Ansible 是一种开源的自动化工具,用于配置管理、应用部署、任务执行和编排。它使用 YAML 语言编写简洁的自动化脚本(称为 Playbook),通过 SSH 连接到目标机器执行任务。Ansible 的主要特点是代理无需安装(agentless),易于理解和使用
ad-hoc命令
模块
ping command shell yum service(systemd) user group copy fetch file template lineinfil
1、ping: 主机连通性检测
示例:
ansible all -i inventory.ini -m ping
备注:-i inventory.ini 存储目标主机信息的 inventory 文件,实际上和hosts文件实一样的只不过 hosts为默认文件 在/etc/ansible/ansible.cfg inventory指定
2、command:执行简单的命令,不支持变量替换、管道和重定向。
示例:
ansible all -i inventory.ini -m command -a "uptime"
ansible all -m command -a "uptime"
3、shell:在 Shell 环境中执行命令,支持变量替换、管道和重定向
示例:
ansible all -i inventory.ini -m shell -a "df -h | grep /dev/sda1"
4、yum:在 CentOS 系统上安装、升级、删除软件包
示例:
ansible all -i inventory.ini -m yum -a "name=httpd state=present"
5、service(systemd):管理系统服务(启动、停止、重启、开机启用等)
示例:
ansible all -i inventory.ini -m service -a "name=httpd state=started"
6、user:管理用户账户(创建、删除、锁定等)
示例:
ansible all -i inventory.ini -m user -a "name=john state=present"
7、group:管理用户组(创建、删除等)
示例:
ansible all -i inventory.ini -m group -a "name=developers state=present"
8、copy:从 Ansible 控制节点复制文件到目标节点。
示例:
ansible all -i inventory.ini -m copy -a "src=/path/to/local/file dest=/path/to/remote/file"
9、fetch:从目标节点获取文件并保存到 Ansible 控制节点。
示例:
ansible all -i inventory.ini -m fetch -a "src=/path/to/remote/file dest=/path/to/local/file"
10、file:管理文件、目录和符号链接的属性(新建、删除文件,权限、所有权等)。
示例:
ansible all -i inventory.ini -m file -a "path=/path/to/remote/file mode=0644"
ansible all -i inventory.ini -m file -a "path=/path/to/remote/file state=touch"
11、template:使用 Jinja2 模板引擎在目标节点创建文件。
示例:
ansible all -i inventory.ini -m template -a "src=templates/template.j2 dest=/path/to/remote/file"
12、lineinfile:在文件中查找、添加或替换行。
示例:
ansible all -i inventory.ini -m lineinfile -a "path=/path/to/remote/file line='my_key=my_value'"
playbook
基于 CentOS 7 的nginx网站 Ansible Playbook 示例
1、安装配置nginx
---
- name: Install and configure Nginx
hosts: web_servers
become: yes
tasks:
- name: Install EPEL repository
yum:
name: epel-release
state: present
- name: Install Nginx
yum:
name: nginx
state: present
- name: Remove default Nginx configuration
file:
path: /etc/nginx/conf.d/default.conf
state: absent
- name: Add custom Nginx configuration
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/conf.d/myapp.conf
- name: Start and enable Nginx service
systemd:
name: nginx
state: started
enabled: yes
2、安装和配置 MySQL
---
- name: Install and configure MySQL
hosts: db_servers
become: yes
tasks:
- name: Install MySQL community repository
yum:
name: https://dev.mysql.com/get/mysql80-community-release-el7-3.noarch.rpm
state: present
- name: Install MySQL server
yum:
name: mysql-community-server
state: present
- name: Start and enable MySQL service
systemd:
name: mysqld
state: started
enabled: yes
- name: Set MySQL root password
shell: mysqladmin -u root password '{{ mysql_root_password }}'
when: mysql_root_password is defined
备注: when: mysql_root_password is defined 表示仅当变量 mysql_root_password 被定义(即具有一个值)时,才执行 “Set MySQL root password” 任务。如果 mysql_root_password 变量没有被定义或具有空值,那么这个任务将被跳过,不会执行
mysql_root_password 变量可以在多个地方定义,以下是一些常见的定义变量的方法
①在 playbook 文件中使用 vars 关键字定义
- name: Install and configure MySQL
hosts: all
vars:
mysql_root_password: your_password
tasks:
# ...
②在单独的变量文件中定义,然后在 playbook 中使用 vars_files 关键字包含该文件。例如,在名为 vars.yml 的文件中定义变量
mysql_root_password: your_password
然后在 playbook 中包含此文件:
- name: Install and configure MySQL
hosts: all
vars_files:
- vars.yml
tasks:
# ...
③在 inventory 文件中定义变量。这允许您为不同的主机或主机组设置不同的 MySQL root 密码。例如,在 inventory 文件中:
[mysql_servers]
server1.example.com mysql_root_password=your_password
server2.example.com mysql_root_password=another_password
④在命令行中使用 -e 或 --extra-vars 选项定义变量。这在需要临时覆盖变量值或从 CI/CD 系统传递变量时非常有用:
ansible-playbook install_mysql.yml --extra-vars "mysql_root_password=your_password"
3、配置防火墙
---
- name: Configure firewalld
hosts: all
become: yes
tasks:
- name: Install firewalld
yum:
name: firewalld
state: present
- name: Start and enable firewalld service
systemd:
name: firewalld
state: started
enabled: yes
- name: Open HTTP and HTTPS ports
firewalld:
port: "{{ item }}"
permanent: yes
state: enabled
immediate: yes
with_items:
- 80/tcp
- 443/tcp
4、配置SELinux
---
- name: Configure SELinux
hosts: all
become: yes
tasks:
- name: Set SELinux to permissive mode
selinux:
policy: targeted
state: permissive