ansible playbook:剧本
由一个或多个模块组成,完成统一的目的,实现自动化操作
剧本编写遵循yaml语法
yaml的三要素:
缩进:两个字符,默认的tab键是四个字符,所以要使用tab键,需要修改.vimrc
vim /root/.vimrc
set tabstop=2
冒号:冒号后面需要空格,除非以冒号结尾
短横杠:列表项,后面跟空格
playbook语法结构:ansible-playbook 选项 文件路径
选项:
-C | 模拟预运行 |
---|---|
–list-hosts | 列出清单 |
–list-tasks | 列出任务 |
–list-tags | 列出标签 |
–syntax-check | 语法检查 |
-C 模拟预运行
--list-hosts:列出清单
--list-tasks:列出任务
--list-tags:列出标签
--syntax-check:语法检查
———————————华丽分隔线————————————
实验所需环境:
ansible | 192.168.1.128 |
---|---|
web | 192.168.1.129 |
nfs | 192.168.1.134 |
rsync | 192.168.1.135 |
修改主机名:
hostnamectl set-hostname ansible
bash
hostnamectl set-hostname web
bash
hostnamectl set-hostname nfs
bash
hostnamectl set-hostname rsync
bash
修改hosts文件
[root@ansible ~]# vim /etc/hosts
192.168.1.128 ansible
192.168.1.129 web1
192.168.1.134 nfs1
192.168.1.135 rsync1
安装ansible
[root@ansible ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo #epel源(扩展包)
[root@ansible ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo #linux镜像源(组包)
[root@ansible ~]# yum -y install ansible #安装ansible
[root@ansible ~]# ansible --version #查看版本二选其一即可↑↓[root@ansible ~]# yum -y install epel-release #安装epel扩展源
[root@ansible ~]# yum -y install ansible #安装ansible
Ansible的基础配置:
1)配置清单
[root@ansible ~]# vim /etc/ansible/hosts
[web]
web1
[nfs]
nfs1
[rsync]
rsync1[hao:children]
web
nfs
rsync
2)在ansible上配置ssh秘钥对访问
[root@ansible ~]# ssh-keygen -t rsa #全部回车
[root@ansible ~]# ssh-copy-id root@web1 #web服务器
[root@ansible ~]# ssh-copy-id root@nfs1 #nfs服务器
[root@ansible ~]# ssh-copy-id root@rsync1 #rsync服务器
3)复制/etc/hosts到被管理端
[root@ansible ~]# scp /etc/hosts root@web1:/etc/
[root@ansible ~]# scp /etc/hosts root@nfs1:/etc/
[root@ansible ~]# scp /etc/hosts root@rsync1:/etc/或者直接使用ansible-copy模块
[root@ansible ~]# ansible all -m copy -a "src=/etc/hosts dest=/etc/ backup=yes"
4)创建ansible目录
[root@ansible ~]# mkdir -p /etc/ansible/ansible_playbook/{conf,file,scripts,tools}
测试案例:通过playbook安装httpd,并修改端口号为8080
1)本地安装httpd,修改端口为8080
[root@ansible ~]# yum -y install httpd
[root@ansible ~]# cp /etc/httpd/conf/httpd.conf /etc/ansible/ansible_playbook/
[root@ansible ~]# cd /etc/ansible/ansible_playbook/
[root@ansible ansible_playbook]# vim httpd.conf
Listen 8080 #修改端口号
ServerName www.example.com:80 #去注释
2)修改tab键缩进为两个字符,修改.vimrc
[root@ansible ansible_playbook]# vim /root/.vimrc
[root@ansible ansible_playbook]# set tabstop=2
3)编写httpd.yaml
[root@ansible ansible_playbook]# vim httpd.yaml
- hosts: webtasks:- name: install httpdyum: name=httpd state=latest- name: httpd configcopy: src=httpd.conf dest=/etc/httpd/conf/httpd.confnotify: restart httpd- name: start httpdshell: systemctl start httpdhandlers:- name: restart httpdshell: systemctl restart httpd[root@ansible ansible_playbook]# ansible-playbook -C httpd.yaml #测试yaml
[root@ansible ansible_playbook]# ansible-playbook httpd.yaml #执行yaml
4)还原初始环境(为后续实验)
[root@ansible ~]# yum -y remove httpd #卸载本地httpd
[root@ansible ~]# ansible web -m shell -a "yum -y remove httpd" #卸载web服务器httpd
[root@ansible ~]# rm -rf httpd.*
playbook配置web-nfs-rsync架构环境
1、基础环境部署
1)网络环境(关闭firewall selinux)
2)epel仓库
3)安装rsync,nfs-utils
4)创建组
5)创建用户
6)创建目录,并修改权限
7)推送脚本
8)推送rsync客户端密码文件,修改权限
9)计划任务
[root@ansible ansible_playbook]# vim /etc/ansible/ansible_playbook/base.yaml
