第1章 ansible介绍
1.什么是ansible
1.python写的⼀套⾃动化运维⼯具
2.ansible基于SSH协议通讯
2.为什么需要ansible
1.有状态管理
2.批量部署,批量执⾏命令
3.统⼀配置管理,模板管理
4.批量收集主机信息
5.批量分发⽂件
3.如何学习ansible
1.你所需要的命令都有专⻔的模块
2.模块使⽤的语法是官⽅定义的
3.尽量少⽤shell模块.当需要⽤shell模块的时候,停下来思考⼀下,是不是有专⻔的模块可以使⽤
4.多看优秀同学的分享
第2章 ansible安装部署
yum install ansible -y
ansible --version
第3章 ansible主机清单
1.什么是主机清单
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
2.主机分组执⾏
主机清单配置:
[root@m01 ~]# vim /etc/ansible/hosts
[web]
172.16.1.31
172.16.1.41
[nfs]
172.16.1.31
[backup]
172.16.1.41
分组执⾏测试命令:
ansible web -m ping
ansible nfs -m ping
ansible backup -m ping
3.所有的主机都执⾏
两种⽅法:
1.执⾏all就代表把所有主机全部执⾏
2.主机清单⾥把所有主机划分到⼀个组⾥,注意,⼀个主机可以属于多个组
主机清单配置:
[web]
172.16.1.7
172.16.1.8
[nfs]
172.16.1.31
[backup]
172.16.1.41
[zabbix]
172.16.1.7
172.16.1.8
172.16.1.31
172.16.1.41
测试命令:
ansible all -m ping
ansible zabbix -m ping
4.SSH使⽤密码连接并且端⼝号不是22
主机清单配置:
[web]
172.16.1.31 ansible_port=9527
172.16.1.41
测试命令:
ansible web -m ping
5.同组主机SSH端⼝号不⼀样,账号密码也不⼀样
⽅法1: 修改主机清单配置:
前提条件,需要提前把主机信息加⼊到know_host⽂件⾥
[web]
172.16.1.31 ansible_ssh_port=9527 ansible_ssh_pass='12345678'
172.16.1.41 ansible_ssh_port=9528 ansible_ssh_pass='123456'
⽅法2: 修改ansible配置⽂件,打开取消认证的注释
host_key_checking = False
测试命令:
ansible web -m ping
6.同⼀组连续的IP
主机清单配置:
[zabbix]
172.16.1.[31:41]
测试命令:
ansible zabbix -m ping
7.同⼀组具有相同的变量
主机清单配置:
[web]
172.16.1.31 ansible_ssh_pass='12345678'
172.16.1.41 ansible_ssh_pass='123456'
[web:vars]
ansible_ssh_port=9527
测试命令:
ansible zabbix -m ping
8.所有主机都生效的变量
[web]
172.16.1.7 ansible_ssh_pass='12345678'
172.16.1.8 ansible_ssh_pass='123456'
[nfs]
172.16.1.31
[all:vars]
ansible_ssh_port=9527
第4章 ansible常⽤模块
0.如何学习ansible模块
1.看官⽹ 看官⽹ 看官⽹
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/index.html
1.ping 测试连通性
命令解释:
ansible 主机组 -m 模块名称 [模块参数]
执⾏命令:
ansible zabbix -m ping
2.command 简单命令模块
命令解释:
ansible 主机组 -m command -a '需要批量执⾏的命令'
执⾏命令:
ansible web -m command -a 'ls /tmp'
3.shell 万能模块
命令解释:
ansible 主机组 -m shell -a '需要批量执⾏的命令'
执⾏命令:
ansible web -m shell -a 'ls /tmp|grep 123'
4.copy 拷⻉⽂件
命令解释:
ansible web -m copy -a '参数'
简单发送⽂件:
ansible web -m copy -a 'src=/opt/m-61.txt dest=/opt/'
发送⽂件的同时指定⽂件权限和属性:属于www⽤户,并且权限为600
ansible all -m copy -a "src=/root/m-61.txt dest=/opt/ owner=www group=www
mode=600"
发送⽂件的同时备份⼀份:
ansible all -m copy -a "src=/root/m-61.txt dest=/opt/ owner=www group=www
mode=600 backup=yes"
写⼊⼀⾏⽂本到指定⽂件:
ansible backup -m copy -a "content='rsync_backup:123456' dest=/etc/rsync.passwd mode=600"
复制⽬录:
ansible backup -m copy -a "src=/opt dest=/opt/"
复制⽬录下的⽂件:
ansible backup -m copy -a "src=/opt/ dest=/opt/"
5.file ⽂件相关
命令解释:
请-去看官⽹
https://docs.ansible.com/ansible/latest/modules/file_module.html#file-module
创建⼀个⽂件:
ansible all -m file -a "path=/opt/xiaozhang.txt state=touch"
创建⼀个⽬录:
ansible all -m file -a "path=/opt/xiaozhang state=directory"
删除一个文件或目录
ansible web -m file -a 'path=/opt/linux6 state=absent'
ansible web -m file -a 'path=/opt/linux6.txt state=absent'
创建⽂件同时制定⽤户属主权限
ansible web -m file -a 'path=/opt/linux6.txt state=touch owner=www group=www mode=600'
ansible web -m file -a 'path=/opt/linux6 state=directory owner=www group=www mode=777'
对已经存在的文件修改属性
ansible web -m file -a 'path=/opt/linux6.txt mode=644'
