Ansible playbook 实战
一、基础准备
#1.安装ansible
[root@m01 ~]# yum install -y ansible
#2.配置ansible
[root@m01 ~]# vim /etc/ansible/ansible.cfg
host_key_checking = False
#3.配置主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[lb_server]
lb01 ansible_ssh_pass='1'
lb02 ansible_ssh_pass='1'
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'
[nfs_server]
nfs ansible_ssh_pass='1'
[rsync_server]
backup ansible_ssh_pass='1'
[db_server]
db01 ansible_ssh_pass='1'
[nginx:children]
web_group
lb_server
#4.配置hosts
[root@m01 ~]# vim /etc/hosts
10.0.0.4 lb01
10.0.0.5 lb02
10.0.0.7 web01
10.0.0.8 web02
10.0.0.31 nfs
10.0.0.41 backup
10.0.0.51 db01
#5.创建统一目录
[root@m01 ~]# mkdir /project
[root@m01 ~]# cd /project/
二、编写剧本实例
1.第一部分:所有服务器优化
[root@m01 project]# cat base.yml
- hosts: all
tasks:
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
enabled: no
- name: Stop Selinux
selinux:
state: disabled
- name: Create www Group
group:
name: www
gid: 666
state: present
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
state: present
2.第二部分:nginx部分
1)安装方式
#源码包安装方式
1.上传包
2.解压
unarchive
3.生成
shell
4.编译
shell
5.安装
shell
#官方源方式
1.配置官方源
2.推送官方源
copy
3.安装nginx
yum
#rpm包的方式
1.上传包
2.推送包
copy
3.安装包
yum
2)准备工作
#1.准备nginx的rpm包
[root@m01 project]# mkdir package
[root@m01 project]# cd package/
[root@m01 package]# rz
[root@m01 package]# ll
total 768
-rw-r--r-- 1 root root 784272 Dec 10 09:13 nginx-1.16.1-1.el7.ngx.x86_64.rpm
#2.准备nginx配置文件
[root@m01 package]# vim /etc/nginx/nginx.conf
user www;
3)编写剧本
[root@m01 project]# cat nginx.yml
- hosts: nginx
tasks:
- name: Push nginx rpm
copy:
src: /project/package/nginx-1.16.1-1.el7.ngx.x86_64.rpm
dest: /tmp/
- name: Install Nginx Server
yum:
name: /tmp/nginx-1.16.1-1.el7.ngx.x86_64.rpm
state: present
- name: Config Nginx Server
copy:
src: /etc/nginx/nginx.conf
dest: /etc/nginx/
- name: Start Nginx Server
systemd:
name: nginx
state: started
3.第三部分:PHP部分
1)准备工作
#1.准备php的安装包
[root@m01 package]# rz
[root@m01 package]# ll
total 20192
-rw-r--r-- 1 root root 784272 Dec 10 09:13 nginx-1.16.1-1.el7.ngx.x86_64.rpm
-rw-r--r-- 1 root root 19889622 Nov 22 15:52 php.tar.gz
#2.准备配置文件
[root@m01 project]# mkdir conf
[root@m01 project]# mv /etc/php.ini conf/
[root@m01 project]# cp /etc/php-fpm.d/www.conf conf/
[root@m01 project]# vim conf/php.ini
upload_max_filesize = 200M
post_max_size = 300M
[root@m01 project]# vim conf/www.conf
user = www
group = www
2)编写剧本
[root@m01 project]# vim php.yml
- hosts: web_group
tasks:
- name: Tar php Package
unarchive:
src: /project/package/php.tar.gz
dest: /tmp/
- name: Install php Server
shell: "yum localinstall -y /tmp/*.rpm"
- name: Config php Server
copy:
src: /project/conf/php.ini
dest: /etc/
- name: Config php Server
copy:
src: /project/conf/www.conf
dest: /etc/php-fpm.d/
- name: Start php Server
systemd:
name: php-fpm
state: started
4.第四部分:配置wordpress网站
1)准备工作
#1.准备wordpress包
[root@m01 ~]# cd /project/package/
[root@m01 package]# rz
