1.安装介绍ansible
yum install ansible -y
[root@db01 ~]# ansible --version
ansible 2.9.18
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Apr 2 2020, 13:16:51) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
[root@db01 ~]# rpm -ql ansible |less
/etc/ansible/ansible.cfg 配置文件
/etc/ansible/hosts 主机清单
/etc/ansible/roles 存放角色的目录
/usr/bin/ansible-galaxy 上传或者下载 ansible 官网上的代码或者role模块
/usr/bin/ansible-doc 帮助文件
/usr/bin/ansible-playbook 编排工具
/usr/bin/ansible-vault 文件加密工具
/usr/bin/ansible-console 交互工具
2.ansible 主机清单
[root@db01 ~]# vim /etc/ansible/ansible.cfg 修改后无需重启直接生效
[defaults]
#inventory = /etc/ansible/hosts 主机清单文件
#library = /usr/share/my_modules/ 库文件目录
#remote_tmp = ~/.ansible/tmp 临时py命令文件复制到远程主机 目录
#local_tmp = ~/.ansible/tmp 本机临时命令执行目录
#forks = 5 并发数
#sudo_user = root 默认sudo用户
#ask_sudo_pass = True 执行ansible命令是否询问ssh密码
#ask_pass = True
#remote_port = 22
#module_lang = C
#module_set_locale = False 检查对应服务器的host_key 建议取消注释 就是连接时选择yes
#log_path = /var/log/ansible.log 日志文件 建议启用
#module_name = command 默认模块 可以修改为shell模块
[root@db01 ~]# vim /etc/ansible/hosts
[websrvs]
10.0.0.[155:156]
[dbsrvs]
10.0.0.157
#10.0.0.157:22222 如果端口不是22需注明
[webdb]
10.0.0.155
10.0.0.157
all 所有主机
*srvs 支持通配符 例如:10.0.0.* ansible "10.0.0.*" -m ping
或的关系 例如: 'websrvs:webdb' 也可以使用正则表达式 '~(web|db)srvs'
与的关系 例如:'websrvs:&webdb'
非的关系 例如:'websrvs:!webdb'
3.ansible命令
ansible <host-pattern> [-m module_name] [-a args]
-m module 指定模块
-v 详细过程 -vv -vvv 跟详细 ansible all -vv -m ping
--list-hosts 显示主机列表 --list也可以
-k ,--ask-pass 提示连接主机的密码
-K ,--ask-become-pass 提示sudo的口令
-C ,--check 检查 不执行
-T ,--timeout=TIMEOUT 超时时间 默认是10s
-u ,--user=REMOTE_USER 执行远程的用户
-b ,--become 代替旧版的sudo切换
ansible all --list 查看当前管理主机列表
[root@db01 ~]# ansible all --list
hosts (3):
10.0.0.155
10.0.0.157
10.0.0.156
ansible-doc -a 显示所有模块文档
-l ;--list 列出可用模块
-s ; --snippet 显示指定模块的playbook 片段
例如:
ansible-doc -l 列出所有模块
ansible-doc ping 指定模块的帮助用法 详细
ansible-doc -s ping 指定模块帮助用法 简短
免密验证脚本
#!/bin/bash
[ ! -f /root/.ssh/id_rsa ] && ssh-keygen -f /root/.ssh/id_rsa -P ''
NET=10.0.0
export SSHPASS=123
for IP in {155..157};do
sshpass -e ssh-copy-id $NET.$IP
done
4. ansible命令执行过程
1.加载自己的配置文件 默认/etc/ansible/ansible.cfg
2.加载自己对应的模块文件 如command
3.通过ansible模块或者命令生成对应的临时py文件,并将该文件传输至远程服务器对应的执行用户下$/.ansible/tmp/ansible-tmp-数字/XXX.py文化
4.给文件+x执行
5.执行并返回结果
6.删除临时py文件,退出
ansible 执行的时候 会将命令转为python脚本复制到远程主机上,~/.ansible/tmp下 执行然后删除
ansible all -vvv -m ping |grep rm 查看过程
10.0.0.155 '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1616115426.96-21681-75128890775493/ > /dev/null 2>&1 && sleep 0'
vim /etc/ansible/ansible.cfg 配置中关于颜色的修改
[colors]
#highlight = white
#verbose = blue
#warn = bright purple
#error = red
#debug = dark gray
#deprecate = purple
#skip = cyan
#unreachable = red
#ok = green
#changed = yellow
#diff_add = green
#diff_remove = red
#diff_lines = cyan
5. absible 命令
5.1 command 模块 默认模块
不支持 $VARNAME变量 < > | ; & 等 这些需要shell模块支持
ansible-doc -s command
chdir: 切换目录
creates: 如果存在就不运行命令
removes:如果存在就运行命令
ansible dbsrvs -m command -a 'creates=/etc/fstab1 cat /etc/fstab' 如果fstab1 不存在 执行后面命令
