Ansible-playbook

1.Ad-Hoc简介
1)ad-hoc命令
执行shell命令,或shell脚本。可以执行一些简单的命令,不需要将这些执行的命令特别保存下来。
适合执行简单的命令
2)Ansible playbook
可以解决比较复杂的任务,可以将命令保存下来。适合执行配置管理或部署客户机

2.Ansible playbook

playbook是由一个或多个模块组成的,使用多个不同的模块,完成一件事
playbook通过yaml语法识别描述的状态文件.扩展名是yaml

1).YAML三板斧
缩进
    YAML使用一个固定的缩进风格表示层级结构,每个缩进由两个空格组成,不能使用tab(默认一个tab=4个空格)
    解决方法:
    [ ~]# cat .vimrc 
    set number
    set tabstop=2
冒号
    以冒号结尾的除外,其他所有冒号后面必须有空格
短横线
    表示列表项,使用一个短横杠加一个空格。
    多个项使用同样的缩进级别作为同一列表。        
who 
    谁
what
    事情
how 
    动作
    
ansible-playbook命令格式    
ansible-playbook [option] filename

常用选项:
-C, --check           模拟运行
--list-hosts          列出剧本主机清单
[ ansible_playbook]# ansible-playbook --list-hosts apache.yaml 

playbook: apache.yaml

  play #1 (web): web    TAGS: []
    pattern: [u‘web‘]
    hosts (1):
      172.16.1.7

--list-tags           列出剧本标记
--list-tasks          列出剧本任务
[ ansible_playbook]# ansible-playbook --list-tasks apache.yaml 

playbook: apache.yaml

  play #1 (web): web    TAGS: []
    tasks:
      Install Apache    TAGS: []
      Start Apache    TAGS: []

--syntax-check        检测语法
[ ansible_playbook]# ansible-playbook --list-tags apache.yaml 

playbook: apache.yaml

案例:编写apache剧本

1)准备apache的配置文件
mkdir -p /etc/ansible/ansible_playbook/conf
scp 172.16.1.7:/etc/httpd/conf/httpd.conf /etc/ansible/ansible_playbook/conf
sed -i "s#Listen 80#Listen 8080#g" conf/httpd.conf 
2).写yaml剧本文件
[ ansible_playbook]# cat apache.yaml 
- hosts: web
  tasks: 
  
    - name: Install Apache
      yum: name=httpd state=installed

    - name: Configure Httpd.conf
      copy: src=/etc/ansible/ansible_playbook/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
      notify: Restart Http Service

    - name: Start Apache
      service: name=httpd state=started enabled=yes

  handlers:
    - name: Restart Http Service
      service: name=httpd state=restarted

2).playbook的核心元素

hosts:主机清单
tasks:任务
vars:变量
handlers:特定条件触发的任务
template:包含横版语法的文本文件

3.Ansible项目案例
1.环境规划

角色            外网IP(NAT)     内网IP(LAN)       主机名
backup          eth0:10.0.1.51  eth1:172.16.1.51  rsync
nfs             eth0:10.0.1.41  eth1:172.16.1.41  nfs、Sersync
m01             eth0:10.0.1.71  eth1:172.16.1.71  ansible
web01           eth0:10.0.1.7   eth1:172.16.1.7   httpd

实施步骤:(hosts:all)
m01的配置要求
1)保证ssh密钥认证生效
2)安装ansible
3)准备所有的配置文件
本地hosts
selinux配置文件
rsyncd.conf
exports
mail.rc
sersync
rsync备份脚本
rsync检测脚本

mkdir -p /etc/ansible/ansible_playbook/{conf,file,scripts,tools}

1.基础环境部署

1)网络环境(SELinux firewalld)
    - name: Disable SELinux
      copy: src=./conf/selinux.config  dest=/etc/selinux/config
 
    - name: Stop SElinux
      shell: setenforce 0

    - name: Disable Firewaldl
      service: name=firewalld state=stopped enabled=no
2)epel仓库
    - name: Create Epel Repo
      get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo
3)安装rsync,nfs-utils软件包
    - name: Installed Rsync NFS
      yum: name=rsync,nfs-utils state=installed
4)创建组
    - name: Create Group
      group: name=www gid=666
5)创建用户
    - name: Create User
      user: name=www uid=666 group=666 create_home=no shell=/sbin/nologin
6)创建目录,并修好所属和权限
    - name: Create Directory /data
      file: path=/data owner=666 group=666 recurse=yes state=directory
      
    - name: Create Directory /backup
      file: path=/backup owner=666 group=666 recurse=yes state=directory

    - name: Create Scripts Directory
      file: path=/server/scripts state=directory  
7)推送Rsync客户端备份脚本
    - name: Push Rsync Backup
      copy: src=./scripts/rsync_backup.sh dest=/server/scripts/rsync_backup.sh
8)推送rsync客户端密码文件,并修改取消
    - name: Create Rsync Client Pass File
      copy: content="1" dest=/etc/rsync.pass mode=600
9)计划任务
    - name: Create Rsync Client Crontab
      cron: name="Rsync Backup" hour=1 minute=0 job="bin/sh /server/scripts/rsync_backup.sh &> /dev/null"

base.yaml剧本内容:

- hosts: all
  tasks:

    - name: Disable SELinux   
      copy: src=./conf/selinux.config  dest=/etc/selinux/config
      notify: Stop SElinux

    - name: Disable Firewalld
      service: name=firewalld state=stopped enabled=no

    - name: Create Epel Repo
      get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo

    - name: Installed Rsync NFS
      yum: name=rsync,nfs-utils state=installed

    - name: Create Group
      group: name=www gid=666

    - name: Create User
      user: name=www uid=666 group=666 create_home=no shell=/sbin/nologin

