Ansible随记:修订间差异
来自三线的随记
小无编辑摘要 |
小无编辑摘要 |
||
| 第16行: | 第16行: | ||
===Module=== | ===Module=== | ||
==== authorized_key ==== | |||
user=root : 将密钥推送到远程主机的哪个用户下 | |||
key=’<nowiki>{{ lookup('file', '/root/.ssh/authorized_keys')}}</nowiki>’ : 指定要推送的密钥文件所在的路径 | |||
path=’/root/.ssh/authorized_keys’ [Default: (homedir)+/.ssh/authorized_keys] : 将密钥推送到远程主机的哪个目录下并重命名 | |||
manage_dir=no : 指定模块是否应该管理 authorized key 文件所在的目录。如果设置为 yes,模块会创建目录,以及设置一个已存在目录的拥有者和权限。如果通过 path 选项,重新指定了一个 authorized key 文件所在目录,那么应该将该选项设置为 no | |||
exclusive [default: no] : 是否移除 authorized_keys 文件中其它非指定 key | |||
state (Choices: present, absent) [Default: present] : present 添加指定 key 到 authorized_keys 文件中;absent 从 authorized_keys 文件中移除指定 key | |||
ansible all -m authorized_key -a "user=root key='<nowiki>{{ lookup('file', '/root/.ssh/authorized_keys')}}</nowiki>' path='/root/.ssh/authorized_keys' manage_dir=no" -k | |||
<br /> | |||
====selinux==== | ====selinux==== | ||
ansible k8s -m selinux -m selinux -a state=disabled | ansible k8s -m selinux -m selinux -a state=disabled | ||
https://my.oschina.net/ozakilsc/blog/693023 | https://my.oschina.net/ozakilsc/blog/693023 | ||
<br /> | <br /> | ||
====shell==== | ====shell==== | ||
ansible k8s -m shell -a getenforce | ansible k8s -m shell -a getenforce | ||
ansible k8s -m shell -a hostname | ansible k8s -m shell -a hostname | ||
ansible k8s -m shell -a "iptables -F && iptables -X && iptables -F -t nat && iptables -t nat -X && iptables -t raw -F && iptables -t raw -X && iptables -t mangle -F && iptables -t mangle -X" | ansible k8s -m shell -a "iptables -F && iptables -X && iptables -F -t nat && iptables -t nat -X && iptables -t raw -F && iptables -t raw -X && iptables -t mangle -F && iptables -t mangle -X" | ||
ansible k8s -m shell -a "modprobe bridge && modprobe br_netfilter && sysctl -p /etc/sysctl.d/kubernetes.conf" | ansible k8s -m shell -a "modprobe bridge && modprobe br_netfilter && sysctl -p /etc/sysctl.d/kubernetes.conf" | ||
ansible k8s -m shell -a "timedatectl set-timezone Asia/Shanghai && timedatectl status" | ansible k8s -m shell -a "timedatectl set-timezone Asia/Shanghai && timedatectl status" | ||
ansible all -m shell -a "rpm -Uvh <nowiki>http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm</nowiki>" | ansible all -m shell -a "rpm -Uvh <nowiki>http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm</nowiki>" | ||
ansible all -m shell -a "yum --enablerepo=elrepo-kernel install -y kernel-lt" | ansible all -m shell -a "yum --enablerepo=elrepo-kernel install -y kernel-lt" | ||
ansible all -m shell -a "grub2-set-default 0" | ansible all -m shell -a "grub2-set-default 0" | ||
====ping==== | ====ping==== | ||
(用于判断远程客户端是否在线) | (用于判断远程客户端是否在线) | ||
ansible k8s -m ping | |||
ansible k8s -m ping | |||
| 第52行: | 第64行: | ||
====yum==== | ====yum==== | ||
(default state:installed) | (default state:installed) | ||
ansible k8s -m yum -a 'name=vim state=installed' | |||
ansible k8s -m yum -a 'name=vim' | |||
ansible k8s -m yum -a 'name=vim' | |||
ansible k8s -m yum -a 'name=vim, httpd' | ansible k8s -m yum -a 'name=vim, httpd' | ||
