目录
一 playbook的模块
1. Templates 模块
1. 先准备一个以 .j2 为后缀的 template 模板文件,设置引用的变量
2. 修改主机清单文件,使用主机变量定义一个变量名相同,而值不同的变量
3. 编写 playbook
4. 制作测试网页
二 tags 模块
三. Roles 模块
1. roles 的目录结构
2. roles 内各目录含义解释
3. 在一个 playbook 中使用 roles 的步骤
roles在LAMP中的应用
1. 编写httpd模块
2. 编写mysql模块
3. 编写php模块
4. 编写roles示例
三 ansible部署单机lnmp
1. 编写lnmp的yaml文件
2. 准备index.php、nginx.repo、default.conf
3. 浏览器测试
一 playbook的模块
1. Templates 模块
Jinja是基于Python的模板引擎。Template类是Jinja的一个重要组件,可以看作是一个编译过的模板文件,用来产生目标文本,传递Python的变量给模板去替换模板中的标记。
1. 先准备一个以 .j2 为后缀的 template 模板文件,设置引用的变量
cp /etc/httpd/conf/httpd.conf /opt/httpd.conf.j2
vim /opt/httpd.conf.j2
Listen {{http_port}} #42行,修改
ServerName {{server_name}} #95行,修改
DocumentRoot "{{root_dir}}" #119行,修改 <Directory "{{root_dir}}"> #131修改 配置目录访问权限
2. 修改主机清单文件,使用主机变量定义一个变量名相同,而值不同的变量
vim /etc/ansible/hosts
[webservers]
192.168.163.136 http_port=192.168.163.136:80 server_name=www.lisi.com:80 root_dir=/etc/httpd/htdocs
[dbservers]
192.168.163.139 http_port=192.168.163.139:80 server_name=www.zhangsan.com:80 root_dir=/etc/httpd/htdocs
3. 编写 playbook
vim apache.yaml
---
- hosts: all
remote_user: root
vars:
- package: httpd
- service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest
- name: install configure file
template: src=/opt/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify:
- restart httpd
- name: create root dir
file: path=/etc/httpd/htdocs state=directory
- name: start httpd server
service: name={{service}} enabled=true state=started
handlers:
- name: restart httpd
service: name={{service}} state=restarted
ansible-playbook apache.yaml
4. 制作测试网页
ansible 192.168.163.138 -m shell -a "echo 'this is lisi template test' > /etc/httpd/htdocs/index.html" #制作网页测试文件
ansible 192.168.163.139 -m shell -a "echo 'this is zhangsan template test' > /etc/httpd/htdocs/index.html"
http://192.168.163.138 http://192.168.163.139
#登录访问查看
二 tags 模块
1、可以在一个playbook中为某个或某些任务定义“标签”,在执行此playbook时通过ansible-playbook命令使用–tags选项能实现仅运行指定的tasks。
2、playbook还提供了一个特殊的tags为always。作用就是当使用always当tags的task时,无论执行哪一个tags时,定义有always的tags都会执行
vim webhosts.yaml
---
- hosts: webservers
remote_user: root
tasks:
- name: Copy hosts file
copy: src=/etc/hosts dest=/opt/hosts
tags:
- only
- name: touch file
file: path=/opt/testhost state=touch
tags:
- always
ansible-playbook webhosts.yaml --tags="only"
ansible webservers -a "ls /opt/" ----------------------------------------------------------------
vim dbhosts.yaml
---
- hosts: dbservers
remote_user: root
tasks:
- name: Copy hosts file
copy: src=/etc/hosts dest=/opt/hosts
tags:
- only
- name: touch file
file: path=/opt/testhost state=touch
ansible-playbook dbhosts.yaml --tags="only"
三. Roles 模块
Ansible为了层次化、结构化地组织Playbook,使用了角色(roles),roles可以根据层次型结构自动装载变量文件、task以及handlers等。简单来讲,roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中,并可以便捷地include它们。roles一般用于基于主机构建服务的场景中,但也可以用于构建守护进程等场景中
1. roles 的目录结构
cd /etc/ansible/
tree roles/
roles/
├── web/
│ ├── files/
│ ├── templates/
│ ├── tasks/
│ ├── handlers/
│ ├── vars/
│ ├── defaults/
│ └── meta/
└── db/
├── files/
├── templates/
├── tasks/
├── handlers/
├── vars/
├── defaults/
└── meta/
2. roles 内各目录含义解释
●files
用来存放由 copy 模块或 script 模块调用的文件。●templates
用来存放 jinjia2 模板,template 模块会自动在此目录中寻找 jinjia2 模板文件。●tasks
此目录应当包含一个 main.yml 文件,用于定义此角色的任务列表,此文件可以使用 include 包含其它的位于此目录的 task 文件。●handlers
此目录应当包含一个 main.yml 文件,用于定义此角色中触发条件时执行的动作。●vars
此目录应当包含一个 main.yml 文件,用于定义此角色用到的变量。●defaults
此目录应当包含一个 main.yml 文件,用于为当前角色设定默认变量。●meta
此目录应当包含一个 main.yml 文件,用于定义此角色的特殊设定及其依赖关系
3. 在一个 playbook 中使用 roles 的步骤
1)创建以 roles 命名的目录
mkdir /etc/ansible/roles/ -p #yum装完默认就有
2)创建全局变量目录(可选)
mkdir /etc/ansible/group_vars/ -p
touch /etc/ansible/group_vars/all #文件名自己定义,引用的时候注意
3)在 roles 目录中分别创建以各角色名称命令的目录,如 httpd、mysql
mkdir /etc/ansible/roles/httpd
mkdir /etc/ansible/roles/mysql
mkdir /etc/ansible/roles/php
4)分别创建
在每个角色命令的目录中分别创建files、handlers、tasks、templates、meta、defaults和vars目录,用不到的目录可以创建为空目录,也可以不创建
mkdir /etc/ansible/roles/httpd/{files,templates,tasks,handlers,vars,defaults,meta}
mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta}
mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta}
tree /etc/ansible/roles/
5)创建 main.yml 文件
在每个角色的 handlers、tasks、meta、defaults、vars 目录下创建 main.yml 文件,千万不能自定义文件名
