ansible理论、配置、模块、剧本、角色
1. 服务介绍
1.1 自动化运维相关概念
相关概念
了解IaaS PaaS SaaS
IaaS infrastructure as a service
PaaS platform as a service
SaaS software as a service
IAAS 提供基本的硬件
PAAS 购买已经准备好的开发环境 直接开发就行了
SAAS 手机上的大部分软件都是基于SAAS 比如阿里提供给别人用的钉钉 腾讯给我们用的微信(免费)
三个的提供方举例:
IAAS:提供硬件 联想
PAAS:提供操作系统 微软
SAAS:阿里 提供淘宝软件
以邮件系统为例,IAAS就是企业自己购买服务器,自己搭建服务架构,搭建邮件服务器,然后使用企业邮件服务,PAAS就是企业租到了服务器,自己搭建服务,然后使用企业邮箱,SAAS就是企业掏钱购买腾讯企业邮箱,然后使用企业邮箱
1.2 ansible理论
1.2.1 ansible及自动化介绍
ansible:提高效率的工具
自动化:系统自动化(pxe+ks)、程序自动化(ansible、saltstack、puppet)、代码自动化(Jenkins)、
程序自动化工具分为两类:
(1)c/s架构:saltstack puppet
(2)无客户端模式:ansible
区别:
-
puppet:基于ruby开发,支持Linux、Windows、Unix,可以管理千台主机以上
-
saltstack:基于python开发,支持统一管理,比较轻量级
-
ansible:基于python开发,使用ssh协议,没有客户端,200-300台
-
ansible: python编写 适用于中小型应用环境 一个系统控制多台主机 有两个角色 主控端/被控端
-
saltstack: python编写 需要部署agent 主控端通过安装在被控端的代理来对被控端进行操作
-
puppet: ruby语言编写 重型 适合大型环境 谷歌用 软件过于复杂 国内一般用不到
-
其他
1.2.2 ansible特性
- 模块化: 调用特定的模块,完成特定任务,约1000+模块 每个模块功能不同
- 有paramiko(基于ssh开发,主要做远程控制) PyYAML(可以实现剧本) Jinja2(模板语言) 三个关键模块
- 支持自己定义模块
- 安全, 基于openssh
- 支持playbook编排任务
- 幂等性: 一个任务执行1遍和n遍效果一样,不会因为重复执行而带来意外情况(以复制为例,如果进行多次复制,ansible发现已经有了,就不执行了,也不报错)
1.2.3 ansible命令执行过程和执行状态
2. centos7上安装ansible
366 mkdir /media/ansible
367 cp /mnt/hgfs/soft/an/* /media/ansible/
368 createrepo /media/ansible/
370 mount /dev/cdrom /mount
371 yum -y install createrepo
372 createrepo /media/ansible/
374 vim /etc/yum.repos.d/ansible.repo
[ansible]
name=ansible
baseurl=file:///media/ansible
enabled=1
gpgcheck=0
375 yum -y install ansible
376 rpm -e --nodeps python-cryptography
也可以使用yum安装ansible
yum -y install epel-release
yum -y install ansible
3. 配置ansible
277 ansible --version
278 cd /etc/ansible
278 vim hosts 尾部添加内容
[webserver]
192.168.1.22
192.168.1.17
[dbserver]
192.168.1.19
这里的webserver 和 dbserver只是一个分组的名称而已,没有特殊含义
292 ssh-keygen
293 ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
294 ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
295 ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
297 ansible all -m ping
297 ansible all -m ping
192.168.1.17 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.19 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.22 | SUCCESS => {
"changed": false,
"ping": "pong"
}
4. ansible模块使用
4.1 ansible语法和常用命令
ansible [-m module_name] [-a args]
example: ansible webserver -m ping
帮助命令:
[root@localhost ~]# ansible-doc -h #help信息
[root@localhost ~]# ansible-doc -l #查看ansible的模块
[root@localhost ~]# ansible-doc -s yum #查看某个模块怎么使用
4.2 常用模块
(1)command(-m command可以省略)
[root@localhost ~]# ansible all -m command -a 'date'
[root@localhost ~]# ansible all -m command -a 'ls /home'
(2)corn
[root@localhost ~]# ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello world" name="test cron job"'
[root@localhost ~]# ansible all -a 'crontab -l'
