本篇博客环境基于ansible已搭建完毕:自动化运维工具Ansible的搭建
这是.yml文件的格式要求
[devops@ansible1 ~]$ vim .vimrc
===============================================
autocmd filetype yaml setlocal ai ts=2 sw=2 et
[devops@ansible1 ansible]$ vim playbook.yml
============================================
---
# deploy apache
#哪些主机
- hosts: webservers
#任务
tasks:
#下载httpd服务
- name: install httpd
yum:
name: httpd
state: latest
#启动httpd服务
- name: start httpd
service:
name: httpd
state: started
[devops@ansible1 ansible]$ ansible-playbook playbook.yml --list-hosts
[devops@ansible1 ansible]$ ansible-playbook playbook.yml --list-tasks
#对剧本playbook进行语法检测
[devops@ansible1 ansible]$ ansible-playbook playbook.yml --syntax-check
#执行剧本
[devops@ansible1 ansible]$ ansible-playbook playbook.yml
我们编辑剧本,使访问到的内容指定下来
[devops@ansible1 ansible]$ vim playbook.yml
============================================
---
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.taylorswift.com\n"
dest: /var/www/html/index.html
- name: start httpd
service:
name: httpd
state: started
[devops@ansible1 ansible]$ ansible-playbook playbook.yml
[devops@ansible1 ansible]$ curl ansible2
=========================================
[devops@ansible1 ansible]$ curl ansible3
[devops@ansible1 ansible]$ vim playbook.yml
===========================================
---
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.taylorswift.com\n"
dest: /var/www/html/index.html
- name: configure httpd
copy:
src: files/httpd.conf #将当前所在目录下的files目录中的httpd.conf文件拷贝到目标主机的指定目录中
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
- name: start httpd
service:
name: httpd
state: started
[devops@ansible1 ansible]$ mkdir files
[devops@ansible1 ansible]$ cd files/
[devops@ansible1 files]$ scp server3:/etc/httpd/conf/httpd.conf .
ssh: Could not resolve hostname server3: Name or service not known
[devops@ansible1 files]$ scp ansible3:/etc/httpd/conf/httpd.conf .
httpd.conf 100% 11KB 11.5KB/s 00:00
[devops@ansible1 files]$ ls
httpd.conf
[devops@ansible1 files]$ cd ..
[devops@ansible1 ansible]$ ls
ansible.cfg files inventory playbook.yml
[devops@ansible1 ansible]$ ansible-playbook playbook.yml --syntax-check
[devops@ansible1 ansible]$ ansible-playbook playbook.yml
[devops@ansible1 ansible]$ md5sum files/httpd.conf
[devops@ansible1 ansible]$ vim playbook.yml
==============================================
---
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.taylorswift.com\n"
dest: /var/www/html/index.html
- name: configure httpd
copy:
src: files/httpd.conf
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
- name: start httpd
service:
name: httpd
state: started
enabled: true
[devops@ansible1 ansible]$ ansible-playbook playbook.yml --syntax-check
[devops@ansible1 ansible]$ ansible-playbook playbook.yml
[devops@ansible1 ansible]$ vim playbook.yml
============================================
---
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.taylorswift.com\n"
dest: /var/www/html/index.html
- name: configure httpd
copy:
src: files/httpd.conf
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd
service:
name: httpd
state: started
enabled: true
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
[devops@ansible1 ansible]$ vim files/httpd.conf
=================================================
42 Listen 8080
[devops@ansible1 ansible]$ ansible-playbook playbook.yml --syntax-check
[devops@ansible1 ansible]$ ansible-playbook playbook.yml
[root@ansible2 ~]# netstat -antlp
===================================
[root@ansible3 ~]# netstat -antlp
[devops@ansible1 ansible]$ vim playbook.yml
============================================
---
# deploy apache
- hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "www.taylorswift.com\n"
dest: /var/www/html/index.html
- name: configure httpd
copy:
src: files/httpd.conf
