Ansible的PlayBook文件格式为YAML语言,所以希望你在编写PlayBook前对YAML语法有一定的了解,否则在运行PlayBook的时候经常碰到语法错误提示,这里我们通过介绍批量部署LAMP为例,介绍一下LAMP.yml这个PlayBook的具体应用写法,如果你对YAML语言没有了解的话,请自行去百度学习.
创建准备环境
首先,我们有两台虚拟机192.168.10.20 and 192.168.10.30 这两台虚拟机,下面我们将写一个剧本实现批量部署LAMP环境,在这之前我们需要先创建SSH密钥对并分发到每一台的主机上去.
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xZxM9bunwBsS03gGT5HGT4LvOnJHdr5Bwl/Iit7qQN8 root@localhost.localdomain
The keys randomart image is:
+---[RSA 2048]----+
| .+o. |
| =..=o. |
| Bo.+. |
| . B...o |
| S +.B = .|
| . . O+=.o |
| . ++Eo+ .|
| .o+o.+.+ |
| +++o o. |
+----[SHA256]-----+
[root@localhost ~]# ssh-copy-id root@192.168.10.20
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 192.168.10.20 (192.168.10.20) can t be established.
ECDSA key fingerprint is SHA256:2kWFaV72YVvAl2EU2Zop4uAjP3Gy2jW92d0Va/HrSMM.
ECDSA key fingerprint is MD5:fc:6c:91:b0:02:e6:7e:98:52:af:0d:b3:47:d4:69:ef.
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.10.20 s password:
[root@localhost ~]# ssh-copy-id root@192.168.10.30
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 192.168.10.30 (192.168.10.30) cant be established.
ECDSA key fingerprint is SHA256:2kWFaV72YVvAl2EU2Zop4uAjP3Gy2jW92d0Va/HrSMM.
ECDSA key fingerprint is MD5:fc:6c:91:b0:02:e6:7e:98:52:af:0d:b3:47:d4:69:ef.
Are you sure you want to continue connecting (yes/no)? yes
root@192.168.10.30's password:
其次创建一个目录用于存放剧本中需要用到的数据文件等,这里我们只创建两个index文件,用于后期的测试,如果你有一些配置文件需要拷贝,此时应该提前准备好.
[root@localhost ~]# mkdir playbook
[root@localhost ~]# ls -lh
total 0
drwxr-xr-x. 2 root root 6 Dec 3 10:44 playbook
[root@localhost ~]# cd playbook/
[root@localhost playbook]# ls -lh
total 8.0K
drwxr-xr-x. 2 root root 6 Dec 3 10:46 apache
drwxr-xr-x. 2 root root 6 Dec 3 10:46 mariadb
drwxr-xr-x. 2 root root 6 Dec 3 10:46 php
-rw-r--r--. 1 root root 30 Dec 3 10:45 index.html
-rw-r--r--. 1 root root 29 Dec 3 10:46 index.php
[root@localhost playbook]# cat index.html
hello lyshark
www.mkdirs.com
[root@localhost playbook]# cat index.php
<?php
phpinfo();
?>
接着创建一个用户主机列表,这里我们就在当前目录下创建一个Hosts文件即可,如果有很多太主机可以使用简写.
[root@localhost playbook]# vim hosts
[root@localhost playbook]# cat hosts
[lamp]
192.168.10.20
192.168.10.30
#[test] #此处注释,只做说明,定义从20-100网段的主机
#192.168.10.2[0:100]
## 编写Apache安装过程
这里由于我们是第一次编写剧本,所有我们应该先创建一个文件,编写一个main.yml剧本,我们来写一个安装apache软件的剧本,先来看一下这个PlayBook的部分代码:
---
- hosts: lamp
tasks:
- name: Yum install httpd
yum: name={{item}} state=installed
with_items:
- apr
- apr-util
- httpd
- httpd-devel
- name: copy index.html
template: src=./index.html dest=/var/www/html/index.html owner=root group=root mode=0755
- name: copy index.php
template: src=./index.php dest=/var/www/html/index.php owner=root group=root mode=0755
notify: #上一个命令执行成功,才会执行notify
- start httpd
handlers:
- name: start httpd
service: name=httpd state=restarted
第一项:hosts指定哪些主机执行操作,此处我们将主机列表规划成了lamp组,也就是说LAMP组成员都会执行.
