本文详细介绍了如何使用Ansible playbook进行自动化配置管理,包括循环(with_items)实现文件权限变更,条件判断(when)确保特定条件下执行任务,以及handlers在配置文件变化后的服务重启。通过实例展示了如何自动化安装和管理Nginx服务,包括依赖包安装、配置文件管理、服务启动和回滚操作,深入理解Ansible在系统管理和自动化部署中的应用。
Ansible playbook中的循环
为创建while.yml文件,准备环境----40节点
[root@ansible-01 ~]# cd /tmp/
[root@ansible-01 tmp]# ls
123
ansible_test.txt
test.sh
[root@ansible-01 tmp]# touch 1.txt 2.txt 3.txt
[root@ansible-01 tmp]# ll
total 12
-rw-r--r--. 1 root root 798 May 25 09:53 123
-rw-r--r--. 1 root root 0 May 25 19:38 1.txt
-rw-r--r--. 1 root root 0 May 25 19:38 2.txt
-rw-r--r--. 1 root root 0 May 25 19:38 3.txt
-rw-r--r--. 1 root root 29 May 25 10:15 ansible_test.txt
drwx------. 3 root root 17 May 25 11:05 systemd-private-6b2dfb10677447f3821fdda5d734d93e-httpd.service-CIcwvU
-rwxr-xr-x. 1 root root 48 May 25 10:05 test.sh
[root@ansible-01 tmp]# cd
90节点(1.txt的文件格式为644)
[root@ansible-02 ~]# cd /tmp/
[root@ansible-02 tmp]# ls
123 test2.txt
ansible_test.txt test1
test.sh test1.txt
[root@ansible-02 tmp]# touch 1.txt 2.txt 3.txt
[root@ansible-02 tmp]# ll
total 16
-rw-r--r--. 1 root root 798 Apr 9 08:11 123
-rw-r--r--. 1 root root 0 Apr 9 10:27 1.txt
-rw-r--r--. 1 root root 0 Apr 9 10:27 2.txt
-rw-r--r--. 1 root root 0 Apr 9 10:27 3.txt
-rw-r--r--. 1 root root 28 Apr 9 09:53 ansible_test.txt
drwx------. 3 root root 16 Apr 9 09:23 systemd-private-a8aafaae8797415cb9b8ed6e02c1283e-httpd.service-ITZTXn
drwxr-xr-x. 3 root root 18 Apr 9 07:44 test1
drwxr-xr-x. 2 root root 22 Apr 9 08:09 test1.txt
-rw-r--r--. 1 root root 0 Apr 9 08:01 test2.txt
-rwxr-xr-x. 1 root root 48 Apr 9 08:27 test.sh
创建while.yml文件
[root@ansible-01 ~]# vi /etc/ansible/while.yml
---
- hosts: testhost
user: root
tasks:
- name: change mode for files
file: path=/tmp/{{ item }} mode=600 文件格式修改为600
with_items: 为循环的对象
- 1.txt
- 2.txt
- 3.txt
执行while.yml
[root@ansible-01 ~]# ansible-playbook /etc/ansible/while.yml
PLAY [testhost] ****************************************************************************************
TASK [Gathering Facts] *********************************************************************************
ok: [192.168.200.90]
ok: [127.0.0.1]
TASK [change mode for files] ***************************************************************************
changed: [192.168.200.90] => (item=1.txt)
changed: [127.0.0.1] => (item=1.txt)
changed: [192.168.200.90] => (item=2.txt)
changed: [127.0.0.1] => (item=2.txt)
changed: [192.168.200.90] => (item=3.txt)
changed: [127.0.0.1] => (item=3.txt)
PLAY RECAP *********************************************************************************************
127.0.0.1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.200.90 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.txt文件格式修改变为600
[root@ansible-01 ~]# cd /tmp/
[root@ansible-01 tmp]# ll
total 12
-rw-r--r--. 1 root root 798 May 25 09:53 123
-rw-------. 1 root root 0 May 25 19:38 1.txt
-rw-------. 1 root root 0 May 25 19:38 2.txt
-rw-------. 1 root root 0 May 25 19:38 3.txt
-rw-r--r--. 1 root root 29 May 25 10:15 ansible_test.txt
drwx------. 3 root root 17 May 25 11:05 systemd-private-6b2dfb10677447f3821fdda5d734d93e-httpd.service-CIcwvU
-rwxr-xr-x. 1 root root 48 May 25 10:05 test.sh
Ansible playbook中的条件判断
创建when.yml文件
[root@ansible-01 ~]# vi /etc/ansible/when.yml
---
- hosts: testhost #这里如果单独指定某一台机器,那判断条件就失效了
user: root
gather_facts: True #表示收集信息,不加这行默认也表示收集信息
tasks:
- name: use when
shell: touch /tmp/when.txt
when: ansible_eno16777736.ipv4.address == "192.168.200.90"
查看40节点的克隆窗口 (最好两台设备网卡名一样)
[root@ansible-01 ~]# ip a
执行when.yml
[root@ansible-01 ~]# ansible-playbook /etc/ansible/when.yml
PLAY [testhost] ****************************************************************************************
TASK [Gathering Facts] *********************************************************************************
