一.简介
ansible的剧本playbook采用yaml语法,通过yaml语法可以轻松地表示和定义复杂的任务和配置,无论是单台还是多台服务器的管理,ansible都能够提供统一的语法来描述和执行操作,能快速地应对变更、部署和升级。
二.yaml语法基本
0.运行Ansible Playbook
ansible-playbook deploy.yml
1.YAML语法规范 类似JSON用键值表示,YAML是JSON的集合
用#号注释
区分大小写
严格的缩进关系来表示层级
缩进禁止tab键,只能用空格,空格数量无要求
#ansible的yaml特征
以---开头
以...结尾
#出现特殊字符要使用单引号或双引号,单引号所见所得,双引号内的可转义,使用单引号担心转义可以多加一个\ 如\\n
2.YAML数据结构有映射map和列表list,Map的键值可以是list结构,list列表项也可以是Map结构
映射map型如下:
#decome为键,yes为值;apt为键,name和state为值;同时,name又为键,apache2为值,state为键,present为值
become: yes
apt:
name: apache2
state: present
列表list型如下:
#args为键,web、mysql和redis为值
args
- web
- mysql
- redis
Map的键值可以是list结构,list列表项也可以是Map结构,如下
- hosts: servers
become: yes
tasks:
- name: Install Apache
apt:
name: apache2
state: present
三.常见模块的yaml用法
1.copy模块
---
- hosts: server1 # 指定要操作的目标主机
remote_user: root # 指定在目标主机上执行操作的用户
tasks: # 任务列表
- name: copy file to remote server # 任务名,可以自定义
copy: # 调用copy模块
src: /path/to/local/file # 要复制的本地文件的路径
dest: /path/to/remote/file # 要复制到的远程文件路径
backup: yes # 如果目标文件存在,则在覆盖前创建一个备份
mode: '0644' # 设置文件的权限模式
owner: username # 设置文件的所有者
group: groupname # 设置文件的组
force: no # 如果文件已经存在,则不强制替换文件
2.file模块
---
- hosts: servers
tasks:
- name: 确保 /etc/foo.conf 文件存在
file:
path: /etc/foo.conf
state: present
- name: 设置 /etc/foo.conf 的权限为 644
file:
path: /etc/foo.conf
mode: 0644
- name: 设置 /etc/foo.conf 的所有权为 user:group
file:
path: /etc/foo.conf
owner: user
group: group
- name: 创建一个目录,并设置适当的权限
file:
path: /opt/mydir
state: directory
mode: 0755
owner: user
group: group
3.yum模块
---
- hosts: servers
become: yes
tasks:
- name: Install package
yum:
name: httpd
state: present
- name: Update package
yum:
name: httpd
state: latest
- name: Remove package
yum:
name: httpd
state: absent
4.systemd
---
- name: 使用 Ansible 管理 systemd 服务
hosts: servers
tasks:
- name: 确保 httpd 服务已安装并启动
ansible.builtin.yum:
name: httpd
state: present
- name: 启动 httpd 服务
ansible.builtin.systemd:
name: httpd
state: started
enabled: yes
- name: 重启 httpd 服务
ansible.builtin.systemd:
name: httpd
state: restarted
- name: 停止 httpd 服务
ansible.builtin.systemd:
name: httpd
state: stopped
- name: 使 httpd 服务不在系统启动时自动启动
ansible.builtin.systemd:
name: httpd
state: stopped
enabled: no
5.user
- name: 创建用户设置家目录和设置密码
user:
name: myuser
uid: 1005
group: myuser
groups: myuser,sudo #添加到附件组myuser,sudo
home: /home/myuser
createhome: yes
password: "{{ 'mypassword' | password_hash('sha512') }}"
shell: /bin/bash
state: present
6.cron
- hosts: servers
tasks:
- name: 添加一个新的cron任务
cron:
name: "每天上午9:00执行备份脚本"
minute: "0"
hour: "9"
job: "/usr/local/bin/backup.sh"
user: "root"
四.使用ansible的剧本
1.简单初始化剧本
cat >deploy_init.yml<<'EOF'
---
- hosts: all
become: yes
tasks:
- name: Install common packages
apt:
name: "{{ item }}"
state: present
update_cache: yes
with_items:
- vim
- curl
- git
- name: Create a new user
user:
name: myuser
createhome: yes
shell: /bin/bash
groups: wheel
- name: Copy SSH key to server
authorized_key:
user: myuser
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
- name: Restrict SSH Access
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
state: present
- name: Restart SSH service
service:
name: ssh
state: restarted
- name: Update all packages
apt:
update_cache: yes
upgrade: dist
...
EOF
运行deploy_init.yml
ansible-playbook deploy_init.yml
2.部署LAMP剧本
cat >deploy_lamp.yml<<'EOF'
---
- hosts: servers
become: yes
tasks:
- name: Install Apache
apt:
name: apache2
state: present
- name: Start Apache and Enable on Boot
systemd:
name: apache2
state: started
enabled: yes
- name: Install MySQL
apt:
name: mysql-server
state: present
- name: Start MySQL and Enable on Boot
systemd:
name: mysql
state: started
enabled: yes
- name: Install PHP
apt:
name: php
state: present
- name: Reload Apache to Enable PHP
systemd:
name: apache2
state: reloaded
- name: Test PHP Page
copy:
dest: /var/www/html/index.php
content: |
<?php
// Show all information, defaults to INFO_ALL
phpinfo();
?>
- name: Restart Apache
systemd:
name: apache2
state: restarted
EOF
运行deploy_lamp.yml
ansible-playbook deploy_lamp.yml