Ansible Playbooks的简单使用—搭建httpd服务、模板、变量使用以及playboos的一些简单应用
前言:
本篇博客是在ansible搭建完毕的基础上进行:
自动化运维工具Ansible的搭建
一、设置在.yml文件中Tab键为两个空格
这是.yml文件的格式要求
[devops@server1 ~]$ vim .vimrc
autocmd filetype yaml setlocal ai ts=2 sw=2 et
二、建立playbook.yml文件,发布剧本
1、编辑playbook.yml文件
[devops@server1 ansible]$ vim playbook.yml
[devops@server1 ansible]$ cat playbook.yml
---
# deploy apache
- hosts: webservers #哪些主机
tasks: #任务
- name: install httpd #下载httpd服务
yum:
name: httpd
state: latest
- name: start httpd #启动httpd服务
service:
name: httpd
state: started
- 查看剧本hosts主机列表
[devops@server1 ansible]$ ansible-playbook playbook.yml --list-hosts
playbook: playbook.yml
play #1 (webservers): webservers TAGS: []
pattern: [u'webservers']
hosts (2):
server2
server3
- 查看剧本任务列表:
[devops@server1 ansible]$ ansible-playbook playbook.yml --list-tasks
playbook: playbook.yml
play #1 (webservers): webservers TAGS: []
tasks:
install httpd TAGS: []
start httpd TAGS: []
2、发布剧本文件
[devops@server1 ansible]$ ansible-playbook playbook.yml --syntax-check #对剧本playbook进行语法检测
[devops@server1 ansible]$ ansible-playbook playbook.yml #执行剧本
3、测试
我们编辑剧本,使访问到的内容指定下来
[devops@server1 ansible]$ vim playbook.yml #更改剧本,添加任务
---
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.westos.com\n"
dest: /var/www/html/index.html
- name: start httpd
service:
name: httpd
state: started
- 发布
- 测试
三、添加任务
1、编写playbook.yml文件
[devops@server1 ansible]$ vim playbook.yml
---
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.westos.com\n"
dest: /var/www/html/index.html
- name: configure httpd
copy:
src: files/httpd.conf #将当前所在目录下的files目录中的httpd.conf文件拷贝到目标主机的指定目录中
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
- name: start httpd
service:
name: httpd
state: started
2、建立files目录及相关文件
[devops@server1 ansible]$ mkdir files
[devops@server1 ansible]$ cd files/
[devops@server1 files]$ ls
[devops@server1 files]$ scp server3:/etc/httpd/conf/httpd.conf . #将server3的httpd配置文件拷贝到当前
httpd.conf 100% 11KB 11.5KB/s 00:00
[devops@server1 files]$ ls
httpd.conf
[devops@server1 files]$ cd ..
[devops@server1 ansible]$ ls
ansible.cfg files inventory playbook.yml
3、语法检测、发布
[devops@server1 ansible]$ ansible-playbook playbook.yml --syntax-check
[devops@server1 ansible]$ ansible-playbook playbook.yml
我们可以采用文件的md5码来判断是否是同样的内容:
[devops@server1 ansible]$ md5sum files/httpd.conf
- 设定开机自启动
[devops@server1 ansible]$ vim playbook.yml
---
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.westos.com\n"
dest: /var/www/html/index.html
- name: configure httpd
copy:
src: files/httpd.conf
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
- name: start httpd
service:
name: httpd
state: started
enabled: true
[devops@server1 ansible]$ ansible-playbook playbook.yml --syntax-check
playbook: playbook.yml
[devops@server1 ansible]$ ansible-playbook playbook.yml
四、编写触发器,实现文件更改则重启服务,不更改则不做操作
1、编写剧本playbook
[devops@server1 ansible]$ vim playbook.yml
---
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.westos.com\n"
dest: /var/www/html/index.html
- name: configure httpd
copy:
src: files/httpd.conf
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd
service:
name: httpd
state: started
enabled: true
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
2、更改files目录下的httpd.conf文件
[devops@server1 ansible]$ vim files/httpd.conf
42 Listen 8080
3、测试发布playbooks文件,查看更改是否生效
[devops@server1 ansible]$ ansible-playbook playbook.yml --syntax-check
playbook: playbook.yml
[devops@server1 ansible]$ ansible-playbook playbook.yml
- 查看是否生效
端口更改成功,记住实验后改过来哈
五、实现防火墙配置(生产环境中)
1、编写playbook.yml文件
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.westos.com\n"
dest: /var/www/html/index.html
- name: configure httpd
copy:
