ansible基于role 机器初始化脚本案例
2018-08-30 13:55
351 查看
脚本目录结构:
--[root@scsv01181 initialization_basic_ansible]# cat site.yml
hosts: testroles:
install_zabbix_agent
install_java1.8
check_iptables
replace_yumrepo
install_check_sshd
install_maintainer_tools
selinux_stop
set_ulimit_maxfiles
set_timezone
set_kernel_args
install_ntp_or_chrony
每一个项目的目录结构
--[root@scsv01181 roles]# cat check_iptables/tasks/main.yml
name: check iptables statusshell: ps aux |grep iptables|grep -v grep|wc -l
register: iptables
name: if have iptables process to stop it
shell: systemctl stop iptables
when: iptables.stdout != "0"
name: check firewalld status
shell: ps aux |grep firewall|grep -v grep|wc -l
register: firewall
name: if have firewall process to stop it
shell: systemctl stop firewalld
when: firewall.stdout != "0"
name: disable iptables
shell: systemctl disable iptables
when: firewall.stdout != "0"
name: disable firewalld
shell: systemctl disable firewalld
when: firewall.stdout != "0"
name: print iptanles and firewalld info
debug:
msg: "iptables and firewalld is not running"
when: iptables.stdout == "0" and firewall.stdout == "0"
--[root@scsv01181 roles]# cat install_check_sshd/tasks/main.yml
name: check sshd is or not installshell: rpm -qa|grep openssh-server|wc -l warn=False
register: sshd_count
name: print sshd install info
debug:
msg: "sshd is not install"
when: sshd_count.stdout == "0"
name: check sshd is or not running
shell: ps aux |grep /usr/sbin/sshd |grep -v grep|wc -l
register: ssh_process_count
when: sshd_count.stdout == "1"
name: print sshd is not running
debug:
msg: "sshd service is not running"
when: ssh_process_count.stdout == "0"
name: start sshd service
service: name=sshd state=started
when: ssh_process_count.stdout == "0"
name: make sshd servuice enabled of system started
service: name=sshd enabled=yes
when: ssh_process_count == "0"
--[root@scsv01181 roles]# cat install_java1.8/tasks/main.yml
name: check the java versionshell: java -version
ignore_errors: yes
register: javaversion
debug:
msg: "{{ javaversion.stderr_lines[0] }}"
name: print java version
debug:
msg: "java is installed and the version is 1.8"
when: javaversion.stderr_lines[0].count('1.8') == 1
name: find java 1.8 package name
shell: yum list|grep openjdk.x86_64|grep 1.8|cut -d " " -f1|uniq warn=False
register: java_version
debug:
msg: "{{ java_version.stdout }}"
name: install java 1.8 package
shell: yum install -y {{ java_version.stdout }}
when: javaversion.stderr_lines[0].count('1.8') != 1
--[root@scsv01181 roles]# cat install_maintainer_tools/tasks/main.yml
name: install telnet for systemyum: state=present name=telnet
name: install iftop for system
yum: state=present name=iftop
name: install sysstat for system
yum: state=present name=sysstat
name: install iotop for system
yum: state=present name=iotop
name: install vim for system
yum: state=present name=vim
name: install dstat for system
yum: state=present name=dstat
name: install openssl for system
yum: state=present name=openssl,openssl-devel
--[root@scsv01181 roles]# cat install_ntp_or_chrony/tasks/main.yml
name: check ntp is not installshell: ps aux |grep ntp|grep -v grep|wc -l
register: count_ntp
name: check chrony is or not install
shell: ps aux |grep chrony|grep -v grep|wc -l
register: count_chrony
name: stop chrony
service: name=chronyd state=stoped
when: count_chrony.stdout == "1"
name: disable chronyd
service: name=chronyd enabled=no
when: count_chrony.stdout == "1"
name: install ntp client
yum: state=present name=ntp
when: count_ntp.stdout != "1"
name: copy local ntp config file to remote host
copy: src=ntp.conf dest=/etc/ntp.conf mode=644 owner=root group=root backup=yes force=yes
when: count_ntp.stdout != "1"
name: start ntp client
service: name=ntpd state=started
name: make the ntp clinet service enable
service: name=ntpd enabled=yes
--[root@scsv01181 roles]# cat install_zabbix_agent/tasks/main.yml
name: install zabbix-agent for zabbix-serveryum: state=present name=zabbix-agent
name: make the zabbix-agent enable
shell: systemctl enable zabbix-agent
name: copy base zabbix-agent configuration file
copy: src=zabbix_agentd.conf dest=/etc/zabbix/zabbix_agentd.conf mode=644 owner=root group=root backup=yes force=yes
name: get hostname daxie
shell: echo {{ ansible_hostname }}|tr 'a-z' 'A-Z'