ansible web -m file -a 'path=/opt/yazhang mode=777 owner=www group=www'
ansible web -m file -a 'path=/opt/linux6.txt mode=644 owner=www group=www'
6.script 执⾏脚本
命令解释:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/shell_module.html#shell-module
编写脚本⽂件:
[root@m01 ~]# cat > echo_ip.sh <<EOF
#!/bin/bash
echo "$(hostname -I)" > /tmp/ip.txt
EOF
执⾏命令:
ansible all -m script -a "echo_ip.sh"
查看主机⽣成的⽂件:
ansible all -m shell -a "cat /tmp/ip.txt"
查看详细输出过程
ansible all -vvv -m script -a "echo_ip.sh"
7.cron 定时任务
命令解释:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/cron_module.html#cron-module
创建测试脚本:
[root@m01 ~]# cat echo_hostname.sh
#!/bin/bash
echo "$(date +%M:%S) $(hostname)" >> /tmp/hostname.txt
传统定时任务命令:
* * * * * /bin/bash /opt/echo_hostname.sh
默认5颗星创建定时任务:
ansible web -m cron -a "job='/bin/bash /opt/echo_hostname.sh'"
默认5颗星创建定时任务并指定任务名称:
ansible web -m cron -a "name=hostname job='/bin/bash /opt/echo_hostname.sh'"
修改指定名称的定时任务:
ansible web -m cron -a "name=hostname minute='*/5' job='/bin/bash
/opt/echo_hostname.sh'"
注释⼀条任务:
ansible all -m cron -a "name=hostname minute='*/5' job='/bin/bash
/opt/echo_hostname.sh' disabled=yes"
打开注释的任务:
ansible all -m cron -a "name=hostname minute='*/5' job='/bin/bash
/opt/echo_hostname.sh'"
删除定时任务:
ansible web -m cron -a "name=hostname state=absent"
8.group 组相关
命令解释:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/group_module.html#group-module
创建组的同时指定gid:
ansible all -m group -a "name=oldzhang gid=1010"
删除⽤户组
ansible all -m group -a "name=oldzhang gid=1010 state=absent"
9.user ⽤户相关
命令解释:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html#user-module
创建⽤户的同时指定uid和组id并且不允许登陆不创建家⽬录:
ansible all -m user -a "name=oldzhang uid=1010 group=oldzhang create_home=no
shell=/sbin/nologin"
10.yum 安装软件
命令解释:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/yum_module.html#yum-module
安装⼀个软件的最新版本:
ansible all -m yum -a "name=iftop state=latest"
卸载⼀个软件:
ansible all -m yum -a "name=iftop state=absent"
11.service 服务启动
命令解释:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/systemd_module.html#systemd-module
启动⼀个服务:
ansible web -m systemd -a "name=nginx state=started"
停⽌⼀个服务:
ansible web -m systemd -a "name=nginx state=stopped"
设置⼀个服务开启⾃启动:
ansible web -m service -a "name=nginx enabled=yes"
设置⼀个服务不要开机⾃启动:
ansible web -m service -a "name=nginx enabled=no"
12.mount 挂载命令
命令解释:
https://docs.ansible.com/ansible/latest/collections/ansible/posix/mount_module.html#mount-module
挂载⼀个⽬录并且写⼊开机⾃启动⽂件fstab:
ansible web -m mount -a "src='10.0.0.31:/data' path=/data fstype=nfs state=mounted"
只写⼊fstab但是不挂载:
ansible web -m mount -a "src='10.0.0.31:/data' path=/data fstype=nfs state=present"
卸载已经挂载的⽬录并且删除fstab⾥的条⽬:
ansible web -m mount -a "src='10.0.0.31:/data' path=/data fstype=nfs state=absent"
卸载已经挂载的⽬录,但是不删除fstab⾥的条⽬:
ansible web -m mount -a "src='10.0.0.31:/data' path=/data fstype=nfs state=unmounted"
挂载状态解释:
mounted 挂载上并且写⼊fstab
present 仅写⼊fstab,不挂载
absent 卸载并且移除fstab条⽬
unmounted 仅卸载,不移除fstab条⽬
13.unarchive 解压缩
命令解释:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/unarchive_module.html
把⾃⼰的压缩包解压到远程服务器的指定⽬录:
ansible web -vvv -m unarchive -a "src=php71.tar.gz dest=/opt/"
