Ansible 的 Playbook
一、playbook 概述
1.什么是playbook
PlayBook即"剧本","兵书"之意,PlayBook是由以下部分组成的
play(host): 定义的是主机的角色。(主角还是配角)
Book(task): 定义的是具体执行的任务。(角色的台词和动作)
playbook: 由一个或多个play(角色)组成,一个play(角色)可以包含多个task(台词,动作)。
简单理解为: 对不同的主机使用很多不同的模块来完成一件事(一个电影)
在Ansible中"剧本文件"是以yml结尾的文件。
在SaltStack中"剧本文件"是以sls结尾的文件。
但是语法,使用的都是yaml语法
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-WeaCRFUS-1618673968786)(C:\Users\17155\Desktop\下载图片\1618642669409.png)]](https://img-blog.csdnimg.cn/20210417234022454.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L21tOTcwOTE5,size_16,color_FFFFFF,t_70)
2.playbook组成
[root@m01 ~]# vim mm.yml
#定义要执行动作的主机或主机组 #不要用tab,要空二格
- hosts: web_group
#定义操作的用户
remote_user:root
#定义变量
vars:
#变量:变量的值
file_name: lnd
#指定主机的动作
tasks:
#动作的注释
- name: mm New File
#使用shell模块执行动作
shell: touch /opt/{{ file_name }}
#验证语法
[root@m01 ~]# ansible-playbook --syntax-check mm.yml
playbook: mm.yml #没有问题
#注意:该命令只能验证语法,验证不了逻辑
#模拟执行
[root@m01 ~]# ansible-playbook -C mm.yml
3.PlayBook与ad-hoc
| 特点 | PlayBook | ad-hoc |
|---|
| 完整性 | √ | ✘ |
| 持久性 | √ | ✘ |
| 执行效率 | 低 | 高 |
| 变量 | 支持 | 不支持 |
| 耦合度 | 低 | 高 |
1.PlayBook功能比ad-hoc更全,是对ad-hoc的一种编排.
2.PlayBook能很好的控制先后执行顺序,以及依赖关系.
3.PlayBook语法展现更加的直观.
4.playbook可以持久使用,ad-hoc无法持久使用.
4. YAML 语法
| 语法 | 描述 |
|---|
| 缩进 | YAML使用固定的缩进风格表示层级结构,每个缩进由两个空格组成, 不能使用TAB |
| 冒号 | 以冒号结尾的除外,其他所有冒号后面所有必须有空格 |
| 短横线 | 表示列表项,使用一个短横杠加一个空格,多个项使用同样的缩进级别作为同一列表 |
- 日本:
东京:
大阪:
- 中央区
- 北区
#空2格
二、playbook实战
0.配置主机清单
[root@m01 ~]# cat /etc/ansible/hosts
[web_group]
web01 ansible_ssh_pass='123'
web02 ansible_ssh_pass='123'
[nfs_group]
nfs ansible_ssh_pass='123'
[rsync_group]
backup ansible_ssh_pass='123'
[db_group]
db01 ansible_ssh_pass='123'
[www:children]
web_group
nfs_group
rsync_group
[root@m01 lnmp]# cat base.yml
- hosts: all
tasks:
- name: Stop Selinux
selinux:
state: disabled
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
1.部署httpd
1、编写剧本
[root@m01 lnmp]# cat httpd.yml
- hosts: web_group
tasks:
- name: Install Httpd group
yum:
name: httpd
state: present
- name: Config Httpd group
copy:
src: /etc/httpd/conf/httpd.conf
dest: /etc/httpd/conf/
- name: Start Httpd group
systemd:
name: httpd
state: started
2、验证并执行剧本
#验证语法
[root@m01 ~]# ansible-playbook --syntax-check httpd.yml
#执行语法
[root@m01 lnmp]# ansible-playbook httpd.yml
2.部署交作业页面
[root@m01 lnmp]# cat jiaozuoye.yml
- hosts: all
tasks:
- name: Create www Group
group:
name: www
gid: 666
state: present
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
- name: 安装NFS
yum:
name: nfs-utils
state: present
- name: 安装rpcbind
yum:
name: rpcbind
state: present
- name: 启动rpcbind
systemd:
name: rpcbind
state: started
- hosts: web_group
tasks:
- name: Install Httpd group
yum:
name: httpd
state: present
- name: Config httpd group
copy:
src: /etc/httpd/conf/httpd.conf
dest: /etc/httpd/conf/
- name: 解压php安装包到web服务器
unarchive:
src: /root/php.tar.gz
dest: /tmp/
- name: 安装php
shell: yum localinstall -y /tmp/*.rpm
- name: 配置php
copy:
src: /etc/php-fpm.d/www.conf
