ansible自动化配置管理
- 官方网站: https://docs.ansible.com
- 一、安装 配置 启动 (ansible由红帽收购)
- (1)什么是ansible
ansible是IT自动化配置管理工具,模块丰富,组件丰富,可以通过一个命令完成一系列的操作。减少了维护成本和复杂性的工作,提高工作效率。
假设完成100台nginx服务的安装:
ssh-->登录-->输入密码-->安装nginx-->启动nginx-->退出登录(重复10次)
引入-->ansible一键部署
(2)ansible可以完成哪些功能
1、批量执行远程命令:可以对n多台主机同时进行命令的执行
2、批量配置软件服务:可以进行自动化的配置和管理服务
3、实现软件开发功能:jumpserver
4、编排高级IT任务:ansible的playbook是一门编程语言,可以用来描绘一整套IT架构。
(3)ansible的特点:
容易学习,无代理模式、操作灵活、简单易用、安全可靠、移植性高。
(4)inventory(主机清单)能够对不同的主机或不同的主机组做AD-Hoc和playbook借助module(模块-->python开发)依托于ssh进行分组批量部署。
(5)ansible配置文件(优先级)
- (1)什么是ansible
[root@manager ~]# cd /etc/ansible/
[root@manager ansible]# vim ansible.cfg #查看配置文件
其中
ANSIBLE_CONFIG
ansible.cfg #当前项目目录中
.ansible.cfg #当前执行用户的家目录
[root@manager ~]# mkdir /project1
[root@manager ~]# cp /etc/ansible/ansible.cfg /project1
[root@manager ~]# cd /project1/
-
ansible inventory 主机清单
1、#基于IP地址+密码的方式 [root@manager project1]# vim hosts [root@manager project1]# cat hosts [webservers] 172.16.1.7 ansible_ssh_user='root' ansible_ssh_pass='1' 172.16.1.8 ansible_ssh_user='root' ansible_ssh_pass='1' 2、基于秘钥连接,需要首先创建公钥和私钥,并下发公钥至被控端 [root@manager project1]# ssh-keygen -C manager@qq.com #一路回车 [root@manager project1]# vim ansible.cfg # inject_facts_as_vars = True # additional paths to search for roles in, colon separated #roles_path = /etc/ansible/roles # uncomment this to disable SSH key host checking host_key_checking = False #秘钥免密码登录 ...... [root@manager ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7 [root@manager ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8 [root@manager project1]# cat hosts [webservers] 172.16.1.7 172.16.1.8 #测试 [root@manager project1]# ansible webservers -m ping -i hosts [root@manager project1]# ansible webservers --list-hosts -i hosts hosts (2): 172.16.1.7 172.16.1.8 3、主机组使用方式 [root@manager project1]# cat hosts [lbservers] #定义lbservers组 172.16.1.7 172.16.1.8 [root@manager project1]# cat hosts [webservers] #定义webservers组 172.16.1.7 172.16.1.8 -
ansible AD-Hoc
command #执行命令
shell #执行命令
yum_reposity #yum仓库配置
yum #yum安装软件
get_url #和linux的wget一致
1、command
[root@manager project1]# ansible webservers -a "ps aux |grep nginx" -i hosts #不支持管道(会报错(red))
2、shell
[root@manager project1]# ansible webservers -m shell -a "ps aux |grep nginx" -i hosts #支持管道
3、yum
state:
present 安装
absent 卸载
latest 最新
enablerepo #指定使用哪个仓库
disablerepo #排除使用哪个仓库
1、安装最新的httpd服务
[root@manager project1]# ansible webservers -m yum -a "name=httpd state=latest disablerepo=webtatic-php" -i hosts
2移除httpd服务
[root@manager project1]# ansible webservers -m yum -a "name=httpd state=absent disablerepo=webtatic-php" -i hosts
3、安装httpd指定那个仓库安装
[root@manager project1]#ansible webservers -m yum -a "name=httpd state=latest enablerepo=mirrors.aliyun.com" -i hosts
4、通过url的方式安装
[root@manager project1]# ansible webservers -m yum -a "name=/root/zabbix-agent-4.0.0-2.el7.x86_64.rpm state=present disablerepo=webtatic-php" -i hosts
4、copy
src #本地路径,可以是相对,也可以是绝对
dest #目标位置
owner #属主
group #属组
mode #权限
backup #备份
[root@manager project1]# vim /etc/nginx/conf.d/ansible.oldxu.com.conf
server {
listen 80;
root /code/ansible;
location / {
index index.html;
}
}