将远程服务器本身的压缩包解压到远程服务器的指定⽬录;
ansible web -m unarchive -a "src=/opt/php71.tar.gz dest=/opt/ remote_src=yes"
14.archive 压缩
命令解释:
https://docs.ansible.com/ansible/latest/collections/community/general/archive_module.html
压缩⽂件到指定⽬录:
ansible web -m archive -a "path=/opt/php71 dest=/opt/php71.tar.gz"
15.setup 获取主机信息
命令解释:
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/setup_module.html
使⽤内置变量获取远程主机的IP地址:
ansible web -m setup
16.查看帮助
命令解释:
ansible-doc
执⾏命令:
ansible-doc copy
第5章 ansible颜⾊输出解释
绿⾊: 代表执⾏成功,但是状态没有发⽣任何改变
⻩⾊: 代表执⾏成功,状态并发⽣了改变
红⾊: 有报错,执⾏失败
紫⾊: 警告,建议使⽤专⽤的模块
蓝⾊: 详细的执⾏过程
=======================================================================
第1章 ansible ⻆⾊介绍
1.为什么需要使⽤⻆⾊
1.不太灵活,臃肿
2.全部写在⼀起,修改不⽅便
3.配置⽂件随便放,不标准
2.⻆⾊解决了什么问题
1.把剧本 拆分 拆分 拆分
2.解耦,结构更清晰,调试更⽅便
3.编写⻆⾊的最佳实践
1.初级阶段,不要直接写⻆⾊,先写好剧本,然后再拆分
2.⼀开始不要想⼀步到位,不⽤拆的很细,尤其是变量
第2章 ⻆⾊⽬录规划
0.官⽅说明
https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.htm
1.⽬录说明
注意!这⾥的⽬录结构必须按照官⽅定义的要求来做!不是⾃⼰随便乱起!
tasks #存放主任务执⾏⽂件
handlers #存放handlers⽂件
files #存放需要发送的⽂件或压缩包
templates #存放jinja模版配置⽂件
vars #存放变量⽂件
第3章 编写rsync⻆⾊
0.编写思路
1.先写好剧本
2.创建⻆⾊⽬录
3.拷⻉需要发送的⽂件到指定⽬录
4.拆分剧本
1.编写剧本
- hosts: backup
vars:
user_id: '666'
rsync_user: 'www'
tasks:
#1.创建www组和www⽤户
- name: 01-create_group
group:
name: "{{ rsync_user }}"
gid: "{{ user_id }}"
#2.创建www⽤户
- name: 02-create_user
user:
name: "{{ rsync_user }}"
uid: "{{ user_id }}"
group: "{{ rsync_user }}"
create_home: no
shell: /sbin/nologin
#3.创建数据⽬录并更改授权
- name: 03-create_data
file:
path: "{{ item }}"
state: directory
owner: "{{ rsync_user }}"
group: "{{ rsync_user }}"
mode: '755'
loop:
- /data/
- /backup/
#4.安装rsync软件
- name: 04-install_rsync
yum:
name: rsync
state: latest
#5.复制配置⽂件和密码⽂件
- name: 05-copy pwd&conf
copy:
src: "{{ item.src }}"
dest: /etc/
mode: "{{ item.mode }}"
notify:
- restart rsyncd
loop:
- { src: /root/script/rsync/rsyncd.conf, mode: '644'}
- { src: /root/script/rsync/rsync.passwd, mode: '600'}
#6.启动服务
- name: 06-start
systemd:
name: rsyncd
state: started
enabled: yes
#7.重启服务
handlers:
- name: restart rsyncd
systemd:
name: rsyncd
state: restarted
2.创建⻆⾊⽬录
[root@m-61 ~]# cd /etc/ansible/roles/
[root@m-61 /etc/ansible/roles]# mkdir
rsync_server/{tasks,handlers,files,templates,vars} -p
[root@m-61 /etc/ansible/roles]# tree rsync_server/
rsync_server/
├── files
├── handlers
├── tasks
├── templates
└── vars
3.把剧本复制到tasks⽬录
├── tasks
│ └── main.yaml
4.把配置⽂件复制到file⽬录
cp script/rsync/* /etc/ansible/roles/rsync_server/files/
5.拆分handlers
[root@m-61 ~]# cat /etc/ansible/roles/rsync_server/handlers/main.yaml
- name: restart rsyncd
systemd:
name: rsyncd
state: restarted
6.拆分vars
[root@m-61 ~]# cat /etc/ansible/roles/rsync_server/vars/main.yaml
user_id: '666'
rsync_user: 'www'
7.精简tasks任务⽂件
[root@m-61 ~]# cat /etc/ansible/roles/rsync_server/tasks/main.yaml
#1.创建www组和www⽤户
- name: 01-create_group
group:
name: "{{ rsync_user }}"
gid: "{{ user_id }}"
#2.创建www⽤户
- name: 02-create_user
user:
name: "{{ rsync_user }}"
uid: "{{ user_id }}"
group: "{{ rsync_user }}"
create_home: no
shell: /sbin/nologin
#3.创建数据⽬录并更改授权
- name: 03-create_data
file:
path: "{{ item }}"
state: directory
owner: "{{ rsync_user }}"
group: "{{ rsync_user }}"
