1.item 变量
[root@ansible ansible]# more testitem.yml
---
- hosts: websrvs
remote_user: root
tasks:
- name: create some files
file: name=/tmp/{{ item }} state=touch
with_items:
- file1
- file2
- file3
- name: install some packages
yum: name={{ item }}
with_items:
- htop
- sl
- hping3
2.item 迭代嵌套子变量
[root@ansible ansible]# more testitem2.yml
---
- hosts: websrvs
remote_user: root
tasks:
- name: create groups
group: name={{ item }}
when: ansible_distribution_version == "7.2"
with_items:
- group1
- group2
- group3
- name: create users
user: name={{ item.name }} group={{ item.group }}
with_items:
- { name: 'user1', group: 'group1' }
- { name: 'user2', group: 'group2' }
- { name: 'user3', group: 'group3' }
[root@ansible ansible]#
3.for
[root@ansible ansible]# more testfor.yml
---
- hosts: websrvs
remote_user: root
vars:
ports:
- web1:
port: 81
rootdir: /data/website1
- web2:
port: 82
name: web2.sina.com
rootdir: /data/website2
- web3:
port: 83
rootdir: /data/website3
tasks:
- name: copy conf
template: src=for4.conf.j2 dest=/data/for4.conf
#for4.conf.j2
[root@ansible ansible]# cat templates/for4.conf.j2
{% for p in ports %}
server{
listen {{ p.port }}
{% if p.name is defined %}
server name {{ p.name }}
{% endif %}
documentroot {{ p.rootdir }}
}
{% endfor %
#测试结果
[root@ansible ansible]# ansible websrvs -m shell -a 'cat /data/for4.conf'
172.16.62.11 | CHANGED | rc=0 >>
server{
listen 81
documentroot /data/website1
}
server{
listen 82
server name web2.sina.com
documentroot /data/website2
}
server{
listen 83
documentroot /data/website3
}
172.16.62.12 | CHANGED | rc=0 >>
server{
listen 81
documentroot /data/website1
}
server{
listen 82
server name web2.sina.com
documentroot /data/website2
}
server{
listen 83
documentroot /data/website3
}
4.Nginx部署
4.1 Nginx角色
[root@ansible tasks]# ls
group.yml main.yml service.yml template.yml user.yml yum.yml
4.2.目录
#任务文件
[root@ansible nginx]# tree
.
├── tasks
│ ├── group.yml
│ ├── main.yml
│ ├── service.yml
│ ├── template.yml
│ ├── user.yml
│ └── yum.yml
└── templates
└── nginx.conf.j2
2 directories, 7 files
[root@ansible nginx]# pwd
/etc/ansible/roles/nginx
[root@ansible nginx]#
#nginx角色文件
[root@ansible ansible]# more nginx.roles.yml
---
- hosts: websrvs
remote_user: root
roles:
- role: nginx
[root@ansible ansible]#
4.3.执行playbook
[root@ansible ansible]# ansible-playbook nginx.roles.yml
PLAY [websrvs] ***************************************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************************************
ok: [172.16.62.11]
ok: [172.16.62.12]
TASK [nginx : create group] **************************************************************************************************************************************************************
ok: [172.16.62.12]
changed: [172.16.62.11]
TASK [nginx : create user] ***************************************************************************************************************************************************************
changed: [172.16.62.12]
changed: [172.16.62.11]
TASK [nginx : install package] ***********************************************************************************************************************************************************
ok: [172.16.62.11]
ok: [172.16.62.12]
TASK [nginx : copy conf] *****************************************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
TASK [nginx : restart service] ***********************************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
PLAY RECAP *******************************************************************************************************************************************************************************
172.16.62.11 : ok=6 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.62.12 : ok=6 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
skipped=0 rescued=0 ignored=0
172.16.6
4.4.验证
[root@ansible ansible]# ansible websrvs -m shell -a 'systemctl status nginx'
172.16.62.11 | CHANGED | rc=0 >>
● nginx.service - nginx - high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-11-19 19:52:47 CST; 5min ago
Docs: http://nginx.org/en/docs/
Process: 17153 ExecStop=/bin/sh -c /bin/kill -s TERM $(/bin/cat /var/run/nginx.pid) (code=exited, status=0/SUCCESS)
Process: 17158 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 17159 (nginx)
Memory: 3.1M
CGroup: /system.slice/nginx.service
├─17159 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.con
├─17160 nginx: worker process
├─17161 nginx: worker process
├─17162 nginx: worker process
└─17163 nginx: worker process
Nov 19 19:52:47 node11 systemd[1]: Starting nginx - high performance web server...