ansible dbsrvs -m command -a 'removes=/etc/fstab1 cat /etc/fstab' 如果fstab1 不存在 不执行后面的命令
ansible dbsrvs -m command -a 'chdir=/data ls' 切换/data 目录 ls查看
5.2 shell 模块
ansible dbsrvs -m shell -a '>/data/f1'
ansible dbsrvs -m shell -a 'rm -rf /data/*'
ansible dbsrvs -a 'echo 123| passwd --stdin root'
ansible dbsrvs -m shell -a 'creates=/etc/fstab1 cat /etc/fstab' 跟command 命令一样
[root@db01 ~]# vim /etc/ansible/ansible.cfg 修改shell为默认模块
#module_name = command
module_name = shell
5.3 script 模块 将本地脚本复制到远程并执行
ansible dbsrvs -m script -a '/root/ansible/hostname.sh'
5.4 copy 模块
backup 是否备份
attributes 属性
src 源文件
dest 目的文件
mode 文件夹属性
owner 所有者
content 文件内容
backup 是否备注之前的文件
ansible dbsrvs -m copy -a 'src=/root/ansible/config dest=/etc/selinux/ backup=yes' 复制文件如果更改备份之前的文件
ansible dbsrvs -m copy -a 'content="hello\nthanks\n" dest=/data/f1' 远程创建文件 内容是
5.5 fetch 模块
fetch 与copy模块相反 将客户端文件复制到本地服务器上 只能抓取单个文件 不能是目录 如果是目录建议tar包 到本地在解压
ansible dbsrvs -m fetch -a 'src=/var/log/messages dest=/root/ansible' 抓取messages 到本地
5.6 file 模块
owner 属主
group 属组
state directory 目录
touch 是文件
link 软连接
absent 缺席 删除
path name dest 目录或者文件名称
ansible dbsrvs -m file -a 'path=/data/test.log state=touch owner=mysql group=mysql'
ansible dbsrvs -m file -a 'dest=/data/f3.link src=/etc/fstab state=link' 创建软连接
ansible dbsrvs -m file -a 'dest=/data/f3.link state=absent' 删除
ansible dbsrvs -m file -a 'name=/data/f2 state=touch' 文件
ansible dbsrvs -m shell -a 'ls /data/f2 '
ansible dbsrvs -m file -a 'name=/data/f2 state=absent' 删除目录
5.7 unarchive 模块 解压缩
copy=yes 本地传输远程 然后解压缩指定目录 默认
copy=no 远程存在包解压缩指定目录
ansible dbsrvs -m unarchive -a 'src=etc.tar.gz dest=/data copy=yes mode=0755 '
在远程主机上解压文件并设置权限:
ansible all -m unarchive -a 'src=/srv/tomcat8/apache-tomcat-8.0.29.tar.gz dest=/usr/local copy=no mode=0755'
解压ansible管理机上的压缩文件到远程主机并设置权限:
ansible all -m unarchive -a "src=/tmp/install/zabbix-3.0.4.tar.gz dest=/tmp/ mode=0755 copy=yes"
5.8 archive 模块 压缩
ansible dbsrvs -m archive -a 'path=/var/log/ dest=/data/log.tar.gz format=gz mode=0600'
ansible dbsrvs -m fetch -a 'src=/data/log.tar.gz desc=/root'
5.9 hostname 模块 修改主机名
ansible dbsrvs -m hostname -a 'name=dbsrvs.local.cn'
5.10 cron 模块 定时计划任务
支持 minute hour day mouth weekday
ansible dbsrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="back mysql" job="/root/mysql.sh & >/dev/null" '
注释禁用计划任务
ansible dbsrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="back mysql" job="/root/mysql.sh & >/dev/null" disabled=yes '
取消禁用计划任务
ansible dbsrvs -m cron -a 'hour=2 minute=30 weekday=1-5 name="back mysql" job="/root/mysql.sh & >/dev/null" disabled=no '
删除计划任务
ansible dbsrvs -m cron -a 'name="back mysql" state=absent'
5.11 yum 模块
ansible dbsrvs -m yum -a 'name=vsftpd state=present' 安装
ansible dbsrvs -m yum -a 'name=vsftpd state=absent' 卸载
ansible dbsrvs -m yum -a 'list=installed' 列出已经安装程序
5.12 service 模块
ansible dbsrvs -m service -a 'name=vsftpd state=started enabled=yes'
ansible dbsrvs -m service -a 'name=vsftpd state=stopped'
5.13 group 模块
ansible dbsrvs -m group -a 'name=nginx system=yes gid=80'
