ansible playbook:劇本
由一個或多個子產品組成,完成統一的目的,實作自動化操作
劇本編寫遵循yaml文法
yaml的三要素:
縮進:兩個字元,預設的tab鍵是四個字元,是以要使用tab鍵,需要修改.vimrc
vim /root/.vimrc
set tabstop=2
冒号:冒号後面需要空格,除非以冒号結尾
短橫杠:清單項,後面跟空格
playbook文法結構:ansible-playbook 選項 檔案路徑
選項:
-C | 模拟預運作 |
---|---|
–list-hosts | 列出清單 |
–list-tasks | 列出任務 |
–list-tags | 列出标簽 |
–syntax-check | 文法檢查 |
———————————分隔線————————————
環境:
ansible | 192.168.1.128 |
---|---|
web | 192.168.1.129 |
nfs | 192.168.1.134 |
rsync | 192.168.1.135 |
修改主機名:
hostnamectl set-hostname ansible
bash
hostnamectl set-hostname web
bash
hostnamectl set-hostname nfs
bash
hostnamectl set-hostname rsync
bash
修改hosts檔案
[[email protected] ~]# vim /etc/hosts
192.168.1.128 ansible
192.168.1.129 web1
192.168.1.134 nfs1
192.168.1.135 rsync1
安裝ansible
[[email protected] ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo #epel源(擴充包)
[[email protected] ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #linux鏡像源(組包)
[[email protected] ~]# yum -y install ansible #安裝ansible
[[email protected] ~]# ansible --version #檢視版本
二選其一即可↑↓
[[email protected] ~]# yum -y install epel-release #安裝epel擴充源
[[email protected] ~]# yum -y install ansible #安裝ansible
Ansible的基礎配置:
1)配置清單
[[email protected] ~]# vim /etc/ansible/hosts
[web]
web1
[nfs]
nfs1
[rsync]
rsync1
[hao:children]
web
nfs
rsync
2)在ansible上配置ssh秘鑰對通路
[[email protected] ~]# ssh-keygen -t rsa #全部回車
[[email protected] ~]# ssh-copy-id [email protected] #web伺服器
[[email protected] ~]# ssh-copy-id [email protected] #nfs伺服器
[[email protected] ~]# ssh-copy-id [email protected] #rsync伺服器
3)複制/etc/hosts到被管理端
[[email protected] ~]# scp /etc/hosts [email protected]:/etc/
[[email protected] ~]# scp /etc/hosts [email protected]:/etc/
[[email protected] ~]# scp /etc/hosts [email protected]:/etc/
或者直接使用ansible-copy子產品
[[email protected] ~]# ansible all -m copy -a "src=/etc/hosts dest=/etc/ backup=yes"
4)建立ansible目錄
[[email protected] ~]# mkdir -p /etc/ansible/ansible_playbook/{conf,file,scripts,tools}
測試案例:通過playbook安裝httpd,并修改端口号為8080
1)本地安裝httpd,修改端口為8080
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# cp /etc/httpd/conf/httpd.conf /etc/ansible/ansible_playbook/
[[email protected] ~]# cd /etc/ansible/ansible_playbook/
[[email protected] ansible_playbook]# vim httpd.conf
Listen 8080 #修改端口号
ServerName www.example.com:80 #去注釋
2)修改tab鍵縮進為兩個字元,修改.vimrc
[[email protected] ansible_playbook]# vim /root/.vimrc
set tabstop=2
3)編寫httpd.yaml
[[email protected] ansible_playbook]# vim httpd.yaml
- hosts: web
tasks:
- name: install httpd
yum: name=httpd state=latest
- name: httpd config
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
shell: systemctl start httpd
handlers:
- name: restart httpd
shell: systemctl restart httpd
[[email protected] ansible_playbook]# ansible-playbook -C httpd.yaml #測試yaml
[[email protected] ansible_playbook]# ansible-playbook httpd.yaml #執行yaml
4)還原初始環境(為後續實驗)
[[email protected] ~]# yum -y remove httpd #解除安裝本地httpd
[[email protected] ~]# ansible web -m shell -a "yum -y remove httpd" #解除安裝web伺服器httpd
[[email protected] ~]# rm -rf httpd.*
playbook配置web-nfs-rsync架構環境
1、基礎環境部署
1)網絡環境(關閉firewall selinux)
2)epel倉庫
3)安裝rsync,nfs-utils
4)建立組
5)建立使用者
6)建立目錄,并修改權限
7)推送腳本
8)推送rsync用戶端密碼檔案,修改權限
9)計劃任務
[[email protected] ansible_playbook]# cd scripts/
[[email protected] scripts]# vim /etc/ansible/ansible_playbook/base.yaml
- hosts: all
tasks:
- name: clear repos.d
file: path=/etc/yum.repos.d/ state=absent
- name: create repos.d
