日期: 2020-06-23 12:56:43
1 ansible-playbook 任务剧本
1.1 剧本文件概念
(1)playbook可以将多个批量操作模块功能整合,完成一件事情。(2)简化运维工作复杂度(3)playbook通过yaml语法识别描述的状态文件,扩展名是yaml
1.2 剧本文件组成部分
(1)剧本的角色(hosts)定义的是主机信息(2)剧本的任务(tasks)定义的是具体任务信息(3)一个剧本文件有多个hosts组成,一个hosts可以包含多个tasks任务
1.3 剧本文件优势特点
(1)实现自动化功能更加全面(2)可以更好的控制逻辑关系(3)剧本展现命令语法更直观(4)拥有持久反复执行的特性
1.4 剧本文件编写规范
(1)缩进特点: 两个空格表示一个缩进关系(2)冒号用法: 冒号后面需要有空格 冒号结尾不需要有空格主机信息: 172.16.1.41 --- key: value (键值写法) (3)列表用法: 利用短横线加空格构建列表清单
1.5 剧本执行使用方法
(1)检查剧本语法:ansible-playbook --syntax-check test.yaml (2)剧本模拟执行:ansible-playbook -C test.yaml (3)剧本真实运行:ansible-playbook test.yaml
1.6 剧本编写扩展功能
(1)剧本变量编写功能(2)剧本信息通知功能(3)剧本信息判断功能(4)剧本信息循环功能(5)剧本编写忽略错误(6)剧本标签设置功能(7)剧本忽略采集功能(8)剧本信息触发功能
1.6.1 剧本变量编写功能
设置变量方法一: 在剧本执行命令参数中设置变量,命令行最优先
[root@m01 ansible_playbook]#ansible-playbook -e dir=/etc -e file=rsyncd.conf test_变量编写.yaml
设置变量方法二: 在剧本中设置变量,剧本变量其次优先
[root@m01 ansible_playbook]#vim test_变量编写.yaml - hosts: 172.16.1.41 vars: dir: /etc file: rsyncd.conf tasks: - name: copy file copy: src={{ dir }}/{{ file }} dest={{ dir }}/ # {{}}调用变量
设置变量方法二: 在主机清单中设置变量,主机清单变量最不优先
[root@m01 ansible_playbook]#vim /etc/ansible/hosts [sersync_server] 172.16.1.31 [sersync_client] 172.16.1.41 [sersync_server:vars] dir=/etc file=rsyncd.conf # 直接给主机组设置变量,这样主机组内的所有主机都可以调用变量了
1.6.2 剧本信息通知功能
编辑剧本
[root@m01 ansible_playbook]#vim test_通知功能.yaml - hosts: 172.16.1.41 tasks: - name: boot server service: name=rsyncd state=started - name: check server boot shell: netstat -lntup|grep 873 register: oldboy - debug: msg={{ oldboy.stdout_lines }} # 将shell中命令执行结果通过register注册给oldboy,oldboy相当于一个变量,{{}}调取oldboy # debug类似echo,输出信息 # stdout_lines 将输出的信息变得有格式
运行剧本
[root@m01 ansible_playbook]#ansible-playbook test_通知功能.yaml PLAY [172.16.1.41] *********************************************************************************** TASK [Gathering Facts] ******************************************************************************* ok: [172.16.1.41] TASK [boot server] *********************************************************************************** ok: [172.16.1.41] TASK [check server boot] ***************************************************************************** changed: [172.16.1.41] TASK [debug] ***************************************************************************************** ok: [172.16.1.41] => { "msg": [ "tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 3708/rsync ", "tcp6 0 0 :::873 :::* LISTEN 3708/rsync " ] } PLAY RECAP ******************************************************************************************* 172.16.1.41 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.6.3 剧本信息判断功能
nfs服务客户端三台主机 centos7 10.0.0.7、centos6 10.0.0.8、centos7 10.0.0.9 此时在批量启动的时候需要进行判断,因为centos6,centos7启动命令不一样 判断的格式 - hosts: nfs_client tasks: - name: boot centos7 nfs shell: systemctl start nfs 判断: 如果是centos7 ??? - name: boot centos6 nfs shell: /etc/init.d/nfs start 判断: 如果是centos6 ??? setup模块:收集远程主机信息 语法: [root@m01 ansible_playbook]#ansible 172.16.1.41 -m setup -a "filter=ansible_hostname" 172.16.1.41 | SUCCESS => { "ansible_facts": { "ansible_hostname": "backup", "discovered_interpreter_python": "/usr/bin/python" }, "changed": false } # filter 过滤 筛选
实现收集子信息的方法
问题: 获取主机信息,以及子信息
方法一:
- hosts: rsync tasks: - name: touch file file: path=/etc/oldboy01.txt state=touch when: (ansible_eth1.ipv4.address == "172.16.1.41")
