ansible
inventory
ANSIBLE_CONFIG
ansible.cfg                     项目目录
./ansible.cfg                   当前用户的家目录
/etc/ansible/ansible.cfg
[root@manager ~]# cat /etc/ansible/ansible.cfg inventory = /etc/ansible/hosts #主机列表配置文件
library = /usr/share/my_modules/ #库文件存放目录
remote_tmp = ~/.ansible/tmp #临时py文件存放在远程主机目录
local_tmp = ~/.ansible/tmp #本机的临时执行目录
forks = 5 #默认并发数
sudo_user = root #默认sudo用户
ask_sudo_pass = True #每次执行是否询问sudo的ssh密码
ask_pass = True #每次执行是否询问ssh密码
remote_port = 22 #远程主机端口
host_key_checking = False                 #跳过检查主机指纹
log_path = /var/log/ansible.log           #ansible日志
[privilege_escalation] #如果是普通用户则需要配置提权
become=True
become_method=sudo
become_user=root
become_ask_pass=False
生成密钥
生成密钥名字为dsa , 生成的时候会提示生成的密钥的路径以及密码,可以不输入,默认在 ~/.ssh/目录下
ssh-keygen -t dsa
将生成的公钥上传到指定的服务器中
ssh-copy-id -i ~/.ssh/id_dsa.pub user@192.168.0.201
创建工作目录
mkdir project1/
vim hosts 
[youto]
192.168.0.201
192.168.0.202Ad-Hoc
[ ping ] ansible youto -m ping -i hosts
[查看磁盘信息] ansible youto -m shell -a "df -h" -i hosts
command 不能支持管道符
playbook
[][]
示例
检查yum语法
ansible-palaybook --syntax http.ymlnfs.yaml
nfs 的 配置文件 exports.j2
/data 192.168.0.201(rw)
[共享文件夹] [允许访问主机] (权限)
- hosts: 192.168.0.202
  tasks:
    # yum 安装 nfs-utils
    - name: Install NFS Server
      yum: name=nfs-utils state=present
    # 分发 配置文件
    - name: Configure NFS Server
      copy: src=./exports.j2 dest=/etc/exports backup=yes
    # 创建 组
    - name: Create NFS Group
      group: name=nfss gid=666
    # 创建 用户
    - name: Create NFS User
      user: name=nfss uid=666 group=666 shell=/sbin/nologin create_home=no
    # 创建 共享文件夹
    - name: Create NFS Data
      file: path=/data state=directory owner=nfss group=nfss recurse=yes
    # 开启 nfs 服务
    - name: Service NFS Server
      service: name=nfs state=started enabled=yes
- hosts: 192.168.0.201
  tasks:
    # 创建 挂载目录
    - name: Client Create NFS Data
      file: path=/nfs_tt state=directory
    # 挂载
    - name: Client Mount NFS Server
      mount: 
        src: 192.168.0.202:/data
        path: /nfs_tt
        fstype: nfs
        opts: defaults
        state: mounted      清空原来http软件
ansible youto -m yum -a "name=httpd state=absent" -i hostshttp.yml
tt.j2 (index.html 显示页面)
httpd.conf.j2 (httpd 配置文件)
- hosts: 192.168.0.202
  tasks:
   yum install httpd
    # yum 安装 httpd
    - name: Install Httpd Server
      yum: name=httpd state=present
    # 修改 httd.conf 配置文件
    - name: Configure Httpd Server
      copy: src=./httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf backup=yes  
    # 设置 web 页面
    - name: Configure Httpd WebSite
      copy: src=./tt.j2 dest=/var/www/html/tt.html owner=root group=root mode=644
    # 开启 httpd 服务
    - name: Service Httpd Server
      service: name=httpd state=started enabled=yes
    # 开启 firewalld
    - name: Service Firewalld Server
      service: name=firewalld state=started
    # 放行 9988 端口
    - name: Configure Firewalld Server
      firewalld: zone=public port=9988/tcp permanent=yes immediate=yes state=enabled卸载php71w
yum list installed |grep php71w|awk '{print $1}'|xargs|sed -r 's#(.*)#yum remove -y \1#g'|bashlamp.yml
wget http://static.kodcloud.com/update/download/kodexplorer4.40.zip- hosts: 192.168.0.201
  tasks:
    # yum 安装 httpd php  
    - name: Install Httpd PHP firewalld
      yum: name=httpd,php,php-pdo,php-mbstring,php-gd,firewalld state=present
    # 开启 httpd 服务
    - name: Service Httpd Server
      service: name=httpd state=started
    # 开启防火墙
    - name: Service Firewalld Server
      service: name=firewalld state=started
    # 放行 80 端口
    - name: Configure Firewalld
      firewalld: port=80/tcp immediate=yes state=enabled
    # 获取 tt.php
