文章目录
- 指定远程主机用户,并sudo到root用户
- user模块—创建用户并设置密码
- authorized_key模块上传公钥,配置ssh免密
- mysql_db模块创建数据库
- mysql_user模块创建用户并授权
- yum模块
- shell模块
- 检查端口
指定远程主机用户,并sudo到root用户
注意:需提前去远程主机配置允许普通用户sudo到root
echo "devops ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers #配置免密sudo
ansible all -a 'ls /root' -u devops -k -b #-a指定命令;-u指定远程主机用户;-b执行sudo,默认sudo到root用户
user模块—创建用户并设置密码
- name: create user
user: name={{ item.name }} password={{ item.chpass | password_hash('sha512') }} update_password=always
with_items:
- { name: "devops", chpass: '1q2w3e4r' }
always:每次都更新密码
on_create:创建新用户时才设置密码
authorized_key模块上传公钥,配置ssh免密
在hosts中配置远程主机的密码
[mysql]
192.168.1.2 ansible_ssh_pass="123456"
ansible写法:
ansible mysql -m authorized_key -a "user=root state=present key='{{ lookup('file', '/home/devops/.ssh/id_rsa.pub') }}'"
ansible-playbook写法:
- name: push ssh pub key
authorized_key:
user: "root"
key: "{{ lookup('file', '/home/devops/.ssh/id_rsa.pub') }}"
state: present
ansible用authorized_key模块批量推送密钥到受控主机(免密登录)
mysql_db模块创建数据库
- name: create schema
mysql_db:
login_host: "{{ MYSQL_IP }}"
login_user: "{{ MYSQL_ADMIN_USER }}"
login_password: "{{ MYSQL_ADMIN_PWD }}"
login_port: "{{ MYSQL_PORT }}"
name:
- db1
- db2
encoding: "utf8mb4"
collation: "utf8mb4_bin"
state: "present"
mysql_user模块创建用户并授权
- name: grant mysql user
mysql_user:
login_host: "{{ MYSQL_IP }}"
login_user: "{{ MYSQL_ADMIN_USER }}"
login_password: "{{ MYSQL_ADMIN_PWD }}"
login_port: "{{ MYSQL_PORT }}"
name: "{{ MYSQL_ACCESS_USER }}"
password: "{{ MYSQL_ACCESS_PWD }}"
update_password: "on_create"
host: "%"
priv: "db1.*:ALL/db2.*:ALL"
state: "present"
yum模块
- name: install MySQL-python unzip
yum:
name: ['MySQL-python', 'unzip']
update_cache: yes
shell模块
切换目录,并执行多行命令
- name: download sql dump
become: yes
become_user: admin #切换为admin用户执行shell命令
shell:
cmd: |
unzip a.zip
unzip b.zip
chdir: /data/mysql
wait_for模块
检查端口
检查端口,端口down,为真,端口up为假,timeout时间要大于delay
- name: check mysql port
wait_for: port={{ MYSQL_PORT}} state=stopped delay=1 timeout=2
unarchive模块—传包并解压
在主控端先解压,再拷贝到被控端机器
- name: unarchive and copy {{ MYSQL_IMAGE_NAME }}
unarchive:
src: "/data/docker_images/{{ MYSQL_IMAGE_NAME }}"
dest: "{{ MYSQL_DATA }}"
mode: 0755
remote_src: no #代表被控端机器没有包,需要先解压再拷贝
在被控端机器解压包到被控端机器下
- name: unarchive {{ MYSQL_IMAGE_NAME }}
unarchive:
src: "{{ MYSQL_DATA }}/{{ MYSQL_IMAGE_NAME }}"
dest: "{{ MYSQL_DATA }}"
mode: 0755
remote_src: yes #代表被控端机器存在该包,不需要拷贝uri模块
until: 直到后面的条件满足才为真
retries: 重试次数
delay: 每隔n秒钟检测一次
- name: check service is health
uri:
url: "http://127.0.0.1:{{ APP_PORT}}/healthz"
register: result
until: result.status == 200
retries: 20 #(最长等待20*5=100s)
delay: 5
with_fileglob模块
参考文章:
ansible 中的循环(七) with_file 和 with_fileglob
遍历zip包并传到远程主机
- name: copy web pkg
copy: src="{{ item }}" dest="{{ NGINX_DATA }}/data" mode=0755
with_fileglob:
- "html/*.zip"
- "web/*.zip"