[root@localhost ~]# ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello hansir" name="test cron job" state=absent'
state=present表示添加,添加的时候 state=present 可以省略 ,state=absent表示删除 name为描述信息
[root@localhost ~]# ansible webserver -m cron -a 'job=date name=showdate state=present'
[root@localhost ~]# ansible webserver -m cron -a 'job=date name=showdate state=absent'
(3)user
[root@localhost ~]# ansible all -m user -a 'name="user1"' #添加用户
[root@localhost ~]# ansible all -m user -a 'name="user1" state=absent' #删除用户
[root@localhost ~]# ansible all -m user -a 'name=tie create_home=yes shell=/bin/bash'
#这是创建一个普通用户,如果要加码,自己再写命令进行加密,如下
[root@localhost ~]# ansible all -m shell -a 'echo 1234.com | passwd --stdin tie'
[root@localhost ~]# ansible all -m user -a 'name=nginx shell=/sbin/nologin create_home=no'
192.168.20.126 | CHANGED => { #创建nginx用户,要求不可登陆,没有家目录
"ansible_facts": { #虽然这里显示有家目录,但是其实没有的
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 1002,
"home": "/home/nginx",
"name": "nginx",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 1002
}
[root@localhost ~]# ansible all -m user -a 'name=tie remove=yes state=absent' #删除用户并清空与用户有关的目录
(4)group
[root@localhost ~]# ansible dbserver -m group -a 'name="mysql" gid=700 system=yes' #公共组
[root@localhost ~]# ansible dbserver -m user -a 'name="benet" uid=700 system=yes group=mysql' #把用户加入组中
[root@localhost ~]# ansible dbserver -a 'tail -n1 /etc/passwd'
192.168.1.19 | SUCCESS | rc=0 >>
benet:x:700:700::/home/benet:/bin/bash
(5)copy文件分发
[root@localhost ~]# ansible webserver -m copy -a 'src=/media/ansible/ansible-2.4.2.0-2.el7.noarch.rpm dest=/root mode=0644 owner=root group=root'
[root@localhost ~]# ansible webserver -m copy -a 'src=/etc/sysctl.conf dest=/etc/sysctl.conf backup=yes'
这里要注意,如果copy相同的文件,文件内容要有变动,否则不会覆盖文件
backup=yes的话 对方在覆盖文件之前会现在原来的目录里做一个备份文件,如下
[root@localhost ~]# ls /etc/sysctl.conf*
/etc/sysctl.conf /etc/sysctl.conf.51901.2019-07-05@22:09:15~
(6)file 创建文件、修改文件属性 比如属主属组权限、创建目录
[root@localhost ~]# ansible dbserver -m file -a 'owner=benet group=mysql mode=0644 path=/tmp/test.ansible'
[root@localhost ~]# ansible dbserver -a 'ls -l /tmp/test.ansible'
192.168.1.19 | SUCCESS | rc=0 >>
-rw-r--r--. 1 benet mysql 13 Sep 21 15:40 /tmp/test.ansible
[root@localhost ~]# ansible dbserver -m file -a 'path=/tmp/test.link src=/tmp/test.ansible state=link'#创建软链接
[root@localhost ~]# ansible all -m file -a 'path=/tmp/testd src=/etc/hosts state=hard' 创建硬链接
[root@localhost ~]# ansible all -m file -a 'path=/tmp/test.test state=touch'
192.168.20.125 | CHANGED => { #创建文件
[root@localhost ~]# ansible all -m file -a 'path=/tmp/test.test state=absent' #删除文件
[root@localhost ~]# ansible all -m file -a 'path=/tmp/test state=directory' #创建目录
(7)yum
[root@localhost ~]# ansible webserver -m yum -a 'name=zsh,vsftpd state=present' #装zsh和vsftpd
