1.playbook简介
Playbook与ad-hoc相比,是一种完全不同的运用
playbook是一种简单的配置管理系统与多机器部署系统的基础,且非常适合于复杂应用的部署
playbook中可以编排有序的执行过程,甚至于做到在多组机器间
来回有序的执行特别指定的步骤,并且可以同步或异步的发起任务
使用playbook可以方便的重用这些代码,可以移植到不同的机器上面
playbook才是ansible真正强大之处
2.playbook语法
playbook由YMAL语言编写,以下为playbook常用到的YMAL格式:
(1)文件的第一行应该以"—"三个连字符开始,表明YMAL文件的开始。
(2)在同一行中,#之后的内容表示注释,类似于shell,python和ruby。
(3)YMAL中的列表元素以”-”开头然后紧跟着一个空格,同一个列表中的元素应该保持相同的缩进:
(4)一个字典是由一个简单的 键: 值 的形式组成(这个冒号后面必须是一个空格),字典也可以使用缩进形式来表示
**
主机与用户
---
- hosts: server2 #指定主机组,可以是一个或多个组,逗号分隔。
remote_user: root #指定远程主机执行的用户名
---
- hosts: webservers
remote_user: root
become: yes #切换用户运行
become_user: mysql #指定sudo用户为mysql
Tasks 列表
Play的主体部分是task列表,task列表中的各任务按次序逐个在hosts中指定的主机上执行,
即在所有主机上完成第一个任务后再开始第二个任务。如果一个host执行task失败,整个tasks都会回滚。
每一个task必须有一个名称name,这样在运行playbook时,从其输出的任务执行信息中可以很好的辨别出是属于哪一个task的。
tasks:
- name: install apache #定义任务名
执行playbook
# ansible-playbook apache.yml 直接执行
# ansible-playbook apache.yml --syntax-check #检查yaml文件的语法是否正确
# ansible-playbook apache.yml --list-task #检查tasks任务
# ansible-playbook apache.yml --list-hosts #检查生效的主机
3.编写playbook实现自动安装服务
(1)由于yml文件语法的要求,我们先编写一个特定的vim,一个tab等于两个空格
可以参考这这两个配置文件
vim /etc/vimrc (vim效果)
vim /usr/share/vim/vimfiles/template.spec
pwd
vim .vimrc
autocmd FileType yaml setlocal ai ts=2 sw=2 et
开始编写yml文件
1:安装并开启httpd服务
vim /home/devops/ansible/apache/install.yml
---
- hosts: test ##定义主机或组
tasks: ##定义任务
- name: install apache ##输入任务名称,并且使用具体模块来执行具体任务
yum: ##此处位置是具体模块
name: httpd ##服务为httpd
state: present ##安装
- name: start apache
service:
name: httpd
state: started ##开启
给test组里面的主机server2安装httpd服务并且开启服务
语法检测:
ansible-playbook apache/install.yml --syntax-check
-C:做测试(并没有真正的跑程序)
ansible-playbook -C apache/install.yml
查看文件的内容
ansible-playbook apache/install.yml --list-hosts
查看文件的任务
ansible-playbook apache/install.yml --list-tasks
开始运行:
ansible-playbook apache/install.yml
server2查看:
ps ax | grep httpd
2: 编写playbook实现修改配置文件,并且加入触发器
将本地发布文件copy到server2的默认发布目录下,
开启防火墙,设置防火墙策略,进行访问
---
- hosts: test
tasks:
- name: install apache
yum:
name: httpd
state: present
- name: start apache
service:
name: httpd
state: started
enabled: yes ##加入开机自启
##将本地发布文件copy到server2的默认发布目录下,必须有index.html文件看截图
- name: create index.html
copy:
src: index.html
dest: /var/www/html/index.html
##开启防火墙
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
##设置防火墙策略(在策略中设置允许httpd来进行访问)
- name: config firewalld
firewalld:
service: http
state: enabled
permanent: yes ##永久开启
immediate: yes ##立即开启
##本地进行访问
- hosts: localhost
become: false
tasks:
- name: test apache
uri:
url: http://172.25.78.2
return_content: yes ##返回访问的结果
注意:此位前面使用doc方式,调用uri模块
可以成功推
3:端口变更的访问
(1)
将server2apache的主配置文件scp到本地
cd /home/devops/ansible
scp server2:/etc/httpd/conf/httpd.conf apache/
成功
cat hosts
cd apache/
mv httpd.conf httpd.conf.j2 ##模版
vim httpd.conf.j2
42 Listen {{ http_port }} ##使用变量模式
vim apache/install.yml
---
- hosts: test
tasks:
- name: install apache
yum:
name: httpd
state: present
- name: config apache
template: ##此模块可以解析下面的变量
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify: restart apache ##触发器
- name: start apache
service:
name: httpd
state: started
enabled: yes
- name: create index.html
copy:
src: index.html
dest: /var/www/html/index.html