5.14 user 模块
group 主组
groups 附加组
remove 删除用户家目录
ansible dbsrvs -m user -a 'name=nginx shell=/sbin/nologin system=yes home=/var/nginx groups=root,bin uid=80 comment="nginx service"'
ansible dbsrvs -m user -a 'name=nginx state=absent remove=yes'
5.15 lineinfile 模块 相当于sed 可以修改内容
ansible dbsrvs -m lineinfile -a "path=/etc/selinux/config regexp='^SELINUX=' line='SELINUX=disabled'" 注释selinux
ansible dbsrvs -m lineinfile -a 'dest=/etc/fstab state=absent regexp="^#"' 删除#号开头的行
5.16 replace 模块 相当于sed 主要用于正则进行的匹配和替换
ansible dbsrvs -m replace -a "path=/etc/fstab regexp='^(UUID.*)' replace='#\1'" 以uuid开头注释
ansible dbsrvs -m replace -a "path=/etc/fstab regexp='^#(.*)' replace='\1'" 以#号开头取消注释
5.17 setup 模块 收集远程主机的信息
ansible dbsrvs -m setup
"ansible_distribution_major_version": "7",
"ansible_nodename": "dbsrvs.local.cn",
ansible dbsrvs -m setup -a 'filter=ansible_distribution_major_version' 根据条件过滤
ansible dbsrvs -m setup -a 'filter=ansible_processor*'
6. playbook
6.1 yaml语言 语法简介
https://yaml.org/
http://www.json2yaml.com/
- 单一文件第一行 用连续三个'-开始,或者三个点(...) 用来表示文件的结尾
- 次行开始正常写playbook内容,一般建议写明该playbook的功能
- 使用#号表示注释
- 缩进必须统一的,不能使用空格和tab键混用
- 缩进级别必须一致,同样的缩进代表同样的级别,程序判断根据缩进结合换行来实现的。
- yaml区分大小写,key/value 均大小写敏感
- 多个键值对可换行写,也可以同行写但用,分隔
- value 可以是字符串,也可以是列表
- 一个完整的代码块功能需最少元素包括name和task
- 一个name只能包括一个task
- yaml文件扩展名通常是yml或yaml
6.2 yaml语言 list列表
列表由多个元素组成 且元素前均使用"-"打头
- 空格 元素
- apple
- orange
- lemon
- mango
或者
[apple,orange,lemon,mango]
6.3 yaml语言 dictionary 字典
字典通常由多个key与value组成
name: zhangsan
job: test
age: 27
或者
{name: "zhangsan" , job: "test" , age: 27 }
6.4 playbook 核心元素
- hosts 执行的远程主机
- tasks 任务集
- variables 内置变量或自定义变量在playbook中调用
- templates 模板 可替换模板文件中的变量并实现一些简单逻辑的文件
- handlers 和 notify 结合使用,由特定条件触发的操作,满足条件方可执行否则不执行
- tags标签 指定某条任务执行,用于选择执行playbook中的部分代码,方便后面执行那些需要修改的内容
案例:
---
- hosts: dbsrvs
remote_user: root #以root身份运行
gather_facts: no #默认会收集主机的信息 取消收集
tasks:
- name: installed httpd
yum: name=httpd state=installed
- name: copy httpd conf
copy: src=file/httpd.conf dest=/etc/httpd/conf/ backup=yes
- name: start service
service: name=httpd state=started enabled=yes
6.5 ansible-playbook 命令
ansible-playbook <FILENAME.YML> ... [options]
--check -C 检测可能发生的改变但是不执行
--list-hosts 运行任务的主机
--list-tags 列出tag
--list-tasks 列出task
--limit 主机列表 只针对主机列表中特定主机运行
-v -vv -vvv 显示过程
ansible-playbook --check http.yml
ansible-playbook http.yml --limit 10.0.0.157
[root@db01 playbook]# cat mysql_user.sql
---
- hosts: dbsrvs
remote_user: root
gather_facts: no
tasks:
- name: create group
group: name=mysql system=yes gid=306
- name: create user
user: name=mysql shell=/sbin/nologin system=yes group=mysql uid=306 home=/data/mysql create_home=no
[root@db01 playbook]# vim remove_http.yaml
---
- hosts: dbsrvs
remote_user: root
gather_facts: no
tasks:
- name: stop httpd
service: name=httpd state=stopped
- name: remove httpd
yum: name=httpd state=absent
- name: remove config file
file: name=/etc/httpd state=absent
ansible 安装二进制mysql5.7
[root@db01 playbook]# vim mysql.yml
---
- hosts: dbsrvs
remote_user: root
