文件树-TOP
[root@cnsz-ansible-110 ansible]# tree
.
├── ansible.cfg
├── expect_shell
│ ├── ips.txt
│ ├── remote_trust_set.sh
│
├── inventory
│ └── hosts
├── log
│ └── log
├── playbooks
├── group_vars
│ └── all
├── roles
│ ├── add_cloudmonitor
│ │ ├── files
│ │ │ └── add_cloudmonitor.sh
│ │ └── tasks
│ │ ├── add_cloudmonitor.yml
│ │ └── main.yml
│ ├── create_lvm_for_common
│ │ └── tasks
│ │ ├── create_lvm_for_common.yml
│ │ └── main.yml
│ ├── create_lvm_for_mysql
│ │ ├── files
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── meta
│ │ ├── tasks
│ │ │ ├── create_lvm_for_mysql.yml
│ │ │ ├── create_trnuser.yml
│ │ │ ├── main.yml
│ │ │ └── set_security.yml
│ │ ├── templates
│ │ └── vars
│ │ └── main.yml
│ ├── install_mysql_and_set_env
│ │ └── tasks
│ │ ├── install_mysql_and_set_env.yml
│ │ └── main.yml
│ └── vm_init
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ ├── create_trnuser.yml
│ │ ├── main.yml
│ │ ├── q
│ │ └── set_security.yml
│ ├── templates
│ └── vars
│ └── main.yml
|
└── vm_init.yaml
# pwd
/ansible/expect_shell
[root@cnsz-ansible-110 expect_shell]# cat remote_trust_set.sh
#!/bin/bash
port=22
username="root"
passwd="xx"
while read ip
do
/usr/bin/expect <<EOF
set timeout 10
spawn ssh-copy-id -f $username@$ip -p $port
expect {
"yes/no" { send "yes\r"; exp_continue }
"password:" { send "$passwd\r"; }
}
expect eof
EOF
done < ips.txt
----
[root@cnsz-ansible-110 expect_shell]# cat ips.txt
10.130.3.x
10.130.3.x
10.130.3.x
#pwd
/ansible
---
[root@cnsz-ansible-110 ansible]# cat ansible.cfg
[defaults]
inventory = /ansible/inventory/hosts
timeout = 60
roles_path = /ansible/playbooks/roles
remote_user = root
remote_port = 22
log_path = /ansible/log/log
display_args_to_stdout = True
[privilege_escalation]
become=yes
become_user=root
become_method=sudo
#become_ask_pass =
# pwd
/ansible/inventory
----
[root@cnsz-ansible-110 ansible]# cat inventory/hosts
[New]
[common]
10.248.33.x
[mysql]
[root@cnsz-ansible-110 ansible]# ls log/
log
[root@cnsz-ansible-110 playbooks]# cat vm_init.yaml
---
- hosts: common
remote_user: root
roles:
- role: vm_init
- role: create_lvm_for_common
- role: add_cloudmonitor
- hosts: mysql
remote_user: root
roles:
- role: vm_init
- role: create_lvm_for_mysql
- role: install_mysql_and_set_env
- role: add_cloudmonitor
# roles
# vm_init 创建trnuser,并设置sudo权限, 设置安全基线
# create_lvm_for_common 创建逻辑卷,并挂载到/data
# create_lvm_for_mysql 创建逻辑卷,挂载/tran/mysql, /tran/app, /tran/my3306
# install_mysql_and_set_env 安装mysql5.7, 并设置环境变量,开机启动等.
# add_cloudmonitor 添加阿里云监控
# add_trnuser_to_trust 建立trnuser互信
[root@cnsz-ansible-110 playbooks]# ls group_vars/
all
[root@cnsz-ansible-110 playbooks]# cat group_vars/all
---
# passwd for trnuser
passwd: xxx
# The pv name for mysql
pv_mysql: /dev/sdb
# pv name for common
pv_common: /dev/sdb
[root@cnsz-ansible-110 roles]# tree vm_init/
vm_init/
├── files
├── handlers
│ └── main.yml
├── meta
├── tasks
│ ├── create_trnuser.yml
│ ├── main.yml
│ ├── q
│ └── set_security.yml
├── templates
└── vars
└── main.yml
----
[root@cnsz-ansible-110 vm_init]# cat tasks/main.yml
---
- include: create_trnuser.yml
#- include: create_lvm.yml
- include: set_security.yml
----
[root@cnsz-ansible-110 vm_init]# cat tasks/create_trnuser.yml
---
- name: create group trnuser
group:
name: trnuser
state: present
- name: create user trnuser
user:
name: trnuser
group: trnuser
- name: create passwd for trnuser
shell:
cmd: echo {{ passwd }} | passwd --stdin trnuser
- name: Add trnuser to sudo
lineinfile:
path: /etc/sudoers.d/trnuser
line: "trnuser ALL=(ALL) ALL"
create: yes
---
[root@cnsz-ansible-110 vm_init]# cat tasks/set_security.yml
---
- name: add the user login inactive times
lineinfile:
path: /etc/pam.d/system-auth
insertafter: ‘^session‘
line: ‘auth required pam_tally2.so deny=5 unlock_time=300 even_deny_root root_unlock_time=300‘
- name: set logs permissions to 644
file:
path: ‘{{ item }}‘
mode: ‘640‘
with_items:
- /var/log/messages
- /var/log/secure
- /var/log/audit/audit.log
- name: set timeout 600s
lineinfile:
path: /etc/profile
insertafter: ‘^#‘
line: ‘export TMOUT=600‘
- name: source /etc/profile
shell:
cmd: ‘source /etc/profile‘
#- name: set PermitRootLogin no
# lineinfile:
# path: /etc/ssh/sshd_config
# insertafter: ‘PermitRootLogin yes‘
# line: ‘PermitRootLogin no‘
# state: present
# notify: restart sshd
#- name: restart sshd server
# service:
# name: sshd
# state: restarted
----
[root@cnsz-ansible-110 vm_init]# cat handlers/main.yml
---
- name: restart sshd
service:
name: sshd
state: restarted
[root@cnsz-ansible-110 roles]# tree create_lvm_for_common/
create_lvm_for_common/
└── tasks
├── create_lvm_for_common.yml
└── main.yml
----
[root@cnsz-ansible-110 roles]# cat create_lvm_for_common/tasks/main.yml
---
- include: create_lvm_for_common.yml
---
[root@cnsz-ansible-110 roles]# cat create_lvm_for_common/tasks/create_lvm_for_common.yml
---
- name: Install lvm2
yum:
name: lvm2
state: latest
- name: create vg vg_data
lvg:
pvs: "{{ pv_common }}"
vg: vg_data
- name: create lv lv_data
lvol:
vg: vg_data
lv: lv_data
size: 100%VG
resizefs: true
force: yes
state: present
- name: Create a xfs filesystem
filesystem:
fstype: xfs
dev: /dev/vg_data/lv_data
- name: mount the lvm
mount:
path: /data
src: /dev/vg_data/lv_data
fstype: xfs
opts: defaults
state: mounted
[root@cnsz-ansible-110 roles]# tree install_mysql_and_set_env/
install_mysql_and_set_env/
└── tasks
├── install_mysql_and_set_env.yml
└── main.yml
###
[root@cnsz-ansible-110 roles]# cat install_mysql_and_set_env/tasks/main.yml
---
- include: install_mysql_and_set_env.yml
