ansible

inventory

ANSIBLE_CONFIG
ansible.cfg 项目目录
./ansible.cfg 当前用户的家目录
/etc/ansible/ansible.cfg

[root@manager ~]# cat /etc/ansible/ansible.cfg 

inventory = /etc/ansible/hosts #主机列表配置文件

library = /usr/share/my_modules/ #库文件存放目录

remote_tmp = ~/.ansible/tmp #临时py文件存放在远程主机目录

local_tmp = ~/.ansible/tmp #本机的临时执行目录

forks = 5 #默认并发数

sudo_user = root #默认sudo用户

ask_sudo_pass = True #每次执行是否询问sudo的ssh密码

ask_pass = True #每次执行是否询问ssh密码

remote_port = 22 #远程主机端口

host_key_checking = False #跳过检查主机指纹
log_path = /var/log/ansible.log #ansible日志

[privilege_escalation] #如果是普通用户则需要配置提权

become=True

become_method=sudo

become_user=root

become_ask_pass=False

生成密钥

生成密钥名字为dsa ， 生成的时候会提示生成的密钥的路径以及密码，可以不输入，默认在 ~/.ssh/目录下

ssh-keygen -t dsa

将生成的公钥上传到指定的服务器中

ssh-copy-id -i ~/.ssh/id_dsa.pub user@192.168.0.201

创建工作目录

mkdir project1/

vim hosts 

[youto]
192.168.0.201
192.168.0.202

Ad-Hoc

[ ping ] ansible youto -m ping -i hosts

[查看磁盘信息] ansible youto -m shell -a "df -h" -i hosts

command 不能支持管道符

playbook

[][]

示例

检查yum语法

ansible-palaybook --syntax http.yml

nfs.yaml

nfs 的 配置文件 exports.j2

/data 192.168.0.201(rw)

[共享文件夹] [允许访问主机] (权限)

- hosts: 192.168.0.202
  tasks:
    # yum 安装 nfs-utils
    - name: Install NFS Server
      yum: name=nfs-utils state=present
    # 分发 配置文件
    - name: Configure NFS Server
      copy: src=./exports.j2 dest=/etc/exports backup=yes
    # 创建 组
    - name: Create NFS Group
      group: name=nfss gid=666
    # 创建 用户
    - name: Create NFS User
      user: name=nfss uid=666 group=666 shell=/sbin/nologin create_home=no
    # 创建 共享文件夹
    - name: Create NFS Data
      file: path=/data state=directory owner=nfss group=nfss recurse=yes
    # 开启 nfs 服务
    - name: Service NFS Server
      service: name=nfs state=started enabled=yes

- hosts: 192.168.0.201
  tasks:
    # 创建 挂载目录
    - name: Client Create NFS Data
      file: path=/nfs_tt state=directory
    # 挂载
    - name: Client Mount NFS Server
      mount: 
        src: 192.168.0.202:/data
        path: /nfs_tt
        fstype: nfs
        opts: defaults
        state: mounted      

清空原来http软件

ansible youto -m yum -a "name=httpd state=absent" -i hosts

http.yml

tt.j2 (index.html 显示页面)

httpd.conf.j2 (httpd 配置文件)

- hosts: 192.168.0.202
  tasks:
   yum install httpd
    # yum 安装 httpd
    - name: Install Httpd Server
      yum: name=httpd state=present
    # 修改 httd.conf 配置文件
    - name: Configure Httpd Server
      copy: src=./httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf backup=yes  
    # 设置 web 页面
    - name: Configure Httpd WebSite
      copy: src=./tt.j2 dest=/var/www/html/tt.html owner=root group=root mode=644
    # 开启 httpd 服务
    - name: Service Httpd Server
      service: name=httpd state=started enabled=yes
    # 开启 firewalld
    - name: Service Firewalld Server
      service: name=firewalld state=started
    # 放行 9988 端口
    - name: Configure Firewalld Server
      firewalld: zone=public port=9988/tcp permanent=yes immediate=yes state=enabled

卸载php71w

yum list installed |grep php71w|awk '{print $1}'|xargs|sed -r 's#(.*)#yum remove -y \1#g'|bash

lamp.yml

wget http://static.kodcloud.com/update/download/kodexplorer4.40.zip

- hosts: 192.168.0.201
  tasks:
    # yum 安装 httpd php  
    - name: Install Httpd PHP firewalld
      yum: name=httpd,php,php-pdo,php-mbstring,php-gd,firewalld state=present
    # 开启 httpd 服务
    - name: Service Httpd Server
      service: name=httpd state=started
    # 开启防火墙
    - name: Service Firewalld Server
      service: name=firewalld state=started
    # 放行 80 端口
    - name: Configure Firewalld
      firewalld: port=80/tcp immediate=yes state=enabled
    # 获取 tt.php
    - name: Get Url index.php
      get_url:
        url: http://fj.xuliangwei.com/public/index.php
        dest: /var/www/html/tt.php
    # 获取并解压 kodexplorer4.40 
    - name: Copy Kod Cloud Code 
      unarchive: src=./kodexplorer4.40.zip dest=/var/www/html/ mode=0777

