下载ansible
pip3 install -i https://pypi.douban.com/simple/ ansible
配置ssh
https://aguai.fun/%E8%87%AA%E5%8A%A8%E5%8C%96%E7%AE%A1%E7%90%86ssh.html
ansible使用原则
确定要操作哪些服务器(服务器列表)
确定对这些服务器进行什么样的操作(命令)
第一次连通
[root@localhost ~]# mkdir /etc/ansible
[root@localhost ~]# vim /etc/ansible/hosts
[test]
127.0.0.1
192.168.1.20
[root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 127.0.0.1
[root@localhost ~]# ansible test -m ping
第二次连通
[root@localhost ~]# vim /etc/ansible/ansible.cfg
[defaults]
remote_port = 22
remote_user = root
[root@localhost ~]# ansible test -m ping
[root@localhost ~]# ansible test -m command -a "hostname"
传输文件
[root@localhost ~]# mkdir /tmp/abc
[root@localhost ~]# cd /tmp/abc/
[root@localhost abc]# ls
666.txt
[root@localhost abc]# ansible test -m copy -a "src=/tmp/abc/666.txt dest=/opt/666.txt"
再执行一遍命令就变绿色了
安装东西
[root@localhost abc]# ansible test -m yum -a "name=tmux state=present" -become
再执行一遍就变绿了
写剧本
[root@localhost abc]# vim test_playbook.yml
---
- hosts: test
become: yes
become_method: sudo
tasks:
- name: copy file
copy: src=/tmp/abc/666.txt dest=/opt/666.txt
- name: package install
yum: name={{item}} state=present
with_items:
- tmux
[root@localhost abc]# ansible-playbook test_playbook.yml
第二次执行就正常了
指定
[root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.1.10
[root@localhost ~]# vim hosts
[demo]
192.168.1.20
192.168.1.10
[root@localhost ~]# rm -rf /etc/ansible/hosts
[root@localhost ~]# ansible demo -i hosts -m ping
Inventory管理
[root@localhost ~]# vim /etc/ansible/ansible.cfg
[defaults]
remote_port = 22
remote_user = root
inventory = /root/hosts
[root@localhost ~]# ansible demo --list-hosts
hosts (2):
192.168.1.20
192.168.1.10
按照服务器的功能,需要对服务器进行分类管理
hosts文件的定义就需要进行分组管理IP
按组定义hosts
[root@localhost ~]# vim hosts
127.0.0.1
[webservers]
192.168.1.10
[dbservers]
192.168.1.20
[root@localhost ~]# ansible webservers --list-hosts
hosts (1):
192.168.1.10
[root@localhost ~]# ansible dbservers --list-hosts
hosts (1):
192.168.1.20
[root@localhost ~]# ansible all --list-hosts
hosts (3):
127.0.0.1
192.168.1.10
192.168.1.20
[root@localhost ~]# ansible '*' --list-hosts
hosts (3):
127.0.0.1
192.168.1.10
192.168.1.20
[root@localhost ~]# vim hosts
127.0.0.1
[webservers]
192.168.1.10
[dbservers]
192.168.1.20
[common:children]
webservers
dbservers
[root@localhost ~]# ansible common --list-hosts
hosts (2):
192.168.1.10
192.168.1.20
按匹配规则定义hosts
[root@localhost ~]# vim hosts
127.0.0.1
[webservers]
192.168.1.10
blog.skx.com
soft.skx.com
img.skx.com
[dbservers]
192.168.1.20
[common:children]
webservers
dbservers
[root@localhost ~]# ansible *.skx.com --list-hosts
hosts (3):
blog.skx.com
soft.skx.com
img.skx.com
定义服务器变量
[root@localhost ~]# vim /etc/ansible/hosts
[test]
192.168.1.20 ansible_port=22
192.168.1.10 ansible_port=22
[root@localhost ~]# ansible test -i /etc/ansible/hosts -m ping
[root@localhost ~]# ansible test -i /etc/ansible/hosts -a 'echo {{ansible_port}}'
192.168.1.20 | CHANGED | rc=0 >>
22
192.168.1.10 | CHANGED | rc=0 >>
22
[root@localhost ~]# vim /etc/ansible/hosts
[test]
192.168.1.20
192.168.1.10
[test:vars]
ansible_port=22
[root@localhost ~]# ansible test -i /etc/ansible/hosts -a 'echo {{ansible_port}}'
192.168.1.20 | CHANGED | rc=0 >>
22
192.168.1.10 | CHANGED | rc=0 >>
22
yaml语法
目录结构
[root@localhost ansible]# tree
.