src: files/httpd.conf
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd
service:
name: httpd
state: started
enabled: true
- name: start firewalld
service:
name: firewalld
state: started
enabled: true
- name: configure firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
2、检测剧本是否语法正确,推送
[devops@server1 ansible]$ ansible-playbook playbook.yml --syntax-check
playbook: playbook.yml
[devops@server1 ansible]$ ansible-playbook playbook.yml
3、查看server2是否防火墙开启
防火墙已经开启,并且http已经加入防火墙的白名单中。
六、使用变量完成动态http服务部署
1、系统变量的两种表示方法
(1)表示方法
[devops@server1 ansible]$ vim playbook.yml
更改如下配置:
- name: create index.html
copy:
content: "{{ ansible_facts['hostname'] }}\n"
dest: /var/www/html/index.html
发布
[devops@server1 ansible]$ ansible-playbook playbook.yml
测试:
(2)表示方法
[devops@server1 ansible]$ vim playbook.yml
- name: create index.html
copy:
content: "{{ ansible_facts.hostname }}\n"
dest: /var/www/html/index.html
发布:
[devops@server1 ansible]$ ansible-playbook playbook.yml
检测:
查看本机系统变量
[devops@server1 ansible]$ ansible test -m setup|less
小练习:将发布内容改为 主机名 IP
[devops@server1 ansible]$ ansible test -m setup|less
- name: create index.html
copy:
content: "{{ ansible_facts.hostname }} {{ ansible_facts['default_ipv4']['address'] }}\n"
dest: /var/www/html/index.html
2、单独发布模板中的一个任务
[devops@server1 ansible]$ vim playbook.yml
- name: create index.html
copy:
content: "{{ ansible_facts.hostname }} {{ ansible_facts['default_ipv4']['address'] }}\n"
dest: /var/www/html/index.html
tags: one
发布时加上-t参数
3、使用template模块,编写带有变量的http配置文件
[devops@server1 ansible]$ vim playbook.yml
---
# deploy apache
- hosts: webservers
vars:
http_port: 80
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "{{ ansible_facts.hostname }} {{ ansible_facts['default_ipv4']['address'] }}\n"
dest: /var/www/html/index.html
tags: one
- name: configure httpd
template:
src: files/httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd
service:
name: httpd
state: started
enabled: true
- name: start firewalld
service:
name: firewalld
state: started
enabled: true
- name: configure firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
将子目录下files/httpd.conf重命名为httpd.conf.j2
[devops@server1 ansible]$ mv files/httpd.conf files/httpd.conf.j2
编辑httpd.conf.j2文件:
[devops@server1 ansible]$ vim files/httpd.conf.j2
42 Listen {{ http_port }}
推送:
4、编写yml文件,实现读取并存储系统信息
[devops@server1 ansible]$ mkdir templates
[devops@server1 ansible]$ vim hostinfo.yml
---
- hosts: all
tasks:
- name: create infofile
template:
src: templates/info.j2
dest: /mnt/hostinfo
[devops@server1 ansible]$ cd templates/
[devops@server1 templates]$ vim info.j2
主机名: {{ ansible_facts['hostname'] }}
主机IP地址: {{ ansible_facts['default_ipv4']['address'] }}
根分区大小: {{ ansible_facts['devices']['dm-0']['size'] }}
系统内核: {{ ansible_facts['distribution_version'] }}
语法检测及推送:
[devops@server1 ansible]$ ansible-playbook hostinfo.yml --syntax-check
playbook: hostinfo.yml
[devops@server1 ansible]$ ansible-playbook hostinfo.yml
5、我们也可以实现通过各种变量,配置不同的主机配置不同的服务:
示例:
[devops@server1 ansible]$ vim install.yml
---
- hosts: all
tasks:
- name: install httpd
yum:
name: httpd
state: present
when: ansible_facts['hostname'] == 'server2'
- name: install mariadb
yum:
name: mariadb
state: present
when: ansible_facts['hostname'] == 'server3'
语法检测,推送:
也可以使用类似python中列表的方式,指定下载服务:
[devops@server1 ansible]$ vim install.yml
---
- hosts: all
tasks:
- name: install httpd
yum:
name: '{{ item }}'
state: present
when: ansible_facts['hostname'] == 'server2'
loop:
- httpd
- mariadb
- php
- php-mysql
- name: install mariadb
yum:
name: mariadb
state: present
when: ansible_facts['hostname'] == 'server3'
6、使用ansible快速布置每一台主机的解析
[devops@server1 ansible]$ vim hostinfo.yml