mode: '755'
loop:
- /data/
- /backup/
#4.安装rsync软件
- name: install_rsync
yum:
name: 04-rsync
state: latest
#5.复制配置⽂件和密码⽂件
- name: 05-copy pwd&conf
copy:
src: "{{ item.src }}"
dest: /etc/
mode: "{{ item.mode }}"
notify:
- restart rsyncd
loop:
- { src: rsyncd.conf, mode: '644'}
- { src: rsync.passwd, mode: '600'}
#6.启动服务
- name: start
systemd:
name: rsyncd
state: started
enabled: yes
8.编写调⽤⽂件
[root@m-61 ~]# cat /etc/ansible/rsync_server.yaml
- hosts: rsync_server
roles:
- rsync_server
9.编写主机清单
[root@m-61 ~]# cat /etc/ansible/hosts
[rsync_server]
172.16.1.41
10.调试运⾏
cd /etc/ansible/
ansible-playbook -C rsync_server.yaml
ansible-playbook rsync_server.yaml
第4章 编写sshd⻆⾊
1.编写思路
1.先拷⻉配置⽂件到template⽬录下并重命名为j2
2.编写tasks⽂件
3.调试运⾏
2.创建⻆⾊⽬录
cd /etc/ansible/roles/
mkdir sshd/{tasks,handlers,files,templates,vars} -p
3.编写jinja模版⽂件
jinja模板注意:
1.模块必须是template
2.模版⽂件必须以.j2结尾
3.模版⽂件必须放在template⽬录下
关键配置:
#复制sshd配置⽂件到template⽂件夹下
Port {{ ssh_port }}
ListenAddress {{ ansible_facts.eth1.ipv4.address }}
4.编写变量⽂件
[root@m-61 /etc/ansible/roles/sshd]# cat vars/main.yaml
ssh_port: '22'
5.编写handlers⽂件
[root@m-61 /etc/ansible/roles/sshd]# cat handlers/main.yaml
- name: restart sshd
systemd:
name: sshd
state: restarted
6.编写主任务⽂件
[root@m-61 /etc/ansible/roles/sshd]# cat tasks/main.yaml
#1.复制配置⽂件和密码⽂件
- name: 01_copy_sshd
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
mode: '600'
backup: yes
notify:
- restart sshd
#2.启动服务
- name: start
systemd:
name: sshd
state: started
enabled: yes
7.查看最终的⽬录
[root@m-61 /etc/ansible/roles]# tree sshd/
sshd/
├── files
├── handlers
│ └── main.yaml
├── tasks
│ └── main.yaml
├── templates
│ └── sshd_config.j2
└── vars
└── main.yaml
8.编写主调⽤⽂件
[root@m-61 /etc/ansible/roles]# cat ../sshd.yaml
- hosts: ssh
roles:
- sshd
第5章 编写nfs⻆⾊
1.编写思路
1.先拷⻉配置⽂件到template⽬录下并重命名为j2
2.编写handlers
3.编写tasks
2.创建⻆⾊⽬录
cd /etc/ansible/roles/
mkdir nfs_server/{tasks,handlers,files,templates,vars} -p
3.编写jinja模版⽂件
[root@m-61 ~]# cat /etc/ansible/roles/nfs_server/templates/exports.j2
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=1001,anongid=1001)
4.编写handlers⽂件
[root@m-61 ~]# cat /etc/ansible/roles/nfs_server/handlers/main.yaml
- name: restart nfs
systemd:
name: nfs
state: restarted
5.编写主任务⽂件
[root@m-61 ~]# cat /etc/ansible/roles/nfs_server/tasks/main.yaml
#1.创建www组和www⽤户
- name: create_group
group:
name: www
gid: 666
#2.创建www⽤户
- name: create_user
user:
name: www
uid: 666
group: www
create_home: no
shell: /sbin/nologin
#3.创建数据⽬录并更改授权
- name: create_data
file:
path: "{{ item }}"
state: directory
owner: www
group: www
mode: '755'
loop:
- /data/
- /backup/
#4.安装nfs软件
- name: install_nfs
yum:
name: nfs-utils
state: latest
#5.复制配置⽂件和密码⽂件
- name: copy_exports
template:
src: exports.j2
dest: /etc/exports
notify:
- restart nfs
#6.启动服务
- name: start
systemd:
name: nfs
state: started
enabled: yes
6.编写调⽤⽂件
[root@m-61 ~]# cat /etc/ansible/nfs_server.yaml
- hosts: nfs
roles:
- nfs_server
第六章 编写lsyncd服务
第6章 拆分init⻆⾊
0.编写思路
1.先分析以前写过所有的⻆⾊⾥重复的操作
2.把重复的操作内容单独写⼀个⻆⾊,例如:init
3.先备份⼀份以前写好的⻆⾊⽂件
4.精简以前的⻆⾊⽂件,删除重复的内容
5.调试,运⾏,检查
1.找出重复的操作
1.创建www组和www⽤户
2.创建www⽤户
3.创建数据⽬录并更改授权
4.安装rsync软件
5.安装nfs软件
2.创建⻆⾊⽬录
cd /etc/ansible/roles/