├── ansible.cfg
├── group_vars
│ └── test.yaml
├── hosts
└── host_vars
└── 192.168.1.10.yaml
2 directories, 4 files
[root@localhost ansible]# vim ./group_vars/test.yaml
mysql_port: 3307
[root@localhost ansible]# touch ./host_vars/192.168.1.10.yaml
[root@localhost ansible]# vim ./host_vars/192.168.1.10.yaml
ansible_port: 22
[root@localhost ansible]# vim ~/hosts
127.0.0.1
[webservers]
192.168.1.10
[dbservers]
192.168.1.20
[common:children]
webservers
dbservers
[root@localhost ansible]# ansible webservers -a 'echo {{ansible_port}}'
192.168.1.10 | CHANGED | rc=0 >>
22
[root@localhost ansible]# ansible test -a 'echo {{mysql_port}}'
[WARNING]: Could not match supplied host pattern, ignoring: test
[WARNING]: No hosts matched, nothing to do
ansible常用模块演示
ping模块
[root@localhost ansible]# ansible common -m ping
远程指令
[root@localhost ansible]# ansible common -m command -a 'hostname'
[root@localhost ansible]# ansible common -a 'whoami'
执行带管道的远程命令
raw
[root@localhost ansible]# ansible common -m raw -a 'cat /etc/passwd | wc -l'
shell
[root@localhost ansible]# ansible common -m shell -a 'cat /etc/passwd | wc -l'
创建目录
[root@localhost ansible]# ansible common -m file -a 'path=/opt/test mode=0755 state=directory'
创建文件
[root@localhost ~]# mkdir /opt/abc
[root@localhost ansible]# ansible common -m file -a 'path=/opt/abc/test.md mode=0755 state=touch'
更新权限
[root@localhost ansible]# ansible common -m file -a 'path=/opt/abc mode=0640 state=touch'
删除文件目录或链接
[root@localhost ansible]# ansible common -m file -a 'path=/opt/abc mode=0640 state=absent'
改变所有者
[root@localhost ansible]# ansible common -m file -a 'path=/opt/abc mode=0640 owner=test group=root' -become
ansible拆分playbook.yml
安装yaml
[root@localhost ~]# yum install yaml
编写文件
[root@localhost ~]# vim all.yml
---
- include: db.yml
- include: web.yml
[root@localhost ~]# vim db.yml
---
- hosts: dbservers
become: yes
become_method: sudo
tasks:
- name: install mongodb
yum: name=mongodb-server state=present
[root@localhost ~]# vim web.yml
---
- hosts: webservers
tasks:
- name: git
copy: src=/tmp/data.txt dest=/opt/data.txt
- name: change mode
file: dest=/opt/data.txt mode=655 owner=test group=root
执行命令列出主机
[root@localhost ~]# ansible-playbook all.yml --list-hosts
创建文件
[root@localhost ~]# cd /tmp/
[root@localhost tmp]# touch data.txt
提前测试
[root@localhost ~]# ansible-playbook all.yml --step
使用Playbook部署nginx
[root@localhost ~]# vim nginx.yml
---
- hosts: webservers
become: yes
become_method: sudo
vars:
worker_prosess: 4
worker_connections: 768
max_open_files: 65506
tasks:
- name: install nginx
yum: name=nginx update_cache=yes state=present
- name: copy nginx config file
template: src=/home/root/test_ansible/nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: restart nginx
- name: copy index.html
template:
src: /home/root/test_ansible/index.html.j2
dest: /usr/share/nginx/www/index.html
mode: 0644
notify: restart nginx
handlers:
- name: restart nginx
service: name=nginx state=restarted
[root@localhost ~]# mkdir /home/root/test_ansible/
[root@localhost ~]# vim /home/root/test_ansible/nginx.conf.j2
worker_processes {{ worker_prosess }};
worker_rlimit_nofile {{ max_open_files }};
events {
worker_connections {{ worker_connections }};
}
http {
server {
listen 80;
# listen 443 ssl;
server_name localhost;
location / {
root /usr/share/nginx/www;
index index.html index.htm;
# tr_files $uri $uri/ =404;
}
}
}
[root@localhost ~]# vim /home/root/test_ansible/index.html.j2
<html>
<meta charset="utf-8">
<head>
<title>wellcome to ansible</title>
</head>
<body>
<h1>nginx, configured by ansible</h1>
<p>如果你能看到这个页面,说明ansible自动部署nginx成功了!</p>
<p>{{ ansible_hostname }}<p>
</body>
</html>
[root@localhost ~]# mkdir -p /usr/share/nginx/www
[root@localhost ~]# systemctl status nginx.service
[root@localhost ~]# ansible-playbook nginx.yml --step
启动nginx
[root@localhost ~]# systemctl start nginx
[root@localhost ~]# nginx
更改提示内容
[root@localhost ~]# yum install cowsay
role
https://galaxy.ansible.com/
mong-db
[root@localhost ~]# ansible-galaxy install geerlingguy.mysql
[root@localhost ~]# ll /root/.ansible/roles/geerlingguy.mysql/
总用量 16
drwxr-xr-x. 2 root root 22 5月 21 17:25 defaults
drwxr-xr-x. 2 root root 22 5月 21 17:25 handlers
-rw-rw-r--. 1 root root 1080 3月 18 02:35 LICENSE
drwxr-xr-x. 2 root root 50 5月 21 17:25 meta
drwxr-xr-x. 3 root root 21 5月 21 17:25 molecule
-rw-rw-r--. 1 root root 9002 3月 18 02:35 README.md
drwxr-xr-x. 2 root root 231 5月 21 17:25 tasks
drwxr-xr-x. 2 root root 67 5月 21 17:25 templates
drwxr-xr-x. 2 root root 126 5月 21 17:25 vars
[root@localhost ~]# ansible-galaxy list
[root@localhost ~]# ansible-galaxy install geerlingguy.redis
791
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
