vim /etc/ansible/ansible.cfg,开启如下选项
[privilege_escalation] ##这一部分为提升权限的参数,如果使用普通用户需要开启。目标服务器普通用户需要有免密码使用sudo功能
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
把ansible-playbook执行的输出结果打印出来
---
- hosts: xixi
tasks:
- name: iptables list
shell: iptables -L
register: list ## register指令把pwd执行结果寄存到自定义变量中
- name: echo list
debug:
msg: "{{ list }}" ## 打印变量
使用template模块推送文件,触发handler执行任务。
---
- hosts: qunhu
tasks:
- name: copy template
template: src=iptables.j2 dest=/etc/sysconfig/iptables
notify: restartiptables ##调用handlers名称 执行对应handler任务
handlers:
- name: restartiptables
service: name=iptables state=restarted
重启所有ATS节点并打印日志
cat restart.yml
---
- hosts: ATS
tasks:
- name: restart service
service: name=trafficserver state=restarted
- name: sleep 5s
command: sleep 5
- name: tail log
shell: tail /var/log/trafficserver/diags.log
register: log ## register指令把pwd执行结果寄存到自定义变量中
- name: echo log
debug:
msg: "{{ log }}" ## 打印变量
重启ATS服务,删除缓存,并打印日志
cat cacha.yml
---
- hosts: ATS
tasks:
- name: stop service
service: name=trafficserver state=stopped
- name: delete cache
shell: rm -f /home/cache/cache.db ##ATS缓存文件存放位置
- name: start service
service: name=trafficserver state=started
- name: tail log
shell: tail /var/log/trafficserver/diags.log
register: log ## register指令把pwd执行结果寄存到自定义变量中
- name: echo log
debug:
msg: "{{ log }}" ## 打印变量
为所有ATS创建清理日志脚本并使用计划任务定时清理超过30天的日志文件。
[root@jumpserver ~/.ansible/roles]$cat ats.yml
---
- hosts: ATS
tasks:
- name: copy clean log file
copy: src=file/cleanlog.sh dest=/var/log/trafficserver/cleanlog.sh mode=744
- name: shell script
command: sh /var/log/trafficserver/cleanlog.sh
- name: crontab
cron: minute=1 hour=0 day=* month=* weekday=* name="clean trafficserver log" job="/var/log/trafficserver/cleanlog.sh"
定时清理日志脚本内容
[root@jumpserver ~/.ansible/roles]$cat file/cleanlog.sh
#!/bin/bash
##定期清理trafficserver日志文件,只保留30天
path=/var/log/trafficserver
find $path -name "*.old" -type f -mtime +30 -exec rm {} \; > /dev/null 2>&1
批量修改所有服务器用户密码
[root@jumpserver ~/.ansible/roles]$cat passwd.yml
---
- hosts: all
tasks:
- name: change password
user: name={{ user }} password={{ pass | password_hash('sha512') }} update_password=always
[root@jumpserver ~/.ansible/roles]$ansible-playbook passwd.yml -e 'user=root pass="123456"'
为所有web服务器增加别名
[root@jumpserver ~/.ansible/roles]$cat git.yml
---
- hosts: webserver
tasks:
- name: alias
shell: echo "alias gitpull='sudo git pull origin master'" >> /etc/bashrc
- name: source /etc/bashrc
shell: source /etc/bashrc
安装httpd服务,并调用自定义配置文件跟网页文件。
[root@jumpserver ~/.ansible/roles]$cat http.yml
---
- hosts: webserver
tasks:
- name: install httpd package
yum: name=httpd state=present
- name: copy conf file
copy: src=file/httpd.conf dest=/etc/httpd/conf/ backup=yes
notify: restart service
- name: copy index.html
copy: src=file/index.html dest=/var/www/html/ backup=yes
- name: start service
service: name=httpd state=started enabled=yes
tags: restarthttpd
handlers:
- name: restart service
service: name=httpd state=restarted
判断服务器操作系统不同版本使用不同nginx配置文件
[root@jumpserver ~/.ansible/roles]$cat temptest.yml
---
- hosts: nginx
vars:
- http_port: 89
tasks:
- name: install package
yum: name=nginx
- name: copy template for centos7
template: src=template7.conf.j2 dest=/etc/nginx/nginx.conf
notify: restart nginx
when: ansible_distribution_major_version == "7"
