ansible自动化运维

作者: Liang_JC | 来源:发表于2020-04-02 12:37 被阅读0次

CentOS7 Ansible自动化运维
Asible了解，配置，部署
06Ansible服务
ansible 自动化运维工具
Ansible Module 快速入门 ad-hoc
干货：一文详解 Ansible 的自动化运维
Ansible服务
Ansible服务
Linux_298_运维自动化介绍
Ansible学习——基本概念 day1

安装ansible

#需要epl源
[root@centos7 ~]# yum install ansible

#简单使用
[root@centos7 ~]# vim /etc/ansible/hosts
[websrvs]
192.168.37.6
192.168.37.17

[appsrvs]
192.168.37.[1:2]7
[root@centos7 ~]# ansible all --list-hosts
  hosts (3):
    192.168.37.6
    192.168.37.17
    192.168.37.27
[root@centos7 ~]# ansible all -m ping -k        #-k基于密码验证
[root@centos7 ~]# vim /etc/ansible/ansible.cfg
host_key_checking = False                       #跳过密码验证

#先做好基于key验证
[root@centos7 ~]# ssh-keygen
[root@centos7 ~]# ssh-copy-id 192.168.37.6
[root@centos7 ~]# ssh-copy-id 192.168.37.17
[root@centos7 ~]# ssh-copy-id 192.168.37.27
[root@centos7 ~]# ansible all -m ping
[root@centos7 ~]# ansible-doc -l                #列出模块

*ansible 各种模块

#执行结果：红色-失败，黄色-成功，绿色-命令成功但不修改
#ping
[root@centos7 ~]# ansible all -m ping

#command
[root@centos7 ~]# ansible all -m command -a "ls /data"

[root@centos7 ~]# ansible all -m command -a "creates=/etc/xxx ls /data"     #creates=后面文件不存在则执行ls命令
192.168.37.27 | CHANGED | rc=0 >>
cascad_all.sql
logs
master4.sql
mastermha
master.sql
new.sql
slave_all.sql
192.168.37.17 | CHANGED | rc=0 >>
all.sql
cascad_all.sql
inc2.sql
inc.sql
logs
master2.sql
master3.sql
master4.sql
mastermha
master.sql
mysql
slave_all.sql
192.168.37.6 | CHANGED | rc=0 >>
lost+found

[root@centos7 ~]# ansible all -m command -a "removes=/etc/xxx ls /data"     #与creates相反
192.168.37.6 | SUCCESS | rc=0 >>
skipped, since /etc/xxx does not exist
192.168.37.27 | SUCCESS | rc=0 >>
skipped, since /etc/xxx does not exist
192.168.37.17 | SUCCESS | rc=0 >>
skipped, since /etc/xxx does not exist

#shell
[root@centos7 ~]# ansible all -m shell -a 'echo $HOSTNAME'
192.168.37.6 | CHANGED | rc=0 >>
centos6.localdomain
192.168.37.27 | CHANGED | rc=0 >>
slave1_sql
192.168.37.17 | CHANGED | rc=0 >>
master_sql

[root@centos7 ~]# ansible all -m shell -a 'echo magedu | passwd --stdin root'       #修改密码
192.168.37.27 | CHANGED | rc=0 >>
Changing password for user root.
passwd: all authentication tokens updated successfully.
192.168.37.6 | CHANGED | rc=0 >>
Changing password for user root.
passwd: all authentication tokens updated successfully.
192.168.37.17 | CHANGED | rc=0 >>
Changing password for user root.
passwd: all authentication tokens updated successfully.

#修改默认模块
[root@centos7 ~]# vim /etc/ansible/ansible.cfg
module_name = shell

#copy 本机复制到远程主机
[root@centos7 ~]# ansible websrvs -m copy -a 'src=/etc/fstab dest=/data/ backup=yes'    #复制本机文件到远程服务器，backup：覆盖前备份
[root@centos7 ~]# ansible websrvs -a 'ls /data'
192.168.37.17 | CHANGED | rc=0 >>
all.sql
cascad_all.sql
fstab
inc2.sql
inc.sql
logs
master2.sql
master3.sql
master4.sql
mastermha
master.sql
mysql
slave_all.sql
192.168.37.6 | CHANGED | rc=0 >>
fstab
lost+found

