整个剧本的编写是先将想要的功能拆分开,通过单个剧本(playbook)来实现一个功能,然后将这些单个剧本(playbook)组成一个角色(roles)。
一共迭代了 5 个版本,中间的几个版本都是在完善最终的角色(roles)而已,考虑到都分享出来的话会比较繁琐,所以最后就只分享一个初始版和最终版。
·
后续在工作过程中还会增加其它剧本的分享,有需要的小伙伴可以查看:小吴同学的 Ansible 专栏
·
首先展示一下整体的目录
cd /root/ansible/vlan30_system_init
#查看资产和 playbook
[root@ansible ~/ansible/vlan30_system_init]# ls
authorized_key.yml roles vlan30-hosts.ini vlan30-system-init.yml
#查看所有角色
[root@ansible ~/ansible/vlan30_system_init]# ll roles/
total 0
drwxr-xr-x 5 root root 59 Jun 28 09:45 10_config_virt
drwxr-xr-x 5 root root 63 Jun 27 18:13 11_bridge_network
drwxr-xr-x 3 root root 36 Jun 28 15:59 12_config_env_PS1
drwxr-xr-x 4 root root 47 Jun 28 20:56 1_install_common_rpm
drwxr-xr-x 5 root root 59 Jun 28 09:09 2_upgrade_kernel
drwxr-xr-x 3 root root 36 Jun 27 18:23 3_config_grub
drwxr-xr-x 3 root root 36 Jun 27 18:52 4_disable_selinux_firewalld
drwxr-xr-x 3 root root 36 Jun 27 18:37 5_system_limits
drwxr-xr-x 4 root root 48 Jun 27 18:29 6_config_kernel
drwxr-xr-x 3 root root 36 Jun 27 18:25 7_config_route
drwxr-xr-x 4 root root 47 Jun 28 21:17 8_config_sshd
drwxr-xr-x 4 root root 47 Jun 28 21:22 9_ntpdate_cron
drwxr-xr-x 3 root root 36 Jun 28 16:59 last_reboot
drwxr-xr-x 4 root root 47 Jun 28 17:04 modify_password
·
这里我没有将 authorized_key.yml 定义为角色
---
- name: set authorized key taken from file
hosts: wpf_test
remote_user: root
tasks:
- name: authorized key
authorized_key:
user: root
state: present
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
·
调用角色的 playbook:vlan30-system-init.yml
PS: 最后一步的重启角色(last_reboot),谨慎使用。
---
- name: Server initialization playbook include virtualization
hosts: wpf_test
remote_user: root
roles:
- 1_install_common_rpm
- 2_upgrade_kernel
- 3_config_grub
- 4_disable_selinux_firewalld
- 5_system_limits
- 6_config_kernel
- 7_config_route
- 8_config_sshd
- 9_ntpdate_cron
- 10_config_virt
- 11_bridge_network
- 12_config_env_PS1
- modify_password
# - last_reboot
·
资产文件就不展示了
·
角色一:常用工具的安装
[root@ansible ~/ansible/vlan30_system_init/roles]# tree 1_install_common_rpm/
1_install_common_rpm/
├── tasks
│ ├── config_repo.yml
│ ├── install_rpm.yml
│ └── main.yml
└── vars
└── main.yml
cat 1_install_common_rpm/tasks/main.yml
---
- include: config_repo.yml
- include: install_rpm.yml
cat 1_install_common_rpm/tasks/config_repo.yml
---
- name: mkdir repobak
file: path=/etc/yum.repos.d/repobak state=directory
- name: backup old yum repo
shell: mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/repobak
- name: add Centos-7.repo
get_url:
url: "{{ CEMTOS7_REPO_URL }}"
dest: /etc/yum.repos.d/CentOS-Base.repo
- name: delete aliyuncs.com line in Centos-7.repo
lineinfile:
path: /etc/yum.repos.d/CentOS-Base.repo
regexp: ".*aliyuncs.com.*"
state: absent
- name: add epel.repo
get_url:
url: "{{ EPEL7_REPO_URL }}"
dest: /etc/yum.repos.d/epel.repo
cat 1_install_common_rpm/tasks/install_rpm.yml
---