ansible k8s -km yum -a "name=yum-utils,chrony,conntrack,ipvsadm,ipset,jq,iptables,curl,sysstat,libseccomp,wget,socat,git" | ansible k8s -km yum -a "name=yum-utils,chrony,conntrack,ipvsadm,ipset,jq,iptables,curl,sysstat,libseccomp,wget,socat,git" | ||
ansible k8s -m yum -a 'name=vsftpd state=removed' | ansible k8s -m yum -a 'name=vsftpd state=removed' | ||
ansible k8s -m yum -a "name=bridge-utils | ansible k8s -m yum -a "name=bridge-utils" | ||
ansible all -m yum -a "name=epel-release,chrony,conntrack,ipvsadm,ipset,jq,iptables,curl,sysstat,libseccomp,wget,socat,git,bind-utils state=installed" | |||
<br /> | <br /> | ||
====service==== | ====service==== | ||
ansible k8s -m service -a " name='nginx' enabled=yes" | ansible k8s -m service -a " name='nginx' enabled=yes" | ||
ansible k8s -m service -a "name=httpd state=started" | ansible k8s -m service -a "name=httpd state=started" | ||
ansible k8s -m service -a "name=firewalld state=stopped enabled=no" | ansible k8s -m service -a "name=firewalld state=stopped enabled=no" | ||
ansible k8s -km service -a "name=postfix state=stopped enabled=no" | ansible k8s -km service -a "name=postfix state=stopped enabled=no" | ||
ansible k8s -m service -a "name=chronyd enabled=yes state=started" | ansible k8s -m service -a "name=chronyd enabled=yes state=started" | ||
====copy==== | ====copy==== | ||
ansible k8s -m copy -a "src=./kubernetes.conf dest=/etc/sysctl.d/" | ansible k8s -m copy -a "src=./kubernetes.conf dest=/etc/sysctl.d/" | ||
====file==== | ====file==== | ||
ansible k8s -m file -a "path=/opt/k8s/bin state=directory" | ansible k8s -m file -a "path=/opt/k8s/bin state=directory" | ||
ansible k8s -m file -a "path=/opt/k8s/work state=directory" | ansible k8s -m file -a "path=/opt/k8s/work state=directory" | ||
ansible k8s -m file -a "path=/opt/k8s/work state=absent" | ansible k8s -m file -a "path=/opt/k8s/work state=absent" | ||
====others==== | ====others==== | ||
ansible k8s -m shell -a "rpm --import file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7" | ansible k8s -m shell -a "rpm --import file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7" | ||
===Playbook=== | ===Playbook=== | ||
| 第116行: | 第128行: | ||
<nowiki> </nowiki> - {src: './kube-scheduler', dest: '/opt/k8s/bin/'} | <nowiki> </nowiki> - {src: './kube-scheduler', dest: '/opt/k8s/bin/'} | ||
<nowiki> </nowiki> - {src: './mounter', dest: '/opt/k8s/bin/'} | <nowiki> </nowiki> - {src: './mounter', dest: '/opt/k8s/bin/'} | ||
[[分类:Linux]] | |||
<br /> | |||
2020年12月22日 (二) 17:48的版本
For linux and kubernetes
Hosts config
[k8s] k8s-node-1 ansible_ssh_host=172.16.139.102 k8s-node-2 ansible_ssh_host=172.16.139.103 k8s-node-3 ansible_ssh_host=172.16.139.104 [test] 192.168.1.250 ansible_ssh_port=1234 192.168.1.251 ansible_ssh_user=xxx ansible_ssh_pass=yyy
Module
authorized_key
user=root : 将密钥推送到远程主机的哪个用户下
key=’{{ lookup('file', '/root/.ssh/authorized_keys')}}’ : 指定要推送的密钥文件所在的路径
path=’/root/.ssh/authorized_keys’ [Default: (homedir)+/.ssh/authorized_keys] : 将密钥推送到远程主机的哪个目录下并重命名
