ansible playbook剧本
Ansible 的 Playbook
一、playbook 概述
-
什么是playbook
PlayBook即"剧本","兵书"之意,PlayBook是由以下部分组成的
play(host): 定义的是主机的角色。(主角还是配角)
Book(task): 定义的是具体执行的任务。(角色的台词和动作)
playbook: 由一个或多个play(角色)组成,一个play(角色)可以包含多个task(台词,动作)。
简单理解为: 使用很多不同的模块指定主机完成一系列动作
在Ansible中"剧本文件"是以yml结尾的文件。
在SaltStack中"剧本文件"是以sls结尾的文件。
但是语法,使用的都是yaml语法
-
playbook组成
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-DhnIHpu6-1623253798874)(img/image-20201221143550214.png)]
[root@m01 ~]# vim touch.yml
#定义要执行动作的主机或主机组
- hosts: web_group
#定义操作的用户
remote_user: root
#定义变量
vars:
#变量:变量的值
file_name: lhd
#指定主机的动作
tasks:
#动作的注释
- name: Touch New File
#使用shell模块执行动作
shell: touch /tmp/{{ file_name }}
#模拟执行
[root@m01 ~]# ansible-playbook -C touch.yml
#验证语法
[root@m01 ~]# ansible-playbook --syntax-check touch.yml
#注意:只能验证语法,验证不了逻辑
-
PlayBook与ad-hoc
| 特点 | PlayBook | ad-hoc |
|---|---|---|
| 完整性 | √ | ✘ |
| 持久性 | √ | ✘ |
| 执行效率 | 低 | 高 |
| 变量 | 支持 | 不支持 |
| 耦合度 | 低 | 高 |
1.PlayBook功能比ad-hoc更全,是对ad-hoc的一种编排.
2.PlayBook能很好的控制先后执行顺序,以及依赖关系.
3.PlayBook语法展现更加的直观.
4.playbook可以持久使用,ad-hoc无法持久使用.
-
YAML 语法
| 语法 | 描述 |
|---|---|
| 缩进 | YAML使用固定的缩进风格表示层级结构,每个缩进由两个空格组成, 不能使用TAB |
| 冒号 | 以冒号结尾的除外,其他所有冒号后面所有必须有空格 |
| 短横线 | 表示列表项,使用一个短横杠加一个空格,多个项使用同样的缩进级别作为同一列表 |
- 中国:
上海:
北京:
- 朝阳
- 昌平
- 海淀
二、playbook实战
-
配置主机清单
[root@m01 ~]# cat /etc/ansible/hosts
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'
[nfs_server]
nfs ansible_ssh_pass='1'
[rsync_server]
backup ansible_ssh_pass='1'
[db_server]
db01 ansible_ssh_pass='1'
[www:children]
web_group
nfs_server
rsync_server
[root@m01 lnmp]# cat base.yml
- hosts: all
tasks:
- name: Stop Selinux
selinux:
state: disabled
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
-
部署httpd
编写剧本
[root@m01 lnmp]# cat httpd.yml
- hosts: web_group
tasks:
- name: Install Httpd Server
yum:
name: httpd
state: present
- name: Config Httpd Server
copy:
src: /etc/httpd/conf/httpd.conf
dest: /etc/httpd/conf/
- name: Start Httpd Server
systemd:
name: httpd
state: started
执行剧本
[root@m01 lnmp]# ansible-playbook httpd.yml
-
部署交作业页面
[root@m01 lnmp]# cat jiaozuoye.yml
- hosts: all
tasks:
- name: Create www Group
group:
name: www
gid: 666
state: present
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
- name: 安装NFS
yum:
name: nfs-utils
state: present
- name: 安装rpcbind
yum:
name: rpcbind
state: present
- name: 启动rpcbind
systemd:
name: rpcbind
state: started
- hosts: web_group
tasks:
- name: Install Httpd Server
yum:
name: httpd
state: present
- name: Config httpd Server
copy:
src: /etc/httpd/conf/httpd.conf
dest: /etc/httpd/conf/
- name: 解压php安装包到web服务器
unarchive:
src: /root/php.tar.gz
dest: /tmp/
- name: 安装php
shell: yum localinstall -y /tmp/*.rpm
- name: 配置php
copy:
src: /etc/php-fpm.d/www.conf
dest: /etc/php-fpm.d/
- name: 配置php
copy:
src: /etc/php.ini
dest: /etc/
- name: 启动php
systemd:
name: php-fpm
state: started
enabled: yes
- name: 启动httpd
systemd:
name: httpd
state: started
enabled: yes
- name: 解压代码
unarchive:
src: /root/kaoshi.zip
dest: /var/www/html/
owner: www
group: www
- name: 站点目录授权
file:
path: /var/www/
state: directory
