Ansible 的脚本 --- playbook 剧本

目录

[1. playbooks 各部分组成](#1. playbooks 各部分组成)

[2. playbook剧本实战演练](#2. playbook剧本实战演练)

[2.1 实战演练一:给被管理主机安装Apache服务](#2.1 实战演练一:给被管理主机安装Apache服务)

[2.2 实战演练二:使用sudo命令将远程主机创建组](#2.2 实战演练二:使用sudo命令将远程主机创建组)

[2.3 实战演练三:when条件判断指定的IP地址](#2.3 实战演练三:when条件判断指定的IP地址)

[2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户](#2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户)

[2.5 实战演练四:在playbook剧本中基于Templates模块创建标签](#2.5 实战演练四:在playbook剧本中基于Templates模块创建标签)

[2.6 实战演练五:在playbook剧本搭建lnmp](#2.6 实战演练五:在playbook剧本搭建lnmp)


1. playbooks 各部分组成

(1)Tasks:任务,即通过 task 调用 ansible 的模块将多个操作组织在一个 playbook 中运行
(2)Variables:变量
(3)Templates:模板
(4)Handlers:处理器,当changed状态条件满足时,(notify)触发执行的操作
(5)Roles:角色

2. playbook剧本实战演练

2.1 实战演练一:给被管理主机安装Apache服务

在ansible服务器主机,给远程被管理主机制作安装Apache服务的剧本文件demo1.yaml

prettyprint 复制代码
cd /etc/yum.repos.d/     #制作本地yum源
cd /etc/ansible/playbook/    #将修改后的httpd.conf文件复制到当前目录中

vim /etc/ansible/playbook/play1.yaml 

- name: first play
  gather_facts: false
  hosts: webservers
  remote_user: root
  vars:
  - http_port: 8080
  tasks:
  - name: disable firewalld
    service: name=firewalld state=stopped enabled=no
  - name: disable selinux
    command: 'setenforce 0'
    ignore_errors: yes
  - name: copy local yum repo
    copy: src=/etc/yum.repos.d/local.repo  dest=/etc/yum.repos.d/local.repo
  - name: mount cdrom
    mount: src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted
  - name: install httpd
    yum: name=httpd  state=latest
  - name: copy config template file
    template: src=httpd.conf.j2  dest=/etc/httpd/conf/httpd.conf
    notify: "reload httpd"
  - name: start httpd
    service: name=httpd state=started enabled=yes
  handlers:
  - name: reload httpd
    service: name=httpd state=reloaded

运行playbook

prettyprint 复制代码
ansible-playbook test1.yaml
//补充参数:
-k(--ask-pass):用来交互输入ssh密码
-K(-ask-become-pass):用来交互输入sudo密码
-u:指定用户
ansible-playbook play1.yaml --syntax-check    #检查yaml文件的语法是否正确
ansible-playbook play1.yaml --list-task       #检查tasks任务
ansible-playbook play1.yaml --list-hosts      #检查生效的主机
ansible-playbook play1.yaml --start-at-task='install httpd'     #指定从某个task开始运行
复制代码
ansible-playbook play1.yaml
systemctl status httpd   #在被控制的主机查看

2.2 实战演练二:使用sudo命令将远程主机创建组

在ansible服务器主机,给远程被管理主机制作创建组xy103用户为lixang,并获取网关,主机sudo切换用户plsy2.yaml

复制代码
vim /etc/ansible/playbook/play2.yaml 

- name: second play
  remote_user: kongxin
  become: yes
  become_user: root
  hosts: dbservers
  gather_facts: true
  vars:
  - myname: liliang
  - myclass: xy103
  tasks:
  - name: create group
    group:
      name: "{{myclass}}"
  - name: create user
    user:
      name: "{{myname}}"
      groups: "{{myclass}}"
  - name: copy file
    copy:
      content: "{{ansible_default_ipv4.gateway}}"
      dest: /opt/gateway.txt
复制代码
ansible-playbook play2.yaml