- name: ensure that the common tools "{{ item }}" is installed
yum:
name: "{{ item }}"
state: installed
loop: "{{ COMMON_TOOLS }}"
cat 1_install_common_rpm/vars/main.yml
---
CEMTOS7_REPO_URL: "http://mirrors.aliyun.com/repo/Centos-7.repo"
EPEL7_REPO_URL: "http://mirrors.aliyun.com/repo/epel-7.repo"
COMMON_TOOLS:
- "net-tools"
- "vim"
- "gcc"
- "make"
- "ntpdate"
·
角色二:升级内核
[root@ansible ~/ansible/vlan30_system_init/roles]# tree 2_upgrade_kernel/
2_upgrade_kernel/
├── files
│ └── kernel_rpm
│ ├── kernel-lt-5.4.127-1.el7.elrepo.x86_64.rpm
│ ├── kernel-lt-tools-5.4.127-1.el7.elrepo.x86_64.rpm
│ └── kernel-lt-tools-libs-5.4.127-1.el7.elrepo.x86_64.rpm
├── tasks
│ └── main.yml
└── vars
└── main.yml
cat 2_upgrade_kernel/tasks/main.yml
---
# tasks file for upgrade_kernel
- name: copy kernel_rpm
copy: src=kernel_rpm dest={{ KERNEL_RPM_DIR }}
- name: remove kernel-tools-3.10.0 and kernel-tools-libs-3.10.0
yum: name=kernel-tools-3.10.0,kernel-tools-libs-3.10.0 state=removed
- name: install kernel-lt-{{ KERNEL_VERSION }}
yum:
name: "{{ KERNEL_RPM_DIR }}/kernel_rpm/kernel-lt-{{ KERNEL_VERSION }}.el7.elrepo.x86_64.rpm"
state: installed
- name: install kernel-lt-tools-libs-{{ KERNEL_VERSION }}
yum:
name: "{{ KERNEL_RPM_DIR }}/kernel_rpm/kernel-lt-tools-libs-{{ KERNEL_VERSION }}.el7.elrepo.x86_64.rpm"
state: installed
- name: install kernel-lt-tools-{{ KERNEL_VERSION }}
yum:
name: "{{ KERNEL_RPM_DIR }}/kernel_rpm/kernel-lt-tools-{{ KERNEL_VERSION }}.el7.elrepo.x86_64.rpm"
state: installed
- name: set default load grub version
shell: grub2-set-default 0
cat 2_upgrade_kernel/vars/main.yml
---
# vars file for upgrade_kernel
KERNEL_RPM_DIR: "/usr/local/src"
KERNEL_VERSION: "5.4.127-1"
·
角色三:配置GRUB
[root@ansible ~/ansible/vlan30_system_init/roles]# tree 3_config_grub/
3_config_grub/
└── tasks
├── create_new_grub.yml
├── disable_ipv6.yml
├── main.yml
└── mgag200_modeset.yml
cat 3_config_grub/tasks/main.yml
---
# tasks file for config_grub
- include: disable_ipv6.yml
- include: mgag200_modeset.yml
- include: create_new_grub.yml
cat 3_config_grub/tasks/disable_ipv6.yml
---
# tasks file for config_grub
- name: see if there is a ipv6.disable=1 in GRUB_CMDLINE_LINUX
shell: grep -q ipv6.disable=1 /etc/default/grub;echo $?
register: get_grub_ipv6
#- name: print get_grub_ipv6
# debug:
# msg: "{{ get_grub_ipv6.stdout }}"
- name: add ipv6.disable=1 configuration in GRUB_CMDLINE_LINUX
shell: VALUE=`cat /etc/default/grub | awk -F '"' '/GRUB_CMDLINE_LINUX/{print $2}'` && sed -i "s#GRUB_CMDLINE_LINUX=.*#GRUB_CMDLINE_LINUX=\"$VALUE ipv6.disable=1\"#" /etc/default/grub
when: get_grub_ipv6.stdout != "0"
register: disable_ipv6_add_status
cat 3_config_grub/tasks/mgag200_modeset.yml
---
# tasks file for config_grub
- name: see if there is a mgag200.modeset=0 in GRUB_CMDLINE_LINUX
shell: grep -q mgag200.modeset=0 /etc/default/grub;echo $?
