Tree
my_init/
├── hosts
├── roles
│ ├── 1_copy_repo
│ │ ├── files
│ │ │ ├── CentOS-Base.repo
│ │ │ └── epel-7.repo
│ │ └── tasks
│ │ ├── main.retry
│ │ └── main.yml
│ ├── 2_copy_ssh_key
│ │ └── tasks
│ │ ├── main.retry
│ │ └── main.yml
│ ├── 3_close_selinux
│ │ └── tasks
│ │ ├── main.yml
│ │ └── selinux.yml
│ ├── 4_crontab
│ │ └── tasks
│ │ └── main.yml
│ ├── 5_firewalld
│ │ └── tasks
│ │ └── main.yml
│ ├── 6_kernal_optimization
│ │ ├── files
│ │ └── task
│ ├── 7_install_some_must
│ │ └── tasks
│ │ ├── jdk.yml
│ │ ├── main.yml
│ │ ├── mysql.yml
│ │ ├── nginx.yml
│ │ └── php.yml
│ ├── 8_yum_some_common
│ │ └── tasks
│ │ └── main.yml
│ └── 9_sshconfig
│ ├── files
│ │ └── ssh.sh
│ └── tasks
│ └── main.yml
├── site.retry
└── site.yml
site.yml
---
- hosts: all
roles:
- 1_copy_repo
- 2_copy_ssh_key
- 3_close_selinux
- 4_crontab
- 5_firewalld
#- 6_kernal_optimization
- 7_install_some_must
- 8_yum_some_common
- 9_sshconfig
- 一共9個(gè)角色
- 1_copy_repo:拷貝阿里云的repo源到目標(biāo)主機(jī)
- 2_copy_ssh_key:拷貝SSHkey到目標(biāo)主機(jī)
- 3_close_selinux:關(guān)閉selinux
- 4_crontab:設(shè)置時(shí)間
- 5_firewalld:配置一些允許訪問的端口和主機(jī)
- 6_kernal_optimization:內(nèi)核優(yōu)化贝攒,纬朝,還沒寫好
- 7_install_some_must:安裝一些需求的軟件
- 8_yum_some_common:安裝一些普通軟件vim等
- 9_sshconfig:優(yōu)化ssh連接速度
1_copy_repo
參照我寫的ansible 一鍵部署HAproxy+lnmp中base角色
2_copy_ssh_key
---
- name: set authorized key took from file
authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
- 調(diào)用authorized_key模塊完成拷貝ssh公鑰的操作
3_close_selinux
main.yml
---
- name: get selinux
shell: getenforce
register: sestatus
- include: selinux.yml
when: sestatus.stdout != "Disabled"
- getenforce獲取遠(yuǎn)程主機(jī)selinux是否開啟
- 開啟則包含執(zhí)行selinux.yml
- 不進(jìn)行判斷的話法严,如果selinux已經(jīng)關(guān)閉了娱俺,就會(huì)報(bào)錯(cuò)
selinux.yml
---
- shell: setenforce 0
- shell: sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
- shell: sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
- shell: sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
- shell: sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
- 關(guān)閉/etc/sysconfig/selinux
- 關(guān)閉/etc/selinux/config
另一種關(guān)閉selinux的寫法
# Enable SELinux
- selinux:
