文章目录
playbook的编写要严格按照python的缩进格式,如果有哪些模块用法忘了的话,直接ansible-doc yum(相应的模块即可),在帮助文档的最后都有模板,本文只是举几个不同方面的例子来方便大家拓展
一、apache的安装
注意火墙的设定和服务的端口以及默认发布文件
vim playbook.yml
---
- hosts: prod ##设定操作的主机组
vars: ##使用端口变量
http_port:80
tasks:
- name: install httpd ##说明接下来的操作内容
yum: ##调用的模块名称
name: httpd ##执行的操作
state: present
- name: copy index.html
copy:
src: files/index.html ##本地文件的位置
dest: /var/www/html/index.html
- name: configure httpd
copy:
src: files/httpd.conf
dest: /etc/httpd/conf/httpd.conf
owner: root ##设定配置文件的权限与原来的相同
group: root
mode: 644
notify: restart httpd ##触发器,修改配置文件后应该重启服务
- name: start httpd and firewalld
service:
name: "{{ item }}" ##通过设置变量来实现循环操作
state: started
loop:
- httpd
- firewalld
- name: configure firewalld
firewalld:
service: http
permanent: http
permanent: yes
immediate: yes
state: enabled
handlers: ##被触发器调用的模块
- name: restart httpd
service:
name: httpd
state: restarted
- hosts: localhost ##本机的操作,注意这么写的话要与本机也做免密
become: no ##是否切换为超户
tasks:
- name: test httpd ##测试apache的状态,200就代表没问题
uri:
url: http://172.25.20.3
status_code: 200
本机免密的做法:
cp id_rsa.pub authorized_keys
##把密钥的名字改为与ssh-copy-id给别人的名字一样即可
vim inventory ##修改主机组文件
mkdir files ##在ansible目录下创建
cp /etc/httpd/conf/http.conf ./files/ ##复制一个apache的配置文件
vim ./files/httpd.conf ##只修改端口那里即可
Listen {{ http_host }}:{{ http_port }}
##调用变量
playbook的执行:
ansible-playbook -C playbook.yml ##测试运行,不会真正安装,但是有些操作测试无法成功
ansible-playbook --syntax-check playbook.yml ##检查语法是否有问题
ansible-playbook playbook.yml ##直接运行
运行后查看两个主机的配置文件,与设置的变量含义相同
二、调用变量来查看操作主机的一些参数信息
vim file.yml
mkdir templates
vim templates/file.j2 ##编写一个生成文件的模板
ansible-playbook file.yml ##直接执行
在两台主机server2和server3上测试;
详细的变量查看可以用这条指令:
三、haproxy实现httpd的负载均衡
vim playbook.yml
---
- hosts: webserver
vars:
http_port: 80
tasks:
- name: install httpd
yum:
name: httpd
state: present
- name: copy index.html
copy:
content: "{{ ansible_facts['hostname'] }}" ##让默认配置文件显示自己的主机名,调用的是变量
dest: /var/www/html/index.html
- name: configure httpd
template:
src: templates/httpd.conf.j2 ##调用的是模板,模板一般以j2作后缀
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd and firewalld
service:
name: "{{ item }}"
state: started
loop:
- httpd
- firewalld
- name: configure firewalld
firewalld:
service: http
permanent: http
permanent: yes
immediate: yes
state: enabled
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
- hosts: localhost
tasks:
- name: install haproxy
yum:
name: haproxy
state: present
- name: configure haproxy
template:
src: templates/haproxy.cfg.j2 ##调用的是模板
dest: /etc/haproxy/haproxy.cfg
notify: restart haproxy
- name: start haproxy
service:
name: haproxy
state: started
handlers:
- name: restart haproxy
service:
name: haproxy
state: restarted
首先先给自己赋予超户权限,然后再与localhost免密,记住免密后要连接一次,不然那个提示yes/no会让ansible在运行的时候卡住
vim /etc/sudoers
编写一个haproxy配置文件的模板,apache的配置文件模板与上一个实验的配置文件相同,只修改变量那处就可以
vim templates/haproxy.cfg.j2 ##最好是直接yum安装后复制配置文件再修改
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
stats uri /status ##配置一个监控界面
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:80
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin ##用变量来写可以让新加入主机组的主机自动加进来
{% for host in groups['webserver'] %}
server {{ hostvars[host]['ansible_facts']['hostname'] }} {{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }}:80 check
{% endfor %}
ansible-playbook playbook.yml
访问浏览器进行测试;
再开启一台虚拟机server4,创建普通用户,赋予超户权限,与server1设置免密
vim inventory
[test]