register: hostname
debug:
msg: "{{ hostname.stdout }}"
name: configuration zabbix-agent file hostname
lineinfile:
dest: /etc/zabbix/zabbix_agentd.conf
regexp: '^Hostname='
line: 'Hostname={{ hostname.stdout}}'
name: configuration zabbix-agent file hostname
lineinfile:
dest: /etc/zabbix/zabbix_agentd.conf
regexp: '^HostMetadata='
line: 'HostMetadata={{ META_DATA}}'
name: start zabbix-agent
service: name=zabbix-agent state=started
debug:
msg: "now zabbix-agent is running and configuration complete"
name: configuration zabbix-agent server address
lineinfile:
dest: /etc/zabbix/zabbix_agentd.conf
regexp: '^Server='
line: 'Server={{ SERVERIP }}'
name: configuration zabbix-agent server active address
lineinfile:
dest: /etc/zabbix/zabbix_agentd.conf
regexp: 'ServerActive='
line: 'ServerActive={{ SERVERIP }}'
--[root@scsv01181 roles]# cat replace_yumrepo/tasks/main.yml
name: copy current local yum repo to remote hostcopy: src=SAIC-CentOS.repo dest=/etc/yum.repos.d/ mode=644 owner=root group=root backup=yes force=yes
name: clean yum repo
shell: yum clean all warn=False
- name: yum makecahce
shell: yum makecache warn=False
--[root@scsv01181 roles]# cat selinux_stop/tasks/main.yml
name: configuration SELINUX for systemlineinfile:
dest: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled'
name: get the status of selinux
shell: getenforce
register: selinux_num
name: temporary change for system
shell: setenforce 0
when: selinux_num.stdout == "1"
--[root@scsv01181 roles]# cat set_kernel_args/tasks/main.yml
name: 开启SYN Cookieslineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.tcp_syncookies = 1'
name: TIME-WAIT sockets重新用于新的TCP连接
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.tcp_tw_reuse = 1'
name: 开启TCP连接中TIME-WAIT sockets的快速回收
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.tcp_tw_recycle = 1'
name: 当keepalive起用的时候,TCP发送keepalive消息的频度
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.tcp_keepalive_time = 600'
name: SYN队列长度
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.tcp_max_syn_backlog = 16384'
name: 表示系统同时保持TIME_WAIT套接字的最大数量
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.tcp_max_tw_buckets = 36000'
name: 设定 Linux 核心在回应 SYN 要求时会尝试多少次重新发送初始 SYN,ACK 封包后才决定放弃
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.tcp_synack_retries = 3'
name: 套接字由本端要求关闭的保持时间
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.tcp_fin_timeout = 10'
name: 禁止IP转发
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.ip_forward = 0'
name: 禁止发送ICMP重定向
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.conf.all.send_redirects = 0'
name: 禁止发送ICMP重定向,默认定向目录关闭
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.conf.default.send_redirects = 0'
name: 记录可疑的包源地址
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.conf.all.log_martians = 1'
name: 记录可疑的包源地址,默认地址
lineinfile:
dest: /etc/sysctl.conf
regexp: '^$'
line: 'net.ipv4.conf.default.log_martians = 1'
name: make the change effective
shell: sysctl -p
--[root@scsv01181 roles]# cat set_timezone/tasks/main.yml
name: set the time localshell: timedatectl set-timezone Asia/Shanghai warn=False
--[root@scsv01181 roles]# cat set_ulimit_maxfiles/tasks/main.yml
name: configuration ulimit soft max files for systemlineinfile:
dest: /etc/security/limits.conf
regexp: '^$'
line: '* soft nofile 65536'
name: configuration ulimit hard max files for system
lineinfile:
dest: /etc/security/limits.conf
regexp: '^$'
line: '* hard nofile 65536'
name: temporary configuration ulimit max files
shell: ulimit -n 65536
引用的文件都会直接放在当前项目的files目录里面作为文件根目录
相关文章推荐
- Ansible之角色扮演:roles。案例介绍:使用roles安装LAMP环境
- 通过脚本案例学习shell(四) --- 通过脚本初始化并加固新安装的Linux系统 推荐
- 初始化脚本【Linux运维之道之脚本案例】
- 生产环境的系统初始化脚本【Linux运维之道之脚本案例】
- 根据当前机器配置实现内核参数初始化脚本
- TCL/EXPECT自动化测试脚本实例一 --- telnet到目标机器
- tiny210(s5pv210)移植u-boot(基于 2014.4 版本)——移植u-boot-spl.bin(内存初始化)
- MFC,基于单文档的构架,初始化时隐藏主窗口发生闪烁如何解决
- 企业Shell面试题15:开发Rsync服务启动脚本案例
- R基于案例学习时间序列
- 看AI产品经理如何介绍“计算机视觉”(基于实战经验和案例)
- shell脚本ssh到其它机器上执行命令
- ASP.NET MVC案例教程(基于ASP.NET MVC beta)——第二篇:第一个页面
- linux shell脚本案例三
- ASP.NET MVC案例教程(基于ASP.NET MVC beta)——第二篇:第一个页面
- 转载︱案例 基于贪心算法的特征选择
- 第一章 Hadoop启动Shell启动脚本分析--基于hadoop-0.20.2-cdh3u1
- 用Perl、Shell脚本基于Tomcat6开发cgi程序环境配置
- 利用ansible脚本部署项目环境说明
- 第85讲:基于HDFS的SparkStreaming案例实战和内幕源码解密