    - name: Create Directory /data
      file: path=/data owner=666 group=666 recurse=yes state=directory
      
    - name: Create Directory /backup
      file: path=/backup owner=666 group=666 recurse=yes state=directory

    - name: Create Scripts Directory
      file: path=/server/scripts state=directory

    - name: Push Rsync Backup
      copy: src=./scripts/rsync_backup.sh dest=/server/scripts/rsync_backup.sh

    - name: Push Hosts File
      copy: src=./conf/hosts dest=/etc/hosts

    - name: Create Rsync Client Pass File
      copy: content="1" dest=/etc/rsync.pass mode=600

    - name: Create Rsync Client Crontab
      cron: name="Rsync Backup" hour=1 minute=0 job="/bin/sh /server/scripts/rsync_backup.sh &> /dev/null"

  handlers:

    - name: Stop SElinux
      shell: setenforce 0

2.rsync部署

1)安装rsync,mailx
    - name: Install Rsync Mailx
      yum: name=rsync,mailx state=installed
2)配置
    - name: Push Rsync Config File
      copy: src=./conf/rsyncd.conf dest=/etc/rsyncd.conf
      notify: Restart Rsyncd
      
    - name: Create Rsync Auth File
      copy: content=‘rsync_backup:1‘ dest=/etc/rsync.passwd mode=600
      
  handlers:
    - name: Restart Rsyncd
      service: name=rsyncd state=restarted      
3)启动
    - name: Start Rsync Service
      service: name=rsyncd state=started enabled=yes

    - name: Push Mailx Config File
      copy: src=./conf/mail.rc dest=/etc/mail.rc
4)脚本任务
    - name: Push Rsync Check Script
      copy: src=./scripts/rsync_check.sh dest=/server/scripts/rsync_check.sh
5)计划任务
    - name: Create Rsync Check
      cron: name=‘Rsync Check‘ hour=5 minute=0 job=‘/bin/sh /server/scripts/rsync_check.sh &>/dev/null‘

rsync.yaml剧本内容:

- hosts: backup 
  tasks:

    - name: Install Rsync Mailx
      yum: name=rsync,mailx state=installed

    - name: Push Rsync Config File
      copy: src=./conf/rsyncd.conf dest=/etc/rsyncd.conf
      notify: Restart Rsyncd

    - name: Create Rsync Auth File
      copy: content=‘rsync_backup:1‘ dest=/etc/rsync.passwd mode=600

    - name: Start Rsync Service
      service: name=rsyncd state=started enabled=yes

    - name: Push Mailx Config File
      copy: src=./conf/mail.rc dest=/etc/mail.rc

    - name: Push Rsync Check Script
      copy: src=./scripts/rsync_check.sh dest=/server/scripts/rsync_check.sh

    - name: Create Rsync Check
      cron: name=‘Rsync Check‘ hour=5 minute=0 job=‘/bin/sh /server/scripts/rsync_check.sh &>/dev/null‘

  handlers:
    - name: Restart Rsyncd
      service: name=rsyncd state=restarted

3.nfs部署

1)安装nfs-utils
    - name: Install NFS
      yum: name=nfs-utils state=installed
2)配置
    - name: Push NFS Config File
      copy: src=./conf/exports dest=/etc/exports
      notify: Restart NFS

  handlers:
    - name: Restart NFS
      service: name=nfs state=restarted
3)启动
    - name: Start Rpcbind Server
      service: name=rpcbind state=started

    - name: Start NFS Server
      service: name=nfs state=started enabled=yes

nfs.yaml剧本内容:

- hosts: nfs
  tasks: 

    - name: Install NFS
      yum: name=nfs-utils state=installed

    - name: Push NFS Config File
      copy: src=./conf/exports dest=/etc/exports
      notify: Restart NFS

    - name: Start Rpcbind Server
      service: name=rpcbind state=started

    - name: Start NFS Server
      service: name=nfs state=started enabled=yes

  handlers: 
    - name: Restart NFS
      service: name=nfs state=restarted

4.sersync部署

1)在m01上下载sersync
wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/sersync/sersync2.5.4_64bit_binary_stable_final.tar.gz
2)解压并修改配置文件
3)推送至nfs
    - name: Install Inotify_tools
      yum: name=inotify-tools state=installed

    - name: Push Sersync
      copy: src=./tools/sersync dest=/usr/local/ mode=755
4)启动sersync
    - name: start Sersync
      shell: /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
注意:多次执行该剧本,会启动多个sersync进程,如何解决?

sersync.yaml剧本内容:

- hosts: nfs
  tasks: 

    - name: Install Inotify_tools
      yum: name=inotify-tools state=installed

    - name: Push Sersync
      copy: src=./tools/sersync dest=/usr/local/ mode=755

    - name: start Sersync
      shell: /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml

5.web部署

1)安装httpd
    - name: Install httpd
      yum: name=httpd state=installed
2)启动
    - name: Start httpd
      service: name=httpd state=started
3)挂载
    - name: Mount NFS Storage
      mount: src=nfs:/data path=/var/www/html fstype=nfs state=mounted

web.yaml剧本内容:

- hosts: web
  tasks:

    - name: Install httpd
      yum: name=httpd state=installed

    - name: Start httpd
      service: name=httpd state=started

    - name: Mount NFS Storage
      mount: src=nfs:/data path=/var/www/html fstype=nfs state=mounted
将所有编写好的yaml引入至一个文件中,这样便于一次执行
[ ansible_playbook]# cat main.yaml 
- import_playbook: base.yaml
- import_playbook: rsync.yaml
- import_playbook: nfs.yaml
- import_playbook: sersync.yaml
- import_playbook: web.yaml

相关推荐