- hosts: alltasks:- name: clear repos.dfile: path=/etc/yum.repos.d/ state=absent- name: create repos.dfile: path=/etc/yum.repos.d/ state=directory- name: install base repoget_url: url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo- name: install epel repoget_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo- name: install rsync nfs-utilsyum: name=rsync,nfs-utils state=installed- name: create group wwwgroup: name=www gid=666- name: create user wwwuser: name=www uid=666 create_home=no shell=/sbin/nologin- name: create rsync client passwordcopy: content='1' dest=/etc/rsync.pass mode=600- name: create scripts directoryfile: path=/server/scripts/ recurse=yes state=directory- name: push scriptscopy: src=./scripts/rsync_backup.sh dest=/server/scripts- name: crontabcron: name="backup scripts" hour=01 minute=00 job="/usr/bin/bash /server/scripts/rsync_backup.sh &> /dev/null"[root@ansible ansible_playbook]# cd scripts/
[root@ansible ansible_playbook]# vim rsync_backup.sh
#!/usr/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin#1.定义变量
Host=$(hostname)
Addr=$(ifconfig ens33|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup#2.创建备份目录
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest#3.备份对应的文件
cd / && \
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && \#4.携带md5验证信息
[ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_${Date}#4.推送本地数据至备份服务器
export RSYNC_PASSWORD=1
rsync -avz $Path/ rsync_backup@rsync1::backup#5.本地保留最近7天的数据
find $Path/ -type d -mtime +7|xargs rm -rf[root@ansible scripts]# cd ..
[root@ansible ansible_playbook]# ansible-playbook -C base.yaml
2、rsync配置
1)安装rsync
2)配置
3)启动
4)脚本
5)计划任务
[root@ansible ansible_playbook]# vim /etc/ansible/ansible_playbook/rsync.yaml
- hosts: rsynctasks:- name: install rsyncyum: name=rsync,mailx state=installed- name: config rsynccopy: src=/etc/ansible/ansible_playbook/conf/rsyncd.conf dest=/etc/rsyncd.confnotify: restart rsync- name: create rsync local usercopy: content='rsync_backup:1' dest=/etc/rsync.password mode=600- name: create datafile: path=/data state=directory recurse=yes owner=www group=www mode=755- name: create backupfile: path=/backup state=directory recurse=yes owner=www group=www mode=755- name: start rsyncservice: name=rsyncd state=started enabled=yes- name: push check scriptscopy: src=./scripts/rsync_check.sh dest=/server/scripts/- name: crond check scriptscron: name="check scripts" hour=05 minute=00 job="/usr/bin/bash /server/scripts/rsync_check.sh &> /dev/null"handlers:- name: restart rsyncservice: name=rsyncd state=restarted[root@ansible ansible_playbook]# cd conf/
[root@ansible conf]# vim rsyncd.conf
uid = nobody
gid = nobody
port 873
address = 192.168.1.135
hosts allow = 192.168.1.0/24
max connections = 4
pid file = /var/run/rsyncd.pid
timeout = 900
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
[backup]path = /backupread only = noauth users = rsync_backupsecrets file = /etc/rsync.password[root@ansible ansible_playbook]# cd ../scripts/
[root@ansible scripts]# vim rsync_check.sh
#!/usr/bin/bash#1.定义全局的变量
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin#2.定义局部变量
Path=/backup
Date=$(date +%F)#3.查看flag文件,将校验的结果保存至result_时间
find $Path/*_${Date} -type f -name "flag$Date" >$Path/result_${Date}#4.将校验的结果发送邮件给管理员
mail -s "Rsync Backup $Date" 1793594335@qq.com <$Path/result_${Date}#5.删除超过7天的校验结果文件, 删除超过180天的备份数据文件
find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
find $Path/ -type d -mtime +180|xargs rm -rf[root@ansible scripts]# cd ..