再被管理主机上查看

复制代码
ansible-playbook test1.yaml -e "myname=kongxin"     #在命令行里定义变量

复制代码
ansible-playbook play2.yaml -k -K

2.3 实战演练三:when条件判断指定的IP地址

在Ansible中,提供的唯一一个通用的条件判断是when指令,当when指令的值为true时,则该任务执行,否则不执行该任务。

复制代码
- name: third play
  remote_user: root
  hosts: webservers
  gather_facts: true
  tasks:
  - name: copy scj.sh to 80.30
    copy: src=/opt/kx.sh  dest=/opt/
    when: ansible_default_ipv4.address == "192.168.80.30"

  - name: run kx.sh on 80.20 and 80.30
    script: '/opt/kx.sh scj tangjun'
    when: inventory_hostname != "192.168.80.30"

2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户

复制代码
- name: fourth play
  remote_user: root
  hosts: dbservers
  gather_facts: no
  vars:
  - mygroups: ["xy101", "xy102", "xy103", "xy104"]
  - myusers:
    - {myname: zhangsan, myclass: xy101}
    - {myname: lisi, myclass: xy102}
    - {myname: wangwu, myclass: xy103}
    - {myname: zhaoliu, myclass: xy104}
  tasks:
  - name: create groups
    group: name={{item}}
    with_items: "{{mygroups}}"

  - name: create users
    user: name={{item.myname}} groups={{item.myclass}}
    with_items: "{{myusers}}"
复制代码
ansible-playbook play.yaml 

2.5 实战演练四:在playbook剧本中基于Templates模块创建标签

可以在一个playbook中为某个或某些任务定义"标签",在执行此playbook时通过ansible-playbook命令使用--tags选项能实现仅运行指定的tasks。
playbook还提供了一个特殊的tags为always。作用就是当使用always作为tags的task时,无论执行哪一个tags时,定义有always的tags都会执行。

复制代码
- name: third play
  remote_user: root
  hosts: dbservers
  gather_facts: true
  tasks:
  - name: copy file
    copy: src=/etc/hosts dest=/opt/
    tags:
    - test
  
  - name: touch file
    file: path=/opt/myhosts  state=touch
    tags: 
    - only
    - always
~             
复制代码
ansible-playbook play5.yaml --tags="test"
复制代码
ansible-playbook play5.yaml --tags="only"

添加always标签都会执行

复制代码
ansible-playbook play5.yaml --tags="always"

2.6 实战演练五:在playbook剧本搭建lnmp

192.168.80.10 centos 7-1

192.168.80.20 centos 7-2

192.168.80.30 centos 7-3

192.168.80.40 centos 7-4

免交互

复制代码
ssh-copy-id [email protected]
ssh-copy-id [email protected]
ssh-copy-id [email protected]

vim /etc/ansible/hosts

编写palybook

复制代码
- name: nginx play
  hosts: webservers
  remote_user: root
  gather_facts: false
  vars:
  - nginx_addr: 192.168.80.20
  - nginx_port: 80
  - nginx_hostname: www.xy101.com
  - root_dir: /var/www/html
  - php_addr: 192.168.80.30
  - php_port: 9000
  tasks:
  - name: disable firewalld
    service: name=firewalld  state=stopped  enabled=no
  - name: disable selinux
    command: 'setenforce 0'
    ignore_errors: true
  - name: copy nginx repo
    copy: src=/opt/nginx/nginx.repo  dest=/etc/yum.repos.d/
  - name: install nginx
    yum: name=nginx state=latest
  - name: create root dir
    file: path={{root_dir}}  state=directory
  - name: copy nginx config template file
    template: src=/opt/nginx/nginx.conf.j2  dest=/etc/nginx/nginx.conf
    notify: 'reload nginx'
  - name: create nfs config
    copy: content="{{root_dir}} 192.168.80.0/24(rw,sync,no_root_squash)"  dest=/etc/exports
  - name: restart rpcbind,nfs,nginx
    service: name={{item}}  state=restarted  enabled=yes
    with_items:
    - rpcbind
    - nfs
    - nginx

