ansible基本命令及剧本
ansible常用命令
1. -v, –verbose 详细模式,如果命令执行成功,输出详细的结果(-vv –vvv -vvvv) 2. -i, –inventory=PATH 指定host文件的路径,默认是在/etc/ansible/hosts(生产环境经常用到) 3. -f NUM, –forks=NUNUM 接一个整数,默认是5,指定fork开启同步进程的个数。 4. -m NAME, –module-name=NAME 指定使用的module名称,默认是command 5. -a, MODULE_ARGS 指定module模块的参数 6. -k, -ask-pass 提示输入ssh的密码,而不是使用基于ssh的密钥认证 7. -sudo 指定使用sudo获得root权限(生产环境经常用到) 8. -K, -ask-sudo-pass 提示输入sudo密码,与sudo一起使用 (生产环境经常用到) 9. -u USERNAME,-user=USERNAME 指定移动端的执行用户 10. -C, -check 测试此命令执行不会改变什么内容,不会真正的去执行
Ansible-playbook 基本命令
1. ansible-playbook // 查看帮助 2. ansible-playbook a.yml --syntax-check //检查yaml文件的语法是否正确 3. ansible-playbook a.yml --list-task //检查tasks任务 4. ansible-playbook a.yml --list-hosts //检查生效的主机 5. ansible-playbook a.yml --start-at-task='Copy Nginx.conf' //指定从某个task开始运行 6. ansible-playbook --syntax-check -e "hosts=c7" xx.yml -s -k // 语法检查 7. ansible-playbook -i hostslist ***.yml --limit 192.168.0.1 // 排除单个主机 8. ansible-playbook -i hostslist ***.yml --limit @failed.txt // 排除多个主机
9. ansible-playbook update-stg.yml -f 10 -s -k // 启用10个并行进程数执行
ansible-doc常用命令
1. ansible-doc -l #列出所有ansible支持的模块,重要,请自行记住 2. ansible-doc -s copy # 获取模块简要使用说明(如需详细去掉-s) src= #源文件 force= #是否覆盖 dest= #目标文件
ansible-galaxy init /roles/tomcat-install 创建roles目录结构
Ansible 基本概念
inventory 主机源
- playbooks 一组运行任务的命令集合
- roles 角色
- tasks 运行任务列表
- handlers 运行任务后的触发动作
- variables 定义的变量
inventor 目录结构
- inventories/
├── group_vars
│ └── all
│ └── kubeadm.yml
└── k8s-hosts
roles目录结构
tomcat-install/ ├── defaults │ └── main.yml ├── files │ └── jdk-8u241-linux-x64.tar.gz ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── README.md ├── tasks │ ├── basics.yml │ ├── copy.yml │ ├── main.yml │ └── tomcat.yml ├── templates │ ├── jdk_path │ ├── server.xml.j2 │ └── tomcat ├── tests │ ├── inventory │ └── test.yml └── vars └── main.yml tomcat-install角色名称 files文件及软件目录 vars定义变量 templates模板文件 配置文件替换以.j2结尾 task剧本任务 README.md 说明文档 handlers执行触发动作(类似puppet消息通知) tests文本 meta 目录表示 role角色的属性
ansible剧本常用参数:
registe:name (命令传参,或字集传参)
tags使用标记执行的模块的,可以选择单独执行某一个模块
template: src=/etc/redis.conf dest=/etc/redis.conf
handlers执行操作 类似于puppet消息通知当触发时 执行操作 比如重启等 notify:handlersname 调用handlers操作
whene判断 可以判断数值 可以判断命令是否失败或成功 true或fales failed
item 循环 写法:user: name={{item}} with_items: - 111
vars: 定义变量写法:- var1:111
facts:获取回传文件
ignore_errors:True忽略命令返回结果
tomcat-install剧本roles编写
创建执行文件
installtomcat.yml创建rosle说明文件
用于批量安装jdk及tomcat服务并启动 自定义jdk版本号 例如jdk_version: 241 由于jdk1.8版本以后 下载需要验证信息等 需手动下载安装包并放置tomcat-install rosel下files 定义tomcat启动参数如tomcat_free: JAVA_OPTS="-server -Xms512m -Xmx2048m -XX:MaxNewSize=512m -XX:PermSize=128M -XX:MaxPermSize=256M" 定义tomcat下载版本例如tomcat_ver: 7.0.106 执行tomcat-install.yml即可全自动安装
创建vars目录下main.yml 变量
#定义tomcat变量 jdk_version: 241 #定义jdk的版本号于files文件中的软件名称相对应 jdk_PATH: /usr/local/jdk/ #定义安装jdk路径 softdir: /softdir1 #创建临时软件放置目录 tomcat_path: /soft/tomcat #定义tomcat目录 tomcat_port: 8088 #定义tomcat端口号 tomcat_free: JAVA_OPTS="-server -Xms512m -Xmx2048m -XX:MaxNewSize=512m -XX:PermSize=128M -XX:MaxPermSize=256M" #定义tomcat启动参数 tomcat_ver: 7.0.106 #定义tomcat下载版本 tomcat_ver_main: "{{ tomcat_ver.split('.')[0] }}" #截取定义tomcat版本路径的首数字 用于下载tomcat url确定 down_url: https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-{{ tomcat_ver_main }}/v{{ tomcat_ver }}/bin/apache-tomcat-{{ tomcat_ver }}.tar.gz #tomcat下载地址 # vars file for tomcat-install
创建templates目录下模板文件 jdk环境变量 tomcat的sever文件 tomcat的启停脚本
JAVA_HOME={{ jdk_PATH }} JAVA_BIN={{ jdk_PATH }}bin JRE_HOME={{ jdk_PATH }}jre PATH=$PATH:{{ jdk_PATH }}bin:{{ jdk_PATH }}jre/bin CLASSPATH={{ jdk_PATH }}jre/lib:{{ jdk_PATH }}lib:{{ jdk_PATH }}jre/lib/charsets.jar