gather_facts: no
tasks:
- name: install packaes
yum: name=libaio-devel state=present
- name: create group mysql
group: name=mysql system=yes gid=306
- name: create user mysql
user: name=mysql shell=/sbin/nologin system=yes group=mysql uid=306 home=/data/mysql create_home=no
- name: copy tar unarchive
unarchive: src=/root/mysql-5.7.32-linux-glibc2.12-x86_64.tar.gz dest=/usr/local
- name: link
file: src=/usr/local/mysql-5.7.32-linux-glibc2.12-x86_64 dest=/usr/local/mysql state=link
- name: copy env
copy: src=file/mysql.sh dest=/etc/profile.d/mysql.sh
- name: shell env
shell: source /etc/profile.d/mysql.sh
- name: create dir
file: name=/data/mysql state=directory owner=mysql group=mysql
- name: data dir
shell: mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/data/mysql
tags: data
- name: copy my.cnf
copy: src=file/my.cnf dest=/etc/my.cnf
- name: copy serivce
copy: src=file/mysqld.service dest=/etc/systemd/system/mysqld.service
- name: service
service: name=mysqld state=started enabled=yes
[root@db01 playbook]# vim file/my.cnf
[mysqld]
user=mysql
basedir=/usr/local/mysql
datadir=/data/mysql
socket=/tmp/mysql.sock
server_id=6
log-bin
port=3306
innodb_file_per_table=on
[mysql]
socket=/tmp/mysql.sock
prompt=3306 [\\d]>
[root@db01 playbook]# vim file/mysql.sh
export PATH=/usr/local/mysql/bin:$PATH
[root@db01 playbook]# vim file/mysqld.service
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/etc/my.cnf
LimitNOFILE = 500
6.6 playbook中使用handlers和notify 命令触发器
[root@db01 playbook]# vim http1.yml
---
- hosts: dbsrvs
remote_user: root #以root身份运行
tasks:
- name: installed httpd
yum: name=httpd state=installed
- name: copy httpd conf
copy: src=file/httpd.conf dest=/etc/httpd/conf/ backup=yes
notify: restart httpd #名字跟 handlers 必须一样 检测到文件变化的会重启 第一次都会执行
- name: start service
service: name=httpd state=started enabled=yes
handlers:
- name: restart httpd #名字跟 notify 必须一样
service: name=httpd state=restarted
6.7 playbook中tags组件
- hosts: dbsrvs
remote_user: root #以root身份运行
tasks:
- name: installed httpd
yum: name=httpd state=installed
- name: copy httpd conf
copy: src=file/httpd.conf dest=/etc/httpd/conf/ backup=yes
tags: config
- name: start service
service: name=httpd state=started enabled=yes
ansible-playbook http2.yml --list-tags 显示yml文件中tags
ansible-playbook http2.yml -t config 只执行yml文件中tags
6.8 playbook中变量
变量名由字母 数字 下划线,字母开头 {{空格 变量名 空格}} {{ variable_name }} 有时"{{ variable_name }}"
1. 通过ansible中setup facts 远程主机的所有变量可以直接调用
[root@db01 playbook]# vim vars1.yml
---
- hosts: dbsrvs
remote_user: root
tasks:
- name: create log file
file: name=/data/{{ ansible_nodename }}.log state=touch owner=mysql group=mysql mode=600
2.通过命令行指定面临,优先级最高
ansible-playbook -e varname=value
3.在playbook文件中定义
vars:
- var1: value1
- var2: value2
[root@db01 playbook]# vim var2.yml
---
- hosts: dbsrvs
remote_user: root
vars:
- username: user1
- groupname: group1
tasks:
- name: create group
group: name={{ groupname }} state=present
- name: create user
user: name={{ username }} state=present