[root@m01 package]# ll
total 31032
-rw-r--r-- 1 root root 784272 Dec 10 09:13 nginx-1.16.1-1.el7.ngx.x86_64.rpm
-rw-r--r-- 1 root root 19889622 Nov 22 15:52 php.tar.gz
-rw-r--r-- 1 root root 11098483 Sep 12 17:52 wordpress-5.0.3-zh_CN.tar.gz
#2.准备wordpress配置文件
[root@m01 project]# vim conf/linux.wp.com.conf
server {
listen 80;
server_name linux.wp.com;
root /code/wordpress;
index index.php;
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
2)编写剧本
[root@m01 project]# cat wordpress.yml
- hosts: web_group
tasks:
- name: Create code Dir
file:
path: /code
state: directory
- name: Tar wordpress Code
unarchive:
src: /project/package/wordpress-5.0.3-zh_CN.tar.gz
dest: /code/
- name: Config wordpress DB
copy:
src: /project/conf/wp-config.php
dest: /code/wordpress
- name: Chown Code Dir
file:
path: /code
state: directory
owner: www
group: www
recurse: yes
- name: Config Nginx wordpress
copy:
src: /project/conf/linux.wp.com.conf
dest: /etc/nginx/conf.d/
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
5.第五部分:mariadb部分
1)MySQL相关模块
#1.mysql_db 模块
- name: Create a new database with name 'bobdata'
mysql_db:
name: bobdata #库的名字
state:
present #创建库
import #导入数据库
dump #导出数据库
target: /tmp/dump.sql #导入或导出的数据库文件
#2.mysql_user 模块
- name: Create database user with name 'bob' and password '12345' with all database privileges
mysql_user:
name: bob #用户名
host: 172.16.1.% #用户连接的主机
password: 12345 #用户密码
priv: '*.*:ALL' #用户权限
state:
present #创建用户
absent #删除用户
grant all privileges on *.* to bob@'172.16.1.%' identified by '12345'
1)编写剧本
[root@m01 project]# cat mariadb.yml
- hosts: db01
tasks:
- name: Install Mariadb Server
yum:
name: mariadb-server
state: present
- name: Start Mariadb Server
systemd:
name: mariadb
state: started
enabled: yes
- name: Create wordpress Database
mysql_db:
name: wordpress
state: present
- name: Create wordpress Database User
mysql_user:
name: wp
host: 172.16.1.%
password: 123456
priv: 'wordpress.*:ALL'
state: present
6.整合后的剧本
[root@m01 project]# cat blog.yml
- hosts: all
tasks:
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
enabled: no
- name: Stop Selinux
selinux:
state: disabled
- name: Create www Group
group:
name: www
gid: 666
state: present
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
state: present
- hosts: nginx
tasks:
- name: Push nginx rpm
copy:
src: /project/package/nginx-1.16.1-1.el7.ngx.x86_64.rpm
dest: /tmp/
- name: Install Nginx Server
yum:
name: /tmp/nginx-1.16.1-1.el7.ngx.x86_64.rpm
state: present
- name: Config Nginx Server
copy:
src: /etc/nginx/nginx.conf
dest: /etc/nginx/
- name: Start Nginx Server
systemd:
name: nginx
state: started
- hosts: web_group
tasks:
- name: Tar php Package
unarchive:
src: /project/package/php.tar.gz
dest: /tmp/
- name: Install php Server
shell: "yum localinstall -y /tmp/*.rpm"
- name: Config php Server
copy:
src: /project/conf/php.ini
dest: /etc/
- name: Config php Server
copy:
src: /project/conf/www.conf
dest: /etc/php-fpm.d/
- name: Start php Server
systemd:
name: php-fpm
state: started
- hosts: web_group
tasks:
- name: Create code Dir
file:
path: /code
state: directory
- name: Tar wordpress Code
unarchive:
src: /project/package/wordpress-5.0.3-zh_CN.tar.gz
dest: /code/
- name: Config wordpress DB
copy:
src: /project/conf/wp-config.php
dest: /code/wordpress
- name: Chown Code Dir
file:
path: /code
state: directory
owner: www
group: www
recurse: yes
- name: Config Nginx wordpress
copy:
src: /project/conf/linux.wp.com.conf
dest: /etc/nginx/conf.d/
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
- hosts: db01
tasks:
- name: Install Mariadb Server
yum:
name: mariadb-server
state: present
- name: Install MySQL-python Server
yum:
name: MySQL-python
state: present
- name: Start Mariadb Server
systemd:
name: mariadb
state: started
enabled: yes
- name: Create wordpress Database
mysql_db:
name: wordpress
state: present
- name: Create wordpress Database User
mysql_user:
name: "wp"
host: "172.16.1.%"
password: "123456"
priv: 'wordpress.*:ALL'
state: present
Ansible 变量
一、变量的介绍
1.概述
变量提供了便捷的方式来管理Ansible playbook的每一个项目中的动态值,比如nginx-1.6.3这个软件包的版本,在其它地方或许会反复使用,那么如果将此值设置为变量,然后再在其他的playbook中调用,会方便许多。如此一来还方便维护,减少维护的成本。
2.定义变量的方式
1.通过命令行进行变量定义
2.在play文件中进行变量定义
3.通过Inventory主机清单中进行变量定义
4.通过vars_file定义变量
5.通过hosts_vars和group_vars定义变量
#变量的优先级
如果在定义变量时,变量冲突了
在上述的三个地方分别设置了:
1.命令行中:age=11
2.play文件中:age=12
3.Inventory中:age=13
那么,最终的age结果一定是 11
变量的读取优先级:命令行 > playbook文件 > Inventory文件
#变量设置:命名时,应该由字母,数字,下划线组成,必须由字母开头
二、变量的定义
1.在playbook文件中进行变量定义
1)方式一:在模块下定义变量
[root@m01 project]# vim yum.yml
- hosts: db01
tasks:
- name: Installed http Server
yum:
name: "{{ packages }}"
vars:
packages:
- httpd
- httpd-tools
#问题:
1.如果将变量设置到模块下,那么其他的name是不识别的
2)方式二:在hosts下定义变量
[root@m01 project]# vim yum.yml
- hosts: db01
vars:
packages:
- httpd
- httpd-tools
tasks:
- name: Installed http Server
yum:
name: "{{ packages }}"
- name: Mkdir Dir
file:
path: /tmp/{{ packages }}
state: directory
#问题:
1.创建目录时可能会出现格式转换问题
2.如果将变量设置到hosts下,那么其他的hosts是不识别的
3)方式三:在hosts下面定义多个变量
[root@m01 project]# vim yum.yml
- hosts: db01
vars:
packages:
- httpd
- httpd-tools
dbs:
- mariadb-server
- MySQL-python
tasks:
- name: Installed http Server
yum:
name: "{{ packages }}"
- name: Installed Mariadb Server
yum:
name: "{{ dbs }}"
2.通过vars_file定义变量
刚才我们学到在playbook中使用vars定义变量,有一个缺陷,就是其他的playbook无法使用该变量。所以我们可以采取第二种定义变量的方式,在vars_file中定义变量。
1)准备变量文件
[root@m01 project]# mkdir vars
[root@m01 project]# cd vars/
[root@m01 vars]# vim vars.yml
packages: httpd
dbs: mariadb-server
2)调用变量文件
[root@m01 project]# vim yum.yml
- hosts: db01
vars_files: /project/vars/vars.yml
tasks:
- name: Installed http Server
yum:
name: "{{ packages }}"
- hosts: db01
vars_files: /project/vars/vars.yml
tasks:
- name: Installed http Server
yum:
name: "{{ dbs }}"
3.通过Inventory主机清单中进行变量定义
1)配置主机清单
[root@m01 project]# vim /etc/ansible/hosts
... ...
