创建剧本
构建思路,生成目录树
[root@Ansible ansible]# tree
.
├── ansible.cfg
├── hostname.yml
├── hosts
├── mariadb.yml
├── role_mariadb.retry
├── role_mariadb_threng.yml
├── role_mariadb.yml
└── roles
├── mariadb
│ ├── files
│ │ └── mariadb.tar.gz
│ └── tasks
│ ├── config1.yml
│ ├── config2.yml
│ ├── config3.yml
│ ├── data.yml
│ ├── dir.yml
│ ├── early.yml
│ ├── group.yml
│ ├── link.yml
│ ├── main.yml
│ ├── owner.yml
│ ├── path.yml
│ ├── source.yml
│ ├── start1.yml
│ ├── start2.yml
│ ├── start3.yml
│ ├── unpack.yml
│ └── user.yml
└── mariadb_streng
├── files
│ └── mariadb.exp
└── tasks
├── main.yml
├── streng.yml
└── thening.yml
7 directories, 29 files初期准备
1、创建好目录文件
[root@Ansible ansible]# mkdir roles/{mariadb/{files,tasks},mariadb_streng{files,tasks}}
2、将下载好的mariadb压缩包放在角色目录files下,以便ansible服务器可以通过copy模块拷贝到客户端安装必要的包,避免出错:early.yml
[root@Ansible mariadb]# cat tasks/early.yml
- name: on the early
yum: name=expect,libaio创建组:group.yml
[root@Ansible mariadb]# cat tasks/group.yml
---
# Group MysqL
- name: Group
group: name=MysqL gid=336 system=yes创建用户:user.yml
[root@Ansible mariadb]# cat tasks/user.yml
---
# User
- name: User
user: name=MysqL uid=336 group=MysqL system=yes home=/data/MysqL shell=/sbin/nologin解压:unpack.yml
[root@Ansible mariadb]# cat tasks/unpack.yml
---
# Unpack
- name: Unpack mariadb
unarchive: src=/etc/ansible/roles/mariadb/files/mariadb.tar.gz dest=/usr/local copy=yes创建硬链接:link.yml
[root@Ansible mariadb]# cat tasks/link.yml
---
# Link
- name: create link
file: src=/usr/local/mariadb-10.2.23-linux-x86_64/ dest=/usr/local/MysqL state=link[root@Ansible mariadb]# cat tasks/owner.yml
---
# owner group
- name: owner group
file: path=/usr/local/MysqL owner=root group=root recurse=yes state=directory添加PATH变量:path.yml
[root@Ansible mariadb]# cat tasks/path.yml
- name: PATH
shell: echo PATH=/usr/local/MysqL/bin:$PATH >/etc/profile.d/MysqL.shPATH变量生成:source.yml
[root@Ansible mariadb]# cat tasks/source.yml
- name: source
shell: source /etc/profile.d/MysqL.sh准备数据库数据目录:dir.yml
[root@Ansible mariadb]# cat tasks/dir.yml
- name: directory
file: path=/data/MysqL state=directory owner=MysqL group=MysqL生成数据目录:data.yml
[root@Ansible mariadb]# cat tasks/data.yml
- name: data
shell: /usr/local/MysqL/scripts/MysqL_install_db --datadir=/data/MysqL --user=MysqL[root@Ansible mariadb]# cat tasks/config1.yml
- name: config
file: path=/etc/MysqL state=directory
[root@Ansible mariadb]# cat tasks/config2.yml
- name: config2
copy: src=/usr/local/MysqL/support-files/my-huge.cnf dest=/etc/MysqL/my.cnf remote_src=yes
[root@Ansible mariadb]# cat tasks/config3.yml
- name: config3
lineinfile: dest=/etc/MysqL/my.cnf insertafter="^\[MysqLd\]" line="datadir=/data/MysqL"启动剧本:start{1,2,3}.yml
[root@Ansible mariadb]# cat tasks/start1.yml
- name: start1
copy: src=/usr/local/MysqL/support-files/MysqL.server dest=/etc/init.d/MysqLd remote_src=yes
[root@Ansible mariadb]# cat tasks/start2.yml
- name: start2
shell: chkconfig --add MysqLd
[root@Ansible mariadb]# cat tasks/start3.yml
- name: service
service: name=MysqLd state=started主文件main.yml,对剧本任务进行排序
[root@Ansible ansible]# cat roles/mariadb/tasks/main.yml
- include: early.yml
- include: group.yml
- include: user.yml
- include: unpack.yml
- include: link.yml
- include: owner.yml
- include: path.yml
- include: source.yml
- include: dir.yml
- include: data.yml
- include: config1.yml
- include: config2.yml
- include: config3.yml
- include: start1.yml
- include: start2.yml
- include: start3.yml角色剧本
[root@Ansible ansible]# cat role_mariadb.yml
---
- hosts: all
roles:
- role: mariadb执行角色剧本,开始剧本表演
[root@Ansible ansible]# ansible-playbook role_mariadb.yml编写MysqL安全加固剧本
编写expect脚本,实现一键安全加固
[root@CentOS6 ~]# vim /etc/ansible/roles/mariadb_streng/files/mariadb.exp
#!/usr/bin/expect
set timeout 60
#set password [lindex $argv 0]
spawn MysqL_secure_installation
expect {
"enter for none" { send "\r"; exp_continue}
"Change the root password" { send "\r"; exp_continue}
"New password" { send "123456\r"; exp_continue}
"Re-enter new password" { send "123456\r"; exp_continue}
"Remove anonymous users" { send "\r"; exp_continue}
"disallow root login remotely" { send "\r"; exp_continue}
"Remove test database and access to it" { send "\r"; exp_continue}
"Reload privilege tables Now" { send "\r"; exp_continue}
"Cleaning up" { send "\r"}
}
interact ' > MysqL_secure_installation.exp部署剧本任务
[root@Ansible ansible]# cat roles/mariadb_streng/tasks/streng.yml
---
# strengthening
- name: streng
copy: src=mariadb.exp dest=/root mode=u+x
[root@Ansible ansible]# cat roles/mariadb_streng/tasks/thening.yml
---
# strengthening
- name: thening
shell: /root/mariadb.exp对剧本任务进行排序
[root@Ansible ansible]# cat roles/mariadb_streng/tasks/main.yml
- include: streng.yml
- include: thening.yml剧本主程序
[root@Ansible ansible]# cat role_mariadb_threng.yml
- hosts: 192.168.36.101
roles:
- role: mariadb_streng执行剧本主程序,实现安全加固
[root@Ansible ansible]# ansible-playbook role_mariadb_threng.yml
PLAY [192.168.36.101] *********************************************************************************************
TASK [Gathering Facts] ********************************************************************************************
ok: [192.168.36.101]
TASK [mariadb_streng : streng] ************************************************************************************
changed: [192.168.36.101]
TASK [mariadb_streng : thening] ***********************************************************************************
changed: [192.168.36.101]
PLAY RECAP ********************************************************************************************************
192.168.36.101 : ok=3 changed=2 unreachable=0 Failed=0版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
