ansible
1.配置yum源:上傳epel.repo
yum clean all
yum update
安裝ansible
查詢是否有ansible yum list *ansile
查看該ansible的信息 yum info ansible.noarch
安裝ansible
yum install ansible.noarch -y
2.ansible前期配置
cd /etc/ansible
主配置文件:ansible.cfg
主機清單inventory: hosts 存放主機IP 賬號密碼 或基於祕鑰認證
主機管理清單 /etc/ansible/hosts
[webserver] -->主機組 主機角色
192.168.122.7 -->主機ip
192.168.122.8
[dbserver]
192.168.122.9
ansible端傳公鑰給客戶主機
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
測試並執行命令
ssh 192.168.122.7 'date'
3.ansible模塊
查看文檔:man ansible-doc
查看ansible支持的所有模塊
ansible-doc -l
查看模塊怎麼使用
ansible-doc -s yum
基本語法 man ansiable查看命令的使用
ansible <host-pattern> [-f forks] [-m module_name] [-a args]
<host-pattern> 對哪些主機生效
[-f forks] 一批處理多少個主機 啓動多少個併發線程
[-m module_name] 使用哪個模塊
[-a args] 模塊特有的參數
常用模塊
默認command
ansible-doc -s command 查看 command模塊怎麼使用
ansible 192.168.122.7 -m command -a 'date' 主機192.168.122.7 用command模塊 指定參數(命令) date -a args
ansible webserver -m command -a 'date' 指定主機組
ansible all -m command -a 'date' 清單裏的所有主機
ansible all -m command -a 'tail -2 /etc/passwd'
可以不指定command 默認是 command模塊(該模塊不能使用變量)
ansible all -a ‘date’
cron模塊
ansible-doc -s cron 查看幫助
state absent移除任務 present加上任務
ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello" name="test cron job" state=present'
其他時間不加的默認都是* job定時任務執行的命令 name是註釋 state=present 是加上這個定時任務 也可以不寫默認加上
查看是否加上定時任務 ansible webserver -a 'crontab -l'
ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello" name="test cron job" state=present' 移除定時任務
user模塊
ansible-doc -s user 查看幫助
ansible all -m user -a 'name=haha' 創建haha
查看是否創建成功 ansible all -a 'tail /etc/passwd'
查看是否默認創建私有組 ansible all -a 'tail /etc/group'
刪除
ansible all -m user -a "name='haha' state=absent"
group模塊
ansible-doc -s group
ansible webserver -m group -a 'name=mysql gid=666 system=yes' 創建mysql組 gid:666 系統組
ansible webserver -m user -a 'name=mysql uid=666 group=mysql system=yes' 創建mysql用戶
ansible webserver -m user -a 'name=mysql uid=666 group=mysql shell="/sbin/nologin" ' 創建用戶 指定不登錄系統
copy模塊
ansible-doc -s copy
src:本地文件路徑 可以是相對路徑
dest: 遠端文件保存路徑 必須絕對路徑
ansible all -m copy -a 'src=/etc/fstab dest=/tmp/fstab.ansible owner=mysql mode=640' 本地文件/etc/fstab 複製到遠端=/tmp/fstab.ansible 屬主:mysql 權限640
查看複製是否成功 ansible all -a 'ls -al /tmp'
content=指定文件內容
ansible all -m copy -a 'content="hello world\nyou are welcome\n" dest=/tmp/test.ansible'
直接複製內容給遠端 並保存到遠端的指定文件
file模塊
ansible-doc -s file
ansible all -m file -a 'owner=root group=root mode=644 path=/tmp/fstab.ansible'
設置文件屬性 遠端文件路徑爲path=/tmp/fstab.ansible'
path:創建文件的路徑 可以使用name或dest來替換
src:遠端目標源文件
ansible all -m file -a 'path=/tmp/fstab.link src=/tmp/fstab.ansible state=link' 建軟連接
ping模塊
批量測試目標主機是否連通
ansible all -m ping ping所有主機
service模塊
管理服務
ansible-doc -s service
ansible webserver -m service -a 'enabled=true name=rpcbind state=started'
enabled:開機開啓服務 name:服務名稱 state: 狀態
ansible dbserver -m service -a 'enabled=true name=httpd state=started'
shell模塊
ansible-doc -s shell
用於有變量或特殊功能的命令時 用shell模塊
ansible all -m shell -a 'echo 123456 | passwd --stdin user1'
查看是否有密碼 cat /etc/shadow
script模塊
將本地腳本複製到遠程服務器並執行
ansible-doc -s script
ansible all -m script -a '~/test.sh'
yum模塊
ansible-doc -s yum
安裝程序包
name:指定安裝的程序 state:latest 最新或指定版本 state:absent 卸載 state:present 安裝 默認安裝
ansible all -m yum -a 'name=tree state=latest'
ansible all -m yum -a 'name=tree state=absent' 卸載
setup模塊
收集遠程主機的信息
包括主機 操作系統版本 IP地址
ansible-doc -s setup
4.ansible yaml模塊
yaml基礎元素: 變量 inventory 條件 迭代
playbook組成
Inventory
Modules
Ad Hoc Commands
playbooks
Tasks:任務 調用模塊完成任務
variables:變量
templates:模板
Handlers:處理器,某條件觸發時執行的操作
Roles:角色
playbook基本結構
- host:webserver
remote_user:
tasks:
- task1
module_name:module_args
- task2
比如:
nginx.yaml
- hosts: webserver
remote_user: root
tasks:
- name: create nginx group #任務名字
group: name=ginx gid=505 system=yes #group模板 後面是3個參數
- name: create nginx user #任務名字
user: name=nginx uid=505 group=nginx system=yes
- hosts: dbserver
remote_user: root
tasks:
- name: copy file to dbserver
copy: src=/etc/inittab dest=/tmp/inittab.ansible
ignore_errors: True #忽略所有錯誤
httpd.yaml
- hosts: webserver
remote_user: root
vars:
package: httpd #定義變量
service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest #使用變量{{package}}
- name: install configuration file for httpd
copy: src=/root/conf/httpd.conf dest-/etc/httpd/conf/httpd.conf
notify: #/etc/httpd/conf/httpd.conf 與之前發生改變時觸發handlers
- restart httpd
- name: start httpd serice
service: enabled=true name={{service}} state=started
handlers: notify觸發的任務
- name: restart httpd #與前面notify後面的一致
service: name=httpd state=restarted #模塊 操作
vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" ansiable_ssh_user=root ansible_ssh_pass=123456
[dbserver]
192.168.122.9 testvar="100.9"
var.yaml
- hosts: webserver
remote_user: root
tasks:
- name: copy file
copy: content="{{ansible_date_time}},{{testvar}}" dest=/tmp/var.ansible #引用ansible變量
條件測試:
when:
實例:cond.yaml
- hosts: all
remote_user: root
vars:
username: user10
tasks:
- name: create {{username}} user
user: name={{username}}
when: ansible_fqdn == ”www1.rhce.cc”
- name: add several users
user: name={{item}} state=present groups=wheel
with_items:
- testuser1
- testuser2
ansible變量獲取: ansible 192.168.122.7 -m setup
迭代:重複同類task時使用
調用item
定義循環列表: with_items
- name: add several users
user: name={{item}} state=present groups=wheel
with_items:
- testuser1
- testuser2
等同於:
- name: add several users
user: name=testuser1 state=present groups=wheel
- name: add several users
user: name=testuser2 state=present groups=wheel
with_items中的列表值也可以是字典,引用時要使用item.KEY
實例
- name add several users
user:name={{item.name}} state=present groups={{item.groups}}
with_items:
- {name: ’testuser1’, groups: ’wheel’}
- {name: ’testuser2’, groups: ’root’ }
相當於:
- name add several users
user: name=testuser1 state=present groups=wheel
- name add several users
user: name=testuser2 state=present groups=root
實例:
yum:name={{item.name}} state=present conf_file={{item.conf}}
with_items:
- {name: apache, conf: conffiles/httpd.conf}
- {name: php, conf: conffiles/php.ini}
- {name: mysql-server, conf: conffiles/my.cnf}
tempaltes:
可自定義主機名變量 也可以用ansible變量
vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" http_port=1007
[dbserver]
192.168.122.9 testvar="100.9" http_port=1009
模板
vim templates/httpd.conf.j2
Listen {{http_port}}
ServerName {{ansible_fqdn}}
修改playbook文件
cp httpd.yaml httpd2.yaml
vim http2.yaml
- hosts: all
remote_user: root
vars:
package: httpd
service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
notify:
- restart httpd
- name: after installed and started service
service: enabled=true name={{service}} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
tags:在playbook中可以爲某個任務定義一個標籤,執行此playbook時,通過命令
ansible-playbook httpd.yaml --tags="conf" 實現僅運行指定的tags 而非所有
特殊tags:
- always
無論指定哪個tags 這個tags都會運行
cp httpd2.yaml httpd3.yaml
vim httpd3.yaml
- hosts: all
remote_user: root
vars:
package: httpd
service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
tags:
- conf
notify:
- restart httpd
- name: after installed and started service
service: enabled=true name={{service}} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
roles:
1,目錄名同角色名
2,目錄結構有固定格式
files:直接複製的靜態文件
templates: 模板文件 或jinjia2
tasks:至少有main.yml文件,定義各tasks
hanlder:至少有一個main.yml文件,定義各handlers
vars:至少有一個main.yml文件,定義變量
meta:定義依賴關係等信息
3,site.yml 定義 playbook
實例:
ansible_playbooks/
├── roles
│ ├── dbserver
│ │ ├── files
│ │ │ └── my.cnf
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── meta
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ └── webserver
│ ├── files
│ │ └── httpd.conf
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│
└── site.yml
site.yaml
- hosts: 192.168.122.7
remote_user: root
roles:
- webserver
- hosts: 192.168.122.9
remote_user: root
roles:
- dbserver
- hosts: 192.168.122.8
remote_user: root
roles:
- webserver
- dbserver
webserver角色
tasks-->main.yml
- name: install httpd package
yum: name=httpd
- name: install configuration file
template: src=httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
notify:
- restart httpd
- name: start httpd
service: name=httpd state=started
handlers-->main.yml
- name: restart httpd
service: name=httpd state=restarted
templates-->httpd.conf.j2
dbserver角色
tasks-->main.yml
- name: install mysql-server package
yum: name=mariadb state=latest
- name: install configuration file
copy: src=my.cnf dest=/etc/my.cnf
tags:
- myconf
notify:
- restart mariadb
- name: start mariadb
service: name=mariadb enabled=true state=started
handlers-->main.yml
- name: restart mariadb
service: name=mariadb state=restarted
files-->my.cnf
運行playbook
man ansible-playbook
ansible-playbook site.yaml
yum clean all
yum update
安裝ansible
查詢是否有ansible yum list *ansile
查看該ansible的信息 yum info ansible.noarch
安裝ansible
yum install ansible.noarch -y
2.ansible前期配置
cd /etc/ansible
主配置文件:ansible.cfg
主機清單inventory: hosts 存放主機IP 賬號密碼 或基於祕鑰認證
主機管理清單 /etc/ansible/hosts
[webserver] -->主機組 主機角色
192.168.122.7 -->主機ip
192.168.122.8
[dbserver]
192.168.122.9
ansible端傳公鑰給客戶主機
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
測試並執行命令
ssh 192.168.122.7 'date'
3.ansible模塊
查看文檔:man ansible-doc
查看ansible支持的所有模塊
ansible-doc -l
查看模塊怎麼使用
ansible-doc -s yum
基本語法 man ansiable查看命令的使用
ansible <host-pattern> [-f forks] [-m module_name] [-a args]
<host-pattern> 對哪些主機生效
[-f forks] 一批處理多少個主機 啓動多少個併發線程
[-m module_name] 使用哪個模塊
[-a args] 模塊特有的參數
常用模塊
默認command
ansible-doc -s command 查看 command模塊怎麼使用
ansible 192.168.122.7 -m command -a 'date' 主機192.168.122.7 用command模塊 指定參數(命令) date -a args
ansible webserver -m command -a 'date' 指定主機組
ansible all -m command -a 'date' 清單裏的所有主機
ansible all -m command -a 'tail -2 /etc/passwd'
可以不指定command 默認是 command模塊(該模塊不能使用變量)
ansible all -a ‘date’
cron模塊
ansible-doc -s cron 查看幫助
state absent移除任務 present加上任務
ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello" name="test cron job" state=present'
其他時間不加的默認都是* job定時任務執行的命令 name是註釋 state=present 是加上這個定時任務 也可以不寫默認加上
查看是否加上定時任務 ansible webserver -a 'crontab -l'
ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello" name="test cron job" state=present' 移除定時任務
user模塊
ansible-doc -s user 查看幫助
ansible all -m user -a 'name=haha' 創建haha
查看是否創建成功 ansible all -a 'tail /etc/passwd'
查看是否默認創建私有組 ansible all -a 'tail /etc/group'
刪除
ansible all -m user -a "name='haha' state=absent"
group模塊
ansible-doc -s group
ansible webserver -m group -a 'name=mysql gid=666 system=yes' 創建mysql組 gid:666 系統組
ansible webserver -m user -a 'name=mysql uid=666 group=mysql system=yes' 創建mysql用戶