<?xml version='1.0' encoding='utf-8'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <!-- Note: A "Server" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/server.html --> <Server port="8085" shutdown="SHUTDOWN"> <!-- Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> --> <!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" Note: A "Service" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/service.html --> <Service name="Catalina"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> --> <!-- A "Connector" represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="{{ tomcat_port }}" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" maxThreads="500" minSpareThreads="20" acceptCount="300" disableUploadTimeout="true" enableLookups="false" URIEncoding="UTF-8" keepAliveTimeout="10000"/> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8089" protocol="AJP/1.3" redirectPort="8443" /> <!-- An Engine represents the entry point (within Catalina) that processes <?xml version='1.0' encoding='utf-8'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <!-- Note: A "Server" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/server.html --> <Server port="8085" shutdown="SHUTDOWN"> <!-- Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> --> <!--APR library loader. Documentation at /docs/apr.html --> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> <Listener className="org.apache.catalina.core.JasperListener" /> <!-- Prevent memory leaks due to use of particular java/javax APIs--> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> <!-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" pathname="conf/tomcat-users.xml" /> </GlobalNamingResources> <!-- A "Service" is a collection of one or more "Connectors" that share a single "Container" Note: A "Service" is not itself a "Container", so you may not define subcomponents such as "Valves" at this level. Documentation at /docs/config/service.html --> <Service name="Catalina"> <!--The connectors can use a shared executor, you can define one or more named thread pools--> <!-- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="150" minSpareThreads="4"/> --> <!-- A "Connector" represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 --> <Connector port="{{ tomcat_port }}" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" maxThreads="500" minSpareThreads="20" acceptCount="300" disableUploadTimeout="true" enableLookups="false" URIEncoding="UTF-8" keepAliveTimeout="10000"/> <!-- A "Connector" using the shared thread pool--> <!-- <Connector executor="tomcatThreadPool" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> --> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> --> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8089" protocol="AJP/1.3" redirectPort="8443" /> <!-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html --> <!-- You should set jvmRoute to support load-balancing via AJP ie : <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> --> <Engine name="Catalina" defaultHost="localhost"> <!--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) --> <!-- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> --> <!-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack --> <Realm className="org.apache.catalina.realm.LockOutRealm"> <!-- This Realm uses the UserDatabase configured in the global JNDI resources under the key "UserDatabase". Any edits that are performed against this UserDatabase are immediately available for use by the Realm. --> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <!-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html --> <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> --> <!-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern="common" --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </Host> </Engine> </Service> </Server>