第二项:tasks是应用yum模块来安装apache服务程序包,name是说明信息,说明这个模块的功能.
第四项:with_items是一个迭代器,用来批量安装以下列出的包文件,此处就是apache的相关文件.
第五项:template是一个远程复制模块,目的是将当前目录下的index配置文件复制到远程主机上去.
第六项:notify发送消息的作用,这里目的是发送给名称是start httpd的handlers让其执行操作.
这里有个注意的地方就是关于上方写了两个Copy才完成了复制,其实我们可以把它们放入一个迭代器里,代码如下:
- name: copy index.html and index.php
copy: src={{item.src}} dest={{item.dest}} owner=root group=root mode=644
with_items:
- {src: ./index.html,dest:/var/www/html/index.html}
- {src: ./index.php,dest:/var/www/html/index.php}
接着写完了这些配置以后,我们运行下面的几条命令,检查一下上面的文件是否有语法错误,和检查主机列表是否生效了.
[root@localhost playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
play #1 (lamp): lamp TAGS: []
tasks:
yum install httpd TAGS: []
copy index.html TAGS: []
copy index.php TAGS: []
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
play #1 (lamp): lamp TAGS: []
pattern: [u'lamp']
hosts (2):
192.168.10.20
192.168.10.30
## 编写MariaDB安装过程
接下来我们,继续编辑main.yml剧本,写一个安装mariadb数据库的剧本,由于无需规范化,所以我们就把他们写在一个剧本里就可以了,先来看一下这个PlayBook的部分代码:
- hosts: lamp
tasks:
- name: install mariadb
yum: name={{item}} state=installed
with_items:
- mariadb
- mariadb-server
notify:
- start mariadb
- name: set mysql password
shell: mysql -e "set password for root@localhost=password('123123');"
handlers:
- name: start mariadb
service: name=mariadb state=restarted
上图的例子,我们在安装Mariadb数据库时,可以使用shell模块直接赋值初始密码,也可以使用下面声明变量并调用mysql_user系统模块完成数据库密码的设置,需要注意的是,如果使用系统模块的话,被控主机必须安装MySQL-python包.
- hosts: lamp
vars:
- username: root #这里声明两个变量
- password: 123123
tasks:
- name: install mariadb
yum: name={{item}} state=installed
with_items:
- mariadb
- mariadb-server
- MySQL-python #如果要使用MySQL函数,这里需要安装这个包
notify:
- start mariadb
# - name: set mysql password
# shell: mysql -e "set password=password('123123');"
- name: set mysql password #这里使用两个变量来赋值
mysql_user: name={{username}} password={{password}} priv=*.*:ALL host='localhost' state=present
handlers:
- name: start mariadb
service: name=mariadb state=restarted
写完了这些配置以后,我们运行下面的几条命令,检查一下上面的文件是否有语法错误,和检查主机列表是否生效了.
[root@localhost playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
play #1 (lamp): lamp TAGS: []
tasks:
yum install httpd TAGS: []
copy index.html TAGS: []
copy index.php TAGS: []
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
play #1 (lamp): lamp TAGS: []
pattern: [u'lamp']
hosts (2):
192.168.10.20
192.168.10.30
## 编写PHP环境安装过程
最后编辑main.yml剧本,来写一个安装PHP的剧本,先来看一下这个PlayBook的部分代码:
- hosts: lamp
tasks:
- name: install PHP
yum: name={{item}} state=installed
with_items:
- php
- php-mysql
notify:
- start apache
handlers:
- name: start apache
service: name=apache state=restarted
写完了这些配置以后,我们运行下面的几条命令,检查一下上面的文件是否有语法错误,和检查主机列表是否生效了.
