目录
十五、ansible介绍
十六、ansible安装
十七、ansible远程执行命令
十八、ansible拷贝文件或目录
十九、ansible远程执行脚本
二十、ansible管理任务计划
二十一、ansible安装包和管理服务
二十二、使用ansible playbook
二十三、playbook里的变量
二十四、playbook循环
二十五、playbook中的条件判断
二十六、playbook中的handlers
二十七、用playbook安装nginx
二十八、playbook管理配置文件
十五、ansible介绍
不需要安装客户端,通过sshd去通信
基于模块工作,模块可以由任何语言开发
不仅支持命令行使用模块,也支持编写yaml格式的playbook,易于编写和阅读
安装十分简单,centos上可直接yum安装
有提供UI(浏览器图形化)www.ansible.com/tower,收费的
官方文档 http://docs.ansible.com/ansible/latest/index.html
ansible已经被redhat公司收购,它在github上是一个非常受欢迎的开源软件,github地址https://github.com/ansible/ansible
一本不错的入门电子书 https://ansible-book.gitbooks.io/ansible-first-book/
十六、ansible安装
准备两台机器,前面我们做实验的两台机器minglinux-01,minglinux-02
只需要在minglinux-01上安装ansible
yum list |grep ansible 可以看到自带源里就有ansible
yum install -y ansible
minglinux-01上生成密钥对 ssh-keygen -t rsa
把公钥放到minglinux-02上,设置密钥认证
同时对本机也设置密钥认证
vim /etc/ansible/hosts //增加
[testhost]
127.0.0.1
192.168.162.132
说明: testhost为主机组名字,自定义的。 下面两个ip为组内的机器ip。
[root@minglinux-01 /srv/salt] yum list |grep ansible |head -2
ansible.noarch 2.7.8-1.el7 @epel
ansible-doc.noarch 2.7.8-1.el7 @epel
[root@minglinux-01 /srv/salt] yum install -y ansible ansible-doc
#查看minglinux-01上生成的公钥,进行设置密钥认证
[root@minglinux-01 /srv/salt] ls /root/.ssh/
authorized_keys id_rsa id_rsa.pub known_hosts
[root@minglinux-01 /srv/salt] cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLqBZ25bFoIDOLbZxWH54H2VWnkTXKf7lDC9vdCBN9C7ryA4Rb+iTp9Lzk1AJxy++Zu97nndhACxdLPLs0A4j90yoXBkZ07QNZl2PGqWFZB0mMMvwG24MUsYk+3POG1n+nY4l6J7U//XVJWHfic+WD/1+Y2mLo+zWALTHA2pV/ebcuRxE5AIWAbzTas3vSDbkHgcDEQxMJRa+nltVOald+wt4O/H1Ic8nbbwPbAvJlotxm3x59D8ul8HnmOiT4FqzngIOoijjUmyouUFJzCIQf+UZKgA1GiXDZ1ap5wq1PMp8XFJpUuuF+nVs5M86TBJ54kxD4eq+bDAJ4jOUR2s57 root@minglinux-01
#对本机设置密钥认证
[root@minglinux-01 ~] cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
[root@minglinux-01 ~] cat .ssh/authorized_keys
···
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLqBZ25bFoIDOLbZxWH54H2VWnkTXKf7lDC9vdCBN9C7ryA4Rb+iTp9Lzk1AJxy++Zu97nndhACxdLPLs0A4j90yoXBkZ07QNZl2PGqWFZB0mMMvwG24MUsYk+3POG1n+nY4l6J7U//XVJWHfic+WD/1+Y2mLo+zWALTHA2pV/ebcuRxE5AIWAbzTas3vSDbkHgcDEQxMJRa+nltVOald+wt4O/H1Ic8nbbwPbAvJlotxm3x59D8ul8HnmOiT4FqzngIOoijjUmyouUFJzCIQf+UZKgA1GiXDZ1ap5wq1PMp8XFJpUuuF+nVs5M86TBJ54kxD4eq+bDAJ4jOUR2s57 root@minglinux-01
[root@minglinux-01 ~] ssh minglinux-01
Last login: Tue Mar 12 16:35:13 2019 from minglinux-01
[root@minglinux-01 ~] w
19:59:20 up 6:27, 2 users, load average: 0.00, 0.02, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.162.1 13:34 0.00s 0.91s 0.02s ssh minglinux-01
root pts/1 minglinux-01 19:59 0.00s 0.05s 0.01s w
#设置minglinux-02的密钥认证
[root@minglinux-02 ~] cat /root/.ssh/authorized_keys
···
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLqBZ25bFoIDOLbZxWH54H2VWnkTXKf7lDC9vdCBN9C7ryA4Rb+iTp9Lzk1AJxy++Zu97nndhACxdLPLs0A4j90yoXBkZ07QNZl2PGqWFZB0mMMvwG24MUsYk+3POG1n+nY4l6J7U//XVJWHfic+WD/1+Y2mLo+zWALTHA2pV/ebcuRxE5AIWAbzTas3vSDbkHgcDEQxMJRa+nltVOald+wt4O/H1Ic8nbbwPbAvJlotxm3x59D8ul8HnmOiT4FqzngIOoijjUmyouUFJzCIQf+UZKgA1GiXDZ1ap5wq1PMp8XFJpUuuF+nVs5M86TBJ54kxD4eq+bDAJ4jOUR2s57 root@minglinux-01
[root@minglinux-01 /srv/salt] ssh minglinux-02
Last login: Tue Mar 12 16:35:26 2019 from minglinux-01
#设置主机组
[root@minglinux-01 ~] vim /etc/ansible/hosts
#写入以下内容
25 [testhost]
26 127.0.0.1
27 minglinux-02
#testhost为自定义主机组名字。 下面两个ip为组内的机器ip。
十七、ansible远程执行命令
ansible testhost -m command -a 'w'
这样就可以批量执行命令了。这里的testhost 为主机组名,-m后边是模块名字,-a后面是命令。当然我们也可以直接写一个ip,针对某一台机器来执行命令。
ansible 127.0.0.1 -m command -a 'hostname'
错误: "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"
解决: yum install -y libselinux-python
还有一个模块就是shell同样也可以实现
ansible testhost -m shell -a 'w'
[root@minglinux-01 ~] ansible testhost -m command -a 'w'
127.0.0.1 | CHANGED | rc=0 >>