[root@manager project1]# ansible webservers -m copy -a "src=/etc/nginx/conf.d/ansible.oldxu.com.conf dest=/etc/nginx/conf.d/ansible.oldxu.com.conf owner=root group=root mode=644 backup=yes" -i hosts
#backup=yes #表示在目标机上面是否备份
#访问测试
5、service/systemd
state
started #启动
stopped #停止
restarted #重启
reloaded #重载
enabled
yes #是
no #否
[root@manager project1]# ansible webservers -m systemd -a "name=nginx state=restarted enabled=yes" -i hosts
6、file
#创建/code/ansible
path #路径
state
touch #创建文件
directory #创建目录
owner #属主
group #属组
mode #权限
#准备站点
[root@manager project1]# mkdir /code/ansible
[root@manager project1]# ansible webservers -m file -a "path=/code/ansible state=directory mode=755 owner=www group=www" -i hosts
#准备站点代码
[root@manager project1]# echo "test01" > /code/ansible/index.html
[root@manager project1]# ansible webservers -m copy -a "src=/code/ansible/index.html dest=/code/ansible/index.html owner=www group=www mode=644" -i hosts
7、user group
#group 整数int 小数 flot dasdsa str 真|假 bool
[root@manager project1]# ansible webservers -m group -a "name=www gid=666 state=present" -i hosts
#user name #名称 uid #uid group #组名或gid create_home #是否创建家目录 system #是否作为系统组 shell #指定登录shell state present absent remove groups append password
#--------------------------------------------------------------> # 程序使用 www 666 666 /sbin/nologin /home -->无
[root@manager project1]# ansible webservers -m user -a "name=www uid=666 group=666 create_home=no shell=/sbin/nologin state=present" -i hosts
# 正常用户 oldxu 1000 1000 /bin/bash /home/oldxu [root@manager project1]# ansible webservers -m user -a "name=oldxu" -i hosts
# 移除oldxu用户,并删除家目录所有内容.
[root@manager project1]# ansible webservers -m user -a "name=oldxu state=absent remove=yes" -i hosts
# 创建 other用户.有两个附加组root bin,创建家目录,指定登录 shell,设定密码123
#生成一个密码 ansible all -i localhost, -m debug -a "msg={{ '123' | password_hash('sha512', 'mysecretsalt') }}"
[root@manager project1]# ansible webservers -m user -a 'name=other groups='root,bin' create_home=yes shell=/bin/bash password="$6$mysecretsalt$gIIYs0Xgc7sSQkH.zKaz8/Afa MomYzR1QZYtccwmJcUt8VpLq4D055UCCX4MlwgePOP80ZRwhppv BF72RIAVi/"' -i hosts
8、mount
#提前准备好nfs服务端 [root@web01 ~]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/zrlog 172.16.1.0/24
/data/zh 172.16.1.0/24
/data/edu 172.16.1.0/24
/data/blog 172.16.1.0/24
#用管理端操作被控端,让被控端挂载nfs存储数据 present
#写入/etc/fstab absent
#卸载/etc/fstab
mounted #临时挂载 unmounted #卸载当前挂载
#挂载过程中,如果目录不存在,则会创建该目录
[root@manager project1]# ansible webservers -m mount -a "src=172.16.1.31:/data/zrlog path=/test_zrlog fstype=nfs opts=defaults state=mounted" -i hosts
[root@manager project1]# ansible webservers -m mount -a "src=172.16.1.31:/data/zrlog path=/test_zrlog fstype=nfs opts=defaults state=unmounted" -i hosts
9、cron
minute #分
hour #时
day #日
month #月
week #周
job #
[root@manager project1]# ansible webservers -m cron -a 'name=test_job minute=00 hour=02 job="/bin/bash /server/scripts/client_to_data_server.sh &>/dev/null"' -i hosts
[root@manager project1]# ansible webservers -m cron -a 'name=test job="/bin/bash /server/scripts/test.sh &>/dev/null"' -i hosts
[root@manager project1]# ansible webservers -m cron -a 'name=test job="/bin/bash /server/scripts/test.sh &>/dev/null" state=absent' -i hosts
