Ansible 的脚本 --- playbook 剧本

目录

[1. playbooks 各部分组成](#1. playbooks 各部分组成)

[2. playbook剧本实战演练](#2. playbook剧本实战演练)

[2.1 实战演练一:给被管理主机安装Apache服务](#2.1 实战演练一:给被管理主机安装Apache服务)

[2.2 实战演练二:使用sudo命令将远程主机创建组](#2.2 实战演练二:使用sudo命令将远程主机创建组)

[2.3 实战演练三:when条件判断指定的IP地址](#2.3 实战演练三:when条件判断指定的IP地址)

[2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户](#2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户)

[2.5 实战演练四:在playbook剧本中基于Templates模块创建标签](#2.5 实战演练四:在playbook剧本中基于Templates模块创建标签)

[2.6 实战演练五:在playbook剧本搭建lnmp](#2.6 实战演练五:在playbook剧本搭建lnmp)


1. playbooks 各部分组成

(1)Tasks:任务,即通过 task 调用 ansible 的模块将多个操作组织在一个 playbook 中运行
(2)Variables:变量
(3)Templates:模板
(4)Handlers:处理器,当changed状态条件满足时,(notify)触发执行的操作
(5)Roles:角色

2. playbook剧本实战演练

2.1 实战演练一:给被管理主机安装Apache服务

在ansible服务器主机,给远程被管理主机制作安装Apache服务的剧本文件demo1.yaml

prettyprint 复制代码
cd /etc/yum.repos.d/     #制作本地yum源
cd /etc/ansible/playbook/    #将修改后的httpd.conf文件复制到当前目录中

vim /etc/ansible/playbook/play1.yaml 

- name: first play
  gather_facts: false
  hosts: webservers
  remote_user: root
  vars:
  - http_port: 8080
  tasks:
  - name: disable firewalld
    service: name=firewalld state=stopped enabled=no
  - name: disable selinux
    command: 'setenforce 0'
    ignore_errors: yes
  - name: copy local yum repo
    copy: src=/etc/yum.repos.d/local.repo  dest=/etc/yum.repos.d/local.repo
  - name: mount cdrom
    mount: src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted
  - name: install httpd
    yum: name=httpd  state=latest
  - name: copy config template file
    template: src=httpd.conf.j2  dest=/etc/httpd/conf/httpd.conf
    notify: "reload httpd"
  - name: start httpd
    service: name=httpd state=started enabled=yes
  handlers:
  - name: reload httpd
    service: name=httpd state=reloaded

运行playbook

prettyprint 复制代码
ansible-playbook test1.yaml
//补充参数:
-k(--ask-pass):用来交互输入ssh密码
-K(-ask-become-pass):用来交互输入sudo密码
-u:指定用户
ansible-playbook play1.yaml --syntax-check    #检查yaml文件的语法是否正确
ansible-playbook play1.yaml --list-task       #检查tasks任务
ansible-playbook play1.yaml --list-hosts      #检查生效的主机
ansible-playbook play1.yaml --start-at-task='install httpd'     #指定从某个task开始运行
ansible-playbook play1.yaml
systemctl status httpd   #在被控制的主机查看

2.2 实战演练二:使用sudo命令将远程主机创建组

在ansible服务器主机,给远程被管理主机制作创建组xy103用户为lixang,并获取网关,主机sudo切换用户plsy2.yaml

vim /etc/ansible/playbook/play2.yaml 

- name: second play
  remote_user: kongxin
  become: yes
  become_user: root
  hosts: dbservers
  gather_facts: true
  vars:
  - myname: liliang
  - myclass: xy103
  tasks:
  - name: create group
    group:
      name: "{{myclass}}"
  - name: create user
    user:
      name: "{{myname}}"
      groups: "{{myclass}}"
  - name: copy file
    copy:
      content: "{{ansible_default_ipv4.gateway}}"
      dest: /opt/gateway.txt
ansible-playbook play2.yaml