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
- name: config firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
handlers:
- name: restart apache
service:
name: httpd
state: restarted
- hosts: db
become: false
tasks:
- name: test apache
uri:
url: 'http://172.25.78.2:{{ http_port }}'
return_content: yes
ansible-playbook apache/install.yml
(2):
vim hosts
注释
#[webserver:vars]
#http_port=80
在Playbook中加入变量端口
在(1)的基础上加
vim apache/install.yml
1 ---
2 - hosts: test
3 vars: ##加端口
4 - http_port: 80
47 - hosts: db
48 vars: ##此处不加的话会报错
49 - http_port: 80
50 become: false
不添加协议会报错
访问:
curl 172.25.78.2
curl 172.25.78.2:80
curl 172.25.78.2:8080 ##访问失败
(3)修改文件使8080端口可以访问
在(2)的基础上修改
将46行以后的都删除,无用
vim apache/install.yml
3 vars:
4 - http_port: 8080
34 - name: config firewalld
35 firewalld:
##修改36行
36 port: "{{ http_port }}/tcp"
ansible-playbook apache/install.yml
再次使用8080端口访问测试成功
curl 172.25.78.2:8080
加入36行以后,只需更改第4行自己想要的端口都可访问
例如将端口改为80进行访问
4 - http_port: 80
ansible-playbook apache/install.yml
curl 172.25.78.2:80
完整版:
---
- hosts: webserver
vars:
http_port: 80
tasks:
- name: install httpd
yum:
name: httpd
state: present
- name: copy index.html
copy:
src: files/index.html
dest: /var/www/html/index.html
- name: configure httpd
template:
src: temlates/httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd and firewalld
service:
name: "{{ item }}"
state: started
loop:
- httpd
- firewalld
- name: configure firewalld
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
- hosts: localhost
become: no
tasks:
- name: test httpd
uri:
uri: http://172.25.2.3
status_code: 200模板里面的变量可以写在yml文件中,比如端口,也可以写在inventory中,比如ip
#
配置zabbix监控数据库
server1:后端server
server2: db数据库
server3:前端web
config mariadb:配置数据库
【server1】
切换到root下修改devops用户权限
visudo
93 devops ALL=(ALL) NOPASSWD: ALL
vim /etc/ssh/sshd_config
47 AuthorizedKeysFile .ssh/authorized_keys
做免密
su - devops
查找相关命令:
ansible-doc authorized_key
做免密,实现远程控制,利用编辑yml文件,借助playbook来运行,实现免密,免密成功后再在三台主机相对应的用户的相对应的目录下有Key注意缩进
vim /home/devops/ansible/sshkey.yml
---
- hosts: all
tasks:
- name:Set up authorized keys
authorized_key:
user: devops
state: present
key: '{{ item }}'
with_file:
- ~/.ssh/id_rsa.pub ##本地公钥路径
cd .ssh/ --> ls
切换到root下给devops设置密码
passwd devops
再切换到devops用户下
【server2,3】解锁密码
passwd -u devops
【server1】:运行
ansible-playbook sshkey.yml --ask-pass
SSH password: 输入密码devops
cd .ssh/
ll authorized_keys
【server2】查看
su - devops
cd .ssh/
cat authorized_keys
为了使数据库识别中文,我们在数据库的配置文件里面添加设置
cd /home/devops/ansible/
cp /etc/my.cnf zabbix/my.cnf
vim zabbix/my.cnf
10 character_set_server=utf8 ##安装服务器时指定的默认字符集设定
【server1】
cd /home/devops/ansible/
vim hosts
[server]
172.25.78.1
[db]
172.25.78.2
[web]
172.25.78.3
[zabbix:children]
db
server
web
【1】配置db端(server2)
(1)安装开启数据库
【server1】
devops用户下安装mariadb
sudo yum install mariadb -y ##转换为root用户身份安装
copy数据库信息到zabbix/下
cp /usr/share/doc/zabbix-server-mysql-4.0.14/create.sql.gz zabbix/
vim zabbix/deploy.yml
1 ---
2 - hosts: db ##配置db
3 tasks:
4 - name: install mariadb ##给server2安装数据库
5 yum:
6 name: mariadb-server,MySQL-python
7 state: present
8
9 - name: config mariadb ##数据库策略
10 copy: ##将本地修改过的my.cnf文件copy到server2
11 src: my.cnf
12 dest: /etc/my.cnf
13 notify: restart mariadb ##handlers中定义的名字