#fetch 远程服务器拷贝文件到本机
[root@centos7 ~]# ansible websrvs -m fetch -a 'src=/var/log/messages dest=/data/'
192.168.37.6 | CHANGED => {
    "changed": true, 
    "checksum": "d29f63f4bf673db5a6bf92e11d325b86e1cb437b", 
    "dest": "/data/192.168.37.6/var/log/messages", 
    "md5sum": "027cdae7482780008b7c9ace7f35cc5b", 
    "remote_checksum": "d29f63f4bf673db5a6bf92e11d325b86e1cb437b", 
    "remote_md5sum": null
}
192.168.37.17 | CHANGED => {
    "changed": true, 
    "checksum": "9afe3ddf6fa06b583413afe1bc47d000548eaf65", 
    "dest": "/data/192.168.37.17/var/log/messages", 
    "md5sum": "706d677f6187dc9274e57ecc60ce1063", 
    "remote_checksum": "9afe3ddf6fa06b583413afe1bc47d000548eaf65", 
    "remote_md5sum": null
}

#file 文件与权限
[root@centos7 ~]# ansible websrvs -m file -a 'path=/data/fstab owner=nobody mode=600'   #修改所属主，权限
192.168.37.6 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0600", 
    "owner": "nobody", 
    "path": "/data/fstab", 
    "size": 738, 
    "state": "file", 
    "uid": 99
}
192.168.37.17 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0600", 
    "owner": "nobody", 
    "path": "/data/fstab", 
    "size": 738, 
    "state": "file", 
    "uid": 99
}

[root@centos7 ~]# ansible websrvs -m file -a 'src=/data/fstab path=/data/fstab.link state=link' #远程主机创建软链接
[root@centos7 ~]# ansible websrvs -m file -a 'path=/data/f1 state=touch'    #创建文件
[root@centos7 ~]# ansible websrvs -m file -a 'path=/data/f1 state=absent'   #删除文件
[root@centos7 ~]# ansible websrvs -m file -a 'path=/data/ state=absent'     #删除目下所有内容

#unarchive：解包解压缩，有两种用法：
#   1、将ansible主机上的压缩包在本地解压缩后传到远程主机上，设置copy=yes.
#   2、将远程主机上的某个压缩包解压缩到指定路径下，设置copy=no
[root@centos7 ~]# ansible websrvs -m unarchive -a 'src=/data/httpd-2.4.25.tar.bz2 dest=/data copy=yes'

#archive 压缩
[root@centos7 ~]# ansible websrvs -m archive -a 'path=/etc/sysconfig dest=/data/sysconfig.tar.bz2'

#cron 计划任务
[root@centos7 ~]# ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null' name=synctime"        #创建计划任务
[root@centos7 ~]# ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null' name=synctime disabled=yes"       #禁用计划任务
[root@centos7 ~]# ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null' name=synctime disabled=no"        #启用计划任务
[root@centos7 ~]# ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null' name=synctime state=absent"       #删除计划任务


#service 服务管理(started,restarted,stopped,reloaded)
[root@centos7 ~]# ansible websrvs -m service -a 'name=crond state=stopped'
[root@centos7 ~]# ansible websrvs -m service -a 'name=crond state=started'

#user 用户
[root@centos7 ~]# ansible websrvs -m user -a 'name=mysql system=yes home=/data/mysql shell=/bin/false create_home=no'
[root@centos7 ~]# ansible websrvs -m user -a 'name=mysql state=absent remove=yes'   #删除家目录

ansible playbook 实现httpd服务部署

#角色目录结构与作用
/roles/project/ :项目名称,有以下子目录
    files/ ：存放由copy或script模块等调用的文件
    templates/：template模块查找所需要模板文件的目录
    tasks/：定义task,role的基本元素，至少应该包含一个名为main.yml的文件；其它的文件需要在此文件中通过include进行包含
    handlers/：至少应该包含一个名为main.yml的文件；其它的文件需要在此文件中通过include进行包含
    vars/：定义变量，至少应该包含一个名为main.yml的文件；其它的文件需要在此文件中通过include进行包含

#先创建目录
[root@centos7 ~]# mkdir -p /data/playbook/roles
[root@centos7 playbook]# mkdir -p roles/httpd/{tasks,files,templates,vars,handlers}
[root@centos7 playbook]# cd roles/httpd/tasks/
[root@centos7 tasks]# touch user.yml install.yml config.yml data.yml service.yml
[root@centos7 tasks]# ls > main.yml

#准备好模板文件
[root@centos7 tasks]# cp -a /etc/httpd/conf/httpd.conf ../templates/httpd7.conf.j2

#创建配置文件
[root@centos7 tasks]# vim user.yml
- name: create user
  user: name=apache shell=/sbin/nologin system=yes create_home=no
  