file: path=/etc/yum.repos.d/ state=directory
- name: install base repo
get_url: url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo
- name: install epel repo
get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo
- name: install rsync nfs-utils
yum: name=rsync,nfs-utils state=installed
- name: create group www
group: name=www gid=666
- name: create user www
user: name=www uid=666 create_home=no shell=/sbin/nologin
- name: create rsync client password
copy: content='1' dest=/etc/rsync.pass mode=600
- name: create scripts directory
file: path=/server/scripts/ recurse=yes state=directory
- name: push scripts
copy: src=./scripts/rsync_backup.sh dest=/server/scripts
- name: crontab
cron: name="backup scripts" hour=01 minute=00 job="/usr/bin/bash /server/scripts/rsync_backup.sh &> /dev/null"
[[email protected] scripts]# vim rsync_backup.sh
#!/usr/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#1.定義變量
Host=$(hostname)
Addr=$(ifconfig ens33|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
#2.建立備份目錄
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
#3.備份對應的檔案
cd / && \
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && \
#4.攜帶md5驗證資訊
[ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_${Date}
#4.推送本地資料至備份伺服器
export RSYNC_PASSWORD=1
rsync -avz $Path/ [email protected]::backup
#5.本地保留最近7天的資料
find $Path/ -type d -mtime +7|xargs rm -rf
[[email protected] scripts]# cd ..
[[email protected] ansible_playbook]# ansible-playbook -C base.yaml
2、rsync配置
1)安裝rsync
2)配置
3)啟動
4)腳本
5)計劃任務
[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/rsync.yaml
- hosts: rsync
tasks:
- name: install rsync
yum: name=rsync,mailx state=installed
- name: config rsync
copy: src=/etc/ansible/ansible_playbook/conf/rsyncd.conf dest=/etc/rsyncd.conf
notify: restart rsync
- name: create rsync local user
copy: content='rsync_backup:1' dest=/etc/rsync.password mode=600
- name: create data
file: path=/data state=directory recurse=yes owner=www group=www mode=755
- name: create backup
file: path=/backup state=directory recurse=yes owner=www group=www mode=755
- name: start rsync
service: name=rsyncd state=started enabled=yes
- name: push check scripts
copy: src=./scripts/rsync_check.sh dest=/server/scripts/
- name: crond check scripts
cron: name="check scripts" hour=05 minute=00 job="/usr/bin/bash /server/scripts/rsync_check.sh &> /dev/null"
handlers:
- name: restart rsync
service: name=rsyncd state=restarted
[[email protected] ansible_playbook]# cd conf/
[[email protected] conf]# vim rsyncd.conf
uid = nobody
gid = nobody
port 873
address = 192.168.1.135
hosts allow = 192.168.1.0/24
max connections = 4
pid file = /var/run/rsyncd.pid
timeout = 900
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
[backup]
path = /backup
read only = no
auth users = rsync_backup
secrets file = /etc/rsync.password
[[email protected] ansible_playbook]# cd ../scripts/
[[email protected] scripts]# vim rsync_check.sh
#!/usr/bin/bash
#1.定義全局的變量
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2.定義局部變量
Path=/backup
Date=$(date +%F)
#3.檢視flag檔案,将校驗的結果儲存至result_時間
find $Path/*_${Date} -type f -name "flag$Date" >$Path/result_${Date}
#4.将校驗的結果發送郵件給管理者
mail -s "Rsync Backup $Date" [email protected] <$Path/result_${Date}
#5.删除超過7天的校驗結果檔案, 删除超過180天的備份資料檔案
find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
find $Path/ -type d -mtime +180|xargs rm -rf
[[email protected] scripts]# cd ..