方法二:
- hosts: rsync tasks: - name: touch file file: path=/etc/oldboy01.txt state=touch when: (ansible_eth1["ipv4"]["address"] == "172.16.1.41")
setup模块常用来收集的信息
根据 ip 地址进行判断创建目录
[root@m01 ansible_playbook]#vim test_判断功能.yaml - hosts: nfs_client tasks: - name: create file for 41 host file: path=/tmp/172.16.1.41 state=directory when: (ansible_hostname == "backup") - name: create file for 7 host file: path=/tmp/172.16.1.7 state=directory when: (ansible_hostname == "web01")
运行剧本
root@m01 ansible_playbook]#ansible-playbook -C test_判断功能.yaml PLAY [nfs_client] ************************************************************************************ TASK [Gathering Facts] ******************************************************************************* ok: [172.16.1.41] ok: [172.16.1.7] TASK [create file for 41 host] *********************************************************************** skipping: [172.16.1.7] changed: [172.16.1.41] TASK [create file for 7 host] ************************************************************************ skipping: [172.16.1.41] changed: [172.16.1.7] PLAY RECAP ******************************************************************************************* 172.16.1.41 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 172.16.1.7 : ok=2 changed=1 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
1.6.4 剧本信息循环功能
循环创建多个用户
[root@m01 ansible_playbook]#vim test_循环功能.yaml - hosts: 172.16.1.41 tasks: - name: create user user: name={{ item }} with_items: - oldgirl01 - oldgirl02 - oldgirl03 - oldgirl04 - oldgirl05
循环创建多个用户 多个用户uid数值是不同的
[root@m01 ansible_playbook]#vim test_循环功能.yaml - hosts: 172.16.1.41 tasks: - name: create user user: name={{ item.name }} uid={{ item.uid }} with_items: - {name: "oldgirl06", uid: "3006"} - {name: "oldgirl07", uid: "3007"} - {name: "oldgirl08", uid: "3008"} - {name: "oldgirl09", uid: "3009"} - name: check create user info shell: grep oldgirl0 /etc/passwd register: user_info - debug: msg={{ user_info.stdout_lines }}
1.6.5 剧本编写忽略错误功能
忽略功能主要用来调试剧本
[root@m01 ansible_playbook]#vim test_h忽略功能.yaml - hosts: 172.16.1.41 tasks: - name: create rsync user shell: useradd rsync -M -s /sbin/nologin ignore_errors: yes - name: create backup dir shell: mkdir /backup ignore_errors: yes - name: boot server shell: systemctl start rsyncd ignore_errors: yes
在使用shell进行一些操作时,shell产生的结果已经存在时,会导致剧本无法进行下去,因此使用忽略功能可以有效的使剧本进行下去。
1.6.6 剧本标签设置功能
标签功能主要用来调试剧本
tags:标签
[root@m01 ansible_playbook]#vim test_标签功能.yaml - hosts: 172.16.1.41 tasks: - name: 01:安装软件 yum: name=rsync state=installed ignore_errors: yes - name: 02:创建用户 user: name=rsync create_home=no shell=/sbin/nologin ignore_errors: yes tags: create_user - name: 03:创建目录 file: path=/backup state=directory
运行剧本
ansible-playbook -t create_user test_标签功能.yaml --- 执行剧本中标签任务 ansible-playbook --skip-tags create_user test_标签功能.yaml --- 跳过指定标签任务,执行其他任务 ansible-playbook -t create_user,create_dir test_标签功能.yaml --- 执行多个标签 # -t=tags
1.6.7 剧本忽略采集功能
[
root@m01 ansible_playbook]#vim test_忽略采集.yaml - hosts: 172.16.1.41 gather_facts: no tasks: - name: 01:安装软件 yum: name=rsync state=installed ignore_errors: yes - name: 02:创建用户 user: name=rsync create_home=no shell=/sbin/nologin ignore_errors: yes tags: create_user - name: 03:创建目录 file: path=/backup state=directory tags: create_dir
