目录
1.include 文件包含
1.nfs_server_tasks.yml
2.nfs_client_tasks.yml
3.main_nfs.yml
2.Roles
3.vault
4.Galaxy
5.优化
5.1性能优化
5.2安全
1.include 文件包含
当一个ansible剧本的内容过多时 涉及到多个play时 较为复杂时 可以通过include把小的剧本拼接成大的剧本
例如我们可以将NFS 服务客户端和服务端 两个剧本写到一个剧本中通过include_tasks引入
例如
1.nfs_server_tasks.yml
---
- name: Install NFS server on CentOS
yum:
name: nfs-utils
state: present
- name: Start and enable NFS service
service:
name: nfs-server
state: started
enabled: true
- name: Configure firewall for NFS on CentOS
firewalld:
service: nfs
permanent: true
state: enabled
immediate: true
2.nfs_client_tasks.yml
---
- name: Install NFS client on CentOS
yum:
name: nfs-utils
state: present
- name: Create mount point directory on client
file:
path: /mnt/nfs
state: directory
- name: Mount NFS share on client
mount:
name: /mnt/nfs
src: "{{ nfs_server_ip }}:/export/nfs"
fstype: nfs
opts: defaults
3.main_nfs.yml
---
- name: Configure NFS client and server on CentOS
hosts: all
become: true
tasks:
- name: Install NFS packages on server
yum:
name:
- nfs-utils
- nfs-utils-lib
- nfs-kernel-server
when: inventory_hostname in groups['nfs-server']
- name: Create export directory on server
file:
path: /export/nfs
state: directory
when: inventory_hostname in groups['nfs-server']
- name: Set up NFS server exports
nfs_export:
path: /export/nfs
clients:
- client_ip_or_network/24(rw,sync,no_subtree_check)
when: inventory_hostname in groups['nfs-server']
- name: Restart NFS server
service:
name: nfs-server
state: restarted
when: inventory_hostname in groups['nfs-server']
- name: Install NFS client packages on client
yum:
name: nfs-utils
when: inventory_hostname in groups['nfs-client']
# Include tasks for NFS server configuration
- include_tasks: nfs_server_tasks.yml
when: inventory_hostname in groups['nfs-server']
# Include tasks for NFS client configuration
- include_tasks: nfs_client_tasks.yml
when: inventory_hostname in groups['nfs-client']
2.Roles
当我们使用剧本时发现 存放混乱这时候我们可以使用 Roles让文件剧本存放的更为简洁明了
实际上就是换个地方存放目录更为简洁 更为规范 是一种模块化思想
3.vault
加密指定文件 ansible-vault用于加密高敏感信息
hosts 加密
变量文件加密
4.Galaxy
在官网上下载别人写好的剧本 进行使用十分方便简洁
5.优化
5.1性能优化
ssh连接速度优化,关闭UseDNS,GSSAPIAuthcation ...
不要让ansible运行交互式的命令,非要用使用命令的非交互模式
需要使用ans,yum安装软件,可以自建本地yum仓库,然后ans安装.(自建yum源,自己制作的rpm包)
调整ansible并发数量(-f 调整并发数量 默认是5 ansible.cfq forks=5,实际调整根据负载情况。)
给ansible配置缓存(redis)队列.缓存facts.
给主机进行分组操作与管理.
关闭gather_facts,如果不用facts变量可以关闭,剧本中:qather_facts: false配置文件:gathering=explicit
关闭host,key,check 一般使用密码认证的时候需要关闭,如果不关闭 ansible配置文件host key checking = False
5.2安全
配置sudo用户 ans ALL=(ALL) NOPASSWD:ALL 密码是1,ssh端口是 22
配合vpn,jms一起使用
用户--->vpn---->ims(跳板机)---->ansible。
用户的密码,进行加密( hash,ansible-vault)