[root@localhost ~]# ansible webserver -m yum -a 'name=vsftpd state=absent'
(8)service
[root@localhost ~]# ansible webserver -a 'service httpd status'
[root@localhost ~]# ansible webserver -m service -a 'name=httpd state=started' 还可以写stopped restarted reloaded
(9)shell
[root@localhost ~]# ansible webserver -m shell -a 'ls /root | grep install.log' #shell可以使用管道符
[root@localhost ~]# ansible dbserver -m shell -a 'echo 'redhat' | passwd --stdin benet'
[root@localhost ~]# ansible dbserver -m shell -a 'echo 'y' | yum install vsftpd'
(10)script
[root@localhost ~]# vim test.sh
#!/bin/bash
#this is test script
echo "hello ansible thanks hansir" > /tmp/script.ansible
[root@localhost ~]# ansible dbserver -m script -a 'test.sh'
(11)setup 采集客户端讯息 #这里筛选的变量 后边模板template会用到
[root@localhost ~]# ansible all -m setup #采集客户端所有信息
[root@localhost ~]# ansible all -m setup -a 'filter=ansible_hostname'
[root@localhost ~]# ansible dbserver -m setup -a 'filter=*address*'
192.168.20.125 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.122.1",
"192.168.20.125"
],
"ansible_all_ipv6_addresses": [
"fe80::20c:29ff:fe24:241c"
],
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
(12)ping
[root@localhost ~]# ansible all -m ping
(14)fetch #主控端去被控端抓取文件
[root@localhost ~]# mkdir /data
[root@localhost ~]# ansible all -m fetch -a 'src=/var/log/messages dest=/data'
192.168.20.126 | CHANGED => {
[root@localhost ~]# tree /data
/data
├── 192.168.20.125
│ └── var
│ └── log
│ └── messages
└── 192.168.20.126
└── var
└── log
└── messages
6 directories, 2 files
(15) unarchive 解压模块: 将主控端的包解压后放在被控端 无需传输tar包
[root@localhost ~]# ansible webserver -m unarchive -a 'src=/root/ios.tar.gz dest=/usr/src remote_src=yes'
(16)hostname
[root@localhost ~]# ansible webserver -m hostname -a 'name=webserver'
关于模块部分 还有一些非常好用的 没有在这个文章里 读者客户点击 https://blog.csdn.net/weixin_43557605/article/details/102659689
结合这个模块 和replace模块 基本上可以实现用剧本安装和配置所有的服务
下边的第五部分是剧本 playbook 是ansible的任务编排 这部分和角色 roles都很重要 这部分掌握了基础模块后要大量练习 建议最好可以写出一个LNMP的部署剧本 以后完成LNMP一键部署 关于LNMP的剧本 我已经写出来了 在https://blog.csdn.net/weixin_43557605/article/details/103924815 这部分没有写PHP的 因为 会这两个 PHP的自然可以写出来 没有难度
5. playbook
5.1 常规playbook使用
YAML基础元素
结构用空格表示
序列结构用-
键值对用:
扩展名为yaml yml
task:任务,要调用模块,完成某个操作
variable:变量
handlers:触发器
[root@localhost ~]# vim test.yaml
- hosts: webserver
remote_user: root
tasks:
- name: install vsftpd
command: yum -y install vsftpd
- name: start vsftpd
service: name=vsftpd state=started
[root@localhost ~]# ansible-playbook test.yaml
[root@localhost ~]# ansible all -a 'service vsftpd status'
[WARNING]: Consider using service module rather than running service
192.168.1.19 | FAILED | rc=1 >>
vsftpd: unrecognized servicenon-zero return code
192.168.1.17 | SUCCESS | rc=0 >>
vsftpd (pid 15076) 正在运行...
192.168.1.22 | SUCCESS | rc=0 >>
vsftpd (pid 5920) 正在运行...