manage_dir=no : 指定模块是否应该管理 authorized key 文件所在的目录。如果设置为 yes,模块会创建目录,以及设置一个已存在目录的拥有者和权限。如果通过 path 选项,重新指定了一个 authorized key 文件所在目录,那么应该将该选项设置为 no
exclusive [default: no] : 是否移除 authorized_keys 文件中其它非指定 key
state (Choices: present, absent) [Default: present] : present 添加指定 key 到 authorized_keys 文件中;absent 从 authorized_keys 文件中移除指定 key
ansible all -m authorized_key -a "user=root key='{{ lookup('file', '/root/.ssh/authorized_keys')}}' path='/root/.ssh/authorized_keys' manage_dir=no" -k
selinux
ansible k8s -m selinux -m selinux -a state=disabled
https://my.oschina.net/ozakilsc/blog/693023
shell
ansible k8s -m shell -a getenforce
ansible k8s -m shell -a hostname
ansible k8s -m shell -a "iptables -F && iptables -X && iptables -F -t nat && iptables -t nat -X && iptables -t raw -F && iptables -t raw -X && iptables -t mangle -F && iptables -t mangle -X"
ansible k8s -m shell -a "modprobe bridge && modprobe br_netfilter && sysctl -p /etc/sysctl.d/kubernetes.conf"
ansible k8s -m shell -a "timedatectl set-timezone Asia/Shanghai && timedatectl status"
ansible all -m shell -a "rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm"
ansible all -m shell -a "yum --enablerepo=elrepo-kernel install -y kernel-lt"
ansible all -m shell -a "grub2-set-default 0"
ping
(用于判断远程客户端是否在线)
ansible k8s -m ping
command
(ansible default module)
yum
(default state:installed)
ansible k8s -m yum -a 'name=vim state=installed'
ansible k8s -m yum -a 'name=vim'
ansible k8s -m yum -a 'name=vim, httpd'
ansible k8s -km yum -a "name=yum-utils,chrony,conntrack,ipvsadm,ipset,jq,iptables,curl,sysstat,libseccomp,wget,socat,git"
ansible k8s -m yum -a 'name=vsftpd state=removed'
ansible k8s -m yum -a "name=bridge-utils"
ansible all -m yum -a "name=epel-release,chrony,conntrack,ipvsadm,ipset,jq,iptables,curl,sysstat,libseccomp,wget,socat,git,bind-utils state=installed"
service
ansible k8s -m service -a " name='nginx' enabled=yes"
ansible k8s -m service -a "name=httpd state=started"
ansible k8s -m service -a "name=firewalld state=stopped enabled=no"
ansible k8s -km service -a "name=postfix state=stopped enabled=no"
ansible k8s -m service -a "name=chronyd enabled=yes state=started"
copy
ansible k8s -m copy -a "src=./kubernetes.conf dest=/etc/sysctl.d/"
file
ansible k8s -m file -a "path=/opt/k8s/bin state=directory"
ansible k8s -m file -a "path=/opt/k8s/work state=directory"
ansible k8s -m file -a "path=/opt/k8s/work state=absent"
others
ansible k8s -m shell -a "rpm --import file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7"
Playbook
copy
---
- hosts: all
tasks:
- name: copy kubernetes server executeable file to master node
copy:
src: '{{ item.src }}'
dest: '{{item.dest}}'
mode: '0744'
with_items:
- {src: './apiextensions-apiserver', dest: '/opt/k8s/bin/'}
- {src: './kubeadm', dest: '/opt/k8s/bin/'}
- {src: './kube-apiserver', dest: '/opt/k8s/bin/'}
- {src: './kube-controller-manager', dest: '/opt/k8s/bin/'}
- {src: './kubectl', dest: '/opt/k8s/bin/'}
- {src: './kubelet', dest: '/opt/k8s/bin/'}
- {src: './kube-proxy', dest: '/opt/k8s/bin/'}
- {src: './kube-scheduler', dest: '/opt/k8s/bin/'}
- {src: './mounter', dest: '/opt/k8s/bin/'}
