目录
[1. playbooks 各部分组成](#1. playbooks 各部分组成)
[2. playbook剧本实战演练](#2. playbook剧本实战演练)
[2.1 实战演练一:给被管理主机安装Apache服务](#2.1 实战演练一:给被管理主机安装Apache服务)
[2.2 实战演练二:使用sudo命令将远程主机创建组](#2.2 实战演练二:使用sudo命令将远程主机创建组)
[2.3 实战演练三:when条件判断指定的IP地址](#2.3 实战演练三:when条件判断指定的IP地址)
[2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户](#2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户)
[2.5 实战演练四:在playbook剧本中基于Templates模块创建标签](#2.5 实战演练四:在playbook剧本中基于Templates模块创建标签)
[2.6 实战演练五:在playbook剧本搭建lnmp](#2.6 实战演练五:在playbook剧本搭建lnmp)
1. playbooks 各部分组成
(1)Tasks:任务,即通过 task 调用 ansible 的模块将多个操作组织在一个 playbook 中运行
(2)Variables:变量
(3)Templates:模板
(4)Handlers:处理器,当changed状态条件满足时,(notify)触发执行的操作
(5)Roles:角色
2. playbook剧本实战演练
2.1 实战演练一:给被管理主机安装Apache服务
在ansible服务器主机,给远程被管理主机制作安装Apache服务的剧本文件demo1.yaml
prettyprint
cd /etc/yum.repos.d/ #制作本地yum源
cd /etc/ansible/playbook/ #将修改后的httpd.conf文件复制到当前目录中
vim /etc/ansible/playbook/play1.yaml
- name: first play
gather_facts: false
hosts: webservers
remote_user: root
vars:
- http_port: 8080
tasks:
- name: disable firewalld
service: name=firewalld state=stopped enabled=no
- name: disable selinux
command: 'setenforce 0'
ignore_errors: yes
- name: copy local yum repo
copy: src=/etc/yum.repos.d/local.repo dest=/etc/yum.repos.d/local.repo
- name: mount cdrom
mount: src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted
- name: install httpd
yum: name=httpd state=latest
- name: copy config template file
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: "reload httpd"
- name: start httpd
service: name=httpd state=started enabled=yes
handlers:
- name: reload httpd
service: name=httpd state=reloaded
运行playbook
prettyprint
ansible-playbook test1.yaml
//补充参数:
-k(--ask-pass):用来交互输入ssh密码
-K(-ask-become-pass):用来交互输入sudo密码
-u:指定用户
ansible-playbook play1.yaml --syntax-check #检查yaml文件的语法是否正确
ansible-playbook play1.yaml --list-task #检查tasks任务
ansible-playbook play1.yaml --list-hosts #检查生效的主机
ansible-playbook play1.yaml --start-at-task='install httpd' #指定从某个task开始运行
ansible-playbook play1.yaml
systemctl status httpd #在被控制的主机查看
2.2 实战演练二:使用sudo命令将远程主机创建组
在ansible服务器主机,给远程被管理主机制作创建组xy103用户为lixang,并获取网关,主机sudo切换用户plsy2.yaml
vim /etc/ansible/playbook/play2.yaml
- name: second play
remote_user: kongxin
become: yes
become_user: root
hosts: dbservers
gather_facts: true
vars:
- myname: liliang
- myclass: xy103
tasks:
- name: create group
group:
name: "{{myclass}}"
- name: create user
user:
name: "{{myname}}"
groups: "{{myclass}}"
- name: copy file
copy:
content: "{{ansible_default_ipv4.gateway}}"
dest: /opt/gateway.txt
ansible-playbook play2.yaml
再被管理主机上查看
ansible-playbook test1.yaml -e "myname=kongxin" #在命令行里定义变量
ansible-playbook play2.yaml -k -K
2.3 实战演练三:when条件判断指定的IP地址
在Ansible中,提供的唯一一个通用的条件判断是when指令,当when指令的值为true时,则该任务执行,否则不执行该任务。
- name: third play
remote_user: root
hosts: webservers
gather_facts: true
tasks:
- name: copy scj.sh to 80.30
copy: src=/opt/kx.sh dest=/opt/
when: ansible_default_ipv4.address == "192.168.80.30"
- name: run kx.sh on 80.20 and 80.30
script: '/opt/kx.sh scj tangjun'
when: inventory_hostname != "192.168.80.30"
2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户
- name: fourth play
remote_user: root
hosts: dbservers
gather_facts: no
vars:
- mygroups: ["xy101", "xy102", "xy103", "xy104"]
- myusers:
- {myname: zhangsan, myclass: xy101}
- {myname: lisi, myclass: xy102}
- {myname: wangwu, myclass: xy103}
- {myname: zhaoliu, myclass: xy104}
tasks:
- name: create groups
group: name={{item}}
with_items: "{{mygroups}}"
- name: create users
user: name={{item.myname}} groups={{item.myclass}}
with_items: "{{myusers}}"
ansible-playbook play.yaml
2.5 实战演练四:在playbook剧本中基于Templates模块创建标签
可以在一个playbook中为某个或某些任务定义"标签",在执行此playbook时通过ansible-playbook命令使用--tags选项能实现仅运行指定的tasks。
playbook还提供了一个特殊的tags为always。作用就是当使用always作为tags的task时,无论执行哪一个tags时,定义有always的tags都会执行。
- name: third play
remote_user: root
hosts: dbservers
gather_facts: true
tasks:
- name: copy file
copy: src=/etc/hosts dest=/opt/
tags:
- test
- name: touch file
file: path=/opt/myhosts state=touch
tags:
- only
- always
~
ansible-playbook play5.yaml --tags="test"
ansible-playbook play5.yaml --tags="only"
添加always标签都会执行
ansible-playbook play5.yaml --tags="always"
2.6 实战演练五:在playbook剧本搭建lnmp
192.168.80.10 centos 7-1
192.168.80.20 centos 7-2
192.168.80.30 centos 7-3
192.168.80.40 centos 7-4
免交互
ssh-copy-id root@192.168.80.20
ssh-copy-id root@192.168.80.30
ssh-copy-id root@192.168.80.40
vim /etc/ansible/hosts
编写palybook
- name: nginx play
hosts: webservers
remote_user: root
gather_facts: false
vars:
- nginx_addr: 192.168.80.20
- nginx_port: 80
- nginx_hostname: www.xy101.com
- root_dir: /var/www/html
- php_addr: 192.168.80.30
- php_port: 9000
tasks:
- name: disable firewalld
service: name=firewalld state=stopped enabled=no
- name: disable selinux
command: 'setenforce 0'
ignore_errors: true
- name: copy nginx repo
copy: src=/opt/nginx/nginx.repo dest=/etc/yum.repos.d/
- name: install nginx
yum: name=nginx state=latest
- name: create root dir
file: path={{root_dir}} state=directory
- name: copy nginx config template file
template: src=/opt/nginx/nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: 'reload nginx'
- name: create nfs config
copy: content="{{root_dir}} 192.168.80.0/24(rw,sync,no_root_squash)" dest=/etc/exports
- name: restart rpcbind,nfs,nginx
service: name={{item}} state=restarted enabled=yes
with_items:
- rpcbind
- nfs
- nginx
handlers:
- name: reload nginx
service: name=nginx state=reloaded
- name: mysql play
hosts: dbservers
remote_user: root
gather_facts: false
tasks:
- name: disable mysql_server firewalld
service: name=firewalld state=stopped enabled=no
- name: disable mysql_server selinux
command: 'setenforce 0'
ignore_errors: true
- name: remove mariadb
yum: name=mariadb* state=absent
- name: copy mysql repo
copy: src=/opt/mysql/mysql-community.repo dest=/etc/yum.repos.d/
- name: modify mysql repo
replace: path=/etc/yum.repos.d/mysql-community.repo regexp="gpgcheck=1" replace="gpgcheck=0"
- name: install mysql
yum: name=mysql-server state=present
- name: start mysql
service: name=mysqld state=started enabled=yes
- name: init mysql
script: '/opt/mysql/mysql-init.sh'
- name: php play
hosts: phpservers
remote_user: root
gather_facts: false
vars:
- php_username: nginx
- php_addr: 192.168.80.30:9000
- nginx_addr: 192.168.80.20
- root_dir: /var/www/html
tasks:
- name: disable php_server firewalld
service: name=firewalld state=stopped enabled=no
- name: disable php_server selinux
command: 'setenforce 0'
- name: unarchive php tar pkg
unarchive: copy=yes src=/opt/php/php.tar.gz dest=/mnt/
- name: copy local repo
copy: src=/opt/php/local.repo dest=/etc/yum.repos.d/
- name: create repo
shell: 'createrepo /mnt && yum clean all && yum makecache'
- name: install php
yum: name=php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache,php72w-ldap,php72w-bcmath state=present
- name: create php user
user: name={{php_username}} shell=/sbin/nologin create_home=no
- name: modify php.ini
replace: path=/etc/php.ini regexp=";date.timezone =" replace="date.timezone = Asia/Shanghai"
- name: modify user and group in www.conf
replace: path=/etc/php-fpm.d/www.conf regexp="apache" replace="{{php_username}}"
notify: "reload php-fpm"
- name: modify listen in www.conf
replace: path=/etc/php-fpm.d/www.conf regexp="127.0.0.1:9000" replace="{{php_addr}}"
notify: "reload php-fpm"
- name: modify listen.allowed_clients in www.conf
replace: path=/etc/php-fpm.d/www.conf regexp="127.0.0.1" replace="{{nginx_addr}}"
notify: "reload php-fpm"
- name: start php-fpm
service: name=php-fpm state=started enabled=yes
- name: create www root dir
file: path={{root_dir}} state=directory
- name: mount nfs
mount: src="{{nginx_addr}}:{{root_dir}}" path={{root_dir}} fstype=nfs state=mounted opts="defaults,_netdev"
handlers:
- name: reload php-fpm
service: name=php-fpm state=reloaded