Ansible-playbook Bote

root
233
文章
0
评论
2021年5月30日19:39:11 评论 5162字阅读17分12秒

Ansible-playbook Bote

hostss文件

[master]
192.168.1.80 ansible_connection=local 

[master:vars]
hostname=master01

[client]
192.168.1.81 hostname=node01
192.168.1.82 hostname=node02
[client:vars]
hwf=123
ansible_ssh_port=22
ansible_ssh_user=root
ansible_ssh_pass=123456

[total:children]
master
client

 

ntprpm.sh文件

#!/bin/bash
cd ~
yum -y localinstall *.rpm

 

master_server.yaml文件

## modify date 2021/5/27
## Name of creator Hwf
- name: config yum and ntp server
  hosts: master
  vars:
    - ntp_server: "192.168.1.80"
  tasks:

    # 修改主机名为inventory中的主机名
    - name: 01-set hostname
      shell: hostnamectl set-hostname {{ hostname }}

    # 停止并禁用firewalld
    - name: 02-disable firewalld
      service:
        name: firewalld
        state: stopped
        enabled: false

    # 停止并禁用iptables,若未安装iptables-services,则忽略错误
    - name: 03-disable iptables
      service:
        name: iptables
        state: stopped
        enabled: false
      ignore_errors: true

    # 禁用selinux 
    - name: 04-setenforce 0
      shell: setenforce 0
      ignore_errors: true

    - name: 05-disable selinux
      replace:
        path: /etc/selinux/config
        regexp: SELINUX=enforcing
        replace: SELINUX=disabled

    # 修改sysctl.conf文件
    - name: 06-config sysctl.conf
      blockinfile:
        path: /etc/sysctl.conf
        block: |
          net.bridge.bridge-nf-call-ip6tables = 1
          net.bridge.bridge-nf-call-iptables = 1
          net.bridge.bridge-nf-call-arptables = 1
          net.ipv4.ip_forward = 1
          
          # for network connection track
          net.netfilter.nf_conntrack_max = 2097152
          # net.netfilter.nf_conntrack_buckets = 525488
          net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
          net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
          net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15
          net.netfilter.nf_conntrack_tcp_timeout_established = 7200
          
          # for kernel network parameters
          net.ipv4.tcp_fin_timeout = 30
          net.ipv4.tcp_syncookies = 1
          net.ipv4.tcp_max_syn_backlog = 16384
          net.ipv4.tcp_keepalive_time = 600
          net.ipv4.tcp_keepalive_probes = 3
          net.ipv4.tcp_keepalive_intvl = 30
          net.ipv4.tcp_synack_retries = 3
          net.ipv4.tcp_syn_retries = 3
          net.ipv4.tcp_max_tw_buckets = 36000
          # net.ipv4.tcp_timestamps = 0
          net.ipv4.tcp_tw_reuse = 1
          net.ipv4.tcp_tw_recycle = 1
          net.ipv4.ip_local_port_range = 1024    65000
          # net.ipv4.route.gc_timeout = 100
          net.core.somaxconn = 65535
          net.core.netdev_max_backlog = 16384
          net.ipv4.tcp_max_orphans = 8192

    # 将sysctl.conf配置生效
    - name: 07-apply sysctl.conf
      shell: |
        modprobe bridge
        modprobe ip_conntrack
        modprobe br_netfilter
        echo 262144 > /sys/module/nf_conntrack/parameters/hashsize
        sysctl -p
      tags:
        - "modprobe"

    # 禁用交换分区
    - name: 08-disable swap
      shell: swapoff -a
      tags:
        - "swap"
    - name: 09-comment /etc/fstab swap
      replace:
        path: /etc/fstab
        regexp: "(^/.*swap.*)"
        replace: '# '

    # 安装ntp
    - name: 10-tar ntp ntpdate
      unarchive:
        src: ntp.tgz
        dest: /root
      tags:
        - "ntp"

    - name: 11-install ntp rpm from a local file
      script: ./ntprpm.sh

    # 注释默认server,添加本地ntp
    - name: 12-comment default server
      replace:
        path: /etc/ntp.conf
        regexp: "(server)(.*iburst)"
        replace: '# '

    - name: 13-add local ntp server
      blockinfile:
        path: /etc/ntp.conf
        insertafter: "# (server)(.*3.*)"
        block: |
          server {{ ntp_server }} iburst
          server 127.127.1.0
          fudge 127.127.1.0 stratum 10