register: get_grub_mgag
#- name: print get_grub_mgag
# debug:
# msg: "{{ get_grub_mgag.stdout }}"
- name: add mgag200.modeset=0 configuration in GRUB_CMDLINE_LINUX
shell: VALUE=`cat /etc/default/grub | awk -F '"' '/GRUB_CMDLINE_LINUX/{print $2}'` && sed -i "s#GRUB_CMDLINE_LINUX=.*#GRUB_CMDLINE_LINUX=\"$VALUE mgag200.modeset=0\"#" /etc/default/grub
when: get_grub_mgag.stdout != "0"
register: mgag200_modeset_status
cat 3_config_grub/tasks/create_new_grub.yml
---
# tasks file for config_grub
#- name: print result
# debug:
# msg:
# - "{{ disable_ipv6_add_status }}"
# - "{{ mgag200_modeset_status }}"
- name: create a new grub configuration
shell: grub2-mkconfig -o /boot/grub2/grub.cfg
when: disable_ipv6_add_status.changed == true or mgag200_modeset_status.changed == true
·
角色四:关闭防火墙和SELinux
tree 4_disable_selinux_firewalld/
4_disable_selinux_firewalld/
└── tasks
└── main.yml
cat 4_disable_selinux_firewalld/tasks/main.yml
---
# tasks file for disable_selinux_firewalld
- name: disabled firewalld
systemd: name=firewalld state=stopped enabled=no
- name: check selinux status
shell: getenforce
register: selinux_status
#- name: print selinux_status
# debug:
# msg: "{{ selinux_status }}"
- name: modify selinux config
lineinfile:
path: /etc/selinux/config
regex: '^SELINUX=.*'
line: "SELINUX=disabled"
- name: cmd set selinux status is 0
shell: setenforce 0
when: selinux_status.stdout != "Disabled"
·
角色五:配置 pam_limits
tree 5_system_limits/
5_system_limits/
└── tasks
└── main.yml
cat 5_system_limits/tasks/main.yml
---
# tasks file for system_limits
- lineinfile:
path: /etc/security/limits.conf
regex: '^\* soft nproc'
line: "* soft nproc 65536"
- lineinfile:
path: /etc/security/limits.conf
regex: '^\* hard nproc'
line: "* hard nproc 65536"
- lineinfile:
path: /etc/security/limits.conf
regex: '^\* soft nofile'
line: "* soft nofile 65536"
- lineinfile:
path: /etc/security/limits.conf
regex: '^\* hard nofile'
line: "* hard nofile 65536"
·
角色六:内核优化参数配置
[root@ansible ~/ansible/vlan30_system_init/roles]# tree 6_config_kernel/
6_config_kernel/
├── files
│ └── my-default.conf
└── tasks
└── main.yml
cat 6_config_kernel/files/my-default.conf
# fs
fs.file-max = 655350
# kernel
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.msgmni = 32000
kernel.shmmax = 68719476736
kernel.shmmni = 8192
kernel.shmall = 4294967296
kernel.sysrq = 0
kernel.core_uses_pid = 1
# Network core
net.core.netdev_max_backlog = 65535
net.core.wmem_default = 8388608
net.core.wmem_max = 16777216
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
# ipv6 disable
#net.ipv6.conf.all.disable_ipv6 = 1
#net.ipv6.conf.default.disable_ipv6 = 1
#net.ipv6.conf.lo.disable_ipv6 = 1
# ip-sysctl
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_tw_buckets = 2000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_max_syn_backlog = 20000
net.core.somaxconn = 65535
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_mem = 94500000 915000000 927000000
cat 6_config_kernel/tasks/main.yml
---
# tasks file for config_kernel
- name: copy my-default.conf
copy: src=my-default.conf dest=/etc/sysctl.d/
- name: sysctl enable
shell: sysctl -p /etc/sysctl.d/my-default.conf
·
角色七:配置静态路由
tree 7_config_route/
7_config_route/
└── tasks
└── main.yml
cat 7_config_route/tasks/main.yml
---
# tasks file for config_route
- name: backup old route config
shell: find /etc/sysconfig/network-scripts/ -maxdepth 1 -name route* -exec mv {} {}.bak \;
- name: add new config
lineinfile:
path: /etc/sysconfig/static-routes
create: yes
regex: '.*172.168.30.254$'
line: "any net 172.168.20.0 netmask 255.255.255.0 gw 172.168.30.254"
- name: restart network
systemd: name=network state=restarted enabled=yes