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd
service:
name: httpd
state: started
enabled: true
- name: start firewalld
service:
name: firewalld
state: started
enabled: true
- name: configure firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
[devops@ansible1 ansible]$ ansible-playbook playbook.yml --syntax-check
[devops@ansible1 ansible]$ ansible-playbook playbook.yml
[root@ansible2 ~]# systemctl status firewalld.service
[root@ansible2 ~]# firewall-cmd --list-all
(1)表示方法
[devops@ansible1 ansible]$ vim playbook.yml
============================================
更改如下配置:
- name: create index.html
copy:
content: "{{ ansible_facts['hostname'] }}\n"
dest: /var/www/html/index.html
[devops@ansible1 ansible]$ ansible-playbook playbook.yml --syntax-check
[devops@ansible1 ansible]$ ansible-playbook playbook.yml
[devops@ansible1 ansible]$ vim playbook.yml
============================================
- name: create index.html
copy:
content: "{{ ansible_facts.hostname }}\n"
dest: /var/www/html/index.html
发布:
[devops@ansible1 ansible]$ ansible-playbook playbook.yml --syntax-check
[devops@ansible1 ansible]$ ansible-playbook playbook.yml
[devops@ansible1 ansible]$ ansible test -m setup| less
[devops@ansible1 ansible]$ ansible test -m setup -a 'filter="*ipv4*"'
ansible2 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"172.25.70.2"
],
"ansible_default_ipv4": {}
},
"changed": false
}
[devops@ansible1 ansible]$ vim playbook.yml
- name: create index.html
copy:
content: "{{ ansible_facts.hostname }} {{ ansible_facts['all_ipv4_addresses'] }} \n"
dest: /var/www/html/index.html
tags: one
[devops@ansible1 ansible]$ vim playbook.yml
---
# deploy apache
- hosts: webservers
vars:
http_port: 80
tasks:
- name: install httpd
yum:
name: httpd
state: latest
- name: create index.html
copy:
content: "{{ ansible_facts.hostname }} {{ ansible_facts['all_ipv4_addresses'] }} \n"
dest: /var/www/html/index.html
tags: one
- name: configure httpd
template:
src: files/httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd
service:
name: httpd
state: started
enabled: true
- name: start firewalld
service:
name: firewalld
state: started
enabled: true
- name: configure firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
将子目录下files/httpd.conf重命名为httpd.conf.j2
[devops@ansible1 ansible]$ mv files/httpd.conf files/httpd.conf.j2
编辑httpd.conf.j2文件:
[devops@ansible1 ansible]$ vim files/httpd.conf.j2
==================================================
42 Listen {{ http_port }}
[devops@ansible1 ansible]$ mkdir templates
[devops@ansible1 ansible]$ vim hostinfo.yml
===========================================
---
- host: all
task:
- name: create infofile
template:
src: templates/info.j2
dest: /mnt/hostinfo
===============================================
主机名:{{ ansible_facts.hostname }}
主机IP地址:{{ ansible_facts['all_ipv4_addresses'] }}
根分区大小:{{ ansible_facts['devices']['dm-0']['size'] }}
系统内核:{{ ansible_facts['distribution_version'] }}
语法检测及推送:
[devops@ansible1 ansible]$ vim hostinfo.yml
[devops@ansible1 ansible]$ ansible-playbook hostinfo.yml --syntax-check
playbook: hostinfo.yml
[devops@ansible1 ansible]$ ansible-playbook hostinfo.yml
示例:
[devops@ansible1 ansible]$ vim install.yml
===========================================
---
- hosts: all
tasks:
- name: install httpd
yum:
name: httpd
state: present
when: ansible_facts.hostname == 'ansible2'
- name: install mariadb
yum:
name: mariadb
state: present
when: ansible_facts.hostname == 'ansible3'
语法检测,推送:
也可以使用类似python中列表的方式,指定下载服务:
[devops@ansible1 ansible]$ vim install.yml
==============================================
---
- hosts: all
tasks:
- name: install httpd
yum:
name: '{{ item }}'
state: present
when: ansible_facts.hostname == 'ansible2'
loop:
- httpd
- mariadb
- php