Nov 19 19:52:47 node11 systemd[1]: Started nginx - high performance web server.
172.16.62.12 | CHANGED | rc=0 >>
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2020-11-19 19:52:47 CST; 5min ago
Process: 23838 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 23835 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 23833 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 23840 (nginx)
CGroup: /system.slice/nginx.service
├─23840 nginx: master process /usr/sbin/ngin
├─23841 nginx: worker proces
├─23842 nginx: worker proces
├─23843 nginx: worker proces
├─23844 nginx: worker proces
├─23845 nginx: worker proces
└─23846 nginx: worker proces
Nov 19 19:52:47 web81.aliyun.com systemd[1]: Starting The nginx HTTP and reverse proxy server...
Nov 19 19:52:47 web81.aliyun.com nginx[23835]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Nov 19 19:52:47 web81.aliyun.com nginx[23835]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Nov 19 19:52:47 web81.aliyun.com systemd[1]: Started The nginx HTTP and reverse proxy server.
5.httpd部署
5.1 httpd
[root@ansible httpd]# tree
.
├── files
│ └── httpd.conf
└── tasks
├── copyfile.yml
├── main.yml
└── user.yml
2 directories, 4 files
[root@ansible httpd]#
[root@ansible ansible]# more httpd_roles.yml
---
- hosts: websrvs
remote_user: root
roles:
- httpd
[root@ansible ansible]#
5.2 多个角色执行
[root@ansible ansible]# more web.some._roles.yml
---
- hosts: websrvs
remote_user: root
roles:
- {role: httpd, tags: ['web','httpd' ]}
- {role: nginx, tags: ['web','nginx' ]}
- {role: app, tags: ['app1' ]}
[root@ansible ansible]#
#选择标签执行,只执行角色里的其中一个
ansible-playbook -t web some_roles.yml
[root@ansible tasks]# more main.yml
---
- include: group.yml
- include: user.yml
- include: yum.yml
- include: template.yml
- include: service.yml
- include: /roles/httpd/tasks/copyfile.yml
[root@ansible tasks]#
6.APP部署
#playbook
[root@ansible ansible]# more app1_roles.yml
---
- hosts: websrvs
remote_user: root
roles:
- app1
[root@ansible ansible]#
#创建组
[root@ansible tasks]# cat group.yml
- name: create group
group: name=app gid=123 system=yes
[root@ansible tasks]#
#创建用户
[root@ansible tasks]# cat user.yml
- name: create user
user: name=app uid=123 group=app system=yes shell=/sbin/nologin
[root@ansible tasks]#
#安装软件服务
[root@ansible tasks]# cat yum.yml
- name: install package
yum: name=httpd
[root@ansible tasks]#
#从模板里拷贝文件
httpd.conf.j2 存放在template 目录里
[root@ansible tasks]# cat template.yml
- name: copy template file
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart service
[root@ansible tasks]
template里的httpd.conf.j2
#监听端口=CPU核心数*10
Listen {{ ansible_processor_vcpus*10 }}
#user=username变量,变量来自于vars目录下的定义值
User {{ username }}
Group {{ groupname }}
#vars/main.yml
[root@ansible app1]# cd vars/
[root@ansible vars]# ls
main.yml
[root@ansible vars]# cat main.yml
username: app
groupname: app
[root@ansible vars]
#拷贝文件
[root@ansible tasks]# cat copyfiles.yml
- name: copy conf
copy: src=vhosts.conf dest=/etc/httpd/conf.d/ owner=app
[root@ansible tasks]#
#定义一个main来执行顺序
[root@ansible tasks]# cat main.yml
- include: group.yml
- include: user.yml
- include: yum.yml
- include: template.yml
- include: copyfiles.yml
- include: start.yml
#启动服务
[root@ansible tasks]# cat start.yml
- name: start service
service: name=httpd state=started enabled=yes
[root@ansible tasks]#
#handlers 目录里的main.yml
[root@ansible handlers]# cat main.yml
- name: restart service
service: name=httpd state=restarted
[root@ansible handlers]#
当配置发送变化,就会重启服务
[root@ansible ansible]# tree roles/app1/
roles/app1/
├── files
│ └── vhosts.conf
├── handlers
│ └── main.yml
├── tasks
│ ├── copyfiles.yml
│ ├── group.yml
│ ├── main.yml
│ ├── start.yml
│ ├── template.yml
│ ├── user.yml
│ └── yum.yml
├── templates
│ └── httpd.conf.j2
└── vars
└── main.yml
5 directories, 11 files
[root@ansible ansible]#
6.1 .执行app1_roles.yml
[root@ansible ansible]# ansible-playbook app1_roles.yml
PLAY [websrvs] ***************************************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************************************
ok: [172.16.62.11]
ok: [172.16.62.12]
TASK [app1 : create group] ***************************************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
TASK [app1 : create user] ****************************************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
TASK [app1 : install package] ************************************************************************************************************************************************************
changed: [172.16.62.12]
changed: [172.16.62.11]