·
角色八:配置 sshd
ree 8_config_sshd/
8_config_sshd/
├── tasks
│ └── main.yml
└── vars
└── main.yml
cat 8_config_sshd/tasks/main.yml
---
# tasks file for config_sshd
- name: modify ssh port
lineinfile:
path: /etc/ssh/sshd_config
regex: '^Port'
line: "Port {{ SSH_PORT }}"
- name: modify ssh dns
lineinfile:
path: /etc/ssh/sshd_config
regex: '^UseDNS'
line: "UseDNS no"
- name: restart sshd
systemd: name=sshd state=restarted enabled=yes
cat 8_config_sshd/vars/main.yml
---
SSH_PORT: "50000"
·
角色九:配置时间同步
tree 9_ntpdate_cron/
9_ntpdate_cron/
├── tasks
│ ├── main.yml
│ ├── ntpdate.yml
│ └── time_zone.yml
└── vars
└── main.yml
cat 9_ntpdate_cron/tasks/main.yml
---
# tasks file for ntpdate_cron
- include: time_zone.yml
- include: ntpdate.yml
cat 9_ntpdate_cron/tasks/time_zone.yml
---
# tasks file for ntpdate_cron
- name: check whether the system time zone is zone 8
shell: date +%z
register: system_time_zone
- name: config system time zone is Shanghai
file:
src: /usr/share/zoneinfo/Asia/Shanghai
dest: /etc/localtime
state: link
when: system_time_zone.stdout != "+0800"
cat 9_ntpdate_cron/tasks/ntpdate.yml
---
# tasks file for ntpdate_cron
- name: make sure ntpdate exists
yum:
name: ntpdate
state: installed
- name: timing sync time with ntpdate
cron:
name: "Ntpdate server for sync time"
job: "/usr/sbin/ntpdate -s {{ NTP_IPADDR}}"
minute: "{{ MINUTE }}"
hour: "{{ HOUR }}"
day: "{{ DAY }}"
month: "{{ MONTH }}"
weekday: "{{ WEEKDAY }}"
cat 9_ntpdate_cron/vars/main.yml
---
NTP_IPADDR: "218.30.114.84"
MINUTE: "0"
HOUR: "3"
DAY: "*"
MONTH: "*"
WEEKDAY: "*"
·
角色十:配置虚拟化环境
[root@ansible ~/ansible/vlan30_system_init/roles]# tree 10_config_virt/
10_config_virt/
├── files
│ ├── br0.xml
│ └── br1.xml
├── tasks
│ ├── create_user.yml
│ ├── define_virt_net_br0.yml
│ ├── define_virt_net_br1.yml
│ ├── install_virt.yml
│ ├── main.yml
│ ├── start_autostart_virtnet_br0.yml
│ └── start_autostart_virtnet_br1.yml
└── vars
└── main.yml
cat 10_config_virt/files/br0.xml
<network>
<name>br0</name>
<forward mode='bridge'/>
<bridge name='br0'/>
</network>
cat 10_config_virt/files/br1.xml
<network>
<name>br1</name>
<forward mode='bridge'/>
<bridge name='br1'/>
</network>
cat 10_config_virt/tasks/main.yml
---
# tasks file for config_virt
- include: install_virt.yml
- include: create_user.yml
- include: define_virt_net_br0.yml
- include: define_virt_net_br1.yml
- include: start_autostart_virtnet_br0.yml
- include: start_autostart_virtnet_br1.yml
cat 10_config_virt/tasks/install_virt.yml
---
# tasks file for config_virt
- name: install virtualization rpm
yum:
name: qemu-kvm,qemu-img,virt-manager,libvirt-client,libvirt-python,virt-viewer,libguestfs-tools,virt-install
state: installed
- name: start libvirtd
systemd: name=libvirtd state=started enabled=yes
- name: install cmd completion rpm
yum:
name: bash-completion,libvirt-bash-completion
state: installed
- name: enable completion
shell: source /usr/share/bash-completion/completions/virsh;source /etc/profile
cat 10_config_virt/tasks/create_user.yml
---
# tasks file for config_virt
- name: ensure group "{{ GROUP }}" exists
group:
name: "{{ GROUP }}"
state: present
##https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module
#- name: print password
# debug:
# msg: "{{ '123456' | password_hash('sha512', 'mysecretsalt') }}"
- name: add user "{{ USERNAME }}" with a bash shell, appending the group "{{ GROUP }}" to the user's groups
user:
name: "{{ USERNAME }}"
shell: /bin/bash
groups: "{{ GROUP }}"
append: yes
password: "{{ PASSWORD }}"
cat 10_config_virt/tasks/define_virt_net_br0.yml
---
# tasks file for config_virt
- name: task virt net br0
shell: virsh net-list --all | grep -q br0;echo $?