10、firewalld
[root@manager project1]# ansible webservers -m systemd -a "name=firewalld state=started" -i hosts
#针对服务
[root@manager project1]# ansible webservers -m firewalld -a "service=http state=enabled" -i hosts
#针对端口
[root@manager project1]# ansible webservers -m firewalld -a "port=9999/tcp state=enabled" -i hosts
#针对source来源
#针对rule
11、selinux
[root@manager project1]# ansible webservers -m selinux -a "state=disabled" -i hosts
12.get_url
13.yum_repositry
1.安装http服务 yum
2.编写简单网页测试内容 copy
3.启动服务并加入开机自启 service/systemd
4.放行对应的端口 firewalld
Ansible playbook
1、什么是playbook
-
playbook 剧本
- play #找谁
- task #做什么
- 找多个明星,做多件事情
- 找一个明星,做多个事情
2、playbook和Asd-Hoc的区别
3、playbook三板斧,缩进、冒号、短横线(语法格式)
模块地址:
https://docs.ansible.com/ansible/latest/modules/list_of_all_modules.html
#语法示例
[root@manager project1]# vim f1.yml
[root@manager project1]# cat f1.yml
- hosts: webservers
tasks:
- name: Create New File
file: path=/tmp/123.txt state=touch owner=root group=root mode=0600
- name: Create New File2
file:
path: /tmp/456.txt
state: touch
owner: root
group: root
mode: 0666
[root@manager project1]# ansible-playbook f1.yml -i hosts
PLAY [webservers] **************************************************************
TASK [Gathering Facts] *********************************************************
ok: [172.16.1.8]
ok: [172.16.1.7]
TASK [Create New File] *********************************************************
changed: [172.16.1.7]
changed: [172.16.1.8]
TASK [Create New File2] ********************************************************
changed: [172.16.1.7]
changed: [172.16.1.8]
PLAY RECAP *********************************************************************
172.16.1.7 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.1.8 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
案例一、使用ansible安装并配置nfs
1、将10.0.0.7上的文件推一份至ansible控制端
[root@web01 ~]# scp -rp /etc/nginx/nginx.conf root@172.16.1.61:/project1/file/nginx.conf.j2
2、在ansible控制端书写nfs_servers.yml脚本
[root@manager project1]# cat nfs_servers.yml #编辑nfs前端文件
- hosts: nfsservers
tasks:
- name: Installed NFS Server
yum:
name: nfs-utils
state: present
- name: Configure NFS Server
copy:
src: ./file/exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
backup: yes
- name: Create NFS Group www
group:
name: www
gid: 666
- name: Create NFS User www
user:
name: www
group: www
uid: 666
create_home: no
shell: /sbin/nologin
- name: Create NFS Share Directory
file:
path: /ansible_data
state: directory
owner: www
group: www
mode: 0755
recurse: yes
- name: Systemd NFS Server
systemd:
name: nfs
state: restarted
enabled: yes
#语法检测:[root@manager project1]# ansible-playbook --syntax nfs_servers.yml -i hosts
playbook: nfs_servers.yml
3、在nfs(10.0.0.31)上编辑配置文件
[root@nfs ~]# cat /etc/exports
/ansible_data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
4、在ansible控制端书写nfs_client.yml脚本
[root@manager project1]# vim nfs_client.yml
- hosts: webservers
tasks:
- name: Mount NFS Server share directory
mount:
src: 172.16.1.31:/ansible_data
path: /mnt
fstype: nfs
opts: defaults
state: mounted
#语法检测:[root@manager project1]# ansible-playbook --syntax nfs_client.yml -i hosts
playbook: nfs_client.yml