[[email protected] ansible_playbook]# ansible-playbook -C rsync.yaml
3、nfs部署
1)安裝nfs-utils
2)配置
3)啟動
[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/nfs.yaml
- hosts: nfs
tasks:
- name: install nfs
yum: name=nfs-utils state=installed
- name: config nfs
copy: src=./conf/exports dest=/etc/exports
- name: create data
file: path=/data state=directory recurse=yes owner=www group=www mode=755
- name: start nfs
service: name=nfs-server state=started enabled=yes
handlers:
- name: restart nfs
service: name=nfs-server state=restarted
[[email protected] ansible_playbook]# cd conf/
[[email protected] conf]# vim exports
/data 192.168.1.0/24(rw,sync,all_squash)
[[email protected] conf]# cd ..
[[email protected] ansible_playbook]# ansible-playbook -C nfs.yaml
4、sersync部署
1)在ansible伺服器先下載下傳sersync
2)解壓到/etc/ansible/ansible_playbook/并修改配置檔案
3)推送到nfs
4)啟動sersync
[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/sersync.yaml
- hosts: nfs
tasks:
- name: scp sersync
copy: src=./tools/sersync/ dest=/usr/local/sersync owner=www group=www mode=755
- name: start sersync
shell: pgrep sersync; [ $? -eq 0 ] || /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
[[email protected] ansible_playbook]# cd tools/
[[email protected] tools]# rz -E
[[email protected] tools]# tar zxf sersync2.5.4_64bit_binary_stable_final.tar.gz
[[email protected] tools]# ls
GNU-Linux-x86 sersync2.5.4_64bit_binary_stable_final.tar.gz
[[email protected] tools]# mv GNU-Linux-x86/ sersync
[[email protected] tools]# ls
sersync sersync2.5.4_64bit_binary_stable_final.tar.gz
[[email protected] tools]# cd sersync/
[[email protected] sersync]# ls
confxml.xml sersync2
[[email protected] sersync]# cd ../..
[r[email protected] ansible_playbook]# ansible-playbook -C sersync.yaml
5、web部署
1)本地安裝httpd
2)修改配置檔案,複制到/etc/ansible/ansible_playbook/conf
3)挂載
4)啟動
[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/web.yaml
- hosts: web
tasks:
- name: mount nfs
mount: src=nfs1:/data path=/data fstype=nfs state=mounted
- name: install httpd
yum: name=httpd state=installed
- name: config httpd
copy: src=./conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
shell: systemctl start httpd
handlers:
- name: restart httpd
shell: systemctl restart httpd
[[email protected] ansible_playbook]# yum -y install httpd
[[email protected] ansible_playbook]# cp /etc/httpd/conf/httpd.conf /etc/ansible/ansible_playbook/conf/
[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/conf/httpd.conf
ServerName www.example.com:80
[[email protected] ansible_playbook]# ansible-playbook -C web.yaml
6、main.yaml
[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/main.yaml
- import_playbook: base.yaml
- import_playbook: rsync.yaml
- import_playbook: nfs.yaml
- import_playbook: sersync.yaml
- import_playbook: web.yaml
[[email protected] ansible_playbook]# ansible-playbook -C main.yaml #預檢測
[[email protected] ansible_playbook]# ansible-playbook main.yaml #執行