ok: [127.0.0.1]
ok: [192.168.200.90]
TASK [use when] ****************************************************************************************
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to
use command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [192.168.200.90]
PLAY RECAP *********************************************************************************************
127.0.0.1 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.200.90 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
查看90节点是否有when.txt
[root@ansible-02 ~]# ls /tmp/
123 ansible_test.txt test1.txt
1.txt test2.txt
2.txt systemd-private-a8aafaae8797415cb9b8ed6e02c1283e-httpd.service-ITZTXn test.sh
3.txt test1 when.txt
查看本机(没有when.txt)
[root@ansible-01 ~]# ls /tmp/
123 systemd-private-4e89ce2d45984a809aaa628a65fc3043-httpd.service-fIOoFG
1.txt
2.txt test.sh
3.txt ansible_test.txt
可以查看到所有的facter信息
[root@ansible-01 ~]# ansible 192.168.200.90 -m setup
Ansible playbook中的handlers
我们在命令行下,经常会用到这样的命令:command1 && command2,这表示command1执行成功后才执行command2,command1若执行失败,则不执行command2。
playbook中,handlers就类似与符号 && ,起到与它一致的作用。经常用于在执行task之后,服务器发生变化之后要执行的一些操作。比如在修改了配置文件后,需要重启一下服务。
创建handlers.yml文件
[root@ansible-01 ~]# vi /etc/ansible/handlers.yml
---
- name: handlers test
hosts: 192.168.200.90
user: root
tasks:
- name: copy file
copy: src=/etc/passwd dest=/tmp/aaa.txt
notify: test handlers
handlers:
- name: test handlers
shell: echo "111111" >> /tmp/aaa.txt
执行上面的playbook
[root@ansible-01 ~]# ansible-playbook /etc/ansible/handlers.yml
PLAY [handlers test] ***********************************************************************************
TASK [Gathering Facts] *********************************************************************************
ok: [192.168.200.90]
TASK [copy file] ***************************************************************************************
changed: [192.168.200.90]
RUNNING HANDLER [test handlers] ************************************************************************
changed: [192.168.200.90]
PLAY RECAP *********************************************************************************************
192.168.200.90 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
只有copy模块真正执行后,才会去调用下面的handlers相关的操作。也就是说如果1.txt和2.txt内容是一样的,并不会去执行handlers里面的shell相关命令。 这种比较适合配置文件发生更改后,重启服务的操作
在90节点查看aaa.txt(有111111)
[root@ansible-02 ~]# cat /tmp/aaa.txt
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:997:User for polkitd:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
111111
[root@ansible-02 ~]# vi /tmp/aaa.txt 把111111 删除
cat /tmp/aaa.txt和cat /etc/passwd内容一样
再执行一下
[root@ansible-01 ~]# ansible-playbook /etc/ansible/handlers.yml
PLAY [handlers test] ***********************************************************************************
TASK [Gathering Facts] *********************************************************************************
ok: [192.168.200.90]
TASK [copy file] ***************************************************************************************
ok: [192.168.200.90]
PLAY RECAP *********************************************************************************************
192.168.200.90 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Ansible自动化安装nginx
编译安装nginx
wget下载nginx包
[root@ansible-01 ~]# wget http://mirrors.sohu.com/nginx/nginx-1.9.6.tar.gz
[root@ansible-01 ~]# ls
anaconda-ks.cfg nginx-1.9.6.tar.gz test1 test1.txt
解压
[root@ansible-01 ~]# tar -zxvf nginx-1.9.6.tar.gz
[root@ansible-01 ~]# cd nginx-1.9.6
安装依赖包(两台)
[root@ansible-01 nginx-1.9.6]# yum install -y gcc gcc-c++ pcre-devel zlib-devel openssl-devel
编译安装
[root@ansible-01 nginx-1.9.6]# ./configure --prefix=/usr/local/nginx
[root@ansible-01 nginx-1.9.6]# make && make install
[root@ansible-01 nginx-1.9.6]# echo $?