21:47:32 up 8:15, 2 users, load average: 0.03, 0.06, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.162.1 13:34 4.00s 3.72s 0.01s ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/1ad903f8ab -tt 192.168.162.132 /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1552398450.92-236475746352593/AnsiballZ_command.py && sleep 0'
root pts/3 localhost 21:47 1.00s 0.29s 0.02s w
192.168.162.132 | CHANGED | rc=0 >>
21:47:59 up 8:15, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.162.1 21:34 ? 0.17s 0.17s -bash
root pts/1 minglinux-01 21:47 1.00s 0.44s 0.01s w
[root@minglinux-01 ~] ansible testhost -m command -a 'hostname'
127.0.0.1 | CHANGED | rc=0 >>
minglinux-01
192.168.162.132 | CHANGED | rc=0 >>
minglinux-02
#仅针对一台机器
[root@minglinux-01 ~] ansible minglinux-02 -m command -a 'hostname'
minglinux-02 | CHANGED | rc=0 >>
minglinux-02
# 还有一个模块就是shell同样也可以实现
[root@minglinux-01 ~] ansible testhost -m shell -a 'hostname'
192.168.162.132 | CHANGED | rc=0 >>
minglinux-02
127.0.0.1 | CHANGED | rc=0 >>
minglinux-01
十八、ansible拷贝文件或目录
ansible minglinux-02 -m copy -a "src=/etc/ansible dest=/tmp/ansible_test owner=root group=root mode=0755"
注意:源目录会放到目标目录下面去,如果目标指定的目录不存在,它会自动创建。如果拷贝的是文件,dest指定的名字和源如果不同,并且它不是已经存在的目录,相当于拷贝过去后又重命名。但相反,如果desc是目标机器上已经存在的目录,则会直接把文件拷贝到该目录下面。
ansible testhost -m copy -a "src=/etc/passwd dest=/tmp/123"
这里的/tmp/123和源机器上的/etc/passwd是一致的,但如果目标机器上已经有/tmp/123目录,则会再/tmp/123目录下面建立passwd文件
#对目录的操作
[root@minglinux-01 ~] ansible minglinux-02 -m copy -a "src=/etc/ansible dest=/tmp/ansible_test owner=root group=root mode=0755"
minglinux-02 | CHANGED => {
"changed": true,
"dest": "/tmp/ansible_test/",
"src": "/etc/ansible"
}
#minglinux-02可以看到目标目录被创建且源目录在目标目录下面
[root@minglinux-02 ~] ls -l /tmp/ansible_test
总用量 0
drwxr-xr-x 3 root root 51 3月 12 22:08 ansible
#对文件的操作
[root@minglinux-01 ~] ansible minglinux-02 -m copy -a "src=/etc/passwd dest=/tmp/123"
[root@minglinux-02 ~] ls -l /tmp/123/passwd
-rw-r--r-- 1 root root 1754 3月 12 22:15 /tmp/123/passwd
#因为目标机器上已经有/tmp/123目录,则会在/tmp/123目录下面建立passwd文件
[root@minglinux-01 ~] ansible minglinux-02 -m copy -a "src=/etc/passwd dest=/tmp/1.txt"
[root@minglinux-02 ~] ls -l /tmp/1.txt
-rw-r--r-- 1 root root 1754 3月 12 22:19 /tmp/1.txt
#这里1.txt就是passwd文件
#操作时要看src和dest是文件还是目录
十九、ansible远程执行脚本
首先创建一个shell脚本
vim /tmp/1.sh //加入内容
#!/bin/bash
echo `date` > /tmp/ansible_test.txt
然后把该脚本分发到各个机器上
ansible testhost -m copy -a "src=/tmp/1.sh dest=/tmp/1.sh mode=0755"
最后是批量执行该shell脚本
ansible testhost -m shell -a "/tmp/1.sh"
shell模块,还支持远程执行命令并且带管道
ansible testhost -m shell -a "cat /etc/passwd|wc -l "
[root@minglinux-01 ~] vim /tmp/1.sh
#脚本内容如下
1 #!/bin/bash
2 echo `date` > /tmp/ansible_test.txt
#把该脚本分发到各个机器上
[root@minglinux-01 ~] ansible testhost -m copy -a "src=/tmp/1.sh dest=/tmp/test.sh mode=0755"
minglinux-02 | CHANGED => {
"changed": true,
"checksum": "8b98a2723b00c97e5e8bee4625a90f17925bee43",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "fff8aec86bb38a5bf14d5a878664abc0",
"mode": "0755",
"owner": "root",
"size": 51,
"src": "/root/.ansible/tmp/ansible-tmp-1552400956.53-228457569305656/source",
"state": "file",
"uid": 0
}
127.0.0.1 | CHANGED => {
"changed": true,
"checksum": "8b98a2723b00c97e5e8bee4625a90f17925bee43",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "fff8aec86bb38a5bf14d5a878664abc0",
"mode": "0755",
"owner": "root",
"size": 51,
"src": "/root/.ansible/tmp/ansible-tmp-1552400956.51-98771450695458/source",
"state": "file",
"uid": 0
}
[root@minglinux-01 ~] ls /tmp/test.sh
/tmp/test.sh
[root@minglinux-01 ~] cat !$
cat /tmp/test.sh
#!/bin/bash
echo `date` > /tmp/ansible_test.txt
#批量执行该shell脚本
[root@minglinux-01 ~] ansible testhost -m shell -a "/tmp/test.sh"
minglinux-02 | CHANGED | rc=0 >>
127.0.0.1 | CHANGED | rc=0 >>
#脚本远程执行成功
[root@minglinux-01 ~] ls /tmp/ansible_test.txt
/tmp/ansible_test.txt
[root@minglinux-01 ~] cat !$
cat /tmp/ansible_test.txt
2019年 03月 12日 星期二 22:31:47 CST
[root@minglinux-02 ~] ls /tmp/ansible_test.txt
