[Ansible实战]-批量配置初始化主机环境.

第一章 功能实现

#01.配置base源
#02.配置epel源
#03.安装常用软件
#04.关闭selinux
#05.关闭firewalld
#06.设置时区为上海
#07.时间同步任务
#08.优化ssh连接速度
#09.优化命令行显示

第二章 目录规划

[root@m01:/etc/ansible]# tree
.
├── hosts
├── roles
│   ├── init
│   │   ├── files
│   │   │   ├── close_selinux.sh
│   │   │   ├── PS1.sh
│   │   │   └── ssh.sh
│   │   ├── handlers
│   │   ├── tasks
│   │   │   └── main.yml
│   │   ├── templates
│   │   └── vars

第三章 主机清单

[root@m01:/etc/ansible]# cat ./hosts 
[rsync:children]
rsync_server
rsync_client

[rsync_server]
192.168.81.165

[rsync_client]
192.168.81.162
192.168.81.163

第四章 编写task目录下main.yml

vim /etc/ansible/roles/init/tasks/main.yml
#01.配置base源
- name: 01_configure_base_repos
  get_url: url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo
#02.配置epel源
- name: 02_configure_epel_repos
  get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo
#03.安装常用软件
- name: 03_install_server
  yum: name={{ item }} state=installed
  loop:
    - wget
    - lrzsz
    - lsof
    - nmap
    - telnet
    - tree
    - vim
    - ntsysv
    - unzip
    - sysstat
    - ntpdate
    - iotop
    - iftop
    - net-tools
  ignore_errors: yes
  tags: t3
#04.关闭selinux
- name: 04_close selinx
  script: close_selinux.sh
#05.关闭firewalld
- name: 05_close firewalld
  systemd: name=firewalld state=stopped enabled=no
#06.设置时区为上海
- name: 06_set_timezone
  shell: timedatectl set-timezone Asia/Shanghai
#07.时间同步任务
- name: 07_time_update
  cron: name="ntpdate" minute="*/5" job="/usr/sbin/ntpdate time1.aliyun.com >/dev/null 2>&1"
  ignore_errors: yes
#08.优化ssh连接速度
- name: 08_ssh_speed
  script: ssh.sh
  ignore_errors: yes
#09.优化命令行显示
- name: 09_export_PS1
  script: PS1.sh

第五章 编写files目录下文件

[root@m01:/etc/ansible/roles/init/files]# vim ssh.sh
#!/bin/bash

sed -i 's/\#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
sed -i 's/.*GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config
systemctl restart sshd

[root@m01:/etc/ansible/roles/init/files]# vim PS1.sh
#!/bin/bash

echo export "PS1='\[[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[1;36m\]\w\[\033[00m\]]\\$ '" >> /etc/bashrc
source /etc/bashrc

[root@m01:/etc/ansible/roles/init/files]# cat close_selinux.sh 
#!/bin/bash

setenforce 0
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/sysconfig/selinux
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config

第六章 编写入口文件site_init.yml

vim /etc/ansible/roles/site_init.yml
- hosts: all
  roles:
    - init

第七章 测试结果

[root@m01:/etc/ansible/roles]# ansible-playbook site_init.yml 

PLAY [all] ****************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************
ok: [192.168.81.165]
ok: [192.168.81.163]
ok: [192.168.81.162]

TASK [init : 01_configure_base_repos] *************************************************************************************
changed: [192.168.81.163]
changed: [192.168.81.162]
changed: [192.168.81.165]

TASK [init : 02_configure_epel_repos] *************************************************************************************
ok: [192.168.81.165]
ok: [192.168.81.163]
changed: [192.168.81.162]

TASK [init : 03_install_server] *******************************************************************************************
ok: [192.168.81.163] => (item=wget)
ok: [192.168.81.165] => (item=wget)
ok: [192.168.81.163] => (item=lrzsz)
ok: [192.168.81.165] => (item=lrzsz)
ok: [192.168.81.163] => (item=lsof)
ok: [192.168.81.165] => (item=lsof)
ok: [192.168.81.163] => (item=nmap)
ok: [192.168.81.165] => (item=nmap)
ok: [192.168.81.163] => (item=telnet)
ok: [192.168.81.165] => (item=telnet)
ok: [192.168.81.163] => (item=tree)
ok: [192.168.81.165] => (item=tree)
ok: [192.168.81.163] => (item=vim)
ok: [192.168.81.163] => (item=ntsysv)
ok: [192.168.81.163] => (item=unzip)
ok: [192.168.81.163] => (item=sysstat)
ok: [192.168.81.163] => (item=ntpdate)
ok: [192.168.81.165] => (item=vim)
ok: [192.168.81.165] => (item=ntsysv)
ok: [192.168.81.165] => (item=unzip)
ok: [192.168.81.165] => (item=sysstat)
ok: [192.168.81.165] => (item=ntpdate)
changed: [192.168.81.162] => (item=wget)
changed: [192.168.81.162] => (item=lrzsz)
changed: [192.168.81.162] => (item=lsof)
changed: [192.168.81.162] => (item=nmap)
changed: [192.168.81.162] => (item=telnet)
changed: [192.168.81.162] => (item=tree)
ok: [192.168.81.162] => (item=vim)
changed: [192.168.81.162] => (item=ntsysv)
changed: [192.168.81.162] => (item=unzip)
changed: [192.168.81.162] => (item=sysstat)
changed: [192.168.81.162] => (item=ntpdate)

TASK [init : 04_close selinx] *********************************************************************************************
changed: [192.168.81.165]
changed: [192.168.81.162]
changed: [192.168.81.163]

TASK [init : 05_close firewalld] ******************************************************************************************
ok: [192.168.81.165]
ok: [192.168.81.163]
ok: [192.168.81.162]

TASK [init : 06_set_timezone] *********************************************************************************************
changed: [192.168.81.163]
changed: [192.168.81.165]
changed: [192.168.81.162]

TASK [init : 07_time_update] **********************************************************************************************
ok: [192.168.81.165]
ok: [192.168.81.163]
changed: [192.168.81.162]

TASK [init : 08_ssh_speed] ************************************************************************************************
changed: [192.168.81.165]
changed: [192.168.81.163]
changed: [192.168.81.162]

TASK [init : 09_export_PS1] ***********************************************************************************************
changed: [192.168.81.165]
changed: [192.168.81.162]
changed: [192.168.81.163]

PLAY RECAP ****************************************************************************************************************
192.168.81.162             : ok=10   changed=8    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.81.163             : ok=10   changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.81.165             : ok=10   changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0