1.创建用户和组
groupadd -g 666 www
useradd -u 666 -g 666 -s /sbin/nologin -M www
groupadd -g 53 tomcat
useradd -u 53 -g 53 -s /sbin/nologin -M tomcat
- name: Create group
group:
name: "{{ item.name }}"
gid: "{{ item.gid }}"
loop:
- { name: www , gid: '666' }
- { name: tomcat , gid: '53' }
- name: Create user
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
group: "{{ item.group }}"
createhome: no
shell: /sbin/nologin
loop:
- { name: www , uid: 666 , group: 666 }
- { name: tomcat , uid: 53 , group: 53 }
2.关闭防火墙和selinux
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/^SELINUX=Enforcing/SELINUX=disabled/g' /etc/selinux/config
- name: Stop firewalld
systemd:
name: firewalld
state: stopped
enabled: no
- name: Stop selinux
selinux:
state: disabled
3.配置所需yum源
# 配置epel源
yum -y install epel-release
# nginx源
echo '
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
' > /etc/yum.repos.d/nginx.repo
# 配置php源
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
# 配置epel源
- name: Configure epel
yum:
name: epel-release
state: installed
# 配置nginx源
- name: Configure nginx.repo
yum_repository:
name: nginx_stable
description: nginx yum repo
baseurl: http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck: no
priority: '1'
# 此处判断只有web主机名和nginx_proxy主机名的才执行此操作
when: ( ansible_hostname is match ( 'web*' ) ) or
( ansible_hostname is match ( 'nginx_proxy*' ) )
# 配置php源
- name: Configure php.repo
yum_repository:
name: php_72
description: php yum repo
baseurl: https://uk.repo.webtatic.com/yum/el7/x86_64/
gpgcheck: no
priority: '1'
# 此处判断只有web主机名时才执行此操作
when: ( ansible_hostname is match ('web*') )
4.安装基础软件
yum install nfs-utils rsync wget unzip glances lrzsz vim net-tools \
bash-completion tree MySQL-python chrony -y
- name: Install base software
yum:
name: "{{ base_packages }}"
state: installed
vars:
base_packages:
- nfs-utils
- rsync
- wget
- unzip
- glances
- lrzsz
- vim
- net-tools
- chrony
- bash-completion
- tree
- MySQL-python
5.系统环境优化
# 取消ssh的DNS反向解析
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
# 设置系统文件数量限制
echo '
#<type> <item> <value>
soft nofile 65535
hard nofile 65535
soft soft 102400
hard nproc 102400
' >> /etc/security/limits.conf
# 取消ssh的DNS反向解析
- name: Modify ssh configure
replace:
path: /etc/ssh/sshd_config
regexp: '^#UseDNS yes'
replace: 'UseDNS no'
# 设置系统文件数量限制
- name: Set sysctl file limits
pam_limits:
domain: '*'
limit_type: "{{ item.limit_type }}"
limit_item: "{{ item.limit_item }}"
value: "{{ item.value }}"
loop:
- { limit_type: 'soft', limit_item: 'nofile', value: '65535' }
- { limit_type: 'hard', limit_item: 'nofile', value: '65535' }
- { limit_type: 'soft', limit_item: 'nproc', value: '102400' }
- { limit_type: 'hard', limit_item: 'nproc', value: '102400' }