###
[root@cnsz-ansible-110 roles]# cat install_mysql_and_set_env/tasks/install_mysql_and_set_env.yml
---
- name: create group mysql
group:
name: mysql
gid: 500
state: present
- name: create user mysql
user:
name: mysql
group: mysql
home: /home/mysql
uid: 500
- name: chmod /tran/*
file:
path: /tran
state: directory
recurse: yes
owner: mysql
group: mysql
- name: fix the /etc/security/limits.conf
lineinfile:
path: /etc/security/limits.conf
line: ‘{{ item }}‘
create: yes
with_items:
- mysql soft nproc 65535
- mysql hard nproc 65535
- mysql soft nofile 65535
- mysql hard nofile 65535
- name: create directory /tran/my3306/data log tmp
file:
path: ‘{{ item }}‘
state: directory
owner: mysql
group: mysql
with_items:
- /tran/my3306/data
- /tran/my3306/log
- /tran/my3306/tmp
#- /tran/mysql/mysql-5.7.30
- name: set the .bash_profile
lineinfile:
path: /home/mysql/.bash_profile
insertafter: ‘^export‘
line: ‘{{ item }}‘
with_items:
- alias m=‘mysql --login-path=root‘
- alias md=‘cd /tran/my3306/data/‘
- alias ml=‘cd /tran/my3306/log/‘
- export PS1=‘[\u@\h`pwd`]$‘
- name: regrep PATH
lineinfile:
path: /home/mysql/.bash_profile
regexp: PATH=$PATH:$HOME/.local/bin:$HOME/bin
line: PATH=$PATH:$HOME/.local/bin:$HOME/bin:/tran/mysql/mysql-5.7.30/bin/
- name: download my.cnf
get_url:
url: http://10.250.100.150/prod/Soft/my.cnf
dest: /tran/my3306/my.cnf
- name: unchive tar mysql-5.7
unarchive:
src: http://10.250.100.150/prod/Soft/mysql-5.7.30-el7-x86_64.tar.gz
dest: /tran/mysql/
remote_src: yes
creates: /tran/mysql/mysql-5.7.30-el7-x86_64
owner: mysql
group: mysql
- name: rename the file mysql-5.7.30-el7-x86_64
command: mv /tran/mysql/mysql-5.7.30-el7-x86_64 /tran/mysql/mysql-5.7.30
ignore_errors: True
- name: set mysql enabled
lineinfile:
path: /etc/rc.d/rc.local
line: ‘su - mysql -c "mysqld_safe --defaults-file=/tran/my3306/my.cnf &"‘
create: yes
- name: /etc/rc.d/rc.local mode a+x
file:
path: /etc/rc.d/rc.local
mode: a+x
### 任务:创建数据库用逻辑卷
[root@cnsz-ansible-110 roles]# tree create_lvm_for_mysql/
create_lvm_for_mysql/
├── files
├── handlers
│ └── main.yml
├── meta
├── tasks
│ ├── create_lvm_for_mysql.yml
│ ├── main.yml
├── templates
└── vars
└── main.yml
###
[root@cnsz-ansible-110 roles]# cat create_lvm_for_mysql/tasks/main.yml
---
#- include: create_trnuser.yml
- include: create_lvm_for_mysql.yml
[root@cnsz-ansible-110 roles]# cat create_lvm_for_mysql/tasks/create_lvm_for_mysql.yml
---
- name: Install lvm2
yum:
name: lvm2
state: latest
- name: create vg vg_data
lvg:
pvs: "{{ pv_mysql }}"
vg: vg_data
- name: create lv tran_mysql
lvol:
vg: vg_data
lv: tran_mysql
size: 10G
resizefs: true
force: yes
state: present
- name: create lv tran_app
lvol:
vg: vg_data
lv: tran_app
size: 20G
resizefs: true
force: yes
state: present
- name: create lv tran_my3306
lvol:
vg: vg_data
lv: tran_my3306
size: 100%FREE
shrink: no
resizefs: true
force: yes
state: present
- name: Create a xfs filesystem
filesystem:
fstype: xfs
dev: "{{ item }}"
with_items:
- /dev/vg_data/tran_mysql
- /dev/vg_data/tran_app
- /dev/vg_data/tran_my3306
- name: mount the lvm
mount:
path: /tran/mysql
src: /dev/vg_data/tran_mysql
fstype: xfs
opts: defaults
state: mounted
- name: mount the lvm
mount:
path: /tran/app
src: /dev/vg_data/tran_app
fstype: xfs
opts: defaults
state: mounted
- name: mount the lvm tran_my3306
mount:
path: /tran/my3306
src: /dev/vg_data/tran_my3306
fstype: xfs
opts: defaults
state: mounted
原文:https://www.cnblogs.com/bigdad/p/14695033.html