0
编写/etc/init.d/nginx文件
[root@ansible-01 nginx-1.9.6]# vi /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usx/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
清空配置文件并重新编写
[root@ansible-01 nginx-1.9.6]# > /usr/local//nginx/conf/nginx.conf
[root@ansible-01 nginx-1.9.6]# vi /usr/local//nginx/conf/nginx.conf (写入时不要有中文)
user nobody nobody; //定义nginx运行的用户和用户组
worker_processes 2; //nginx进程数,一般为CPU总核心数
error_log /usr/local/nginx/logs/nginx_error.log crit; //全局错误日志定义类型
pid /usr/local/nginx/logs/nginx.pid; //进程文件
worker_rlimit_nofile 51200;
events //工作模式与连接数上限
{
use epoll;
worker_connections 6000;
}
http //http下的一些配置
{
include mime.types; //文件扩展名与文件类型映射表
default_type application/octet-stream; //默认文件类型
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
'$host "$request_uri" $status'
'"$http_referer" "$http_user_agent"';
sendfile on; //开启高效文件传输模式
tcp_nopush on; //防止网络阻塞
keepalive_timeout 30; //长连接超时时间,单位为秒
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on; //防止网络阻塞
gzip on; //开启gzip压缩输出
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server //虚拟主机配置
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/1ocal/nginx/html$fastcgi_script_name;
}
}
}
检查一下
[root@ansible-01 nginx-1.9.6]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
启动nginx
[root@ansible-01 nginx-1.9.6]# service nginx start
env: /etc/init.d/nginx: Permission denied 权限不够
[root@ansible-01 nginx-1.9.6]# chmod 777 /etc/init.d/nginx
[root@ansible-01 nginx-1.9.6]# systemctl status nginx
[root@ansible-01 nginx-1.9.6]# yum install -y net-tools
[root@ansible-01 nginx-1.9.6]# netstat -lntp httpd端口被占用
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 865/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1101/master
tcp6 0 0 :::80 :::* LISTEN 862/httpd
tcp6 0 0 :::22 :::* LISTEN 865/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1101/master
关闭httpd服务
[root@ansible-01 nginx-1.9.6]# systemctl stop httpd
[root@ansible-01 nginx-1.9.6]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 865/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1101/master
tcp6 0 0 :::22 :::* LISTEN 865/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1101/master
nginx服务启动
[root@ansible-01 nginx-1.9.6]# service nginx start
Starting nginx (via systemctl): [ OK ]
再检查一下端口(可以看到nginx)
[root@ansible-01 nginx-1.9.6]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5419/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 865/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1101/master
tcp6 0 0 :::22 :::* LISTEN 865/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1101/master
[root@ansible-01 nginx-1.9.6]# systemctl status nginx 查看服务状态
创建并进入nginx_install
[root@ansible-01 nginx-1.9.6]# cd ~
[root@ansible-01 ~]# cd /etc/ansible/
[root@ansible-01 ansible]# mkdir nginx_install
[root@ansible-01 ansible]# cd nginx_install
[root@ansible-01 nginx_install]# mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars}
[root@ansible-01 nginx_install]# ls
roles
[root@ansible-01 nginx_install]# cd roles/
[root@ansible-01 roles]# ls
common install
roles目录下有两个角色,common为一些准备操作,install为安装nginx的操作。
每个角色下面又有几个目录,handlers下面是当发生改变时要执行的操作,通常用在配置文件发生改变,重启服务。
files为安装时用到的一些文件,
meta为说明信息,说明角色依赖等信息,
tasks里面是核心的配置文件,
templates通常存一些配置文件,启动脚本等模板文件,
vars下为定义的变量
将nginx.tar.gz复制到/etc/ansible/nginx_install/roles/install/files下
[root@ansible-01 ~]# cd /usr/local/
[root@ansible-01 local]# ls
bin etc games include lib lib64 libexec nginx sbin share src
[root@ansible-01 local]# tar -zcvf nginx.tar.gz nginx/