当剧本采集大量主机信息时,可能会变得卡,慢,影响剧本后面的操作执行的效率。所以在这个时候,可以忽略采集功能,提高效率,在hosts下面添加 gather_facts: no 如果剧本中有判断功能,不能使用此参数,因为采集的信息会与判读信息对比
1.6.8 剧本信息触发功能
编写剧本
[root@m01 ansible_playbook]#vim test_触发功能.yaml - hosts: 172.16.1.41 tasks: - name: 01:传输配置文件 copy: src=/etc/ansible/ansible_playbook/rsyncd.conf dest=/etc/ notify: rsync_restart - name: 02:启动服务程序 service: name=rsyncd state=started handlers: - name: rsync_restart service: name=rsyncd state=restarted
handlers:一般用于配置文件修改时,才会进行触发功能,对服务进行重启 notify:传输配置文件过来,notify通知rsync_restart这个触发器。然后handlers会进行重启服务说明: 整体任务执行完毕,才会执行触发功能
1.7 编写剧本练习题
要求:
(1)在172.16.1.41主机上操作: ①将定时任务服务停止 ②创建一个/etc/目录软连接 在/opt目录中生成 ③将本地/etc/hosts文件分发给41主机 保存到/tmp目录中(2)在172.16.1.31主机上操作: ①将防火墙服务开机自动运行 ②将主机上安装keepalived软件
实践:
编写剧本文件
[root@m01 ansible_playbook]#vim test.yaml - hosts: 172.16.1.41 tasks: - service: name=crond state=stopped - file: src=/etc path=/opt/etc_link state=link - copy: src=/etc/hosts dest=/tmp - hosts: 172.16.1.31 tasks: - service: name=firewalld enabled=yes - yum: name=keepalived state=installed
剧本语法检查
# 语法检查剧本文件 [root@m01 ansible_playbook]#ansible-playbook --syntax-check test.yaml playbook: test.yaml
剧本模拟执行
[root@m01 ansible_playbook]#ansible-playbook -C test.yaml PLAY [172.16.1.41] *********************************************************************************** TASK [Gathering Facts] ******************************************************************************* ok: [172.16.1.41] TASK [service] *************************************************************************************** ok: [172.16.1.41] TASK [file] ****************************************************************************************** ok: [172.16.1.41] TASK [copy] ****************************************************************************************** ok: [172.16.1.41] PLAY [172.16.1.31] *********************************************************************************** TASK [Gathering Facts] ******************************************************************************* ok: [172.16.1.31] TASK [service] *************************************************************************************** ok: [172.16.1.31] TASK [yum] ******************************************************************************************* ok: [172.16.1.31] PLAY RECAP ******************************************************************************************* 172.16.1.31 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 172.16.1.41 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
剧本真实执行
[root@m01 ansible_playbook]#ansible-playbook test.yaml PLAY [172.16.1.41] *********************************************************************************** TASK [Gathering Facts] ******************************************************************************* ok: [172.16.1.41] TASK [service] *************************************************************************************** ok: [172.16.1.41] TASK [file] ****************************************************************************************** ok: [172.16.1.41] TASK [copy] ****************************************************************************************** ok: [172.16.1.41] PLAY [172.16.1.31] *********************************************************************************** TASK [Gathering Facts] ******************************************************************************* ok: [172.16.1.31] TASK [service] *************************************************************************************** ok: [172.16.1.31] TASK [yum] ******************************************************************************************* ok: [172.16.1.31] PLAY RECAP ******************************************************************************************* 172.16.1.31 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 172.16.1.41 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
补充:
如果系统中装有cowsay软件,在执行命令时,会产生图案信息,影响查阅结果,可以关闭。
[root@m01 ansible]#vim ansible.cfg # don't like cows? that's unfortunate. # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 # nocows = 1 把# nocows = 1 中的 # 去掉即可。
1.8 ansible剧本实现rsync一键化部署
第一个历程: 按照模块方式,完成服务每个步骤部署
第一步:服务端配置
# 安装软件程序 ansible rsync -m yum -a "name=rsync state=installed" # 编写配置文件:要在批量管理主机上提前写好,然后推送给服务端 # 在管理端准备好服务配置文件 ansible rsync_server -m copy -a "src=/etc/ansible/conf_file/rsyncd.conf dest=/etc/" # 创建虚拟用户 ansible rsync_server -m user -a "name=rsync create_home=no shell=/sbin/nologin" # 创建密码文件 (授权600) ansible rsync_server -m copy -a "content='rsync_backup:oldboy123' dest=/etc/rsync.password mode=600" # 创建备份目录 (授权 属主 属组) ansible rsync_server -m file -a "path=/backup state=directory owner=rsync group=rsync" @ 启动程序服务 ansible rsync_server -m service -a "name=rsyncd state=started enabled=yes"
第二步:客户端配置
# 创建密钥文件 (授权600) ansible rsync_client -m copy -a "content='oldboy123' dest=/etc/rsync.password mode=600" # 批量测试传输文件 ansible rsync_client -m shell -a "rsync -avz /etc/hosts [email protected]::backup --password-file=/etc/rsync.password"
第二个历程: 编写剧本信息
[root@m01 ansible_playbook]#vim rsync_auto.yaml - hosts: rsync_server tasks: - name: 01:install rsync yum: name=rsync state=installed - name: 02:copy conf file copy: src=/etc/ansible/conf_file/rsyncd.conf dest=/etc/ - name: 03:create rsync user user: name=rsync create_home=no shell=/sbin/nologin - name: 04:create password file copy: content='rsync_backup:oldboy123' dest=/etc/rsync.password mode=600 - name: 05:create backup dir file: path=/backup state=directory owner=rsync group=rsync - name: 06:boot rsync server service: name=rsyncd state=started enabled=yes - hosts: rsync_client tasks: - name: 01:create password file copy: content='oldboy123' dest=/etc/rsync.password mode=600
恢复环境剧本
[root@m01 ansible_playbook]#vim rsync_backup.yaml - hosts: rsync_server tasks: - name: 01:delete conf file file: path=/etc/rsyncd.conf state=absent - name: 02:delete rsync user user: name=rsync state=absent - name: 03:delete password file file: path=/etc/rsync.password state=absent - name: 04:delete backup dir file: path=/backup/ state=absent - name: 05:boot rsync server service: name=rsyncd state=stopped enabled=no - hosts: rsync_client tasks: - name: 01:delete password file file: path=/etc/rsync.password state=absent
1.9 ansible剧本实现nfs一键化部署
第一个历程: 按照模块方式,完成服务每个步骤部署
服务端配置
01. 安装部署软件程序: rpcbind nfs-utile
ansible nfs_server -m yum -a "name=rpcbind state=installed" ansible nfs_server -m yum -a "name=nfs-utile state=installed"
02. 编写配置文件:配置文件要提前写好
# 批量管理主机写好的配置文件推送给服务端/etc/ansible-playbook/nfs.conf ansible nfs_server -m copy -a "src=/etc/ansible/ansible_playbook/nfs.conf dest=/etc/exports"
03. 创建共享目录:
ansible nfs_server -m file -a "path=/data/ state=directory owner=nfsnobody group=nfsnobody"
04. 启动程序服务:
ansible nfs_server -m service -a "name=rpcbind state=started enabled=yes" ansible nfs_server -m service -a "name=nfs state=started enabled=yes"
客户端配置:
01. 安装部署软件
ansible nfs_client -m yum -a "name=nfs-utile state=installed"
02. 挂载共享目录
ansible nfs_client -m mount -a "src=172.16.1.31:/data/ path=/mnt fstype=nfs state=mounted"
第二个历程编写剧本:
[root@m01 ansible_playbook]#vim nfs_auto.yaml - hosts: nfs_server tasks: - name: 1:install rpcbind nsf-utils yum: name: - rpcbind - nfs-utils state: installed - name: 2:copy conf file copy: src=/etc/ansible/ansible_playbook/nfs.conf dest=/etc/exports - name: 3:create data dir file: path=/data/ state=directory owner=nfsnobody group=nfsnobody - name: 4:boot server rcbind service: name=rpcbind state=started enabled=yes - name: 4:boot server nfs service: name=nfs state=restarted enabled=yes - hosts: nfs_client tasks: - name: 1:install nfs yum: name=nfs-utils state=installed - name: 2:mount data dir mount: src=172.16.1.31:/data/ path=/mnt fstype=nfs state=mounted
恢复环境剧本
[root@m01 ansible_playbook]#vim nfs_backup.yaml - hosts: nfs_server tasks: - name: 01:install rpcbind nfs-utils yum: name: - rpcbind - nfs-utils state: removed - name: 02:copy conf file shell: echo "" >/etc/exports - name: 03:create data dir file: path=/data/ state=absent - hosts: nfs_client tasks: - name: 01:install nfs yum: name=nfs-utils state=removed - name: 02:mount data dir mount: src=172.16.1.31:/data/ path=/mnt fstype=nfs state=unmounted
优化剧本:
[root@m01 ansible_playbook]#vim nfs_auto.yaml - hosts: nfs_server vars: conf_file: exports data_dir: /data tasks: - name: 01:install nfs rpcbind yum: name: ['nfs-utils', 'rpcbind'] state: installed - name: 02:copy conf file copy: src=/etc/ansible/ansible_playbook/nfs.conf dest=/etc/{{ conf_file }} notify: - nfs_restart - name: 03:create data dir file: path={{ data_dir }} state=directory owner=nfsnobody group=nfsnobody - name: 04:boot server rpcbind service: name={{ item.name }} state={{ item.state }} enabled={{ item.enabled }} with_items: - {name: "rpcbind", state: "started", enabled: "yes"} - {name: "nfs", state: "started", enabled: "yes"} handlers: - name: nfs_restart service: name=nfs state=reloaded - hosts: nfs_client vars: data_dir: /data tasks: - name: 01:install nfs yum: name=nfs-utils state=installed - name: 02:mount data dir mount: src=172.16.1.31:{{ data_dir }} path=/mnt fstype=nfs state=mounted - name: 03:check mount info shell: df -h|grep mnt register: mount_info - debug: msg={{ mount_info.stdout_lines }}
1.10 ansible剧本实现sersync一键化部署
第一个历程: 按照模块方式,完成服务每个步骤部署配置hosts主机清单
[server_server] 172.16.1.31 [server_client] 172.16.1.41 #安装rsync ansible backup_server -m yum -a "name=rsync state=installed" #在批量管理主机上下载sersync,解压发送给客户端 ansible backup_server -m file -a "src=/usr/local/sersync_installdir_64bit/sersync dest=/usr/local" #在批量管理主机上写好sersync配置文件,发送给客户端 ansible backup_server -m copy -a "src=/usr/local/sersync_installdir_64bit/sersync/conf/confxml.xml dest=/usr/local/sersync/conf/" #给sersync加上执行权限 ansible backup_server -m file -a "path=/usr/local/sersync/bin/sersync mode=a+x" #给sersync创建软链接 ansible backup_server -m file -a "src=/usr/local/sersync/bin/sersync path=/usr/local/sbin/sersync state=link" #启动sersync 测试实时同步 ansible backup_server -m shell -a "sersync -dro /usr/local/sersync/conf/confxml.xml"