mkdir init/{tasks,handlers,files,templates,vars} -p
3.编写jinja模版⽂件
4.编写handlers⽂件
5.编写主任务⽂件
[root@m-61 /etc/ansible]# cat /etc/ansible/roles/init/tasks/main.yaml
#1.创建www组和www⽤户
- name: create_group
group:
name: www
gid: 666
#2.创建www⽤户
- name: create_user
user:
name: www
uid: 666
group: www
create_home: no
shell: /sbin/nologin
#3.创建数据⽬录并更改授权
- name: create_data
file:
path: "{{ item }}"
state: directory
owner: www
group: www
mode: '755'
loop:
- /data/
- /backup/
#4.安装nfs软件
- name: install_soft
yum:
name: "{{ item }}"
state: latest
loop:
- rsync
- nfs-utils
第⼋章 拆分后的各个服务⻆⾊⽂件
1.拆分后的rsync⻆⾊
[root@m-61 ~]# cat /etc/ansible/roles/rsync_server/tasks/main.yaml
#1.复制配置⽂件和密码⽂件
- name: copy pwd&conf
copy:
src: "{{ item.src }}"
dest: /etc/
mode: "{{ item.mode }}"
notify:
- restart rsyncd
loop:
- { src: rsyncd.conf, mode: '644'}
- { src: rsync.passwd, mode: '600'}
#2.启动服务
- name: start
systemd:
name: rsyncd
state: started
enabled: yes
2.拆分后的nfs⻆⾊
[root@m-61 ~]# cat /etc/ansible/roles/nfs_server/tasks/main.yaml
#1.复制配置⽂件和密码⽂件
- name: copy_exports
template:
src: exports.j2
dest: /etc/exports
notify:
- restart nfs
#2.启动服务
- name: start
systemd:
name: nfs
state: started
enabled: yes
3.拆分后的lsyncd⻆⾊
4.调⽤⽂件
rsync
[root@m-61 ~]# cat /etc/ansible/rsync_server.yaml
- hosts: rsync_server
roles:
- init
- rsync_server
nfs
[root@m-61 ~]# cat /etc/ansible/nfs_server.yaml
- hosts: nfs
roles:
- init
- nfs_server
第1章 Ansible剧本介绍
1.什么是playbook剧本
电影剧本:
电影名
演员
场景
时间
事件
台词
Ansible剧本:
⼀系列的任务按照我们期望的结果编排在⼀起
playbook组成:
hosts: 定义主机⻆⾊
tasks: 具体执⾏的任务
简单理解:不同的模块去完成⼀件事
举例: xx的阳光快乐时光
- 演员列表: xx
场景:
- 场景1: xx⼿⾥拿着肥皂⾛进浴室
动作场⾯: ⼿⼀滑,肥皂在空中托⻢斯360度回旋落地
- 场景2: xx捡肥皂
动作场⾯: xx弯腰的时候(⻢赛克),美⼥房东从后⾯出现了
- 需要执⾏的主机: nfs
任务:
- 任务1: 创建⽤户
动作: 创建⽤户的命令
- 任务2: 创建⽬录
动作: 创建⽬录的命令
2.playbook剧本的优势
1.减少重复的书写的指令: ansible backup -m file -a
2.看起来简洁清晰
3.功能强⼤,可以控制流程,⽐如:判断,循环,变量,标签
4.其他剧本可以复⽤
5.提供语法检查以及模拟执⾏
第2章 剧本的格式书写要求
1.YAML格式特点
1.严格的缩进表示层级关系
2.不要使⽤tab缩进
3.: 后⾯⼀定要有空格
4.- 后⾯⼀定要有空格
5.⽂件后缀名需要改为yaml或yml,vim可以智能⾼亮提示
2.剧本的组成
hosts: 需要执⾏的主机
tasks: 需要执⾏的任务
name: 任务名称
第3章 编写Rsync剧本
0.官⽹举例
https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html#play
1.命令⾏模式的编写
#1.创建www组和www⽤户
ansible backup -m group -a "name=www gid=666"
ansible backup -m user -a "name=www uid='666' group=www create_home=no shell=/sbin/nologin"
#2.创建数据⽬录并更改授权
ansible backup -m file -a "path=/data state=directory owner=www group=www mode='755'"
ansible backup -m file -a "path=/backup state=directory owner=www group=www mode='755'"
#3.安装rsync软件
ansible backup -m yum -a "name=rsync state=latest"
#4.复制配置⽂件和密码⽂件
ansible backup -m copy -a "src=/root/script/rsync/rsyncd.conf dest=/etc/"
ansible backup -m copy -a "src=/root/script/rsync/rsync.passwd dest=/etc/ mode='600'"
#6.启动服务
ansible backup -m systemd -a "name=rsyncd state=started enabled=yes"
2.改写成剧本
- hosts: backup
tasks:
- name: 01创建www⽤户组
group:
name: www
gid: 666
- name: 02创建www⽤户
user:
name: www
uid: '666'
group: www
create_home: no
shell: /sbin/nologin
- name: 03创建数据⽬录并更改授权
file:
path: /data
state: directory
owner: www
group: www
mode: '755'
- name: 04安装rsync软件
yum:
name: rsync
state: latest
- name: 05复制配置⽂件和密码⽂件
copy:
src: /root/script/rsync/rsyncd.conf