#!/bin/sh # chkconfig: 345 99 10 # description: Auto-starts tomcat # /etc/init.d/tomcatd # Tomcat auto-start # Source function library. #. /etc/init.d/functions # source networking configuration. #. /etc/sysconfig/network prog="tomcat" RETVAL=0 CATALINA_HOME={{ tomcat_path }} start() { if [ -f $CATALINA_HOME/bin/startup.sh ]; then echo $"Starting $prog" $CATALINA_HOME/bin/startup.sh RETVAL=$? echo " OK" return $RETVAL fi } stop() { if [ -f $CATALINA_HOME/bin/shutdown.sh ]; then echo $"Stopping $prog" $CATALINA_HOME/bin/shutdown.sh RETVAL=$? #sleep 1 ps -ef |grep $CATALINA_HOME |grep -v grep |grep -v PID | awk '{print $2}'|xargs kill -9 echo " OK" # [ $RETVAL -eq 0 ] && rm -f /var/lock/... return $RETVAL fi } case "$1" in start) start ;; stop) stop ;; restart) echo $"Restaring $prog" $0 stop && sleep 1 && $0 start ;; *) echo $"Usage: $0 {start|stop|restart}" exit 1 ;; esac exit $RETVAL
创建tasks下main.yml主文件(定义剧本执行顺序) basics.yml(基本环境配置) copy.yml(jdk安装) tomcat.yml(tomcat安装部署)
--- # tasks file for tomcat-install - include: basics.yml - include: copy.yml - include: tomcat.yml
- name: 关闭firewalld service: name=firewalld state=stopped enabled=no - name: 临时关闭 selinux shell: "setenforce 0" failed_when: false - name: 永久关闭 selinux lineinfile: dest: /etc/selinux/config regexp: "^SELINUX=" line: "SELINUX=disabled" - name: 添加EPEL仓库 yum: name=epel-release state=latest - name: 安装常用软件包 yum: name: - vim - lrzsz - net-tools - wget - curl - bash-completion - rsync - gcc - unzip - git state: latest
- name: crate soft dir #创建软件目录 file: path={{ softdir }} state=directory - name: jdk package unarchive: src={{ softdir }}/jdk-8u{{ jdk_version }}-linux-x64.tar.gz dest={{ softdir }} copy=yes mode=755 #解压软件包到softdir目录 - name: jdk dir rename shell: "if [ ! -d {{ jdk_PATH }} ]; then mv {{ softdir }}/jdk1.8.0_{{ jdk_version }}/ {{ jdk_PATH }}; fi" #判断目录下有无jdk目录 将jdk移动至指定目录 - name: copy jdk_patg template: src=jdk_path dest={{ softdir }} owner=root group=root #将jdk模板环境变量文件放置指定目录 - name: wirte profile shell: "if [ `grep {{ jdk_PATH }}/bin /etc/profile |wc -l` -eq 0 ]; then cat {{ softdir }}/jdk_path >> /etc/profile ; fi" #将环境变量模板文件写入环境变量中 - name: source profile shell: "source /etc/profile" #重新加载环境变量
- name: tomcat pag unarchive: src={{ softdir }}/apache-tomcat-{{ tomcat_ver }}.tar.gz dest={{ softdir }} copy=no owner=root group=root - name: dir rename shell: "if [ ! -d {{ tomcat_path }} ]; then mv {{ softdir }}/apache-tomcat-{{ tomcat_ver }}/ {{ tomcat_path }}; fi" - name: modify tomcat start parameter lineinfile: dest: "{{ tomcat_path }}/bin/catalina.sh" insertbefore: "cygwin=false" line: "{{ tomcat_free }}" - name: join variable_1 lineinfile: dest: "{{ tomcat_path }}/bin/catalina.sh" insertbefore: "cygwin=false" line: "CATALINA_HOME={{ tomcat_path }}" - name: join variable_2 lineinfile: dest: "{{ tomcat_path }}/bin/catalina.sh" insertbefore: "cygwin=false" line: "JAVA_HOME={{ jdk_PATH }}" - name: join variable_3 lineinfile: dest: "{{ tomcat_path }}/bin/catalina.sh" insertbefore: "cygwin=false" line: "JRE_BIN={{ jdk_PATH }}bin" - name: join variable_4 lineinfile: dest: "{{ tomcat_path }}/bin/catalina.sh" insertbefore: "cygwin=false" line: "JRE_HOME={{ jdk_PATH }}jre" - name: join variable_5 lineinfile: dest: "{{ tomcat_path }}/bin/catalina.sh" insertbefore: "cygwin=false" line: "CLASSPATH={{ jdk_PATH }}jre/lib:{{ jdk_PATH }}lib:{{ jdk_PATH }}jre/lib/charsets.jar" - name: modifly tomcat file template: src=server.xml.j2 dest={{ tomcat_path }}/conf/server.xml owner=root group=root mode=0755 - name: copy tomcat start template: src=tomcat dest=/usr/bin/ owner=root group=root mode=0755 - name: copy tomcat system template: src=tomcat dest=/etc/init.d/ owner=root group=root mode=0755 - name: start tomcat service: name=tomcat state=restarted enabled=yes