[db_server]
db01 ansible_ssh_pass='1'
[db_server:vars]
web=suibianshezhideneirong
2)调用变量
[root@m01 project]# vim yum.yml
- hosts: db_server
tasks:
- name: Touch File
file:
path: /tmp/{{ web }}
state: touch
#注意:
1.主机清单中定义变量,只要hosts配置的是主机清单中设置变量的组,可以直接使用变量
2.如果hosts配置的不是主机清单中设置变量的组,变量不可识别
3)主机清单定义变量注意
1.设置主机清单的变量
[root@m01 project]# vim /etc/ansible/hosts
[lb_server]
lb01 ansible_ssh_pass='1'
lb02 ansible_ssh_pass='1'
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'
[nginx:children]
web_group
lb_server
[nginx:vars]
web=nginx_group
[web_group:vars]
web=nginx_host
2.主机组定义的变量优先级高于整合组定义的变量
3.主机定义的变量优先级高于主机组定义的变量
4.通过hosts_vars和group_vars定义变量
之前的几种变量定义都不是很好用,比较好用的是在Ansible项目目录下创建两个变量目录:
host_vars
group_vars
切记,目录名字一定要一致,不能做任何修改。
1)主机组定义变量
#1.创建主机组变量的目录,不能改名字
[root@m01 project]# mkdir group_vars
#2.目录下创建变量文件,文件的名字要跟主机清单中主机组名字一致
[root@m01 project]# cd group_vars/
[root@m01 group_vars]# vim web_group
file: group_vars
#3.调用变量
[root@m01 project]# vim test.yml
- hosts: web_group
tasks:
- name: Touch File
file:
path: /tmp/{{ file }}
state: touch
#4.注意:
1.只要剧本中的hosts与设置变量的主机组名字相同,就可以直接使用变量
2)主机定义变量
#1.创建主机变量的目录,不能改名字
[root@m01 project]# mkdir host_vars
#2.目录下创建变量文件,文件的名字要跟主机清单中主机名字一致
[root@m01 project]# vim host_vars/web01
file: host_vars
#3.调用变量
[root@m01 project]# vim test.yml
- hosts: web_group
tasks:
- name: Touch File
file:
path: /tmp/{{ file }}
state: touch
#4.执行
[root@m01 project]# ansible-playbook test.yml
#5.查看执行结果
[root@web01 ~]# ll /tmp/
total 0
-rw-r--r--. 1 root root 0 Dec 22 17:35 host_vars
[root@web02 ~]# ll /tmp/
total 0
-rw-r--r-- 1 root root 0 Dec 22 17:35 group_vars
#6.注意:
1)主机组定义的变量优先级高于整合组定义的变量
2)主机定义的变量优先级高于主机组定义的变量
5.命令行定义变量(命令行 -e 设置变量)
1)查看剧本文件
[root@m01 project]# cat test.yml
- hosts: web_group
tasks:
- name: Touch File
file:
path: /tmp/{{ file }}
state: touch
2)命令行指定变量执行
[root@m01 project]# ansible-playbook test.yml -e "file=minglinghang"
3)查看远端文件
[root@web01 ~]# ll /tmp/
total 0
-rw-r--r--. 1 root root 0 Dec 22 17:41 minglinghang
[root@web02 ~]# ll /tmp/
total 0
-rw-r--r-- 1 root root 0 Dec 22 17:41 minglinghang
4)修改剧本
[root@m01 project]# vim test.yml
- hosts: web_group
tasks:
- name: Touch File
file:
path: /tmp/{{ file }}
state: touch
- name: Touch File
file:
path: /tmp/{{ file2 }}
state: touch
5)命令行指定多个变量
[root@m01 project]# ansible-playbook test.yml -e "file=command" -e "file2=command2"
6.直接使用内置变量
#使用内置变量创建目录,目录格式为 主机名_IP_时间
[root@m01 project]# vim test.yml
- hosts: web_group
tasks:
- name: Touch File
file:
path: /backup/{{ ansible_fqdn }}_{{ ansible_eth1.ipv4.address }}_{{ ansible_date_time.date }}
state: directory