dest: /etc/
- name: 06创建密码⽂件权限为600
copy:
src: /root/script/rsync/rsync.passwd
dest: /etc/
mode: 600
- name: 07启动服务
systemd:
name: rsyncd
state: started
enabled: yes
3.模拟执⾏
ansible-playbook -C rsync_install.yaml
4.执⾏
ansible-playbook rsync_install.yaml
第4章 编写NFS剧本
1.命令⾏模式的编写
NFS服务端:
[root@m-61 /scripts]# cat nfs_server_install.yaml
- hosts: nfs_server
tasks:
- name: 01-add group
group: name=www gid='666'
- name: 02-add user
user: name=www create_home=no shell=/sbin/nologin group=www uid=666
- name: 03-install nfs service
yum: name=nfs-utils state=latest
- name: 04-copy nfs exports
copy: src=/server/scripts/exports dest=/etc/
- name: 05-create data dir
file: path=/data state=directory owner=www group=www
- name: 06-start rpcbind
service: name=rpcbind state=started
- name: 07-start nfs
service: name=nfs state=started
- name: 08-enable rpcbind
systemd: name=rpcbind enabled=yes
- name: 09-enable nfs
systemd: name=nfs enabled=yes
NFS客户端:
[root@m-61 /scripts]# cat nfs_client_install.yaml
- hosts: nfs_client
tasks:
- name: 01-add group
group: name=www gid=666
- name: 02-add user
user: name=www create_home=no shell=/sbin/nologin group=www uid=666
- name: 03-install nfs service
yum: name=nfs-utils state=latest
- name: 04-create data dir
file: path=/data state=directory owner=www group=www
- name: 05-start rpcbind
service: name=rpcbind state=started
- name: 06-enable rpcbind
systemd: name=rpcbind enabled=yes
- name: 07-mount data
mount: path=/data src=172.16.1.31:/data fstype=nfs opts=defaults state=mounted
2.改写成剧本
第5章 剧本⾼级特性-循环
0.官⽅⽂档
1.应⽤场景
安装多个软件
创建多个⽬录
复制多个⽬录
复制多个⽂件到不同的⽬录
不同的⽂件权限不⼀样
2.循环书写⻛格1:单⾏模式
- name: create_data
file: path=/data state=directory owner=www group=www
- name: create_backup
file: path=/backup state=directory owner=www group=www
3.循环书写⻛格2:缩进模式
需求: 创建2个⽬录/data和/backup
以前的写法:
- name: create_data
file:
path: /data
state: directory
owner: www
group: www
- name: create_data
file:
path: /backup
state: directory
owner: www
group: www
循环实现:
- name: create_data
file:
path: "{{ item }}"
state: directory
owner: www
group: www
loop:
- /data
- /backup
4.循环书写⻛格3: 混合⻛格
- name: create_data
file: path="{{ item }}" state=directory owner=www group=www
loop:
- /data
- /backup
5.循环书写⻛格3: 多参数循环模式
- hosts: backup
tasks:
- name: create_data
file:
path: "{{ item.path }}"
state: directory
owner: www
group: www
mode: "{{ item.mode }}"
loop:
- { path: '/data' , mode: '755' }
- { path: '/backup', mode: '777' }
第6章 剧本⾼级特性-变量
1.应⽤场景
1.⾃定义某个变量,在任务中被多次引⽤
2.从主机收集到系统信息⾥提取某个变量,⽐如IP地址,主机名
2.⾃定义变量并引⽤
- hosts: backup
vars:
data_path: /data/
dest_path: /etc/
file_path: /etc/rsync.passwd
tasks:
- name: 01mkdir
file:
path: "{{ data_path }}"
state: directory
- name: 02copy
copy:
src: "{{ file_path }}"
dest: "{{ dest_path }}"
3.使⽤变量获取主机的eth1地址和主机名
- hosts: all
tasks:
- name: 03get IP
shell: "echo {{ ansible_default_ipv4.address }} >> /tmp/ip.txt"
- name: 04get hostname
shell: "echo {{ ansible_hostname }} >> /tmp/hostname.txt"
4.在主机清单⽂件⾥定义变量
主机清单
[root@m01 ~/ansible_script]# cat /etc/ansible/hosts
[web]
172.16.1.7
[web:vars]
service_name=web
[nfs]
172.16.1.31 service_name=nfs
[backup]
172.16.1.41 service_name=rsync
[all:vars]
job=it
