环境说明 :
控制节点:Redhat 8,安装Ansible和所需的python环境,手动关闭firewalld和SELINUX
受控主机:Redhat 7,安装所需的python环境,关闭firewalld和SELINUX
- 关闭firewalld和SELINUX
[root@ansible ~]# systemctl stop firewalld
[root@ansible ~]# systemctl disable firewalld
[root@ansible ~]# vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
//保存并退出,然后重启机器即可
- 在控制节点的主机清单中添加受控主机
[root@ansible ~]# vim /etc/ansible/ansible.cfg
#inventory = /etc/ansible/hosts //去掉注释并修改路径,这里我修改的路径为/etc/ansible/inventory,修改完毕后要手动创建清单文件
[root@ansible ~]# vim /etc/ansible/ansible.cfg
192.168.50.140 ansible_password=redhat //在清单中添加受管主机的IP地址以及远程登陆的密码,可以手动修改远登录的用户,如果不修改默认使用当前ansible主机的用户登录
- 测试连通性
[root@ansible ~]# ansible 192.168.50.140 -m ping
192.168.50.140 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
- 修改虚拟主机的配置(使用变量)
[root@ansible ~]# ls
anaconda-ks.cfg hosts test.sh
hehe httpd-vhosts.conf vars
[root@ansible ~]# vim httpd-vhosts.conf
......
<VirtualHost *:{{ httpd_port1 }}> 把端口改为变量
DocumentRoot "/var/www/html/web1"
ServerName web1.example.com
ErrorLog "/var/log/httpd/web1.example.com-error_log"
CustomLog "/var/log/httpd/web1.example.com-access_log" common
</VirtualHost>
Listen {{ httpd_port2 }}
<VirtualHost *:{{ httpd_port2 }}>
DocumentRoot "/var/www/html/web2"
ServerName web2.example.com
ErrorLog "/var/log/httpd/web2.example.com-error_log"
CustomLog "/var/log/httpd/web2.example.com-access_log" common
</VirtualHost>
- 编写变量文件,变量文件要放在vars目录下,规范管理
[root@ansible ~]# ls
anaconda-ks.cfg hosts test.sh
hehe httpd-vhosts.conf vars
[root@ansible ~]# cd vars
[root@ansible vars]# ls
httpd_port1 httpd_port2
[root@ansible vars]# cat httpd_port1
httpd_port1: 80
[root@ansible vars]# cat httpd_port2
httpd_port2: 81
- 创建web1和web2两个目录,分别写入hehe,kk
[root@ansible playbook]# ls
httpd.yml myplay.yml template web1 web2
[root@ansible playbook]# cd web1
[root@ansible web1]# ls
index.html
[root@ansible web1]# cat index.html
hehe
[root@ansible playbook]# cd web2
[root@ansible web2]# ls
index.html
[root@ansible web2]# cat index.html
kk
-
创建一个目录用于存放playbook,并在目录中创建一个以 .yml结尾的文件(这里是创建的myplay.yml)
-
编写playbook
[root@ansible /]# cd playbook/
[root@ansible playbook]# ls
httpd.yml myplay.yml template web1 web2
[root@ansible playbook]# vim myplay.yml
---
- name: 下载yum源
hosts: 192.168.50.142
tasks:
- name: 传输yum
copy:
src: /etc/yum.repos.d/CentOS-Base.repo
dest: /etc/yum.repos.d/CentOS-Base.repo
- name: 修改yum源的配置文件
hosts: 192.168.50.142
tasks:
- name: 修改
command: sed -i 's/8/7/g' /etc/yum.repos.d/CentOS-Base.repo
- name: 安装httpd服务
hosts: 192.168.50.142
tasks:
- name: 安装
yum:
name: httpd
state: present
- name: 修改httpd的配置文件
hosts: 192.168.50.142
tasks:
- name: 修改
command: sed -i 's/#ServerName www.example.com:80/ServerName www.example.com:80/' /etc/httpd/conf/httpd.conf
- name: 创建网页目录
hosts: 192.168.50.142
tasks:
- name: 网站
copy:
src: web1
dest: /var/www/html
- name: 网站2
copy:
src: web2
dest: /var/www/html
- name: 配置虚拟主机
hosts: 192.168.50.142
vars_files:
- /root/vars/httpd_port1
- /root/vars/httpd_port2
tasks:
- name: 端口为变量
template:
src: /root/httpd-vhosts.conf
dest: /etc/httpd/conf.d/
- name: 启动httpd服务
hosts: 192.168.50.142
tasks:
- name: 启动
service:
name: httpd
state: started
enabled: yes
- name: 关闭
service:
name: firewalld
state: stopped
enabled: no
- name: 重启
service:
name: httpd
state: restarted
- 执行playbook
[root@ansible playbook]# ansible-playbook myplay.yml
PLAY [下载yum源] ************************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [192.168.50.140]
TASK [传输yum] *************************************************************************************************************************
changed: [192.168.50.140]
PLAY [修改yum源的配置文件] *******************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [192.168.50.140]
TASK [修改] ****************************************************************************************************************************
[WARNING]: Consider using the replace, lineinfile or template module rather than running 'sed'. If you need to use command because
replace, lineinfile or template is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
changed: [192.168.50.140]
PLAY [安装httpd服务] *********************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [192.168.50.140]
TASK [安装] ****************************************************************************************************************************
ok: [192.168.50.140]
PLAY [修改httpd的配置文件] ******************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [192.168.50.140]
TASK [修改] ****************************************************************************************************************************
changed: [192.168.50.140]
PLAY [创建网页目录] ************************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [192.168.50.140]
TASK [网站] ****************************************************************************************************************************
changed: [192.168.50.140]
PLAY [配置虚拟主机] ************************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [192.168.50.140]
TASK [相同IP不同端口] **********************************************************************************************************************
ok: [192.168.50.140]
PLAY [启动httpd服务] *********************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [192.168.50.140]
TASK [启动] ****************************************************************************************************************************
ok: [192.168.50.140]
TASK [关闭] ****************************************************************************************************************************
ok: [192.168.50.140]
TASK [重启] ****************************************************************************************************************************
changed: [192.168.50.140]
PLAY RECAP ***************************************************************************************************************************
192.168.50.140 : ok=16 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@ansible playbook]#
10.查看受控机/var/www/html下是否有web1,web2
[root@localhost ~]# cd /var/www/html
[root@localhost html]# ls
web1 web2
[root@localhost html]# cd web1
[root@localhost web1]# ls
index.html
[root@localhost web1]# cat index.html
hehe
[root@localhost html]# cd web2
[root@localhost web2]# ls
index.html
[root@localhost web2]# cat index.html
kk
[root@localhost web2]#
- 查看浏览器能否访问