14
15 - name: start mariadb ##开启数据库
16 service:
17 name: mariadb
18 state: started
19 enabled: yes
20 loop:
21 - mariadb
22 - firewalld
23
24 - name: create databases zabbix
25 mysql_db:
26 login_user: root
27 login_password: westos
28 name: zabbix
29 state: present
30 notify: import create.sql
31
32 - name: create user ##创建登陆用户
33 mysql_user:
34 login_user: root
35 login_password: westos
36 name: zabbix
37 password: zabbix
38 host: '%'
39 priv: 'zabbix.*:ALL'
40 state: present
41
42 - name: copy create.sql
43 copy:
44 src: create.sql.gz
45 dest: /tmp/create.sql.gz
46
47 - name: config firewalld ##在防火墙策略中设置允许mysql登陆
48 firewalld:
49 service: mysql
50 permanent: yes
51 immediate: yes
52 state: enabled
53
54 handlers:
55 - name: restart mariadb
56 service:
57 name: mariadb
58 state: restarted
59
60 - name: import create.sql ##将数据库信息导入/tmp中
61 mysql_db:
62 login_user: root
63 login_password: westos
64 name: zabbix
65 state: import
66 target: /tmp/create.sql.gz
67
ansible-playbook zabbix/deploy.yml
详解:
notify:调用handlers中的内容,在每个play的最后被触发,这样可以避免多次有改变发生时每次都执行的指定操作
handlers:是一些task的列表,通过名字来引用,他们和一般的task并没有什么区别
定义触发通知所做的操作,有通知者进行notify,handlers不会执行。不管有多少个通知者进行了notify,
等到play中的所有task执行完成后,handlers也只会被执行一次。
handlers:最佳应用场景是用来重启服务,或者触发系统重启操作。
##远程进入数据库查询
mysql -u zabbix -p zabbix -h 172.25.78.2
输入密码zabbix
MariaDB [zabbix]> show variables like 'char%'; ##查询字符集
MariaDB [zabbix]> use zabbix;
MariaDB [zabbix]> show tables;
server2查看:
cd /tmp/ --> ls
编写deplo.yml文件
注意:触发器名字需要和上面一致
【2】配置后端server(server1)
ansible-doc -l | grep yum
ansible-doc yum_repository
在(1)的基础上,文件后面继续加来配置server端
cd zabbix/
sudo cp /etc/zabbix/zabbix_server.conf .
ll
设置用户组:
sudo chown devops.devops zabbix_server.conf
ll
vim zabbix_server.conf
91 DBHost=172.25.78.2
124 DBPassword=zabbix
pwd
/home/devops/ansible
vim zabbix/deploy.yml
17 name: '{{ item }}'
68 - hosts: server
69 tasks:
70 - name: add zabbix repo ##编写yum仓库,为了安装zabbix-server-mysql,zabbix-agent
71 yum_repository:
72 name: zabbix
73 description: zabbix 4.0
74 baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
75 gpgcheck: no
76
77 - name: add update repo
78 yum_repository:
79 name: update
80 description: non-supported
81 baseurl: https://mirrors.aliyun.com/zabbix/non-supported/rhel/7/x86_64/
82 gpgcheck: no
83
84 - name: install zabbix-server ##安装
85 yum:
86 name: zabbix-server-mysql,zabbix-agent
87 state: present
88
89 - name: config zabbix-server
90 copy:
91 src: zabbix_server.conf
92 dest: /etc/zabbix/zabbix_server.conf
93 owner: root
94 group: zabbix
95 mode: 640
96 notify: restart zabbix-server
97
98 - name: start zabbix-server
99 service:
100 name: "{{ item }}"
101 state: started
102 loop:
103 - zabbix-server
104 - zabbix-agent ##下面还会接着编写zabbix-agent,所以直接就写入这个循环里面
105 - firewalld
106
107 - name: config firewalld ##设置策略
108 firewalld:
109 port: 10051/tcp ##允许zabbix-server的端口开启
110 permanent: yes
111 immediate: yes
112 state: enabled
113
114 handlers:
115 - name: restart zabbix-server
116 service:
117 name: zabbix-server
118 state: restarted
119
ansible-playbook zabbix/deploy.yml
server3:
rpm -qa | grep php
安装zabbix-server
【3】配置web端(server3要配置上网)
pwd
/home/devops/ansible/zabbix
scp server3:/etc/httpd/conf.d/zabbix.conf .
