使用 Ansible 批量初始化服务器(初始版)

我这里先将想要的功能拆分开,通过单个剧本(playbook)来实现一个功能,然后将这些单个剧本(playbook)组成一个角色(roles)。

此文档中只包含了单个剧本(playbook)的初始版本,后面还分享了一个最终版,有需要的小伙伴可以参考一下。

其实我一共迭代了 5 个版本,中间的几个版本都是在完善最终的角色(roles)而已,考虑到都分享出来的话会比较繁琐,所以最后就只分享一个初始版和最终版

·
authorized-key.yml

---
- name: set authorized key taken from file
  hosts: wpf_test
  remote_user: root
  tasks:
    - name: authorized key
      authorized_key:
        user: root
        state: present
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"

·
upgrade-kernel.yml

PS: 拷贝的目录,在这里就不提现了。

---
- name: update kernel in 5.4.127
  hosts: wpf_test
  remote_user: root
  tasks:
    - name: copy kernel-5.4.127
      copy: src=kernel-5.4.127 dest=/usr/local/src

    - name: remove kernel-tools-3.10.0 and kernel-tools-libs-3.10.0
      yum: name=kernel-tools-3.10.0,kernel-tools-libs-3.10.0 state=removed

    - name: install kernel-5.4.127
      shell: yum -y localinstall /usr/local/src/kernel-5.4.127/*.rpm

    - name: set default load grub version
      shell: grub2-set-default 0

·
config-grub.yml

PS: 这里关闭了ipv6的模块和显卡模式的设置
PS: 配置显卡模式的原因:内核升级到 5.x 时,vga连接物理机无法显示。

---
- name: modify kernel configuration(ipv6.disable=1 and mgag200.modeset=0)
  hosts: wpf_test
  remote_user: root
  tasks:
    - name: See if there is a ipv6.disable=1 in GRUB_CMDLINE_LINUX
      shell: grep -q ipv6.disable=1 /etc/default/grub;echo $?
      register: get_grub_ipv6
      
#    - name: print get_grub_ipv6
#      debug: 
#        msg: "{{ get_grub_ipv6.stdout }}"

    - name: modify grub is add ipv6.disable=1
      shell: VALUE=`cat /etc/default/grub | awk -F '"' '/GRUB_CMDLINE_LINUX/{print $2}'` && sed -i "s#GRUB_CMDLINE_LINUX=.*#GRUB_CMDLINE_LINUX=\"$VALUE ipv6.disable=1\"#" /etc/default/grub
      when: get_grub_ipv6.stdout != "0"
      register: ipv6_add

    - name: See if there is a mgag200.modeset=0 in GRUB_CMDLINE_LINUX
      shell: grep -q mgag200.modeset=0 /etc/default/grub;echo $?
      register: get_grub_mgag
      
#    - name: print get_grub_mgag
#      debug: 
#        msg: "{{ get_grub_mgag.stdout }}"

    - name: modify grub is add mgag200.modeset=0
      shell: VALUE=`cat /etc/default/grub | awk -F '"' '/GRUB_CMDLINE_LINUX/{print $2}'` && sed -i "s#GRUB_CMDLINE_LINUX=.*#GRUB_CMDLINE_LINUX=\"$VALUE mgag200.modeset=0\"#" /etc/default/grub
      when: get_grub_mgag.stdout != "0"
      register: mgag_add

#    - name: print result
#      debug: 
#        msg: 
#          - "{{ ipv6_add }}"
#          - "{{ mgag_add }}"

    - name: create a new grub configuration
      shell: grub2-mkconfig -o /boot/grub2/grub.cfg
      when: ipv6_add.changed == true or mgag_add.changed == true

·
selinux-firewalld.yml

---
- name: disabled firewalld and selinux
  hosts: wpf_test
  remote_user: root
  tasks: 
    - name: disabled firewalld
      systemd: name=firewalld state=stopped enabled=no
      
    - name: task selinux status
      shell: getenforce
      register: selinux_status
      
#    - name: print selinux_status
#      debug: 
#        msg: "{{ selinux_status }}"
      
    - name: modify selinux config
      lineinfile: 
        path: /etc/selinux/config
        regex: '^SELINUX=.*'
        line: "SELINUX=disabled"
        
    - name: cmd set selinux status is 0
      shell: setenforce 0
      when: selinux_status.stdout != "Disabled"

