ansible练习
1.安装rsync
2.安装nfs
3.sersync
4.mariadb
5.安装nginx php
6.部署wordpress
#### 目录结构
[root@m01 ansible]# ll
total 0
drwxr-xr-x 2 root root 6 Jun 15 17:11 group_vars
drwxr-xr-x 2 root root 6 Jun 15 17:11 host_vars
drwxr-xr-x 2 root root 6 Jun 15 17:10 mariadb
drwxr-xr-x 2 root root 6 Jun 15 17:10 nfs
drwxr-xr-x 2 root root 25 Jun 15 17:11 rsync
drwxr-xr-x 2 root root 6 Jun 15 17:10 web
#### 主机清单
[root@m01 ansible]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
[backup_group]
backup ansible_ssh_host=10.0.0.41
[nfs_group]
nfs ansible_ssh_host=10.0.0.31
[db_group]
db01 ansible_ssh_host=10.0.0.51
[install_nfs:children]
web_group
nfs_group
[install_rsync:children]
nfs_group
backup_group
#### 定义变量
[root@m01 ansible]# vim group_vars/install_rsync
rsync_user: zls
rsync_pwd: 123
[root@m01 ansible]# vim group_vars/all
web_user_group: www
#### base基础优化
1.创建www用户和组
2.开启防火墙
3.开启nfs,http,https,rsync端口
4.关闭selinux
- hosts: all
tasks:
- name: Create {{ web_user_group }} Group
group:
name: "{{ web_user_group }}"
gid: 666
state: present
- name: Create {{ web_user_group }} User
user:
name: "{{ web_user_group }}"
uid: 666
group: "{{ web_user_group }}"
shell: /sbin/nologin
create_home: False
- name: Start FireWalld Server
service:
name: firewalld
state: started
- name: Open Port
firewalld:
service: "{{ item }}"
state: enabled
permanent: no
with_items:
- nfs
- http
- https
- rsyncd
- name: Stop Selinux
selinux:
state: disabled
#### 安装rsync
提前准备:配置文件
uid = {{ web_user_group }}
gid = {{ web_user_group }}
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = {{ rsync_user }}
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[{{ rsync_dir }}]
comment = welcome to oldboyedu backup!
path = {{ rsync_dir }}
1.安装rsync
2.配置rsync
3.创建密码文件
4.创建目录
5.启动rsync服务
######################## 部署Rsync ######################
- name: Install Rsync Server
yum:
name: rsync
state: present
when: ansible_fqdn == 'nfs' or ansible_fqdn == 'backup'
- name: Configure Rsync Config
template:
src: /ansible/rsync/rsyncd.conf
dest: /etc/rsyncd.conf
when: ansible_fqdn == 'backup'
- name: Create Rsync Pass File
copy:
content: "{{ rsync_user }}:{{ rsync_pwd }}"
dest: /etc/rsync.passwd
mode: 0600
when: ansible_fqdn == 'backup'
- name: Create {{ rsync_dir }} Directory
file:
path: /{{ rsync_dir }}
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
mode: 0755
state: directory
when: ansible_fqdn == 'backup'
- name: Start Rsync Server
service:
name: rsyncd
state: started
enabled: true
when: ansible_fqdn == 'backup'
#### 安装nfs
提前准备:挂载目录中的用户图片等...