修改时域:
vim /etc/httpd/conf.d/zabbix.conf
20 php_value date.timezone Asia/Shanghai
120 - hosts: web
121 tasks:
122 - name: add zabbix repo
123 yum_repository:
124 name: zabbix
125 description: zabbix 4.0
126 baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
127 gpgcheck: no
128
129 - name: add update repo
130 yum_repository:
131 name: update
132 description: non-supported
133 baseurl: https://mirrors.aliyun.com/zabbix/non-supported/rhel/7/x86_64/
134 gpgcheck: no
135
136 - name: add centos repo ##镜像仓库
137 yum_repository:
138 name: centos
139 description: centos 7
140 baseurl: https://mirrors.aliyun.com/centos/7/os/x86_64/ ##CentOS官网
141 gpgcheck: no
142
143 - name: install zabbix-web ##安装
144 yum:
145 name: zabbix-web-mysql
146 state: present
147
148 - name: config zabbix-web ##copy修改好时域的文件
149 copy:
150 src: zabbix.conf
151 dest: /etc/httpd/conf.d/zabbix.conf
152 notify: restart httpd
153
154 - name: start httpd ##开启httpd
155 service:
156 name: "{{ item }}"
157 state: started
158 loop:
159 - httpd
160 - firewalld
161
162 - name: config firewalld ##防火墙策略中设置允许使用http
163 firewalld:
164 service: http
165 permanent: yes
166 immediate: yes
167 state: enabled
168
169 handlers:
170 - name: restart httpd
171 service:
172 name: httpd
173 state: restarted
174
安装成功
此部分是server
网页访问:
http://172.25.78.3/zabbix/setup.php
登陆:
Admin
密码zabbix
修改中文
此部分问题尚未解决。。。。。。。。。。。。。。。。
server3:查看生成的配置文件
cat /etc/zabbix/web/zabbix.conf.php
【4】配置agent端
server1:
vim hosts ##添加
[agent]
172.25.78.2
172.25.78.3
网页添加看图:
cp /etc/zabbix/zabbix_agentd.conf zabbix/
cd zabbix --> ls
vim zabbix_agentd.conf
98 Server=172.25.78.1
139 ServerActive=172.25.78.1
150 Hostname={{ ansible_hostname }}
改为模版
mv zabbix_agentd.conf zabbix_agentd.conf.j2
pwd
/home/devops/ansible
vim zabbix/deploy.yml
175 - hosts: agent
176 tasks:
177 - name: add zabbix repo
178 yum_repository:
179 name: zabbix
180 description: zabbix 4.0
181 baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
182 gpgcheck: no
183
184 - name: install zabbix-agent
185 yum:
186 name: zabbix-agent
187 state: present
188
189 - name: config zabbix-agent
190 template:
191 src: zabbix_agentd.conf.j2
192 dest: /etc/zabbix/zabbix_agentd.conf
193 owner: root
194 group: root
195 mode: 644
196 notify: restart zabbix-agent
197
198 - name: start zabbix-agent
199 service:
200 name: "{{ item }}"
201 state: started
202 loop:
203 - zabbix-agent
204 - firewalld
205
206 - name: config firewalld
207 firewalld:
208 port: 10050/tcp
209 permanent: yes
210 immediate: yes
211 state: enabled
212
213 handlers:
214 - name: restart zabbix-agent
215 service:
216 name: zabbix-agent
217 state: restarted
ansible-playbook zabbix/deploy.yml
网页刷新查看
查看整个文件的db和server部分