剧本补充内容
1. yum安装多个包
- name: Installation dependency
yum: name="pcre-devel,zlib-devel" state=installed
2. 检测剧本语法的命令
# ansible-playbook nginx.yml --syntax-check
3. 做软链接
- name: file
file: path=/usr/local/nginx/sbin/* src=/usr/local/sbin/ state=link
4. 解压包
- name: unarchive
unarchive: src=/root/nginx-1.15.4.tar.gz dest=/usr/src mode=0755
5. 添加无家目录用户
- name: useradd nginx
user: name=nginx shell=/sbin/nologin home=null
ansible加密命令
剧本的其他使用提示
1)限制只在谁上执行
ansible-playbook file.yml --limits 192.168.20.101
2)查看任务列表
ansible-playbook file.yml --list-tasks
3)查看tags
[root@localhost ~]# ansible-playbook file.yml --list-tags
5.2 handlers在playbook中的使用
问题引入:在dbserver上装httpd,配置并运行的过程中出现配置文件修改,但是服务没有重启的情况
vim file.yml
- hosts: dbserver
remote_user: root
tasks:
- name: install httpd
yum: name=httpd
- name: copy conf file
copy: src=files/httpd.conf dest=/etc/httpd/conf
- name: ensure apache is running
service: name=httpd state=started enabled=yes
[root@localhost ~]# mkdir files
[root@localhost ~]# cp /etc/httpd/conf/httpd.conf files/
[root@localhost ~]# ansible-playbook file.yml --syntax-check #检测语法错误
playbook: file.yml
[root@localhost ~]# ansible-playbook -C file.yml #检测运行过程
PLAY [dbserver] ***********************************************************************
TASK [Gathering Facts] ****************************************************************
ok: [192.168.20.125]
TASK [install httpd] ******************************************************************
changed: [192.168.20.125]
TASK [copy conf file] *****************************************************************
changed: [192.168.20.125]
TASK [ensure apache is running] *******************************************************
changed: [192.168.20.125]
PLAY RECAP ****************************************************************************
192.168.20.125 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
第一次我们先不对本机的httpd.conf做修改,先直接运行file.yml
[root@localhost ~]# ansible-playbook file.yml
[root@localhost ~]# ansible dbserver -m shell -a 'ss -ntl | grep :80'
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 :::80 :::*
我们现在修改本机的httpd.conf 把监听端口改为800 然后执行剧本 之后查看dbserverd800端口有没有被监听
[root@localhost ~]# ansible-playbook file.yml
[root@localhost ~]# ansible dbserver -m shell -a 'ss -ntl | grep :80'
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 :::80 :::*
再次查看的时候,发现80端口依然在监听 而不是800端口 也就是说 改了配置文件 但是无法重启
针对上边的问题,playbook引入handlers即可解决,handlers类似于触发器,达到条件即可触发某个动作,我们在这里准备这样做:用handlers监控配置文件的修改情况,如果配置文件修改了,就触发httpd重启服务,操作如下
[root@localhost ~]# vim file.yml
- hosts: dbserver
remote_user: root
tasks:
- name: install httpd
yum: name=httpd
- name: copy conf file
copy: src=files/httpd.conf dest=/etc/httpd/conf
notify: restart httpd
- name: ensure apache is running
service: name=httpd state=started enabled=yes
handlers:
- name: restart httpd
service: name=httpd state=restarted
上述的意思是说,规定了一个handlers的动作是重启httpd,使用
notify对第二步进行监控,只要第二步进行了,也就是说配置文件
修改了,就触发handler中名字是“restart httpd”的操作,可以有多
个触发,只要名字对应即可
我们现在再次修改本机的httpd.conf文件,端口改为8080,然后
执行剧本,查看运行端口
[root@localhost ~]# ansible-playbook file.yml
[root@localhost ~]# ansible dbserver -m shell -a 'ss -ntl | grep :8080'
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 :::8080 :::*
可以看到dbserver现在运行的是8080端口,问题得到了解决
这里需要说明的是,tasks里边的动作通过notify的监控,可以同时触发多个handlers的动作,如下:
copy src=... dest=...