    # 重启ntp服务
    - name: 14-restart ntpd
      service:
        name: ntpd
        state: restarted
        enabled: true

 

node_client.yaml文件

## modify date 2021/5/27
## Name of creator Hwf
- name: config yum and ntp server
  hosts: client
  vars:
    - ntp_server: "192.168.1.80"
  tasks:

    # 修改主机名为inventory中的主机名
    - name: 01-set hostname
      shell: hostnamectl set-hostname {{ hostname }}

    # 停止并禁用firewalld
    - name: 02-disable firewalld
      service:
        name: firewalld
        state: stopped
        enabled: false

    # 停止并禁用iptables,若未安装iptables-services,则忽略错误
    - name: 03-disable iptables
      service:
        name: iptables
        state: stopped
        enabled: false
      ignore_errors: true

    # 禁用selinux 
    - name: 04-setenforce 0
      shell: setenforce 0
      ignore_errors: true

    - name: 05-disable selinux
      replace:
        path: /etc/selinux/config
        regexp: SELINUX=enforcing
        replace: SELINUX=disabled

    # 修改sysctl.conf文件,根据虚拟化和物理机修改conntrack_max值
    - name: 06-config sysctl.conf
      blockinfile:
        path: /etc/sysctl.conf
        block: |
          net.bridge.bridge-nf-call-ip6tables = 1
          net.bridge.bridge-nf-call-iptables = 1
          net.bridge.bridge-nf-call-arptables = 1
          net.ipv4.ip_forward = 1
          
          # for network connection track
          #
          #
          net.netfilter.nf_conntrack_max = 1048576
          #net.netfilter.nf_conntrack_max = 2097152
          #
          #
          # net.netfilter.nf_conntrack_buckets = 525488
          net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
          net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
          net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15
          net.netfilter.nf_conntrack_tcp_timeout_established = 7200
          
          # for kernel network parameters
          net.ipv4.tcp_fin_timeout = 30
          net.ipv4.tcp_syncookies = 1
          net.ipv4.tcp_max_syn_backlog = 16384
          net.ipv4.tcp_keepalive_time = 600
          net.ipv4.tcp_keepalive_probes = 3
          net.ipv4.tcp_keepalive_intvl = 30
          net.ipv4.tcp_synack_retries = 3
          net.ipv4.tcp_syn_retries = 3
          net.ipv4.tcp_max_tw_buckets = 36000
          # net.ipv4.tcp_timestamps = 0
          net.ipv4.tcp_tw_reuse = 1
          net.ipv4.tcp_tw_recycle = 1
          net.ipv4.ip_local_port_range = 1024    65000
          # net.ipv4.route.gc_timeout = 100
          net.core.somaxconn = 65535
          net.core.netdev_max_backlog = 16384
          net.ipv4.tcp_max_orphans = 8192

    # 将sysctl.conf配置生效,根据虚拟化和物理机修改hashsize值
    - name: 07-apply sysctl.conf
      shell: |
        modprobe bridge
        modprobe ip_conntrack
        modprobe br_netfilter
        echo 262144 > /sys/module/nf_conntrack/parameters/hashsize
        sysctl -p
      tags:
        - "modprobe"

    # 禁用交换分区
    - name: 08-disable swap
      shell: swapoff -a

    #因存在多次注释/etc/fstab问题,所以需要注释fstab时,指定--tags=never
    - name: 09-comment /etc/fstab swap
      replace:
        path: /etc/fstab
        regexp: "(^/.*swap.*)"
        replace: '# '


    # 安装ntp
    - name: 10-tar ntp ntpdate
      unarchive:
        src: ntp.tgz
        dest: /root
      tags:
        - "ntp"

    - name: 11-install ntp rpm from a local file
      script: ./ntprpm.sh

    - name: 12-ntp.conf add configfile
      shell: |
            cat >/etc/ntp.conf<<EOF
            server {{ ntp_server }}
            EOF


    # 重启ntp服务
    - name: 13-restart ntpd
      service:
        name: ntpd
        state: restarted
        enabled: true

 

 

 

 

 

 

 

 

 

 

继续阅读
weinxin
我的微信
这是我的微信扫一扫
  • 文本由 发表于 2021年5月30日19:39:11
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
Ansiable-ploybook LVM Ansible

Ansiable-ploybook LVM

Ansiable-ploybook LVM Ansible 配置文件修改 位置在:vim /etc/ansible/ansible.cfg host_key_checking = False # 首次...
Ansible-roles Ansible

Ansible-roles

Ansible-roles Roles是基于已知文件结构自动加载某些变量文件,任务和处理程序的方法。按角色对内容进行分组,适合构建复杂的部署环境。 1、定义Roles ansible-galaxy i...
匿名

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: