ansible

1.配置yum源：上傳epel.repo
yum clean all
yum update

安裝ansible
查詢是否有ansible   yum list *ansile
查看該ansible的信息   yum info ansible.noarch

安裝ansible
yum install ansible.noarch  -y


2.ansible前期配置
cd /etc/ansible
主配置文件:ansible.cfg
主機清單inventory:  hosts  存放主機IP 賬號密碼 或基於祕鑰認證

主機管理清單 /etc/ansible/hosts
[webserver]    -->主機組 主機角色
192.168.122.7  -->主機ip
192.168.122.8

[dbserver]
192.168.122.9

ansible端傳公鑰給客戶主機
ssh-keygen -t rsa

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

測試並執行命令
ssh 192.168.122.7  'date'


3.ansible模塊

查看文檔:man ansible-doc

查看ansible支持的所有模塊
ansible-doc  -l

查看模塊怎麼使用
ansible-doc -s  yum


基本語法 man ansiable查看命令的使用

ansible   <host-pattern>  [-f forks]   [-m module_name]   [-a args]

<host-pattern> 對哪些主機生效
[-f forks]  一批處理多少個主機 啓動多少個併發線程
[-m module_name] 使用哪個模塊
[-a args] 模塊特有的參數


常用模塊
默認command
ansible-doc -s command  查看 command模塊怎麼使用

ansible 192.168.122.7 -m command -a 'date'  主機192.168.122.7 用command模塊 指定參數(命令) date     -a args

ansible webserver -m command -a 'date'  指定主機組

ansible all  -m command -a 'date'  清單裏的所有主機

ansible all  -m command -a 'tail -2 /etc/passwd'

可以不指定command 默認是 command模塊(該模塊不能使用變量)
ansible  all  -a  ‘date’


cron模塊
ansible-doc -s cron 查看幫助
state   absent移除任務  present加上任務
ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello"  name="test cron job" state=present'

其他時間不加的默認都是*  job定時任務執行的命令 name是註釋 state=present 是加上這個定時任務 也可以不寫默認加上
查看是否加上定時任務 ansible webserver -a 'crontab -l'


ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello"  name="test cron job" state=present' 移除定時任務


user模塊
ansible-doc -s user 查看幫助

ansible all -m user  -a 'name=haha' 創建haha

查看是否創建成功 ansible all -a 'tail /etc/passwd'
查看是否默認創建私有組 ansible all -a 'tail /etc/group'

刪除
ansible all -m user  -a "name='haha' state=absent"


group模塊
ansible-doc -s group

ansible webserver -m group -a 'name=mysql gid=666 system=yes' 創建mysql組 gid：666 系統組

ansible webserver -m user -a 'name=mysql uid=666 group=mysql system=yes'  創建mysql用戶

ansible webserver -m user -a 'name=mysql uid=666 group=mysql shell="/sbin/nologin" ' 創建用戶 指定不登錄系統


copy模塊
ansible-doc -s copy
src:本地文件路徑 可以是相對路徑
dest: 遠端文件保存路徑 必須絕對路徑
ansible all -m copy -a 'src=/etc/fstab dest=/tmp/fstab.ansible owner=mysql mode=640'  本地文件/etc/fstab 複製到遠端=/tmp/fstab.ansible 屬主:mysql 權限640
查看複製是否成功 ansible all -a 'ls -al /tmp'

content=指定文件內容
ansible all -m copy -a 'content="hello world\nyou are welcome\n" dest=/tmp/test.ansible'
直接複製內容給遠端 並保存到遠端的指定文件


file模塊
ansible-doc -s file

ansible all -m file -a 'owner=root group=root mode=644 path=/tmp/fstab.ansible'
設置文件屬性 遠端文件路徑爲path=/tmp/fstab.ansible'

path:創建文件的路徑 可以使用name或dest來替換
src:遠端目標源文件
ansible all -m file -a 'path=/tmp/fstab.link src=/tmp/fstab.ansible state=link' 建軟連接