  handlers:
  - name: reload nginx
    service: name=nginx  state=reloaded

- name: mysql play
  hosts: dbservers
  remote_user: root
  gather_facts: false
  tasks:
  - name: disable mysql_server firewalld
    service: name=firewalld  state=stopped  enabled=no
  - name: disable mysql_server selinux
    command: 'setenforce 0'
    ignore_errors: true
  - name: remove mariadb
    yum: name=mariadb*  state=absent
  - name: copy mysql repo
    copy: src=/opt/mysql/mysql-community.repo  dest=/etc/yum.repos.d/
  - name: modify mysql repo
    replace: path=/etc/yum.repos.d/mysql-community.repo  regexp="gpgcheck=1"  replace="gpgcheck=0"
  - name: install mysql
    yum: name=mysql-server state=present
  - name: start mysql
    service: name=mysqld  state=started  enabled=yes
  - name: init mysql
    script: '/opt/mysql/mysql-init.sh'

- name: php play
  hosts: phpservers
  remote_user: root
  gather_facts: false
  vars:
  - php_username: nginx
  - php_addr: 192.168.80.30:9000
  - nginx_addr: 192.168.80.20
  - root_dir: /var/www/html
  tasks:
  - name: disable php_server firewalld
    service: name=firewalld  state=stopped  enabled=no
  - name: disable php_server selinux
    command: 'setenforce 0'
  - name: unarchive php tar pkg
    unarchive: copy=yes  src=/opt/php/php.tar.gz  dest=/mnt/
  - name: copy local repo
    copy: src=/opt/php/local.repo  dest=/etc/yum.repos.d/
  - name: create repo
    shell: 'createrepo /mnt && yum clean all && yum makecache'
  - name: install php
    yum: name=php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache,php72w-ldap,php72w-bcmath  state=present
  - name: create php user
    user: name={{php_username}}  shell=/sbin/nologin  create_home=no
  - name: modify php.ini
    replace: path=/etc/php.ini  regexp=";date.timezone ="  replace="date.timezone = Asia/Shanghai"
  - name: modify user and group in www.conf
    replace: path=/etc/php-fpm.d/www.conf  regexp="apache"  replace="{{php_username}}"
    notify: "reload php-fpm"
  - name: modify listen in www.conf
    replace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1:9000"  replace="{{php_addr}}"
    notify: "reload php-fpm"
  - name: modify listen.allowed_clients in www.conf
    replace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1"  replace="{{nginx_addr}}"
    notify: "reload php-fpm"
  - name: start php-fpm
    service: name=php-fpm  state=started  enabled=yes
  - name: create www root dir
    file: path={{root_dir}}  state=directory
  - name: mount nfs
    mount: src="{{nginx_addr}}:{{root_dir}}"  path={{root_dir}}  fstype=nfs  state=mounted  opts="defaults,_netdev"
  handlers:
  - name: reload php-fpm
    service: name=php-fpm  state=reloaded
相关推荐
千航@abc3 天前
深度剖析 ansible:从部署基础到模块运用及剧本编写
运维·centos·ansible
一只栖枝3 天前
RHCA核心课程技术解析3:Ansible 自动化平台深度实践指南
linux·服务器·自动化·ansible·运维工程师·红帽认证·rhce认证
chairon4 天前
Ansible:playbook实战案例
运维·服务器·网络·ansible
leo·Thomas6 天前
什么是 Ansible Playbook?
ansible·playbook
luojiaao8 天前
【CICD】Ansible知识库
ansible
hhzz9 天前
从零开始使用 Ansible 自动化部署 SpringBoot Web 应用(含 MySQL、Redis、Vue、Nginx)
前端·自动化·ansible
zxnbmk13 天前
ansible速查手册
linux·服务器·ansible
book012113 天前
Ansible 自动化运维
运维·自动化·ansible
巷子里的童年ya13 天前
Ansible模块
linux·centos·ansible
IT成长日记14 天前
Ansible命令行模式常用模块使用案例(三)
linux·ansible·自动化运维·ad-hoc 模式)