scripts-ansible
- TAGS: Script
ansible批量更换resolv.conf
dns_schd2]$ tree ./
./
├── ansible.cfg
├── exec01.retry
├── exec01.yml
├── files
│ └── resolv.conf
├── hosts
└── logs
└── ansible.log
cat >ansible.cfg<<EOF [defaults] inventory = ./hosts forks = 5 remote_port = 22 roles_path = ./roles host_key_checking = False timeout = 30 log_path = ./logs/ansible.log private_key_file = /home/oap/.ssh/id_rsa [inventory] [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False [paramiko_connection] record_host_keys=False [ssh_connection] [persistent_connection] [accelerate] [selinux] [colors] [diff] EOF cat >exec01.yml<<EOF --- - hosts: schd2 tasks: - name: Copy resolv.conf to copy: src={{ item.src }} dest={{ item.dest }} with_items: - { src: '/data/sw-edge/tools/dns_schd2/files/resolv.conf', dest: '/tmp/resolv.conf' } - name: Cat /etc/resolv.conf shell: cat /etc/resolv.conf register: cat_resolv_conf tags: dig_dns01 - name: Cat /etc/resolv.conf debug: msg="{{ cat_resolv_conf.stdout_lines }}" tags: dig_dns01 - name: Simple A record (IPV4 address) lookup for xxx01.com debug: msg="{{ lookup('dig', 'redis-sentinel-1.yunzong')}}" tags: dig_dns01 ignore_errors: True - name: Simple A record (IPV4 address) lookup for xxx02.com debug: msg="{{ lookup('dig', 'oplatformgateway.xiyun')}}" tags: dig_dns01 ignore_errors: True EOF
role ssl
# 执行命令 ansible-playbook change_ssl.yml
# 创建基础环境 mkdir ansible/ cd ansible cat >ansible.cfg<<EOF [defaults] inventory = ./hosts forks = 5 remote_port = 22 roles_path = ./roles host_key_checking = False timeout = 30 log_path = ./logs/ansible.log private_key_file = /home/oap/.ssh/id_rsa [inventory] [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False [paramiko_connection] record_host_keys=False [ssh_connection] [persistent_connection] [accelerate] [selinux] [colors] [diff] EOF mkdir {logs,roles}
# 创建证书role环境 mkdir -pv roles/cron_ssl/{defaults,files,handlers,tasks,templates} # 生成执行yml cat >change_ssl.yml<< \EOF --- - name: Change cron for ssl manage hosts: ssl vars: - script_name: "ssl_monitor.sh" - script_dest_path: "/home/sh" - script_type: "sh" #- state: "absent" - state: "present" - {minute: "5", hour: "0", day: "*", month: "*", weekday: "*"} roles: - cron_ssl EOF # 生成证书环境变量 cat >roles/cron_ssl/defaults/main.yml<<\EOF ssl_script: "ssl_monitor.sh" script_name: "" script_source_path: "" script_dest_path: "/home/sh" script_type: "sh" state: "present" user: "root" minute: "*" hour: "*" day: "*" month: "*" weekday: "*" EOF # 生成证书任务 cat >roles/cron_ssl/tasks/main.yml<< EOF --- - include: cron.yml EOF cat >roles/cron_ssl/tasks/cron.yml<< \EOF --- - name: Backup cron shell: "cp /var/spool/cron/root /data/backup/cronroot.$(date +%F)" ignore_errors: yes - name: Cat cron shell: crontab -l register: cat_cron - name: Cat cron debug: msg="{{ cat_cron.stdout_lines }}" - name: Del cron that which is "{{ script_name }}" cron: name={{ script_name }} state="absent" when: state == "absent" - name: Del notcron that which is "{{ script_name }}" shell: "[ $(crontab -l |grep {{ script_name }}|wc -l) != $(crontab -l |grep -A 2 Ansible| grep {{ script_name }}|wc -l) ] && sed -ri '/ssl_monitor.sh/d' /var/spool/cron/root" ignore_errors: yes when: state == "present" - name: Cron bash "{{ script_name }}" to "{{ state }}" cron: name={{ script_name }} minute={{ minute }} hour={{ hour }} day={{ day }} month={{ month }} weekday={{ weekday }} job='/bin/bash {{ script_dest_path }}/{{ script_name }} &>/dev/null' when: script_type == "sh" and state == "present" - name: Cat cron shell: crontab -l register: cat_cron - name: Cat cron debug: msg="{{ cat_cron.stdout_lines }}" EOF
批量添加sudo权限
# 1. 主机列表 cat >hosts<<\EOF mycat-a03 192.168.100.62 mycat-a02 192.168.100.63 mycat-a01 192.168.100.64 EOF # 2. 远程执行脚本 cat >/tmp/check.sh<<\EOF #!/bin/bash name="yongkui.zhang fuzhi.cao" file_name="/etc/sudoers" for n in $name; do if ! grep $n $file_name &>/etc/null; then echo "$n ALL=(ALL) NOPASSWD: ALL" >>$file_name fi done EOF # 3. ansible脚本 cat >ansible_sudo.sh<<\EOF #!/bin/bash host_file="./hosts" ansible_host=/home/oap/hosts ansible_script="/tmp/check.sh" echo "##########$(date +%Y%m%d%H%M)" if [ -f "$host_file" ];then echo '[chang_host]' >>$ansible_host cat $host_file| while read line; do if [ -n "$line" ];then ip=`echo $line|awk -F "[\t ]+" '{print $2}'` echo "$ip" >>$ansible_host fi done su - oap -c "ansible chang_host -s -i $ansible_host -m script -a '$ansible_script'" rm -f $ansible_host fi EOF # 4. 执行命令 sh ansible_sudo.sh