Ansible
Ansible playbook
YAML
1、表示多个任务
[root@master1 ~]# vim test.yml
tasks:
- name: install a pkg
yum: name=nginx state=latest
- name: copy conf file
copy: src= dest= state=
- name: start nginx service
service: name= state=
密钥登录
[root@master2 ~]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
82:35:43:4b:d8:4d:b5:71:78:12:60:9f:f6:56:45:bc root@master2.com
The key's randomart image is:
+--[ RSA 2048]----+
| ooo+o+o. oo|
| .o.o..o=. ..|
| = =o . .|
| o o . . . E |
| . . S o |
| . . |
| |
| |
| |
+-----------------+
复制密钥到远端主机
[root@master2 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.201.106.131
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.201.106.131's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@10.201.106.131'"
and check to make sure that only the key(s) you wanted were added.
[root@master2 ~]# ssh 10.201.106.131 'hostname'
master1.com
[root@master2 ~]#
复习
创建组:
[root@master1 ~]# ansible websrvs -m group -a 'name=mysql gid=306 system=yes'
创建用户,扔进mysql组
[root@master1 ~]# ansible websrvs -m user -a 'name=mysql uid=306 system=yes group=mysql'
复制:
[root@master1 ~]# ansible all -m copy -a 'src=/etc/fstab dest=/tmp/fstab.ansible. owner=root mode=640'
创建文件,并填写内容
ansible all -m copy -a 'content="Hello Ansible\nHi MageEdu" dest=/tmp/test.ansible'
[root@node1 ~]# cat /tmp/test.ansible
Hello Ansible
Hi MageEdu[root@node1 ~]#
设置文件权限:
[root@master1 ~]# ansible all -m file -a 'owner=mysql group=mysql mode=644 path=/tmp/fstab.ansible.
创建链接文件:
[root@master1 ~]# ansible all -m file -a 'path=/tmp/fstab.link src=/tmp/fstab.ansible. state=link'
所有主机ping测试:
[root@master1 ~]# ansible all -m ping
启动服务,并设置开机启动:
上[root@master1 ~]# ansible websrvs -m service -a 'enabled=true name=httpd state=started'
通过shell模块使用echo命令改密码:
[root@master1 ~]# ansible all -m shell -a 'echo user1 | passwd --stdin user1'
执行脚本(仅支持相对路径):
ansible all -m script -a "/tmp/test.sh"
安装程序包:
ansible all -m yum -a 'name=zsh'
playbooks
1、创建nginx组,创建nginx用户
[root@master1 ansible]# vim nginx.yml
- hosts: websrvs
remote_user: root
tasks:
- name: create nginx group
group: name=nginx system=yes gid=208
- name: create nginx user
user: name=nginx uid=208 group=nginx system=yes
- hosts: dbsrvs
remote_user: root
tasks:
- name: copy file to dbsrvs
copy: src=/etc/inittab dest=/tmp/inittab.ans
运行剧本:
[root@master1 ansible]# ansible-playbook nginx.yml
PLAY [websrvs] *****************************************************************
TASK [setup] *******************************************************************
ok: [10.201.106.21]
ok: [10.201.106.22]
TASK [create nginx group] ******************************************************
changed: [10.201.106.22]
changed: [10.201.106.21]
TASK [create nginx user] *******************************************************
changed: [10.201.106.21]
changed: [10.201.106.22]
PLAY [dbsrvs] ******************************************************************
TASK [setup] *******************************************************************
ok: [10.201.106.22]
ok: [10.201.106.132]
TASK [copy file to dbsrvs] *****************************************************
changed: [10.201.106.22]
changed: [10.201.106.132]
PLAY RECAP *********************************************************************
10.201.106.132 : ok=2 changed=1 unreachable=0 failed=0
10.201.106.21 : ok=3 changed=2 unreachable=0 failed=0
10.201.106.22 : ok=5 changed=3 unreachable=0 failed=0
[root@master1 ansible]#
2、httpd
2.1
[root@master1 ~]# mkdir conf
[root@master1 ~]# ls
anaconda-ks.cfg ansible conf mbox set_arp.sh
[root@master1 ~]# cp /etc/httpd/conf/httpd.conf conf/
接着把里面的配置端口改成8080;
卸载原来的httpd
[root@master1 ~]# ansible websrvs -m yum -a 'name=httpd state=absent'
2.2 编写YML脚本
[root@master1 ansible]# vim apache.yml
- hosts: websrvs
remote_user: root
tasks:
- name: install httpd package
yum: name=httpd state=latest
- name: install configuration file for httpd
copy: src=/root/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
- name: start httpd service
service: enabled=true name=httpd state=started
2.3 触发器编写
[root@master1 ansible]# vim apache.yml
- hosts: websrvs
remote_user: root
tasks:
- name: install httpd package