/tmp/ansible_test.txt
[root@minglinux-02 ~] cat !$
cat /tmp/ansible_test.txt
2019年 03月 12日 星期二 22:32:14 CST
#shell模块,还支持远程执行命令并且带管道,而command模块是不支持带管道的
[root@minglinux-01 ~] ansible testhost -m shell -a "cat /etc/passwd|wc -l"
minglinux-02 | CHANGED | rc=0 >>
30
127.0.0.1 | CHANGED | rc=0 >>
36
[root@minglinux-01 ~] ansible testhost -m command -a "cat /etc/passwd|wc -l"
minglinux-02 | FAILED | rc=1 >>
cat:无效选项 -- l
Try 'cat --help' for more information.non-zero return code
127.0.0.1 | FAILED | rc=1 >>
cat:无效选项 -- l
Try 'cat --help' for more information.non-zero return code
二十、ansible管理任务计划
ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/1212.txt' weekday=6"
若要删除该cron 只需要加一个字段 state=absent
ansible testhost -m cron -a "name='test cron' state=absent"
其他的时间表示:分钟 minute 小时 hour 日期 day 月份 month
#使用cron模块创建计划任务
[root@minglinux-01 ~] ansible minglinux-02 -m cron -a "name='test cron' job='/bin/touch /tmp/121.txt' weekday=6"
minglinux-02 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
#查看任务计划
[root@minglinux-02 ~] crontab -l
# Lines below here are managed by Salt, do not edit
#Ansible: test cron
* * * * 6 /bin/touch /tmp/121.txt
#删除任务计划
[root@minglinux-01 ~] ansible minglinux-02 -m cron -a "name='test cron' state=absent"
minglinux-02 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}
#再次查看任务计划
[root@minglinux-02 ~] crontab -l
# Lines below here are managed by Salt, do not edit
[root@minglinux-02 ~] crontab -e #把那行给删除了
crontab: installing new crontab
[root@minglinux-02 ~] crontab -l
#crontab文件中的内容不要手动更改,否则会导致使用ansible无法继续操作
二十一、ansible安装包和管理服务
ansible testhost -m yum -a "name=httpd"
在name后面还可以加上state=installed/removed
ansible testhost -m service -a "name=httpd state=started enabled=yes"
这里的name是centos系统里的服务名,可以通过chkconfig --list查到。
Ansible文档的使用
ansible-doc -l 列出所有的模块
ansible-doc cron 查看指定模块的文档
#因为02机器已经安装了httpd,所以这里先执行卸载命令
[root@minglinux-01 ~] ansible minglinux-02 -m yum -a "name=httpd state=removed"
[root@minglinux-02 ~] rpm -qa httpd
#重新安装,耗时可能较久
[root@minglinux-01 ~] ansible minglinux-02 -m yum -a "name=httpd state=installed"
[root@minglinux-02 ~] rpm -qa httpd
httpd-2.4.6-88.el7.centos.x86_64
#远程启动httpd
[root@minglinux-01 ~] ansible minglinux-02 -m service -a "name=httpd state=started enabled=no"
[root@minglinux-02 ~] ps aux |grep httpd
root 17984 0.1 0.2 224052 5004 ? Ss 23:16 0:00 /usr/sbin/httpd -DFOREGROUND
apache 17985 0.0 0.1 224052 2952 ? S 23:16 0:00 /usr/sbin/httpd -DFOREGROUND
apache 17986 0.0 0.1 224052 2952 ? S 23:16 0:00 /usr/sbin/httpd -DFOREGROUND
apache 17987 0.0 0.1 224052 2952 ? S 23:16 0:00 /usr/sbin/httpd -DFOREGROUND
apache 17988 0.0 0.1 224052 2952 ? S 23:16 0:00 /usr/sbin/httpd -DFOREGROUND
apache 17989 0.0 0.1 224052 2952 ? S 23:16 0:00 /usr/sbin/httpd -DFOREGROUND
root 18017 0.0 0.0 112720 984 pts/0 S+ 23:17 0:00 grep --color=auto httpd
#Ansible文档的使用
[root@minglinux-01 ~] ansible-doc -l #列出所有的模块
[root@minglinux-01 ~] ansible-doc cron #查看指定模块的文档
[root@minglinux-01 ~] ansible-doc shell
二十二、使用ansible playbook
相当于把模块写入到配置文件里面,例:
vi /etc/ansible/test.yml //加入如下内容
---
- hosts: minglinux-02
remote_user: root
tasks:
- name: test_playbook
shell: touch /tmp/hello.txt
说明: 第一行需要有三个杠,hosts参数指定了对哪些主机进行参作,如果是多台机器可以用逗号作为分隔,也可以使用主机组,在/etc/ansible/hosts里定义;
user参数指定了使用什么用户登录远程主机操作;
tasks指定了一个任务,其下面的name参数同样是对任务的描述,在执行过程中会打印出来,shell是ansible模块名字
执行:ansible-playbook test.yml
[root@minglinux-01 ~] vim /etc/ansible/test.yml
1 ---
2 - hosts: minglinux-02
3 remote_user: root
4 tasks:
5 - name: test_playbook
6 shell: touch /tmp/hello.txt
#执行
[root@minglinux-01 ~] ansible-playbook /etc/ansible/test.yml
_____________________
< PLAY [minglinux-02] >
---------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [minglinux-02]
______________________
< TASK [test_playbook] >
----------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need
