ansible playbook剧本编写以及综合案例详解(十二)
ansible playbook剧本
1.Ad-Hoc简介
Ad-Hoc其实是一个概念性的名字,是相对于写ansible playbook来说的,类似于命令行敲入shell命令和写shell脚本两者之间的关系。
如果我们敲入一些目录去比较快的完成一些事情,而不需要将这些命令保存下来,这样的命令叫做ad-hoc命令,说白了就是ansible的模块。
ansible提供两种方式去完成任务
-
1)ad-hoc命令
- 执行shell命令或者shell脚本,可以执行一些简单的命令,不需要将这些执行的命令特别保留下来,适合执行简单的命令
-
2)ansible playbook
- 可以解决比较复杂的任务,可以将命令保存下来,适合执行配置管理或者部署客户机
AD-hoc是指ansible下临时执行的一条命令,并且不需要保存的命令,对于复杂的命令会使用playbook,ad-hoc的执行依赖于模块,ansible官方提供了大量的模块,具体可以通过ansible-doc -l查看,可以使用ansible-doc -s module 来查看某个模块的参数,也可以使用ansible-doc module来查看该模块更详细的信息
2.ansible playbook基本概述
playbook是由一个或多个模块组成的,使用多个不同的模块,完成一件事情
playbook通过yaml语法识别描述的状态文件,扩展名是yaml
2.1.YAML三板斧
缩进
YAML使用一个固定的缩进风格表示层级结构,每个缩进由两个空格组成,不能使用tab(默认,因为一个tab=4个空格)
设置tab缩进的宽度
vimrc是vim工具的模板文件
[root@ansible ~]# vim .vimrc
set tabstop=2
冒号
以冒号结尾的除外,其他所有冒号后面必须有空格
短横线
表示列表项,使用一个短横杠加一个空格
多个项使用同样的缩进级别作为同一列表
2.2.playbook的核心元素
hosts:主机清单
tasks:任务
vars:变量
handlers:特定条件触发的任务(例如启动一个服务,如果配置文件没有发生改变,则不重启)
template:包含了模板语法的文本文件
name:任务名称
notify:监控当前任务,如果修改后就触发对应的命令
例子
- host: all
tasks:
- name: Install rsync
yum: name=rsync state=installed
- name: config
copy: src= dest=
- name: start
service: name=rsyncd state=started enabled=yes
2.3.ansible playbook常用选项
语法格式
ansible-playbook 选项 剧本文件
常用选项
-C,--check //模拟运行
--list-tasks //列出剧本任务
--list-hosts //列出剧本主机清单
--list-tags //列出剧本标记
--syntax-check //检测语法
3.playbook实现配置Apache
3.1.准备Apache配置文件
[root@ansible ansible_playbook]# scp root@192.168.81.180:/etc/httpd/conf/httpd.conf conf/apache/
[root@ansible ansible_playbook]# sed -ri 's/Listen 80/Listen 8080/g' conf/apache/httpd.conf
3.2.编写Apache剧本文件
[root@ansible ansible_playbook]# vim apache_playbook.yaml
- hosts: web
tasks:
- name: Install Httpd
yum: name=httpd state=installed
- name: Config Httpd
copy: src=./conf/apache/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: Restart Httpd
- name: Start Httpd
service: name=httpd state=started enabled=yes
handlers:
- name: Restart Httpd
service: name=httpd state=restarted
3.3.检测配置语法并模拟运行
[root@ansible ansible_playbook]# ansible-playbook --syntax-check apache_playbook.yaml
playbook: apache_playbook.yaml //出现文件名表示语法没问题
3.4.执行剧本
[root@ansible ansible_playbook]# ansible-playbook apache_playbook.yaml
PLAY [web] *************************************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************
ok: [192.168.81.180]
TASK [Install Httpd] ***************************************************************************************************************************************************
ok: [192.168.81.180]
TASK [Config Httpd] ****************************************************************************************************************************************************
changed: [192.168.81.180]
TASK [Start Httpd] *****************************************************************************************************************************************************
ok: [192.168.81.180]
RUNNING HANDLER [Restart Httpd] ****************************************************************************************************************************************
changed: [192.168.81.180]
PLAY RECAP *************************************************************************************************************************************************************
192.168.81.180 : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3.5.验证客户端是否成功
[root@web ~]# lsof -i:8080
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 102175 root 4u IPv6 264946 0t0 TCP *:webcache (LISTEN)
httpd 102177 apache 4u IPv6 264946 0t0 TCP *:webcache (LISTEN)
httpd 102178 apache 4u IPv6 264946 0t0 TCP *:webcache (LISTEN)
httpd 102179 apache 4u IPv6 264946 0t0 TCP *:webcache (LISTEN)
[root@web ~]# curl -I 127.0.0.1:8080
4.Ansible项目案例
4.1.环境规划
| 角色 | IP | 软件 |
|---|---|---|
| ansible | 192.168.81.210 | ansible |
| web | 192.168.81.180 | httpd |
| backup | 192.168.81.220 | rsync |
| nfs | 192.168.81.230 | nfs |
4.2.ansible需要的配置
1)保障ssh认证生效
[root@ansible ~]# ssh-keygen -t rsa -P "" -f .ssh/id_rsa
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.81.220
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.81.230
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.81.180
2)安装ansible
[root@ansible ~]# yum -y install ansible
3)准备所有配置文件
准备目录
[root@ansible ~]# mkdir -p /etc/ansible/ansible_playbook/{conf,script,file,tools}
[root@ansible ~]# tree /etc/ansible/ansible_playbook/
/etc/ansible/ansible_playbook/
├── apache_playbook.yaml
├── base.yaml
├── conf
│ ├── exports
│ ├── hosts
│ ├── mail.rc
│ ├── rsyncd.conf
│ └── selinux.config
├── cs.yaml
├── file
├── script
│ ├── rsyncd_backup.sh
│ └── rsyncd_sjjy2.sh
└── tools
1.本地hosts
[root@ansible conf]# cp /etc/hosts /etc/ansible/ansible_playbook/conf/
2.selinux配置文件
[root@ansible conf]# cp /etc/selinux/config /etc/ansible/ansible_playbook/conf/selinux.config
3.rsyncd.conf
[root@ansible conf]# cp /etc/rsyncd.conf /etc/ansible/ansible_playbook/conf/
4.exports
[root@ansible conf]# cp /etc/exports /etc/ansible/ansible_playbook/conf/
5.mail.rc
[root@ansible conf]# cp /etc/mail.rc /etc/ansible/ansible_playbook/conf/
6.sersync
7.rsync备份脚本
[root@ansible conf]# cp /server/script/rsyncd_backup.sh /etc/ansible/ansible_playbook/script/
8.rsync检测脚本
[root@ansible conf]# cp /server/script/rsyncd_sjjy2.sh /etc/ansible/ansible_playbook/script/
4.3.编写基础环境配置剧本
1)编写剧本
实现内容:
关闭selinux、配置epel仓库、安装rsync、nfs-utils(可有可无)、创建组、创建用户、创建目录、推送rsync客户端脚本、客户端密码文件、计划任务
编写剧本时建议一个模块一个任务的对应,否则会提示警告
方法1:一个任务多个模块
[root@ansible ansible_playbook]# vim base.yaml
#对所有主机进行基本配置
- hosts: all
tasks:
#关闭selinux
- name: Disable Selinux
copy: src=./conf/selinux.config dest=/etc/selinux/config
#推送解析文件
- name: Push hosts
copy: src=/etc/hosts dest=/etc
#关闭Firewalld
- name: Disable Firewalld
service: name=firewalld state=stopped enabled=no
#配置epel源
- name: Epel Repo Base file
get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo
get_url: url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo
#安装rsync、nfs-utils
- name: Install Rsync Nfs-utils
yum: name=rsync,nfs-utils state=installed
#创建组
- name: Create group
group: name=www gid=666
#创建用户
- name: Create user
user: name=www uid=666 group=666 create_home=no shell=/sbin/nologin
#创建目录
- name: Create directory
file: path=/data owner=666 group=666 recurse=yes state=directory
file: path=/backup owner=666 group=666 recurse=yes state=directory
file: path=/server/script owner=666 group=666 recurse=yes state=directory
#推送脚本
- name: Push Script
copy: src=./script/rsyncd_backup.sh dest=/server/script/rsyncd_backup.sh
#推送客户端密码文件
- name: Push Client Backup Pass
copy: content=123456 dest=/etc/rsync_pass mode=600
#创建计划任务
- name: Create Client Backup Cron
cron: name='Rsync Backup' hour=1 minute=0 job='/bin/sh /server/script/rsyncd_backup.sh &>/dev/null'
方法2:一个模块一个任务
[root@ansible ansible_playbook]# vim base.yaml
#对所有主机进行基本配置
- hosts: all
tasks:
#关闭selinux
- name: Disable Selinux
copy: src=./conf/selinux.config dest=/etc/selinux/config
#推送解析文件
- name: Push Hosts
copy: src=/etc/hosts dest=/etc
#关闭Firewalld
- name: Disable Firewalld
service: name=firewalld state=stopped enabled=no
#配置epel源
- name: Epel Repo
get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo
#配置base源
- name: Base Repo
get_url: url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo
#安装rsync、nfs-utils
- name: Install Rsync Nfs-utils
