Ansible-Playbook批量初始化服务器的实现过程

发布时间:2020-05-25 21:24:59 作者:鸽子
来源:亿速云 阅读:494

初始化步骤

配置ssh密钥认证

$ vim /etc/ansible/hosts
[new]
192.168.56.12
192.168.56.13
在控制节点配置到受控节点的ssh认证方式
# 主控节点执行
$ ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ''
$ for host in 192.168.56.{11..12};do
ssh-keyscan $host >> ~/.ssh/hnow_hosts 2> /dev/null
sshpass -p '123456' ssh-copy-id root@$host &> /dev/null
done

将上面的方案playbook化:

---
- name: config ssh connection
  hosts: new
  gather_facts: false
  tasks:
    - name: configure ssh connection
      shell: |
          ssh-keyscan {{inventory_hostname}} >> ~/.ssh/know_hosts
          sshpass -p '123456' ssh-copy-id root@{{inventory_hostname}} 
ansible命令执行模块

以下的四个模块不满足幂等性

以下命令具备幂等性:

---
- name: modules use
  hosts: new
  gather_facts: false
  tasks:
      - name: use shell module
        shell: cp /tmp/my.cnf /etc/my.cnf
        args:
          creates: /etc/my.cnf
      - name: exec perl scripts
         script: /opt/script.pl
         args:
           executable: perl
重点
---
- name: play1
  hosts: zabbix
  gather_facts: false
  tasks:
    - name: task 1
      debug:
        msg: "{{ inventory_hostname }} is executing task"
      delegate_to: localhost
authorized_key模块

特点:

---
- name: "configure ssh connection"
  hosts: new
  gather_facts: false
  tasks:
    - authorized_key:
        key: "{{lookup('file','~/.ssh/id_rsa.pub')}}"
        state: present
        user: root

外部数据读取的方式:

---
- name: "fileglob and file task"
  hosts: new
  gather_facts: false
  tasks:
    - name: task1
      debug:
        msg: "filenames: {{ lookup('fileglob','/etc/*.conf')}}"
    - name: task2
      debug:
        msg: "filecontents: {{ lookup('file','/etc/hosts')}}
---
- name: "fileglob and files query"
  hosts: new
  gather_facts: false
  tasks:
    - name: "fileglob"
      debug:
        msg: "fileglob {{lookup('fileglob','/etc/*.conf')}}"
    - name: "fileglob wantlist"
      debug:
        msg: "fileglob wantlist {{lookup('fileglob','/etc/*.conf',wantlist=True)}}"
    - name: "query"
      debug:
        msg: "query {{q('fileglob','/etc/*.conf')}}"

设置主机名

使用的是hostname模块,会直接修改/etc/hostname 配置文件

---
- name: set hostname
  hosts: new
  gather_facts: false
  vars:
    hostnames:
      - host: 192.168.56.13
        name: centos7-node3
      - host: 192.168.56.14
        name: centos7-node4
  tasks:
    - name: set hostname
      hostname:
        name: "{{ item.name }}"
      when: item.host == inventory_hostname
      loop: "{{ hostnames }}"

vars变量设置注意:

---
- name: vars task1
  hosts: new
  gather_facts: false
  vars:
    - var1: "value1"
  tasks:
    - name: access value1
      debug:
        msg: "var1 in task1 {{var1}}"

- name: vars task2
  hosts: new
  gather_facts: false
  tasks:
    - name: can not access vars from task1
      debug:
        msg: var1
    - name: set and access var2 in this task
      debug:
        msg: var2
      vars:
        var2: "value2"
    - name: cant access var2
      debug:
        msg: var2

when条件判断

---
- name: when judge
  hosts: new
  gather_facts: false
  vars:
    - myname: "alex"
  tasks:
    - name: task skip
      debug:
        msg: "my name is {{myname}}"
      when: myname == "hello"   #这个判断条件是false的
    - name: task will execute
      debug:
        msg: "my name is {{myname}}"
      when: myname == "alex"

loop循环: 解决重复问题

---
- name: make dirs for localhost
  hosts: localhost
  gather_facts: false
  tasks:
    - name: create test1
      file:
        path: /tmp/test1
        state: directory
    - name: create test2
      file:
        path: /tmp/test2
        state: directory
---
- name: mkdir loop
  hosts: localhost
  gather_facts: false
  tasks:
    - name: create test1,2 directory
      file:
        path: "{{item}}"
        state: directory
      loop:
        - /tmp/test01
        - /tmp/test02

互相添加hosts(DNS)主机名解析

互相添加指定hosts组的host之间的hosts解析

---
- name: add hosts DNS
  hosts: new
  gather_facts: false
  tasks:
    - name: add DNS
      lineinfile:
        path: /etc/hosts
        line: "{{item}} {{hostvars[item].ansible_hostname}}"
      when: item != inventory_hostname
      loop: "{{ play_hosts }}"
# 创建测试文件a.txt 
paragraph 1
first line in paragraph 1
second line in paragraph 1
paragraph 2
first line in paragraph 2
second line in paragraph 2