5、在10.0.0.7和10.0.0.8查看是否挂载成功
[root@web01 ~]# df -h
172.16.1.31:/ansible_data 38G 1.8G 37G 5% /mnt
案例二:ansible安装nginx服务
步骤详解#1.创建一对公钥和私钥
[root@manager-61 project1]#ssh-keygen -C manager@qq.com #一路回车
[root@manager-61 project1]#ssh-copy-id -i ~/.ssh/id_rsa root@172.16.1.7
[root@manager-61 project1]#ssh-copy-id -i ~/.ssh/id_rsa root@172.16.1.8
[root@manager-61 project1]# ansible all -m ping -i hosts #测试所有主机是否能ping通
#2.配置hosts文件,添加webservers主机组
[root@manager-61 project1]# vim hosts
[webservers]
172.16.1.7
172.16.1.8
#3.编写一个安装nginx的.yml文件(统一将.yml的文件同一个目录下)
#编写思路:
#1.安装nginx yum
#2.配置nginx copy
#3.初始化环境
用户 group user
目录 file
授权 file
#4.启动服务
[root@manager-61 project1]# vim nginx.yml
- hosts: webservers
tasks:
- name: install nginx
yum:
name: nginx
state: present
- name: configure nginx
copy:
src: ./file/nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: 0644
backup: yes
notify: Restart Nginx
- name: systemd nginx
systemd:
name: nginx
state: started
enabled: yes
handlers:
- name: Restart Nginx
systemd:
name: nginx
state: restarted
#4.准备好配置文件中所需要的文件
[root@manager-61 project1]# rsync -avz root@172.16.1.7:/etc/nginx/nginx.conf ./file/nginx.conf.j2
#5.检测语法,并执行.yml文件
[root@manager-61 project1]# ansible-playbook --syntax nginx.yml -i hosts
[root@manager-61 project1]# ansible-playbook -i hosts nginx.yml
案例三、使用ansible-playbook编写LAMP服务
#1.创建一对公钥和私钥
[root@manager-61 project1]#ssh-keygen -C manager@qq.com
[root@manager-61 project1]#ssh-copy-id -i ~/.ssh/id_rsa root@172.16.1.31
[root@manager-61 project1]#ssh-copy-id -i ~/.ssh/id_rsa root@172.16.1.41
[root@manager-61 project1]# ansible all -m ping -i hosts #测试所有主机是否能ping通
#2.配置hosts文件,添加web主机组
[root@manager-61 project1]# vim hosts
[nfsservers]
172.16.1.31
[backupservers]
172.16.1.41
[web:children]
nfsservers
backupservers
#3.编写一个lam.yml 文件
[root@manager-61 project1]# vim lam.yml
- hosts: web
tasks:
- name: Installed Httpd Server
yum:
name: httpd
state: present
- name: Installed PHP Server
yum:
name: php
state: present
- name: Configure Httpd WebSite
get_url:
url: http://fj.xuliangwei.com/public/index.php
dest: /var/www/html/index.php
mode: 0644
- name: Systemd Httpd Server
systemd:
name: httpd
state: started
- name: Systemd Firewalld Server
systemd:
name: firewalld
state: started
- name: Configure Firewalld Rule
firewalld:
service: http
state: enabled
#4.检测语法,并执行.yml文件
[root@manager-61 project1]# ansible-playbook --syntax lamp.yml -i hosts
[root@manager-61 project1]# ansible-playbook -i hosts lamp.yml
案例4:ansilble-playbook编写kodclold网盘服务--Apache版本
#1.创建一对公钥和私钥
[root@manager-61 project1]#ssh-keygen -C manager@qq.com
[root@manager-61 project1]#ssh-copy-id -i ~/.ssh/id_rsa root@172.16.1.31
[root@manager-61 project1]#ssh-copy-id -i ~/.ssh/id_rsa root@172.16.1.41
[root@manager-61 project1]# ansible all -m ping -i hosts #测试所有主机是否能ping通
#2.配置hosts文件,添加web主机组
[root@manager-61 project1]# vim hosts
[nfsservers]
172.16.1.31
[backupservers]
172.16.1.41
[web:children]
nfsservers
backupservers
#3.编写一个kod.yml 文件
[root@manager-61 project1]# vim kod.yml
- hosts: web
tasks:
- name: Installed Httpd Server
yum:
name: httpd
state: present
- name: Installed PHP Server
yum:
name: php
state: present
- name: Get kodcloud Code
