get_url模块
get_url: sersync 联网下载软件包
url: 具体的软件在互联网上的路径
dest:下载到具体的目标位置
[root@manager ansible_adhoc]# ansible webservers -m get_url -a "url=https://mirror.tuna.tsinghua.edu.cn/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-agent-5.0.0-1.el7.x86_64.rpm dest=/tmp"
cron模块
cron: 定时任务模块
name: 定时任务描述
job: 任务具体是什么
minute:分钟
hour:小时
day:天
month:月
weekday:周
[root@manager ansible_adhoc]# ansible webservers -m cron -a "name='backup' hour=5 minute=0 job='/server/script/client_data_server.sh &>/dev/null'"
重新启用
[root@manager ansible_adhoc]# ansible webservers -m cron -a "name='backup2' hour=5 minute=0 month=2 weekday=7 job='/server/script/client_data_server.sh &>/dev/null' disabled=no"
关闭该cron任务
[root@manager ansible_adhoc]# ansible webservers -m cron -a "name='backup2' hour=5 minute=0 month=2 weekday=7 job='/server/script/client_data_server.sh &>/dev/null' disabled=yes"
firewalld模块
firewalld: 防火墙
service : 放行服务
port 放行端口
permanent 永久生效
immediate 临时生效
state 启用或禁用 ( enable disabled)
zone 区域
rich_rule 使用复规则
[root@manager ansible_adhoc]# ansible webservers -m systemd -a "name=firewalld state=started"
service
[root@manager ansible_adhoc]# ansible webservers -m firewalld -a "service=https state=enabled zone=public immediate=yes"
port
[root@manager ansible_adhoc]# ansible webservers -m firewalld -a "port=8080/tcp state=enabled zone=public immediate=yes"
停止防火墙
[root@manager ansible_adhoc]# ansible webservers -m systemd -a "name=firewalld state=stopped"
selinux模块
selinux: 关闭selinux防火墙
- name: Disable SELinux
selinux:
state: disabled
[root@manager ansible_adhoc]# ansible webservers -m selinux -a "state=disabled"
Ansible PlayBook
什么是playbook
playbook实现nfs
[root@manager ansible_playbook]# cat exports.j2
/ansible_data 172.16.1.0/24(rw,all_squash,anonuid=888,anongid=888)
[root@manager ansible_playbook]# cat plabybook_nfs.yml
- hosts: webservers
tasks:
#1.安装
- name: Installed NFS Server
yum:
name: nfs-utils
state: present
#2.配置
- name: Configure NFS Server
copy:
src: ./exports.j2
dest: /etc/exports
#3.初始化
- name: Init NFS Group
group:
name: ansible-nfs
gid: 888
- name: Init NFS User
user:
name: ansible-nfs
uid: 888
group: ansible-nfs
create_home: no
shell: /sbin/nologin
- name: Init NFS Create Share Directory
file:
path: /ansible_data
state: directory
owner: ansible-nfs
group: ansible-nfs
mode: 755
recurse: yes
#4.启动服务
- name: Started NFS Server
systemd:
name: nfs
state: restarted
enabled: yes
# 运行
ansible-playbook nfs.yml
playbook实现rsync
[root@manager ansible_playbook]# cat rsyncd.j2
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
################################
[backup]
path = /backup
[root@manager ansible_playbook]# cat rsync.passwd.j2
rsync_backup:ansible
[root@manager ansible_playbook]# cat plabybook_rsync.yml
- hosts: webservers
tasks:
#1.安装
- name: Installed Rsync Server
yum:
name: rsync
state: present
#2.配置
- name: Configure Rsync Server
copy::
src: ./rsyncd.j2
dest: /etc/rsyncd.conf
#3.初始化
- name: Init Rsync Server Group
group:
name: www
gid: 666
- name: Init Rsync Server User
user:
name: www
uid: 666
group: www
create_home: no
shell: /sbin/nologin
- name: Init Rsync Server Virtual User Passwd File
copy:
src: ./rsync.passwd.j2
dest: /etc/rsync.passwd
owner: root
group: root
mode: 0600
- name: Create Rsync Server Data Directory
file:
path: /backup
state: directory
owner: www
group: www
mode: 0755
recurse: yes
#4.启动rsync服务
- name: Started Rsync Server
systemd:
name: rsyncd
state: started
enabled: yes
playbook编写lap架构
需求如下:
- 使用yum安装httpd、php、php-mysql、mariadb、firewalld等
- 启动httpd 、 firewalld等服务
- 添加防火墙规则、放行http的流量,并永久生效
- 使用get_url下载 文件。
使用AnsiblePlaybook方式构建LAMP架构,具体操作步骤如下:
1.使用yum安装 httpd、php、php-mysql、firewalld等
2.启动httpd、firewalld、等服务
3.添加防火墙规则,放行http的流量,并永久生效
4.使用get_url下载http://fj.xuliangwei.com/public/index.php文件
注意:不在 7 和 8 上 安装
建议:在51服务器上安装
[root@manager ansible_playbook]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.51
[root@manager ansible_playbook]# vim hosts
[db]
172.16.1.51
注意:关闭51服务器的nginx
[root@db01 ~]# systemctl stop nginx
[root@db01 ~]# systemctl disable nginx
1.将已有的配置拷贝到控制节点,由控制节点来统一管理
[root@manager ansible_playbook]# cat plabybook_httpd_php.yml
- hosts: db
tasks:
- name: Installed Httpd PHP
yum:
name: httpd
state: present
- name: Installed Httpd PHP
yum:
name: php
state: present
- name: Configure Httpd
copy:
src: ./httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify: Restart Httpd Server
#notify主要是监控该任务是否发生changed状态,如果没有则不作任何处理
#如果 发生了changed状态,则通知 Restart Httpd Server 这个名称
- name: Started Httpd Server
systemd:
name: httpd
state: started
- name: Get URL Index
get_url:
url: http://fj.xuliangwei.com/public/index.php
dest: /var/www/html/
# notify只能通知给handlers,这是一个特殊的tasks
handlers:
- name: Restart Httpd Server
systemd:
name: httpd
state: restarted
playbook编写LNP架构
[root@manager ansible_playbook]# cat nginx.conf.j2
user www;
worker_processes 2;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
gzip on;
include /etc/nginx/conf.d/*.conf;
}
[root@manager ansible_playbook]# cat kdc.oldxu.com.conf.j2
server {
listen 80;
server_name kdc.oldxu.com;
root /ansible_code;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
root@manager ansible_playbook]# cat plabybook_cloud.yml
- hosts: webservers
tasks:
#1.安装Nginx php
- name: Installed Nginx PHP7.1
yum:
name: "{{ packages }}"
state: present
vars:
packages:
- nginx
- php71w
- php71w-cli
- php71w-common
- php71w-devel
- php71w-embedded
- php71w-gd
- php71w-mcrypt
- php71w-mbstring
- php71w-pdo
- php71w-xml
- php71w-fpm
- php71w-mysqlnd
- php71w-opcache
- php71w-pecl-memcached
- php71w-pecl-redis
- php71w-pecl-mongodb
#2.管理nginx主配置文件
- name: Configure Nginx.conf
copy:
src: ./nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart Nginx Server
- name: Create Group WWW
group:
name: www
gid: 666
- name: Create User WWW
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
#2.配置nginx虚拟主机
- name: Configure Nginx Virtual Host
copy:
src: ./kdc.oldxu.com.conf.j2
dest: /etc/nginx/conf.d/kdc.oldxu.com.conf
notify: Restart Nginx Server
#3.根据配置文件初始化
- name: Init Nginx Virtual Host
file:
path: /ansible_code
state: directory
owner: www
group: www
recurse: yes
#4.拷贝代码
- name: Copy Code
unarchive:
src: ./kodbox.1.09.zip
dest: /ansible_code/
owner: www
group: www
#5.启动服务
- name: Started Nginx Server
systemd:
name: nginx
state: started
enabled: yes
#6.只要配置变更则触发重启
handlers:
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
编写代理+nginx+php+redis架构
hosts:
[webservers]
172.16.1.7
172.16.1.8
[redis]
172.16.1.51
[lb]
172.16.1.4
配置redis redis.yml:
- hosts:db
tasks:
- name:install redis server
yum:
name: redis
state: present
- name: configure redis server
copy:
src: ./redis.conf.j2
dest: /etc/redis.conf
notify: restart redis server
- name: start redis server
systemd:
name: redis
state: started
enable: yes
handlers:
- name: restart redis server
systemd:
name: redis
state: restarted
web配置:
- hosts: webservers
tasks:
# 安装
- name: Installed Nginx PHP7.1
yum:
name: "{{ packages }}"
state: present
vars:
packages:
- nginx
- php71w
- php71w-cli
- php71w-common
- php71w-devel
- php71w-embedded
- php71w-gd
- php71w-mcrypt
- php71w-mbstring
- php71w-pdo
- php71w-xml
- php71w-fpm
- php71w-mysqlnd
- php71w-opcache
- php71w-pecl-memcached
- php71w-pecl-redis
- php71w-pecl-mongodb
# 管理
- name: Configure Nginx.conf
copy:
src: ./nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart Nginx Server
- name: Create Group WWW
group:
name: www
gid: 666
- name: Create User WWW
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
# 配置
- name: Configure Nginx Virtual Host
copy:
src: ./phpmyadmin.wenjie.com.conf.j2
dest: /etc/nginx/conf.d/phpmysdmin.wenjie.com.conf
notify: Restart Nginx Server
# 管理php.ini
- name: configure php server php.ini
copy:
src: ./php.ini.j2
dest:/etc/php.ini
notify: restart php server
- name: configure php server php.ini
copy:
src: ./php_www.conf.j2
dest: /etc/php-fpm.d/www.conf
notify: restart php server
# 初始化
- name: Init Nginx Virtual Host
file:
path: /ansible_code
state: directory
owner: www
group: www
recurse: yes
# 拷贝代码
- name: Copy Code
unarchive:
src: ./phpMyAdmin-5.0.2-all-languages.zip
dest: /ansible_code/
owner: www
group: www
# 启动
- name: Started Nginx Server
systemd:
name: nginx
state: started
enabled: yes
- name: started php server
systemd:
name: php-fpm
state: started
enabled: yes
# 配置变更则触发重启
handlers:
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
handlers:
- name: Restart php Server
systemd:
name: php-fpm
state: restarted
负载均衡配置:
- host: lb
tasks:
# 安装
- name: installed nginx server
yum:
name: nginx
state: present
# 配置
- name: configure nginx.conf
copy:
src: ./nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: restart nginx server
- name: init nginx group
group:
name: www
gid: 666
- name: init nginx user
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
#负载均衡的虚拟主机
- name: configure nginx load file
copy:
src: ./proxy_phpmyadmin.wenjie.con.conf.j2
dest: /etc/nginx/conf.d/proxy_phpmyadmin.wenjie.com.conf
notify: restart nginx srever
# 启动
- name: systemd nginx server
systemd:
name: nginx
state: started
enabled: yes
handlers:
- name: restart nginx server
systemd:
name: nginx
state: restarted
157
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