ansible webserver -m user -a 'name=mysql uid=666 group=mysql shell="/sbin/nologin" ' 創建用戶 指定不登錄系統
copy模塊
ansible-doc -s copy
src:本地文件路徑 可以是相對路徑
dest: 遠端文件保存路徑 必須絕對路徑
ansible all -m copy -a 'src=/etc/fstab dest=/tmp/fstab.ansible owner=mysql mode=640' 本地文件/etc/fstab 複製到遠端=/tmp/fstab.ansible 屬主:mysql 權限640
查看複製是否成功 ansible all -a 'ls -al /tmp'
content=指定文件內容
ansible all -m copy -a 'content="hello world\nyou are welcome\n" dest=/tmp/test.ansible'
直接複製內容給遠端 並保存到遠端的指定文件
file模塊
ansible-doc -s file
ansible all -m file -a 'owner=root group=root mode=644 path=/tmp/fstab.ansible'
設置文件屬性 遠端文件路徑爲path=/tmp/fstab.ansible'
path:創建文件的路徑 可以使用name或dest來替換
src:遠端目標源文件
ansible all -m file -a 'path=/tmp/fstab.link src=/tmp/fstab.ansible state=link' 建軟連接
ping模塊
批量測試目標主機是否連通
ansible all -m ping ping所有主機
service模塊
管理服務
ansible-doc -s service
ansible webserver -m service -a 'enabled=true name=rpcbind state=started'
enabled:開機開啓服務 name:服務名稱 state: 狀態
ansible dbserver -m service -a 'enabled=true name=httpd state=started'
shell模塊
ansible-doc -s shell
用於有變量或特殊功能的命令時 用shell模塊
ansible all -m shell -a 'echo 123456 | passwd --stdin user1'
查看是否有密碼 cat /etc/shadow
script模塊
將本地腳本複製到遠程服務器並執行
ansible-doc -s script
ansible all -m script -a '~/test.sh'
yum模塊
ansible-doc -s yum
安裝程序包
name:指定安裝的程序 state:latest 最新或指定版本 state:absent 卸載 state:present 安裝 默認安裝
ansible all -m yum -a 'name=tree state=latest'
ansible all -m yum -a 'name=tree state=absent' 卸載
setup模塊
收集遠程主機的信息
包括主機 操作系統版本 IP地址
ansible-doc -s setup
4.ansible yaml模塊
yaml基礎元素: 變量 inventory 條件 迭代
playbook組成
Inventory
Modules
Ad Hoc Commands
playbooks
Tasks:任務 調用模塊完成任務
variables:變量
templates:模板
Handlers:處理器,某條件觸發時執行的操作
Roles:角色
playbook基本結構
- host:webserver
remote_user:
tasks:
- task1
module_name:module_args
- task2
比如:
nginx.yaml
- hosts: webserver
remote_user: root
tasks:
- name: create nginx group #任務名字
group: name=ginx gid=505 system=yes #group模板 後面是3個參數
- name: create nginx user #任務名字
user: name=nginx uid=505 group=nginx system=yes
- hosts: dbserver
remote_user: root
tasks:
- name: copy file to dbserver
copy: src=/etc/inittab dest=/tmp/inittab.ansible
ignore_errors: True #忽略所有錯誤
httpd.yaml
- hosts: webserver
remote_user: root
vars:
package: httpd #定義變量
service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest #使用變量{{package}}
- name: install configuration file for httpd
copy: src=/root/conf/httpd.conf dest-/etc/httpd/conf/httpd.conf
notify: #/etc/httpd/conf/httpd.conf 與之前發生改變時觸發handlers
- restart httpd
- name: start httpd serice
service: enabled=true name={{service}} state=started
handlers: notify觸發的任務
- name: restart httpd #與前面notify後面的一致
service: name=httpd state=restarted #模塊 操作
vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" ansiable_ssh_user=root ansible_ssh_pass=123456
[dbserver]
192.168.122.9 testvar="100.9"
var.yaml
- hosts: webserver
remote_user: root
tasks:
- name: copy file
copy: content="{{ansible_date_time}},{{testvar}}" dest=/tmp/var.ansible #引用ansible變量
條件測試:
when:
實例:cond.yaml
- hosts: all
remote_user: root
vars:
username: user10
tasks:
- name: create {{username}} user
user: name={{username}}
when: ansible_fqdn == ”www1.rhce.cc”
- name: add several users
user: name={{item}} state=present groups=wheel
with_items:
- testuser1
- testuser2
ansible變量獲取: ansible 192.168.122.7 -m setup
迭代:重複同類task時使用
調用item
定義循環列表: with_items
- name: add several users
user: name={{item}} state=present groups=wheel
with_items:
- testuser1
- testuser2
