Ansible-完成LNP基础环境搭建

1.创建用户和组

groupadd -g 666 www
useradd -u 666 -g 666 -s /sbin/nologin -M www

groupadd -g 53 tomcat
useradd -u 53 -g 53 -s /sbin/nologin -M tomcat

- name: Create group
  group:
    name: "{{ item.name }}"
    gid: "{{ item.gid }}"
  loop:
    - { name: www , gid: '666' }
    - { name: tomcat , gid: '53' }

- name: Create user
  user:
    name: "{{ item.name }}"
    uid: "{{ item.uid }}"
    group: "{{ item.group }}"
    createhome: no
    shell: /sbin/nologin
  loop:
    - { name: www , uid: 666 , group: 666 }
    - { name: tomcat , uid: 53 , group: 53 }

2.关闭防火墙和selinux

systemctl stop firewalld
systemctl disable firewalld

setenforce 0
sed -i 's/^SELINUX=Enforcing/SELINUX=disabled/g' /etc/selinux/config

- name: Stop firewalld
  systemd:
    name: firewalld
    state: stopped
    enabled: no

- name: Stop selinux
  selinux:
    state: disabled

3.配置所需yum源

# 配置epel源
yum -y install epel-release

# nginx源
echo '
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
' > /etc/yum.repos.d/nginx.repo

# 配置php源
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

# 配置epel源
- name: Configure epel
  yum:
    name: epel-release
    state: installed

# 配置nginx源
- name: Configure nginx.repo
  yum_repository:
    name: nginx_stable
    description: nginx yum repo
    baseurl: http://nginx.org/packages/centos/$releasever/$basearch/
    gpgcheck: no
    priority: '1'
  # 此处判断只有web主机名和nginx_proxy主机名的才执行此操作
  when: ( ansible_hostname is match ( 'web*' ) ) or 
        ( ansible_hostname is match ( 'nginx_proxy*' ) )

# 配置php源
- name: Configure php.repo
  yum_repository:
    name: php_72
    description: php yum repo
    baseurl: https://uk.repo.webtatic.com/yum/el7/x86_64/
    gpgcheck: no
    priority: '1'
  # 此处判断只有web主机名时才执行此操作
  when: ( ansible_hostname is match ('web*') )

4.安装基础软件

yum install nfs-utils rsync wget unzip glances lrzsz vim net-tools  
bash-completion tree MySQL-python  chrony -y

- name: Install base software
  yum:
    name: "{{ base_packages }}"
    state: installed
  vars:
    base_packages:
      - nfs-utils
      - rsync
      - wget
      - unzip
      - glances
      - lrzsz
      - vim
      - net-tools
      - chrony
      - bash-completion
      - tree
      - MySQL-python 

5.系统环境优化

# 取消ssh的DNS反向解析
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config

# 设置系统文件数量限制
echo '
#<type>  <item>  <value>
 soft    nofile  65535
 hard    nofile  65535
 soft    soft    102400
 hard    nproc   102400
' >> /etc/security/limits.conf

# 取消ssh的DNS反向解析
- name: Modify ssh configure
  replace:
    path: /etc/ssh/sshd_config
    regexp: '^#UseDNS yes'
    replace: 'UseDNS no'

# 设置系统文件数量限制
- name: Set sysctl file limits
  pam_limits:
    domain: '*'
    limit_type: "{{ item.limit_type }}"
    limit_item: "{{ item.limit_item }}"
    value: "{{ item.value }}"
  loop:
      - { limit_type: 'soft', limit_item: 'nofile', value: '65535' }
      - { limit_type: 'hard', limit_item: 'nofile', value: '65535' }
      - { limit_type: 'soft', limit_item: 'nproc',  value: '102400' }
      - { limit_type: 'hard', limit_item: 'nproc',  value: '102400' }