1.安装nfs
2.配置nfs
3.创建共享目录
4.解压用户图片文件
5.启动nfs服务
######################## 部署NFS ######################
- name: Install NFS Server
yum:
name: nfs-utils
state: present
when: ansible_fqdn == 'nfs' or ansible_fqdn is match 'web*'
- name: Configure NFS Config
copy:
content: "/{{ nfs_dir }} 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)"
dest: /etc/exports
when: ansible_fqdn == 'nfs'
- name: Create {{ nfs_dir }} Directory
file:
path: /{{ nfs_dir }}
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
mode: 0755
state: directory
when: ansible_fqdn == 'nfs'
- name: Start NFS Server
service:
name: nfs-server
state: started
enabled: true
when: ansible_fqdn == 'nfs'
#### 部署sersync
提前准备:
1.sersync安装包
-rw-r--r-- 1 root root 727290 Jun 15 10:19 sersync2.5.4_64bit_binary_stable_final.tar.gz
2.sersync配置文件
<inotify>
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<localpath watch="/{{ nfs_dir }}">
<remote ip="172.16.1.41" name="{{ rsync_dir }}"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-az"/>
<auth start="true" users="{{ rsync_user }}" passwordfile="/etc/rsync.pas"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
1.解压sersync: GNU-Linux-x86
2.安装inotify-tools
3.配置sersync
4.创建密码文件
5.启动sersync
######################## 部署sersync ######################
- name: Install Inotify-tools
yum:
name: inotify-tools
state: present
when: ansible_fqdn == 'nfs'
- name: Unarchive Sersync Server
unarchive:
src: /ansible/sersync/sersync2.5.4_64bit_binary_stable_final.tar.gz
dest: /usr/local/
when: ansible_fqdn == 'nfs'
- name: Configure Sersync Config
template:
src: /ansible/sersync/confxml.xml
dest: /usr/local/GNU-Linux-x86/confxml.xml
when: ansible_fqdn == 'nfs'
- name: Create Rsync Client Pass File
copy:
content: "{{ rsync_pwd }}"
dest: /etc/rsync.pas
mode: 0600
when: ansible_fqdn == 'nfs'
- name: Start Sersync Server
shell: "/usr/local/GNU-Linux-x86/sersync2 -dro /usr/local/GNU-Linux-x86/confxml.xml"
when: ansible_fqdn == 'nfs'
#### 部署mariadb
提前准备SQL语句
1.安装mariadb-server
2.启动mariadb
3.创建wp_user用户
4.导入wordpress.sql文件
######################## 部署mariadb ######################
- name: Install MariaDB Server
yum:
name:
- mariadb-server
- MySQL-python
state: present
when: ansible_fqdn == 'db01'
- name: Start MariaDB Server
service:
name: mariadb
state: started
enabled: true
when: ansible_fqdn == 'db01'
- name: Create WordPress User
mysql_user:
name: wp_user
password: '123'
host: '%'
priv: '*.*:ALL'
state: present
when: ansible_fqdn == 'db01'
- name: Push SQL File to DB
copy:
src: /ansible/mariadb/wordpress.sql
dest: /tmp/wordpress.sql
when: ansible_fqdn == 'db01'
- name: Import WordPress Data
mysql_db:
state: import
name: all
target: /tmp/wordpress.sql
when: ansible_fqdn == 'db01'
#### 部署ngx和php和wp
提前准备:
1.nginx主配置文件
2.nginx虚拟主机配置
3.php的www.conf
4.nginx_php安装包
5.wordpress安装包
步骤:
1.安装nginx和php
2.配置nginx和php
3.创建站点目录
4.解压代码
5.启动nginx和php
6.挂载站点目录
######################## 部署nginx、php、wordpress ######################
- name: Unarchive Nginx and PHP
unarchive:
src: /ansible/web/nginx_php.tgz
dest: /root
when: ansible_fqdn is match 'web*'
- name: Install Nginx and PHP
yum:
name: /root/nginx_php/{{ item }}
state: present
with_items: "{{ nginx_php_packages }}"
when: ansible_fqdn is match 'web*'
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" }
- { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" }
when: ansible_fqdn is match 'web*'
- name: Create HTML Dir
file:
path: /code
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
state: directory
when: ansible_fqdn is match 'web*'
- name: Unarchive WordPress Package
unarchive:
src: /ansible/web/wordpress.tgz
dest: /code
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
when: ansible_fqdn is match 'web*'
- name: Start Nginx Server
service:
name: "{{ item }}"
state: started
enabled: true
with_items:
- nginx
- php-fpm
when: ansible_fqdn is match 'web*'
- name: Mount NFS Share Directory
mount:
path: /code/wordpress/wp-content/uploads
src: 172.16.1.31:/{{ nfs_dir }}
fstype: nfs
state: mounted
when: ansible_fqdn is match 'web*'
playbook触发器 handler
handler用来执行某些条件下的任务,比如当配置文件发生变化的时候,通过notify触发handler去重启服务。
在saltstack中也有类似的触发器,写法相对Ansible简单,只需要watch,配置文件即可。
大白话:监控某一个步骤,一旦该步骤发生了变化,则立马触发该步骤的触发器,执行对应的步骤
注意:
1.无论多少个task通知了相同的handlers,handlers仅会在所有tasks结束后运行一次。
