Ansible安装
安装方式
##### yum yum install epel-release -y yum list ansible yum install ansible -y ansible --version
##### git
git clone git://github.com/ansible/ansible.git --recursive
cd ./ansible
source ./hacking/env-setup
ansible --version
配置优化
vim /etc/ansible/ansible.cfg host_key_checking = False #不检查key log_path = /var/log/ansible.log #打开日志
主机列表中常用的参数说明
ansible_ssh_host #将要连接的远程主机名.与你想要设定的主机的别名不同的话,可通过此变量设置. ansible_ssh_port #ssh端口号.如果不是默认的端口号,通过此变量设置.也可以使用 ip:端口 192.168.1.100:2222 ansible_ssh_user #默认的 ssh 用户名 ansible_ssh_pass #ssh 密码(这种方式并不安全,我们强烈建议使用 --ask-pass 或 SSH 密钥) ansible_sudo_pass #sudo 密码(这种方式并不安全,我们强烈建议使用 --ask-sudo-pass)
#Ansible 主要程序 /usr/bin/ansible 主程序,临时命令执行工具 /usr/bin/ansible-doc 查看配置文档,模块功能查看工具 /usr/bin/ansible-galaxy 下载/上传优秀代码或Roles模块的官网平台 /usr/bin/ansible-playbook 定制自动化任务,编排剧本工具 /usr/bin/ansible-pull 远程执行命令的工具
ansible playbook 剧本实例
#批量下发公钥至被控主机 --- - hosts: test remote_user: root tasks: - name: 将公钥批量写入被管理机 authorized_key: user: root key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" #/etc/ansible/hosts格式 [test] 10.10.10.1 10.10.10.2 10.10.10.[3:5] [test:vars] ansible_ssh_pass=test0123 #批量写入公钥后请删除掉
#批量创建用户 --- - hosts: test remote_user: root tasks: - name: 批量创建用户 user: name={{ item.name }} group={{ item.group }} password={{ '123456' | password_hash('sha512') }} with_items: - { name: 'buster', group: 'buster' } - { name: 'app', group: 'app' }
#批量修改用户密码 --- - hosts: test remote_user: root tasks: - name: 批量修改用户密码 user: name={{ item.name }} password={{ item.chpass | password_hash('sha512') }} update_password=always with_items: - { name: 'buster', chpass: 'buster123' } - { name: 'app', chpass: 'app123@..!!' } #特殊的字符建议先单台执行后检查登录
#批量删除用户 --- - hosts: test remote_user: root tasks: - name: 批量删除用户 user: name={{ item.name }} group={{ item.group }} password={{ '123456'|password_hash('sha512') }} state=absent remove=yes with_items: - { name: 'buster', group: 'buster' } - { name: 'app', group: 'doordu' }
#优化ssh配置 --- - hosts: test remote_user: root tasks: - name: 批量修改ssh配置文件的安全选项 lineinfile: path: /etc/ssh/sshd_config regexp: '{{ item.regexp }}' line: '{{ item.line }}' state: present with_items: - regexp: "^#UseDNS yes" line: "UseDNS no" - regexp: "^#Port 22" line: "Port 12222" notify: - restart sshd handlers: - name: restart sshd service: name: sshd state: restarted
- hosts: test user: root tasks: - name: 批量修改主机名 raw: "hostnamectl set-hostname {{ hostname|quote }}" #/etc/ansible/hosts格式 [test] 10.10.10.1 hostname=test01 10.10.10.2 hostname=test02 ...
#批量初始化新机器 - hosts: test remote_user: root tasks: - name: 关闭防火墙 service: name=firewalld state=stopped enabled=no tags: firewalld - name: 临时关闭 selinux shell: "setenforce 0" failed_when: false - name: 永久关闭 selinux replace: dest: /etc/selinux/config regexp: ^SELINUX=enforcing replace: SELINUX=disabled tags: selinux - name: 添加114.114.114.114 DNS shell: grep 114 /etc/resolv.conf || sed -i '/NetworkManager/a\nameserver 114.114.114.114' /etc/resolv.conf tags: dns - name: 下载阿里云yum源 get_url: url: http://mirrors.aliyun.com/repo/Centos-7.repo dest: /etc/yum.repos.d/CentOS-Base.repo backup: yes ignore_errors: true tags: 阿里云yum源 - name: 替换阿里云地址 replace: dest: /etc/yum.repos.d/CentOS-Base.repo regexp: mirrors.cloud.aliyuncs.com replace: mirrors.aliyuncs.com tags: sed aliyun yum - name: 清理yum缓存 shell: yum clean all && yum makecache - name: 安装常用软件包 yum: name: "{{ item }}" state: installed with_items: - epel-release - vim - lrzsz - wget - ntpdate tags: 常用工具 - name: 同步服务器时间 shell: ntpdate time.nist.gov && hwclock -w && ulimit -SHn 65535 ignore_errors: true tags: ntp - name: 创建同步时间计划任务 cron: name: 'ntpdate time' hour: '0' minute: '10' day: '*' month: '*' weekday: '*' job: '/usr/sbin/ntpdate -u time.windows.com time-b.nist.gov ntp.api.bz;hwclock -w' user: 'root' tags: ntpdate time - name: 设置打开的文件描述符 lineinfile: dest: /etc/security/limits.conf line: "{{ item }}" with_items: - '* soft nofile 102400' - '* hard nofile 102400' - '* soft nproc 102400' - '* hard nproc 102400' tags: limits
燃烧吧,骚年.
