--- - name: 上传安装包 copy: src=offline_cdh dest=/opt/ - name: 禁用SELinux和防火墙 block: - name: 禁用SELinux ansible.builtin.lineinfile: path: /etc/sysconfig/selinux regexp: '^SELINUX=' line: SELINUX=disabled - name: 禁用防火墙 ansible.builtin.service: name: firewalld state: stopped enabled: no - name: 修改主机名并分发给各主机 tags: - host block: - name: 设置主机名 ansible.builtin.hostname: name: "{{ inventory_hostname }}" - name: 修改 /etc/sysconfig/network 内的主机名设置 ansible.builtin.lineinfile: path: /etc/sysconfig/network regexp: '^HOSTNAME=' line: "HOSTNAME={{ inventory_hostname|lower }}" - name: 重启网络服务 ansible.builtin.service: name: network state: restarted - name: 分发主机名信息到各个主机 blockinfile: path: /etc/hosts block: | {% for h in groups['new_cdh_servers'] | sort %} {{ hostvars[h].ansible_default_ipv4.address }} {{ h }} {% endfor %} - name: 安装软件包 tags: - pkgs ansible.builtin.yum: name: - sysstat - vim - wget - lrzsz - screen - gcc - python-devel - gcc-c++ - ntpdate - libyaml - libyaml-devel - python-setuptools - ntp - libaio # for mysql - expect # for mysql - mariadb # 这是mysql客户端工具,改名了 - psmisc # for /opt/cm-5.14.2/etc/init.d/cloudera-scm-server start state: present - name: SSH互信配置 tags: - dpk block: - name: 生成ssh私钥 command: cmd: ssh-keygen -f /root/.ssh/id_rsa -N "" creates: /root/.ssh/id_rsa - name: 将公钥下载到Ansible中控机 fetch: src: /root/.ssh/id_rsa.pub dest: /tmp/pubkeys/{{ inventory_hostname }}.pub flat: yes - name: 将ssh指纹信息下载到中控机 block: - name: 先cat获取 command: cat /etc/ssh/ssh_host_ecdsa_key.pub register: ssh_finger - name: 然后输出到临时文件 ansible.builtin.lineinfile: path: /tmp/ssh_fingerprint line: "{{ inventory_hostname }},{{ hostvars[inventory_hostname].ansible_default_ipv4.address }} {{ ssh_finger.stdout_lines[0] }}" insertbefore: BOF create: yes - name: 最后获取到本地 fetch: src: /tmp/ssh_fingerprint dest: /tmp/fingerprints/{{ inventory_hostname }}.known_hosts flat: yes - name: 然后删除服务器上的临时文件 ansible.builtin.file: path: /tmp/ssh_fingerprint state: absent - name: 删除之前遗留的旧文件 run_once: yes delegate_to: localhost file: path: "{{ item }}" state: absent with_items: - /tmp/authorized_keys - /tmp/known_hosts - name: 合并公钥信息 run_once: yes delegate_to: localhost ansible.builtin.assemble: src: /tmp/pubkeys/ dest: /tmp/authorized_keys - name: 合并指纹信息 run_once: yes delegate_to: localhost ansible.builtin.assemble: src: /tmp/fingerprints/ dest: /tmp/known_hosts - name: 上传指纹信息和公钥信息到各个主机 copy: src: "{{ item }}" dest: "{{ item }}" loop: - /tmp/authorized_keys - /tmp/known_hosts - name: 将公钥复制到用户配置 blockinfile: path: /root/.ssh/authorized_keys block: "{{ lookup('file', '/tmp/authorized_keys') }}" create: yes mode: 0600 - name: 将指纹信息复制到用户配置 blockinfile: path: /root/.ssh/known_hosts block: "{{ lookup('file', '/tmp/known_hosts') }}" create: yes mode: 0600 - name: 清楚本地临时文件和目录 file: path: "{{ item }}" state: absent with_items: - /tmp/fingerprints/ - /tmp/pubkeys/ - /tmp/authorized_keys - /tmp/known_hosts - name: 移除系统JDK并安装离线包里面的JDK tags: - jdk block: - name: 移除系统JDK包 ansible.builtin.yum: name: - java-1.6.0-openjdk - java-1.7.0-openjdk - java-1.8.0-openjdk - java-11-openjdk state: absent autoremove: yes - name: 安装离线包提供的JDK8 ansible.builtin.yum: name: /opt/offline_cdh/jdk-8u261-linux-x64.rpm state: present - name: 设置时间同步 tags: - ntp block: - name: 在主机01上配置NTP服务 ansible.builtin.lineinfile: path: /etc/ntp.conf regexp: "^restrict 10.251" line: restrict 10.251.24.0 mask 255.255.255.0 nomodify notrap when: inventory_hostname == groups['new_cdh_servers'][0] - name: 在主机01上启用NTP服务 ansible.builtin.service: name: ntpd state: restarted enabled: yes - name: 延时一段时间以等待ntp服务就绪 command: sleep 10 - name: 从主机01上同步时间 command: "ntpdate -u {{ hostvars['cdh01.ghadoop'].ansible_default_ipv4.address }}" when: inventory_hostname != "cdh01.ghadoop" - name: 禁用透明大页 tags: - nothp block: - name: 临时禁用碎片整理 shell: echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag args: executable: /bin/bash - name: 临时禁用透明大页 shell: echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled args: executable: /bin/bash - name: 修改Grub配置 ansible.builtin.lineinfile: path: /etc/default/grub regexp: "^GRUB_CMDLINE_LINUX=" line: GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet transparent_hugepage=never" - name: 判断当前是Grub还是Grub2 ansible.builtin.stat: path: /etc/{{ item }} register: grub2_cfg with_items: - grub2.cfg - grub2-efi.cfg - debug: var: grub2_cfg - name: 根据是Grub还是Grub2,更新Grub配置 command: "grub2-mkconfig -o {{ item.stat.path }}" when: item.stat.readable with_items: "{{ grub2_cfg.results }}" - name: 修改系统设置 tags: - setconf block: - name: 修改限制文件 /etc/security/limits.conf blockinfile: path: /etc/security/limits.conf block: | * soft nofile 65536 * hard nofile 65536 root soft nofile 65536 root hard nofile 65536 * soft memlock unlimited * hard memlock unlimited root soft memlock unlimited root hard memlock unlimited * soft as unlimited * hard as unlimited root soft as unlimited root hard as unlimited - name: 修改 /etc/sysctl.conf ansible.builtin.lineinfile: path: /etc/sysctl.conf regexp: "{{ item.regexp }}" line: "{{ item.line }}" state: present create: yes loop: - { regexp: "^vm.max_map_count=", line: "vm.max_map_count=131072" } - { regexp: "^vm.swappiness=", line: "vm.swappiness=0" }