to use command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [minglinux-02]
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
minglinux-02 : ok=2 changed=1 unreachable=0 failed=0
[root@minglinux-02 ~] ls /tmp/hello.txt
/tmp/hello.txt #有了
[root@minglinux-02 ~] ll !$
ll /tmp/hello.txt
-rw-r--r-- 1 root root 0 3月 12 23:36 /tmp/hello.txt
二十三、playbook里的变量
再来一个创建用户的例子:
vi /etc/ansible/create_user.yml //加入如下内容
---
- name: create_user
hosts: minglinux-02
user: root
gather_facts: false
vars:
- user: "test"
tasks:
- name: create user
user: name="{{ user }}"
说明:name参数对该playbook实现的功能做一个概述,后面执行过程中,会打印 name变量的值 ,可以省略;gather_facts参数指定了在以下任务部分执行前,是否先执行setup模块获取主机相关信息,这在后面的task会使用到setup获取的信息时用到;vars参数,指定了变量,这里指字一个user变量,其值为test ,需要注意的是,变量值一定要用引号引住;user提定了调用user模块,name是user模块里的一个参数,而增加的用户名字调用了上面user变量的值。
[root@minglinux-01 ~] vim /etc/ansible/create_user.yml
#加入如下内容
1 ---
2 - name: create_user
3 hosts: minglinux-02
4 user: root
5 gather_facts: false
6 vars:
7 - user: "test"
8 tasks:
9 - name: create user
10 user: name="{{ user }}"
[root@minglinux-01 ~] ansible-playbook /etc/ansible/create_user.yml
____________________
< PLAY [create_user] >
--------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
____________________
< TASK [create user] >
--------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
minglinux-02 : ok=1 changed=1 unreachable=0 failed=0
#查看创建的用户
[root@minglinux-02 ~] id test
uid=1002(test) gid=1002(test) 组=1002(test)
#如果用户已创建,运行该操作是changed=0
[root@minglinux-01 ~] ansible-playbook /etc/ansible/create_user.yml
···
minglinux-02 : ok=1 changed=0 unreachable=0 failed=0
二十四、playbook循环
vi /etc/ansible/while.yml //加入如下内容
---
- hosts: testhost
user: root
tasks:
- name: change mode for files
file: path=/tmp/{{ item }} mode=600
with_items:
- 1.txt
- 2.txt
- 3.txt
说明: with_items为循环的对象
执行 ansible-playbook while.yml
[root@minglinux-01 ~] vim /etc/ansible/while.yml
#加入如下内容,创建文件并改权限,循环三次
1 ---
2 - hosts: minglinux-02
3 user: root
4 tasks:
5 - name: change mode for files
6 file: path=/tmp/{{ item }} state=touch mode=600
7 with_items:
8 - 1.txt
9 - 2.txt
10 - 3.txt
#执行
[root@minglinux-01 ~] ansible-playbook /etc/ansible/while.yml
_____________________
< PLAY [minglinux-02] >
---------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [minglinux-02]
______________________________
< TASK [change mode for files] >
------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02] => (item=1.txt)
changed: [minglinux-02] => (item=2.txt)
changed: [minglinux-02] => (item=3.txt)
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
minglinux-02 : ok=2 changed=1 unreachable=0 failed=0
#禁用Gathering Facts效率更高
[root@minglinux-02 ~] ll /tmp/*.txt
-rw-r--r-- 1 root root 0 3月 12 23:55 /tmp/111.txt
-rw-r--r-- 1 root root 1754 3月 12 23:47 /tmp/123.txt
-rw------- 1 root root 0 3月 13 00:17 /tmp/1.txt
-rw------- 1 root root 0 3月 13 00:17 /tmp/2.txt
-rw------- 1 root root 0 3月 13 00:17 /tmp/3.txt
-rw-r--r-- 1 root root 43 3月 12 22:32 /tmp/ansible_test.txt
-rw-r--r-- 1 root root 0 3月 12 23:36 /tmp/hello.txt
二十五、playbook中的条件判断
vi /etc/ansible/when.yml //加入如下内容
---
- hosts: minglinux-02
user: root
gather_facts: True
tasks:
- name: use when
shell: touch /tmp/when.txt
when: ansible_ens33.ipv4.address == "192.168.162.132“
说明:ansible aming-02 -m setup 可以查看到所有的facter信息
[root@minglinux-01 ~] vim /etc/ansible/when.yml
1 ---
2 - hosts: minglinux-02
3 user: root
4 gather_facts: True
5 tasks:
6 - name: use when
7 shell: touch /tmp/when.txt
8 when: ansible_ens33.ipv4.address == "192.168.162.132" #条件选择,只有02机器才会执行
#执行
[root@minglinux-01 ~] ansible minglinux-02 -m setup #可以查看到所有的facter信息
[root@minglinux-01 ~] ansible-playbook /etc/ansible/when.yml
_____________________
< PLAY [minglinux-02] >
---------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [minglinux-02]
_________________
< TASK [use when] >
-----------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need
