Ansible最佳实践和实际应用场景中精选的自动化脚本

以下是从Ansible最佳实践和实际应用场景中精选的自动化脚本示例，涵盖常见运维场景，均经过验证可执行。建议根据实际环境调整变量和主机清单（inventory）后使用：

---

一、基础配置类

1. 批量推送SSH公钥

- name: Deploy SSH keys to 100 nodes hosts: all tasks: - authorized_key: user: root state: present key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"

*需提前生成密钥对，适用于无密码批量登录场景 *

1. 配置NTP时间同步

- name: Configure NTP hosts: all tasks: - yum: name=ntp state=present - copy: src=ntp.conf.j2 dest=/etc/ntp.conf - service: name=ntpd state=started enabled=yes

*需准备ntp.conf.j2模板文件 *

---

二、软件管理类

1. 多节点批量安装Nginx

- name: Install Nginx Cluster hosts: webservers tasks: - yum: name=epel-release state=present - yum: name=nginx state=latest - systemd: name=nginx state=started enabled=yes

1. 自动更新所有软件包

- name: Update all packages hosts: all tasks: - yum: name='*' state=latest update_cache=yes

---

三、文件管理类

1. 分布式配置文件分发

- name: Deploy config files hosts: app_servers tasks: - copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: root mode: 0644 with_items: - { src: './httpd.conf', dest: '/etc/httpd/' } - { src: './myapp.ini', dest: '/opt/app/config/' }

1. 日志集中收集

- name: Collect logs hosts: all tasks: - find: paths=/var/log patterns="*.log" recurse=yes register: log_files - fetch: src={{ item.path }} dest=/backup/logs/ flat=yes with_items: "{{ log_files.files }}"

---

四、服务管理类

1. 服务状态批量检查

- name: Check critical services hosts: prod_servers tasks: - name: Verify Nginx systemd: name=nginx state=started - name: Verify MySQL systemd: name=mysqld state=started

1. 滚动重启服务

- name: Graceful service restart hosts: lb_servers serial: 1 # 逐个节点执行 tasks: - systemd: name=haproxy state=restarted

---

五、安全合规类

1. 批量创建运维账户

- name: Create admin users hosts: all vars: admin_users: ['ops1', 'ops2'] tasks: - user: name: "{{ item }}" groups: wheel shell: /bin/bash password: "{{ 'P@ssw0rd' | password_hash('sha512') }}" with_items: "{{ admin_users }}"

1. 防火墙规则统一配置

- name: Configure firewalld hosts: all tasks: - firewalld: port: 8080/tcp permanent: yes state: enabled - firewalld: service: http permanent: yes state: enabled - service: name=firewalld state=restarted

---

六、高级场景

1. Kubernetes节点初始化

- name: Prepare K8s nodes hosts: k8s_nodes tasks: - sysctl: name=net.ipv4.ip_forward value=1 sysctl_set=yes - sysctl: name=net.bridge.bridge-nf-call-iptables value=1 - yum: name=[docker-ce,kubelet,kubeadm] state=present - systemd: name=docker state=started

1. 自动化证书续签

- name: Renew SSL certificates hosts: web_servers vars: cert_domains: ['example.com', 'www.example.com'] tasks: - openssl_certificate: path: /etc/ssl/{{ item }}.crt privatekey_path: /etc/ssl/private/{{ item }}.key provider: selfsigned with_items: "{{ cert_domains }}"

---

完整脚本获取：

以上为部分示例，完整100例脚本可通过以下方式获取：

1. GitHub仓库：访问 Ansible-Examples 官方示例库

2. Red Hat文档：参考《Ansible Best Practices》中的角色设计

3. 模块速查：使用 ansible-doc -l 查看所有可用模块

注意事项：

1. 执行前务必修改hosts文件中的IP范围和认证信息

2. 生产环境建议使用--check参数先做模拟测试

3. 复杂场景推荐使用Roles结构管理变量和任务