·
system-limits.yml

---
- name: system limits config
  hosts: wpf_test
  remote_user: root
  tasks:
    - lineinfile:
        path: /etc/security/limits.conf
        regex: '^\* soft nproc'
        line: "* soft nproc 65536"
    - lineinfile: 
        path: /etc/security/limits.conf
        regex: '^\* hard nproc'
        line: "* hard nproc 65536"
    - lineinfile: 
        path: /etc/security/limits.conf
        regex: '^\* soft nofile'
        line: "* soft nofile 65536"
    - lineinfile: 
        path: /etc/security/limits.conf
        regex: '^\* hard nofile'
        line: "* hard nofile 65536"

·
optimization-kernel.yml
PS: 拷贝的文件,在这里就不提现了。

---
- name: kernel optimization
  hosts: wpf_test
  remote_user: root
  tasks:
    - name: copy my-default.conf
      copy: src=my-default.conf dest=/etc/sysctl.d/

    - name: sysctl enable
      shell: sysctl -p /etc/sysctl.d/my-default.conf

·
config-route.yml

PS: 这里的路由配置,只适用于本公司。

---
- name: config route
  hosts: wpf_test
  remote_user: root
  tasks:
    - name: backup old config
      shell: "find /etc/sysconfig/network-scripts/ -maxdepth 1 -name route* -exec mv {} {}.bak \;"
      
    - name: add new config
      lineinfile:
        path: /etc/sysconfig/static-routes
        regex: '.*172.168.30.254$'
        line: "any net 172.168.20.0 netmask 255.255.255.0 gw 172.168.30.254"
        
    - name: restart network
      systemd: name=network state=restarted enabled=yes

·
ssh.yml

---
- name: ssh listen port and DNS config
  hosts: wpf_test
  remote_user: root
  tasks: 
    - name: modify ssh port
      lineinfile: 
        path: /etc/ssh/sshd_config
        regex: '.*Port 22$'
        line: "Port 50000"

    - name: modify ssh dns
      lineinfile: 
        path: /etc/ssh/sshd_config
        regex: '.*UseDNS yes$'
        line: "UseDNS no"

    - name: restart sshd
      systemd: name=sshd state=restarted enabled=yes

·
virt.yml

PS: 此剧本主要是为了实现虚拟环境的配置和通过 webvirtmgr 管理的功能

---
- name: bridge network
  hosts: wpf_test
  remote_user: root
  tasks: 
    - name: mkdir repobak
      file: path=/etc/yum.repos.d/repobak state=directory 

    - name: backup old yum repo
      shell: mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repobak

    - name: add aliyum of Centos-7.repo
      get_url: 
        url: http://mirrors.aliyun.com/repo/Centos-7.repo
        dest: /etc/yum.repos.d/CentOS-Base.repo

    - name: remove centos yum repo in aliyuncs.com of line
      lineinfile: 
        path: /etc/yum.repos.d/CentOS-Base.repo
        regexp: ".*aliyuncs.com.*"
        state: absent 

    - name: add aliyum of epel.repo
      get_url: 
        url: http://mirrors.aliyun.com/repo/epel-7.repo
        dest: /etc/yum.repos.d/epel.repo

    - name: install virtualization rpm
      yum: 
        name: qemu-kvm,qemu-img,virt-manager,libvirt-client,libvirt-python,virt-viewer,libguestfs-tools,virt-install
        state: installed
        
    - name: start libvirtd
      systemd: name=libvirtd state=started enabled=yes

    - name: install cmd completion rpm
      yum: 
        name: bash-completion,libvirt-bash-completion
        state: installed

    - name: take effect cmd completion
      shell: source /usr/share/bash-completion/completions/virsh;source /etc/profile

    - name: ensure group "libvirt" exists
      group:
        name: libvirt
        state: present

# https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module
#    - name: print password 
#      debug: 
#        msg: "{{ 'wsd@126.com' | password_hash('sha512', 'mysecretsalt') }}"

    - name: add user 'webvirtmgr' with a bash shell, appending the group 'libvirt' to the user's groups
      user:
        name: webvirtmgr
        shell: /bin/bash
        groups: libvirt
        append: yes
        password: "{{ '123456' | password_hash('sha512', 'mysecretsalt') }}" 

    - name: task virt net br0 
      shell: virsh net-list --all | grep -q br0;echo $?
      register: net_virt_br0

    - name: task virt net br1
      shell: virsh net-list --all | grep -q br1;echo $?
      register: net_virt_br1

#    - name: print net_virt_br0 and net_virt_br1
#      debug: 
#        msg: 
#          - "{{ net_virt_br0 }}"
#          - "{{ net_virt_br1 }}"