    - name: Get Url index.php
      get_url:
        url: http://fj.xuliangwei.com/public/index.php
        dest: /var/www/html/tt.php
    # 获取并解压 kodexplorer4.40 
    - name: Copy Kod Cloud Code 
      unarchive: src=./kodexplorer4.40.zip dest=/var/www/html/ mode=0777
    - name: Chown Directory 
      file: path=/var/www/html owner=apache group=apache recurse=yes 
变量
定义变量
- playbook的yaml文件中定义变量赋值
- hosts: all
  vars:  #定义变量
    file_name: bgx_yaml_vars
  tasks:
  - name: # {{ file_name }}引用上面定义的变量
    file: path=/tmp/{{ file_name }} state=touch
#playbook执行,在/tmp目录创建bgx_yaml_vars文件
[root@manager ~]# ansible-playbook f1.yml- --extra-vars执行参数赋给变量
- hosts: all
  tasks:
  - name: Create New File
    file: path=/tmp/{{ file_name }} state=touch
#playbook执行时传入file_name变量的参数,在/tmp目录创建bgx_extra-vars文件
[root@manager ~]# ansible-playbook f2.yml --extra-vars "file_name=bgx_extra-vars"- 在文件中定义变量
在/etc/ansible/hosts主机组中定义,然后使用palybook进行调度该变量
[root@manager ~]# cat /etc/ansible/hosts
[nfs]
10.0.0.20
[nfs:vars]
file_name=bgx_filename变量优先级
1.extra-vars外置传参的优先级最高 [所有执行的主机都生效]
2.定义在yml文件中的优先级其次 [所有执行的主机都生效]
3.hosts文件中定义的变量优先级最低 [当前主机组定义会生效]
变量注册
register关键字可以存储指定命令的输出结果到一个自定义的变量中
[root@manager ~]# cat f5.yml
- hosts: all
  tasks:
    - name:
      shell: netstat -lntp
      register: System_Status
    - name: Get System Status
      debug: msg={{System_Status.stdout_lines}}when ( 判断 )
- hosts: all
  tasks:
        #检查httpd服务是否是活动的
    - name: Check Httpd Server
      command: systemctl is-active httpd
      ignore_errors: yes
      register: check_httpd
      #如果check_httpd变量中的rc结果等于0,则执行重启httpd,否则跳过
    - name: Httpd Restart 
      service: name=httpd state=restarted
      when: check_httpd.rc == 0when
with_items ( 循环 )
- hosts: webserver
  tasks:
     - name: Create User 
       user: name={{ item.name }} groups={{ item.groups }} state=present
       with_items:
         - { name: 'www', groups: 'bin'}
         - { name: 'test', groups: 'root'}with_items item
handlers ( 触发器 )
- hosts: webserver
#1.定义变量,在配置文件中调用
  vars:
    http_port: 8881
#2.安装httpd服务
  tasks:
    - name: Install Httpd Server
      yum: name=httpd state=present
#3.使用template模板,引用上面vars定义的变量至配置文件中
    - name: Configure Httpd Server
      template: src=./httpd.conf dest=/etc/httpd/conf/httpd.conf
      notify:   #调用名称为Restart Httpd Server的handlers(可以写多个)
        - Restart Httpd Server
#4.启动Httpd服务
    - name: Start Httpd Server
      service: name=httpd state=started enabled=yes
#5.如果配置文件发生变化会调用该handlers下面的对应名称的task
  handlers:
    - name: Restart Httpd Server
      service: name=httpd state=restartednotify handlers
include ( 包含)
[root@ansible project1]# cat restart_httpd.yml  #注意这是一个tasks所有没有play的任何信息
- name: Restart Httpd Server
  service: name=httpd state=restarted
[root@ansible project1]# cat a_project.yml 
- hosts: webserver
  tasks:
    - name: A Project command
      command: echo "A"
    - name: Restart httpd
      include: restart_httpd.yml导入一个完整的playbook文件   (play task)
[root@m01 project1]# cat tasks_total.yml 
- import_playbook: ./tasks_1.yml
- import_playbook: ./tasks_2.ymltags ( 标签)
指定执行某个tags标签
[root@m01 docs1]# ansible-playbook -i hosts nginx_php.yml -t "test_user"
忽略执行某个tags标签
[root@m01 docs1]# ansible-playbook -i hosts nginx_php.yml --skip-tags "test_user"igneore_errors ( 错误处理)
1.强制调用handlers
- hosts: webserver
  force_handlers: yes #强制调用handlers
  tasks:
    - name: Touch File
      file: path=/tmp/bgx_handlers state=touch
      notify: Restart Httpd Server
    - name: Installed Packages
      yum: name=sb state=latest
  handlers:
    - name: Restart Httpd Server
      service: name=httpd state=restarted2.关闭changed的状态(确定该tasks不会对被控端做任何的修改和变更.)
