Ansible 的脚本 --- playbook 剧本

目录

[1. playbooks 各部分组成](#1. playbooks 各部分组成)

[2. playbook剧本实战演练](#2. playbook剧本实战演练)

[2.1 实战演练一:给被管理主机安装Apache服务](#2.1 实战演练一:给被管理主机安装Apache服务)

[2.2 实战演练二:使用sudo命令将远程主机创建组](#2.2 实战演练二:使用sudo命令将远程主机创建组)

[2.3 实战演练三:when条件判断指定的IP地址](#2.3 实战演练三:when条件判断指定的IP地址)

[2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户](#2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户)

[2.5 实战演练四:在playbook剧本中基于Templates模块创建标签](#2.5 实战演练四:在playbook剧本中基于Templates模块创建标签)

[2.6 实战演练五:在playbook剧本搭建lnmp](#2.6 实战演练五:在playbook剧本搭建lnmp)


1. playbooks 各部分组成

(1)Tasks:任务,即通过 task 调用 ansible 的模块将多个操作组织在一个 playbook 中运行
(2)Variables:变量
(3)Templates:模板
(4)Handlers:处理器,当changed状态条件满足时,(notify)触发执行的操作
(5)Roles:角色

2. playbook剧本实战演练

2.1 实战演练一:给被管理主机安装Apache服务

在ansible服务器主机,给远程被管理主机制作安装Apache服务的剧本文件demo1.yaml

prettyprint 复制代码
cd /etc/yum.repos.d/     #制作本地yum源
cd /etc/ansible/playbook/    #将修改后的httpd.conf文件复制到当前目录中

vim /etc/ansible/playbook/play1.yaml 

- name: first play
  gather_facts: false
  hosts: webservers
  remote_user: root
  vars:
  - http_port: 8080
  tasks:
  - name: disable firewalld
    service: name=firewalld state=stopped enabled=no
  - name: disable selinux
    command: 'setenforce 0'
    ignore_errors: yes
  - name: copy local yum repo
    copy: src=/etc/yum.repos.d/local.repo  dest=/etc/yum.repos.d/local.repo
  - name: mount cdrom
    mount: src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted
  - name: install httpd
    yum: name=httpd  state=latest
  - name: copy config template file
    template: src=httpd.conf.j2  dest=/etc/httpd/conf/httpd.conf
    notify: "reload httpd"
  - name: start httpd
    service: name=httpd state=started enabled=yes
  handlers:
  - name: reload httpd
    service: name=httpd state=reloaded

运行playbook

prettyprint 复制代码
ansible-playbook test1.yaml
//补充参数:
-k(--ask-pass):用来交互输入ssh密码
-K(-ask-become-pass):用来交互输入sudo密码
-u:指定用户
ansible-playbook play1.yaml --syntax-check    #检查yaml文件的语法是否正确
ansible-playbook play1.yaml --list-task       #检查tasks任务
ansible-playbook play1.yaml --list-hosts      #检查生效的主机
ansible-playbook play1.yaml --start-at-task='install httpd'     #指定从某个task开始运行
复制代码
ansible-playbook play1.yaml
systemctl status httpd   #在被控制的主机查看

2.2 实战演练二:使用sudo命令将远程主机创建组

在ansible服务器主机,给远程被管理主机制作创建组xy103用户为lixang,并获取网关,主机sudo切换用户plsy2.yaml

复制代码
vim /etc/ansible/playbook/play2.yaml 

- name: second play
  remote_user: kongxin
  become: yes
  become_user: root
  hosts: dbservers
  gather_facts: true
  vars:
  - myname: liliang
  - myclass: xy103
  tasks:
  - name: create group
    group:
      name: "{{myclass}}"
  - name: create user
    user:
      name: "{{myname}}"
      groups: "{{myclass}}"
  - name: copy file
    copy:
      content: "{{ansible_default_ipv4.gateway}}"
      dest: /opt/gateway.txt
复制代码
ansible-playbook play2.yaml