server2
server3
[prod]
server1
server4
[webserver:children]
test
prod
ansible-playbook playbook.yml ##server4设定完成后再来一次
进入浏览器测试看能否访问到server4
再查看本机的haproxy的配置文件,自动把server4添加进来了
四、把playbook拆分成roles,以haproxy负载均衡为例
尝试写roles,即角色,把复杂的playbook简化为一个个文件
mkdir - p roles/httpd/{files,templates,tasks,handlers,vars,defaults,meta}
##可以直接这样把所有的目录生成出来
cd roles ##也可以在roles的目录下,通过命令直接初始化生成相应的目录
ansible-galaxy init apache ##会直接生成一个apache目录,里面包含上面手动创建的所有目录
ansible-galaxy init haproxy
可以通过tree命令查看生成的目录和文件
通过roles实现haproxy对apache的负载均衡
可以发现playbook变的很简洁,内容都在tasks里
cp templates/haproxy.cfg.j2 roles/haproxy/templates/ ##把模板复制到roles里
cp templates/httpd.conf.j2 roles/haproxy/templates/
apache的roles编写
cd roles/
vim apache/tasks/main.yml ##可以有多个任务,但是main.yml必须得有,写多个,然后main.yml调用其他的任务
---
- name: install httpd
yum:
name: httpd
state: present
- name: copy index.html
copy:
content: "{{ ansible_facts['hostname'] }}"
dest: /var/www/html/index.html
- name: configure httpd
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd and firewalld
service:
name: "{{ item }}"
state: started
loop:
- httpd
- firewalld
- name: configure firewalld
firewalld:
service: http
permanent: http
permanent: yes
immediate: yes
state: enabled
vim apache/handlers/main.yml
---
- name: restart httpd
service:
name: httpd
state: restarted
vim apache/vars/main.yml
---
http_host: "{{ ansible_facts['default_ipv4']['address'] }}"
http_port: 80
haproxy的roles编写
vim haproxy/tasks/main.yml
---
- name: install haproxy
yum:
name: haproxy
state: present
- name: configure haproxy
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
notify: restart haproxy
- name: start haproxy
service:
name: haproxy
state: started
vim haproxy/handlers/main.yml
---
- name: restart haproxy
service:
name: haproxy
state: restarted
cd /home/devops/ansible
ansible-playbook apache.yml ##推送服务即可
五、批量创建用户
把创建的用户写到一个文件里,利用变量文件的调用来创建用户
vim createuser.yml
---
- hosts: test
vars_files: ##调用变量文件
- userlist.yml
tasks:
- name: create user
user:
name: "{{ item.user }}"
password: "{{ 'item.pass' | password_hash('sha512') }}" ##hash加密密码
state: present
loop: "{{ userlist }}"
vim userlist.yml
---
userlist:
- user: user1
pass: abc
- user: user2
pass: abc
- user: user3
pass: abc
注意:如果用纯数字加密的话,用户创建后不能用这个数字密码登陆,需要重新设置一个密码才可以登陆
加密指令如下:
加密后的文件如下:
可以再次修改原文件
六、分区模块的书写
ansible-doc linefile ##查看文件帮助
ansible-doc parted ##查看例子
先给server2添加一块硬盘来测试:
vim my_disk.yml ##playbook文件
---
- hosts: server2
vars_files: ##调用变量文件
- storage_vars.yml
tasks:
- name: Create a new primary partition
parted: ##分区模块
device: /dev/vdb
number: "{{ item.number }}"
part_start: "{{ item.start }}"
part_end: "{{ item.end }}"
state: present
loop: "{{ partitions }}"
- name: create volume group
lvg:
vg: demo_vg
pvs: /dev/vdb1
- name: Create a logical volume
lvol:
vg: demo_vg
lv: "{{ item.name }}"
size: 100%VG
resizefs: true
force: yes
state: present
loop: "{{ logicalvolumes }}"
when: item.name not in ansible_lvm["lvs"] ##做一个判断,如果逻辑卷已经建立了就跳过
- name: Create a xfs filesystem
filesystem:
fstype: xfs
dev: /dev/demo_vg/test
- name: mount lvs
mount:
path: /var/www/html
src: /dev/demo_vg/test
fstype: xfs
state: mounted
opts: noatime
vim storage_vars.yml ##编写变量文件
---
partitions:
- number: 1
start: 1MiB
end: 1GiB
- number: 2
start: 1GiB
end: 2GiB
logicalvolumes:
- name: test
ansible-playbook my_disk.yml ##推送服务
在server2上查看挂载情况
5079
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