[root@localhost playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
play #1 (lamp): lamp TAGS: []
tasks:
yum install httpd TAGS: []
copy index.html TAGS: []
copy index.php TAGS: []
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
play #1 (lamp): lamp TAGS: []
pattern: [u'lamp']
hosts (2):
192.168.10.20
192.168.10.30
## 将剧本合并起来并执行
将剧本串联起来,然后我们在最后再次添加以下内容,目的是关闭防火墙,关闭SELinux,重启http服务.
- hosts: lamp
tasks:
- name: check iptables
shell: iptables -F
- name: check selinux
shell: setenforce 0
- name: restart httpd
shell: systemctl restart httpd
最后我们得到了,整个LAMP的剧本安装过程,完整代码如下所示:
[root@localhost playbook]# cat main.yml
---
- hosts: lamp
tasks:
- name: yum install httpd
yum: name={{item}} state=installed
with_items:
- apr
- apr-util
- httpd
- httpd-devel
- name: copy index.html
template: src=./index.html dest=/var/www/html/index.html owner=root group=root mode=0755
- name: copy index.php
template: src=./index.php dest=/var/www/html/index.php owner=root group=root mode=0755
notify:
- Start httpd
handlers:
- name: Start httpd
service: name=httpd state=restarted
#-------------------------------------------------------------------
- hosts: lamp
tasks:
- name: install mariadb
yum: name={{item}} state=installed
with_items:
- mariadb
- mariadb-server
notify:
- start mariadb
- name: set mysql password
shell: mysql -e "set password for root@localhost=password('123123');"
handlers:
- name: start mariadb
service: name=mariadb state=restarted
#-------------------------------------------------------------------
- hosts: lamp
tasks:
- name: install PHP
yum: name={{item}} state=installed
with_items:
- php
- php-mysql
# notify:
# - start apache
# handlers:
# - name: start apache
# service: name=apache state=restarted
#-------------------------------------------------------------------
- hosts: lamp
tasks:
- name: check iptables
shell: iptables -F
- name: check selinux
shell: setenforce 0
- name: restart httpd
shell: systemctl restart httpd
接着我们执行检测程序,检查整体是否有语法错误.
[root@localhost playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
play #1 (lamp): lamp TAGS: []
tasks:
yum install httpd TAGS: []
copy index.html TAGS: []
copy index.php TAGS: []
[root@localhost playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
play #1 (lamp): lamp TAGS: []
pattern: [u'lamp']
hosts (2):
192.168.10.20
192.168.10.30
执行剧本: 确认过以后,直接使用下面的命令一键部署,我们写好的PlayBook剧本,此时我们等它一会.
[root@localhost playbook]# ansible-playbook -i hosts main.yml
PLAY [lamp] ******************************************************************************
TASK [Gathering Facts] *******************************************************************
ok: [192.168.10.30]
ok: [192.168.10.20]
....省略....
PLAY RECAP *******************************************************************************
192.168.10.20 : ok=5 changed=4 unreachable=0 failed=0
192.168.10.30 : ok=5 changed=4 unreachable=0 failed=0
最后说明,本小结内容通过一个简单案例介绍如何利用 Ansiblc 部署 LAMP 架构,这是 Ansible 在构建集群甚至跨机器部署上面的人门案例,通过本章案例可以清晰地了解到如何用 Ansible 在配置部署过程中实现一个业务逻辑架构,这也是我们在实际工作作中经常遇到的,随着公司业务的扩张,会有很多需要维护和部署的集群架构,而这些繁复的下作对于 Ansible 来说易如反掌.
参考文献:《Ansible自动化运维:技术与最佳实践》