Antiy
/
devops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Mirror of git@code.avlyun.org:envision/g_service_ops_v1.0/devops.git
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
231 KiB
 
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
devops/CDH_Deploy/tasks/basic_settings.yml

240 lines
7.2 KiB
Raw Permalink Blame History

---
- name: 上传安装包
copy: src=offline_cdh dest=/opt/
- name: 禁用SELinux和防火墙
block:
- name: 禁用SELinux
ansible.builtin.lineinfile:
path: /etc/sysconfig/selinux
regexp: '^SELINUX='
line: SELINUX=disabled
- name: 禁用防火墙
ansible.builtin.service:
name: firewalld
state: stopped
enabled: no
- name: 修改主机名并分发给各主机
tags:
- host
block:
- name: 设置主机名
ansible.builtin.hostname:
name: "{{ inventory_hostname }}"
- name: 修改 /etc/sysconfig/network 内的主机名设置
ansible.builtin.lineinfile:
path: /etc/sysconfig/network
regexp: '^HOSTNAME='
line: "HOSTNAME={{ inventory_hostname|lower }}"
- name: 重启网络服务
ansible.builtin.service:
name: network
state: restarted
- name: 分发主机名信息到各个主机
blockinfile:
path: /etc/hosts
block: |
{% for h in groups['new_cdh_servers'] | sort %}
{{ hostvars[h].ansible_default_ipv4.address }} {{ h }}
{% endfor %}
- name: 安装软件包
tags:
- pkgs
ansible.builtin.yum:
name:
- sysstat
- vim
- wget
- lrzsz
- screen
- gcc
- python-devel
- gcc-c++
- ntpdate
- libyaml
- libyaml-devel
- python-setuptools
- ntp
- libaio # for mysql
- expect # for mysql
- mariadb # 这是mysql客户端工具,改名了
- psmisc # for /opt/cm-5.14.2/etc/init.d/cloudera-scm-server start
state: present
- name: SSH互信配置
tags:
- dpk
block:
- name: 生成ssh私钥
command:
cmd: ssh-keygen -f /root/.ssh/id_rsa -N ""
creates: /root/.ssh/id_rsa
- name: 将公钥下载到Ansible中控机
fetch:
src: /root/.ssh/id_rsa.pub
dest: /tmp/pubkeys/{{ inventory_hostname }}.pub
flat: yes
- name: 将ssh指纹信息下载到中控机
block:
- name: 先cat获取
command: cat /etc/ssh/ssh_host_ecdsa_key.pub
register: ssh_finger
- name: 然后输出到临时文件
ansible.builtin.lineinfile:
path: /tmp/ssh_fingerprint
line: "{{ inventory_hostname }},{{ hostvars[inventory_hostname].ansible_default_ipv4.address }} {{ ssh_finger.stdout_lines[0] }}"
insertbefore: BOF
create: yes
- name: 最后获取到本地
fetch:
src: /tmp/ssh_fingerprint
dest: /tmp/fingerprints/{{ inventory_hostname }}.known_hosts
flat: yes
- name: 然后删除服务器上的临时文件
ansible.builtin.file:
path: /tmp/ssh_fingerprint
state: absent
- name: 删除之前遗留的旧文件
run_once: yes
delegate_to: localhost
file:
path: "{{ item }}"
state: absent
with_items:
- /tmp/authorized_keys
- /tmp/known_hosts
- name: 合并公钥信息
run_once: yes
delegate_to: localhost
ansible.builtin.assemble:
src: /tmp/pubkeys/
dest: /tmp/authorized_keys
- name: 合并指纹信息
run_once: yes
delegate_to: localhost
ansible.builtin.assemble:
src: /tmp/fingerprints/
dest: /tmp/known_hosts
- name: 上传指纹信息和公钥信息到各个主机
copy:
src: "{{ item }}"
dest: "{{ item }}"
loop:
- /tmp/authorized_keys
- /tmp/known_hosts
- name: 将公钥复制到用户配置
blockinfile:
path: /root/.ssh/authorized_keys
block: "{{ lookup('file', '/tmp/authorized_keys') }}"
create: yes
mode: 0600
- name: 将指纹信息复制到用户配置
blockinfile:
path: /root/.ssh/known_hosts
block: "{{ lookup('file', '/tmp/known_hosts') }}"
create: yes
mode: 0600
- name: 清楚本地临时文件和目录
file:
path: "{{ item }}"
state: absent
with_items:
- /tmp/fingerprints/
- /tmp/pubkeys/
- /tmp/authorized_keys
- /tmp/known_hosts
- name: 移除系统JDK并安装离线包里面的JDK
tags:
- jdk
block:
- name: 移除系统JDK包
ansible.builtin.yum:
name:
- java-1.6.0-openjdk
- java-1.7.0-openjdk
- java-1.8.0-openjdk
- java-11-openjdk
state: absent
autoremove: yes
- name: 安装离线包提供的JDK8
ansible.builtin.yum:
name: /opt/offline_cdh/jdk-8u261-linux-x64.rpm
state: present
- name: 设置时间同步
tags:
- ntp
block:
- name: 在主机01上配置NTP服务
ansible.builtin.lineinfile:
path: /etc/ntp.conf
regexp: "^restrict 10.251"
line: restrict 10.251.24.0 mask 255.255.255.0 nomodify notrap
when: inventory_hostname == groups['new_cdh_servers'][0]
- name: 在主机01上启用NTP服务
ansible.builtin.service:
name: ntpd
state: restarted
enabled: yes
- name: 延时一段时间以等待ntp服务就绪
command: sleep 10
- name: 从主机01上同步时间
command: "ntpdate -u {{ hostvars['cdh01.ghadoop'].ansible_default_ipv4.address }}"
when: inventory_hostname != "cdh01.ghadoop"
- name: 禁用透明大页
tags:
- nothp
block:
- name: 临时禁用碎片整理
shell: echo 'never' > /sys/kernel/mm/transparent_hugepage/defrag
args:
executable: /bin/bash
- name: 临时禁用透明大页
shell: echo 'never' > /sys/kernel/mm/transparent_hugepage/enabled
args:
executable: /bin/bash
- name: 修改Grub配置
ansible.builtin.lineinfile:
path: /etc/default/grub
regexp: "^GRUB_CMDLINE_LINUX="
line: GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet transparent_hugepage=never"
- name: 判断当前是Grub还是Grub2
ansible.builtin.stat:
path: /etc/{{ item }}
register: grub2_cfg
with_items:
- grub2.cfg
- grub2-efi.cfg
- debug:
var: grub2_cfg
- name: 根据是Grub还是Grub2,更新Grub配置
command: "grub2-mkconfig -o {{ item.stat.path }}"
when: item.stat.readable
with_items: "{{ grub2_cfg.results }}"
- name: 修改系统设置
tags:
- setconf
block:
- name: 修改限制文件 /etc/security/limits.conf
blockinfile:
path: /etc/security/limits.conf
block: |
* soft nofile 65536
* hard nofile 65536
root soft nofile 65536
root hard nofile 65536
* soft memlock unlimited
* hard memlock unlimited
root soft memlock unlimited
root hard memlock unlimited
* soft as unlimited
* hard as unlimited
root soft as unlimited
root hard as unlimited
- name: 修改 /etc/sysctl.conf
ansible.builtin.lineinfile:
path: /etc/sysctl.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
create: yes
loop:
- { regexp: "^vm.max_map_count=", line: "vm.max_map_count=131072" }
- { regexp: "^vm.swappiness=", line: "vm.swappiness=0" }