owner: www
group: www
recurse: yes
- name: 安装NFS
yum:
name: nfs-utils
state: present
- hosts: nfs
tasks:
- name: 配置nfs
copy:
content: "/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)"
dest: /etc/exports
- name: 创建挂载目录
file:
path: /data
state: directory
owner: www
group: www
- name: 启动nfs
systemd:
name: nfs
state: started
- hosts: web_group
tasks:
- name: 创建web端挂载的目录
file:
path: /var/www/html/upload
state: directory
owner: www
group: www
- name: 挂载
mount:
src: 172.16.1.31:/data
path: /var/www/html/upload
fstype: nfs
opts: defaults
state: mounted
-
部署rsync客户端和服务端
配置主机清单
[root@m01 lnmp]# cat /etc/ansible/hosts
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'
[nfs_server]
nfs ansible_ssh_pass='1'
[rsync_server]
backup ansible_ssh_pass='1'
[db_server]
db01 ansible_ssh_pass='1'
[www:children]
web_group
nfs_server
rsync_server
准备rsync配置文件
[root@m01 lnmp]# vim /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
准备sersync
#1.准备包
[root@m01 ~]# ll sersync2.5.4_64bit_binary_stable_final.tar.gz
-rw-r--r-- 1 root root 727290 Aug 23 12:22 sersync2.5.4_64bit_binary_stable_final.tar.gz
#2.准备配置文件
[root@m01 ~]# vim GNU-Linux-x86/confxml.xml
<inotify>
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<localpath watch="/data">
<remote ip="172.16.1.41" name="backup"/>
</localpath>
<rsync>
<commonParams params="-artuz"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.password"/>
... ...
</sersync>
编写剧本
[root@m01 lnmp]# cat rsync_client.yml
- hosts: nfs_server
tasks:
- name: Install Rsync Server
yum:
name: rsync
state: present
- name: Install Inotify-Tools Server
yum:
name: inotify-tools
state: present
- name: Install Sersync Server
unarchive:
src: /root/sersync2.5.4_64bit_binary_stable_final.tar.gz
dest: /usr/local/
- name: Rename Sersync Dir
shell: "mv /usr/local/GNU-Linux-x86 /usr/local/sersync"
- name: Config Sersync Server
copy:
src: /root/GNU-Linux-x86/confxml.xml
dest: /usr/local/sersync/
- name: Chmod Sersync
copy:
src: /root/GNU-Linux-x86/sersync2
dest: /usr/local/sersync/
mode: 755
- name: Config Rsync Client Password File
copy:
content: "123456"
dest: /etc/rsync.password
mode: 600
- name: Start Sersync
shell: /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
三、Ansible playbook 实战2
一.基础准备
#1.安装ansible
[root@m01 ~]# yum install -y ansible
#2.配置ansible
[root@m01 ~]# vim /etc/ansible/ansible.cfg
host_key_checking = False
#3.配置主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[lb_server]
lb01 ansible_ssh_pass='1'
lb02 ansible_ssh_pass='1'
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'
[nfs_server]
nfs ansible_ssh_pass='1'
[rsync_server]
backup ansible_ssh_pass='1'
[db_server]
db01 ansible_ssh_pass='1'
[nginx:children]
web_group
lb_server
#4.配置hosts
[root@m01 ~]# vim /etc/hosts
10.0.0.4 lb01
10.0.0.5 lb02
10.0.0.7 web01
10.0.0.8 web02
10.0.0.31 nfs
10.0.0.41 backup
10.0.0.51 db01
#5.创建统一目录
[root@m01 ~]# mkdir /project
[root@m01 ~]# cd /project/
二 .编写剧本实例
- 第一部分:所有服务器优化
[root@m01 project]# cat base.yml
- hosts: all
tasks:
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
enabled: no