[root@ansible-01 local]# ls
bin etc games include lib lib64 libexec nginx nginx.tar.gz sbin share src
[root@ansible-01 local]# mv nginx.tar.gz /etc/ansible/nginx_install/roles/install/files/
[root@ansible-01 local]# ls
bin etc games include lib lib64 libexec nginx sbin share src
启动脚本和配置文件都放到/etc/ansible/nginx_install/roles/install/template下
[root@ansible-01 local]# cd nginx/
[root@ansible-01 nginx]# ls
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[root@ansible-01 nginx]# cp conf/nginx.conf /etc/ansible/nginx_install/roles/install/templates/
[root@ansible-01 nginx]# cp /etc/init.d/nginx /etc/ansible/nginx_install/roles/install/templates/
在90节点查看下80端口是否被占用
[root@ansible-02 ~]# systemctl status httpd
[root@ansible-02 ~]# systemctl stop httpd
[root@ansible-02 ~]# yum install -y net-tools
[root@ansible-02 ~]# netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1450/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2019/master
tcp6 0 0 :::22 :::* LISTEN 1450/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2019/master
定义common的tasks,nginx是需要一些依赖包的
[root@ansible-01 nginx]# vim /etc/ansible/nginx_install/roles/common/tasks/main.yml
- name: install initializtion requre software //安装需要的依赖
yum: name={{ item }} state=installed
with_items:
- zlib-devel
- pcre-devel
定义变量
[root@ansible-01 nginx]# vim /etc/ansible/nginx_install/roles/install/vars/main.yml
nginx_user: www //定义所需变量
nginx_port: 80
nginx_basedir: /usr/local/nginx
要把所有用到的文档拷贝到目标机器
[root@ansible-01 nginx]# vim /etc/ansible/nginx_install/roles/install/tasks/copy.yml
- name: Copy Nginx Software
copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root //copy模块,拷贝nginx.tar.gz;src写的是相对路径,这里它会自动去files目录查找对应文件
- name: Uncompression Nginx Software //解压压缩包
shell: tar zxf /tmp/nginx.tar.gz -C /usr/local/
- name: Copy Nginx Start Script //复制启动脚本
template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755
- name: Copy Nginx Config //复制nginx配置文件
template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root mode=0644
建立用户,启动服务,删除压缩包
[root@ansible-01 nginx]# vim /etc/ansible/nginx_install/roles/install/tasks/install.yml
- name: Create Nginx User
user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin //user模块,创建nginx用户,定义shell,之前vars里面已定义用户
- name: Start Nginx Service
shell: /etc/init.d/nginx start //开启nginx服务
- name: Add Boot Start Nginx Service
shell: chkconfig --level 345 nginx on //将nginx服务加入开机启动,这里CentOS7也支持该命令
- name: Delete Nginx compression files
shell: rm -rf /tmp/nginx.tar.gz //shell模块,删除压缩包
再创建main.yml并且把copy和install调用
[root@ansible-01 nginx]# vim /etc/ansible/nginx_install/roles/install/tasks/main.yml
- include: copy.yml //调用copy.yml和install.yml
- include: install.yml
定义一个入口配置文件
[root@ansible-01 nginx]# vim /etc/ansible/nginx_install/install.yml
--- #入口配置文件,上面都是子配置文件,所以不需要加---,但这里不可省略
- hosts: testhost #通常生产环境下,为一组机器
remote_user: root #定义远程执行用户
gather_facts: True #收集信息
roles:
- common
- install
在执行playbook之前,我们必须要保证目标机器上没有/usr/local/nginx目录,没有安装nginx。同时,80端口必须没有占用,否则执行下面的playbook会报错。
执行playbook
[root@ansible-01 nginx]# ansible-playbook /etc/ansible/nginx_install/install.yml
PLAY [testhost] ****************************************************************************************
TASK [Gathering Facts] *********************************************************************************
ok: [192.168.200.90]
ok: [127.0.0.1]
TASK [common : install initializtion requre software] **************************************************
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated.
Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name:
['zlib-devel', 'pcre-devel']` and remove the loop. This feature will be removed in version 2.11.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated.
Instead of using a loop to supply multiple items and specifying `name: "{{ item }}"`, please use `name:
['zlib-devel', 'pcre-devel']` and remove the loop. This feature will be removed in version 2.11.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ok: [192.168.200.90] => (item=[u'zlib-devel', u'pcre-devel'])
ok: [127.0.0.1] => (item=[u'zlib-devel', u'pcre-devel'])
TASK [install : Copy Nginx Software] *******************************************************************
changed: [192.168.200.90]
changed: [127.0.0.1]
TASK [install : Uncompression Nginx Software] **********************************************************
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you need to use command
because unarchive is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [127.0.0.1]
changed: [192.168.200.90]
TASK [install : Copy Nginx Start Script] ***************************************************************
changed: [192.168.200.90]
changed: [127.0.0.1]
TASK [install : Copy Nginx Config] *********************************************************************
ok: [127.0.0.1]
ok: [192.168.200.90]
TASK [install : Create Nginx User] *********************************************************************
changed: [127.0.0.1]
changed: [192.168.200.90]
TASK [install : Start Nginx Service] *******************************************************************
changed: [127.0.0.1]
changed: [192.168.200.90]
TASK [install : Add Boot Start Nginx Service] **********************************************************
changed: [127.0.0.1]
changed: [192.168.200.90]
TASK [install : Delete Nginx compression files] ********************************************************
[WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you need to
use command because file is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [192.168.200.90]
changed: [127.0.0.1]
PLAY RECAP *********************************************************************************************
127.0.0.1 : ok=10 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.200.90 : ok=10 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
目标机器90节点上已经启动了nginx服务,并监听了80端口
[root@ansible-02 ~]# ps aux |grep nginx
root 33295 0.0 0.0 24904 788 ? Ss 15:45 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 33296 0.0 0.1 27252 3336 ? S 15:45 0:00 nginx: worker process
nobody 33297 0.0 0.1 27252 3336 ? S 15:45 0:00 nginx: worker process
root 34307 0.0 0.0 112816 960 pts/0 S+ 16:21 0:00 grep --color=auto nginx
[root@ansible-02 ~]#
[root@ansible-02 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 33295/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1450/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2019/master
tcp6 0 0 :::22 :::* LISTEN 1450/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2019/master
playbook管理配置文件
生产环境中大多时候是需要管理配置文件的,安装软件包只是在初始化环境的时候用一下;
其中new为更新时用到的,old为回滚时用到的,files下面为nginx.conf和vhosts目录,handlers为重启nginx服务的命令
关于回滚,需要在执行playbook之前先备份一下旧的配置,所以对于老配置文件的管理一定要严格,千万不能随便去修改线上机器的配置,并且要保证new/files下面的配置和线上的配置一致
创建管理nginx配置文件的目录
[root@ansible-01 ~]# mkdir -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks}
[root@ansible-01 ~]# cd /usr/local/nginx/conf/
[root@ansible-01 conf]# ls
fastcgi.conf koi-utf nginx.conf uwsgi_params
fastcgi.conf.default koi-win nginx.conf.default uwsgi_params.default
fastcgi_params mime.types scgi_params win-utf
fastcgi_params.default mime.types.default scgi_params.default
创建vhosts,查看一下vhosts
[root@ansible-01 conf]# mkdir vhosts
[root@ansible-01 conf]# ls
fastcgi.conf koi-utf nginx.conf uwsgi_params
fastcgi.conf.default koi-win nginx.conf.default uwsgi_params.default
fastcgi_params mime.types scgi_params vhosts
fastcgi_params.default mime.types.default scgi_params.default win-utf
修改nginx.conf文件
[root@ansible-01 conf]# cd vhosts/
[root@ansible-01 vhosts]# touch 1.conf
[root@ansible-01 vhosts]# cd..
