布置调度器
[devops@server1 ansible]$ pwd
/home/devops/ansible
[devops@server1 ansible]$ vim hosts
[test]
172.25.3.2
[prod]
172.25.3.3
[webserver:children]
test
prod
[lb]
172.25.3.1
[root@server1 ~]# yum install haproxy -y
[devops@server1 ansible]$ vim playbook4.yml
---
- hosts: webserver
tasks:
- name: install httpd
dnf:
name: httpd
state: present
- name: start httpd
service:
name: httpd
state: started
enabled: yes
- name: accept httpd
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
[root@server1 haproxy]# vim /etc/haproxy/haproxy.cfg
添加
stats uri /status
stats auth admin:westos
改动地方:
frontend main
bind *:80
# acl url_static path_beg -i /static /images /javascript /stylesheets
# acl url_static path_end -i .jpg .gif .png .css .js
# use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
# balance roundrobin
# server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 172.25.3.2:80 check
server app2 172.25.3.3:80 check
[root@node1 ~]# systemctl disable --now httpd.service#httpd和haproxy不能同时使用
[root@server1 haproxy]# systemctl start haproxy
%布置了调度器,然后再加一个server,就直接被加在调度器里面
%使用魔术变量
#循环取webserver里面的主机
改动:
[devops@server1 ansible]$ cp /etc/haproxy/haproxy.cfg haproxy.cfg.j2
[devops@server1 ansible]$ vim haproxy.cfg.j2
backend app
balance roundrobin
{% for host in groups['webserver'] %}
server {{ hostvars[host]['ansible_facts']['hostname'] }} {{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }}:80 check
{% endfor %}
#循环取webserver里面的主机,读取的结果在/etc/haproxy/haproxy.cfg查看wei:
[devops@server1 ansible]$ vim haproxy.yml
---
- hosts: lb
tasks:
- name: install haproxy
dnf:
name: haproxy
state: present
- name: configure haproxy #监控
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
notify: restart haproxy
- name: start haproxy
service:
name: haproxy
state: started
- name: accept haproxy
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
handlers:
- name: restart haproxy
service:
name: haproxy
state: reloaded
[devops@server1 ansible]$ cat playbook4.yml
---
- hosts: webserver
tasks:
- name: install httpd
dnf:
name: httpd
state: present
- name: start httpd
service:
name: httpd
state: started
enabled: yes
- name: create index.html
copy:
content: "{{ ansible_hostname }}\n"
dest: /var/www/html/index.html
- name: accept httpd
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
- import_playbook: haproxy.yml
测试
网页访问:http://172.25.3.1/status
%新建立一个快照,改ip。建立普通用户,该密码;建立文件ansible,编辑hosts。做visudo.上锁,yum源%还要作触发器
[devops@server1 ansible]$ ansible-playbook playbook4.yml
主机变量,组变量
%playbook.yml里的变量是最优先的
#到server2里自动获取密码,在文件vault里的passwd: westos,其中passwd是比那变量
%主机变量高于组变量;主机变量是加载每个主机不同的变量;组变量是加载公共变量
[devops@server1 ansible]$ mkdir group_vars
[devops@server1 group_vars]$ mkdir group_vars/wevserver
[devops@server1 webserver]$ vim group_vars/wevserver/vars
[devops@server1 ansible]$ cat group_vars/webserver/vars
http_port: 8080
[devops@server1 ansible]$ mkdir host_vars
[devops@server1 ansible]$ mkdir host_vars/172.25.3.2
[devops@server1 ansible]$ vim host_vars/172.25.3.2/vars
[devops@server1 ansible]$ cat host_vars/172.25.3.2/vars
http_port: 80
[devops@server1 ansible]$ tree .
.
