Ansible-playbook Bote
hostss文件
[master] 192.168.1.80 ansible_connection=local [master:vars] hostname=master01 [client] 192.168.1.81 hostname=node01 192.168.1.82 hostname=node02 [client:vars] hwf=123 ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=123456 [total:children] master client
ntprpm.sh文件
#!/bin/bash cd ~ yum -y localinstall *.rpm
master_server.yaml文件
## modify date 2021/5/27
## Name of creator Hwf
- name: config yum and ntp server
hosts: master
vars:
- ntp_server: "192.168.1.80"
tasks:
# 修改主机名为inventory中的主机名
- name: 01-set hostname
shell: hostnamectl set-hostname {{ hostname }}
# 停止并禁用firewalld
- name: 02-disable firewalld
service:
name: firewalld
state: stopped
enabled: false
# 停止并禁用iptables,若未安装iptables-services,则忽略错误
- name: 03-disable iptables
service:
name: iptables
state: stopped
enabled: false
ignore_errors: true
# 禁用selinux
- name: 04-setenforce 0
shell: setenforce 0
ignore_errors: true
- name: 05-disable selinux
replace:
path: /etc/selinux/config
regexp: SELINUX=enforcing
replace: SELINUX=disabled
# 修改sysctl.conf文件
- name: 06-config sysctl.conf
blockinfile:
path: /etc/sysctl.conf
block: |
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.ipv4.ip_forward = 1
# for network connection track
net.netfilter.nf_conntrack_max = 2097152
# net.netfilter.nf_conntrack_buckets = 525488
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15
net.netfilter.nf_conntrack_tcp_timeout_established = 7200
# for kernel network parameters
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_max_tw_buckets = 36000
# net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
# net.ipv4.route.gc_timeout = 100
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 8192
# 将sysctl.conf配置生效
- name: 07-apply sysctl.conf
shell: |
modprobe bridge
modprobe ip_conntrack
modprobe br_netfilter
echo 262144 > /sys/module/nf_conntrack/parameters/hashsize
sysctl -p
tags:
- "modprobe"
# 禁用交换分区
- name: 08-disable swap
shell: swapoff -a
tags:
- "swap"
- name: 09-comment /etc/fstab swap
replace:
path: /etc/fstab
regexp: "(^/.*swap.*)"
replace: '# '
# 安装ntp
- name: 10-tar ntp ntpdate
unarchive:
src: ntp.tgz
dest: /root
tags:
- "ntp"
- name: 11-install ntp rpm from a local file
script: ./ntprpm.sh
# 注释默认server,添加本地ntp
- name: 12-comment default server
replace:
path: /etc/ntp.conf
regexp: "(server)(.*iburst)"
replace: '# '
- name: 13-add local ntp server
blockinfile:
path: /etc/ntp.conf
insertafter: "# (server)(.*3.*)"
block: |
server {{ ntp_server }} iburst
server 127.127.1.0
fudge 127.127.1.0 stratum 10
# 重启ntp服务
- name: 14-restart ntpd
service:
name: ntpd
state: restarted
enabled: true
node_client.yaml文件
## modify date 2021/5/27
## Name of creator Hwf
- name: config yum and ntp server
hosts: client
vars:
- ntp_server: "192.168.1.80"
tasks:
# 修改主机名为inventory中的主机名
- name: 01-set hostname
shell: hostnamectl set-hostname {{ hostname }}
# 停止并禁用firewalld
- name: 02-disable firewalld
service:
name: firewalld
state: stopped
enabled: false
# 停止并禁用iptables,若未安装iptables-services,则忽略错误
- name: 03-disable iptables
service:
name: iptables
state: stopped
enabled: false
ignore_errors: true
# 禁用selinux
- name: 04-setenforce 0
shell: setenforce 0
ignore_errors: true
- name: 05-disable selinux
replace:
path: /etc/selinux/config
regexp: SELINUX=enforcing
replace: SELINUX=disabled
# 修改sysctl.conf文件,根据虚拟化和物理机修改conntrack_max值
- name: 06-config sysctl.conf
blockinfile:
path: /etc/sysctl.conf
block: |
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
net.ipv4.ip_forward = 1
# for network connection track
#
#
net.netfilter.nf_conntrack_max = 1048576
#net.netfilter.nf_conntrack_max = 2097152
#
#
# net.netfilter.nf_conntrack_buckets = 525488
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15
net.netfilter.nf_conntrack_tcp_timeout_established = 7200
# for kernel network parameters
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_synack_retries = 3
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_max_tw_buckets = 36000
# net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
# net.ipv4.route.gc_timeout = 100
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 8192
# 将sysctl.conf配置生效,根据虚拟化和物理机修改hashsize值
- name: 07-apply sysctl.conf
shell: |
modprobe bridge
modprobe ip_conntrack
modprobe br_netfilter
echo 262144 > /sys/module/nf_conntrack/parameters/hashsize
sysctl -p
tags:
- "modprobe"
# 禁用交换分区
- name: 08-disable swap
shell: swapoff -a
#因存在多次注释/etc/fstab问题,所以需要注释fstab时,指定--tags=never
- name: 09-comment /etc/fstab swap
replace:
path: /etc/fstab
regexp: "(^/.*swap.*)"
replace: '# '
# 安装ntp
- name: 10-tar ntp ntpdate
unarchive:
src: ntp.tgz
dest: /root
tags:
- "ntp"
- name: 11-install ntp rpm from a local file
script: ./ntprpm.sh
- name: 12-ntp.conf add configfile
shell: |
cat >/etc/ntp.conf<<EOF
server {{ ntp_server }}
EOF
# 重启ntp服务
- name: 13-restart ntpd
service:
name: ntpd
state: restarted
enabled: true
继续阅读
我的微信
这是我的微信扫一扫
评论