register: net_virt_br0
#- name: print net_virt_br0
# debug:
# msg: "{{ net_virt_br0 }}"
- name: copy br0.xml
copy: src=br0.xml dest=/etc/libvirt/qemu/networks/br0.xml
when: net_virt_br0.stdout != "0"
- name: defin br0
shell: virsh net-define /etc/libvirt/qemu/networks/br0.xml
when: net_virt_br0.stdout != "0"
cat 10_config_virt/tasks/define_virt_net_br1.yml
---
# tasks file for config_virt
- name: task virt net br1
shell: virsh net-list --all | grep -q br1;echo $?
register: net_virt_br1
#- name: print net_virt_br1
# debug:
# msg: "{{ net_virt_br1 }}"
- name: copy br1.xml
copy: src=br1.xml dest=/etc/libvirt/qemu/networks/br1.xml
when: net_virt_br1.stdout != "0"
- name: defin br1
shell: virsh net-define /etc/libvirt/qemu/networks/br1.xml
when: net_virt_br1.stdout != "0"
cat 10_config_virt/tasks/start_autostart_virtnet_br0.yml
---
# tasks file for config_virt
- name: task virt net br0 start status
shell: virsh net-info br0 | awk '/Active/{print $2}'
register: br0_start_status
- name: start br0
shell: virsh net-start br0
when: br0_start_status.stdout != "yes"
- name: task virt net br0 austart status
shell: virsh net-info br0 | awk '/Autostart/{print $2}'
register: br0_austart_status
- name: austart br0
shell: virsh net-autostart br0
when: br0_austart_status.stdout != "yes"
cat 10_config_virt/tasks/start_autostart_virtnet_br1.yml
---
# tasks file for config_virt
- name: task virt net br1 start status
shell: virsh net-info br1 | awk '/Active/{print $2}'
register: br1_start_status
- name: start br1
shell: virsh net-start br1
when: br1_start_status.stdout != "yes"
- name: task virt net br1 austart status
shell: virsh net-info br1 | awk '/Autostart/{print $2}'
register: br1_austart_status
- name: austart br1
shell: virsh net-autostart br1
when: br1_austart_status.stdout != "yes"
cat 10_config_virt/vars/main.yml
---
# vars file for config_virt
GROUP: "libvirt"
USERNAME: "webvirtmgr"
PASSWORD: "{{ '123456' | password_hash('sha512', 'mysecretsalt') }}"
·
角色十一:桥接网卡
tree 11_bridge_network/
11_bridge_network/
├── tasks
│ ├── br0_status.yml
│ ├── br1_status.yml
│ ├── bridge_em1.yml
│ ├── bridge_em4.yml
│ ├── copy_br0_template.yml
│ ├── copy_br1_template.yml
│ ├── main.yml
│ ├── obtain_em1_ipaddr.yml
│ ├── obtain_em4_ipaddr.yml
│ ├── restart_network.yml
│ └── set_hostname.yml
├── templates
│ ├── ifcfg-br0.j2
│ └── ifcfg-br1.j2
└── vars
└── main.yml
cat 11_bridge_network/templates/ifcfg-br0.j2
DEVICE=br0
NAME=br0
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=static
IPADDR="{{ em1_ipaddr.stdout }}"
NETMASK=255.255.255.0
GATEWAY=10.0.30.254
DNS1=223.5.5.5
DNS2=223.6.6.6
cat 11_bridge_network/templates/ifcfg-br1.j2
DEVICE=br1
NAME=br1
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=static
IPADDR="{{ em4_ipaddr.stdout }}"
NETMASK=255.255.255.0
cat 11_bridge_network/tasks/main.yml
---
# tasks file fand bridge_netwandk
- include: br0_status.yml
- include: obtain_em1_ipaddr.yml