再被管理主机上查看

复制代码
ansible-playbook test1.yaml -e "myname=kongxin"     #在命令行里定义变量

复制代码
ansible-playbook play2.yaml -k -K

2.3 实战演练三:when条件判断指定的IP地址

在Ansible中,提供的唯一一个通用的条件判断是when指令,当when指令的值为true时,则该任务执行,否则不执行该任务。

复制代码
- name: third play
  remote_user: root
  hosts: webservers
  gather_facts: true
  tasks:
  - name: copy scj.sh to 80.30
    copy: src=/opt/kx.sh  dest=/opt/
    when: ansible_default_ipv4.address == "192.168.80.30"

  - name: run kx.sh on 80.20 and 80.30
    script: '/opt/kx.sh scj tangjun'
    when: inventory_hostname != "192.168.80.30"

2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户

复制代码
- name: fourth play
  remote_user: root
  hosts: dbservers
  gather_facts: no
  vars:
  - mygroups: ["xy101", "xy102", "xy103", "xy104"]
  - myusers:
    - {myname: zhangsan, myclass: xy101}
    - {myname: lisi, myclass: xy102}
    - {myname: wangwu, myclass: xy103}
    - {myname: zhaoliu, myclass: xy104}
  tasks:
  - name: create groups
    group: name={{item}}
    with_items: "{{mygroups}}"

  - name: create users
    user: name={{item.myname}} groups={{item.myclass}}
    with_items: "{{myusers}}"
复制代码
ansible-playbook play.yaml 

2.5 实战演练四:在playbook剧本中基于Templates模块创建标签

可以在一个playbook中为某个或某些任务定义"标签",在执行此playbook时通过ansible-playbook命令使用--tags选项能实现仅运行指定的tasks。
playbook还提供了一个特殊的tags为always。作用就是当使用always作为tags的task时,无论执行哪一个tags时,定义有always的tags都会执行。

复制代码
- name: third play
  remote_user: root
  hosts: dbservers
  gather_facts: true
  tasks:
  - name: copy file
    copy: src=/etc/hosts dest=/opt/
    tags:
    - test
  
  - name: touch file
    file: path=/opt/myhosts  state=touch
    tags: 
    - only
    - always
~             
复制代码
ansible-playbook play5.yaml --tags="test"
复制代码
ansible-playbook play5.yaml --tags="only"

添加always标签都会执行

复制代码
ansible-playbook play5.yaml --tags="always"

2.6 实战演练五:在playbook剧本搭建lnmp

192.168.80.10 centos 7-1

192.168.80.20 centos 7-2

192.168.80.30 centos 7-3

192.168.80.40 centos 7-4

免交互

复制代码
ssh-copy-id root@192.168.80.20
ssh-copy-id root@192.168.80.30
ssh-copy-id root@192.168.80.40

vim /etc/ansible/hosts

编写palybook

复制代码
- name: nginx play
  hosts: webservers
  remote_user: root
  gather_facts: false
  vars:
  - nginx_addr: 192.168.80.20
  - nginx_port: 80
  - nginx_hostname: www.xy101.com
  - root_dir: /var/www/html
  - php_addr: 192.168.80.30
  - php_port: 9000
  tasks:
  - name: disable firewalld
    service: name=firewalld  state=stopped  enabled=no
  - name: disable selinux
    command: 'setenforce 0'
    ignore_errors: true
  - name: copy nginx repo
    copy: src=/opt/nginx/nginx.repo  dest=/etc/yum.repos.d/
  - name: install nginx
    yum: name=nginx state=latest
  - name: create root dir
    file: path={{root_dir}}  state=directory
  - name: copy nginx config template file
    template: src=/opt/nginx/nginx.conf.j2  dest=/etc/nginx/nginx.conf
    notify: 'reload nginx'
  - name: create nfs config
    copy: content="{{root_dir}} 192.168.80.0/24(rw,sync,no_root_squash)"  dest=/etc/exports
  - name: restart rpcbind,nfs,nginx
    service: name={{item}}  state=restarted  enabled=yes
    with_items:
    - rpcbind
    - nfs
    - nginx