TASK [app1 : copy template file] *********************************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
TASK [app1 : copy conf] ******************************************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
TASK [app1 : start service] **************************************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
RUNNING HANDLER [app1 : restart service] *************************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
PLAY RECAP *******************************************************************************************************************************************************************************
172.16.62.11 : ok=8 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.62.12 : ok=8 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@ansible ansible]#
6.2 验证
[root@ansible vars]# ansible websrvs -m shell -a 'netstat -tnlp | grep httpd'
172.16.62.12 | CHANGED | rc=0 >>
tcp 0 0 0.0.0.0:40 0.0.0.0:* LISTEN 16199/httpd
172.16.62.11 | CHANGED | rc=0 >>
tcp 0 0 0.0.0.0:20 0.0.0.0:* LISTEN 29893/httpd
[root@ansible vars]#
#使用app用户启动httpd服务
app 16238 16199 0 15:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
app 16239 16199 0 15:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
app 16240 16199 0 15:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
app 16241 16199 0 15:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
app 16242 16199 0 15:58 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
7. memecached部署
7.1 文件
[root@ansible memcached]# tree
.
├── handlers
│ └── main.yml
├── tasks
│ ├── main.yml
│ ├── start.yml
│ ├── template.yml
│ └── yum.yml
└── templates
└── memcached.j2
3 directories, 6 files
[root@ansible memcached]#
# main.yml
[root@ansible tasks]# cat main.yml
- include: yum.yml
- include: template.yml
- include: start.yml
[root@ansible tasks]#
#yum.yml
[root@ansible memcached]# cat tasks/yum.yml
- name: install memcached packages
yum: name=memcached
[root@ansible memcached]#
#template.yml
[root@ansible memcached]# cat tasks/template.yml
- name: copy memcached conf file
template: src=memcached.j2 dest=/etc/sysconfig/memcached
notify: restart service
[root@ansible memcached]#
#memcached.j2 是template 目录下 使用的是变量
[root@ansible memcached]# cat templates/memcached.j2
PORT= "{{ http_port }}" #变量 在etc/ansible/hosts里定义了变量
USER="daemon"
MAXCONN="1024"
CACHESIZE="{{ ansible_memtotal_mb//4 }}" #变量
OPTIONS=""
[root@ansible memcached]#
/etc/ansible/hosts
[websrvs]
172.16.62.11 http_port=8081
172.16.62.12 http_port=8082
#start.yml
[root@ansible memcached]# cat tasks/start.yml
- name: restart service
service: name=memcached state=restarted enabled=yes
[root@ansible memcached]#
#handlers 目录下
[root@ansible memcached]# cat handlers/main.yml
- name: restart service
service: name=memcached state=restarted
[root@ansible memcached]#
7.2 执行playbook
[root@ansible templates]# ansible-playbook /etc/ansible/memcached.roles.yml
PLAY [websrvs] ***************************************************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************************************************
ok: [172.16.62.11]
ok: [172.16.62.12]
TASK [memcached : install memcached packages] ********************************************************************************************************************************************
ok: [172.16.62.11]
ok: [172.16.62.12]
TASK [memcached : copy memcached conf file] **********************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
TASK [memcached : restart service] *******************************************************************************************************************************************************
changed: [172.16.62.12]
changed: [172.16.62.11]
RUNNING HANDLER [memcached : restart service] ********************************************************************************************************************************************
changed: [172.16.62.11]
changed: [172.16.62.12]
PLAY RECAP *******************************************************************************************************************************************************************************
172.16.62.11 : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.62.12 : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
7.3验证
[root@ansible templates]# ansible websrvs -m shell -a 'cat /etc/sysconfig/memcached'
172.16.62.11 | CHANGED | rc=0 >>
PORT= "8081"
USER="daemon"
MAXCONN="1024"
CACHESIZE="460"
OPTIONS=""
172.16.62.12 | CHANGED | rc=0 >>
PORT= "8082"
USER="daemon"
MAXCONN="1024"
CACHESIZE="947"
OPTIONS=""