when: ifcfg_br0_file_status.stat.exists == false and br0_run_status.stdout != "0"
- include: copy_br0_template.yml
when: ifcfg_br0_file_status.stat.exists == false and br0_run_status.stdout != "0"
- include: bridge_em1.yml
when: ifcfg_br0_file_status.stat.exists == false and br0_run_status.stdout != "0"
# # # # # # # # # #
- include: br1_status.yml
- include: obtain_em4_ipaddr.yml
when: ifcfg_br1_file_status.stat.exists == false and br1_run_status.stdout != "0"
- include: copy_br1_template.yml
when: ifcfg_br1_file_status.stat.exists == false and br1_run_status.stdout != "0"
- include: bridge_em4.yml
when: ifcfg_br1_file_status.stat.exists == false and br1_run_status.stdout != "0"
# # # # # # # # # #
- include: set_hostname.yml
- include: restart_network.yml
cat 11_bridge_network/tasks/br0_status.yml
---
# tasks file for bridge_network
- name: check ifcfg-br0 does it exist
stat: path=/etc/sysconfig/network-scripts/ifcfg-br0
register: ifcfg_br0_file_status
#- name: print ifcfg_br0_file_status
# debug:
# msg: "{{ ifcfg_br0_file_status.stat.exists }}"
- name: check br0 is it running
shell: ifconfig | awk '/flags/{print $1}' | grep -q br0;echo $?
register: br0_run_status
#- name: print br0_run_status
# debug:
# msg: "{{ br0_run_status.stdout }}"
cat 11_bridge_network/tasks/obtain_em1_ipaddr.yml
---
# tasks file for bridge_network
- name: check em1 is it running
shell: ifconfig | awk '/flags/{print $1}' | grep -q em1;echo $?
register: em1_run_status
#- name: print em1_run_status
# debug:
# msg: "{{ em1_run_status.stdout }}"
- name: get em1 ip address
shell: ifconfig em1 |awk '/inet /{print $2}'
register: em1_ipaddr
when: em1_run_status.stdout == "0"
#- name: print em1_ipaddr
# debug:
# msg: "{{ em1_ipaddr.stdout }}"
cat 11_bridge_network/tasks/copy_br0_template.yml
---
# tasks file for bridge_network
- name: copy ifcfg-br0.j2 template by ifcfg-br0
template: src=ifcfg-br0.j2 dest=/etc/sysconfig/network-scripts/ifcfg-br0
cat 11_bridge_network/tasks/bridge_em1.yml
---
# tasks file for bridge_network
- name: check ifcfg-em1 does it exist
stat: path=/etc/sysconfig/network-scripts/ifcfg-em1
register: ifcfg_em1_file_status
#- name: print ifcfg_em1_file_status
# debug:
# msg: "{{ ifcfg_em1_file_status.stat.exists }}"
- name: notes em1 ip address config
shell: sed -i '/{{ item }}/s/^.*$/#&/' /etc/sysconfig/network-scripts/ifcfg-em1
loop: "{{ notes_option }}"
when: ifcfg_em1_file_status.stat.exists == true
- name: config em1 bridge br0
lineinfile:
path: /etc/sysconfig/network-scripts/ifcfg-em1
regex: '^BRIDGE'
line: "BRIDGE=br0"
when: ifcfg_em1_file_status.stat.exists == true
·
cat 11_bridge_network/tasks/br1_status.yml
---
# tasks file for bridge_network
- name: check ifcfg-br1 does it exist
stat: path=/etc/sysconfig/network-scripts/ifcfg-br1
register: ifcfg_br1_file_status
#- name: print ifcfg_br1_file_status
# debug:
# msg: "{{ ifcfg_br1_file_status.stat.exists }}"
- name: check br1 is it running
shell: ifconfig | awk '/flags/{print $1}' | grep -q br1;echo $?