[root@centos7 tasks]# vim install.yml 
- name: install     
  yum: name=httpd
  
[root@centos7 tasks]# vim ../templates/httpd7.conf.j2
listen {{ http_port }}
User {{ username }}
Group {{ groupname }}
[root@centos7 tasks]# vim ../vars/main.yml
http_port: 80
username: apache
groupname: apache

[root@centos7 tasks]# vim config.yml 
- name: config
  template: src=httpd7.conf.j2 dest=/etc/httpd/conf/httpd.conf
  notify: restart service
  when: ansible_distribution_major_version=="7"
- name: config
  template: src=httpd6.conf.j2 dest=/etc/httpd/conf/httpd.conf
  notify: restart service
  when: ansible_distribution_major_version=="6"
  
[root@centos7 tasks]# vim data.yml 
- name: data file
  copy: src=roles/httpd/files/index.html dest=/var/www/html
  
[root@centos7 tasks]# vim service.yml 
- name: service
  service: name=httpd state=started enabled=yes
  
[root@centos7 tasks]# vim main.yml 
- include: user.yml 
- include: install.yml
- include: config.yml
- include: data.yml
- include: service.yml

[root@centos7 tasks]# vim ../handlers/main.yml 
- name: restart service
  service: name=httpd state=restarted

[root@centos7 tasks]# cd /data/playbook
[root@centos7 playbook]# vim httpd_role.yml
- hosts: appsrvs
  remote_user: root
  roles:
    - httpd 
    
[root@centos7 tasks]# echo "welcome to magedu" >> /data/playbook/roles/httpd/files/index.html

#最终目录结构
[root@centos7 playbook]# tree
.
├── httpd_role.yml
└── roles
    └── httpd
        ├── files
        ├── handlers
        │   └── main.yml
        ├── tasks
        │   ├── config.yml
        │   ├── data.yml
        │   ├── install.yml
        │   ├── main.yml
        │   ├── service.yml
        │   └── user.yml
        ├── templates
        │   ├── httpd6.conf.j2
        │   └── httpd7.conf.j2
        └── vars
            └── main.yml

7 directories, 11 files

#测试
[root@centos7 tasks]# ansible-playbook -C /data/playbook/httpd_role.yml     #检查配置
[root@centos7 tasks]# ansible-playbook /data/playbook/httpd_role.yml        #安装

ansible playbook 实现nginx

cd /data/playbook

#准备好目录和文件
[root@centos7 playbook]# mkdir -p roles/nginx/{tasks,files,handlers,templates,vars}
[root@centos7 playbook]# yum install nginx                          #epl源
[root@centos7 playbook]# cp -a /etc/nginx/nginx.conf roles/nginx/templates/
[root@centos7 tasks]# touch user.yml install.yml config.yml data.yml service.yml
[root@centos7 tasks]# ls > main.yml

#创建roles
[root@centos7 tasks]# vim user.yml 
- name: create user
  user: name=nginx shell=/sbin/nologin system=yes create_home=no
  
[root@centos7 tasks]# vim install.yml
- name: install
  yum: name=nginx

[root@centos7 tasks]# vim config.yml 
- name: config
  template: src=nginx.conf dest=/etc/nginx/nginx.conf
  notify: restart service 

[root@centos7 tasks]# vim ../templates/nginx.conf
    listen       9527 default_server;
    listen       [::]:9527 default_server; 
    
[root@centos7 tasks]# vim ../handlers/main.yml
- name: restart service
  service: name=nginx state=started 
  
[root@centos7 tasks]# vim data.yml 
- name: data
  copy: src=index.html dest=/usr/share/nginx/html
[root@centos7 tasks]# echo 'It work!' > ../files/index.html  

[root@centos7 tasks]# vim service.yml 
- name: service
  service: name=nginx state=restarted enabled=yes

[root@centos7 tasks]# vim main.yml 
- include: user.yml
- include: install.yml
- include: config.yml
- include: data.yml
- include: service.yml

[root@centos7 tasks]# cd /data/playbook
[root@centos7 playbook]# vim nginx_role.yml
- hosts: appsrvs
  remote_user: root
  roles: 
    - role: nginx 

#测试
[root@centos7 playbook]# ansible-playbook -C nginx_role.yml
[root@centos7 playbook]# ansible-playbook nginx_role.yml

ansible playbook 实现二进制安装mariadb

#准备好文件和目录
[root@centos7 data]# cd /data/playbook/roles/
[root@centos7 roles]# mkdir -p mysql/{tasks,files,handlers,vars,templates}
[root@centos7 roles]# cp ~/mariadb-10.2.25-linux-x86_64.tar.gz mysql/files/
[root@centos7 roles]# cd mysql/tasks/
[root@centos7 tasks]# touch user.yml unarchive.yml link.yml datadir.yml database.yml var.yml config.yml script.yml service.yml