policy: targeted
state: enforcing
# Put SELinux in permissive mode, logging actions that would be blocked.
- selinux:
policy: targeted
state: permissive
# Disable SELinux
- selinux:
state: disabled
- 直接調(diào)用selinux模塊進(jìn)行selinux配置
還有種就是使用script模塊調(diào)用腳本邪财,不寫了不寫了- -
4_crontab
---
- cron:
minute: '*/40'
state: present
job: "/usr/sbin/ntpdate time7.aliyun.com >/dev/null 2>&1"
- 調(diào)用設(shè)置40分鐘一次
- 然后設(shè)置任務(wù)
-使用crontab -e可以查看到
5_firewalld
---
- shell: systemctl enable firewalld
- firewalld:
port: "{{ item }}"
permanent: true
state: enabled
loop:
- 80/tcp
- 8089/tcp
- firewalld:
source: 192.168.65.0/24
zone: internal
state: enabled
permanent: true
- shell: systemctl restart firewalld
- 在公網(wǎng)開放80 8089端口
- 在內(nèi)網(wǎng)網(wǎng)段開放192.168.65.0/24網(wǎng)段
6_kernal_optimization
- &%*(&(&&%沒寫好
7_install_some_must
tree
└── tasks
├── jdk.yml
├── main.yml
├── mysql.yml
├── nginx.yml
└── php.yml
nginx.yml
---
- name: Install nginx
yum: name=nginx state=present
- name: restart nginx
service: name=nginx state=restarted
- 有這么多的要安裝,其實(shí)都類似嵌莉,會(huì)一個(gè)其他的都會(huì)
---
- include: nginx.yml
when: install_nginx
- include: php.yml
when: install_php
- include: mysql.yml
when: install_mysql
- 判斷install_nginx這個(gè)值是否為真掩幢,再去安裝nginx缤骨,其他同理
- install_nginx的值在hosts里邊定義
- 若是還想安裝別的軟件可以繼續(xù)include包含yml文件
放hosts
#安裝lnmp
[setup_lnmp]
192.168.65.144
[common]
#安裝mysql
[setup_mysql]
[setup_mysql_slave]
#安裝java
[setup_java]
#安裝java+mysql
[setup_java_mysql]
#安裝java+lnmp
[setup_java_lnmp]
#安裝nginx
[setup_nginx]
#######################根據(jù)實(shí)際情況調(diào)整##########################
#默認(rèn)參數(shù)
[all:vars]
install_php=false
install_nginx=false
install_mysql=false
is_slave=false
install_jdk=false
[setup_lnmp:vars]
install_php=true
install_nginx=true
install_mysql=true
[setup_mysql:vars]
install_mysql=true
is_slave=false
[setup_mysql_slave:vars]
install_mysql=true
is_slave=true
[setup_java:vars]
install_jdk=true
[setup_java_mysql:vars]
install_jdk=true
install_mysql=true
[setup_java_lnmp:vars]
install_jdk=true
install_php=true
install_nginx=true
install_mysql=true
[setup_nginx:vars]
install_nginx=true
[common:vars]
- 例如:要安裝lnmp瘫辩,就把ip寫到setup_lnmp組里邊
- 再在下方組里定義變量install_php的值伏嗜,這是這個(gè)組特有的變量,這樣來配置主機(jī)伐厌,妙啊妙啊~
- 而其他角色照常工作承绸,這個(gè)只是用來控制7_install_some_must角色
8_yum_some_common
- name: install some sotfware
yum:
name: "{{item}}"
state: latest
loop:
- vim
#- upzip
- ntpdate
- 安裝vim
- 安裝ntpdate
9_sshconfig
ssh.sh
#!/usr/bin/sh
sed -i 's/\#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/.*GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
- 修改UseDNS為no
- 修改GSSAPIAuthentication為no
main.yml
---
- script: ssh.sh
- service: name=sshd state=restarted
- scrpit模塊調(diào)用腳本
- 重啟服務(wù)
結(jié)果
部分截圖
部分截圖
總結(jié)
- 除了用yum安裝,還可以用rpm包去安裝挣轨,還不用聯(lián)網(wǎng)军熏,不過我暫時(shí)不想弄(好吧,太麻煩卷扮,我不會(huì)= =)
- 通過一臺(tái)安裝ansible的主機(jī)可以批量初始化主機(jī)荡澎,節(jié)省時(shí)間
- 腳本只要編寫一遍就可以一直用著
- 運(yùn)維人員只需要優(yōu)化腳本就可以了
歡迎關(guān)注均践、點(diǎn)贊、收藏摩幔、留言交流彤委。
