免密码登录的密码
自我总结:
# 批量分发公钥的操作
for ip in 3 4 5 6 7 8 9 10 31 41 50
do
echo "====hostname 172.16.1.$ip======"
sshpass -p123456 ssh-copy-id -i ~/.ssh/id_rsa.pub "-o StrictHostKeyCheckin
g=no" 172.16.1.$ip &>/dev/null
echo "host 172.16.1.$ip success!!!"
echo
done
=========================================================
server {
listen 80;
server_name blog.oldboy.com;
root /code/wordpress;
location / {
index index.php index.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
=======================================
文档里面的:
[root@nginx ~]# cat /etc/nginx/conf.d/wordpress.conf
server {
listen 80;
server_name blog.oldboy.com;
root /code/wordpress;
index index.php index.html;
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
======================================
[root@nginx ~]# cat /etc/nginx/conf.d/php.conf
server {
listen 80;
server_name php.oldboy.com;
location / {
root /code;
index index.php index.html;
}
location ~ \.php$ {
root /code;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
===============================================
长城防火墙
redis.so
so: share object
==================================
四层负载有公网ip,为什么七层也要有公网ip (调度后面的主机) ???
upstream_addr调用的谁的地址
netstat -an | grep 6666 监听在6666
云主机提供一个叫nat的路由器,也实现实现转发的功能
====================================
条件语句:
1. 一个条件的简单判断
(1)根据主机判断(when、match)
when ansible_distribution == "Ubuntu"
根据主机判断-->match
when (ansible_hostname is match ("web")) or (ansible_hostname is natch("lb"))
(2)根据主机名进行判断
when ansible_fqdn =="web02"
(3)根据不同的ip地址进行判断
when ansible_default_ipv4.address == "10.0.0.7"
(4)根据内存值来进行大小判断
when ansible_memtotal_mb | int < "2000"
(5)判断nginx -t执行结果 是否为0,如果result.rc == 0 则执行正确(这个需要用到注册变量)
when result.rc == 0
result.rc is match "0"
2. 多个条件的判断
(1)列表方式判断 and并且关系(或者两个关系用列表进行表示)
when:
- ansible_distribution == "CentOS"
- ansible_fqdn == "web01"
when: ansible_default_ipv4.address == "10.0.0.7" and ansible_fqdn == "web1"
(2)或者or 关系判断
when:ansible_distribution == "CentOS" or ansible_fqdn == "web02"
循环语句:
1. with_item循环列表的写法
file:
path: "{{ item }}"
state: touch
with_items:
- file1.txt
- file2.txt
2. 使用loop方式进行循环列表
file:
path: "{{ item }}"
state: touch
loop:
- file1.txt
- file2.txt
3. 字典的方式(一个循环可以写多个条件)
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.mode }}"
mode: "{{ item.mode }}"
loop:
- { src: 1.txt , dest:/root/ , mode: '0600' , owner: www , group: root }
- { src: 2.txt , dest: /opt/ , mode: '0000' , owner: root , group: www}
playbook handlers
1. 需要监控的地方
notify: Reload Nginx
2. 触发监控
handlers:
- name Reload Nginx
systemd:
name: "{{ item }}"
state: restarted
loop:
- nginx
- mariadb
when: result.rc == 0 # 检查语法进行判断
练习两个触发小案例
ignore_errors 跟 强制执行不太一样
用jinja模板不同的端口改如何搞???
用ansible的jinja的for循环渲染了nginx的配置文件
用ansible的jinja的if语句渲染了keepalived高可用的配置文件
根据取到facts变量的主机名来判断用那些配置
template模板文件就是那些配置文件
meta模板文件
file普通文件
roles 写的就是具体的功能,应用在哪个主机上面是用playbook
定义说的算的
在exports.js没有变量的话可能会报错,templae认的是文件里必须有变量