[root@ansible ansible_playbook]# ansible-playbook -C rsync.yaml
3、nfs部署
1)安装nfs-utils
2)配置
3)启动
[root@ansible ansible_playbook]# vim /etc/ansible/ansible_playbook/nfs.yaml
- hosts: nfstasks:- name: install nfsyum: name=nfs-utils state=installed- name: config nfscopy: src=./conf/exports dest=/etc/exports- name: create datafile: path=/data state=directory recurse=yes owner=www group=www mode=755- name: start nfsservice: name=nfs-server state=started enabled=yeshandlers:- name: restart nfsservice: name=nfs-server state=restarted[root@ansible ansible_playbook]# cd conf/
[root@ansible conf]# vim exports
/data 192.168.1.0/24(rw,sync,all_squash)[root@ansible conf]# cd ..
[root@ansible ansible_playbook]# ansible-playbook -C nfs.yaml
4、sersync部署
1)在ansible服务器先下载sersync
2)解压到/etc/ansible/ansible_playbook/并修改配置文件
3)推送到nfs
4)启动sersync
[root@ansible ansible_playbook]# vim /etc/ansible/ansible_playbook/sersync.yaml
- hosts: nfstasks:- name: scp sersynccopy: src=./tools/sersync/ dest=/usr/local/sersync owner=www group=www mode=755- name: start sersyncshell: pgrep sersync; [ $? -eq 0 ] || /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml[root@ansible ansible_playbook]# cd tools/
[root@ansible tools]# rz -E
[root@ansible tools]# tar zxf sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@ansible tools]# ls
GNU-Linux-x86 sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@ansible tools]# mv GNU-Linux-x86/ sersync
[root@ansible tools]# ls
sersync sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@ansible tools]# cd sersync/
[root@ansible sersync]# ls
confxml.xml sersync2
[root@ansible sersync]# cd ../..
[root@ansible ansible_playbook]# ansible-playbook -C sersync.yaml
5、web部署
1)本地安装httpd
2)修改配置文件,复制到/etc/ansible/ansible_playbook/conf
3)挂载
4)启动
[root@ansible ansible_playbook]# vim /etc/ansible/ansible_playbook/web.yaml
- hosts: webtasks:- name: mount nfsmount: src=nfs1:/data path=/data fstype=nfs state=mounted- name: install httpdyum: name=httpd state=installed- name: config httpdcopy: src=./conf/httpd.conf dest=/etc/httpd/conf/httpd.confnotify: restart httpd- name: start httpdshell: systemctl start httpdhandlers:- name: restart httpdshell: systemctl restart httpd[root@ansible ansible_playbook]# yum -y install httpd
[root@ansible ansible_playbook]# cp /etc/httpd/conf/httpd.conf /etc/ansible/ansible_playbook/conf/
[root@ansible ansible_playbook]# vim /etc/ansible/ansible_playbook/conf/httpd.conf
ServerName www.example.com:80[root@ansible ansible_playbook]# ansible-playbook -C web.yaml
6、main.yaml
[root@ansible ansible_playbook]# vim /etc/ansible/ansible_playbook/main.yaml
- import_playbook: base.yaml
- import_playbook: rsync.yaml
- import_playbook: nfs.yaml
- import_playbook: sersync.yaml
- import_playbook: web.yaml[root@ansible ansible_playbook]# ansible-playbook -C main.yaml #预检测
[root@ansible ansible_playbook]# ansible-playbook main.yaml #执行