to use command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [minglinux-02]
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
minglinux-02 : ok=2 changed=1 unreachable=0 failed=0
#查看文件
[root@minglinux-02 ~] ls /tmp/when.txt
/tmp/when.txt
[root@minglinux-02 ~] ll !$
ll /tmp/when.txt
-rw-r--r-- 1 root root 0 3月 13 00:38 /tmp/when.txt
二十六、playbook中的handlers
执行task之后,服务器发生变化之后要执行的一些操作,比如我们修改了配置文件后,需要重启一下服务
vi /etc/ansible/handlers.yml//加入如下内容
---
- name: handlers test
hosts: minglinux-02
user: root
tasks:
- name: copy file
copy: src=/etc/passwd dest=/tmp/aaa.txt
notify: test handlers
handlers:
- name: test handlers
shell: echo "111111" >> /tmp/aaa.txt
说明,只有copy模块真正执行后,才会去调用下面的handlers相关的操作。这种比较适合配置文件发生更改后,重启服务的操作。
[root@minglinux-01 ~] vim /etc/ansible/handlers.yml
#写入以下内容
1 ---
2 - name: handlers test
3 hosts: minglinux-02
4 user: root
5 tasks:
6 - name: copy file
7 copy: src=/etc/passwd dest=/tmp/aaa.txt
8 notify: test handlers
9 handlers:
10 - name: test handlers
11 shell: echo "111111" >> /tmp/aaa.txt
#执行
[root@minglinux-01 ~] ansible-playbook /etc/ansible/handlers.yml
______________________
< PLAY [handlers test] >
----------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [minglinux-02]
__________________
< TASK [copy file] >
------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
_________________________________
< RUNNING HANDLER [test handlers] >
---------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
minglinux-02 : ok=3 changed=2 unreachable=0 failed=0
#查看执行后效果
[root@minglinux-02 ~] ls /tmp/aaa.txt
/tmp/aaa.txt
[root@minglinux-02 ~] cat /tmp/aaa.txt | tail -5
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
zabbix:x:998:995:Zabbix Monitoring System:/var/lib/zabbix:/sbin/nologin
memcached:x:997:994:Memcached daemon:/run/memcached:/sbin/nologin
mongod:x:996:993:mongod:/var/lib/mongo:/bin/false
111111
二十七、用playbook安装nginx
- playbook实战-nginx安装1
思路:先在一台机器上编译安装好nginx、打包,然后再用ansible去下发
cd /etc/ansible 进入ansible配置文件目录
mkdir nginx_install 创建一个nginx_install的目录,方便管理
cd nginx_install
mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars}
说明:roles目录下有两个角色,common为一些准备操作,install为安装nginx的操作。每个角色下面又有几个目录,handlers下面是当发生改变时要执行的操作,通常用在配置文件发生改变,重启服务。files为安装时用到的一些文件,meta为说明信息,说明角色依赖等信息,tasks里面是核心的配置文件,templates通常存一些配置文件,启动脚本等模板文件,vars下为定义的变量
[root@minglinux-01 ~] cd /etc/ansible
[root@minglinux-01 /etc/ansible] mkdir nginx_install
[root@minglinux-01 /etc/ansible] cd nginx_install/
[root@minglinux-01 /etc/ansible/nginx_install] mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars}
[root@minglinux-01 /etc/ansible/nginx_install] ls
roles
[root@minglinux-01 /etc/ansible/nginx_install] ls roles/
common install
[root@minglinux-01 /etc/ansible/nginx_install] ls roles/common/
files handlers meta tasks templates vars
[root@minglinux-01 /etc/ansible/nginx_install] ls roles/install/
files handlers meta tasks templates vars
- playbook实战-nginx安装2
需要事先准备好安装用到的文件,具体如下:
在一台机器上事先编译安装好nginx,配置好启动脚本,配置好配置文件
安装好后,我们需要把nginx目录打包,并放到/etc/ansible/nginx_install/roles/install/files/下面,名字为nginx.tar.gz
启动脚本、配置文件都要放到/etc/ansible/nginx_install/roles/install/templates下面
cd /etc/ansible/nginx_install/roles
定义common的tasks,nginx是需要一些依赖包的
vim ./common/tasks/main.yml //内容如下
- name: Install initializtion require software
yum: name={{ item }} state=installed
with_items:
- zlib-devel
- pcre-devel
[root@minglinux-01 /etc/ansible/nginx_install] ls /usr/local/nginx/ #nginx目录
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@minglinux-01 /etc/ansible/nginx_install] ls /etc/init.d/nginx #启动脚本
/etc/init.d/nginx
[root@minglinux-01 /etc/ansible/nginx_install] ls /usr/local/nginx/conf/nginx.conf #配置文件
/usr/local/nginx/conf/nginx.conf
#把nginx目录打包
[root@minglinux-01 /usr/local] tar czvf nginx.tar.gz --exclude "nginx.conf" --exclude "vhost" nginx/