ping模塊
批量測試目標主機是否連通
ansible all -m ping  ping所有主機



service模塊
管理服務
ansible-doc -s service
ansible webserver -m service -a 'enabled=true name=rpcbind state=started'
enabled:開機開啓服務 name：服務名稱 state： 狀態
ansible dbserver -m service -a 'enabled=true name=httpd state=started'



shell模塊
ansible-doc -s shell
用於有變量或特殊功能的命令時 用shell模塊
ansible all -m shell  -a 'echo 123456 | passwd --stdin user1'
查看是否有密碼 cat /etc/shadow


script模塊
將本地腳本複製到遠程服務器並執行
ansible-doc -s script
 ansible all -m script -a  '~/test.sh'



yum模塊
ansible-doc -s yum
安裝程序包
name：指定安裝的程序 state：latest 最新或指定版本   state:absent 卸載 state:present 安裝     默認安裝
ansible all -m yum -a 'name=tree state=latest'
 ansible all -m yum -a 'name=tree state=absent'   卸載



setup模塊
收集遠程主機的信息
包括主機 操作系統版本 IP地址
ansible-doc -s setup


4.ansible  yaml模塊
yaml基礎元素:  變量 inventory 條件 迭代


playbook組成

Inventory
Modules
Ad Hoc Commands

playbooks
Tasks:任務 調用模塊完成任務
variables:變量
templates:模板
Handlers:處理器,某條件觸發時執行的操作
Roles:角色

playbook基本結構
- host:webserver
remote_user:
tasks:
  - task1
       module_name:module_args
  - task2

比如:

nginx.yaml
- hosts: webserver
  remote_user: root
  tasks:
  - name: create nginx group #任務名字
    group: name=ginx gid=505 system=yes #group模板  後面是3個參數
  - name: create nginx user #任務名字
    user: name=nginx uid=505 group=nginx system=yes
- hosts: dbserver
  remote_user: root
  tasks:
  - name: copy file to dbserver
    copy: src=/etc/inittab dest=/tmp/inittab.ansible
    ignore_errors: True  #忽略所有錯誤


httpd.yaml
- hosts: webserver
  remote_user: root
  vars:
    package: httpd  #定義變量
    service: httpd
  tasks:
    - name: install httpd package
      yum: name={{package}} state=latest  #使用變量{{package}}
    - name: install configuration file for httpd
      copy: src=/root/conf/httpd.conf  dest-/etc/httpd/conf/httpd.conf
      notify:   #/etc/httpd/conf/httpd.conf 與之前發生改變時觸發handlers
      - restart httpd
    - name: start httpd serice
      service: enabled=true name={{service}} state=started

  handlers:   notify觸發的任務
  - name: restart httpd #與前面notify後面的一致
    service: name=httpd state=restarted #模塊 操作

vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" ansiable_ssh_user=root ansible_ssh_pass=123456
[dbserver]
192.168.122.9 testvar="100.9"


var.yaml
- hosts: webserver
  remote_user: root
  tasks:
  - name: copy file
    copy: content="{{ansible_date_time}},{{testvar}}" dest=/tmp/var.ansible  #引用ansible變量


條件測試:
when：
實例:cond.yaml

- hosts: all
  remote_user: root
  vars:
    username: user10
  tasks:
    - name: create {{username}} user
      user: name={{username}}
      when:  ansible_fqdn == ”www1.rhce.cc”
    - name: add several users
      user: name={{item}} state=present groups=wheel
      with_items:
        - testuser1
        - testuser2


ansible變量獲取: ansible 192.168.122.7 -m setup


迭代:重複同類task時使用
調用item
定義循環列表: with_items
- name: add several users
  user: name={{item}} state=present groups=wheel
  with_items:
    - testuser1
    - testuser2

等同於:
 - name: add several users
   user: name=testuser1 state=present groups=wheel
 - name: add several users
   user: name=testuser2 state=present groups=wheel

with_items中的列表值也可以是字典，引用時要使用item.KEY
實例
- name add several users
  user:name={{item.name}}  state=present  groups={{item.groups}}
  with_items:
    - {name: ’testuser1’,  groups: ’wheel’}
    - {name: ’testuser2’,  groups: ’root’ }
   相當於:
- name add several users
  user: name=testuser1 state=present groups=wheel
- name add several users
  user: name=testuser2 state=present groups=root