    - name: copy br0.xml
      copy: src=br0.xml dest=/etc/libvirt/qemu/networks/br0.xml
      when: net_virt_br0.stdout != "0"

    - name: copy br1.xml
      copy: src=br1.xml dest=/etc/libvirt/qemu/networks/br1.xml
      when: net_virt_br1.stdout != "0"

    - name: defin br0
      shell: virsh net-define /etc/libvirt/qemu/networks/br0.xml
      when: net_virt_br0.stdout != "0"

    - name: defin br1
      shell: virsh net-define /etc/libvirt/qemu/networks/br1.xml
      when: net_virt_br1.stdout != "0"

    - name: task virt net br0 start status
      shell: virsh net-info br0 | awk '/Active/{print $2}'
      register: br0_start_status

    - name: start br0 
      shell: virsh net-start br0
      when: br0_start_status.stdout != "yes"

    - name: task virt net br1 start status
      shell: virsh net-info br1 | awk '/Active/{print $2}'
      register: br1_start_status

    - name: start br1
      shell: virsh net-start br1
      when: br1_start_status.stdout != "yes"

    - name: task virt net br0 austart status
      shell: virsh net-info br0 | awk '/Autostart/{print $2}'
      register: br0_austart_status

    - name: austart br0 
      shell: virsh net-autostart br0
      when: br0_austart_status.stdout != "yes"

    - name: task virt net br1 austart status
      shell: virsh net-info br1 | awk '/Autostart/{print $2}'
      register: br1_austart_status

    - name: austart br1
      shell: virsh net-autostart br1
      when: br1_austart_status.stdout != "yes"

·
bridge-network.yml

PS: 注意这里的网卡名

---
- name: bridge network
  hosts: wpf_test
  remote_user: root
  vars: 
    notes_option:
      - "IPADDR"
      - "NETMASK"
      - "GATEWAY"
      - "DNS"
  tasks: 
    - name: notes em1 hard ip config
      shell: sed -i '/{{ item }}/s/^.*$/#&/'  /etc/sysconfig/network-scripts/ifcfg-em1
      loop: "{{ notes_option }}"

    - name: config em1 hard bridge br0
      lineinfile: 
        path: /etc/sysconfig/network-scripts/ifcfg-em1
        regex: '^BRIDGE'
        line: "BRIDGE=br0"

    - name: notes em4 hard ip config
      shell: sed -i '/{{ item }}/s/^.*$/#&/'  /etc/sysconfig/network-scripts/ifcfg-em4
      loop: "{{ notes_option }}"

    - name: config em4 hard bridge br1
      lineinfile: 
        path: /etc/sysconfig/network-scripts/ifcfg-em4
        regex: '^BRIDGE'
        line: "BRIDGE=br1"

    - name: see em1 does it exist
      shell: ifconfig | awk '/flags/{print $1}' | grep -q em1;echo $?
      register: em1_exist

#    - name: print em1_exist
#      debug: 
#        msg: "{{ em1_exist.stdout }}"

    - name: take last ipaddr
      shell: IPADDR=`ifconfig em1 | grep inet | sed -n 1p | awk '{print $2}' | awk -F "." '{print $NF}'`;echo $IPADDR
      register: last_ipaddr
      when: em1_exist.stdout == "0"

#    - name: print last_ipaddr
#      debug: 
#        msg: "{{ last_ipaddr.stdout }}"

    - name: copy jinjia2 template by ifcfg-br0
      template: src=ifcfg-br0.j2 dest=/etc/sysconfig/network-scripts/ifcfg-br0
      when: em1_exist.stdout == "0"

    - name: copy jinjia2 template by ifcfg-br1
      template: src=ifcfg-br1.j2 dest=/etc/sysconfig/network-scripts/ifcfg-br1
      when: em1_exist.stdout == "0"

    - name: config  hostname
      shell: hostnamectl set-hostname vlan30.node{{ last_ipaddr.stdout }}.virt
      when: em1_exist.stdout == "0"

    - name: restart network
      systemd: name=network state=restarted enabled=yes

·
PS1-env.yml

---
- name: disabled firewalld and selinux
  hosts: wpf_test
  remote_user: root
  tasks: 
    - name: export PS1 env
      lineinfile: 
        path: /etc/bashrc
        line: export PS1='[\u\@\H \W]\$'
        
    - name: take effect PS1 env
      shell: source  /etc/bashrc
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值