[root@minglinux-01 /usr/local] mv nginx.tar.gz /etc/ansible/nginx_install/roles/install/files/
[root@minglinux-01 /usr/local] cp nginx/conf/nginx.conf /etc/ansible/nginx_install/roles/install/templates/
[root@minglinux-01 /usr/local] cp /etc/init.d/nginx /etc/ansible/nginx_install/roles/install/templates/
#定义common的tasks,安装nginx需要的一些依赖包
[root@minglinux-01 /usr/local] cd /etc/ansible/nginx_install/roles
[root@minglinux-01 ~] vim /etc/ansible/nginx_install/roles/common/tasks/main.yml
#写入以下内容
1 - name: Install initializtion require software
2 yum: name={{ item }} state=installed
3 with_items:
4 - zlib-devel
5 - pcre-devel
- playbook实战-nginx安装3
定义变量
vim /etc/ansible/nginx_install/roles/install/vars/main.yml //内容如下
nginx_user: www
nginx_port: 80
nginx_basedir: /usr/local/nginx
首先要把所有用到的文档拷贝到目标机器
vim /etc/ansible/nginx_install/roles/install/tasks/copy.yml //内容如下
- name: Copy Nginx Software
copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root
- name: Uncompression Nginx Software
shell: tar zxf /tmp/nginx.tar.gz -C /usr/local/
- name: Copy Nginx Start Script
template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755
- name: Copy Nginx Config
template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root mode=0644
#定义一些变量
[root@minglinux-01 ~] vim /etc/ansible/nginx_install/roles/install/vars/main.yml
#内容如下
1 nginx_user: www
2 nginx_port: 80
3 nginx_basedir: /usr/local/nginx
#创建配置文件用于拷贝文件到目标机器
[root@minglinux-01 ~] vim /etc/ansible/nginx_install/roles/install/tasks/copy.yml
#内容如下
1 - name: Copy Nginx Software
2 copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root
3 - name: Uncompression Nginx Software
4 shell: tar zxf /tmp/nginx.tar.gz -C /usr/local/
5 - name: Copy Nginx Start Script
6 template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755
7 - name: Copy Nginx Config
8 template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root mode=0644
#src=nginx和src=nginx.conf去template里找文件
- playbook实战-nginx安装4
接下来会建立用户,启动服务,删除压缩包
vim /etc/ansible/nginx_install/roles/install/tasks/install.yml //内容如下
- name: Create Nginx User
user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin
- name: Start Nginx Service
shell: /etc/init.d/nginx start
- name: Add Boot Start Nginx Service
shell: chkconfig --level 345 nginx on
- name: Delete Nginx compression files
shell: rm -rf /tmp/nginx.tar.gz
#用于建立用户,启动服务,删除压缩包的配置文件
[root@minglinux-01 ~] vim /etc/ansible/nginx_install/roles/install/tasks/install.yml
#内容如下
1 - name: Create Nginx User
2 user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin
3 - name: Start Nginx Service
4 shell: /etc/init.d/nginx start
5 - name: Add Boot Start Nginx Service
6 shell: chkconfig --level 345 nginx on
7 - name: Delete Nginx compression files
8 shell: rm -rf /tmp/nginx.tar.gz
- playbook实战-nginx安装5
再创建main.yml把copy和install调用
vim /etc/ansible/nginx_install/roles/install/tasks/main.yml //内容如下
- include: copy.yml
- include: install.yml
到此两个roles:common和install就定义完成了,接下来要定义一个入口配置文件
vim /etc/ansible/nginx_install/install.yml //内容如下
---
- hosts: minglinux-02
remote_user: root
gather_facts: True
roles:
- common
- install
执行: ansible-playbook /etc/ansible/nginx_install/install.yml
#创建main.yml把copy和install调用
[root@minglinux-01 ~] ls /etc/ansible/nginx_install/roles/install/tasks
copy.yml install.yml
[root@minglinux-01 ~] vim /etc/ansible/nginx_install/roles/install/tasks/main.yml
#内容如下
1 - include: copy.yml
2 - include: install.yml
#定义总入口配置文件
[root@minglinux-01 ~] vim /etc/ansible/nginx_install/install.yml
#内容如下
1 ---
2 - hosts: minglinux-02
3 remote_user: root
4 gather_facts: True
5 roles:
6 - common
7 - install
#执行,目标机器上先yum remove nginx
[root@minglinux-02 /usr/share/nginx/html] yum remove nginx
[root@minglinux-01 ~] ansible-playbook /etc/ansible/nginx_install/install.yml
_____________________
< PLAY [minglinux-02] >
---------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [minglinux-02]