- php-mysql
- name: install mariadb
yum:
name: mariadb
state: present
when: ansible_facts.hostname == 'ansible3'
[devops@ansible1 ansible]$ vim hostinfo.yml
============================================
---
- hosts: all
tasks:
- name: create infofile
template:
src: templates/info.j2
dest: /mnt/hostinfo
- name: create hosts
template:
src: templates/host.j2
dest: /etc/hosts
owner: root
group: root
mode: 644
[devops@ansible1 ansible]$ vim templates/host.j2
=================================================
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.250 content.example.com
{% for host in groups['webservers'] %}
{{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }} {{ hostvars[host]['ansible_facts']['hostname'] }}
{% endfor %}
[devops@ansible1 ansible]$ vim inventory
==========================================
[test]
ansible2
ansible1
[db]
ansible3
[webservers:children]
test
db
[devops@ansible1 ansible]$ ssh-copy-id ansible1
[devops@ansible1 ansible]$ vim adduser.yml
===========================================
---
- hosts: all
tasks:
- name: create users
user:
name: "{{ item }}"
state: present
password: redhat
loop:
- user1
- user2
- user3
- user4
推送:
[devops@ansible1 ansible]$ ansible-playbook adduser.yml
[devops@ansible1 ansible]$ pwd
/home/devops/ansible
[devops@ansible1 ansible]$ mkdir vars
[devops@ansible1 ansible]$ vim vars/userllist.yml
[devops@ansible1 ansible]$ ansible-vault encrypt vars/userllist.yml
New Vault password:
Confirm New Vault password:
Encryption successful
[devops@ansible1 ansible]$ ansible-vault view vars/userllist.yml
Vault password:
---
- hosts: all
vars_files:
- vars/userlist.yml
tasks:
- name: create users
user:
name: "{{ item.user }}"
state: present
password: "{{ item.pass | password_hash('sha512','mysecretsalt') }}"
loop: "{{ userlist }}"
推送
如果我们对两个文件都加密了,那么一定要密码相同,因为推送时只会输入一次密码:
[devops@ansible1 ansible]$ ansible-vault encrypt adduser.yml
New Vault password:
Confirm New Vault password:
Encryption successful
[devops@ansible1 ansible]$ cat adduser.yml
$ANSIBLE_VAULT;1.1;AES256
37316265646263373061646630643330613961663262323866353462643532333265663165376365
6463383537336130623164303232626662643738306563650a636431666265316162363533303766
30326363346363656238666261323864366364306366616233633437653137633437646639623565
6161326633616132370a383330383231333435633932626165346561393432333737653832356263
36666137306634316430646532383731303035323139353837666334346363316266653962313465
65663532643439306565353230373862626666383537646339613462333337613230363138353161
65353065353562356332643038373933386266313335643939353062656331646638383262663633
66323739626537663532326664613432653034383537373763383030396139323965303961656632
34643239646563373531613635623437653831396436363466633335363035656163356363366463
62346462313865303566323134643936343061376163356263393135333964653934326261633635
34353465613434653631396230643732333437623263333964343165653361316433393030373937
65366461373263626565333166316331313462616533383033616336366435373633306263323536
38643061393136636330346661363132353461323139343131656634306264333763636364613931
32396635613439663564326132656333656330613434363233626537623037323161656363383361
66396430323138353833626230323936656563373532306634376139373961643434313134396261
61363665303036383433653866383766356335303663323364373061356266656138353035313439
31353235633631353331353636623632306530323839353337353434303737373339
[devops@ansible1 ansible]$ vim hostinfo.yml
===========================================
---
- hosts: all
tasks:
- name: create infofile
template:
src: templates/info.j2
dest: /mnt/hostinfo
- name: create hosts
template:
src: templates/host.j2
dest: /etc/hosts
owner: root
group: root
mode: 0644
推送
[devops@ansible1 ansible]$ ansible-playbook hostinfo.yml