    - name: Chown Directory 
      file: path=/var/www/html owner=apache group=apache recurse=yes 

变量

定义变量

1. playbook的yaml文件中定义变量赋值

- hosts: all
  vars:  #定义变量
    file_name: bgx_yaml_vars

  tasks:
  - name: # {{ file_name }}引用上面定义的变量
    file: path=/tmp/{{ file_name }} state=touch

#playbook执行，在/tmp目录创建bgx_yaml_vars文件
[root@manager ~]# ansible-playbook f1.yml

2. --extra-vars执行参数赋给变量

- hosts: all

  tasks:
  - name: Create New File
    file: path=/tmp/{{ file_name }} state=touch

#playbook执行时传入file_name变量的参数，在/tmp目录创建bgx_extra-vars文件
[root@manager ~]# ansible-playbook f2.yml --extra-vars "file_name=bgx_extra-vars"

3. 在文件中定义变量

在/etc/ansible/hosts主机组中定义，然后使用palybook进行调度该变量

[root@manager ~]# cat /etc/ansible/hosts
[nfs]
10.0.0.20
[nfs:vars]
file_name=bgx_filename

变量优先级

1.extra-vars外置传参的优先级最高 [所有执行的主机都生效]
2.定义在yml文件中的优先级其次 [所有执行的主机都生效]
3.hosts文件中定义的变量优先级最低 [当前主机组定义会生效]

变量注册

register关键字可以存储指定命令的输出结果到一个自定义的变量中

[root@manager ~]# cat f5.yml
- hosts: all
  tasks:
    - name:
      shell: netstat -lntp
      register: System_Status

    - name: Get System Status
      debug: msg={{System_Status.stdout_lines}}

when ( 判断 )

- hosts: all
  tasks:
        #检查httpd服务是否是活动的
    - name: Check Httpd Server
      command: systemctl is-active httpd
      ignore_errors: yes
      register: check_httpd

      #如果check_httpd变量中的rc结果等于0，则执行重启httpd，否则跳过
    - name: Httpd Restart 
      service: name=httpd state=restarted
      when: check_httpd.rc == 0

when

with_items ( 循环 )

- hosts: webserver
  tasks:
     - name: Create User 
       user: name={{ item.name }} groups={{ item.groups }} state=present
       with_items:
         - { name: 'www', groups: 'bin'}
         - { name: 'test', groups: 'root'}

with_items item

handlers （ 触发器 ）

- hosts: webserver

#1.定义变量，在配置文件中调用
  vars:
    http_port: 8881

#2.安装httpd服务
  tasks:
    - name: Install Httpd Server
      yum: name=httpd state=present

#3.使用template模板，引用上面vars定义的变量至配置文件中
    - name: Configure Httpd Server
      template: src=./httpd.conf dest=/etc/httpd/conf/httpd.conf
      notify:   #调用名称为Restart Httpd Server的handlers(可以写多个)
        - Restart Httpd Server

#4.启动Httpd服务
    - name: Start Httpd Server
      service: name=httpd state=started enabled=yes

#5.如果配置文件发生变化会调用该handlers下面的对应名称的task
  handlers:
    - name: Restart Httpd Server
      service: name=httpd state=restarted

notify handlers

include ( 包含)

[root@ansible project1]# cat restart_httpd.yml  #注意这是一个tasks所有没有play的任何信息
- name: Restart Httpd Server
  service: name=httpd state=restarted


[root@ansible project1]# cat a_project.yml 
- hosts: webserver
  tasks:
    - name: A Project command
      command: echo "A"

    - name: Restart httpd
      include: restart_httpd.yml

导入一个完整的playbook文件   (play task)
[root@m01 project1]# cat tasks_total.yml 
- import_playbook: ./tasks_1.yml
- import_playbook: ./tasks_2.yml

tags ( 标签)

指定执行某个tags标签
[root@m01 docs1]# ansible-playbook -i hosts nginx_php.yml -t "test_user"

忽略执行某个tags标签
[root@m01 docs1]# ansible-playbook -i hosts nginx_php.yml --skip-tags "test_user"

igneore_errors ( 错误处理)

1.强制调用handlers

- hosts: webserver
  force_handlers: yes #强制调用handlers

  tasks:
    - name: Touch File
      file: path=/tmp/bgx_handlers state=touch
      notify: Restart Httpd Server

    - name: Installed Packages
      yum: name=sb state=latest

  handlers:
    - name: Restart Httpd Server
      service: name=httpd state=restarted

2.关闭changed的状态(确定该tasks不会对被控端做任何的修改和变更.)