- name: Stop Selinux
selinux:
state: disabled
- name: Create www Group
group:
name: www
gid: 666
state: present
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
state: present
- 第二部分:nginx部分
安装方式
#源码包安装方式
1.上传包
2.解压
unarchive
3.生成
shell
4.编译
shell
5.安装
shell
#官方源方式
1.配置官方源
2.推送官方源
copy
3.安装nginx
yum
#rpm包的方式
1.上传包
2.推送包
copy
3.安装包
yum
准备工作
#1.准备nginx的rpm包
[root@m01 project]# mkdir package
[root@m01 project]# cd package/
[root@m01 package]# rz
[root@m01 package]# ll
total 768
-rw-r--r-- 1 root root 784272 Dec 10 09:13 nginx-1.16.1-1.el7.ngx.x86_64.rpm
#2.准备nginx配置文件
[root@m01 package]# vim /etc/nginx/nginx.conf
user www;
编写剧本
[root@m01 project]# cat nginx.yml
- hosts: nginx
tasks:
- name: Push nginx rpm
copy:
src: /project/package/nginx-1.16.1-1.el7.ngx.x86_64.rpm
dest: /tmp/
- name: Install Nginx Server
yum:
name: /tmp/nginx-1.16.1-1.el7.ngx.x86_64.rpm
state: present
- name: Config Nginx Server
copy:
src: /etc/nginx/nginx.conf
dest: /etc/nginx/
- name: Start Nginx Server
systemd:
name: nginx
state: started
- 第三部分:PHP部分
准备工作
#1.准备php的安装包
[root@m01 package]# rz
[root@m01 package]# ll
total 20192
-rw-r--r-- 1 root root 784272 Dec 10 09:13 nginx-1.16.1-1.el7.ngx.x86_64.rpm
-rw-r--r-- 1 root root 19889622 Nov 22 15:52 php.tar.gz
#2.准备配置文件
[root@m01 project]# mkdir conf
[root@m01 project]# mv /etc/php.ini conf/
[root@m01 project]# cp /etc/php-fpm.d/www.conf conf/
[root@m01 project]# vim conf/php.ini
upload_max_filesize = 200M
post_max_size = 300M
[root@m01 project]# vim conf/www.conf
user = www
group = www
编写剧本
[root@m01 project]# vim php.yml
- hosts: web_group
tasks:
- name: Tar php Package
unarchive:
src: /project/package/php.tar.gz
dest: /tmp/
- name: Install php Server
shell: "yum localinstall -y /tmp/*.rpm"
- name: Config php Server
copy:
src: /project/conf/php.ini
dest: /etc/
- name: Config php Server
copy:
src: /project/conf/www.conf
dest: /etc/php-fpm.d/
- name: Start php Server
systemd:
name: php-fpm
state: started
- 第四部分:配置wordpress网站
准备工作
#1.准备wordpress包
[root@m01 ~]# cd /project/package/
[root@m01 package]# rz
[root@m01 package]# ll
total 31032
-rw-r--r-- 1 root root 784272 Dec 10 09:13 nginx-1.16.1-1.el7.ngx.x86_64.rpm
-rw-r--r-- 1 root root 19889622 Nov 22 15:52 php.tar.gz
-rw-r--r-- 1 root root 11098483 Sep 12 17:52 wordpress-5.0.3-zh_CN.tar.gz
#2.准备wordpress配置文件
[root@m01 project]# vim conf/linux.wp.com.conf
server {
listen 80;
server_name linux.wp.com;
root /code/wordpress;
index index.php;
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
编写剧本
[root@m01 project]# cat wordpress.yml
- hosts: web_group
tasks:
- name: Create code Dir
file:
path: /code
state: directory
- name: Tar wordpress Code
unarchive:
src: /project/package/wordpress-5.0.3-zh_CN.tar.gz
dest: /code/
- name: Config wordpress DB
copy:
src: /project/conf/wp-config.php
dest: /code/wordpress
- name: Chown Code Dir
file:
path: /code
state: directory
owner: www
group: www
recurse: yes
- name: Config Nginx wordpress
copy:
src: /project/conf/linux.wp.com.conf
dest: /etc/nginx/conf.d/
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