yum: name=httpd state=latest
- name: install configuration file for httpd
copy: src=/tmp/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: #调用触发器
- restart httpd #调用触发器
- name: start httpd service
service: enabled=true name=httpd state=started
handlers: #触发器编写
- name: restart httpd
service: name=httpd state=restarted
2.4 变量使用
[root@master1 ansible]# vim apache.yml
- hosts: websrvs
remote_user: root
vars:
- package: httpd
- service: httpd
tasks:
- name: install httpd package
yum: name={{ package }} state=latest
- name: install configuration file for httpd
copy: src=/tmp/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify:
- restart httpd
- name: start httpd service
service: enabled=true name={{ service }} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
3、变量实例
[root@master1 ansible]# vim test.yml
- hosts: websrvs
remote_user: root
tasks:
- name: copy file
copy: content="{{ ansible_all_ipv4_addresses }}" dest=/tmp/var.ans
结果:
[root@node1 ~]# cat /tmp/var.ans
["10.201.106.21"][root@node1 ~]#
4、inventory定义的主机变量引用
4.1
[root@master1 ansible]# cd /etc/ansible/
[root@master1 ansible]# vim hosts
[websrvs]
10.201.106.21 testvar="106.21"
10.201.106.22 testvar="106.22"
4.2 脚本
[root@master1 ansible]# vim test.yml
- hosts: websrvs
remote_user: root
tasks:
- name: copy file
copy: content="{{ ansible_all_ipv4_addresses }}, {{ testvar }}" dest=/tmp/var.ans
结果:
[root@node1 ~]# cat /tmp/var.ans
([u'10.201.106.21'], 106.21)[root@node1 ~]#
[root@node2 ~]# cat /tmp/var.ans
([u'10.201.106.22'], 106.22)[root@node2 ~]#
[root@node2 ~]#
playbooks条件测试
1、条件判断创建用户
[root@master1 ansible]# vim cond.yml
- hosts: all
remote_user: root
vars:
- username: user10
tasks:
- name: create {{ username }}
user: name={{ username}}
when: ansible_fqdn == "master2.com"
结果:
[root@master2 ~]# id user10
uid=1002(user10) gid=1002(user10) groups=1002(user10)
[root@master2 ~]#
template
1、httpd配置文件设置端口变量,达到多主机不同端口需求
1.1 编辑httpd配置文件
[root@master1 templates]# vim httpd.conf.j2
Listen {{ http_port }}
MaxClients {{ maxClients }}
ServerName {{ ansible_fqdn }}
1.2 在ansible主机配置里配置变量值
[root@master1 templates]# vim /etc/ansible/hosts
[websrvs]
10.201.106.21 http_port=800 maxClients=100
10.201.106.22 http_port=8000 maxClients=200
1.3 修改YAML脚本
[root@master1 templates]# vim ~/ansible/apache.yml
- hosts: websrvs
remote_user: root
vars:
- package: httpd
- service: httpd
tasks:
- name: install httpd package
yum: name={{ package }} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify:
- restart httpd
- name: start httpd service
service: enabled=true name={{ service }} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
Tage
1、修改脚本
[root@master1 ansible]# vim ~/ansible/apache.yml
- hosts: websrvs
remote_user: root
vars:
- package: httpd
- service: httpd
tasks:
- name: install httpd package
yum: name={{ package }} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags: ###设置tags
- conf ###设置tags
notify:
- restart httpd
- name: start httpd service
service: enabled=true name={{ service }} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
测试(运行相关tasks的列表):
[root@master1 ansible]# ansible-playbook apache.yml --tags="conf"
PLAY [websrvs] *****************************************************************
TASK [setup] *******************************************************************
ok: [10.201.106.22]
ok: [10.201.106.21]
TASK [install configuration file for httpd] ************************************
changed: [10.201.106.22]
changed: [10.201.106.21]
RUNNING HANDLER [restart httpd] ************************************************
changed: [10.201.106.22]
changed: [10.201.106.21]
PLAY RECAP *********************************************************************
10.201.106.21 : ok=3 changed=2 unreachable=0 failed=0
10.201.106.22 : ok=3 changed=2 unreachable=0 failed=0
2、特殊tags
2.1 修改脚本
[root@master1 ansible]# vim ~/ansible/apache.yml
- hosts: websrvs
remote_user: root
vars:
- package: httpd
- service: httpd
tasks:
- name: install httpd package
yum: name={{ package }} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags:
- conf
notify:
- restart httpd
- name: start httpd service
service: enabled=true name={{ service }} state=started