synchronize: #同步
src: ./file/kod
dest: /var/www/html/kodcloud
- name: Chomod kodcloud
file:
path: /var/www/html/
owner: root
group: root
mode: 0777
recurse: yes
- name: Systemd Httpd Server
systemd:
name: httpd
state: restarted
#4.准备文件中的文件
[root@manager-61 project1]# mkdir ./file/kod
[root@manager-61 project1]# rz
[root@manager-61 project1]# unzip kodexplorer4.40.zip -d ./file/kod
#5.检测语法,并执行.yml文件
[root@manager-61 project1]# ansible-playbook --syntax kod.yml -i hosts
[root@manager-61 project1]# ansible-playbook kod.yml -i hosts
案例五:Ansible-Playbook-编写KodCloud服务-Nginx版
#1.创建一对公钥和私钥
[root@manager-61 project1]#ssh-keygen -C manager@qq.com
[root@manager-61 project1]#ssh-copy-id -i ~/.ssh/id_rsa root@172.16.1.31
[root@manager-61 project1]#ssh-copy-id -i ~/.ssh/id_rsa root@172.16.1.41
[root@manager-61 project1]# ansible all -m ping -i hosts #测试所有主机是否能ping通
#2.配置hosts文件,添加web主机组
[root@manager-61 project1]# vim hosts
[nfsservers]
172.16.1.31
[backupservers]
172.16.1.41
[web:children]
nfsservers
backupservers
#3.编写一个lnp.yml 文件
[root@manager-61 project1]# cat lnp.yml
- hosts: web
tasks:
#1.配置yum源仓库 nginx PHP
- name: install nginx php repo
yum_repository:
name: nginx
description: nginx repos
baseurl: http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck: no
#2.配置yum源 PHP repo
- name: install php repo
yum_repository:
name: webtatic-php
description: php repos
baseurl: http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck: no
#3.安装nginx和PHP
- name: install nginx and php packages
yum:
name: "{{ packages }}"
vars:
packages:
- nginx
- php71w
- php71w-cli
- php71w-common
- php71w-devel
- php71w-gd
- php71w-fpm
- php71w-opcache
- mod_php71w
#4.创建程序启动的用户身份
- name: create group www
group:
name: www
gid: 666
- name: create user www
user:
name: www
uid: 666
group: www
create_home: no
shell: /sbin/nologin
#5.管理nginx配置文件
- name: configure nginx.conf
copy:
src: ./file/nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: resatrt nginx
#6.管理php-fpm配置文件
- name: configure php-fpm.conf
copy:
src: ./file/www.conf.j2
dest: /etc/php-fpm.d/www.conf
notify: restart php-fpm
#7.添加虚拟主机
- name: add nginx kod.ltc.com
copy:
src: ./file/kod.ltc.com.conf.j2
dest: /etc/nginx/conf.d/kod.ltc.com.conf
notify: restart nginx
- name: Init Nginx BseEnv
file:
path: /code
state: directory
owner: www
group: www
recurse: yes
- name: push kod code
synchronize:
src: ./file/kod
dest: /code/
- name: chmod kod
file:
path: /code
owner: www
group: www
mode: 0777
recurse: yes
- name: systemd nginx
systemd:
name: nginx
state: started
enabled: yes
- name: systemd php
systemd:
name: php-fpm
state: started
enabled: yes
#当nginx或PHP配置文件发生改变时触发重启
handlers:
- name: restart nginx
systemd:
name: nginx
state: restarted
- name: restart php-fpm
systemd:
name: php-fpm
state: restarted
#4.准备playbook中需要的文件
[root@manager-61 project1]# rsync -avz root@172.16.1.7:/etc/nginx/nginx.conf ./file/nginx.conf.j2
[root@manager-61 project1]# rsync -avz root@172.16.1.7:/etc/php-fpm.d/www.conf ./file/www.conf.j2
#5.检测语法,并执行.yml文件
[root@manager-61 project1]# ansible-playbook --syntax lnp.yml -i hosts
[root@manager-61 project1]# ansible-playbook lnp.yml -i hosts
Ansible varialbes
1、什么是变量?