nitofy:
- restart nginx
- check process
5.3 tags在playbook中的使用
tags其实就是为tasks里的某个动作打一个标签,打完标签之后,可以进行引用,如下:
[root@localhost ~]# vim file.yml #对启动httpd的动作打一个标签
- hosts: dbserver
remote_user: root
tasks:
- name: install httpd
yum: name=httpd
- name: copy conf file
copy: src=files/httpd.conf dest=/etc/httpd/conf
notify: restart httpd
- name: ensure apache is running
service: name=httpd state=started enabled=yes
tags: rshttpd
handlers:
- name: restart httpd
service: name=httpd state=restarted
[root@localhost ~]# ansible dbserver -m service -a 'name=httpd state=stopped'
[root@localhost ~]# ansible-playbook -t rshttpd file.yml #只执行rshttpd这个标签的步骤
[root@localhost ~]# ansible dbserver -m shell -a 'ss -ntl | grep :8080'
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 :::8080 :::*
这里要说明的是,-t后边可以跟多个标签,用逗号分隔即可,另外,多个动作可以共用一个标签
5.4 变量在playbook中的使用
变量的简单使用
[root@localhost ~]# vim file.yml
- hosts: webserver
remote_user: root
tasks:
- name: install httpd
yum: name={{ pkname }}
- name: ensure apache is running
service: name={{ pkname }} state=started enabled=yes
[root@localhost ~]# ansible-playbook -e 'pkname=httpd' file.yml #执行剧本的时候声明变量
在剧本中声明变量
[root@localhost ~]# vim file.yml
- hosts: all
remote_user: root
vars:
- pkname1: httpd
- pkname2: vsftpd
tasks:
- name: install httpd
yum: name={{ pkname1 }}
- name: ensure apache is running
yum: name={{ pkname2 }}
[root@localhost ~]# ansible all -m yum -a 'name=httpd state=absent'
[root@localhost ~]# ansible-playbook file.yml
在配置文件中声明变量
- 对某一个主机生效的(普通变量)
- 对某一个组生效的(公共变量)
vim /etc/ansible/hosts
[webservers]
192.168.20.101 http_port=81
192.168.20.102 http_port=82
[webservers:vars]
nodename=www
domainname=kgc.cn
vim file.yml
- hosts: all
remote_user: root
tasks:
- name: set hostname
hostname: name={{nodename}}{{http_port}}.{{domainname}}
ansible-playbook file.yml
还有一种方式
ansible-playbook -e 'nodename=web domainname=example.com' file.yml #这个时候-e的生效
变量的优先级比较:
命令行 > 普通变量 > 公共变量
5.5 使用template对nginx实行区别化配置
首先需要在自己写的yml文件的统计目录创建templates目录,并把文件复制一份过来,改为jinja2格式的
[root@localhost ~]# ls
anaconda-ks.cfg Downloads initial-setup-ks.cfg Pictures Videos
Desktop files Music Public
Documents file.yml original-ks.cfg Templates
[root@localhost ~]# mkdir templates
[root@localhost ~]# cp /etc/nginx/nginx.conf templates/nginx.conf.j2
这个时候要用到一些系统变量,这些变量是从setup模块找的
我们这里准备对两台主机安装nginx,然后让worker进程数与cpu成正比
如下,可以看到两天主机,一个cpu是2,另一个cpu个数是4,变量是ansible_processor_vcpus
[root@localhost ~]# ansible all -m setup -a 'filter=*cpu*'
192.168.20.125 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 4,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.20.126 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 2,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
编辑模板文件
[root@localhost ~]# vim templates/nginx.conf.j2
6 worker_processes {{ansible_processor_vcpus}};
[root@localhost ~]# vi test.yml
- hosts: all
remote_user: root
tasks:
- name: install nginx
yum: name=nginx
- name: copy template
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: start nginx
service: name=nginx state=started
[root@localhost ~]# ansible-playbook -C test.yml
PLAY [all] ****************************************************************************
TASK [Gathering Facts] ****************************************************************
ok: [192.168.20.125]
ok: [192.168.20.126]
TASK [install nginx] ******************************************************************
changed: [192.168.20.126]
changed: [192.168.20.125]
TASK [copy template] ******************************************************************
changed: [192.168.20.125]
changed: [192.168.20.126]
TASK [start nginx] ********************************************************************
changed: [192.168.20.125]
changed: [192.168.20.126]
PLAY RECAP ****************************************************************************
192.168.20.125 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.20.126 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@localhost ~]# ansible-playbook test.yml
[root@localhost ~]# ansible all -m shell -a 'ps -aux | grep nginx' #上边4个,下边2个,符合预期