  handlers:
  - name: reload nginx
    service: name=nginx  state=reloaded

- name: mysql play
  hosts: dbservers
  remote_user: root
  gather_facts: false
  tasks:
  - name: disable mysql_server firewalld
    service: name=firewalld  state=stopped  enabled=no
  - name: disable mysql_server selinux
    command: 'setenforce 0'
    ignore_errors: true
  - name: remove mariadb
    yum: name=mariadb*  state=absent
  - name: copy mysql repo
    copy: src=/opt/mysql/mysql-community.repo  dest=/etc/yum.repos.d/
  - name: modify mysql repo
    replace: path=/etc/yum.repos.d/mysql-community.repo  regexp="gpgcheck=1"  replace="gpgcheck=0"
  - name: install mysql
    yum: name=mysql-server state=present
  - name: start mysql
    service: name=mysqld  state=started  enabled=yes
  - name: init mysql
    script: '/opt/mysql/mysql-init.sh'

- name: php play
  hosts: phpservers
  remote_user: root
  gather_facts: false
  vars:
  - php_username: nginx
  - php_addr: 192.168.80.30:9000
  - nginx_addr: 192.168.80.20
  - root_dir: /var/www/html
  tasks:
  - name: disable php_server firewalld
    service: name=firewalld  state=stopped  enabled=no
  - name: disable php_server selinux
    command: 'setenforce 0'
  - name: unarchive php tar pkg
    unarchive: copy=yes  src=/opt/php/php.tar.gz  dest=/mnt/
  - name: copy local repo
    copy: src=/opt/php/local.repo  dest=/etc/yum.repos.d/
  - name: create repo
    shell: 'createrepo /mnt && yum clean all && yum makecache'
  - name: install php
    yum: name=php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache,php72w-ldap,php72w-bcmath  state=present
  - name: create php user
    user: name={{php_username}}  shell=/sbin/nologin  create_home=no
  - name: modify php.ini
    replace: path=/etc/php.ini  regexp=";date.timezone ="  replace="date.timezone = Asia/Shanghai"
  - name: modify user and group in www.conf
    replace: path=/etc/php-fpm.d/www.conf  regexp="apache"  replace="{{php_username}}"
    notify: "reload php-fpm"
  - name: modify listen in www.conf
    replace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1:9000"  replace="{{php_addr}}"
    notify: "reload php-fpm"
  - name: modify listen.allowed_clients in www.conf
    replace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1"  replace="{{nginx_addr}}"
    notify: "reload php-fpm"
  - name: start php-fpm
    service: name=php-fpm  state=started  enabled=yes
  - name: create www root dir
    file: path={{root_dir}}  state=directory
  - name: mount nfs
    mount: src="{{nginx_addr}}:{{root_dir}}"  path={{root_dir}}  fstype=nfs  state=mounted  opts="defaults,_netdev"
  handlers:
  - name: reload php-fpm
    service: name=php-fpm  state=reloaded
相关推荐
leo__5202 天前
自动化运维:使用Ansible简化日常任务
运维·自动化·ansible
风清再凯7 天前
自动化工具ansible,以及playbook剧本
运维·自动化·ansible
IT乌鸦坐飞机7 天前
ansible部署数据库服务随机启动并创建用户和设置用户有完全权限
数据库·ansible·centos7
遇见火星20 天前
如何使用Ansible一键部署MinIO集群?
ansible
粥周粥20 天前
ANSIBLE
ansible
码农101号20 天前
Linux中ansible模块补充和playbook讲解
linux·运维·ansible
码农101号20 天前
Linux的Ansible软件基础使用讲解和ssh远程连接
ansible
烟雨书信21 天前
ANSIBLE运维自动化管理端部署
运维·自动化·ansible
碎碎-li21 天前
ANSIBLE(运维自动化)
运维·自动化·ansible
@donshu@24 天前
Linux运维-ansible-python开发-获取inventroy信息
linux·运维·ansible