1. What is Playbook
Playbook can be understood as ansible shell script. It is an orchestration tool. Its function is to use orchestration to schedule ansible scripts that can be reused and process multiple servers concurrently.
2. Playbook use events
1. Server initialization
(1) The task task of the playbook
#This script is used to initialize the Centos7 system, please use it with caution
########Yum Tools########
- name: Update yum repo
copy: src={{ item }} dest=/etc/yum.repos.d/
with_fileglob:
- yum/CentOS-Base.repo
- yum/docker-ce.repo
- name: Basic lib install
yum: name={{ item }} state=latest update_cache=yes
with_items:
- epel-release
- libselinux-python
- glibc
- gcc
- make
- cmake
- zlib
- python-pip
- name: Basic tools install
yum: name={{ item }} state=latest update_cache=yes
with_items:
- zip
- net-tools
- lrzsz
- htop
- axel
- wget
- curl
- telnet
- iotop
- vim
- dmidecode
- sysstat
- ntp
- net-snmp
- rsync
########Selinux Firewalld Disable########
- name: Selinux dsiable
line file:
dest: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled'
- name: Selinux stop
selinux: state=disabled
- name: Firewalld disable
service: name=firewalld state=stopped enabled=no
########Ulimit Init########
- name: Ulimit change
shell: ulimit -SHn 102400
- name: Ulimit change rc.local
line file:
dest: /etc/rc.local
regexp: 'ulimit -SHn 102400'
backrefs: no
line: 'ulimit -SHn 102400'
- name: Change limits.conf soft
line file:
dest: /etc/security/limits.conf
regexp: '\ * soft nofile [0-9] +'
backrefs: no
line: '* soft nofile 102400'
- name: Change limits.conf hard
line file:
dest: /etc/security/limits.conf
regexp: '\* hard nofile [0-9]+'
backrefs: no
line: '* hard nofile 102400'
- name: Change system.conf DefaultLimitCORE
line file:
dest: /etc/systemd/system.conf
regexp: 'DefaultLimitCORE'
backrefs: no
line: 'DefaultLimitCORE=infinity'
- name: Change system.conf DefaultLimitNOFILE
line file:
dest: /etc/systemd/system.conf
regexp: 'DefaultLimitNOFILE'
backrefs: no
line: 'DefaultLimitNOFILE=100000'
- name: Change system.conf
line file:
dest: /etc/systemd/system.conf
regexp: 'DefaultLimitNPROC'
backrefs: no
line: 'DefaultLimitNPROC=100000'
########Change Hostname########
- hostname : name={{ hostname }}
- name: Add hosts
line file:
dest: /etc/hosts
line: '{{ ansible_eth0.ipv4.address }} {{ hostname }}'
########Disk Init########
#- name: New Disk Partition
# script: scripts/disk.sh "{{ disk }}" #Execute the disk.sh parameter {{ disk }} corresponds to the disk of xfs.yml: /dev/vdb #disk name
# become: yes
# become_method: sudo
#- name: New Disk Format(xfs)
# filesystem: fstype=xfs dev="{{ partition }}" opts="-fn ftype=1" #Format disk partition
# become: yes
# become_method: sudo
#- name: New Disk Mount
# mount: name="{{ mountDir }}" src="{{ partition }}" fstype=xfs state=mounted #挂在目录
# become: yes
# become_method: sudo
########Create Directory########
- name: Create Directory
file: path={{ item }} state=directory
with_items:
- / opt / hxapps
- /opt/hxwww
- / opt / hxlog /
- /opt/hxscripts
- / opt / hxupload
- /opt/hxbackup
########Docker install########
- name: Install docker
yum: name=docker-ce state=present
async: 0
poll: 10
- name: config docker Storage type and location
line file:
dest: /usr/lib/systemd/system/docker.service
regexp: '^ExecStart='
line: 'ExecStart=/usr/bin/dockerd --graph=/opt/docker'
- service: name=docker enabled=yes state=started
- name: Install docker-compose
shell: pip install docker-compose
async: 0
poll: 10
########Ssh Init#######
- name: Open ssh PubkeyAuthentication
line file:
dest: /etc/ssh/sshd_config
regexp: '#PubkeyAuthentication yes'
backrefs: yes
line: 'PubkeyAuthentication yes'
- name: Open ssh AuthorizedKeysFile
line file:
dest: /etc/ssh/sshd_config
regexp: '#AuthorizedKeysFile'
backrefs: yes
line: 'AuthorizedKeysFile'
- name: Close ssh PasswordAuthentication
line file:
dest: /etc/ssh/sshd_config
regexp: '^PasswordAuthentication yes'
backrefs: yes
line: 'PasswordAuthentication no'
- name: Change ssh port
line file:
dest: /etc/ssh/sshd_config
regexp: '#Port 22'
backrefs: yes
line: 'Port 8022'
- name: Echo /etc/ssh/sshd_config
shell: egrep "Port|AuthorizedKeysFile|PubkeyAuthentication|PasswordAuthentication" /etc/ssh/sshd_config
- name: Create .ssh
file: path=/root/.ssh owner=root group=root mode=700 state=directory
- name: Add keys
copy: src=public_key/authorized_keys dest=/root/.ssh/authorized_keys owner=root group=root mode=600
- name: Restart sshd
service: name=sshd state=restarted enabled=yes
(2) The referenced disk.sh
#!/bin/bash DISK=$1 CHECK_EXIST=`/sbin/fdisk -l 2> /dev/null | grep -o "$DISK"` [ ! "$CHECK_EXIST" ] && { echo "Error: Disk is not found !"; exit 1;} echo "1" > /tmp/disk.log CHECK_DISK_EXIST=`/sbin/fdisk -l 2> /dev/null | grep -o "$DISK[1-9]"` [ ! "$CHECK_DISK_EXIST" ] || { echo "WARNING: ${CHECK_DISK_EXIST} is Partition already !"; exit 1;} echo "2" > /tmp/disk.log /sbin/fdisk /dev/sdb<<EOF d n p 1 t 83 w EOF
(3) Executed sysinit.yml
- hosts: sysinit
whose:
disk: /dev/vdb
partition: /dev/vdb1
mountDir: /opt
roles:
- sysinit
(4) inventory file
########Init hosts list######## #[groups:children] #group # [ groups : vars] #ansible_ssh_port=8022 #ansible_user=root [sysinit: vars] ansible_user = root #remote user ansible_port = 22 #remote port ansible_ssh_pass =dingkai. 123 #remote password [sysinit] #server IP hostname = server hostname