[root@ansible-01 conf]# vim nginx.conf
}
}
include /usr/local/nginx/conf/vhosts/*.conf;
}
90节点修改nginx.conf文件
[root@ansible-02 ~]# vi /usr/local/nginx/conf/nginx.conf
}
}
include /usr/local/nginx/conf/vhosts/*.conf;
}
先拷贝nginx.conf和vhost目录放到files目录下
[root@ansible-01 conf]# cp -r nginx.conf vhosts /etc/ansible/nginx_config/roles/new/files/
[root@ansible-01 conf]# ls /etc/ansible/nginx_config/roles/new/files/
nginx.conf vhosts
进入目录,定义变量
[root@ansible-01 conf]# cd /etc/ansible/nginx_config
[root@ansible-01 nginx_config]# ls
roles
[root@ansible-01 nginx_config]# vim roles/new/vars/main.yml
nginx_basedir: /usr/local/nginx
定义重新加载nginx服务
[root@ansible-01 nginx_config]# vim roles/new/handlers/main.yml
- name: restart nginx
shell: /etc/init.d/nginx reload #shell模块,重新加载nginx服务
定义任务
[root@ansible-01 nginx_config]# vim roles/new/tasks/main.yml
- name: copy conf file
copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mod
e=0644 #copy模块,拷贝配置文件和vhost目录;有两个循环对象,而这里nginx_basedir是前面定义的变量
with_items:
- { src: nginx.conf, dest: conf/nginx.conf }
- { src: vhosts, dest: conf/ }
notify: restart nginx #调用handlers,handlers名字是restart nginx
定义入口配置文件
[root@ansible-01 nginx_config]# vim /etc/ansible/nginx_config/update.yml
---
- hosts: testhost
user: root
roles:
- new
执行入口配置文件
[root@ansible-01 nginx_config]# ansible-playbook /etc/ansible/nginx_config/update.yml
PLAY [testhost] ****************************************************************************************
TASK [Gathering Facts] *********************************************************************************
ok: [192.168.200.90]
ok: [127.0.0.1]
TASK [new : copy conf file] ****************************************************************************
ok: [192.168.200.90] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
ok: [127.0.0.1] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
ok: [127.0.0.1] => (item={u'dest': u'conf/', u'src': u'vhosts'})
changed: [192.168.200.90] => (item={u'dest': u'conf/', u'src': u'vhosts'})
RUNNING HANDLER [new : restart nginx] ******************************************************************
changed: [192.168.200.90]
PLAY RECAP *********************************************************************************************
127.0.0.1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.200.90 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=
回滚操作就是把旧的配置覆盖,然后重新加载nginx服务, 每次改动nginx配置文件之前先备份到old里,对应目录为/etc/ansible/nginx_config/roles/old/files
备份配置文件
[root@ansible-01 nginx_config]# yum install -y rsync
[root@ansible-01 nginx_config]# rsync -av /etc/ansible/nginx_config/roles/new/ /etc/ansible/nginx_config/roles/old/
sending incremental file list #拷贝配置文件,-av 保证两边完全一致
files/
files/nginx.conf
files/vhosts/
files/vhosts/1.conf
handlers/
handlers/main.yml
tasks/
tasks/main.yml
vars/
vars/main.yml
sent 2,443 bytes received 131 bytes 5,148.00 bytes/sec
total size is 1,892 speedup is 0.74
定义总入口配置
[root@ansible-01 nginx_config]# vim /etc/ansible/nginx_config/rollback.yml
---
- hosts: testhost
user: root
roles:
- old
执行回滚的playbook
[root@ansible-01 nginx_config]# ansible-playbook /etc/ansible/nginx_config/rollback.yml
PLAY [testhost] ****************************************************************************************
TASK [Gathering Facts] *********************************************************************************
ok: [192.168.200.90]
ok: [127.0.0.1]
TASK [old : copy conf file] ****************************************************************************
ok: [192.168.200.90] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
ok: [127.0.0.1] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
ok: [192.168.200.90] => (item={u'dest': u'conf/', u'src': u'vhosts'})
ok: [127.0.0.1] => (item={u'dest': u'conf/', u'src': u'vhosts'})
PLAY RECAP *********************************************************************************************
127.0.0.1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.200.90 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
要想changed=0不为0,修改配置文件,或修改虚拟主机
能够进行回滚操作的关键是,在更新之前做一次备份,使用rsync -av能够保证两边配置一致,再进行更新。如果更新出现问题,这时我们再执行回滚操作即可
要想changed=0不为0,可以参考此博主博客:https://blog.csdn.net/miss1181248983/article/details/82811677
200
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