________________________________________________________
< TASK [common : Install initializtion require software] >
--------------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated.
Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name:
['zlib-devel', 'pcre-devel']` and remove the loop. This feature will be removed in version 2.11.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ok: [minglinux-02] => (item=[u'zlib-devel', u'pcre-devel'])
______________________________________
< TASK [install : Copy Nginx Software] >
--------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
_______________________________________________
< TASK [install : Uncompression Nginx Software] >
-----------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you need to use command
because unarchive is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [minglinux-02]
__________________________________________
< TASK [install : Copy Nginx Start Script] >
------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
____________________________________
< TASK [install : Copy Nginx Config] >
------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
____________________________________
< TASK [install : Create Nginx User] >
------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
______________________________________
< TASK [install : Start Nginx Service] >
--------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
_______________________________________________
< TASK [install : Add Boot Start Nginx Service] >
-----------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
_________________________________________________
< TASK [install : Delete Nginx compression files] >
-------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
[WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you need to
use command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [minglinux-02]
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
minglinux-02 : ok=10 changed=8 unreachable=0 failed=0
#minglinux-02上查看进程
[root@minglinux-02 /usr/share/nginx/html] ps aux|grep nginx
root 6729 0.0 0.0 45928 1096 ? Ss 03:19 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 6730 0.0 0.2 48416 3740 ? S 03:19 0:00 nginx: worker process
nobody 6731 0.0 0.2 48416 3740 ? S 03:19 0:00 nginx: worker process
root 7051 0.0 0.0 112720 980 pts/0 S+ 03:22 0:00 grep --color=auto nginx
二十八、playbook管理配置文件
- playbook管理配置文件1
生产环境中大多时候是需要管理配置文件的,安装软件包只是在初始化环境的时候用一下。下面我们来写个管理nginx配置文件的playbook
mkdir -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks}
其中new为更新时用到的,old为回滚时用到的,files下面为nginx.conf和vhosts目录,handlers为重启nginx服务的命令
关于回滚,需要在执行playbook之前先备份一下旧的配置,所以对于老配置文件的管理一定要严格,千万不能随便去修改线上机器的配置,并且要保证new/files下面的配置和线上的配置一致
先把nginx.conf和vhosts目录放到files目录下面
cd /usr/local/nginx/conf/
cp -r nginx.conf vhost /etc/ansible/nginx_config/roles/new/files/
[root@minglinux-01 ~] mkdir -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks}
[root@minglinux-01 ~] cd /etc/ansible/nginx_config/
[root@minglinux-01 /etc/ansible/nginx_config] ls
roles
[root@minglinux-01 /etc/ansible/nginx_config] ls roles/
new old
#把nginx.conf和vhosts目录放到files目录下面
[root@minglinux-01 /etc/ansible/nginx_config] cd /usr/local/nginx/conf/
[root@minglinux-01 /usr/local/nginx/conf] cp -r nginx.conf vhost /etc/ansible/nginx_config/roles/new/files/
[root@minglinux-01 /usr/local/nginx/conf] ls /etc/ansible/nginx_config/roles/new/files/
nginx.conf vhost
- playbook管理配置文件2
vim /etc/ansible/nginx_config/roles/new/vars/main.yml //定义变量
nginx_basedir: /usr/local/nginx
vim /etc/ansible/nginx_config/roles/new/handlers/main.yml //定义重新加载nginx服务
- name: restart nginx
shell: /etc/init.d/nginx reload
vim /etc/ansible/nginx_config/roles/new/tasks/main.yml //这是核心的任务
- name: copy conf file
copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644