- hosts: webserver
  tasks:
    - name: Installed Httpd Server
      yum: name=httpd state=present

    - name: Service Httpd Server
      service: name=httpd state=started

    - name: Check Httpd Server
      shell: ps aux|grep httpd
      register: check_httpd
      changed_when: false

    - name: OutPut Variables
      debug:
        msg: "{{ check_httpd.stdout_lines }}"

3.使用changed_when检查tasks任务返回的结果

- hosts: webserver
  tasks: 

    - name: Installed Nginx Server
      yum: name=nginx state=present

    - name: Configure Nginx Server
      copy: src=./nginx.conf.j2 dest=/etc/nginx/nginx.conf
      notify: Restart Nginx Server

    - name: Check Nginx Configure Status
      command: /usr/sbin/nginx -t
      register: check_nginx
      changed_when: 
       - ( check_nginx.stdout.find('successful'))
       - false

    - name: Service Nginx Server
      service: name=nginx state=started 


  handlers:
    - name: Restart Nginx Server
      service: name=nginx state=restarted

jinja语法

{% if EXPR %}...{% elif EXPR %}...{% endif%} 作为条件判断

--------------------------------------判断语句
{% if ansible_fqdn == "web01" %}
    echo "123"
{% elif ansible_fqdn == "web02" %}
    echo "456"
{% else %}
    echo "789"
{% endif %}

--------------------------------------循环语句
{% for i in EXPR %}...{% endfor%} 作为循环表达式
{% for i in range(1,10) %}
     server 172.16.1.{{i}};
{% endfor %}

{# COMMENT #} 表示注释

Roles

Roles基于一个已知的文件结构 tasks handlers templates .....

Roles小技巧:

1. 创建roles目录结构，手动或使用ansible-galaxy init test roles
2. 编写roles的功能，也就是tasks。
3. 最后playbook引用roles编写好的tasks

[root@m01 project2]# mkdir memcached/{tasks,handlers,templates,vars,files} -pv
mkdir: 已创建目录 "memcached"
mkdir: 已创建目录 "memcached/tasks"
mkdir: 已创建目录 "memcached/handlers"
mkdir: 已创建目录 "memcached/templates"
mkdir: 已创建目录 "memcached/vars"
mkdir: 已创建目录 "memcached/files"
[root@m01 project2]# mkdir {nginx,php-fpm}/{tasks,handlers,templates} -p

galaxy
/root/.ansible/roles

1.使用roles创建Rsync服务, 目录结构如下

[root@m01 roles]# tree /etc/ansible/roles/
/etc/ansible/roles/
├── hosts
├── rsync
│   ├── files
│   │   ├── rsyncd.conf
│   │   └── rsync.passwd
│   ├── handlers
│   │   └── main.yml
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   └── vars
├── site.yml

2.定义roles主机清单

[root@m01 roles]# cat /etc/ansible/roles/hosts 
[backup]
172.16.1.41

3.指定backup主机组，执行那个roles

[root@m01 roles]# cat /etc/ansible/roles/site.yml 
- hosts: backup
  remote_user: root
  roles:
    - rsync

4.查看rsync角色的tasks任务

[root@m01 roles]# cat /etc/ansible/roles/rsync/tasks/main.yml 
- name: Install Rsync Server
  yum: name=rsync state=present

- name: Configure Rsync Server
  copy: src={{ item.src }} dest=/etc/{{ item.dest }} mode={{ item.mode }}
  with_items:
    - {src: "rsyncd.conf", dest: "rsyncd.conf", mode: "0644"}
    - {src: "rsync.passwd", dest: "rsync.passwd", mode: "0600"}
  notify: Restart Rsync Server

- name: Start Rsync Server
  service: name=rsyncd state=started enabled=yes

5.查看rsync角色的handlers

[root@m01 roles]# cat /etc/ansible/roles/rsync/handlers/main.yml 
- name: Restart Rsync Server
  service: name=rsyncd state=restarted

6.查看rsync角色的files目录

[root@m01 roles]#  ll /etc/ansible/roles/rsync/files/
total 8
-rw-r--r-- 1 root root 322 Nov 16 18:49 rsyncd.conf
-rw------- 1 root root  20 Nov 16 18:30 rsync.passwd

8.执行roles，使用-t指定执行测试rsync角色

[root@m01 roles]# ansible-playbook -i hosts  -t rsync site.yml 
PLAY [backup] ********************************************************************************************

TASK [Gathering Facts] ********************************************************************************
ok: [172.16.1.41]

TASK [backup : Install Rsync Server] ***********************************************************************
ok: [172.16.1.41]

TASK [backup : Configure Rsync Server] *********************************************************************
ok: [172.16.1.41]

TASK [backup : Start Rsync Server] *************************************************************************
ok: [172.16.1.41]

PLAY RECAP ***********************************************************************************=0    failed=0