---
- hosts: all
tasks:
- name: create infofile
template:
src: templates/info.j2
dest: /mnt/hostinfo
- name: create hosts
template:
src: templates/host.j2
dest: /etc/hosts
owner: root
group: root
mode: 644
[devops@server1 ansible]$ vim templates/host.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.250 content.example.com
{% for host in groups['webservers'] %}
{{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}
{% endfor %}
[test]
server2
server1
[db]
server3
[webservers:children]
test
db
[devops@server1 ansible]$ ssh-copy-id server1
推送:
[devops@server1 ansible]$ ansible-playbook hostinfo.yml
7、批量添加用户
[devops@server1 ansible]$ vim adduser.yml
---
- hosts: all
tasks:
- name: create users
user:
name: "{{ item }}"
state: present
password: redhat
loop:
- user1
- user2
- user3
- user4
推送:
[devops@server1 ansible]$ ansible-playbook adduser.yml
我们发现这样添加用户密码是可见的,非常不安全:
[devops@server1 vars]$ pwd
/home/devops/ansible/vars
[devops@server1 vars]$ ls
userlist.yml
[devops@server1 vars]$ ansible-vault encrypt userlist.yml
New Vault password:
Confirm New Vault password:
Encryption successful
加密
加密后没有密码,会显示加密字符
[devops@server1 vars]$ ansible-vault view userlist.yml
Vault password:
---
userlist:
- user: user1
pass: redhat
- user: user2
pass: redhat
[devops@server1 ansible]$ vim adduser.yml
---
---
- hosts: all
vars_files:
- vars/userlist.yml
tasks:
- name: create users
user:
name: "{{ item.user }}"
state: present
password: "{{ item.pass }}"
loop: "{{ userlist }}"
推送:
我们发现密码这里在系统上是明文的,这是不合情理的
---
- hosts: all
vars_files:
- vars/userlist.yml
tasks:
- name: create users
user:
name: "{{ item.user }}"
state: present
password: "{{ item.pass | password_hash('sha512','mysecretsalt') }}"
loop: "{{ userlist }}"
推送
如果我们对两个文件都加密了,那么一定要密码相同,因为推送时只会输入一次密码:
[devops@server1 ansible]$ ansible-vault encrypt adduser.yml
New Vault password:
Confirm New Vault password:
Encryption successful
[devops@server1 ansible]$ cat adduser.yml
$ANSIBLE_VAULT;1.1;AES256
39343764323338313834643332373133336533343431383831323466663530383535613563656438
6662323162303464343134353565633530626635663162310a613065666135663538326361343561
38633433326264626362616565663133373135663031346330613238336165633530646533613232
3161643230313130660a366539363232373436623338613132353466623731643337343166646465
33376130343138626238303362313134323166613365363364373164376132323335323934623830
61343437633230313161313933363662633936376338613636656363336361316636616437623839
36366232663333386130613035303435376462343335643463613466633537303039343237616639
64626139613935376135613131363236666233373937373666613038356138636137666561636439
37313162353334343263663062363832366564613238336235663664663539316162633338633331
39636435323036386639633337353634396266316536356466643461313963356562393262336565
63323431656132383535383635386530633635366664383335373430343734323137323434323966
63353562643733626335393765636433383466353739383536666236666564353565633533373465
38666138613462353433383836323338393766633938343934396435363862383834323762623230
37333038666432383439626462363635366432303037386533343164313361343539663232613166
64313263393830386238346637396238353963653235306564643765343538363235623461353564
30653035623839316239343066653736613765633164373036336461353334646330316332633661
61616331666665646164623735393866376139323939396265373434313237643665
这里发现解析文件的权限有点问题
[devops@server1 ansible]$ vim hostinfo.yml
---
- hosts: all
tasks:
- name: create infofile
template:
src: templates/info.j2
dest: /mnt/hostinfo
- name: create hosts
template:
src: templates/host.j2
dest: /etc/hosts
owner: root
group: root
mode: 0644
推送
[devops@server1 ansible]$ ansible-playbook hostinfo.yml