等同於:
- name: add several users
user: name=testuser1 state=present groups=wheel
- name: add several users
user: name=testuser2 state=present groups=wheel
with_items中的列表值也可以是字典,引用時要使用item.KEY
實例
- name add several users
user:name={{item.name}} state=present groups={{item.groups}}
with_items:
- {name: ’testuser1’, groups: ’wheel’}
- {name: ’testuser2’, groups: ’root’ }
相當於:
- name add several users
user: name=testuser1 state=present groups=wheel
- name add several users
user: name=testuser2 state=present groups=root
實例:
yum:name={{item.name}} state=present conf_file={{item.conf}}
with_items:
- {name: apache, conf: conffiles/httpd.conf}
- {name: php, conf: conffiles/php.ini}
- {name: mysql-server, conf: conffiles/my.cnf}
tempaltes:
可自定義主機名變量 也可以用ansible變量
vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" http_port=1007
[dbserver]
192.168.122.9 testvar="100.9" http_port=1009
模板
vim templates/httpd.conf.j2
Listen {{http_port}}
ServerName {{ansible_fqdn}}
修改playbook文件
cp httpd.yaml httpd2.yaml
vim http2.yaml
- hosts: all
remote_user: root
vars:
package: httpd
service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
notify:
- restart httpd
- name: after installed and started service
service: enabled=true name={{service}} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
tags:在playbook中可以爲某個任務定義一個標籤,執行此playbook時,通過命令
ansible-playbook httpd.yaml --tags="conf" 實現僅運行指定的tags 而非所有
特殊tags:
- always
無論指定哪個tags 這個tags都會運行
cp httpd2.yaml httpd3.yaml
vim httpd3.yaml
- hosts: all
remote_user: root
vars:
package: httpd
service: httpd
tasks:
- name: install httpd package
yum: name={{package}} state=latest
- name: install configuration file for httpd
template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
tags:
- conf
notify:
- restart httpd
- name: after installed and started service
service: enabled=true name={{service}} state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
roles:
1,目錄名同角色名
2,目錄結構有固定格式
files:直接複製的靜態文件
templates: 模板文件 或jinjia2
tasks:至少有main.yml文件,定義各tasks
hanlder:至少有一個main.yml文件,定義各handlers
vars:至少有一個main.yml文件,定義變量
meta:定義依賴關係等信息
3,site.yml 定義 playbook
實例:
ansible_playbooks/
├── roles
│ ├── dbserver
│ │ ├── files
│ │ │ └── my.cnf
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── meta
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ └── webserver
│ ├── files
│ │ └── httpd.conf
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│
└── site.yml
site.yaml
- hosts: 192.168.122.7
remote_user: root
roles:
- webserver
- hosts: 192.168.122.9
remote_user: root
roles:
- dbserver
- hosts: 192.168.122.8
remote_user: root
roles:
- webserver
- dbserver
webserver角色
tasks-->main.yml
- name: install httpd package
yum: name=httpd
- name: install configuration file
template: src=httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
notify:
- restart httpd
- name: start httpd
service: name=httpd state=started
handlers-->main.yml
- name: restart httpd
service: name=httpd state=restarted
templates-->httpd.conf.j2
dbserver角色
tasks-->main.yml
- name: install mysql-server package
yum: name=mariadb state=latest
- name: install configuration file
copy: src=my.cnf dest=/etc/my.cnf
tags:
- myconf
notify:
- restart mariadb
- name: start mariadb
service: name=mariadb enabled=true state=started
handlers-->main.yml
- name: restart mariadb
service: name=mariadb state=restarted
files-->my.cnf
運行playbook
man ansible-playbook
ansible-playbook site.yaml
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.