更新 2017年9月5日
01ansib生产
安装包
yum install -y libselinux-python
在通过执行 play脚本的过程中 有步骤结束后 必须重启一下 目标电脑
- name: Waiting for server to come back
local_action: wait_for host={
{ ansible_host }} port=22 state=started delay=30 timeout=600
become: no
关于用户
1,批量创建用用户
ansible all -m shell -a 'useradd apps -m -d /home/apps -s /bin/bash -u 2222'
ansible all -m shell -a 'useradd apps -u 2222'
检查
ansible all -m shell -a "id apps"
2.批量修改密码
$ ansible all -m shell -a 'echo apps:ABCedf123 | chpasswd' #centos 7
$ ansible all -m shell -a 'echo ABCedf123 | passwd --stdin apps' #centos 6
3.批量做互信
$ su - apps && ssh-keygen
$ ansible web -m authorized_key -a "user=apps state=present key=\"{
{ lookup('file', '/home/apps/.ssh/id_rsa.pub') }}\"" -k
过滤setup内容
ansible 192.168.14.132 -m setup -a 'filter=ansible_all_ipv4_addresses' -o
ansible 192.168.14.132 -m setup
ansible 192.168.14.132 -m setup -a 'filter=ansible_all_ipv4_addresses'
playbook的过滤: 返回的ansible_eth0是字典.可以过滤
[root@node1 ~]# cat t.yml
- hosts: 192.168.14.133
tasks:
- debug: msg="{
{ ansible_eth0['device'] }}"
这样就有问题了
ansible all -m setup -a "filter=ansible_eth0['device']"
ansible all -m setup -a "filter=ansible_eth0|ipv4"
- hosts: 192.168.14.132
tasks:
- debug: msg="{
{ ansible_user_shell }}"
这样ok
ansible all -m setup -a 'filter=ansible_eth[0-2]'
修改内核参数
# 开启路由转发的功能
- sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes
ansible多线程
ansible在多任务下,推荐使用多进程模式的。其实就是用multiprocess做的多进程池 ! -f 10 就是limit 10个任务并发。
书写格式
- hosts: 192.168.14.133
tasks:
- debug: msg="hi1"
- debug: msg="hi2"
也就是很多笔记这样写的原因了.
- lineinfile: dest=/etc/selinux/config regexp=^SELINUX= line=SELINUX=enforcing # 将以“SELINUX”开头的行换成 “SELINUX=enforcing”
- lineinfile: dest=/etc/sudoers state=absent regexp="^%wheel" # 将以 %wheel 开头的行删除
- lineinfile: dest=/etc/hosts regexp='^127\.0\.0\.1' line='127.0.0.1 localhost' owner=root group=root mode=0644
- lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen " insertafter="^#Listen " line="Listen 8080" # 将以 #Listen 开头行的下面的 以Listen开头的行换成 Listen 8080
- lineinfile: dest=/etc/httpd/conf/httpd.conf insertafter="^#Listen " line="Listen 8080" # 在 #Listen 开头行的下面的 添加 Listen 8080 新行
- lineinfile: dest=/etc/httpd/conf/httpd.conf regexp="^Listen " insertbefore="^#Listen " line="Listen 8080" # 将以 #Listen 开头行的上面的 以Listen开头的行换成 Listen 8080
- lineinfile: dest=/tmp/testfile line="192.168.1.99 foo.lab.net foo" # 添加一个新行
可以写一行
- name: Copy Nginx Software To Redhat Client
copy: src=nginx-{
{ nginx_version }}.tar.gz dest=/tmp/nginx-{
{ nginx_version }}.tar.gz owner=root group=root
when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
- name: Uncompression Nginx Software To Redhat Client
shell: tar zxf /tmp/nginx-{
{ nginx_version }}.tar.gz -C /usr/local/
when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
- name: Copy Nginx Start Script To Redhat Client
template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755
when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
- name: Copy Nginx Config To Redhat Client
template: src=nginx.conf dest=/usr/local/nginx-{
{ nginx_version }}/conf/ owner=root group=root mode=0644
when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
- name: Copy Nginx Vhost Config to RedHat Client
template: src=vhost.conf dest=/usr/local/nginx-{
{ nginx_version }}/conf/vhost/ owner=root group=root mode=0644
when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6
ansible安装zabiix
---
- hosts: "{
{ host }}"
remote_user: "{
{ user }}"
gather_facts: false
tasks:
- name: Install the 'Development tools' package group
yum:
name: "@Development tools"
state: present
tags:
- Dev_tools
- name: Install packages
yum: state=present name={
{ item }}
with_items:
- gcc
- gcc-c++
- autoconf
- automake
- libxml2-devel
- sysstat
- vim
- iotop
- unzip
- htop
- iotop
- strace
- wget
- tar
- libselinux-python
- rsync
- rdate
tags:
- packages
- name: Selinux modify disabled
lineinfile:
dest: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled'
tags:
- testselinux
- name: Modify lineinfile
lineinfile:
dest: "{
{ item.dest }}"
state: present
regexp: "{
{ item.regexp }}"
line: "{
{ item.line }}"
validate: 'visudo -cf %s'
with_items:
# - {
# dest: "/etc/zabbix/zabbix_agentd.conf",
# regexp: "^Include",
# line: "\n\n###Add include\nInclude=/etc/zabbix/zabbix_agentd.conf.d/*.conf" }
- {
dest: "/etc/sudoers",
regexp: "^Defaults requiretty",
line: "# Defaults requiretty" }
tags:
- testline
- name: Copy configuration file
copy:
src=\'#\'" /etc/init.d/zabbix_agentd",
dest: "/etc/init.d/zabbix_agentd",
mode: "0755"}
tags:
- testcopy
- name: Create a directory
file: path={
{ item }} state=directory mode=0750
with_items:
- /etc/sudoers.d
tags:
- testdir
- name: Looping over Fileglobs
copy: src={
{ item }} dest=/etc/sudoers.d/ owner=root mode=0440
with_fileglob:
- /etc/sudoers.d/*
tags:
- test_fileglobs
- name: synchronization of src on the control machine to dest on the remote hosts
synchronize:
src=\'#\'" /etc/zabbix",
dest: "/etc/"}
- {
src=\'#\'" /usr/local/zabbix",
dest: "/usr/local/"}
tags:
- sys_dir
- name: Ensure two job that runs of crontab
cron:
name: "{
{ item.name }}"
minute: "{
{ item.minute}}"
job: "{
{ item.job}}"
with_items:
- {
name: "Time synchronization",
minute: "10",