實例：
yum:name={{item.name}}  state=present  conf_file={{item.conf}}
with_items:
  - {name: apache, conf: conffiles/httpd.conf}
  - {name: php, conf: conffiles/php.ini}
  - {name: mysql-server, conf: conffiles/my.cnf}


tempaltes:
可自定義主機名變量 也可以用ansible變量
vi /etc/ansible/hosts
[webserver]
192.168.122.7 testvar="100.7" http_port=1007
[dbserver]
192.168.122.9 testvar="100.9" http_port=1009

模板
vim templates/httpd.conf.j2
Listen  {{http_port}}
ServerName {{ansible_fqdn}}


修改playbook文件
cp httpd.yaml httpd2.yaml
vim http2.yaml
- hosts: all
  remote_user: root
  vars:
    package: httpd
    service: httpd
  tasks:
  - name: install httpd package
    yum: name={{package}} state=latest
  - name: install configuration file for httpd
    template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
    notify:
    - restart httpd
  - name: after installed and started service
    service: enabled=true name={{service}} state=started

  handlers:
  - name: restart httpd
    service: name=httpd state=restarted


tags:在playbook中可以爲某個任務定義一個標籤，執行此playbook時，通過命令
ansible-playbook httpd.yaml --tags="conf"  實現僅運行指定的tags 而非所有

特殊tags:
    - always
無論指定哪個tags 這個tags都會運行

cp httpd2.yaml httpd3.yaml
vim httpd3.yaml
- hosts: all
  remote_user: root
  vars:
    package: httpd
    service: httpd
  tasks:
  - name: install httpd package
    yum: name={{package}} state=latest
  - name: install configuration file for httpd
    template: src=/root/templates/httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
    tags:
    - conf
    notify:
    - restart httpd
  - name: after installed and started service
    service: enabled=true name={{service}} state=started

  handlers:
  - name: restart httpd
    service: name=httpd state=restarted


roles:
1,目錄名同角色名
2,目錄結構有固定格式
  files：直接複製的靜態文件
  templates： 模板文件 或jinjia2
  tasks:至少有main.yml文件,定義各tasks
  hanlder:至少有一個main.yml文件,定義各handlers
  vars:至少有一個main.yml文件,定義變量
  meta:定義依賴關係等信息
3,site.yml 定義 playbook

實例:
ansible_playbooks/
├── roles
│   ├── dbserver
│   │   ├── files
│   │   │   └── my.cnf
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── meta
│   │   ├── tasks
│   │   │   └── main.yml
│   │   ├── templates
│   │   └── vars
│   └── webserver
│       ├── files
│       │   └── httpd.conf
│       ├── handlers
│       │   └── main.yml
│       ├── meta
│       ├── tasks
│       │   └── main.yml
│       ├── templates
│       └── vars
│
└── site.yml



site.yaml
- hosts: 192.168.122.7
  remote_user: root
  roles:
  - webserver

- hosts: 192.168.122.9
  remote_user: root
  roles:
  - dbserver


- hosts: 192.168.122.8
  remote_user: root
  roles:
  - webserver
  - dbserver


webserver角色
tasks-->main.yml
- name: install httpd package
  yum: name=httpd
- name: install configuration file
  template: src=httpd.conf.j2 dest=/etc/httpd/conf.d/http.conf
  notify:
  - restart httpd
- name: start httpd
  service: name=httpd state=started

handlers-->main.yml
- name: restart httpd
  service: name=httpd state=restarted

templates-->httpd.conf.j2

dbserver角色
tasks-->main.yml
- name: install mysql-server package
  yum: name=mariadb state=latest
- name: install configuration file
  copy: src=my.cnf dest=/etc/my.cnf
  tags:
  - myconf
  notify:
  - restart mariadb
- name: start mariadb
  service: name=mariadb enabled=true state=started


handlers-->main.yml
- name: restart mariadb
  service: name=mariadb state=restarted

files-->my.cnf


運行playbook
man ansible-playbook
ansible-playbook site.yaml