Ansible控制机分发ssh密钥
这个需求也可以使用脚本和sshpass解决,但不如ansible方便
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
| - hosts: k8s
gather_facts: no
tasks:
- lineinfile:
path: /etc/ssh/ssh_config
regexp: '(.*)StrictHostKeyChecking(.*)'
line: "StrictHostKeyChecking no"
- name: delete /root/.ssh/
file:
path: /root/.ssh/
state: absent
- name: create .ssh directory
file:
dest: /root/.ssh
mode: 0600
state: directory
- name: generating local public/private rsa key pair
local_action: shell ssh-keygen -t rsa -b 2048 -N '' -f /root/.ssh/id_rsa
- name: view id_rsa.pub
local_action: shell cat /root/.ssh/id_rsa.pub
register: sshinfo
- set_fact:
sshpub: "{{sshinfo.stdout}}"
local_action: shell echo {{sshpub}} > /templates/authorized_keys.j2
- name: copy authorized_keys.j2 to all
template:
src: "/templates/authorized_keys.j2"
dest: /root/.ssh/authorized_keys
mode: 0600
tags:
- install ssh
ansible-playbook xxx.yaml -k
|
修改主机名
1
2
3
4
5
6
7
8
9
10
11
12
| 在inventory中定义变量:
例
[k8s]
192.168.10.121 hostname=ws-k8s-master1
192.168.10.122 hostname=ws-k8s-master2
192.168.10.123 hostname=ws-k8s-master3
- hosts: k8s
remote_user: root
tasks:
- name: change name
shell: "hostnamectl set-hostname {hostname} && bash"
|
自动优化系统配置实例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| - hosts: hadoop3
remote_user: root
gather_facts: false
tasks:
- name: 禁用SELinux
lineinfile:
dest=/etc/selinux/config
regexp='SELINUX=(.*)'
line='SELINUX=disabled'
- name: 文件最大打开数
lineinfile:
dest=/etc/security/limits.conf
line="{{item.value}}"
with_items:
- {value: "* soft nofile 655360"}
- {value: "* hard nofile 655360"}
- name: 禁用iptables和firewalld
shell: systemctl stop firewalld && systemctl disable firewalld && iptables -F
- name: 设置cron任务来同步时间,看情况,有些能装chronyd,改chrony.conf即可
cron:
name=ntpdate
minute=*/5
user=root
job="source /etc/profile; /usr/sbin/ntpdate -u 172.16.21.1; /sbin/hwclock -w"
|
修改hosts文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
| 方法一:
- hosts: k8s
remote_user: root
tasks:
- name: add localhost
local_action: shell echo "127.0.0.1 localhost" > templates/hosts.j2
run_once: true
- set_fact: ipaddress={{inventory_hostname}}
- set_fact: hostname={{hostname}}
- name: add host record
local_action: shell echo {{ipaddress}} {{hostname}} >> templates/hosts.j2
- name: copy hosts.j2 to all host
template: src={{AnsibleDir}}/roles/templates/hosts.j2 dest=/etc/hosts
方法二:
- hosts: k8s
remote_user: root
tasks:
- name: Configure /etc/hosts
template:
src: templates/hosts.j2
dest: /etc/hosts
owner: root
group: root
mode: '0644'
backup: yes
定义一个j2文件hosts.j2,直接从facts里采集变量
127.0.0.1 localhost
{{ ansible_host }} {{ ansible_hostname }}
|
安装JDK环境
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| - hosts: xxx
become: true
tasks:
- name: mkdir jdk directory
file:
path: /usr/java
state: directory
mode: 0755
- name: copy and unzip jdk
unarchive:
src: files/jdk1.8.tar.gz
dest: /usr/java
- name: Remove existing JAVA_HOME line from profile
lineinfile:
path: /etc/profile
regexp: '^export JAVA_HOME='
state: absent
- name: set jdk env
lineinfile: dest=/etc/profile line="{{item.value}}" state=present
with_items:
- {value: "export JAVA_HOME=/usr/java/jdk1.8.0_162"}
- {value: "export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar"}
- {value: "export PATH=$JAVA_HOME/bin:$PATH"}
- name: source profile
shell: source /etc/profile
- name: Check if JDK is installed
command: java -version
register: java_version_output
ignore_errors: true
|