第二个历程,编写剧本
[root@m01 ansible_playbook]#vim sersync_auto.yaml - hosts: sersync_server tasks: - name: 安装rsync yum: name=rsync state=installed - name: 将sersync传输到客户端 file: src=/usr/local/sersync_installdir_64bit/sersync/ dest=/usr/local - name: 将写好的配置文件传输到客户端 copy: src=/usr/local/sersync_installdir_64bit/sersync/conf/confxml.xml dest=/usr/local/sersync/conf/ - name: 加上执行权限 file: path=/usr/local/sersync/bin/sersync mode=a+x - name: 创建软链接 file: src=/usr/local/sersync/bin/sersync path=/usr/local/sbin/sersync state=link - name: 启动sersync 测试实时同步 shell: sersync -dro /usr/local/sersync/conf/confxml.xml
恢复环境剧本
[root@m01 ansible_playbook]#cat sersync_backup.yaml - hosts: sersync_server tasks: - name: 卸载rsync yum: name=rsync state=removed - name: 删除sersync file: path=/usr/local/sersync
2 多个剧本如何进行整合
第一个历程: 确保每个剧本执行成功第二个历程: 进行剧本整合方法一:不建议使用
[root@m01 ansible_playbook]#vim zhenghe.yaml # ---角色里使用 - hosts: all remote_user: root tasks: - include_tasks: nfs_auto.yml - include_tasks: rsync_auto.yml # 不写hosts信息,只写任务信息
方法二:在以后的ansible中可能会取消include功能
[root@m01 ansible_playbook]#vim zhenghe.yaml - include:nfs_auto.yml - include:rsync_auto.yml
方法三:建议使用这个方法
[root@m01 ansible_playbook]#vim zhenghe.yaml - import_playbook: nfs_auto.yaml - import_playbook: rsync_auto.yaml
3 ansible剧本编写方式:角色
(1)规范ansible程序目录结构(2)汇总剧本中有定义的主机信息
3.1 角色调用流程图
3.2 nfs服务角色编写
第一个历程: 创建角色目录结构
cd roles/;mkdir {nfs,rsync,web,sersync} cd nfs/{vars,tasks,templates,handlers,files} # vars: 定义变量信息 # tasks: 定义任务信息 # templates: 定义模板文件(jinja2模板文件) # handlers: 定义触发器信息 # files: 定义需要分发的文件
第二个历程: 编写文件信息 tasks: 任务信息编写方式一: nfs服务编写
vim main.yaml - name: 01:install nfs rpcbind yum: name: ['nfs-utils', 'rpcbind'] state: installed - name: 02:copy conf file copy: src=/etc/ansible/ansible_playbook/nfs.conf dest=/etc/{{ conf_file }} notify: - nfs_restart - name: 03:create data dir file: path={{ data_dir }} state=directory owner=nfsnobody group=nfsnobody - name: 04:boot server rpcbind service: name={{ item.name }} state={{ item.state }} enabled={{ item.enabled }} with_items: - {name: "rpcbind", state: "started", enabled: "yes"} - {name: "nfs", state: "started", enabled: "yes"} - name: 01:install nfs yum: name=nfs-utils state=installed - name: 02:mount data dir mount: src=172.16.1.31:{{ data_dir }} path=/mnt fstype=nfs state=mounted - name: 03:check mount info shell: df -h|grep mnt register: mount_info - debug: msg={{ mount_info.stdout_lines }}
tasks: 任务信息编写方式二: tasks:定义任务信息
cd tasks vim main.yaml vim nfs_boot.yaml vim nfs_conf.yaml vim nfs_datadir.yaml vim nfs_install.yaml vim nfs_mount.yaml ######################### vim main.yaml - include_tasks: nfs_install.yaml - include_tasks: nfs_conf.yaml - include_tasks: nfs_datadir.yaml - include_tasks: nfs_boot.yaml - include_tasks: nfs_mount.yaml
vars:定义变量信息
vim main.yaml conf_file: exports data_dir: /data
files:定义需要分发的文件
[root@m01 files]# ll total 4 -rw-r--r-- 1 root root 42 Jul 29 10:34 nfs.conf
handlers:定义触发器信息
vim main.yaml - name: nfs_restart service: name=nfs state=reloaded
总结
以上所述是小编给大家介绍的ansible批量管理服务 ,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对奥多码网站的支持!
如果你觉得本文对你有帮助,欢迎转载,烦请注明出处,谢谢!