[root@m01 ~/ansible_script]# cat /etc/ansible/hosts
[web]
10.0.0.7 port=8888
10.0.0.8 port=9999
[web:vars]
nginx_version='1.19'
引⽤变量
- hosts: all
tasks:
- name: echo IP
shell: "echo {{ service_name }} >> /tmp/service.txt"
- name: echo hostname
shell: "echo {{ job }} >> /tmp/service.txt"
[root@m-61 /script/playbook]# cat web_vars.yaml
- hosts: web
tasks:
- name: 01get port
shell: "echo {{ port }} >> /tmp/port.txt"
- name: 02get version
shell: "echo {{ nginx_version }} >> /tmp/version.txt"
5.循环里引用变量
- name: test for
hosts: backup
vars:
rsyncd_conf: /script/rsyncd.conf
rsyncd_pass: /script/rsync.passwd
tasks:
- name: 01-copy
copy:
src: "{{ item.src }}"
dest: /etc/
mode: "{{ item.mode }}"
loop:
- { src: "{{ rsyncd_conf }}", mode: '0644'}
- { src: "{{ rsyncd_pass }}", mode: '0600'}
6.整理ansible内置变量
其他ansible内置变量
ansible_facts.eth0.ipv4.address
ansible_facts.eth1.ipv4.address
ansible_nodename 节点名字
ansible_form_factor 服务器类型
ansible_virtualization_role 虚拟机⻆⾊(宿主机或者虚拟机)
ansible_virtualization_type 虚拟机类型(kvm)
ansible_system_vendor 供应商(Dell)
ansible_product_name 产品型号(PowerEdge R530)
ansible_product_serial 序列号(sn)
ansible_machine 计算机架构(x86_64)
ansible_bios_version BIOS版本
ansible_system 操作系统类型(linux)
ansible_os_family 操作系统家族(RedHat)
ansible_distribution 操作系统发⾏版(CentOS)
ansible_distribution_major_version 操作系统发⾏版主版本号(7)
ansible_distribution_release 操作系统发⾏版代号(core)
ansible_distribution_version 操作系统发⾏版本号(7.3.1611)
ansible_architecture 体系(x86_64)
ansible_kernel 操作系统内核版本号
ansible_userspace_architecture ⽤户模式体系(x86_64)
ansible_userspace_bits ⽤户模式位数
ansible_pkg_mgr 软件包管理器
ansible_selinux.status selinux状态
#--------------------------------------------
ansible_processor CPU产品名称
ansible_processor_count CPU数量
ansible_processor_cores 单颗CPU核⼼数量
ansible_processor_threads_per_core 每个核⼼线程数量
ansible_processor_vcpus CPU核⼼总数
ansible_memtotal_mb 内存空间
ansible_swaptotal_mb 交换空间
ansible_fqdn 主机的域名
ansible_default_ipv4.interface 默认⽹卡
ansible_default_ipv4.address 默认IP地址
ansible_default_ipv4.gateway 默认⽹关
********* json 格式 ********
ansible_devices 硬盘设备名
ansible_devices.vendor 硬盘供应商
ansible_devices.model 硬盘整列卡型号
ansible_devices.host 硬盘整列卡控制器
ansible_devices.size 设备存储空间
********* json 格式 ********
ansible_interfaces ⽹卡
ansible_{interfaces}.ipv4.address ⽹卡IP地址
ansible_{interfaces}.ipv6.0.address ⽹卡IPv6地址
ansible_{interfaces}.macaddress ⽹卡mac地址
第7章 剧本⾼级特性-注册变量
1.应⽤场景
调试,回显命令执⾏的内容
把状态保存成变量,其他任务可以进⾏判断或引⽤
2.使⽤内置变量将IP地址保存到⽂本⾥,并将⽂本内容显示出来
案例1:引用单个注册变量
- hosts: all
tasks:
- name: echo IP
shell: "echo {{ ansible_default_ipv4.address }} >> /tmp/ip.txt"
- name: cat IP
shell: "cat /tmp/ip.txt"
register: ip_txt
- debug:
msg: "{{ ip_txt.stdout_lines }}"
案例2:引用多个注册变量
[root@m-61 /script/playbook]# cat register.yml
- hosts: nfs
tasks:
- name: 01get IP
shell: "echo {{ ansible_default_ipv4.address }} > /tmp/ip.txt"
- name: 02get hostname
shell: "echo {{ ansible_hostname }} > /tmp/hostname.txt"
- name: 03get hostname
shell: "cat /tmp/hostname.txt"
register: hostname
- name: 04cat
shell: "showmount -e 172.16.1.31"
register: showmount
- debug:
msg: "{{ item }}"
loop:
- "{{ showmount.stdout_lines }}"
- "{{ hostname.stdout_lines }}"
3.如果配置⽂件发⽣了变化,就重启服务,否则不重启
- hosts: backup
