标签:The 常用 角色 gid 用户 false 检测 lin 分析
| 外网IP | 内网IP | 主机名 |
|---|---|---|
| 10.0.0.5 | 172.16.1.5 | lb01 (负载均衡) |
| 10.0.0.6 | 172.16.1.6 | lb02 |
| 10.0.0.7 | 172.16.1.7 | web01(服务器) |
| 10.0.0.8 | 172.16.1.8 | web02 |
| 10.0.0.9 | 172.16.1.9 | web03 |
| 10.0.0.31 | 172.16.1.31 | nfs (共享存储) |
| 10.0.0.41 | 172.16.1.41 | backup |
| 10.0.0.51 | 172.16.1.51 | db01 (数据库) |
| 10.0.0.52 | 172.16.1.52 | db02 |
| 10.0.0.53 | 172.16.1.53 | db03(代理机) |
| 10.0.0.54 | 172.16.1.54 | db04(代理机) |
| 10.0.0.61 | 172.16.1.61 | m01 (跳板机) |
| 10.0.0.71 | 172.16.1.71 | zabbix |
1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户
#推送过后,使用172.16.1.网段, 跳板机可以直接连接,10.0.0.网段第一次的连接只需要输入yes
#使用该脚本可以向新克隆的虚拟机推送该公钥
vim /root/jb.sh
#!/bin/bash
pass=‘1‘
ip=‘172.16.1.‘
ip2=‘10.0.0.‘
[ -f /root/.ssh/id_rsa ] || ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa
for i in 5 6 7 8 9 31 41 51 52 53 54 61 71 81;
do
sshpass -p $pass ssh-copy-id -i /root/.ssh/id_rsa.pub -o stricthostkeychecking=no root@${ip}${i}
sshpass -p $pass ssh-copy-id -i /root/.ssh/id_rsa.pub -o stricthostkeychecking=no root@${ip2}${i}
done
chmod 600 /root/jb.sh
1.安装absible
[root@m01 ~]# yum install -y ansible
2.优化ansible
[root@m01 ~]# vim /etc/ansible/ansible.cfg #改为
host_key_checking = False
3.创建密钥对
[root@m01 ~]# ssh-keygen
4.推送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.5
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.6
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.9
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.51
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.52
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.53
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.54
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.61
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.71
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.81
#或者使用脚本推送公钥
sh jb.sh
5.编辑主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=172.16.1.7 asible_ssh_user=root ansible_ssh_port=22
web02 ansible_ssh_host=172.16.1.8 asible_ssh_user=root ansible_ssh_port=22
web03 ansible_ssh_host=172.16.1.9 asible_ssh_user=root ansible_ssh_port=22
[db_group]
db01 ansible_ssh_host=172.16.1.51 asible_ssh_user=root ansible_ssh_port=22
db02 ansible_ssh_host=172.16.1.52 asible_ssh_user=root ansible_ssh_port=22
db03 ansible_ssh_host=172.16.1.53 asible_ssh_user=root ansible_ssh_port=22
db04 ansible_ssh_host=172.16.1.54 asible_ssh_user=root ansible_ssh_port=22
[nfs_group]
nfs ansible_ssh_host=172.16.1.31 asible_ssh_user=root ansible_ssh_port=22
[redis_group]
redis ansible_ssh_host=172.16.1.81 asible_ssh_user=root ansible_ssh_port=22
[lb_group]
lb01 ansible_ssh_host=172.16.1.5 asible_ssh_user=root ansible_ssh_port=22
lb02 ansible_ssh_host=172.16.1.6 asible_ssh_user=root ansible_ssh_port=22
[backup_group]
backup ansible_ssh_host=172.16.1.41 asible_ssh_user=root ansible_ssh_port=22
[zabbix_group]
zabbix ansible_ssh_host=172.16.1.71 asible_ssh_user=root ansible_ssh_port=22
[m01_group]
m01 ansible_ssh_host=172.16.1.61 asible_ssh_user=root ansible_ssh_port=22
6.仪式(检测)
[root@m01 ~]# ansible ‘*‘ -m ping
1.下载
[root@m01 ~]# yum install -y ansible
2.优化
[root@m01 ~]# vim /etc/ansible/ansible.cfg #改为
host_key_checking = False
[root@m01 ansible]# ansible-galaxy init base
1.打开防火墙
[root@m01 base]# vim tasks/firewalld.yml
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
2.打开常用端口
[root@m01 base]# vim tasks/port.yml
- name: Open Port
firewalld:
port: "{{ item }}"
state: enabled
permanent: no
loop:
- "{{ port }}"
- name: Open nfs
firewalld:
service: nfs
state: enabled
permanent: no
3.关闭selinux
[root@m01 base]# vim tasks/selinux.yml
- name: stop selinux
selinux:
state: disabled
4.创建"www"用户
[root@m01 base]# vim tasks/user_group.yml
- name: panduan "{{ ww_w }}"
shell: ‘id {{ ww_w }}‘
ignore_errors: yes
register: id_www
- name: Create {{ ww_w }} Group
group:
name: "{{ ww_w }}"
gid: "{{ uid_gid }}"
state: present
when: id_www.rc != 0
- name: Create {{ ww_w }} User
user:
name: "{{ ww_w }}"
uid: "{{ uid_gid }}"
group: "{{ ww_w }}"
shell: /sbin/nologin
create_home: false
when: id_www.rc != 0
5.编辑main.yml
[root@m01 base]# vim tasks/main.yml
- include: firewalld.yml
- include: port.yml
- include: selinux.yml
- include: user_group.yml
6.编辑变量文件
[root@m01 base]# vim vars/main.yml
port:
- "22/tcp"
- "23/tcp"
- "80/tcp"
- "443/tcp"
- "873/tcp"
- "3306/tcp"
- "9000/tcp"
- "6379/tcp"
- "8080/tcp"
ww_w: www
uid_gid: 666
[root@m01 roles]# vim site.yml
- hosts: all
roles:
- { role: base }
[root@m01 roles]# ansible-playbook site.yml
标签:The 常用 角色 gid 用户 false 检测 lin 分析
原文地址:https://www.cnblogs.com/syy1757528181/p/13166101.html