yum: name=rsync,nfs-utils state=installed
#创建组
- name: Create Group
group: name=www gid=666
#创建用户
- name: Create User
user: name=www uid=666 group=666 create_home=no shell=/sbin/nologin
#创建目录/data
- name: Create Directory Data
file: path=/data owner=666 group=666 recurse=yes state=directory
#创建目录/backup
- name: Create Directory Backup
file: path=/backup owner=666 group=666 recurse=yes state=directory
#创建目录/server/script
- name: Create Directory Script
file: path=/server/script owner=666 group=666 recurse=yes state=directory
#推送脚本
- name: Push Script
copy: src=./script/rsyncd_backup.sh dest=/server/script/rsyncd_backup.sh
#推送客户端密码文件
- name: Push Client Backup Pass
copy: content=123456 dest=/etc/rsync_pass mode=600
#创建计划任务
- name: Create Client Backup Cron
cron: name='Rsync Backup' hour=1 minute=0 job='/bin/sh /server/script/rsyncd_backup.sh &>/dev/null'
2)执行剧本
[root@ansible ansible_playbook]# ansible-playbook -C base.yaml
4.4.编写rsyncd配置剧本
实现内容:
安装rsync,mailx、推送主配置文件、推送密码文件、启动服务、推送校验脚本、设置定时任务
[root@ansible ansible_playbook]# vim rsync.yaml
#针对rsync做配置的剧本
- hosts: backup
tasks:
#安装rsync,mailx
- name: Install Rsync Mailx
yum: name=rsync,mailx state=installed
#推送主配置文件rsyncd.conf
- name: Push Rsyncd Config
copy: src=./conf/rsyncd.conf dest=/etc/rsyncd.conf
#推送密码文件
- name: Push Rsyncd Passwd
copy: content='rsync_backup:123456' dest=/etc/rsync_passwd mode=600
#启动服务
- name: Start Rsync
service: name=rsyncd state=started enabled=yes
notify: Restart Rsyncd
#配置mailx
- name: Mailx Config
copy: src=./conf/mail.rc dest=/etc
#推送校验脚本
- name: Push Md5sum script
copy: src=./script/rsyncd_sjjy2.sh dest=/server/script
#设置定时任务
- name: Rsyncd Check Cron
cron: name='Rsyncd Check' hour=5 minute=0 job='/bin/sh /server/script/rsyncd_sjjy2.sh'
handlers:
- name: Restart Rsyncd
service: name=rsyncd state=restarted
[root@ansible ansible_playbook]# ansible-playbook rsync.yaml
4.5.编写nfs配置剧本
实现内容:
安装nfs-utils、推送配置文件、启动
[root@ansible ansible_playbook]# vim nfs.yaml
#配置nfs
- hosts: nfs
tasks:
#安装nfs
- name: Installed Nfs-utils
yum: name=nfs-utils state=installed
#推送配置文件
- name: Push Nfs Config
copy: src=./conf/exports dest=/etc/exports
notify: Restart NFS
#启动rpcbind
- name: Started Rpcbind
service: name=rpcbind state=started
#启动nfs
- name: Started Nfs
service: name=nfs state=started enabled=yes
handlers:
- name: Restart NFS
service: name=nfs state=restarted
[root@ansible ansible_playbook]# ansible-playbook nfs.yaml
4.6.编写安装sersync剧本
[root@ansible ansible_playbook]# vim sersync.yaml
#配置sersync
- hosts: nfs
tasks:
#安装inotify-tools
- name: Install Inotify-tools
yum: name=inotify-tools state=installed
#推送配置文件
- name: Push sersync Config
copy: src=./tools/sersync dest=/usr/local/ mode=755
#启动
- name: Started Sersync
shell: /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
[root@ansible ansible_playbook]# ansible-playbook sersync.yaml
4.7.编写安装httpd并挂载nfs剧本
[root@ansible ansible_playbook]# vim httpd.yaml
#httpd配置
- hosts: web
tasks:
#安装httpd
- name: Install Httpd
yum: name=httpd state=installed
#推送配置文件
- name: Push Httpd Config
copy: src=./conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: Restart Httpd
#启动httpd
- name: Start Httpd
service: name=httpd state=started enabled=yes
#挂载nfs
- name: Mount Nfs
mount: src=192.168.81.230:/data path=/data fstype=nfs state=mounted
handlers:
- name: Restart Httpd
service: name=httpd state=restarted
[root@ansible ansible_playbook]# ansible-playbook httpd.yaml
4.8.整合playbook
[root@ansible ansible_playbook]# vim main.yaml
#整合剧本
- import_playbook: base.yaml
- import_playbook: rsync.yaml
- import_playbook: nfs.yaml
- import_playbook: sersync.yaml
- import_playbook: httpd.yaml
目录 返回
首页