創建劇本
構建思路,生成目錄樹
[root@Ansible ansible]# tree
.
├── ansible.cfg
├── hostname.yml
├── hosts
├── mariadb.yml
├── role_mariadb.retry
├── role_mariadb_threng.yml
├── role_mariadb.yml
└── roles
├── mariadb
│ ├── files
│ │ └── mariadb.tar.gz
│ └── tasks
│ ├── config1.yml
│ ├── config2.yml
│ ├── config3.yml
│ ├── data.yml
│ ├── dir.yml
│ ├── early.yml
│ ├── group.yml
│ ├── link.yml
│ ├── main.yml
│ ├── owner.yml
│ ├── path.yml
│ ├── source.yml
│ ├── start1.yml
│ ├── start2.yml
│ ├── start3.yml
│ ├── unpack.yml
│ └── user.yml
└── mariadb_streng
├── files
│ └── mariadb.exp
└── tasks
├── main.yml
├── streng.yml
└── thening.yml
7 directories, 29 files初期準備
1、創建好目錄文件
[root@Ansible ansible]# mkdir roles/{mariadb/{files,tasks},mariadb_streng{files,tasks}}
2、將下載好的mariadb壓縮包放在角色目錄files下,以便ansible服務器可以通過copy模塊拷貝到客戶端安裝必要的包,避免出錯:early.yml
[root@Ansible mariadb]# cat tasks/early.yml
- name: on the early
yum: name=expect,libaio創建組:group.yml
[root@Ansible mariadb]# cat tasks/group.yml
---
# Group mysql
- name: Group
group: name=mysql gid=336 system=yes創建用戶:user.yml
[root@Ansible mariadb]# cat tasks/user.yml
---
# User
- name: User
user: name=mysql uid=336 group=mysql system=yes home=/data/mysql shell=/sbin/nologin解壓:unpack.yml
[root@Ansible mariadb]# cat tasks/unpack.yml
---
# Unpack
- name: Unpack mariadb
unarchive: src=/etc/ansible/roles/mariadb/files/mariadb.tar.gz dest=/usr/local copy=yes創建硬鏈接:link.yml
[root@Ansible mariadb]# cat tasks/link.yml
---
# Link
- name: create link
file: src=/usr/local/mariadb-10.2.23-linux-x86_64/ dest=/usr/local/mysql state=link給目錄以及子文件添加屬主屬組:owner.yml
[root@Ansible mariadb]# cat tasks/owner.yml
---
# owner group
- name: owner group
file: path=/usr/local/mysql owner=root group=root recurse=yes state=directory添加PATH變量:path.yml
[root@Ansible mariadb]# cat tasks/path.yml
- name: PATH
shell: echo PATH=/usr/local/mysql/bin:$PATH >/etc/profile.d/mysql.shPATH變量生成:source.yml
[root@Ansible mariadb]# cat tasks/source.yml
- name: source
shell: source /etc/profile.d/mysql.sh準備數據庫數據目錄:dir.yml
[root@Ansible mariadb]# cat tasks/dir.yml
- name: directory
file: path=/data/mysql state=directory owner=mysql group=mysql生成數據目錄:data.yml
[root@Ansible mariadb]# cat tasks/data.yml
- name: data
shell: /usr/local/mysql/scripts/mysql_install_db --datadir=/data/mysql --user=mysql生成配置文件:config{1,2,3}.yml
[root@Ansible mariadb]# cat tasks/config1.yml
- name: config
file: path=/etc/mysql state=directory
[root@Ansible mariadb]# cat tasks/config2.yml
- name: config2
copy: src=/usr/local/mysql/support-files/my-huge.cnf dest=/etc/mysql/my.cnf remote_src=yes
[root@Ansible mariadb]# cat tasks/config3.yml
- name: config3
lineinfile: dest=/etc/mysql/my.cnf insertafter="^\[mysqld\]" line="datadir=/data/mysql"啓動劇本:start{1,2,3}.yml
[root@Ansible mariadb]# cat tasks/start1.yml
- name: start1
copy: src=/usr/local/mysql/support-files/mysql.server dest=/etc/init.d/mysqld remote_src=yes
[root@Ansible mariadb]# cat tasks/start2.yml
- name: start2
shell: chkconfig --add mysqld
[root@Ansible mariadb]# cat tasks/start3.yml
- name: service
service: name=mysqld state=started主文件main.yml,對劇本任務進行排序
[root@Ansible ansible]# cat roles/mariadb/tasks/main.yml
- include: early.yml
- include: group.yml
- include: user.yml
- include: unpack.yml
- include: link.yml
- include: owner.yml
- include: path.yml
- include: source.yml
- include: dir.yml
- include: data.yml
- include: config1.yml
- include: config2.yml
- include: config3.yml
- include: start1.yml
- include: start2.yml
- include: start3.yml角色劇本
[root@Ansible ansible]# cat role_mariadb.yml
---
- hosts: all
roles:
- role: mariadb執行角色劇本,開始劇本表演
[root@Ansible ansible]# ansible-playbook role_mariadb.yml編寫mysql安全加固劇本
編寫expect腳本,實現一鍵安全加固
[root@CentOS6 ~]# vim /etc/ansible/roles/mariadb_streng/files/mariadb.exp
#!/usr/bin/expect
set timeout 60
#set password [lindex $argv 0]
spawn mysql_secure_installation
expect {
"enter for none" { send "\r"; exp_continue}
"Change the root password" { send "\r"; exp_continue}
"New password" { send "123456\r"; exp_continue}
"Re-enter new password" { send "123456\r"; exp_continue}
"Remove anonymous users" { send "\r"; exp_continue}
"Disallow root login remotely" { send "\r"; exp_continue}
"Remove test database and access to it" { send "\r"; exp_continue}
"Reload privilege tables now" { send "\r"; exp_continue}
"Cleaning up" { send "\r"}
}
interact ' > mysql_secure_installation.exp部署劇本任務
[root@Ansible ansible]# cat roles/mariadb_streng/tasks/streng.yml
---
# strengthening
- name: streng
copy: src=mariadb.exp dest=/root mode=u+x
[root@Ansible ansible]# cat roles/mariadb_streng/tasks/thening.yml
---
# strengthening
- name: thening
shell: /root/mariadb.exp對劇本任務進行排序
[root@Ansible ansible]# cat roles/mariadb_streng/tasks/main.yml
- include: streng.yml
- include: thening.yml劇本主程序
[root@Ansible ansible]# cat role_mariadb_threng.yml
- hosts: 192.168.36.101
roles:
- role: mariadb_streng執行劇本主程序,實現安全加固
[root@Ansible ansible]# ansible-playbook role_mariadb_threng.yml
PLAY [192.168.36.101] *********************************************************************************************
TASK [Gathering Facts] ********************************************************************************************
ok: [192.168.36.101]
TASK [mariadb_streng : streng] ************************************************************************************
changed: [192.168.36.101]
TASK [mariadb_streng : thening] ***********************************************************************************
changed: [192.168.36.101]
PLAY RECAP ********************************************************************************************************
192.168.36.101 : ok=3 changed=2 unreachable=0 failed=0