with_items:
- { src: nginx.conf, dest: conf/nginx.conf }
- { src: vhosts, dest: conf/ }
notify: restart nginx
#定义变量
[root@minglinux-01 ~] vim /etc/ansible/nginx_config/roles/new/vars/main.yml
#内容如下
1 nginx_basedir: /usr/local/nginx
#定义重新加载nginx服务
[root@minglinux-01 ~] vim /etc/ansible/nginx_config/roles/new/handlers/main.yml
#内容如下
1 - name: restart nginx
2 shell: /etc/init.d/nginx reload
#核心任务
[root@minglinux-01 ~] vim /etc/ansible/nginx_config/roles/new/tasks/main.yml
#内容如下
1 - name: copy conf file
2 copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644
3 with_items:
4 - { src: nginx.conf, dest: conf/nginx.conf }
5 - { src: vhost, dest: conf/ }
6 notify: restart nginx
- playbook管理配置文件3
vim /etc/ansible/nginx_config/update.yml // 最后是定义总入口配置
---
- hosts: testhost
user: root
roles:
- new
执行: ansible-playbook /etc/ansible/nginx_config/update.yml
而回滚的backup.yml对应的roles为old
rsync -av /etc/ansible/nginx_config/roles/new/ /etc/ansible/nginx_config/roles/old/
回滚操作就是把旧的配置覆盖,然后重新加载nginx服务, 每次改动nginx配置文件之前先备份到old里,对应目录为/etc/ansible/nginx_config/roles/old/files
vim /etc/ansible/nginx_config/rollback.yml // 最后是定义总入口配置
---
- hosts: testhost
user: root
roles:
- old
#定义总入口配置
[root@minglinux-01 ~] vim /etc/ansible/nginx_config/update.yml
#内容如下
1 ---
2 - hosts: minglinux-02
3 user: root
4 roles:
5 - new
#执行
[root@minglinux-01 ~] ansible-playbook /etc/ansible/nginx_config/update.yml
_____________________
< PLAY [minglinux-02] >
---------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
________________________
< TASK [Gathering Facts] >
------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [minglinux-02]
_____________________________
< TASK [new : copy conf file] >
-----------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ok: [minglinux-02] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
changed: [minglinux-02] => (item={u'dest': u'conf/', u'src': u'vhost'})
_______________________________________
< RUNNING HANDLER [new : restart nginx] >
---------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
changed: [minglinux-02]
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
minglinux-02 : ok=3 changed=2 unreachable=0 failed=0
#查看目标机器是否重新加载
[root@minglinux-02 ~] ps aux|grep nginx
root 3868 0.0 0.1 46200 2936 ? Ss 03:32 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/localnginx/conf/nginx.conf
nobody 6307 0.0 0.2 48688 4024 ? S 04:24 0:00 nginx: worker process
nobody 6308 0.0 0.2 48688 4024 ? S 04:24 0:00 nginx: worker process
root 6322 0.0 0.0 112720 984 pts/0 S+ 04:24 0:00 grep --color=auto nginx
[root@minglinux-02 ~] date
2019年 03月 14日 星期四 04:24:59 CST
#对/etc/ansible/nginx_config/roles/new/files/nginx.conf做变更再执行
[root@minglinux-01 ~] vim /etc/ansible/nginx_config/roles/new/files/nginx.conf
[root@minglinux-01 ~] cat /etc/ansible/nginx_config/roles/new/files/nginx.conf |grep vhost
#include vhost/*.conf;
[root@minglinux-01 ~] ansible-playbook /etc/ansible/nginx_config/update.yml
[root@minglinux-02 ~] cat /usr/local/nginx/conf/nginx.conf |grep vhost
#include vhost/*.conf;
#回滚
#old和new保持一致,相当于把当前nginx配置文件备份到old里,如需回滚就将备份还原
#每次改动nginx配置文件之前先备份到old里,目录是/etc/ansible/nginx_config/roles/old/files
[root@minglinux-01 ~] rsync -av /etc/ansible/nginx_config/roles/new/ /etc/ansible/nginx_config/roles/old/
sending incremental file list
files/
files/nginx.conf
files/vhost/
files/vhost/aaa.com.conf
files/vhost/load.conf
files/vhost/proxy.conf
files/vhost/ssl.conf
files/vhost/test.com.conf
handlers/
handlers/main.yml
tasks/
tasks/main.yml
vars/
vars/main.yml
sent 5,233 bytes received 207 bytes 10,880.00 bytes/sec
total size is 4,409 speedup is 0.81
#定义一个总入口配置
[root@minglinux-01 ~] vim /etc/ansible/nginx_config/rollback.yml
#内容如下
1 ---
2 - hosts: minglinux-02
3 user: root
4 roles:
5 - old
#执行回滚
[root@minglinux-01 ~] ansible-playbook /etc/ansible/nginx_config/rollback.yml