touch /etc/ansible/roles/httpd/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml
tree /etc/ansible/roles/
6)修改 site.yml 文件,针对不同主机去调用不同的角色
vim /etc/ansible/site.yml
---
- hosts: webservers
remote_user: root
roles:
- httpd
- hosts: dbservers
remote_user: root
roles:
- mysql
7)运行 ansible-playbook
cd /etc/ansible
ansible-playbook site.yml
roles在LAMP中的应用
1. 编写httpd模块
vim /etc/ansible/roles/httpd/tasks/main.yml
- name: install apache
yum: name={{pkg}} state=latest
- name: start apache
service: enabled=true name={{svc}} state=started
定义变量:可以定义在全局变量中,也可以定义在roles角色变量中,一般定义在角色变量中
vim /etc/ansible/roles/httpd/vars/main.yml
pkg: httpd
svc: httpd
2. 编写mysql模块
vim /etc/ansible/roles/mysql/tasks/main.yml
- name: install mysql
yum: name={{pkg}} state=latest
- name: start mysql
service: enabled=true name={{svc}} state=started
vim /etc/ansible/roles/mysql/vars/main.yml
pkg:
- mariadb
- mariadb-server
svc: mariadb
3. 编写php模块
vim /etc/ansible/roles/php/tasks/main.yml
- name: install php
yum: name={{pkg}} state=latest
- name: start php-fpm
service: enabled=true name={{svc}} state=started
vim /etc/ansible/roles/php/vars/main.yml
pkg:
- php
- php-fpm
svc: php-fpm
4. 编写roles示例
vim /etc/ansible/site.yml
---
- hosts: webservers
remote_user: root
roles:
- httpd
- mysql
- php
cd /etc/ansible
ansible-playbook site.ymlansible dbservers -a "systemctl is-active httpd"
ansible dbservers -a "systemctl is-active mariadb"
ansible dbservers -a "systemctl is-active php-fpm"
三 ansible部署单机lnmp
1. 编写lnmp的yaml文件
vim lnmp.yaml
- name: nginx
hosts: dbservers
remote_user: root
gather_facts: false
tasks:
- name: check mount
shell: df -h | grep /dev/sr0 || mount /dev/sr0 /mnt
- name: test connection
ping:
- name: disable seliux
command: '/sbin/setenforce 0'
ignore_errors: true
- name: set yum
copy: src=/opt/nginx.repo dest=/etc/yum.repos.d/nginx.repo
notify:
- restart nginx
- name: install nginx
yum: name=nginx state=latest
- name: start nginx service
service: name=nginx state=started enabled=yes
handlers:
- name: restart nginx
service: name=nginx state=restarted
- name: mysql
gather_facts: false
hosts: dbservers
remote_user: root
tasks:
- name: test connection
ping:
- name: disable seliux
command: '/sbin/setenforce 0'
ignore_errors: true
- name: remove mariadb
yum: name=mariadb* state=absent
- name: wget
command: wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
- name: install mysql
yum: name=mysql57-community-release-el7-10.noarch.rpm
- name: install mysql
yum: name=mysql-community-server state=latest
- name: start mysql service
service: name=mysqld state=started enabled=yes
- name: modify password #获取mysql的登录密码并进行更改,需要大小写字母加符号和数字的组合
shell: mysqladmin -u root -p"$(grep "password" /var/log/mysqld.log | awk 'NR==1{print $NF}')" password "123456"
- name: shouquan #授予登录权限
shell: mysql -uroot -p'123456' -e "grant all privileges on *.* to root@'%' identified by '123456' with grant option;" -e "flush privileges;"
- name: remove mysql57
yum: name=mysql57-community-release-el7-10.noarch state=absent
- name: php
gather_facts: false
hosts: dbservers
remote_user: root
tasks:
- name: rpm three
shell: rpm -Uvh http://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/l/libargon2-20161029-3.el7.x86_64.rpm && rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
- name: install php
shell: yum -y install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-redis
- name: start php
service: name=php-fpm state=started enabled=true
- name: nginx support php
copy: src=/opt/default.conf dest=/etc/nginx/conf.d/default.conf
notify:
- restart nginx
- name: modify index.php
copy: src=/opt/index.php dest=/usr/share/nginx/html/index.php
handlers:
- name: restart nginx
service: name=nginx state=restarted
2. 准备index.php、nginx.repo、default.conf
vim /opt/index.php #用来测试php连接mysql
<?php
$link=mysqli_connect('192.168.163.142','root','123456');
if($link) echo "Success!!";
else echo "Fail!!";
============================================================
vim /opt/nginx.repo #nginx源[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
============================================================
vim /opt/default.conf #让nginx与php对接
location ~ \.php$ { #29行开始修改
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;
}