用ansible实现rsync
[root@manager ~]# cd ansible_tasks/
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
################################
[backup]
path = /backup
常规rsync服务的playbook:
[root@manager ansible_tasks]# cat rsync.yml
- hosts: webservers
tasks:
- name: Install Rsync Server
yum:
name: rsync
state: present
- name: Configure Rsync Server
copy:
src: ./rsyncd.conf.j2
dest: /etc/rsyncd.conf
notify: Restart Rsync Server
- name: Copy Rsync Server Virtual PassFile
copy:
src: rsync.passwd.j2
dest: /etc/rsync.passwd
owner: root
group: root
mode: 0600
- name: Init Rsync Server-Group
group:
name: www
gid: 666
- name: Init Rsync Server-User
user:
name: www
uid: 666
group: www
create_home: no
shell: /sbin/nologin
- name: Create Rsync Server Data Directory
file:
path: /backup
state: directory
owner: www
group: www
mode: 755
- name: Started Rsync Server
systemd:
name: rsyncd
state: started
enabled: yes
handlers:
- name: Restart Rsync Server
systemd:
name: rsyncd
state: restarted
调整后的rsync playbook:
rsync服务由 test用户运行 提供 test 仓库目录
[root@manager ansible_tasks]# cat rsync.yml
- hosts: webservers
vars:
- rsync_uid: test
- rsync_gid: test
- data_dir: test
tasks:
- name: Install Rsync Server
yum:
name: rsync
state: present
- name: Configure Rsync Server And Virtual PassFile
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: ./rsyncd.conf.j2 , dest: /etc/rsyncd.conf , mode: "0644" }
- { src: ./rsync.passwd.j2 , dest: /etc/rsync.passwd , mode: "0600" }
notify: Restart Rsync Server
- name: Init Rsync Server-Group
group:
name: "{{ rsync_gid }}"
gid: 6661
- name: Init Rsync Server-User
user:
name: "{{ rsync_uid }}"
uid: 6661
group: "{{ rsync_gid }}"
create_home: no
shell: /sbin/nologin
- name: Create Rsync Server Data Directory
file:
path: /{{data_dir}}
state: directory
owner: "{{ rsync_uid }}"
group: "{{ rsync_gid }}"
mode: 0755
- name: Started Rsync Server
systemd:
name: rsyncd
state: started
enabled: yes
handlers:
- name: Restart Rsync Server
systemd:
name: rsyncd
state: restarted
ansible jinja2模板
什么是jinja2
jinja2是python的全功能模板引擎
使用场景
- 给10台主机装nginx服务,但是要求每台主机的端口都不一样,如何解决
jinja模板基本语法
- 想在配置文件中使用jinja2,playbook中的tasks必须使用tamplate模块
- 配置文件里面使用变量,比如{{PORT}}或使用{{facts变量}}
配置示例:
用jinja配置nginx proxy:
nginx_proxy: 循环 nginx.conf ( 变量 )
[root@manager ansible_roles]# cat proxy_blog.oldxu.com.conf.j2
upstream {{ blog_site }} {
{% for host in groups['webservers'] %}
server {{ host }};
{% endfor %}
server {
listen 80;
server_name {{ blog_site }};
location / {
proxy_pass http://{{ blog_site }};
include proxy_params;
}
}
[root@manager ansible_roles]# cat nginx_proxy.yml
- hosts: webservers
vars:
- blog_site: blog.oldxu.com
tasks:
- name: Configure Nginx Proxy Vurtual File
template:
src: ./proxy_blog.oldxu.com.conf.j2
dest: /tmp/proxy_blog.oldxu.com.conf
keepalived实现方式:
第一种方式: inventory 方式来实现:
router_id
state
priority
[lbservers]
172.16.1.5 state=MASTER priority=150
172.16.1.6 state=BACKUP priority=120
[root@manager ansible_roles]# cat keepalived-template.conf.j2
global_defs {
router_id {{ ansible_hostname }}
}
vrrp_instance VI_1 {
state {{ state }}
priority {{ priority }}
interface eth0
virtual_router_id 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@manager ansible_roles]# cat keepalived.yml
- hosts: lbservers
tasks:
- name: Install Keepalived Server
yum:
name: keepalived
state: present
- name: Configure Keepalived Server
template:
src: keepalived-template.conf.j2
dest: /etc/keepalived/keepalived.conf
notify: Restart Keepalived Server
- name: Started Keepalived Server
systemd:
name: keepalived
state: started
enabled: yes
handlers:
- name: Restart Keepalived Server
systemd:
name: keepalived
state: restarted
第二种方式:使用 jinja方式来实现:
[root@manager ansible_roles]# cat hosts
[lbservers]
172.16.1.5
172.16.1.6
[root@manager ansible_roles]# cat keepalived-template.conf.j2
global_defs {
router_id {{ ansible_hostname }}
}
vrrp_instance VI_1 {
{% if ansible_hostname == "lb01" %}
state MASTER
priority 200
{% elif ansible_hostname == "lb02" %}
state BACKUP
priority 100
{% endif %}
interface eth0
virtual_router_id 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
[root@manager ansible_roles]# cat keepalived.yml
- hosts: lbservers
tasks:
- name: Install Keepalived Server
yum:
name: keepalived
state: present
- name: Configure Keepalived Server
template:
src: keepalived-template.conf.j2
dest: /etc/keepalived/keepalived.conf
notify: Restart Keepalived Server
- name: Started Keepalived Server
systemd:
name: keepalived
state: started
enabled: yes
handlers:
- name: Restart Keepalived Server
systemd:
name: keepalived
state: restarted
ansible roles
roles是一个一直的文件结构,去自动加载某些vars、tasks以及handlers,以便playbook更好的调用。
例如:我们无论安装什么软件都会安装时间同步服务,那么每个playbook都要编写时间同步服务的task。此时我们可以将时间同步服务task任务写好,等到需要使用的时候进行调用就行了。
Ansible注意事项在编写roles的时候,最好能够将-个task拆分为1个文件, 方便后续复用。(彻底的打散)
roles目录结构
roles官方目录结构,必须如下定义。在每个目录中必须有main.yml文件,这些属于强制要求。
创建目录结构方法:
mkdir {nfs,rsync,web}/{vars,tasks,tamplates,handlers,files,meta} -p
目录机构如下:
上面目录中,
files:存放文件
handlers:存放handlers
meta:存放依赖文件
tamplates:存放模板文件
tasks:存放任务文件
vars:存放变量文件
实战使用roles配置nfs:
[root@manager ansible_roles_prod]# mkdir nfs/{tasks,handlers,templates,vars} -p
[root@manager ansible_roles_prod]# cat nfs/tasks/main.yml
- name: Install NFS Server
yum:
name: nfs-utils
state: present
- name: Configure NFS Server
template:
src: exports.j2
dest: /etc/exports
notify: Restart NFS Server
- name: Init NFS Server
group:
name: www
gid: 666
- name: Init NFS Server
user:
name: www
uid: 666
group: www
- name: Init NFS Share Directory
file:
path: /data
state: directory
owner: www
group: www
- name: Started NFS Server
systemd:
name: nfs
state: started
enabled: yes
[root@manager ansible_roles_prod]# cat nfs/handlers/main.yml
- name: Restart NFS Server
systemd:
name: nfs
state: restarted
[root@manager ansible_roles_prod]# cat nfs/templates/exports.j2
/data 172.16.1.0/24(rw,async,all_squash,anonuid=666,anongid=666)