ansible-playbook -e "username=user2 groupname=group2" var2.yml 使用-e优先级最高 覆盖里面赋值
4.使用变量文件
[root@db01 playbook]# vim var3.yml
---
pack: vsftpd
service: vsftpd
[root@db01 playbook]# vim install_app.yml
---
- hosts: dbsrvs
remote_user: root
vars_files:
- var3.yml
tasks:
- name: installed pack
yum: name={{ pack }} state=installed
- name: start service
service: name={{ service }} state=started enabled=yes
5.主机清单中定义
[root@db01 ~]# vim /etc/ansible/hosts
[dbsrvs]
10.0.0.156 host=db02 domain=test.com #针对主机的优先级高 比组的高
10.0.0.5 host=db03 domain=test.test
[dbsrvs:vars]
domain=test.cn
[root@db01 playbook]# ansible dbsrvs -m hostname -a 'name={{ host }}.{{ domain }}' 修改主机名
db03.test.test
db02.test.com
7. template模板
https://jinja.palletsprojects.com/en/2.11.x/
7.1 jinja2语言 模板中使用
字符串: 使用单引号或者双引号
数字: 整数 浮点数
列表:[item1,item2,...]
元组:(item1,item2,...)
字典:{key1:value1,key2:value2....}
布尔型:true/false
算术运算::+ - * / % **幂 //余数
比较操作: == != > >= < <=
逻辑运算: and or not
流表达式: for if when
7.2 templates
新建templates 目录 将配置文件复制后缀为*.j2 并在配置文件中可以使用变量名称代替
├── templates
│ └── nginx.conf.j2
├── tempnginx.yml
[root@db01 playbook]# vim templates/nginx.conf.j2
worker_processes {{ ansible_processor_vcpus }}; ##{{ ansible_processor_vcpus**2 }} 都可以
[root@db01 playbook]# vim tempnginx.yml
---
- hosts: dbsrvs
remote_user: root
tasks:
- name: template config to remote hosts
template: src=nginx.conf.j2 dest=/data/nginx.conf
[root@db01 playbook]# ansible-playbook tempnginx.yml
[root@db03 ~]# cat /data/nginx.conf
worker_processes 2;
7.3 templates使用for和if
[root@db01 playbook]# vim tempnginx1.yml
---
- hosts: dbsrvs
remote_user: root
vars:
nginx_vhosts:
- listen: 8080
tasks:
- name: template config to remote hosts
template: src=nginx1.conf.j2 dest=/data/nginx1.conf
[root@db01 playbook]# vim templates/nginx1.conf.j2
{% for vhost in nginx_vhosts %}
server {
listen {{ vhost.listen }}
}
{% endfor %}
结果:
server {
listen 8080
}
[root@db01 playbook]# vim tempnginx2.yml
---
- hosts: dbsrvs
remote_user: root
vars:
nginx_vhosts:
- 81
- 82
- 83
tasks:
- name: template config to remote hosts
template: src=nginx2.conf.j2 dest=/data/nginx2.conf
[root@db01 playbook]# vim templates/nginx2.conf.j2
{% for vhost in nginx_vhosts %}
server {
listen {{ vhost }}
}
{% endfor %}
结果:
server {
listen 81
}
server {
listen 82
}
server {
listen 83
}
[root@db01 playbook]# vim tempnginx3.yml
---
- hosts: dbsrvs
remote_user: root
vars:
nginx_vhosts:
- listen: 8081
server_name: "web1.test.com"
root: "/var/www/nginx/web1/"
- listen: 8082
server_name: "web2.test.com"
root: "/var/www/nginx/web2/"
- listen: 8083
server_name: "web3.test.com"
root: "/var/www/nginx/web3/"
tasks:
- name: template config to remote hosts
template: src=nginx3.conf.j2 dest=/data/nginx3.conf
[root@db01 playbook]# vim templates/nginx3.conf.j2
{% for vhost in nginx_vhosts %}
server {
listen {{ vhost.listen }}
server_name {{ vhost.server_name }}
root {{ vhost.root }}
}
{% endfor %}
结果:
server {
listen 8081
server_name web1.test.com
root /var/www/nginx/web1/
}
server {
listen 8082
server_name web2.test.com
root /var/www/nginx/web2/
