ansible实现服务器批量初始化

ookkl

通过ansible的playbook实现服务器批量初始化工作，会节省大量时间，提高工作效率

ansible模块目录结构

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

$ tree roles/ roles/ └── base     ├── defaults     ├── files     │   ├── puppet.conf     │   ├── yum65.repo     │   ├── yum67.repo     │   └── yum.repo     ├── handlers     │   └── main.yml     ├── meta     ├── tasks     │   ├── chkconfig.yml     │   ├── hostname.yml     │   ├── main.yml     │   ├── ntpd.yml     │   ├── puppet.yml     │   ├── repo.yml     │   └── route.yml     ├── templates     │   ├── hosts.j2     │   └── static-routes.j2     └── vars         └── main.yml 8 directories, 16 files

入口文件的site.yml

1 2 3 4 5 6 7 8

$ more site.yml --- - hosts: all   remote_user: test   become: yes   become_method: sudo   roles:         - base

模版文件template

1 2 3 4 5 6 7 8 9 10 11

修改主机名 $ more base/templates/hosts.j2 127.0.0.1   {{ ansible_fqdn }}   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         {{ ansible_fqdn }}   localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.1 puppet.server 添加静态路由，需要重启网络 $ more base/templates/static-routes.j2 any net 10.0.0.0/8 gw {{ gateway }} any net 172.0.0.0/8 gw {{ gateway }} any net 192.168.1.0/24 gw {{ gateway }}

可以在base/vars/main.yml中定义变量，由于环境特殊，我在命令行中使用变量。

1 2 3

yml中定义使用变量的格式如下 name:value

task中的入口文件

1 2 3 4 5 6 7 8

$ more base/tasks/main.yml --- - include: ntpd.yml - include: repo.yml - include: route.yml - include: hostname.yml - include: chkconfig.yml - include: puppet.yml

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78

时间同步 $ more base/tasks/ntpd.yml --- - name: sync datatime   command: /usr/sbin/ntpdate 202.120.2.101 - name: sync hwclock   command: /sbin/hwclock -w 更具不同系统版本配置yum源 $ more base/tasks/repo.yml --- - name: configure RedHat5 yum repo   copy: force=yes src=yum.repo  dest=/etc/yum.repos.d/rhel-debuginfo.repo owner=root group=root mode=0644   when: ansible_distribution_major_version == '5' - name: configure RedHat6.5 yum repo   copy: force=yes src=yum65.repo  dest=/etc/yum.repos.d/rhel-debuginfo.repo owner=root group=root mode=0644   when: ansible_distribution_version == '6.5' - name: configure RedHat6.7 yum repo   copy: force=yes src=yum67.repo  dest=/etc/yum.repos.d/rhel-debuginfo.repo owner=root group=root mode=0644   when: ansible_distribution_version == '6.7' 配置路由 $ more base/tasks/route.yml - name: config static route   template:  force=yes src=static-routes.j2 dest=/etc/sysconfig/static-routes owner=root group=root mode=0644   notify: restart network 批量配置服务器的hostname(动态inventory脚本实现) $ more base/tasks/hostname.yml --- - name: install facter   yum: name=facter state=latest - name: install rubygem-json   yum: name=rubygem-json state=latest - hostname: name={{ hostname }} - name : gather facts again   setup : - name: config hosts   template:  force=yes src=hosts.j2 dest=/etc/hosts owner=root group=root mode=0644 关闭iptables，sendmail和selinux $ more base/tasks/chkconfig.yml - name: chkconfig off  iptables   shell: /sbin/chkconfig iptables off - name: stop iptables   service: name=iptables state=stopped - name: chkconfig off  sendmail   shell: /sbin/chkconfig sendmail off - name: stop sendmail   service:  name=sendmail state=stopped - name: stop selinux   command:  /sbin/setenforce  0 初始化节点的puppet $ more base/tasks/puppet.yml --- - name: install puppet   yum: name=puppet state=latest   register: result   ignore_errors: True - name: puppet config file   copy: force=yes src=puppet.conf  dest=/etc/puppet/puppet.conf owner=root group=root mode=0644   when: result.rc==0 - name: run puppet   shell: /usr/bin/puppet agent -t

执行结果如下：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76

$ ansible-playbook -i inventory.py site.yml --extra-vars "gateway='10.44.245.65'"       PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [10.44.245.85] TASK [base : sync datatime] **************************************************** changed: [10.44.245.85] TASK [base : sync hwclock] ***************************************************** changed: [10.44.245.85] TASK [base : configure RedHat5 yum repo] *************************************** ok: [10.44.245.85] TASK [base : configure RedHat6.5 yum repo] ************************************* skipping: [10.44.245.85] TASK [base : configure RedHat6.7 yum repo] ************************************* skipping: [10.44.245.85] TASK [base : config static route] ********************************************** ok: [10.44.245.85] TASK [base : install facter] *************************************************** ok: [10.44.245.85] TASK [base : install rubygem-json] ********************************************* ok: [10.44.245.85] TASK [base : hostname] ********************************************************* ok: [10.44.245.85] TASK [base : gather facts again] *********************************************** ok: [10.44.245.85] TASK [base : config hosts] ***************************************************** ok: [10.44.245.85] TASK [base : chkconfig off  iptables] ****************************************** changed: [10.44.245.85] TASK [base : stop iptables] **************************************************** ok: [10.44.245.85] TASK [base : chkconfig off  sendmail] ****************************************** changed: [10.44.245.85] TASK [base : stop sendmail] **************************************************** ok: [10.44.245.85] TASK [base : install puppet] *************************************************** ok: [10.44.245.85] TASK [base : puppet config file] *********************************************** ok: [10.44.245.85] PLAY RECAP ********************************************************************* 10.44.245.85               : ok=16   changed=4    unreachable=0    failed=0    gather facts again ----------------------------------------------------- 19.88s install puppet ---------------------------------------------------------- 6.99s install rubygem-json ---------------------------------------------------- 5.50s install facter ---------------------------------------------------------- 5.48s stop sendmail ----------------------------------------------------------- 3.51s ------------------------------------------------------------------------ 3.27s configure RedHat5 yum repo ---------------------------------------------- 2.44s sync datatime ----------------------------------------------------------- 2.37s puppet config file ------------------------------------------------------ 2.16s sync hwclock ------------------------------------------------------------ 2.02s Playbook finished: Fri Feb 17 18:11:30 2017, 17 total tasks.  0:01:02 elapsed. 如有不足欢迎大家多多提供宝贵建议