2.Handlers只有在其所在的任务被执行时,才会被运行;如果一个任务中定义了notify调用Handlers,但是由于条件判断等原因,该任务未被执行,那么Handlers同样不会被执行。
3.Handlers只会在每一个play的末尾运行一次;如果想在一个playbook中间运行Handlers,则需要使用meta模块来实现。例如: -meta: flush_handlers。(不要强制执行)
4.如果一个play在运行到调用Handlers的语句之前失败了,那么这个Handlers将不会被执行。我们可以使用meta模块的--force-handlers选项来强制执行Handlers,即使Handlers所在的play中途运行失败也能执行。(不要强制执行)
5.不能使用handlers替代tasks
触发器的写法:
- hosts: web01
task:
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" }
- { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" }
when: ansible_fqdn is match 'web*'
notify: Restart Nginx And PHP
handlers:
- name: Restart Nginx And PHP
service:
name: "{{ item }}"
state: restarted
with_items:
- nginx
- php-fpm
注意:tasks中的notify名字必须和handlers中的- name名字对应上,否则触发器和任务没有做任何关联
tag标签
默认情况下,Ansible在执行一个playbook时,会执行playbook中定义的所有任务,Ansible的标签(tag)功能可以给单独任务甚至整个playbook打上标签,然后利用这些标签来指定要运行playbook中的个别任务,或不执行指定的任务。
打标签的方式
1.对一个task打一个标签
我只想推送nginx的配置文件
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" }
- { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" }
when: ansible_fqdn is match 'web*'
notify: Restart Nginx And PHP
tags: config_nginx
#### 运行:
[root@m01 ansible]# ansible-playbook lnmp.yml -t config_nginx
2.对一个task打多个标签
有一个功能任务,我安装nginx的时候需要创建www用户,安装nfs的时候,需要创建www用户,安装rsync的时候需要创建www用户
创建www用户这个功能,有多个任务都需要使用
tag: install_nginx
tag: install_nfs
tag: install_rsync
- name: Create {{ web_user_group }} Group
group:
name: "{{ web_user_group }}"
gid: 666
state: present
tags:
- install_nginx
- install_nfs
- install_rsync
[root@m01 ansible]# ansible-playbook lnmp.yml -t install_nginx
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" }
- { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" }
when: ansible_fqdn is match 'web*'
notify: Restart Nginx And PHP
tags:
- congfig_nginx
- install_nginx
3.对多个task打一个标签
我只想重新安装nginx
1.安装nginx
tag: install_nginx
2.配置nginx打一个标签
tag: install_nginx
- name: Unarchive Nginx and PHP
unarchive:
src: /ansible/web/nginx_php.tgz
dest: /root
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Install Nginx and PHP
yum:
name: /root/nginx_php/{{ item }}
state: present
with_items: "{{ nginx_php_packages }}"
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" }
- { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" }
when: ansible_fqdn is match 'web*'
notify: Restart Nginx And PHP
tags:
- congfig_nginx
- install_nginx
- name: Create HTML Dir
file:
path: /code
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
state: directory
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Unarchive WordPress Package
unarchive:
src: /ansible/web/wordpress.tgz
dest: /code
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Start Nginx Server
service:
name: "{{ item }}"
state: started
enabled: true
with_items:
- nginx
- php-fpm
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Mount NFS Share Directory
mount:
path: /code/wordpress/wp-content/uploads
src: 172.16.1.31:/{{ nfs_dir }}
fstype: nfs
state: mounted
when: ansible_fqdn is match 'web*'
tags: install_nginx
#### 运行:
[root@m01 ansible]# ansible-playbook lnmp.yml -t install_nginx
-t:运行指定的tag
--skip-tags:跳过指定的tag
playbook的复用
只调用task:include_tasks
调用整个task文件:include (新版本:import_playbook)
在saltstack中,叫做top file入口文件。
示例一:
[root@m01 m01]# cat task.yml
- hosts: web_group
vars:
- http_port: 8080
tasks:
- include_tasks: task_install.yml
- include_tasks: task_configure.yml
- include_tasks: task_start.yml
handlers:
- name: Restart Httpd Server
systemd:
name: httpd
state: restarted
[root@m01 m01]# cat task_install.yml
- name: Install Http Server
yum:
name: httpd
state: present
[root@m01 m01]# cat task_configure.yml
- name: configure httpd server
template:
src: ./httpd.j2
dest: /etc/httpd/conf/httpd.conf
notify: Restart Httpd Server
[root@m01 m01]# cat task_start.yml
- name: start httpd server
service:
name: httpd
state: started
enabled: yes
示例二
- include: httpd.yml
- include: nfs.yml
- include: rsync.yml
示例三
- import_playbook: httpd.yml
- import_playbook: nfs.yml
- import_playbook: rsync.yml
忽略错误
默认playbook会检测task执行的返回状态,如果遇到错误则会立即终止playbook的后续task执行,然鹅有些时候playbook即使执行错误了也要让其继续执行。
加入参数:ignore_errors:yes 忽略错误
[root@m01 ~]# cat ignore.yml
- hosts: web_group
tasks:
- name: Ignore False
command: /bin/false
ignore_errors: yes
- name: touch new file
file:
path: /tmp/zls.txt
state: touch