## lineinfile追加实例
---
- name: add line to a.txt
  hosts: localhost
  gather_facts: false
  tasks:
    - lineinfile:
        path: "a.txt"
        line: "append new line"
        state: absent     # 删除上面的line定义的行(append new line)

### 插入操作,定义在摸个行前或者行后新增(insertbefore,insertafter)
---
- name: lininfile demo for before and after insert
  hosts: localhost
  gather_facts: false
  tasks:
    - name: line infile
      lineinfile:
        path: "a.txt"
        line: "LINE1"
        insertbefore: '^para.* 2'
        firstmatch: yes
      lineinfile:
        path: "a.txt"
        line: "LINE2"
        insertafter: '^para.* 2'
        firstmatch: yes
- name: add DNS
      lineinfile:
        path: /etc/hosts
        line: "{{item}} {{hostvars[item].ansible_hostname}}"
      when: item != inventory_hostname
      loop: "{{ play_hosts }}"

配置yum源并下载安装软件

更换yum源,安装软件

---
- name: "init yum"
  hosts: new
  gather_facts: false
  tasks:
    - name: "backup old yum_repo"
      shell:
        cmd: "mkdir bak; mv *.repo bak"
        chdir: /etc/yum.repos.d
        creates: /etc/yum.repos.d/bak
    - name: "add new os repo and release repo"
      yum_repository:
        name: "{{item.name}}"
        description: "{{item.name}} repo"
        baseurl: "{{item.baseurl}}"
        file: "{{item.name}}"
        enabled: 1
        gpgcheck: 0
        reposdir: /etc/yum.repos.d
      loop:
        - name: os
          baseurl: "https://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch"
        - name: epel
          baseurl: "https://mirrors.tuna.tsinghua.edu.cn/epel/$releasever/$basearch"
    - name: install pkgs
      yum:
        name: vim,net-tools,git-core,lrzsz,wget,curl,sysstat,iotop,gcc,gcc-c++,cmake,pcre,pcre-devel,zlib,zlib-devel,openssl,openssl-devel,vim,wget,telnet,setuptool,lrzsz,dos2unix,
net-tools,bind-utils,tree,screen,iftop,ntpdate,tree,lsof,iftop,iotop,sysstat,procps
        state: present

时间同步

使用ntpdate 同步时间

 ---
- name: sync time
  hosts: new
  gather_facts: false
  tasks:
    - name: install and sync time
      block:
        - name: install ntpdate
          yum:
            name: ntpdate
            state: present
        - name: ntpupdate to sync time
          shell: |
            ntpdate ntp1.aliyun.com
            hwclock -w

关闭selinux

命令行关闭和修改配置文件两种手段

---
---
- name: disable selinux
  hosts: new
  gather_facts: false
  tasks:
    - block:
        - name: disable selinux by command
          shell: setenforce 0

        - name: disable selinux by config
          lineinfile:
            path: /etc/selinux/config
            line: "SELINUX=disabled"
            regexp: '^SELINUX='
      ignore_errors: true

配置防火墙

---
- name: set firewalld
  hosts: new
  gather_facts: false
  tasks:
    - name: set iptables rule
      shell: |
        iptables-save > /tmp/iptables.bak$(date +"%F-%T")
        iptables -X
        iptables -F
        iptables -Z
        systemctl disable firewalld
        systemctl stop firewalld

配置sshd服务

---
- name: "set sshd service"
  hosts: new
  gather_facts: false
  tasks:
    - name: backup old sshd config
      shell: |
        /usr/bin/cp -f {{path}} {{path}}.bak
      vars:
        - path: /etc/ssh/sshd_config
    - name: disable root login
      lineinfile:
        path: "/etc/ssh/sshd_config"
        line: "PermitRootLogin no"
        regexpr: '^PermitRootLogin'
      notify: "restart sshd"
    - name: disable passwd auth
      lineinfile:
        path: "/etc/ssh/sshd_config"
        line: "PasswordAuthentication no"
        regexp: '^PasswordAuthentication yes'
      notify: "restart sshd"
  handlers:
    - name: "restart sshd"
      service:
        name: sshd
        state: restarted

推荐阅读:
  1. ansible怎么批量初始化服务器
  2. 如何用ansible-playbook批量修改密码

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

ansible-playbook 初始化服务器 ansi

上一篇:C#实现读写文本文件的方法

下一篇:『高级篇』docker之开发课程EdgeService(16)

相关阅读

您好,登录后才能下订单哦!

密码登录
登录注册
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》