├── ansible.cfg
├── database.yml
├── group_vars
│ └── webserver
│ └── vars
├── haproxy.cfg.j2
├── haproxy.yml
├── hostinfo.j2
├── hosts
├── host_vars
│ └── 172.25.3.2
│ └── vars
[devops@server1 ansible]$ vim playbook4.yml
添加了
- name: config httpd
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify: restart httpd
- name: accept 8080
firewalld:
port: 8080/tcp
permanent: yes
immediate: yes
state: enabled
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
#- import_playbook: haproxy.yml
[devops@server1 ansible]$ ansible-playbook playbook4.yml#跑完之后,server2里的端口为80。server3里为8080
[devops@server1 ansible]$ vim host_vars/172.25.3.2/vault
[devops@server1 ansible]$ cat host_vars/172.25.3.2/vault
passwd: westos
[devops@server1 ansible]$ ansible-vault encrypt host_vars/172.25.3.2/vault #给vault加密
New Vault password:
Confirm New Vault password:
Encryption successful
[devops@server1 ansible]$ cat playbook4.yml
添加:
- name: create user
user:
name: wxh
password: "{{ passwd|password_hash('sha512') }}"
state: present
when: ansible_hostname == "server2"
[devops@server1 ansible]$ ansible-vault edit vault
[devops@server1 ansible]$ ansible-vault view vault
passwd: westos
[devops@server1 ansible]$ ansible-playbook playbook4.yml --ask-vault-pass
[devops@server1 ansible]$ ansible-playbook playbook4.yml --vault-password-file web_pass#web_pass是存放加密文件的密码
block任务块
%#block分组,一个组做个判断
[devops@server1 ansible]$ vim playbook4.yml
[devops@server1 ansible]$ cat playbook4.yml
---
- hosts: webserver
tasks:
- name: deploy apache
block:
- name: install httpd
dnf:
name: httpd
state: present
- name: start httpd
service:
name: httpd
state: started
enabled: yes
- name: create index.html
copy:
content: "{{ ansible_hostname }}\n"
dest: /var/www/html/index.html
- name: config httpd
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify: restart httpd
- name: accept httpd
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
- name: accept 8080
firewalld:
port: 8080/tcp
permanent: yes
immediate: yes
state: enabled
when: ansible_default_ipv4.address in groups['webserver']
添加block模块了
block
when: ansible_default_ipv4.address in groups['webserver']
[devops@server1 ansible]$ vim haproxy.cfg.j2
更改
backend app
balance roundrobin
{% for host in groups['webserver'] %}
server {{ hostvars[host]['ansible_facts']['hostname'] }} {{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }}:{{ hostvars[host]['http_port'] }} check
{% endfor %}
解决[root@server1 html]# vim /etc/haproxy/haproxy.cfg 里面的端口
backend app
balance roundrobin
server server2 172.25.3.2:80 check
server server3 172.25.3.3:8080 check
%结论,server2的端口是主机变量决定的,server3是组变量定义的。说明主机变量优先于组变量
内置变量,是系统里面自带的,可以直接调用
[root@server1 html]# mv /home/devops/ansible/host_vars/172.25.3.2/vault /mnt/
[devops@server1 ansible]$ ansible 172.25.3.2 -m debug -a "msg={{ansible_version}}"
[devops@server1 ansible]$ ansible 172.25.3.2 -m debug -a "msg={{group_names}}"
172.25.3.2 | SUCCESS => {
"msg": [
"test",
"webserver"
]
}
[devops@server1 ansible]$ ansible 172.25.3.2 -m debug -a "msg={{inventory_hostname}}"
172.25.3.2 | SUCCESS => {
"msg": "172.25.3.2"
}
[devops@server1 ansible]$ ansible 172.25.3.2 -m debug -a "msg={{inventory_dir}}"
自注册和事实变量、fact变量
[root@server1 ansible]# cat block.yml
---
- hosts: localhost
become: no
gather_facts: false
tasks:
- name: Handle the error
block:
- debug:
msg: 'I execute normally'
- name: i force a failure
command: /bin/false
ignore_errors: yes
#changed_when: false
- debug:
msg: 'I never execute, due to the above task failing, :-('
rescue:
- debug:
msg: 'I caught an error, can do stuff here to fix it, :-)'
always:
- debug:
msg: "This always executes, :-)"
[devops@server1 ansible]$ vim test.yml
[devops@server1 ansible]$ cat test.yml
---
- hosts: 172.25.0.2
tasks:
- set_fact: name="westos"
- debug:
msg: "{{ ansible_hostname }}"
- command: /bin/date
register: result
- hosts: 172.25.0.1
tasks:
- debug:
msg: "{{ hostvars['172.25.0.2']['ansible_facts']['hostname'] }}" #事实变量
- debug:
msg: "{{ hostvars['172.25.0.2']['result']['stdout']}}" #自注册变量
- debug:
msg: "{{hostvars['172.25.0.2']['name']}}" #set_fact定义变量
[devops@server1 ansible]$ ansible-playbook test.yml
[devops@server1 ansible]$ ansible-playbook block.yml