public key配置环节忽略
1、创建以roles命令的目录
mkdir /etc/ansible/roles/2、在roles目录中分别创建以各角色名称命令的目录,如common
mkdir /etc/ansible/roles/ossec
3、在角色目录中分别创建files、handlers、tasks、templates、meta、defaults和vars目录,用不到的目录可以创建为空目录,但不可以不创建。
mkdir /etc/ansible/roles/ossec/{files,templates,tasks,handlers,vars,defaults,meta}
4、在每个角色的handlers、tasks、meta、defaults、vars目录下创建main.yml文件
touch /etc/ansible/roles/ossec/{defaults,vars,tasks,meta,handlers}/main.yml
5、在playbook文件中,调用各角色
$ cat /etc/ansible/roles/site.yml
---
- hosts: dx
remote_user: root
roles:
- ossec
a)、tasks目录下mail.yml
---
- name: Install gcc postgres and mysql
yum: name="{{item}}" state=present
with_items:
- gcc
- postgresql-devel
- mysql-devel
- name: copy ossec-client.tar.gz to centos
copy: src=ossec-hids-2.8.3.tar.gz dest=/root/ossec-hids-2.8.3.tar.gz mode=0644 owner=root group=root
- name: Extract Ossec server code
unarchive: copy=no src=/root/ossec-hids-2.8.3.tar.gz dest="{{extract_path}}" creates="{{ossec_path}}"
- name: Copy the Ossec_input file
template: src=ossec_client_input.j2 dest="{{ossec_path}}/ossec_client_input.txt"
- name: Install Ossec-agent
shell: ./install.sh < ossec_client_input.txt
args:
chdir: "{{ossec_path}}"
creates: /var/ossec/etc/ossec.conf
- name: copy client key to conf
copy: src=client.keys dest=/var/ossec/etc/client2.keys mode=0644 owner=root group=root
- name: Extract only the key for current client
shell: grep "{{ansible_default_ipv4.address}}" /var/ossec/etc/client2.keys > /var/ossec/etc/client.keys
- name: Delete other client keys
file: name=/var/ossec/etc/client2.keys state=absent
- name: Start Ossec server
service: name=ossec state=restarted
b)、vars目录下mail.yml
ossec_url: https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz
ossec_path: /root/ossec-hids-2.8.3
ossec_manage_agent_input: /root/ossec_manage_agent_input.txt
extract_path: /root
ossec_server_ip: x.x.x.x
c)、templates/ossec_client_input.j2
en
agent
/var/ossec
{{ ossec_server_ip }}
y
y
y
d)、files目录下
client.keys (直接从ossec server /var/ossec/etc/目录下复制过来)
ossec-hids-2.8.3.tar.gz
e)、运行
ansible-playbook site.yml