tags:
- servers
handlers:
- name: restart httpd
service: name=httpd state=restarted
roles
1、创建目录
[root@master1 ~]# mkdir -pv ansible_playbooks/roles/{websrvs,dbsrvs}/{tasks,files,templates,meta,handlers,vars}
mkdir: created directory ‘ansible_playbooks’
mkdir: created directory ‘ansible_playbooks/roles’
mkdir: created directory ‘ansible_playbooks/roles/websrvs’
mkdir: created directory ‘ansible_playbooks/roles/websrvs/tasks’
mkdir: created directory ‘ansible_playbooks/roles/websrvs/files’
mkdir: created directory ‘ansible_playbooks/roles/websrvs/templates’
mkdir: created directory ‘ansible_playbooks/roles/websrvs/meta’
mkdir: created directory ‘ansible_playbooks/roles/websrvs/handlers’
mkdir: created directory ‘ansible_playbooks/roles/websrvs/vars’
mkdir: created directory ‘ansible_playbooks/roles/dbsrvs’
mkdir: created directory ‘ansible_playbooks/roles/dbsrvs/tasks’
mkdir: created directory ‘ansible_playbooks/roles/dbsrvs/files’
mkdir: created directory ‘ansible_playbooks/roles/dbsrvs/templates’
mkdir: created directory ‘ansible_playbooks/roles/dbsrvs/meta’
mkdir: created directory ‘ansible_playbooks/roles/dbsrvs/handlers’
mkdir: created directory ‘ansible_playbooks/roles/dbsrvs/vars’
[root@master1 ~]# tree ansible_playbooks/
ansible_playbooks/
└── roles
├── dbsrvs
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
└── websrvs
├── files
├── handlers
├── meta
├── tasks
├── templates
└── vars
2、
[root@master1 websrvs]# pwd
/root/ansible_playbooks/roles/websrvs
[root@master1 websrvs]# cp /tmp/httpd.conf files/
3、编写脚本
[root@master1 websrvs]# vim tasks/main.yml
- name: install httpd package
yum: name=httpd
- name: install configuration file
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
tags:
- conf
notify:
- restart httpd
- name: start httpd
service: name=httpd state=started
4、编写触发器
[root@master1 websrvs]# vim handlers/main.yml
- name: restart httpd
service: name=httpd state=restarted
5、定义变量
[root@master1 websrvs]# vim vars/main.yml
- http_port: 80
- maxClient: 200
6、定义site文件(playbooks)
[root@master1 ansible_playbooks]# pwd
/root/ansible_playbooks
[root@master1 ansible_playbooks]# vim site.yml
[root@master1 ansible_playbooks]# vim site.yml
- hosts: websrvs
remote_user: root
roles:
- websrvs
运行任务正常:
[root@master1 ansible_playbooks]# ansible-playbook site.yml
PLAY [websrvs] *****************************************************************
TASK [setup] *******************************************************************
ok: [10.201.106.22]
ok: [10.201.106.21]
TASK [websrvs : install httpd package] *****************************************
ok: [10.201.106.22]
ok: [10.201.106.21]
TASK [websrvs : install configuration file] ************************************
changed: [10.201.106.22]
changed: [10.201.106.21]
TASK [websrvs : start httpd] ***************************************************
ok: [10.201.106.21]
ok: [10.201.106.22]
RUNNING HANDLER [websrvs : restart httpd] **************************************
changed: [10.201.106.22]
changed: [10.201.106.21]
PLAY RECAP *********************************************************************
10.201.106.21 : ok=5 changed=2 unreachable=0 failed=0
10.201.106.22 : ok=5 changed=2 unreachable=0 failed=0
7、演示别的效果
7.1
[root@master1 ansible_playbooks]# vim site.yml
- hosts: 10.201.106.21
remote_user: root
roles:
- websrvs
- hosts: 10.201.106.22
remote_user: root
roles:
- dbsrvs
- hosts: 10.201.106.132
remote_user: root
roles:
- websrvs
- dbsrvs
7.2 定义dbsrvs####
[root@master1 dbsrvs]# pwd
/root/ansible_playbooks/roles/dbsrvs
[root@master2 ~]# scp /etc/my.cnf 10.201.106.131:/root/ansible_playbooks/roles/dbsrvs/files/
my.cnf 100% 570 0.6KB/s 00:00
[root@master1 dbsrvs]# vim tasks/main.yml
- name: install mysql package
yum: name=mariadb-server state=latest
- name: install configuration file
copy: src=my.cnf dest=/etc/my.cnf
tags:
- myconf
notify:
- restart mysqld
- name: start mysql service
service: name=mariadb enabled=true state=started
定义触发器:
[root@master1 dbsrvs]# vim handlers/main.yml
- name: restart mysqld
service: name=mariadb state=restarted
测试:
[root@master1 ansible_playbooks]# ansible-playbook site.yml