再被管理主机上查看

ansible-playbook test1.yaml -e "myname=kongxin"     #在命令行里定义变量

ansible-playbook play2.yaml -k -K

2.3 实战演练三:when条件判断指定的IP地址

在Ansible中,提供的唯一一个通用的条件判断是when指令,当when指令的值为true时,则该任务执行,否则不执行该任务。

- name: third play
  remote_user: root
  hosts: webservers
  gather_facts: true
  tasks:
  - name: copy scj.sh to 80.30
    copy: src=/opt/kx.sh  dest=/opt/
    when: ansible_default_ipv4.address == "192.168.80.30"

  - name: run kx.sh on 80.20 and 80.30
    script: '/opt/kx.sh scj tangjun'
    when: inventory_hostname != "192.168.80.30"

2.4 实战演练四:使用with_items迭代循环在远程主机创建组和用户

- name: fourth play
  remote_user: root
  hosts: dbservers
  gather_facts: no
  vars:
  - mygroups: ["xy101", "xy102", "xy103", "xy104"]
  - myusers:
    - {myname: zhangsan, myclass: xy101}
    - {myname: lisi, myclass: xy102}
    - {myname: wangwu, myclass: xy103}
    - {myname: zhaoliu, myclass: xy104}
  tasks:
  - name: create groups
    group: name={{item}}
    with_items: "{{mygroups}}"

  - name: create users
    user: name={{item.myname}} groups={{item.myclass}}
    with_items: "{{myusers}}"
ansible-playbook play.yaml 

2.5 实战演练四:在playbook剧本中基于Templates模块创建标签

可以在一个playbook中为某个或某些任务定义"标签",在执行此playbook时通过ansible-playbook命令使用--tags选项能实现仅运行指定的tasks。
playbook还提供了一个特殊的tags为always。作用就是当使用always作为tags的task时,无论执行哪一个tags时,定义有always的tags都会执行。

- name: third play
  remote_user: root
  hosts: dbservers
  gather_facts: true
  tasks:
  - name: copy file
    copy: src=/etc/hosts dest=/opt/
    tags:
    - test
  
  - name: touch file
    file: path=/opt/myhosts  state=touch
    tags: 
    - only
    - always
~             
ansible-playbook play5.yaml --tags="test"
ansible-playbook play5.yaml --tags="only"

添加always标签都会执行

ansible-playbook play5.yaml --tags="always"

2.6 实战演练五:在playbook剧本搭建lnmp

192.168.80.10 centos 7-1

192.168.80.20 centos 7-2

192.168.80.30 centos 7-3

192.168.80.40 centos 7-4

免交互

ssh-copy-id root@192.168.80.20
ssh-copy-id root@192.168.80.30
ssh-copy-id root@192.168.80.40

vim /etc/ansible/hosts

编写palybook

- name: nginx play
  hosts: webservers
  remote_user: root
  gather_facts: false
  vars:
  - nginx_addr: 192.168.80.20
  - nginx_port: 80
  - nginx_hostname: www.xy101.com
  - root_dir: /var/www/html
  - php_addr: 192.168.80.30
  - php_port: 9000
  tasks:
  - name: disable firewalld
    service: name=firewalld  state=stopped  enabled=no
  - name: disable selinux
    command: 'setenforce 0'
    ignore_errors: true
  - name: copy nginx repo
    copy: src=/opt/nginx/nginx.repo  dest=/etc/yum.repos.d/
  - name: install nginx
    yum: name=nginx state=latest
  - name: create root dir
    file: path={{root_dir}}  state=directory
  - name: copy nginx config template file
    template: src=/opt/nginx/nginx.conf.j2  dest=/etc/nginx/nginx.conf
    notify: 'reload nginx'
  - name: create nfs config
    copy: content="{{root_dir}} 192.168.80.0/24(rw,sync,no_root_squash)"  dest=/etc/exports
  - name: restart rpcbind,nfs,nginx
    service: name={{item}}  state=restarted  enabled=yes
    with_items:
    - rpcbind
    - nfs
    - nginx