*** 定义:一个固定的字符串表示一个不固定的值。
*** 场景还原:三个地方、三个目录位置,当有一天目录发生变更,难道我们要去逐一 改正?
** ----------->引出-------->设定变量
1.在playbook中定义变量
vars 关键字
[root@manager project1]# cat f2.yml
- hosts: webservers
vars:
- file_name: playbook_vars
tasks:
- name: Create New File
file:
path: /tmp/{{ file_name }}
state: touch
- vars_file 属于一种共享的方式
[root@manager project1]# cat vars_file.yml
web_packages: httpd
ftp_packages: vsftpd
[root@manager project1]# cat f2.yml
- hosts: webservers
vars:
- file_name: playbook_vars
#调用共享vars_file文件,只不过刚好文件名叫vars_file
vars_files: ./vars_file.yml
tasks:
- name: Create New File
file:
path: /tmp/{{ file_name }}
state: touch
- name: Installed Packages {{ web_packages }}
yum:
name: "{{ web_packages }}"
state: present
- 2、在inventory主机清单中定义变量
1、清单文件中直接定义hosts文件定义
[webservers]
172.16.1.7
172.16.1.8
[webservers:vars]
file_name=hostsfile_group_vars
2、创建hosts_vars group_vars 目录
[root@manager project1]# mkdir host_vars #单个主机
[root@manager project1]# mkdir group_vars #主机组
#1.单个主机定义和使用方式 (host_vars能分别对不同的主机定义变量)
[root@manager project1]# cat host_vars/172.16.1.7
host_vars_name: 172.16.1.7
[root@manager project1]# cat host_vars/172.16.1.8
host_vars_name: 172.16.1.8
[root@manager project1]# cat f4.yml
- hosts: webservers
tasks:
- name: Create New File
file:
path: /opt/{{ host_vars_name }}
state: touch
#2、针对主机组定义的方式
#给指定的主机webserver组设定变量,其他组主机无法使用该变量。
[root@manager project1]# vim group_vars/webservers
group_host_vars: webservers
[root@manager project1]# vim f5.yml
- hosts: webservers
tasks:
- name: Create New File {{ group_host_vars }}
file:
path: /opt/{{ group_host_vars }}
state: touch
#3、针对主机组定义的方式 (给所有的主机和主机组设定变量)
[root@manager project1]# vim group_vars/all
group_host_vars: all
[root@manager project1]# vim f5.yml
- hosts: webservers
tasks:
- name: Create New File {{ group_host_vars }}
file:
path: /opt/{{ group_host_vars }}
state: touch
- 3、通过外置传参数定义变量 -e
[root@manager project1]# ansible-playbook -i hosts f6.yml -e "web_vars=123"
-
如果变量冲突???优先级解决。。。
6.定义相同的变量不同的值,测试变量的优先级。操作步骤如下 file_name:
1)在plabook中定义vars变量
2)在playbook中定义vars_files变量
3)在inventory主机定义变量
4)在inventory主机组定义变量
5)在host_vars中定义变量
6)在group_vars中定义变量 组 all组
7)通过执行命令传递变量
优先级测试:
外置传入参数优先级最高 ---> playbook ( vars_files(共享)--->vars(私有) )
---> host_vars --> group_vars/group_name ---> group_vars/all
4、变量注册
[root@manager project1]# cat f8.yml
- hosts: webservers
tasks:
# System_Status=$(netstat -lntp)
- name: Get Network Status
shell: netstat -lntp | grep "nginx"
register: System_Status
# echo "$System_Status"
- name: Debug output Variables
debug:
msg: "{{ System_Status.stdout_lines }}"
5.facts变量?
#1.根据主机的cpu信息,生成不同的配置.
A: 1核心 work_process 1;
B: 2核心 work_process 2;
#2.根据主机名称设定不同配置文件
zabbix_agent
Server: ===> 指向172.16.1.61
Hostname: web01 web02
[root@manager project1]# cat ./file/zabbix_agent.conf.j2
Server={{ zabbix_server_ip }}
ServerActive={{ zabbix_server_ip }}
Hostname={{ ansible_hostname }}
[root@manager project1]# cat f11.yml
- hosts: webservers
vars:
- zabbix_server_ip: 172.16.1.61
tasks:
- name: Configure zabbix-agent.conf
template:
src: ./file/zabbix_agent.conf.j2
dest: /tmp/zabbix-agent.conf
#3.根据主机的内存生成不同的配置文件,memcached
[root@manager project1]# cat f12.yml
- hosts: webservers
tasks:
- name: Installed Memcached Server
yum:
name: memcached
state: present
- name: Configure Memcached Server
template:
src: ./file/memcached.j2
dest: /etc/sysconfig/memcached
notify: Restart Memcached Server
- name: System Memcached Server
systemd:
name: memcached
state: started
enabled: yes
handlers:
- name: Restart Memcached Server
systemd:
name: memcached
state: restarted
[root@manager project1]# cat file/memcached.j2
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="{{ ansible_memtotal_mb //2 }}"
OPTIONS=""
1.根据cpu
2.根据内存
3.根据主机名
4.Redis配置文件 bind本地地址
5.操作系统不统一
变量可以进行运算 + - * //
#1.定义变量
playbook
vars 私有
vars_files 共享
inventory
host_vars
group_vars
group_vars/group_name
group_vars/all
外置传参
-e
#2.测试优先级
在不改变playbook变量的情况下,使用新的值测试.
