Ansible运维

自动化运维

（1）环境准备

关闭防火墙和SELinux，并修改/etc/hosts文件

systemctl stop firewalld

systemctl disable firewalld

setenforce 0

getenforce 0

cat /etc/selinux/config

…

#     disabled - No SELinux policy is loaded.

SELINUX=disabled       //将此处改为disabled

# SELINUXTYPE= can take one of three two values:

…

[root@ansible-test1 ~]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.x.x ansible-test1    //添加两台主机的IP和主机名

192.168.x.x ansible-test2

 

 

（2）安装Ansible

[root@ansible-test1 ~]# yum install epel-release -y

[root@ansible-test1 ~]# yum install -y ansible

[root@ansible-test1 ~]# ansible --version

 

 

 

（3）免密配置

【test-1】：

ssh-keygen -t rsa

ssh-copy-id 192.168.x.x    #test2机器的id

ssh 192.168.x.x

（4）主机组设置

grep ^[^#] /etc/ansible/hosts

[testhost]

127.0.0.1 ansible_ssh_port=22  ansible_ssh_user=root ansible_ssh_pass=123456

192.168.x.x

2 Ansible远程执行命令

ansible testhost -m command -a "hostname"

ansible 192.168.2.20 -m command -a "hostname"

3 Ansible拷贝文件或目录

ansible 192.168.2.20 -m copy -a "src=/etc/passwd

dest=/tmp/123"

 

4 脚本执行

cat /tmp/test.sh

ansible testhost -m copy -a "src=/tmp/test.sh

dest=/tmp/test.sh "

5批量运行脚本

ansible testhost -m shell -a "/tmp/test.sh

ansible testhost -m shell -a "cat /etc/passwd |wc -l "

 

6 管理任务计划

ansible testhost -m cron -a "name='test cron'

job='/bin/bash/tmp/test.sh' weekday=6"

 

ansible testhost -m cron -a "name='test cron'

state=absent"           #删除cron

7 Ansible安装RPM包/管理服务

ansible testhost -m service -a "name=httpd state=started

enabled=yes"             #在name后面还可以加上state=installed/removed。

ansible-doc -l #列出服务模块

Ansible playbook使用

vim /etc/ansible/test.yml

---

- hosts: "192.168.116.136"

  remote_user: root

  tasks：

  - name: test_playbook

shell: "touch /tmp/playbook_test.txt"

ansible-playbook test.yml

cat create_user.yml

ansible-playbook create_user.yml

 

 

ansible playbook中的循环

    cat while.yml

ansible-playbook while.yml

ansible playbook中的条件判断‘

ansible-playbook when.yml

 

ansible playbook中的handlers

ansible-playbook handlers.yml

 

Ansible playbook实战

 

ansible自动化安装nginx

./configure --prefix=/usr/local/nginx

make && make install

cat /etc/init.d/nginx

 

 

cat /usr/local/nginx/conf/nginx.conf

# /usr/local/nginx/sbin/nginx -t

启动nginx  #psmisc可以安装killal清理httpd端口占用

# service nginx start

 

环境准备

mv nginx-1.9.6.tar.gz /etc/ansible/nginx_install/roles/install/files/

cp nginx-1.9.6/conf/nginx.conf /etc/ansible/nginx_install/roles/install/templates/

cp /etc/init.d/nginx /etc/ansible/nginx_install/roles/install/templates/

 

 

[root@ansible1 nginx_install]# cat install.yml

---

- hosts: 192.168.x.x             #入口文件,ssh连接机器

  remote_user: root

  gather_facts: True

  roles:

    - common

    - install

[root@ansible2 nginx_install]# cat roles/common/tasks/main.yml

- name: install initialization require software  #安装需要的依赖

  yum: name={{ item }} state=installed   ##item变成nginx_packages

  with_items:          

    - zlib-devel

    - pcre-devel

    - gcc

[root@ansible1 nginx_install]# cat roles/install/vars/main.yml

nginx_user: www             #定义所需变量

nginx_port: 80

nginx_basedir: /usr/local/nginx

[root@ansible1 nginx_install]# cat roles/install/tasks/copy.yml

- name: Copy Nginx Software    #复制压缩包

  copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root

- name: Uncompression Nginx Software #解压压缩包

  shell: tar zxf /tmp/nginx.tar.gz -C /usr/local/

- name: Copy Nginx Start Script        #复制启动脚本

  template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755

- name: Copy Nginx Config        #复制nginx配置文件

  template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root

mode=0644

[root@ansible2 nginx_install]# cat roles/install/tasks/install.yml

- name: create nginx user    #创建用户

  user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin

- name: start nginx service   #开启服务

  shell: /etc/init.d/nginx start

- name: add boot start nginx service       #加入开机启动

  shell: chkconfig --level 345 nginx on

- name: delete nginx compression files  #删除压缩包

  shell: rm -rf /tmp/nginx.tar.gz

[root@ansible2 nginx_install]# cat roles/install/tasks/main.yml

- include: copy.yml #调用copy.yml和install.yml

- include: install.yml

 

 

#添加shell: cd /usr/local/nginx-1.9.6 && ./configure --prefix=/usr/local/nginx

      shell: cd /usr/local/nginx-1.9.6 && make && make install

 

 

 

ansible-playbook /etc/ansible/nginx_install/install.yml

 

 

 

 

 

管理配置文件

#在/etc/ansible/nginx_config/roles/new/files/下创建vhosts文件夹，并复制nginx.conf

 

cat /etc/ansible/nginx_config/roles/new/tasks/main.yml

- name: copy conf file      #复制.conf和hosts文件

  copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644

  with_items:

    - { src: nginx.conf, dest: conf/nginx.conf }

    - { src: vhosts, dest: conf/ }

  notify: restart nginx

[root@ansible-test1 ansible]# clear

[root@ansible-test1 ansible]# cat /etc/ansible/nginx_config/roles/new/handlers/main.yml

- name: restart nginx   #用于重新加载nginx服务

  shell: /etc/init.d/nginx reload

[root@ansible-test1 ansible]#

[root@ansible-test1 ansible]# cat /etc/ansible/nginx_config/roles/new/tasks/main.yml

- name: copy conf file      #复制.conf和hosts文件

  copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644

  with_items:

    - { src: nginx.conf, dest: conf/nginx.conf }

    - { src: vhosts, dest: conf/ }

  notify: restart nginx

[root@ansible-test1 ansible]#

[root@ansible-test1 ansible]#

[root@ansible-test1 ansible]# cat /etc/ansible/nginx_config/roles/new/vars/main.yml

nginx_basedir: /usr/local/nginx #定义变量

[root@ansible-test1 ansible]#

[root@ansible-test1 ansible]#

[root@ansible-test1 ansible]# cat nginx_config/update.yml

---

- hosts: 192.168.200.153  #入口文件

  user: root

  roles:

  - new         #这里只有new

 

 

 

 ansible-playbook /etc/ansible/nginx_config/update.yml