Ansible 剧本 playbook

Ansible 剧本 playbook

playbook的组成

play:角色,也就是主机清单中维护的主机名
task:具体要执行的任务
playbook是由一个或多个play(多个角色)组成,一个play由多个task(多个任务)组成
简单理解为: 使用不同的模块完成一件事情

在Ansible中"剧本文件"是以yml结尾的文件。 在SaltStack中"剧本文件"是以sls结尾的文件。 但是语法,使用的都是 yaml语法
Ansible 剧本 playbook

YAML语法

缩进 YAML使用固定的缩进风格表示层级结构,每个缩进由两个空格组成, 不能使用TAB 冒号 以冒号结尾的除外,其他所
有冒号后面所有必须有空格 短横线 表示列表项,使用一个短横杠加一个空格,多个项使用同样的缩进级别作为同一列表

编写playbook安装httpd

- hosts: backup
  tasks:
    - name: an zhuang httpd
      yum:
        name: httpd
        state: present
    - name: qi dong httpd
      service:
        name: httpd
        state: started
## playbook检测语法
ansible-playbook --syntax-check install_httpd.yml
## 只测试不执行
ansible-playbook -C install_httpd.yml

使用playbook部署网站kaoshi

# 1.发送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.8
# 2.先决条件
kaoshi.tgz包
httpd配置文件
[root@m01 httpd]# ll
total 40
-rw-r--r-- 1 root root 11747 Aug 12 09:10 httpd.conf
-rw-r--r-- 1 root root 26875 Aug 12 09:09 kaoshi.tgz
[root@m01 httpd]# pwd
/root/httpd

编辑playbook

[root@m01 httpd]# vim web.yml
[root@m01 httpd]# cat web.yml
- hosts: web_group
  tasks:
    - name: Create www Group
      group:
        name: www
        gid: 666
        
    - name: Create www User
      user:
        name: www
        uid: '666'
        group: '666'
        shell: /sbin/nologin
        create_home: no
        
    - name: Disabled Selinux
      selinux:
        state: disabled
        
    - name: Stop Firewalld
      service:
        name: firewalld
        state: stopped
        
    - name: Install HTTPD And PHP Server
      yum:
      name:
        - httpd
        - php
      state: present
      
    - name: Configure HTTPD Conf
      copy:
        src: /root/httpd/httpd.conf
        dest: /etc/httpd/conf/httpd.conf
        
    - name: Unarchive Code
      unarchive:
        src: /root/httpd/kaoshi.tgz
        dest: /var/www/html
        
    - name: Start HTTPD Server
      service:
        name: httpd
        state: started
        enabled: yes
## 检测语法
[root@m01 httpd]# ansible-playbook --syntax-check web.yml
playbook: web.yml
## 执行playbook
[root@m01 httpd]# ansible-playbook web.yml

playbook 部署rsync

环境

主机名 外网IP 内网IP 角色
backup 10.0.0.41 172.16.1.41 rsync服务端、被控端
m01 10.0.0.61 172.16.1.61 ansible管理端
# 1.先决条件
## 公钥推送
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
## rsync配置文件

# 2.编写playbook
[root@m01 rsyncd]# vim rsync.yml
- hosts: backup
  tasks:
    - name: Stop Firewalld Server
      service:
        name: firewalld
        state: stopped
        
    - name: Disabled Selinux
      selinux:
        state: disabled
        
    - name: Create www Group
      group:
        name: www
        gid: 666
        state: present
        
    - name: Create www User
      user:
        name: www
        uid: 666
        group: '666'
        shell: /sbin/nologin
        create_home: no
        state: present
        
    - name: Install Rsyncd Server
      yum:
        name: rsync
        state: present
        
    - name: Configure Rsync Conf
      copy:
        src: /root/rsyncd/rsyncd.conf
        dest: /etc/rsyncd.conf
        owner: root
        group: root
        mode: 0644
        
    - name: Create Rsync Passwd File
      copy:
        content: rsync_backup:123
        dest: /etc/rsync.passwd
        owner: root
        group: root
        mode: 0600
        
    - name: Create backup Directory
      file:
        path: /backup
        state: directory
        owner: www
        group: www
        mode: 0755
        
    - name: Start Rsync Server
      service:
        name: rsyncd
        state: started
        enabled: yes
        
 ## 测试语法
[root@m01 rsyncd]# ansible-playbook --syntax-check rsync.yml
playbook: rsync.yml
## 执行playbook
[root@m01 rsyncd]# ansible-playbook rsync.yml
## 测试rsync推送
[root@m01 rsyncd]# rsync -avz /etc/passwd rsync_backup@172.16.1.41::backup
Password:
sending incremental file list
passwd
sent 565 bytes received 43 bytes 405.33 bytes/sec
total size is 1,133 speedup is 1.86

ansible操作数据库

grant all on *.* to wp_user@'%' identified by '123';
## mysql_user 模块
name:创建用户的名字
password:用户的密码
priv:'*.*:ALL'
host:指定可连接的主机
login_user:连接数据库的用户
login_password:连接数据库的密码
host_all:
  yes:类似于 % ,允许所有主机连接
  no:默认,不允许所有主机连接
state:
  present:创建
  absent:删除
## mysql_db 模块
name:数据库名字
state:
    import:导入数据
    dump:导出数据
    present:创建数据库
    absent:删除数据库
    target:指定导入数据的sql文件
    encoding:指定字符集
[root@m01 mariadb]# cat mariadb.yml
- hosts: db01
  vars:
    mysql_password: '123'
  tasks:
    - name: Install Mariadb Server
      yum:
        name:
          - mariadb-server
          - MySQL-python
        state: present
        
    - name: Start Mariadb Server
      service:
        name: mariadb
        state: started
        enabled: yes
        
    - name: Create wordpress User
      mysql_user:
        login_user: root
        login_password: "{{ mysql_password }}"
        name: zh2
        state: present
        priv: '*.*:ALL'
        host: '%'
        password: '123'
        
    - name: Create wordpress Database
      mysql_db:
        login_user: root
        login_password: "{{ mysql_password }}"
        name: zh2
        state: present
        encoding: utf8
上一篇:5 - Ansible playbook


下一篇:六、动态主机分组