6.附加-ansible-playbook-roles初始化centos系统案例

附加-ansible-playbook-roles初始化centos系统案例

[root@localhost ~]# tree ansible-playbook-centos7.x-init-roles
ansible-playbook-centos7.x-init-roles
├── host
│   └── hosts
├── playbook-all-roles.yml
└── roles
   └── init
       ├── default
       ├── files
       │   ├── cent7.9-zdy.repo
       │   ├── change_root_pass.sh
       │   ├── config_ntp_tongbu.sh
       │   └── set_wenjian_jubing.sh
       ├── handlers
       ├── meta
       ├── tasks
       │   ├── 10_change_root_pass.yml
       │   ├── 1_create_.ssh_dir.yml
       │   ├── 2_cp_public_key.yml
       │   ├── 3_stop_firewalld.yml
       │   ├── 4_close_selinux.yml
       │   ├── 5_set_wenjian_jubing.yml
       │   ├── 6_config_zdy_yum.yml
       │   ├── 7_install_yilai_tools.yml
       │   ├── 8_config_ntp_tongbu.yml
       │   ├── 9_change_ssh_port.yml
       │   └── main.yml
       ├── templates
       └── vars
           └── main.yml
[root@localhost ~]# cd ansible-playbook-centos7.x-init-roles
[root@localhost ansible-playbook-centos7.x-init-roles]# ls
host  playbook-all-roles.yml  roles
[root@localhost ansible-playbook-centos7.x-init-roles]# cat host/hosts
[test]
192.168.171.129  ansible_ssh_user="root" ansible_ssh_pass="123456" ansible_ssh_port=22
192.168.171.130  ansible_ssh_user="root" ansible_ssh_pass="123456" ansible_ssh_port=22
[root@localhost ansible-playbook-centos7.x-init-roles]# cat playbook-all-roles.yml
#test: 为/etc/ansible/hosts中的主机列表  #task: 执行的任务
#name: 描述信息                      #yum: yum模块,安装服务的
#copy: copy模块,远程传递文件的       #file: file模块,远程创建目录的
#service: service模块,远程管理服务的
#remote_user: root 是指定远程主机上使用的用户
#gather_facts: no 是默认执行playbook时候,默认会收集目标主机的信息,禁用掉能提高效率
---
#httpd role
- hosts: test
 remote_user: root
 gather_facts: no
 #下面是调用相应的role,调用哪些role就部署哪些
 roles:
   - role: init
   #- role: nginx
   #- role: httpd
[root@localhost ansible-playbook-centos7.x-init-roles]# ls
host  playbook-all-roles.yml  roles
[root@localhost ansible-playbook-centos7.x-init-roles]# cd roles/
[root@localhost roles]# ls
init
[root@localhost roles]# cd init/
[root@localhost init]# ls
default  files  handlers  meta  tasks  templates  vars
[root@localhost init]# ls default/
为空，没用到
[root@localhost init]# ls meta/
为空，没用到
[root@localhost init]# ls templates/
为空，没用到
[root@localhost init]# ls handlers/
为空，没用到
[root@localhost init]# ls files/               #准备要传输的相关文件
cent7.9-zdy.repo  change_root_pass.sh  config_ntp_tongbu.sh  set_wenjian_jubing.sh
[root@localhost init]# cat files/change_root_pass.sh
#!/bin/bash
echo 'QAZwsx!@#456' |passwd --stdin root
[root@localhost init]# cat files/config_ntp_tongbu.sh
#!/bin/bash
sed -i 's/server 0.centos.pool.ntp.org iburst/#server 0.centos.pool.ntp.org iburst/g' /etc/ntp.conf
sed -i 's/server 1.centos.pool.ntp.org iburst/#server 1.centos.pool.ntp.org iburst/g' /etc/ntp.conf
sed -i 's/server 2.centos.pool.ntp.org iburst/server 172.32.10.3 iburst/g' /etc/ntp.conf
sed -i 's/server 3.centos.pool.ntp.org iburst/server 172.32.10.5 iburst/g' /etc/ntp.conf
systemctl restart ntpd
systemctl enable ntpd
[root@localhost init]# cat files/set_wenjian_jubing.sh
#!/bin/bash
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 65536" >> /etc/security/limits.conf
echo "* soft nproc 4096" >> /etc/security/limits.conf
echo "* hard nproc 4096" >> /etc/security/limits.conf
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -p
[root@localhost init]# cat files/cent7.9-zdy.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[root@localhost init]# ls vars/
main.yml
[root@localhost init]# cat vars/main.yml
src_public_key: "/root/.ssh/id_rsa.pub"
des_public_key: "/root/.ssh/authorized_keys"
user_home: "/root"
ssh_dir: ".ssh"