}
server {
listen 8083
server_name web3.test.com
root /var/www/nginx/web3/
}
[root@db01 playbook]# vim tempnginx4.yml
---
- hosts: dbsrvs
remote_user: root
vars:
nginx_vhosts:
- listen: 8081
server_name: "web1.test.com"
root: "/var/www/nginx/web1/"
- listen: 8082
root: "/var/www/nginx/web2/"
- listen: 8083
server_name: "web3.test.com"
root: "/var/www/nginx/web3/"
tasks:
- name: template config to remote hosts
template: src=nginx4.conf.j2 dest=/data/nginx4.conf
[root@db01 playbook]# vim templates/nginx4.conf.j2 使用if判断
{% for vhost in nginx_vhosts %}
server {
listen {{ vhost.listen }}
{% if vhost.server_name is defined %}
server_name {{ vhost.server_name }}
{% endif %}
root {{ vhost.root }}
}
{% endfor %}
结果:
server {
listen 8081
server_name web1.test.com
root /var/www/nginx/web1/
}
server {
listen 8082
root /var/www/nginx/web2/
}
server {
listen 8083
server_name web3.test.com
root /var/www/nginx/web3/
}
7.4 templates使用when
[root@db01 playbook]# vim tempnginx5.yml
---
- hosts: dbsrvs
remote_user: root
vars:
nginx_vhosts:
- listen: 8081
server_name: "web1.test.com"
root: "/var/www/nginx/web1/"
- listen: 8082
root: "/var/www/nginx/web2/"
- listen: 8083
server_name: "web3.test.com"
root: "/var/www/nginx/web3/"
tasks:
- name: template config to remote hosts
template: src=nginx5.conf.j2 dest=/data/nginx5.conf
when: ansible_nodename == "db03.test.test"
[root@db01 playbook]# vim templates/nginx5.conf.j2
{% for vhost in nginx_vhosts %}
server {
listen {{ vhost.listen }}
{% if vhost.server_name is defined %}
server_name {{ vhost.server_name }}
{% endif %}
root {{ vhost.root }}
}
{% endfor %}
7.5 templates使用迭代 with_items item是固定变量
---
- hosts: dbsrvs
remote_user: root
tasks:
- name: create some file
file: name=/data/{{ item }} state=touch
with_items:
- file1
- file2
- file3
- name: install some packages
yum: name={{ item }}
with_items:
- nginx
- sl
- hping3
[root@db01 playbook]# vim remove_mysql.yml 移除mysqld服务
---
- hosts: dbsrvs
remote_user: root
tasks:
- name: stop service
service: name=mysqld state=stopped
- name: delete file
file: path={{ item }} state=absent
with_items:
- /usr/local/mysql
- /usr/local/mysql-5.7.32-linux-glibc2.12-x86_64
- /etc/my.cnf
- /etc/profile.d/mysql.sh
- /etc/systemd/system/mysqld.service
- /data/mysql
- name: delete mysql
user: name=mysql state=absent remove=yes
[root@db01 playbook]# vim user.yml
- hosts: dbsrvs
remote_user: root
tasks:
- name: create some group
group: name={{ item }}
with_items:
- g1
- g2
- g3
- name: create some user
user: name={{ item.name }} group={{ item.group}} home={{ item.home }} state=present
with_items:
- { name: 'user11' , group: 'g1' , home: '/data/g1' }
- { name: 'user21' , group: 'g2' , home: '/data/g2' }
- { name: 'user31' , group: 'g3' , home: '/data/g3' }
8 role 角色
role/project/:项目名称 有以下目录:
files/: 存放copy或者script 模块调用的文件
templates/: template模块查找所需要模板文件的目录
tasks/: 定义task、role的基本元素 里面至少有main.yml文件 其它文件通过include进行包含
handlers/: 至少有mail.yml 文件 其它文件通过include进行包含
vars/: 定义变量 至少有mail.yml 文件 其它文件通过include进行包含