192.168.20.125 | CHANGED | rc=0 >>
root 3705 0.0 0.1 122928 2244 ? Ss 09:22 0:00 nginx: master process /usr/sbin/nginx
nginx 3706 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3707 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3708 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3709 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
root 3883 0.0 0.0 113128 1196 pts/1 S+ 09:23 0:00 /bin/sh -c ps -aux | grep nginx
root 3885 0.0 0.0 112660 952 pts/1 S+ 09:23 0:00 grep nginx
192.168.20.126 | CHANGED | rc=0 >>
root 3468 0.0 0.1 122928 2244 ? Ss 09:22 0:00 nginx: master process /usr/sbin/nginx
nginx 3469 0.0 0.1 125472 3552 ? S 09:22 0:00 nginx: worker process
nginx 3470 0.0 0.1 125472 3540 ? S 09:22 0:00 nginx: worker process
root 3643 0.0 0.0 113128 1196 pts/1 S+ 09:23 0:00 /bin/sh -c ps -aux | grep nginx
root 3645 0.0 0.0 112660 952 pts/1 S+ 09:23 0:00 grep nginx
如果要修改,加入handlers比较好,我们把worker数量改为cpu个数+2(如果想写成平方 **2)
[root@localhost ~]# vim templates/nginx.conf.j2
worker_processes {{ansible_processor_vcpus+2}};
[root@localhost ~]# vim test.yml
- hosts: all
remote_user: root
tasks:
- name: install nginx
yum: name=nginx
- name: copy template
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: restart nginx
- name: start nginx
service: name=nginx state=started
handlers:
- name: restart nginx
service: name=nginx state=restarted
[root@localhost ~]# ansible all -m shell -a 'ps -aux | grep nginx' #可以看出上边6个下边4个
192.168.20.125 | CHANGED | rc=0 >>
root 3705 0.0 0.1 122928 2244 ? Ss 09:22 0:00 nginx: master process /usr/sbin/nginx
nginx 3706 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3707 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3708 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3709 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3710 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3711 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
root 3883 0.0 0.0 113128 1196 pts/1 S+ 09:23 0:00 /bin/sh -c ps -aux | grep nginx
root 3885 0.0 0.0 112660 952 pts/1 S+ 09:23 0:00 grep nginx
192.168.20.126 | CHANGED | rc=0 >>
root 3468 0.0 0.1 122928 2244 ? Ss 09:22 0:00 nginx: master process /usr/sbin/nginx
nginx 3469 0.0 0.1 125472 3552 ? S 09:22 0:00 nginx: worker process
nginx 3470 0.0 0.1 125472 3540 ? S 09:22 0:00 nginx: worker process
nginx 3471 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3472 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
root 3643 0.0 0.0 113128 1196 pts/1 S+ 09:23 0:00 /bin/sh -c ps -aux | grep nginx
root 3645 0.0 0.0 112660 952 pts/1 S+ 09:23 0:00 grep nginx
下边试着用变量结合template来修改nginx配置
[root@localhost ~]# vim /etc/ansible/hosts
[dbserver]
192.168.20.125 http_port=81
[webserver]
192.168.20.126 http_port=82
[root@localhost ~]# vim templates/nginx.conf.j2
39 listen {{http_port}} default_server;
[root@localhost ~]# ansible-playbook test.yml
[root@localhost ~]# ansible all -m shell -a 'ss -ntpl | grep nginx' #如下ipv4的端口都改过来了
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 *:81 *:* users:(("nginx",pid=4388,fd=6),("nginx",pid=4387,fd=6),("nginx",pid=4386,fd=6),("nginx",pid=4385,fd=6),("nginx",pid=4384,fd=6),("nginx",pid=4383,fd=6),("nginx",pid=4382,fd=6))
LISTEN 0 128 :::80 :::* users:(("nginx",pid=4388,fd=7),("nginx",pid=4387,fd=7),("nginx",pid=4386,fd=7),("nginx",pid=4385,fd=7),("nginx",pid=4384,fd=7),("nginx",pid=4383,fd=7),("nginx",pid=4382,fd=7))
192.168.20.126 | CHANGED | rc=0 >>
LISTEN 0 128 *:82 *:* users:(("nginx",pid=4144,fd=6),("nginx",pid=4143,fd=6),("nginx",pid=4142,fd=6),("nginx",pid=4141,fd=6),("nginx",pid=4140,fd=6))
LISTEN 0 128 :::80 :::* users:(("nginx",pid=4144,fd=7),("nginx",pid=4143,fd=7),("nginx",pid=4142,fd=7),("nginx",pid=4141,fd=7),("nginx",pid=4140,fd=7))
tempalte结合when进行条件判断
加入某个服务,对于不同的系统版本,配置文件不一样,这个时候就需要区别对待
[root@localhost ~]# vim test.yml
- hosts: all
remote_user: root
tasks:
- name: install nginx
yum: name=nginx
- name: copy template for centos7
template: src=nginx.conf7.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_version == "7"
notify: restart nginx
- name: copy template for centos6