src_wenjian_jubing: "set_wenjian_jubing.sh"
des_wenjian_jubing: "/tmp/set_wenjian_jubing.sh"
yum_path: "/etc/yum.repos.d"
src_yum_repo: "cent7.9-zdy.repo"
des_yum_repo: "/etc/yum.repos.d/cent7.9-zdy.repo"
src_config_ntp: "config_ntp_tongbu.sh"
des_config_ntp: "/tmp/config_ntp_tongbu.sh"
src_pass: "change_pass.sh"
des_pass: "/tmp/change_pass.sh"
src_change_root_pass: "change_root_pass.sh"
des_change_root_pass: "/tmp/change_root_pass.sh"
[root@localhost init]# cd tasks/
[root@localhost tasks]# ls
10_change_root_pass.yml  2_cp_public_key.yml   4_close_selinux.yml       6_config_zdy_yum.yml       8_config_ntp_tongbu.yml  main.yml
1_create_.ssh_dir.yml    3_stop_firewalld.yml  5_set_wenjian_jubing.yml  7_install_yilai_tools.yml  9_change_ssh_port.yml
[root@localhost tasks]# cat main.yml
- include: 1_create_.ssh_dir.yml
- include: 2_cp_public_key.yml
- include: 3_stop_firewalld.yml
- include: 4_close_selinux.yml
- include: 5_set_wenjian_jubing.yml
- include: 6_config_zdy_yum.yml
- include: 7_install_yilai_tools.yml
- include: 8_config_ntp_tongbu.yml
- include: 9_change_ssh_port.yml
- include: 10_change_root_pass.yml
[root@localhost tasks]# cat 1_create_.ssh_dir.yml
#远程创建.ssh目录,供免密登录存放公钥使用,下面是判断.ssh目录是否存在,不存在再创建,存在则跳过不创建
- name: create .ssh dir
 shell: cd {{ user_home }} &&
        [ ! -d {{ ssh_dir }} ]  &&  mkdir {{ ssh_dir }} || break
[root@localhost tasks]# cat 2_cp_public_key.yml
#拷贝公钥到被管理服务器
- name: copy public key to lists
 copy: src={{ src_public_key }}  dest={{ des_public_key }} mode=600
[root@localhost tasks]# cat 3_stop_firewalld.yml
#关闭防火墙
- name: stop firewalld
 service: name=firewalld state=stopped enabled=no
[root@localhost tasks]# cat 4_close_selinux.yml
#关闭selinux
- name: linshi close selinux
 shell: setenforce 0
- name: yongjiu close selinux
 replace:
   path: /etc/selinux/config
   regexp: '^SELINUX=enforcing'
   replace: 'SELINUX=disabled'
[root@localhost tasks]# cat 5_set_wenjian_jubing.yml
#传输设置文件句柄脚本并执行脚本
- name: set wenjian jubing
 copy: src={{ src_wenjian_jubing }} dest={{ des_wenjian_jubing }}
- name: exec jiaoben
 shell: sh {{ des_wenjian_jubing }}
[root@localhost tasks]# cat 6_config_zdy_yum.yml
#备份yum源的repo文件
- name: backup yuan yum repo
 shell: cd {{ yum_path }} &&
        [ ! -d bak ] && mkdir bak || break &&
        cp *.repo bak &&
        rm -f *.repo
#传输自定义yum源的repo文件
- name: config zidingyi yum repo
 copy: src={{ src_yum_repo }} dest={{ des_yum_repo }}
[root@localhost tasks]# cat 7_install_yilai_tools.yml
#安装相应的依赖工具
- name: yum install yilai tools
 yum: name=ntp,wget,lrzsz,vim,net-tools,gcc,gcc-c++,telnet,traceroute
[root@localhost tasks]# cat 8_config_ntp_tongbu.yml
#传输并使用设置时间同步脚本并启动ntp同步服务,同步内网ntp时间服务器时间
- name: config ntp tongbu
 copy: src={{ src_config_ntp }} dest={{ des_config_ntp }}
- name: exec ntp shell
 shell: sh {{ des_config_ntp }}
[root@localhost tasks]# cat 9_change_ssh_port.yml
#修改ssh端口并重启ssh服务
- name: change ssh port
 replace:
   path: /etc/ssh/sshd_config
   regexp: '^#Port 22'
   replace: 'Port 5522'
- name: restart sshd
 service: name=sshd state=restarted
[root@localhost tasks]# cat 10_change_root_pass.yml
#传输修改root密码脚本并执行
- name: transfer change root pass jiaoben
 copy: src={{ src_change_root_pass }}  dest={{ des_change_root_pass }}
- name: exec change root pass jiaoben
 shell: sh {{ des_change_root_pass }}
[root@localhost tasks]# cd ..
[root@localhost init]# ls
default  files  handlers  meta  tasks  templates  vars
[root@localhost init]# cd ..
[root@localhost roles]# cd ..
[root@localhost ansible-playbook-centos7.x-init-roles]# ls
host  playbook-all-roles.yml  roles
[root@localhost ansible-playbook-centos7.x-init-roles]# ansible-playbook -i host/hosts playbook-all-roles.yml   #执行即可