register: br1_run_status
#- name: print br1_run_status
# debug:
# msg: "{{ br1_run_status.stdout }}"
cat 11_bridge_network/tasks/obtain_em4_ipaddr.yml
---
# tasks file for bridge_network
- name: check em4 is it running
shell: ifconfig | awk '/flags/{print $1}' | grep -q em4;echo $?
register: em4_run_status
#- name: print em4_run_status
# debug:
# msg: "{{ em4_run_status.stdout }}"
- name: get em4 ip address
shell: ifconfig em4 |awk '/inet /{print $2}'
register: em4_ipaddr
when: em4_run_status.stdout == "0"
#- name: print em4_ipaddr
# debug:
# msg: "{{ em4_ipaddr.stdout }}"
cat 11_bridge_network/tasks/copy_br1_template.yml
---
# tasks file for bridge_network
- name: copy ifcfg-br1.j2 template by ifcfg-br1
template: src=ifcfg-br1.j2 dest=/etc/sysconfig/network-scripts/ifcfg-br1
cat 11_bridge_network/tasks/bridge_em4.yml
---
# tasks file for bridge_network
- name: check ifcfg-em4 does it exist
stat: path=/etc/sysconfig/network-scripts/ifcfg-em4
register: ifcfg_em4_file_status
#- name: print ifcfg_em4_file_status
# debug:
# msg: "{{ ifcfg_em4_file_status.stat.exists }}"
- name: notes em4 ip address config
shell: sed -i '/{{ item }}/s/^.*$/#&/' /etc/sysconfig/network-scripts/ifcfg-em4
loop: "{{ notes_option }}"
when: ifcfg_em4_file_status.stat.exists == true
- name: config em4 bridge br0
lineinfile:
path: /etc/sysconfig/network-scripts/ifcfg-em4
regex: '^BRIDGE'
line: "BRIDGE=br1"
when: ifcfg_em4_file_status.stat.exists == true
cat 11_bridge_network/tasks/set_hostname.yml
---
# tasks file for bridge_network
- name: get the last bit ip address
shell: ifconfig | awk '/172.168.30/{print $2}'| awk -F "." '{print $NF}'
register: last_ipaddr
- name: config hostname
shell: hostnamectl set-hostname vlan30.node{{ last_ipaddr.stdout }}.virt
cat 11_bridge_network/tasks/restart_network.yml
---
# tasks file for bridge_network
- name: restart network
systemd: name=network state=restarted enabled=yes
cat 11_bridge_network/vars/main.yml
---
# vars file for bridge_network
notes_option:
- "IPADDR"
- "NETMASK"
- "GATEWAY"
- "DNS"
·
角色十二:配置 PS1 环境变量
[root@ansible ~/ansible/vlan30_system_init/roles]# tree 12_config_env_PS1/
12_config_env_PS1/
└── tasks
└── main.yml
cat 12_config_env_PS1/tasks/main.yml
---
# tasks file for config_env_PS1
- name: export env PS1
lineinfile:
path: /etc/bashrc
line: export PS1='[\u@\H \w]\$'
- name: enable PS1 env
shell: source /etc/bashrc
·
角色 modify_password
[root@ansible ~/ansible/vlan30_system_init/roles]# tree modify_password/
modify_password/
├── tasks
│ └── main.yml
└── vars
└── main.yml
cat modify_password/tasks/main.yml
---
# tasks file for modify_password
- name: modify user password
user:
name: "{{ item }}"
shell: /bin/bash
password: "{{ PASSWORD }}"
loop: "{{ USER }}"
cat modify_password/vars/main.yml
---
# vars file for modify_password
PASSWORD: "{{ '123456' | password_hash('sha512', 'mysecretsalt') }}"
USER:
- "root"
·
角色 last_reboot
[root@ansible ~/ansible/vlan30_system_init/roles]# tree last_reboot/
last_reboot/
└── tasks
└── main.yml
cat last_reboot/tasks/main.yml
---
# tasks file for last_reboot
- name: reboot in 1 minute system
shell: "shutdown -r +1 &"