- hosts: webserver
  tasks:
    - name: Installed Httpd Server
      yum: name=httpd state=present
    - name: Service Httpd Server
      service: name=httpd state=started
    - name: Check Httpd Server
      shell: ps aux|grep httpd
      register: check_httpd
      changed_when: false
    - name: OutPut Variables
      debug:
        msg: "{{ check_httpd.stdout_lines }}"
3.使用changed_when检查tasks任务返回的结果
- hosts: webserver
  tasks: 
    - name: Installed Nginx Server
      yum: name=nginx state=present
    - name: Configure Nginx Server
      copy: src=./nginx.conf.j2 dest=/etc/nginx/nginx.conf
      notify: Restart Nginx Server
    - name: Check Nginx Configure Status
      command: /usr/sbin/nginx -t
      register: check_nginx
      changed_when: 
       - ( check_nginx.stdout.find('successful'))
       - false
    - name: Service Nginx Server
      service: name=nginx state=started 
  handlers:
    - name: Restart Nginx Server
      service: name=nginx state=restarted
jinja语法
{% if EXPR %}...{% elif EXPR %}...{% endif%} 作为条件判断
--------------------------------------判断语句
{% if ansible_fqdn == "web01" %}
    echo "123"
{% elif ansible_fqdn == "web02" %}
    echo "456"
{% else %}
    echo "789"
{% endif %}
--------------------------------------循环语句
{% for i in EXPR %}...{% endfor%} 作为循环表达式
{% for i in range(1,10) %}
     server 172.16.1.{{i}};
{% endfor %}
{# COMMENT #} 表示注释Roles
Roles基于一个已知的文件结构 tasks handlers templates .....
Roles小技巧:
- 创建roles目录结构,手动或使用ansible-galaxy init test roles
- 编写roles的功能,也就是tasks。
- 最后playbook引用roles编写好的tasks
[root@m01 project2]# mkdir memcached/{tasks,handlers,templates,vars,files} -pv
mkdir: 已创建目录 "memcached"
mkdir: 已创建目录 "memcached/tasks"
mkdir: 已创建目录 "memcached/handlers"
mkdir: 已创建目录 "memcached/templates"
mkdir: 已创建目录 "memcached/vars"
mkdir: 已创建目录 "memcached/files"
[root@m01 project2]# mkdir {nginx,php-fpm}/{tasks,handlers,templates} -pgalaxy
/root/.ansible/roles
1.使用roles创建Rsync服务, 目录结构如下
[root@m01 roles]# tree /etc/ansible/roles/
/etc/ansible/roles/
├── hosts
├── rsync
│   ├── files
│   │   ├── rsyncd.conf
│   │   └── rsync.passwd
│   ├── handlers
│   │   └── main.yml
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   └── vars
├── site.yml2.定义roles主机清单
[root@m01 roles]# cat /etc/ansible/roles/hosts 
[backup]
172.16.1.413.指定backup主机组,执行那个roles
[root@m01 roles]# cat /etc/ansible/roles/site.yml 
- hosts: backup
  remote_user: root
  roles:
    - rsync4.查看rsync角色的tasks任务
[root@m01 roles]# cat /etc/ansible/roles/rsync/tasks/main.yml 
- name: Install Rsync Server
  yum: name=rsync state=present
- name: Configure Rsync Server
  copy: src={{ item.src }} dest=/etc/{{ item.dest }} mode={{ item.mode }}
  with_items:
    - {src: "rsyncd.conf", dest: "rsyncd.conf", mode: "0644"}
    - {src: "rsync.passwd", dest: "rsync.passwd", mode: "0600"}
  notify: Restart Rsync Server
- name: Start Rsync Server
  service: name=rsyncd state=started enabled=yes5.查看rsync角色的handlers
[root@m01 roles]# cat /etc/ansible/roles/rsync/handlers/main.yml 
- name: Restart Rsync Server
  service: name=rsyncd state=restarted6.查看rsync角色的files目录
[root@m01 roles]#  ll /etc/ansible/roles/rsync/files/
total 8
-rw-r--r-- 1 root root 322 Nov 16 18:49 rsyncd.conf
-rw------- 1 root root  20 Nov 16 18:30 rsync.passwd8.执行roles,使用-t指定执行测试rsync角色
[root@m01 roles]# ansible-playbook -i hosts  -t rsync site.yml 
PLAY [backup] ********************************************************************************************
TASK [Gathering Facts] ********************************************************************************
ok: [172.16.1.41]
TASK [backup : Install Rsync Server] ***********************************************************************
ok: [172.16.1.41]
TASK [backup : Configure Rsync Server] *********************************************************************
ok: [172.16.1.41]
TASK [backup : Start Rsync Server] *************************************************************************
ok: [172.16.1.41]
PLAY RECAP ***********************************************************************************=0    failed=0   
         
             
                     
                     
                     
                    
评论