Skip to content

Ansible OS Tuning

1. Prepare inventory file

Login with ansible

cd ~
vim hosts

example:

[wimes-ap]
gitlab   ansible_ssh_host=10.41.xx.xx
harbor   ansible_ssh_host=10.41.xx.xx
rancher1    ansible_ssh_host=0.41.xx.xx
rancher2    ansible_ssh_host=0.41.xx.xx
rancher3    ansible_ssh_host=0.41.xx.xx
master1     ansible_ssh_host=0.41.xx.xx
master2     ansible_ssh_host=0.41.xx.xx
master3     ansible_ssh_host=0.41.xx.xx
worker1     ansible_ssh_host=0.41.xx.xx
worker2     ansible_ssh_host=0.41.xx.xx
worker3     ansible_ssh_host=0.41.xx.xx

2. Prepare playbook

  • Download ansible roles for os tuning
git clone https://wzs-sat-qas-gitlab.wistron.com/wzsse/cog-ansible.git

image-20250503211257186

  • Create OS tuning playbook
vim ~/ostuning.yaml

example:

  1. disable_root_remote : Disable user root remote ssh login

  2. install_zabbix : Use ansible to install zabbix agent

  3. create_user_forSE : Do you want to create a local account for SE
---
- name: OS Base Tuning
  hosts: test
  become: yes
  vars:
    # on/off
    use_http_proxy: false
    disable_root_remote: true
    install_zabbix: true
    create_user_forSE: true

    # common variables
    remote_user: ansible
    timezone: Asia/Shanghai
    env: POC    #to-change: DEV, QAS, PRD, STB
    server_type: K8S #to-change: Default(非DB或k8s节点), DB(Oracle/PG DB), K8S(Satellite/Armstrong k8s节点)

    # local server
    ansible_server: 10.xx.xx.xx
    yum_server: wzs-yum.wistron.com
    zabbix_server: 10.xx.xx.xx
    monitor_server: 10.xx.xx.xx
    http_proxy: 10.xx.xx.xx:xx
    dnsserver:
      - 10.41.xx.xx
      - 10.55.xx.xx
    seteam:
      - jane
      - seven
      - alice
      - zekai
      - swingye
      - allen

  roles:
    - role: ./cog-ansible/roles/base

3. OS tuning

ansible-playbook ~/ostuning.yaml -vv