#3.变量注册register
1.将任务执行的结果存储至特定的变量中
2.可以使用debug模块将变量进行打印输出
python: 字典
json 格式化数据
{
k1: v1
k2: v2
}
#4.facts
[root@manager project1]# cat f13.yml
- hosts: webservers
tasks:
- name: RANDOM
shell: echo "$RANDOM"
register: System_SJ
- name: Debug
debug:
msg: "web_{{ System_SJ.stdout }}"
#1.提取facts变量中的IP地址 mac地址 UUID 等等 只要唯一
ansible_default_ipv4.address
[root@manager project1]# cat f14.yml
- hosts: webservers
tasks:
- name: Debug
debug:
msg: "web_{{ ansible_default_ipv4.address }}"
Ansible 流程控制
8.判断语句
- 1.centos和ubuntu系统都需要安装httpd, 判断系统.
- 2.安装软件仓库,只有web组的安装webtatic其他的主机全部跳过.
- 3.TASK任务, TASK1任务执行成功,才会执行TASK2
#根据不同的系统,安装不同的服务
- hosts: webservers
tasks:
- name: CentOS Installed Httpd Server
yum:
name: httpd
state: present
when: ( ansible_distribution == "CentOS" )
- name: Ubuntu Installed Httpd Server
yum:
name: httpd2
state: present
when: ( ansible_distribution == "Ubuntu" )
[root@manager project1]# cat f16.yml
- hosts: all
tasks:
- name: Add Nginx Yum Repository
yum_repository:
name: nginx
description: Nginx Repository
baseurl: http://nginx.org/packages/centos/7/$basearch/
when: ( ansible_hostname is match ("web*"))
[root@manager project1]# cat f17.yml
- hosts: webservers
tasks:
- name: Check Httpd Server
command: systemctl is-active httpd
register: Check_Httpd
ignore_errors: yes
#判断Check_Httpd.rc是否等于0,如果为0则执行任务,否则不执行
- name: Restart Httpd Server
systemd:
name: httpd
state: restarted
when: ( Check_Httpd.rc == 0 )
9、循环语句
#一次启动多个服务
[root@manager project1]# cat f18.yml
- hosts: webservers
tasks:
- name: Systemd Nginx Status
systemd:
name: "{{ item }}" #调用的变量也不变,也是固定
state: started
#固定的语法格式
with_items:
- nginx
- php-fpm
#一次拷贝多个文件
[root@manager project1]# cat f19.yml
- hosts: webservers
tasks:
- name: Configure nginx.conf
copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
with_items:
- { src: ./file/nginx.conf.j2, dest: /etc/nginx/nginx.conf, mode: '0644' }
- { src: ./file/kold.oldxu.com.conf.j2, dest: /etc/nginx/conf.d/kold.oldxu.com.conf, mode: '0600' }
#创建多个用户,一次创建多个? 3个用户 TASK
[root@manager project1]# cat f20.yml
- hosts: webservers
tasks:
- name: Create User
user:
name: "{{ item }}"
with_items:
- test1
- test2
- test3
- test4
#1.创建tt1 --> bin tt2 -->root tt3 --->adm 附加组
[root@manager project1]# cat f20.yml
- hosts: webservers
tasks:
- name: Create User
user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
with_items:
- { name: tt1, groups: bin }
- { name: tt2, groups: root }
- { name: tt3, groups: adm }
1.标准循环 --->居多
item
with_items:
- test
2.字典循环: --->居多
itme.name
with_items:
- { name: test }
3.变量循环
- hosts: webservers
tasks:
- name: ensure a list of packages installed
yum: name={{ packages }} state=present
vars:
packages:
- httpd
- httpd-tools
10.handlers
[root@manager project1]# cat f22.yml
- hosts: webservers
tasks:
- name: Installed Nginx and PHP Packages
yum:
name: nginx
state: present
- name: Configure nginx.conf
template:
src: ./file/nginx.conf.j2
dest: /etc/nginx/nginx.conf
#监控-->changed状态-->通知-->handlers--->name-->Restart Nginx Server
notify: Restart Nginx Server
#notify:
# - Restart Nginx Server
# - Restart php Server
- name: Systemd Nginx Server
systemd:
name: nginx
state: started
enabled: yes
#当nginx或php配置文件发生变更才会触发此操作
handlers:
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
#3.handlers注意事项
1.无论多少个task通知了相同的handlers,handlers仅会在所有tasks结束后运行一次。
2.只有task发生改变了才会通知handlers,没有改变则不会触发handlers.
3.不能使用handlers替代tasks、因为handlers是一个特殊的tasks。