二、实验步骤
- 剧本编写遵循yaml语法:
冒号(冒号后面需要空格)
短横杠(后面跟空格)
缩进(两字符,默认Tab键四个字符)
- playbook语法:
ansible-playbook 选项 文件路径
选项:
--list-hosts:列出清单
--list-tasks:列出任务
--list-tags:列出标签
--syntax-check:语法检查
- 核心元素
hosts remote_user tasks handlers roles
准备环境
1.修改主机名
192.168.8.5 ansible
192.168.8.6 web
192.168.8.7 nfs
192.168.8.8 rsync
2.安装ansible
yum -y install ansible
3.配置清单
vim /etc/ansible/hosts
添加:
[web]
192.168.8.6
[nfs]
192.168.8.7
[rsync]
192.168.8.8
[benet:children]
web
nfs
rsync
4.配置ssh密钥对
ssh-keygen -t rsa
生成密钥的文件位置:/root/.ssh/
ssh-copy-id root@192.168.8.6
ssh-copy-id root@192.168.8.7
ssh-copy-id root@192.168.8.8
5.配置解析文件并复制到所有服务器
vim /etc/hosts
添加:
192.168.8.5 ansible
192.168.8.6 web
192.168.8.7 nfs
192.168.8.8 rsync
ansible benet -m copy -a "src=/etc/hosts dest=/etc/hosts backup=yes"
6.修改Tab文件.vimrc
vim /root/.vimrc
添加:
实验一
通过 playbook 安装 httpd,并修改端口号为 8080
确保ansible服务器已经安装httpd
mkdir /etc/ansible/playbook
cd /etc/ansible/playbook/
cp /etc/httpd/conf/httpd.conf ./
vim httpd.conf
添加:
创建HTTP剧本
vim /etc/ansible/playbook/httpd.yaml
添加:
- hosts: web
tasks:
- name: install httpd
yum: name=httpd state=installed
- name: start httpd
service: name=httpd state=started
- name: httpd config
copy: src=/etc/ansible/playbook/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
handlers:
- name: restart httpd
service: name=httpd state=restarted
测试:ansible-playbook -C httpd.yaml
执行:ansible-playbook httpd.yaml
实验二
playbook 配置 web--nfs--rsync 架构环境
mkdir -p /etc/ansible/playbook/{conf,file,scripts,tools/sersync}
将conf下的文件拖入
cd /etc/ansible/playbook/conf/
将scripts下的文件拖入
cd /etc/ansible/playbook/scripts/
将sersync下的文件拖入
cd /etc/ansible/playbook/tools/sersync/
基础环境剧本
vim /etc/ansible/playbook/scripts/rsync_backup.sh
修改:
vim /etc/ansible/playbook/base.yaml
添加:
- hosts: all
tasks:
- name: clear repos.d
file: path=/etc/yum.repos.d/ state=absent
- name: create repos.d
file: path=/etc/yum.repos.d/ state=directory
- name: install base repo
get_url: url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo
- name: install epel repo
get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo
- name: install rsync nfs-utils
yum: name=rsync,nfs-utils state=installed
- name: create group www
group: name=www gid=666
- name: create user www
user: name=www uid=666 create_home=no shell=/sbin/nologin
- name: create rsync client password
copy: content='1' dest=/etc/rsync.pass mode=600
- name: create scripts directory
file: path=/server/scripts/ recurse=yes state=directory
- name: push scripts
copy: src=/etc/ansible/playbook/scripts/rsync_backup.sh dest=/server/scripts
- name: crontab
cron: name="backup scripts" hour=01 minute=00 job="/usr/bin/bash /server/scripts/rsync_backup.sh &> /dev/null"
测试:ansible-playbook -C base.yaml
rsync剧本
vim /etc/ansible/playbook/conf/rsyncd.conf
修改:
vim /etc/ansible/playbook/rsync.yaml
添加:
- hosts: rsync
tasks:
- name: install rsync
yum: name=rsync state=installed
- name: config rsync
copy: src=/etc/ansible/playbook/conf/rsyncd.conf dest=/etc/rsyncd.conf
notify: restart rsync
- name: create rsync local user
copy: content='rsync_backup:1' dest=/etc/rsync.password mode=600
- name: create data
file: path=/data state=directory recurse=yes owner=www group=www mode=755
- name: create backup
file: path=/backup state=directory recurse=yes owner=www group=www mode=755
- name: start rsync
service: name=rsyncd state=started enabled=yes
- name: push check scripts
