文章目录
- 一、user模块—创建用户并设置密码
- 二、authorized_key模块上传公钥,配置ssh免密
- 三、mysql_db模块创建数据库
- 四、mysql_user模块创建用户并授权
- 五、yum模块
- 六、shell模块
- `切换目录,并执行多行命令`
- 七、wait_for模块
- `检查端口`
- `安装前检查端口状态,根据端口状态调用不同的playbook`
- `安装/卸载后检查端口状态`
- 八、unarchive模块—传包并解压
- `在主控端先解压,再拷贝到被控端机器`
- `在被控端机器解压包到被控端机器下`
- 九、uri模块
- 十、with_fileglob模块,遍历文件
- 十一、systemd模块,控制服务启停
- `启动服务,并设置开机自启`
- `重启服务`
- `停止服务`
- file模块
- 修改文件权限
- 递归修改目录权限
一、user模块—创建用户并设置密码
- name: create user
user: name={{ item.name }} password={{ item.chpass | password_hash('sha512') }} update_password=always
with_items:
- { name: "devops", chpass: '1q2w3e4r' }update_password的值:
always:每次都更新密码
on_create:创建新用户时才设置密码二、authorized_key模块上传公钥,配置ssh免密
在hosts中配置远程主机的密码
[mysql]
192.168.1.2 ansible_ssh_pass="123456"ansible写法:
ansible mysql -m authorized_key -a "user=root state=present key='{{ lookup('file', '/home/devops/.ssh/id_rsa.pub') }}'"ansible-playbook写法:
- name: push ssh pub key
authorized_key:
user: "root"
key: "{{ lookup('file', '/home/devops/.ssh/id_rsa.pub') }}"
state: presentansible用authorized_key模块批量推送密钥到受控主机(免密登录)
三、mysql_db模块创建数据库
- name: create schema
mysql_db:
login_host: "{{ MYSQL_IP }}"
login_user: "{{ MYSQL_ADMIN_USER }}"
login_password: "{{ MYSQL_ADMIN_PWD }}"
login_port: "{{ MYSQL_PORT }}"
name:
- db1
- db2
encoding: "utf8mb4"
collation: "utf8mb4_bin"
state: "present"四、mysql_user模块创建用户并授权
- name: grant mysql user
mysql_user:
login_host: "{{ MYSQL_IP }}"
login_user: "{{ MYSQL_ADMIN_USER }}"
login_password: "{{ MYSQL_ADMIN_PWD }}"
login_port: "{{ MYSQL_PORT }}"
name: "{{ MYSQL_ACCESS_USER }}"
password: "{{ MYSQL_ACCESS_PWD }}"
update_password: "on_create"
host: "%"
priv: "db1.*:ALL/db2.*:ALL"
state: "present"五、yum模块
- name: install MySQL-python unzip
yum:
name: ['MySQL-python', 'unzip']
update_cache: yes六、shell模块
切换目录,并执行多行命令
- name: download sql dump
become: yes
become_user: root #切换为root用户执行shell命令
shell:
cmd: |
unzip a.zip
unzip b.zip
chdir: /data/mysql #切换到/data/mysql目录执行上述命令七、wait_for模块
检查端口
检查端口,端口down,为真,端口up为假,timeout时间要大于delay
- name: check mysql port
wait_for:
port: 3306
state: stopped #端口down为真
delay: 1 #1秒后开始检查
timeout: 2 #检查超时时间2秒
msg: "3306 Is Up" #如果检查失败,输出该信息安装前检查端口状态,根据端口状态调用不同的playbook
- block:
- name: check nginx port {{ NGINX_PORT }}
wait_for: port={{ NGINX_PORT }} state=stopped delay=1 timeout=2
- set_fact: service_status="Down"
- debug: msg="{{ NGINX_PORT }} is Down"
rescue:
- debug: msg="{{ NGINX_PORT }} Is Up"
- set_fact: service_status="Up"
- include: install_nginx.yml
when: 'service_status == "Down" and action == "install"'
- include: uninstall_nginx.yml
when: 'service_status == "Up" and action == "uninstall"'
- include: install_nginx.yml
when: action == "upgrade"安装/卸载后检查端口状态
#检测端口是否启动成功
- block:
- name: start {{ svc_port }} port...
wait_for:
port: "{{ svc_port }}"
state: started
delay: 3
timeout: 4
- name: start {{ svc_port }} port success
set_fact: service_status="Up"
rescue:
- set_fact: service_status="Down"
- debug: msg="{{ svc_port }} is Down"
- name: start fail
shell: echo "{{ service_status }}"
register: result
failed_when: result.stdout == "Down"
when: 'check_status == "start"'
#检测端口是否停止成功
- block:
- name: stop {{ svc_port }} port...
wait_for:
port: "{{ svc_port }}"
state: stopped
delay: 2
timeout: 3
- name: stop {{ svc_port }} port success
set_fact: service_status="Down"
rescue:
- set_fact: service_status="Up"
- debug: msg="{{ svc_port }} is Up"
- name: start fail
shell: echo "{{ service_status }}"
register: result
failed_when: result.stdout == "Up"
when: 'check_status == "stop"'八、unarchive模块—传包并解压
在主控端先解压,再拷贝到被控端机器
- name: unarchive and copy {{ MYSQL_IMAGE_NAME }}
unarchive:
src: "/data/docker_images/{{ MYSQL_IMAGE_NAME }}"
dest: "{{ MYSQL_DATA }}"
mode: 0755
remote_src: no #代表被控端机器没有包,需要先解压再拷贝在被控端机器解压包到被控端机器下
- name: unarchive {{ MYSQL_IMAGE_NAME }}
unarchive:
src: "{{ MYSQL_DATA }}/{{ MYSQL_IMAGE_NAME }}"
dest: "{{ MYSQL_DATA }}"
mode: 0755
remote_src: yes #代表被控端机器存在该包,不需要拷贝九、uri模块
until: 直到后面的条件满足才为真
retries: 重试次数
delay: 每隔n秒钟检测一次
- name: check service is health
uri:
url: "http://127.0.0.1:{{ APP_PORT}}/healthz"
register: result
until: result.status == 200
retries: 20 #(最长等待20*5=100s)
delay: 5十、with_fileglob模块,遍历文件
参考文章:
ansible 中的循环(七) with_file 和 with_fileglob
遍历zip包并传到远程主机
- name: copy web pkg
copy: src="{{ item }}" dest="{{ NGINX_DATA }}/data" mode=0755
with_fileglob:
- "html/*.zip"
- "web/*.zip"十一、systemd模块,控制服务启停
启动服务,并设置开机自启
- name: start datakit
systemd:
name: datakit
enabled: yes #允许开机自启
state: started
daemon_reload: yes #重载配置文件
when: action == "start"重启服务
- name: restart datakit
systemd:
name: datakit
state: restarted
when: action == "restart"停止服务
- name: stop datakit
systemd:
name: datakit
state: stopped
when: action == "stop"file模块
修改文件权限
- name: Recursively change ownership of a directory
file:
path: /tmp/2.txt
owner: devops
group: devops递归修改目录权限
- name: Recursively change ownership of a directory
file:
path: /tmp/onedir
owner: devops
group: devops
recurse: yes
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
