1 ansible 常用指令总结,并附有相关示例。
ansible-doc:相当于man
如ansible-doc shell,查询模块的用法和是否有这个模块
ansible-playbook:用于执行已经编排好的任务流(playbook文件):
ansible-vault:加密解密yml文件
ansible-galaxy:可以拉取一些现成的role
ansible-galaxy search redis:搜索redis这个role
下载搜索出来的其中一个redis:
2. 总结ansible playbook目录结构及文件用途。
以mysql—init为例:
├── mysql_init
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ ├── mysql_chushihua.sh
│ │ └── mysql_chushihua.sh.j2
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ ├── main.yml
│ │ └── mysql_zabbix.yml
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
3. 使用ansible playbook实现一个mysql角色。
调用关系:mysql_install.yml > roles/mysql_install/tasks/main.yml > roles/mysql_install/tasks/copy_packages.yml
######################
[root@zabbix-server ansible]# cat mysql_install.yml
---
- hosts: mysql-server
roles:
- mysql_install
#####################
[root@zabbix-server ansible]# cat roles/mysql_install/tasks/main.yml
---
# tasks file for mysql_install
- include:
copy_packages.yml
#####################
[root@zabbix-server ansible]# cat roles/mysql_install/tasks/copy_packages.yml
---
- name: "拷贝mysql安装包到目的节点"
copy:
src: "/opt/mysql_packages/{{ item }}"
dest: /opt
force: no
with_items:
- mariadb-connector-c-config-3.1.11-2.el8_3.noarch.rpm
- mecab-0.996-2.module+el8.9.0+1729+481e3b0b.x86_64.rpm
- mysql-8.0.36-1.module+el8.9.0+1729+481e3b0b.0.1.x86_64.rpm
- mysql-common-8.0.36-1.module+el8.9.0+1729+481e3b0b.0.1.x86_64.rpm
- mysql-errmsg-8.0.36-1.module+el8.9.0+1729+481e3b0b.0.1.x86_64.rpm
- mysql-server-8.0.36-1.module+el8.9.0+1729+481e3b0b.0.1.x86_64.rpm
- protobuf-lite-3.5.0-15.el8.x86_64.rpm
- name: "rpm安装本地包"
shell: "rpm -ivh /opt/*.rpm"
ignore_errors: yes
- name: "enable mysql"
service:
name: mysqld
enabled: true
state: started
4. 基于角色完成部署LNMP架构,并支持一键发布,回滚应用。同时基于zabbix角色批量部署zabbix。
4.1 lnmp安装:
这里选择了yum安装,下载wordpress来验证lnmp环境:
主脚本如下:
---
- name: "stop firewalld"
service:
name: firewalld
state: stopped
enabled: false
- name: stop selinux
selinux:
state: disabled
- name: dnf install nginx
shell: dnf -y install http://nginx.org/packages/centos/8/x86_64/RPMS/nginx-1.20.2-1.el8.ngx.x86_64.rpm
- name: install mysql
yum:
name: mysql-server
- name: enable php7.3
shell: dnf module enable php:7.3 -y
- name: install php
yum:
name:
- php
- php-curl
- php-dom
- php-exif
- php-fileinfo
- php-fpm
- php-gd
- php-hash
- php-json
- php-mbstring
- php-mysqli
- php-openssl
- php-pcre
- php-xml
- libsodium
- name: copy nginx conf
template:
src: /etc/ansible/roles/lnmp/templates/default.conf.j2
dest: /etc/nginx/conf.d/default.conf
- name: copy php conf
copy:
src: /etc/ansible/roles/lnmp/templates/www.conf.j2
dest: /etc/php-fpm.d/www.conf
- name: start mysql
service:
name: mysqld
state: started
- name: create DB wordpress
mysql_db:
name: wordpress
state: present
- name: create mysql user
mysql_user:
name: "wordpressuser"
password: "123456"
priv: "wordpress.*:ALL"
state: present
- name: copy wordpress packages and unarchive
unarchive:
src: /etc/ansible/roles/lnmp/tests/latest-zh_CN.zip
dest: /usr/share/nginx/html
- name: create wordpress config
template:
src: /etc/ansible/roles/lnmp/templates/wp-config.php.j2
dest: /usr/share/nginx/html/wordpress/wp-config.php
- name: enable mysql nginx php
service:
name: "{{ item }}"
state: restarted
enabled: yes
with_items:
- mysqld
- nginx
- php-fpm
变量文件:
[root@ansible lnmp]# cat defaults/main.yml
phpuser: nginx
phpgroup: nginx
DBname: wordpress
DBuser: wordpressuser
DBpassword: 123456
模板文件:
初始配置文件中部分需要修改的地方,使用变量代替,然后用template模块进行配置文件的渲染。
执行结果:
web界面测试:
4.2部署zabbix:
部署方法参考官方文档:
脚本:
注:这里zabbix的端口为81,lnmp是一个role,zabbix又是一个role,先有lnmp再有zabbix
zabbix role的主脚本:
---
- name: "stop firewalld"
service:
name: firewalld
state: stopped
enabled: false
- name: stop selinux
selinux:
state: disabled
- name: check zabbix repo install status
shell: rpm -qa|grep zabbix|wc -l
register: zabbixinstalled
- name: install zabbix repo
shell: rpm -Uvh https://repo.zabbix.com/zabbix/6.0/rhel/8/x86_64/zabbix-release-6.0-4.el8.noarch.rpm && dnf clean all
when: zabbixinstalled.stdout != "9"
- name: install zabbix packages
yum:
name:
- zabbix-server-mysql
- zabbix-web-mysql
- zabbix-nginx-conf
- zabbix-sql-scripts
- zabbix-selinux-policy
- zabbix-agent
- name: create zabbix db
mysql_db:
name: zabbix
state: present
collation: utf8mb4_bin
encoding: utf8mb4
- name: create zabbix DBuser
mysql_user:
name: zabbix
password: 123456
priv: "zabbix.*:ALL"
state: present
- name: enable log-bin
shell: mysql -e "set global log_bin_trust_function_creators = 1;"
- name: jieya zabbix sql file
copy:
src: /etc/ansible/roles/zabbix/defaults/server.sql
dest: /opt
- name: check zabbix sql status
shell: mysql -e "use zabbix;show tables;"|wc -l
register: zabbixsql
- name: load zabbix sql file
mysql_db:
name: zabbix
state: import
target: /opt/server.sql
when: zabbixsql.stdout != "174"
- name: disable log-bin
shell: mysql -e "set global log_bin_trust_function_creators = 0;"
- name: edit zabbix server conf
template:
src: /etc/ansible/roles/zabbix/templates/zabbix_server.conf.j2
dest: /etc/zabbix/zabbix_server.conf
- name: edit zabbix listen port
template:
src: /etc/ansible/roles/zabbix/templates/zabbix.conf.j2
dest: /etc/nginx/conf.d/zabbix.conf
- name: restart service
service:
name: "{{ item }}"
state: restarted
with_items:
- zabbix-server
- zabbix-agent
- nginx
- php-fpm
- nginx
- mysqld