copy: src=/etc/ansible/playbook/scripts/rsync_check.sh dest=/server/scripts
- name: crond check scripts
cron: name="check scripts" hour=05 minute=00 job="/usr/bin/bash /server/scripts/rsync_check.sh &> /dev/null"
handlers:
- name: restart rsync
service: name=rsyncd state=restarted
测试:ansible-playbook -C rsync.yaml
NFS剧本
vim /etc/ansible/playbook/conf/exports
修改:
vim /etc/ansible/playbook/nfs.yaml
添加:
- hosts: nfs
tasks:
- name: install nfs
yum: name=nfs-utils state=installed
- name: config nfs
copy: src=/etc/ansible/playbook/conf/exports dest=/etc/exports
notify: restart nfs
- name: create data
file: path=/data state=directory recurse=yes owner=www group=www mode=755
- name: start nfs
service: name=nfs-server state=started enabled=yes
handlers:
- name: restart nfs
service: name=nfs-server state=restarted
测试:ansible-playbook -C nfs.yaml
sersync剧本
cd /etc/ansible/playbook/tools/sersync/
vim confxml.xml
修改:
vim /etc/ansible/playbook/sersync.yaml
添加:
- hosts: nfs
tasks:
- name: scp sersync
copy: src=/etc/ansible/playbook/tools/sersync/ dest=/usr/local/sersync owner=www group=www mode=755
- name: start sersync
shell: pgrep sersync;
[ $? -eq 0 ] || /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
测试:ansible-playbook -C sersync.yaml
web剧本
vim /etc/ansible/playbook/web.yaml
添加:
- hosts: web
tasks:
- name: mount nfs
mount: src=nfs:/data path=/data fstype=nfs state=mounted
- name: install httpd
yum: name=httpd state=installed
- name: config httpd
copy: src=/etc/ansible/playbook/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started enabled=yes
handlers:
- name: restart httpd
service: name=httpd state=restarted
测试:ansible-playbook -C web.yaml
main剧本
vim /etc/ansible/playbook/main.yaml
添加:
- import_playbook: base.yaml
- import_playbook: rsync.yaml
- import_playbook: nfs.yaml
- import_playbook: sersync.yaml
- import_playbook: web.yaml
测试:ansible-playbook -C main.yaml
执行:ansible-playbook main.yaml
数据同步测试:
在NFS的/data目录创建文件aaa
在web的/data中查看是否同步
在rsync的/backup中查看是否同步
rsync会在基本环境剧本中的计划任务设置时间段进行备份,可以使用crontab -e查看计划任务
实验三
配置实例,要求被管理主机上自动安装Mariadb,安装完成之后上传提前准备好的配置文件至远端主机,重启服务,然后新建testdb数据库,并允许test用户对其拥有所有权限
开启一台新的CentOS(192.168.8.9)当做Mariadb
1.修改主机名(Mariadb)
192.168.8.9 mariadb
2.配置解析文件
ansible:
vim /etc/hosts
添加:
Mariadb:
vim /etc/hosts
添加:
3.配置清单(ansible)
vim /etc/ansible/hosts
添加:
4.配置免密登录(ansible)
ssh-copy-id root@192.168.8.9
5.创建所需的目录(ansible)
mkdir -p /etc/ansible/roles/mariadb/files
6.复制配置文件(ansible)
cp /etc/my.cnf /etc/ansible/roles/mariadb/files/
7.编写剧本(ansible)
cd /etc/ansible/roles/mariadb/
vim mariadb.yaml
添加:
- hosts: mariadb
remote_user: root
tasks:
- name: install mariadb mariadb-server
yum: name=mariadb-server state=present
- name: move config file
shell: "[ -e /etc/my.cnf ]&& mv /etc/my.cnf /etc/my.cnf.bak"
- name: provide a new config file
copy: src=/etc/ansible/roles/mariadb/files/my.cnf dest=/etc/my.cnf
- name: reload mariadb
shell: systemctl restart mariadb
- name: create database testdb
shell: mysql -u root -e "CREATE DATABASE testdb;GRANT ALL ON *.* TO 'test'@'192.168.8.%' IDENTIFIED BY 'test123';FLUSH PRIVILEGES;"
notify:
- restart mariadb service
handlers:
- name: restart mariadb service
service: name=mariadb state=restarted
测试:ansible-playbook -C mariadb.yaml
执行:ansible-playbook mariadb.yaml
验证:
ansible安装Mariadb
yum -y install mariadb-server
systemctl start mariadb
mysql -u test -h 192.168.8.9 -p
show databases;