meta/:定义当前角色的特殊设定及其依赖关系 至少有mail.yml 文件 其它文件通过include进行包含
[root@db01 playbook]# tree
├── role_httpd.yml
└── roles
└── httpd
├── files
│ ├── httpd.conf
│ └── index.html
├── handlers
│ └── main.yml
├── tasks
│ ├── config.yml
│ ├── index.yml
│ ├── install.yml
│ ├── main.yml
│ └── service.yml
└── templates
[root@db01 playbook]# cat role_httpd.yml
---
- hosts: dbsrvs
remote_user: root
roles:
- role: httpd
[root@db01 playbook]# cat roles/httpd/tasks/*
config.yml
- name: config file
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
index.yml
- name: copy index
copy: src=index.html dest=/var/www/html/index.html
install.yml
- name: install httpd
yum: name=httpd state=present
main.yml
- include: install.yml
- include: config.yml
- include: index.yml
- include: service.yml
service.yml
- name: start service
service: name=httpd state=started enabled=yes
[root@db01 playbook]# cat roles/httpd/handlers/main.yml
- name: restart httpd
service: name=httpd state=restarted
├── role_mysql.yml
└── roles
└── mysql
├── files
│ ├── my.cnf
│ ├── mysql-5.7.32-linux-glibc2.12-x86_64.tar.gz
│ └── mysqld.service
└── tasks
├── conf.yml
├── copyservice.yml
├── createdir.yml
├── data.yml
├── group.yml
├── installpack.yml
├── link.yml
├── main.yml
├── path.yml
├── service.yml
├── unarchive.yml
└── user.yml
[root@db01 playbook]# cat role_mysql.yml
---
- hosts: dbsrvs
remote_user: root
roles:
- role: mysql
[root@db01 playbook]# cat roles/mysql/tasks/*
- name: copy config
copy: src=my.cnf dest=/etc/my.cnf
- name: copy service
copy: src=mysqld.service dest=/etc/systemd/system/mysqld.service
- name: create dir
file: name=/data/mysql state=directory owner=mysql group=mysql
- name: data dir
shell: /usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/data/mysql
- name: create group
group: name=mysql system=yes gid=306
- name: install packages
yum: name=libaio-devel state=present
- name: link
file: src=/usr/local/mysql-5.7.32-linux-glibc2.12-x86_64 dest=/usr/local/mysql state=link
- include: installpack.yml
- include: group.yml
- include: user.yml
- include: unarchive.yml
- include: link.yml
- include: createdir.yml
- include: data.yml
- include: conf.yml
- include: copyservice.yml
- include: service.yml
- include: path.yml
- name: PATH
copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh
- name: start mysqld
service: name=mysqld state=started enabled=yes
- name: copy tar unarchive
unarchive: src=mysql-5.7.32-linux-glibc2.12-x86_64.tar.gz dest=/usr/local
- name: create user mysql
user: name=mysql shell=/sbin/nologin system=yes group=mysql uid=306 home=/data/mysql create_home=no
9 调用角色
调用方法1
- hosts: dbsrvs
remote_user: root
roles:
- role: mysql
- role: httpd
调用方法2 传参
- hosts: dbsrvs
remote_user: root
roles:
- { role: httpd , username: nginx } #传参
调用方法3 条件
- hosts: dbsrvs
remote_user: root
roles:
- { role: httpd , username: nginx , when: ansible_distribution_major_version == '7' }
调用方法4 使用tags
- hosts: dbsrvs
remote_user: root
roles:
- { role: httpd , tags: [ 'nginx' , 'web' ], when: ansible_distribution_major_version == '7' }