- 第五部分:mariadb部分
MySQL相关模块
#1.mysql_db 模块
- name: Create a new database with name 'bobdata'
mysql_db:
name: bobdata #库的名字
state:
present #创建库
import #导入数据库
dump #导出数据库
target: /tmp/dump.sql #导入或导出的数据库文件
#2.mysql_user 模块
- name: Create database user with name 'bob' and password '12345' with all database privileges
mysql_user:
name: bob #用户名
host: 172.16.1.% #用户连接的主机
password: 12345 #用户密码
priv: '*.*:ALL' #用户权限
state:
present #创建用户
absent #删除用户
grant all privileges on *.* to bob@'172.16.1.%' identified by '12345'
编写剧本
[root@m01 project]# cat mariadb.yml
- hosts: db01
tasks:
- name: Install Mariadb Server
yum:
name: mariadb-server
state: present
- name: Install MySQL-python Server
yum:
name: MySQL-python
state: present
- name: Start Mariadb Server
systemd:
name: mariadb
state: started
enabled: yes
- name: Create wordpress Database
mysql_db:
name: wordpress
state: present
- name: Create wordpress Database User
mysql_user:
name: wp
host: 172.16.1.%
password: 123456
priv: 'wordpress.*:ALL'
state: present
- 整合后的剧本
[root@m01 project]# cat blog.yml
- hosts: all
tasks:
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
enabled: no
- name: Stop Selinux
selinux:
state: disabled
- name: Create www Group
group:
name: www
gid: 666
state: present
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
state: present
- hosts: nginx
tasks:
- name: Push nginx rpm
copy:
src: /project/package/nginx-1.16.1-1.el7.ngx.x86_64.rpm
dest: /tmp/
- name: Install Nginx Server
yum:
name: /tmp/nginx-1.16.1-1.el7.ngx.x86_64.rpm
state: present
- name: Config Nginx Server
copy:
src: /etc/nginx/nginx.conf
dest: /etc/nginx/
- name: Start Nginx Server
systemd:
name: nginx
state: started
- hosts: web_group
tasks:
- name: Tar php Package
unarchive:
src: /project/package/php.tar.gz
dest: /tmp/
- name: Install php Server
shell: "yum localinstall -y /tmp/*.rpm"
- name: Config php Server
copy:
src: /project/conf/php.ini
dest: /etc/
- name: Config php Server
copy:
src: /project/conf/www.conf
dest: /etc/php-fpm.d/
- name: Start php Server
systemd:
name: php-fpm
state: started
- hosts: web_group
tasks:
- name: Create code Dir
file:
path: /code
state: directory
- name: Tar wordpress Code
unarchive:
src: /project/package/wordpress-5.0.3-zh_CN.tar.gz
dest: /code/
- name: Config wordpress DB
copy:
src: /project/conf/wp-config.php
dest: /code/wordpress
- name: Chown Code Dir
file:
path: /code
state: directory
owner: www
group: www
recurse: yes
- name: Config Nginx wordpress
copy:
src: /project/conf/linux.wp.com.conf
dest: /etc/nginx/conf.d/
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
- hosts: db01
tasks:
- name: Install Mariadb Server
yum:
name: mariadb-server
state: present
- name: Install MySQL-python Server
yum:
name: MySQL-python
state: present
- name: Start Mariadb Server
systemd:
name: mariadb
state: started
enabled: yes
- name: Create wordpress Database
mysql_db:
name: wordpress
state: present
- name: Create wordpress Database User
mysql_user:
name: "wp"
host: "172.16.1.%"
password: "123456"
priv: 'wordpress.*:ALL'
state: present