  handlers:
  - name: reload nginx
    service: name=nginx  state=reloaded

- name: mysql play
  hosts: dbservers
  remote_user: root
  gather_facts: false
  tasks:
  - name: disable mysql_server firewalld
    service: name=firewalld  state=stopped  enabled=no
  - name: disable mysql_server selinux
    command: 'setenforce 0'
    ignore_errors: true
  - name: remove mariadb
    yum: name=mariadb*  state=absent
  - name: copy mysql repo
    copy: src=/opt/mysql/mysql-community.repo  dest=/etc/yum.repos.d/
  - name: modify mysql repo
    replace: path=/etc/yum.repos.d/mysql-community.repo  regexp="gpgcheck=1"  replace="gpgcheck=0"
  - name: install mysql
    yum: name=mysql-server state=present
  - name: start mysql
    service: name=mysqld  state=started  enabled=yes
  - name: init mysql
    script: '/opt/mysql/mysql-init.sh'

- name: php play
  hosts: phpservers
  remote_user: root
  gather_facts: false
  vars:
  - php_username: nginx
  - php_addr: 192.168.80.30:9000
  - nginx_addr: 192.168.80.20
  - root_dir: /var/www/html
  tasks:
  - name: disable php_server firewalld
    service: name=firewalld  state=stopped  enabled=no
  - name: disable php_server selinux
    command: 'setenforce 0'
  - name: unarchive php tar pkg
    unarchive: copy=yes  src=/opt/php/php.tar.gz  dest=/mnt/
  - name: copy local repo
    copy: src=/opt/php/local.repo  dest=/etc/yum.repos.d/
  - name: create repo
    shell: 'createrepo /mnt && yum clean all && yum makecache'
  - name: install php
    yum: name=php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache,php72w-ldap,php72w-bcmath  state=present
  - name: create php user
    user: name={{php_username}}  shell=/sbin/nologin  create_home=no
  - name: modify php.ini
    replace: path=/etc/php.ini  regexp=";date.timezone ="  replace="date.timezone = Asia/Shanghai"
  - name: modify user and group in www.conf
    replace: path=/etc/php-fpm.d/www.conf  regexp="apache"  replace="{{php_username}}"
    notify: "reload php-fpm"
  - name: modify listen in www.conf
    replace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1:9000"  replace="{{php_addr}}"
    notify: "reload php-fpm"
  - name: modify listen.allowed_clients in www.conf
    replace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1"  replace="{{nginx_addr}}"
    notify: "reload php-fpm"
  - name: start php-fpm
    service: name=php-fpm  state=started  enabled=yes
  - name: create www root dir
    file: path={{root_dir}}  state=directory
  - name: mount nfs
    mount: src="{{nginx_addr}}:{{root_dir}}"  path={{root_dir}}  fstype=nfs  state=mounted  opts="defaults,_netdev"
  handlers:
  - name: reload php-fpm
    service: name=php-fpm  state=reloaded
相关推荐
墨水\\4 小时前
Ansible部署及基础模块
服务器·网络·ansible
七七powerful4 小时前
ansible play-book玩法
linux·服务器·ansible
Karoku0662 天前
【自动化部署】Ansible循环
linux·运维·数据库·docker·容器·自动化·ansible
W u 小杰2 天前
Ansible基本用法
服务器·网络·ansible
运维小文2 天前
ansible剧本快速上手
linux·运维·python·自动化·ansible·幂等性·剧本
记得多喝水o2 天前
Ansible自动化运维 技术与最佳实践
运维·自动化·ansible
Karoku0662 天前
【自动化部署】Ansible Playbook 基础应用
运维·网络·docker·容器·自动化·ansible·consul
运维小文3 天前
ansible的流程控制
python·自动化·ansible·脚本
高hongyuan5 天前
Ansible 简介及常用命令 安装部署tomcat -单机版
运维·自动化·ansible
澜堇6 天前
深入理解 Ansible Playbook:组件与实战
linux·运维·ansible