#创建roles
[root@centos7 tasks]# vim user.yml 
- name: create user
  user: name=mysql system=yes home=/data/mysql create_home=no shell=/sbin/nologin
  
[root@centos7 tasks]# vim unarchive.yml 
- name: unarchive
  unarchive: src=mariadb-10.2.25-linux-x86_64.tar.gz dest=/usr/local owner=mysql group=mysql

[root@centos7 tasks]# vim link.yml 
- name: mysql link
  file: src=/usr/local/mariadb-10.2.25-linux-x86_64 dest=/usr/local/mysql state=link

[root@centos7 tasks]# vim datadir.yml 
- name: mysql datadir owner group
  file: path=/data/mysql state=directory owner=mysql group=mysql
  
[root@centos7 tasks]# vim database.yml 
- name: database
  shell: chdir=/usr/local/mysql scripts/mysql_install_db --datadir=/data/mysql --user=mysql

[root@centos7 tasks]# vim var.yml 
- name: path variable
  copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh

[root@centos7 tasks]# vim config.yml 
- name: config
  shell: cp /usr/local/mysql/support-files/my-huge.cnf /etc/my.cnf
- name: set datadir
  #shell: sed -i '/\[mysqld\]/a datadir=/data/mysql' /etc/my.cnf
  lineinfile: dest=/etc/my.cnf insertafter='\[mysqld\]' line='datadir=/data/mysql'
  notify: restart service
  
[root@centos7 tasks]# vim script.yml 
- name: service file
  shell: cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
  
[root@centos7 tasks]# vim service.yml 
- name: start file
  shell: /etc/init.d/mysqld start
  
[root@centos7 tasks]# ls > main.yml
[root@centos7 tasks]# vim main.yml 
- include: unarchive.yml
- include: user.yml
- include: unarchive.yml
- include: link.yml
- include: datadir.yml
- include: database.yml
- include: var.yml
- include: config.yml                  
- include: script.yml
- include: service.yml

[root@centos7 tasks]# vim ../handlers/main.yml
- name: restart service
  shell: /etc/init.d/mysqld restart
  
[root@centos7 tasks]# cd /data/playbook/ 
[root@centos7 playbook]# vim mysql_role.yml
- hosts: appsrvs
  remote_user: root 
  roles:
    - role: mysql
    
#测试
[root@centos7 playbook]# ansible-playbook -C nginx_role.yml     #检查时因为并没有解压缩，所以会报创建软链接失败的错误
[root@centos7 playbook]# ansible-playbook nginx_role.yml

CentOS7 Ansible自动化运维
企业级自动化运维神器Ansible 一、介绍 1.自动化运维工具对比 2.ansible简介 ansible是新出...
Asible了解，配置，部署
一、ansible 简介 1、ansible 是什么?ansible是目前最受运维欢迎的自动化运维工具,基于Pyt...
06Ansible服务
第一章 Ansible介绍 0.手工运维与自动化运维 1.手动运维时代 2.自动化运维 1.什么是Ansible ...
ansible 自动化运维工具
什么是ansible ansible是目前最受运维欢迎的自动化运维工具，基于Python开发，集合了众多运维工具（...
Ansible Module 快速入门 ad-hoc
1.自动化运维的含义 1.手动运维时代 2.自动化运维时代 3.自动化运维工具给运维带来的好处 2.Ansible...
干货：一文详解 Ansible 的自动化运维
一、Ansible 概述 Ansible 是近年来越来越火的一款开源运维自动化工具，通过Ansible可以实现运维...
Ansible服务
第一章 Ansible介绍 0.手工运维与自动化运维 1.手动运维时代 2.自动化运维 3.自动化运维带来的好处 ...
Ansible服务
第一章 Ansible介绍 1.手工运维与自动化运维 1.手动运维时代 2.自动化运维 3.自动化运维带来的好处 ...
Linux_298_运维自动化介绍
运维自动化介绍 ansible自动化运维人工运维时代：运维人员早期需要维护数量众多的机器，因此需要执行反复，重复的...
Ansible学习——基本概念 day1
基础概念 1.ansible是什么？ansible是目前最受运维欢迎的自动化运维工具，基于Python开发，集合了...