template: src=nginx.conf6.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_version == "6"
notify: restart nginx
- name: start nginx
service: name=nginx state=started
handlers:
- name: restart nginx
service: name=nginx state=restarted
此时需要在templates目录里准备好两个模板文件
上边的系统版本号变量可以使用ansible命令获得
[root@localhost ~]# ansible all -m setup -a 'filter=*version*'
6. roles 角色
6.1 roles的说明
roles的思想是把原来写在一个playbook的内容分成不同的部分,之后再进行统一的调用,这种方法,可以防止因为个人书写习惯不同而带来的额外的维护成本,在比较复杂的场景中建议使用roles来简化工作,同时,已经有很多人写了大量优秀的角色放在网上,可以供我们下载使用,网站在此 http://galaxy.ansible.com 如果网络比较好 可以直接使用ansible-galaxy命令安装角色 免去了安装的繁琐工作 但是 对于角色的编辑我们也应该掌握基础 下边是自己动手编写角色 在后边的文章https://blog.csdn.net/weixin_43557605/article/details/102661361 和 https://blog.csdn.net/weixin_43557605/article/details/103767610有网络角色的使用方法
操作要求: 要求在roles目录进行相关的操作,ansible安装完毕之后,在/etc/ansible/目录下就有一个roles目录,可以在这个ansible目录里操作,也可以在其他任何目录里操作,但是要求yml文件和roles目录在同一级目录里
roles的目录说明
- files目录: 主要是放一些copy模块需要用到的文件或者script模块用到的脚本
- templates目录:template模块查找所需要的模板文件的目录
- tasks目录:定义任务操作的目录,这个目录里至少要有一个main.yml
- handlers目录:触发操作的目录,这个目录至少要有一个main.yml
- vars目录:定义变量的目录 至少包含一个main.yml目录
- meta目录:定义角色的特殊设定及依赖关系
- default目录:设定默认变量的时候使用此目录里的main.yml
6.2 roles实战—源码安装nginx
[root@localhost ~]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg hosts roles
[root@localhost ansible]# mkdir -pv roles/nginx/{tasks,files,handlers,vars,templates}
mkdir: created directory ‘roles/nginx’
mkdir: created directory ‘roles/nginx/tasks’
mkdir: created directory ‘roles/nginx/files’
mkdir: created directory ‘roles/nginx/handlers’
mkdir: created directory ‘roles/nginx/vars’
mkdir: created directory ‘roles/nginx/templates’
本机安装nginx,过程省略
[root@localhost ansible]# cp /root/nginx-1.15.4.tar.gz roles/nginx/files/
[root@localhost ansible]# cp /usr/local/nginx/conf/nginx.conf roles/nginx/templates/nginx.conf.j2
[root@localhost ansible]# cd roles/nginx/tasks/
[root@localhost tasks]# vim install.yml
- name: install dependent packages
yum: name={{item}}
with_items:
- gcc
- gcc-c++
- pcre-devel
- zlib-devel
- openssl-devel
- name: add nginx user
user: name=nginx create_home=no shell=/sbin/nologin uid=888
- name: unarchive tar file
unarchive: src={{tarball_name}} dest=/usr/src/
- name: configure nginx
shell: ./configure --prefix={{base_dir}} --user={{user}} --group={{group}} --with-http_stub_status_module --with-http_gzip_static_module && make && make install
args:
chdir: /usr/src/{{nginx_dir}}
- name: copy template
template: src=nginx.conf.j2 dest={{base_dir}}/conf/nginx.conf
- name: make soft link
file: src={{base_dir}}/sbin/nginx dest=/usr/sbin/nginx state=link
[root@localhost tasks]# vim test.yml
- name: test syntax error of nginx
shell: /usr/local/nginx/sbin/nginx -t
notify: start nginx
[root@localhost tasks]# vim main.yml
- import_tasks: install.yml #include很快会被取消,这里用import_tasks
- import_tasks: test.yml
[root@localhost tasks]# vim ../templates/nginx.conf.j2
3 worker_processes {{ansible_processor_vcpus+2}};
[root@localhost tasks]# vim ../handlers/main.yml
- name: start nginx
shell: nginx
[root@localhost tasks]# vim ../vars/main.yml
tarball_name: nginx-1.15.4.tar.gz
nginx_dir: nginx-1.15.4
base_dir: /usr/local/nginx
cmd: /usr/local/nginx/sbin/nginx
user: nginx
group: nginx
[root@localhost tasks]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg hosts roles
[root@localhost ansible]# vim nginx_roles.yml
- hosts: all
remote_user: root
roles:
- role: nginx
测试执行过程:
[root@localhost ansible]# ansible-playbook -C nginx_roles.yml
PLAY [all] ****************************************************************************
TASK [Gathering Facts] ****************************************************************
ok: [192.168.20.125]
ok: [192.168.20.126]
TASK [nginx : install dependent packages] *********************************************
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions
is deprecated. Instead of using a loop to supply multiple items and specifying `name:
"{{item}}"`, please use `name: ['gcc', 'gcc-c++', 'pcre-devel', 'zlib-devel',
'openssl-devel']` and remove the loop. This feature will be removed in version 2.11.
Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions
is deprecated. Instead of using a loop to supply multiple items and specifying `name:
"{{item}}"`, please use `name: ['gcc', 'gcc-c++', 'pcre-devel', 'zlib-devel',
'openssl-devel']` and remove the loop. This feature will be removed in version 2.11.
Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
changed: [192.168.20.125] => (item=[u'gcc', u'gcc-c++', u'pcre-devel', u'zlib-devel', u'openssl-devel'])
changed: [192.168.20.126] => (item=[u'gcc', u'gcc-c++', u'pcre-devel', u'zlib-devel', u'openssl-devel'])
TASK [nginx : add nginx user] *********************************************************
changed: [192.168.20.125]
changed: [192.168.20.126]
TASK [nginx : unarchive tar file] *****************************************************
fatal: [192.168.20.125]: FAILED! => {"changed": false, "msg": "dest '/usr/src/nginx-1.15.4' must be an existing dir"}
fatal: [192.168.20.126]: FAILED! => {"changed": false, "msg": "dest '/usr/src/nginx-1.15.4' must be an existing dir"}
PLAY RECAP ****************************************************************************
192.168.20.125 : ok=3 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
192.168.20.126 : ok=3 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
检测执行过程没有错误,可以执行
[root@localhost ansible]# ansible all -m shell -a 'ps -aux | grep nginx'
192.168.20.125 | CHANGED | rc=0 >>
root 19567 0.0 0.0 20556 616 ? Ss 13:06 0:00 nginx: master process nginx
nginx 19568 0.0 0.0 23092 1380 ? S 13:06 0:00 nginx: worker process
root 19647 0.0 0.0 113176 1220 pts/1 S+ 13:06 0:00 /bin/sh -c ps -aux | grep nginx
root 19649 0.0 0.0 112708 964 pts/1 S+ 13:06 0:00 grep nginx
192.168.20.126 | CHANGED | rc=0 >>
root 19612 0.0 0.0 20556 620 ? Ss 13:06 0:00 nginx: master process nginx
nginx 19613 0.0 0.0 23092 1384 ? S 13:06 0:00 nginx: worker process
root 19692 0.0 0.0 113176 1220 pts/1 S+ 13:06 0:00 /bin/sh -c ps -aux | grep nginx
root 19694 0.0 0.0 112708 960 pts/1 S+ 13:06 0:00 grep nginx
变量没有成功,因为install.yml文件里忘记写template模块了 这个时候可以自己去吧后两台的
nginx杀掉,也可以改一下handler 让handler触发,我们采用后者,改完之后再次执行
如下出来效果了,一个4个worker 一个6个worker
[root@localhost ansible]# ansible all -m shell -a 'ps -aux | grep nginx'
192.168.20.126 | CHANGED | rc=0 >>
root 23027 0.0 0.0 20556 620 ? Ss 13:12 0:00 nginx: master process nginx
nginx 23028 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 23029 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 23030 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 23031 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
root 23113 0.0 0.0 113176 1220 pts/1 S+ 13:12 0:00 /bin/sh -c ps -aux | grep nginx
root 23115 0.0 0.0 112708 964 pts/1 R+ 13:12 0:00 grep nginx
192.168.20.125 | CHANGED | rc=0 >>
root 22978 0.0 0.0 20556 680 ? Ss 13:12 0:00 nginx: master process nginx
nginx 22979 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22980 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22981 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22982 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22983 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22984 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
root 23065 0.0 0.0 113176 1216 pts/1 S+ 13:12 0:00 /bin/sh -c ps -aux | grep nginx
root 23067 0.0 0.0 112708 964 pts/1 R+ 13:12 0:00 grep nginx