- name: copy template for centos6
template: src=template6.conf.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_major_version == "6"
notify: restart nginx
- name: start service
service: name=nginx state=restarted enabled=yes
handlers:
- name: restart nginx
service: name=nginx state=restarted
批量安装zabbix-agent以及修改zabbix客户端的Server和ServerActive的ip
[root@jumpserver ~/.ansible/roles]$cat zabbix.yml
---
- hosts: zabbix
tasks:
- name: copy repo
template: src=zabbix.repo.j2 dest=/etc/yum.repos.d/zabbix.repo
- name: install zabbix-agent
yum: name=zabbix-agent state=present
- name: sed Server ip
shell: sed -i "s@Server=127.0.0.1@Server=1.1.1.1@g" /etc/zabbix/zabbix_agentd.conf
- name: sed ServerActive ip
shell: sed -i "s@ServerActive=127.0.0.1@ServerActive=1.1.1.1@g" /etc/zabbix/zabbix_agentd.conf
notify: restartzabbix
handlers:
- name: restartzabbix
service: name=zabbix-agent state=restarted enabled=yes
nginx的roles角色使用
├── nginx
│ ├── tasks
│ │ ├── group.yml
│ │ ├── main.yml
│ │ ├── restart.yml
│ │ ├── start.yml
│ │ ├── templ.yml
│ │ ├── user.yml
│ │ └── yum.yml
│ └── templates
│ └── nginx.conf.j2
├── nginx_role.yml
[root@jumpserver /etc/ansible/roles]$cat nginx_role.yml
- hosts: nginx
roles:
- role: nginx
[root@jumpserver /etc/ansible/roles]$cat nginx/tasks/main.yml
- include: group.yml
- include: user.yml
- include: yum.yml
- include: templ.yml
- include: start.yml
- include: restart.yml
[root@jumpserver /etc/ansible/roles]$cat nginx/tasks/group.yml
- name: create group
group: name=nginx gid=80
[root@jumpserver /etc/ansible/roles]$cat nginx/tasks/user.yml
- name: create user
user: name=nginx uid=80 group=nginx system=yes shell=/sbin/nologin
[root@jumpserver /etc/ansible/roles]$cat nginx/tasks/yum.yml
- name: yum nginx
yum: name=nginx state=present
[root@jumpserver /etc/ansible/roles]$cat nginx/tasks/templ.yml
- name: copy conf
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
[root@jumpserver /etc/ansible/roles]$cat nginx/tasks/start.yml
- name: start service
service: name=nginx state=started enabled=yes
[root@jumpserver /etc/ansible/roles]$cat nginx/tasks/restart.yml
- name: restart service
service: name=nginx state=restarted
使用roles安装Mariadb最新版本
├── mysql
│ ├── files
│ ├── tasks
│ │ ├── cnf.yml
│ │ ├── main.yml
│ │ ├── repo.yml
│ │ └── yum.yml
│ └── templates
│ ├── MariaDB.repo.j2
│ └── my.cnf.j2
├── mysql_role.yml
[root@mysql-master roles]# cat mysql_role.yml
- hosts: mysql
roles:
- mysql
[root@mysql-master roles]# cat mysql/templates/MariaDB.repo.j2
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3.7/centos7-amd64/
gpgkey=http://yum.mariadb.org/RPM-GPG-KEY-MariaDB
enabled=1
gpgcheck=1
[root@mysql-master roles]# cat mysql/templates/my.cnf.j2
[mysqld]
port = 3306
.....
[root@mysql-master roles]# cat mysql/tasks/main.yml
- include: repo.yml
- include: yum.yml
- include: cnf.yml
[root@mysql-master roles]# cat mysql/tasks/repo.yml
- name: copy repo file
template: src=MariaDB.repo.j2 dest=/etc/yum.repos.d/MariaDB.repo
[root@mysql-master roles]# cat mysql/tasks/yum.yml
- name: install mariadb
yum: name=mariadb
- name: install mariadb-server
yum: name='MariaDB-server'
- name: install mariadb-client
yum: name=MariaDB-client
- name: install socat
yum: name=socat
[root@mysql-master roles]# cat mysql/tasks/cnf.yml
- name: copy my.cnf file
template: src=my.cnf.j2 dest=/etc/my.cnf mode=644