dest: /etc/php-fpm.d/
- name: 配置php
copy:
src: /etc/php.ini
dest: /etc/
- name: 启动php
systemd:
name: php-fpm
state: started
enabled: yes
- name: 启动httpd
systemd:
name: httpd
state: started
enabled: yes
- name: 解压代码
unarchive:
src: /root/kaoshi.zip
dest: /var/www/html/
owner: www
group: www
- name: 站点目录授权
file:
path: /var/www/
state: directory
owner: www
group: www
recurse: yes
- name: 安装NFS
yum:
name: nfs-utils
state: present
- hosts: nfs
tasks:
- name: 配置nfs
copy:
content: "/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)"
dest: /etc/exports
- name: 创建挂载目录
file:
path: /data
state: directory
owner: www
group: www
- name: 启动nfs
systemd:
name: nfs
state: started
- hosts: web_group
tasks:
- name: 创建web端挂载的目录
file:
path: /var/www/html/upload
state: directory
owner: www
group: www
- name: 挂载
mount:
src: 172.16.1.131:/data
path: /var/www/html/upload
fstype: nfs
opts: defaults
state: mounted
#验证语法
[root@m01 ~]# ansible-playbook --syntax-check zuoye.yml
#执行语法
[root@m01 lnmp]# ansible-playbook -C zuoye.yml
3.部署rsync客户端和服务端
安装rsync --思路
#1.安装并配置rsync服务
#2.创建用户
#3.创建虚拟用户与密码文件
#4.授权其备份目录
#5.客户端安装rsync serync inotity
#6.配置serync
#7.创建密码文件并授权
#8.启动serync
1、配置主机清单
[root@m01 lnmp]# cat /etc/ansible/hosts
[web_group]
web01 ansible_ssh_pass='123'
web02 ansible_ssh_pass='123'
[nfs_group]
nfs ansible_ssh_pass='123'
[rsync_group]
backup ansible_ssh_pass='123'
[db_group]
db01 ansible_ssh_pass='123'
[www:children]
web_group
nfs_group
rsync_group
2、准备rsync配置文件
[root@m01 lnmp]# vim /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 300
ignore errors
read only = false
list = false
auth users = rsync_mm
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
3、准备sersync
# 1.准备包
[root@m01 ~]# ll sersync2.5.4_64bit_binary_stable_final.tar.gz
-rw-r--r-- 1 root root 727290 Aug 23 12:22 sersync2.5.4_64bit_binary_stable_final.tar.gz
# 2.准备配置文件
[root@m01 ~]# vim GNU-Linux-x86/confxml.xml
<inotify>
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<localpath watch="/data">
<remote ip="172.16.1.141" name="backup"/>
</localpath>
<rsync>
<commonParams params="-artuz"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.password"/>
... ...
</sersync>
4、编写剧本
[root@m01 lnmp]# cat rsync_client.yml
- hosts: nfs_group
tasks:
- name: Install Rsync group
yum:
name: rsync
state: present
- name: Install Inotify-Tools group
yum:
name: inotify-tools
state: present
- name: Install Sersync group
unarchive:
src: /root/sersync2.5.4_64bit_binary_stable_final.tar.gz
dest: /usr/local/
- name: Rename Sersync Dir
shell: "mv /usr/local/GNU-Linux-x86 /usr/local/sersync"
- name: Config Sersync group
copy:
src: /root/GNU-Linux-x86/confxml.xml
dest: /usr/local/sersync/
- name: Chmod Sersync
copy:
src: /root/GNU-Linux-x86/sersync2
dest: /usr/local/sersync/
mode: 755
- name: Config Rsync Client Password File
copy:
content: "123"
dest: /etc/rsync.password
mode: 600
- name: Start Sersync
shell: /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
