.ntp.org iburst/#server 1.centos.pool.ntp.org iburst/g' /etc/ntp.conf
sed -i 's/server 2.centos.pool.ntp.org iburst/server 172.32.10.3 iburst/g' /etc/ntp.conf
sed -i 's/server 3.centos.pool.ntp.org iburst/server 172.32.10.5 iburst/g' /etc/ntp.conf
systemctl restart ntpd
systemctl enable ntpd
[root@localhost init]# cat files/set_wenjian_jubing.sh
#!/bin/bash
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
echo "* soft nproc 4096" >> /etc/security/limits.conf
echo "* hard nproc 4096" >> /etc/security/limits.conf
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -p
[root@localhost init]# cat files/cent7.9-zdy.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. ?You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[root@localhost init]# ls vars/
main.yml
[root@localhost init]# cat vars/main.yml
src_public_key: "/root/.ssh/id_rsa.pub"
des_public_key: "/root/.ssh/authorized_keys"
user_home: "/root"
ssh_dir: ".ssh"
src_wenjian_jubing: "set_wenjian_jubing.sh"
des_wenjian_jubing: "/tmp/set_wenjian_jubing.sh"
yum_path: "/etc/yum.repos.d"
src_yum_repo: "cent7.9-zdy.repo"
des_yum_repo: "/etc/yum.repos.d/cent7.9-zdy.repo"
src_config_ntp: "config_ntp_tongbu.sh"
des_config_ntp: "/tmp/config_ntp_tongbu.sh"
src_pass: "change_pass.sh"
des_pass: "/tmp/change_pass.sh"
src_change_root_pass: "change_root_pass.sh"
des_change_root_pass: "/tmp/change_root_pass.sh"
[root@localhost init]# cd tasks/
[root@localhost tasks]# ls
10_change_root_pass.yml ?2_cp_public_key.yml ? 4_close_selinux.yml ? ? ? 6_config_zdy_yum.yml ? ? ? 8_config_ntp_tongbu.yml ?main.yml
1_create_.ssh_dir.yml ? ?3_stop_firewalld.yml ?5_set_wenjian_jubing.yml ?7_install_yilai_tools.yml ?9_change_ssh_port.yml
[root@localhost tasks]# cat main.yml
- include: 1_create_.ssh_dir.yml
- include: 2_cp_public_key.yml
- include: 3_stop_firewalld.yml
- include: 4_close_selinux.yml
- include: 5_set_wenjian_jubing.yml
- include: 6_config_zdy_yum.yml
- include: 7_install_yilai_tools.yml
- include: 8_config_ntp_tongbu.yml
- include: 9_change_ssh_port.yml
- include: 10_change_root_pass.yml
[root@localhost tasks]# cat 1_create_.ssh_dir.yml
#遠(yuǎn)程創(chuàng)建.ssh目錄,供免密登錄存放公鑰使用,下面是判斷.ssh目錄是否存在,不存在再創(chuàng)建,存在則跳過(guò)不創(chuàng)建
- name: create .ssh dir
?shell: cd {{ user_home }} &&
? ? ? ? [ ! -d {{ ssh_dir }} ] ?&& ?mkdir {{ ssh_dir }} || break
[root@localhost tasks]# cat 2_cp_public_key.yml
#拷貝公鑰到被管理服務(wù)器
- name: copy public key to lists
?copy: src={{ src_public_key }} ?dest={{ des_public_key }} mode=600
[root@localhost tasks]# cat 3_stop_firewalld.yml
#關(guān)閉防火墻
- name: stop firewalld
?service: name=firewalld state=stopped enabled=no
[root@localhost tasks]# cat 4_close_selinux.yml
#關(guān)閉selinux
- name: linshi close selinux
?shell: setenforce 0
- name: yongjiu close selinux
?replace:
? ?path: /etc/selinux/config
? ?regexp: '^SELINUX=enforcing'
? ?replace: 'SELINUX=disabled'
[root@localhost tasks]# cat 5_set_wenjian_jubing.yml
#傳輸設(shè)置文件句柄腳本并執(zhí)行腳本
- name: set wenjian jubing
?copy: src={{ src_wenjian_jubing }} dest={{ des_wenjian_jubing }}
- name: exec jiaoben
?shell: sh {{ des_wenjian_jubing }}
[root@localhost tasks]# cat 6_config_zdy_yum.yml
#備份yum源的repo文件
- name: backup yuan yum repo
?shell: cd {{ yum_path }} &&
? ? ? ? [ ! -d bak ] && mkdir bak || break &&
? ? ? ? cp *.repo bak &&
? ? ? ? rm -f *.repo
#傳輸自定義yum源的repo文件
- name: config zidingyi yum repo
?copy: src={{ src_yum_repo }} dest={{ des_yum_repo }}
[root@localhost tasks]# cat 7_install_yilai_tools.yml
#安裝相應(yīng)的依賴工具
- name: yum install yilai tools
?yum: name=ntp,wget,lrzsz,vim,net-tools,gcc,gcc-c++,telnet,traceroute
[root@localhost tasks]# cat 8_config_ntp_tongbu.yml
#傳輸并使用設(shè)置時(shí)間同步腳本并啟動(dòng)ntp同步服務(wù),同步內(nèi)網(wǎng)ntp時(shí)間服務(wù)器時(shí)間
- name: config ntp tongbu
?copy: src={{ src_config_ntp }} dest={{ des_config_ntp }}
- name: exec ntp shell
?shell: sh {{ des_config_ntp }}
[root@localhost tasks]# cat 9_change_ssh_port.yml
#修改ssh端口并重啟ssh服務(wù)
- name: change ssh port
?replace:
? ?path: /etc/ssh/sshd_config
? ?regexp: '^#Port 22'
? ?replace: 'Port 5522'
- name: restart sshd
?service: name=sshd state=restarted
[root@localhost tasks]# cat 10_change_root_pass.yml
#傳輸修改root密碼腳本并執(zhí)行
- name: transfer change root pass jiaoben
?copy: src={{ src_change_root_pass }} ?dest={{ des_change_root_pass }}
- name: exec change root pass jiaoben
?shell: sh {{ des_change_root_pass }}
[root@localhost tasks]# cd ..
[root@localhost init]# ls
default ?files ?handlers ?meta ?tasks ?templates ?vars
[root@localhost init]# cd ..
[root@localhost roles]# cd ..
[root@localhost ansible-playbook-centos7.x-init-roles]# ls
host ?playbook-all-roles.yml ?roles
[root@localhost ansible-playbook-centos7.x-init-roles]# ansible-playbook -i host/hosts playbook-all-roles.yml ? #執(zhí)行即可