tasks:
- name: 01-copy_conf
copy:
src: /opt/rsyncd.conf
dest: /etc/
register: conf_status
- name: 02-start
systemd:
name: rsyncd
state: started
enabled: yes
- name: 03-restart
systemd:
name: rsyncd
state: restarted
when: conf_status.changed
4.注册变量和判断场景
官⽅地址:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.ht
使⽤场景:
场景:
判断所有机器/tmp/下有没有ip.txt的⽂件
如果有,打印出来内容并且格式为:
例如:
web01 has ip.txt
内容为:
如果不存在:
输出内容:nfs is nofile
5.解决⽅案
- hosts: all
vars:
path1: /tmp/ip
tasks:
- name: test1
shell: 'cat {{path1}}'
register: retval
ignore_errors: true
- name: test2
debug:
msg: '{{ansible_hostname}} has {{path1}} , content is:
{{retval.stdout}}'
when: retval is success
- name: test3
debug:
msg: '{{path1}} is nofile'
when: retval is failed
第8章 剧本⾼级特性-服务状态管理
0.官⽅⽂档
https://docs.ansible.com/ansible/latest/user_guide/playbooks_handlers.html
1.应⽤场景
⽬前的情况:
配置⽂件发⽣变化也不会重启
理想中的情况:
1.如果配置⽂件不发⽣变化,就不执⾏重启
2.如果配置⽂件发⽣变化,就执⾏重启
2.命令实现
- hosts: backup
tasks:
- name: 01-copy_conf
copy:
src: /root/script/rsync/rsyncd.conf
dest: /etc/
notify:
- restart rsyncd
- name: 02-start
systemd:
name: rsyncd
state: started
enabled: yes
handlers:
- name: restart rsyncd
systemd:
name: rsyncd
state: restarted
3.错误总结
1.handlers位置要放在最后
2.handlers⾥任务定义的名字是什么,notify⾥就写什么,不能不⼀样
第9章 剧本⾼级特性-选择标签
1.应⽤场景
调试,选择性的执⾏任务
2.添加标签-编写
- hosts: nfs
tasks:
- name: 01-add group
group: name=www gid=666
tags: 01-add-group
- name: 02-add user
user: name=www create_home=no shell=/sbin/nologin group=www uid=666
tags: 02-add-user
- name: 03-install nfs service
yum: name=nfs-utils state=latest
tags: 03-install nfs service
- name: 04-copy nfs exports
copy: src=/service/scripts/exports dest=/etc/
tags: 04-copy-nfs-exports
- name: 05-create data dir
file: path=/data state=directory owner=www group=www
tags: 05-create-data-dir
- name: 06-create passwd conf
copy: content='123' dest=/etc/rsync.passwd mode=600
tags: 06-create-passwd
- name: 07-start rpcbind
service: name=rpcbind state=started
tags: 07-start-rpcbind
- name: 08-start nfs
service: name=nfs state=started
tags: 08-start-nfs
- name: 09-enable rpcbind
systemd: name=rpcbind enabled=yes
tags: 09-enable-rpcbind
- name: 10-enable nfs
systemd: name=nfs enabled=yes
tags: 10-enable-nfs
3.打印出playbook⾥要执⾏的所有标签
ansible-playbook --list-tags rsync_install.yaml
4.指定运⾏某个标签
ansible-playbook -t '03-install nfs service' rsync_install_tag.yaml
5.指定运⾏多个标签
ansible-playbook -t 01-add-group,02-add-user,05-create-data-dir rsync_install_tag.yaml
6.指定不运⾏某个标签
ansible-playbook --skip-tags 01-add-group rsync_install_tag.yaml
7.指定不运⾏多个标签
ansible-playbook --skip-tags 01-add-group,02-add-user,04-copy-nfs-exports
rsync_install_tag.yaml
第10章 剧本⾼级特性-选择tasks
1.应⽤场景
调试的时候
从某个任务开始往下依次执⾏
2.查看task列表
ansible-playbook --list-tasks rsync_install_tag.yaml
3.选择从哪⼀个task开始执⾏
ansible-playbook --start-at-task '05-create data dir' rsync_install_tag.yaml
第11章 运⾏检查规范
1.检查剧本拼写规范
ansible-playbook --syntax-check rsync_install_tag.yaml
2.检查这个任务执⾏的主机对象
ansible-playbook --list-hosts rsync_install_tag.yaml
3.检查这个剧本需要执⾏哪些任务
ansible-playbook --list-tasks rsync_install_tag.yaml
4.模拟执⾏剧本
ansible-playbook -C rsync_install_tag.yaml
5.真正执⾏
ansible-playbook rsync_install_tag.yaml
