文章目录
-
- 1. ansible的工作流程
- 2. PlayBook介绍
- 3. Ymal语言
- 4. Playbook小示例
-
- 4.1 httpd firewalld服务开启及 配置
- 4.2 查询主机信息
- 4.3 对PlayBook进行加密
- 4.4 配置haproxy
- 4.5 配置 keepalived+haproxy
- 4.6 不同的变量设置方法
- 4.7 例子整合
1. ansible的工作流程
- 使用者使用ansible或ansible-playbook(会额外读取playbook文件)时,在服务器终端输入ansible的ad-hoc命令集或playbook后,ansible会遵循预先编排的规则将playbooks逐条拆解为play,再将play组织成ansible可识别的任务(task)。随后调用任务涉及的所有模块(module)和插件(plugin),根据inventory中定义的主机列表通过ssh将任务集以临时文件或命令的形式传输到远程客户端执行并返回执行结果,如果临时文件执行完毕则自动删除.
2. PlayBook介绍
- playbook-剧本 介绍
- playbooks是 一个不同于使用Ansible命令行执行方式的模式,其功能更强大灵活。简单来说,playbook是一个非常简单的配置管理和多主机部署系统,不同于任何已经存在的模式,可作为一个适合部署复杂应用程序的基础。Playbook可以定制配置,可以按照指定的操作步骤有序执行,支持同步和异步方式。值得注意的是playbook是通过YAML格式来进行描述定义的。
- 核心元素
Tasks:任务,由模板定义的操作列表
Variables:变量
Templates:模板,即使用模板语法的文件
Handlers:处理器.当某条件满足时,触发执行的操作
Roles:角色
3. Ymal语言
- playbook使用yml标记语言,这是一种标记语言,这种标记语言在文件的最开始需要使用三个“-”来说明文件开始,然后使用缩进来说明代码块的范围。下面通过一个简易的实例,来说明playbook的语法。【实例来自官方文档】
--- #标记文件的开始
- hosts: webservers #指定该playbook在哪个服务器上执行vars: #表示下面是定义的变量,http_port: 80 #变量的形式,key: value,这里http_port是变量名,80是值max_clients: 200remote_user: root #指定远程的用户名,这里缩进和vars保持了一致,说明变量的代码块已经结束。tasks: #下面构成playbook的tasks,每个task都有 - name: 开始,name指定该任务的名称。- name: ensure apache is at the latest version #指定该任务的名称。yum: pkg=httpd state=latest #yum说明要是用的模板名称,后面指定对应的参数,这两行结合起来就相当于一个shell命令。- name: write the apache config file #每个task之间可以使用空行来做区分。template: src=/srv/httpd.j2 dest=/etc/httpd.conf#需要说明的是缩进的意义和python中缩进的意义是一样,是来区分代码块的。
ansible-playbook playbook.yml --syntax-check 检查语法是否有误
ansible-playbook playbook.yml 执行
4. Playbook小示例
4.1 httpd firewalld服务开启及 配置
- 初级版本
---
- hosts: testtasks:- name: install apacheyum:name: httpdstate: present- name: start apacheservice:name: httpdstate: startedenabled: yes- name: start firewalldservice:name: firewalldstate: startedenabled: yes- name: enable httpfirewalld:service: httppermanent: yesimmediate: yesstate: enabled
2. 增加配置文件
mkdir ansible/httpd 存放httpd的配置文件
[devops@server1 ansible]$ cd httpd/
[devops@server1 httpd]$ ls
httpd.conf
---
- hosts: testtasks:- name: install apacheyum:name: httpdstate: present- name: config apachecopy:src: httpd/httpd.confdest: /etc/httpd/httpd.conf- name: start apache service:name: httpdstate: startedenabled: yes- name: start firewalldservice:name: firewalldstate: startedenabled: yes- name: enable httpfirewalld:service: httppermanent: yesimmediate: yesstate: enabled
- 增加jinja模板的使用,以及触发器的使用
- 在 ansible目录下创建template目录,将配置文件重命名为httpd.conf.j2放在此目录中
[devops@server1 httpd]$ mv httpd.conf httpd.conf.j2
[devops@server1 httpd]$ cd ..
[devops@server1 ansible]$ mkdir templates
[devops@server1 ansible]$ mv httpd/httpd.conf.j2 templates/
[devops@server1 ansible]$ cd templates/
[devops@server1 templates]$ ls
httpd.conf.j2
vim hosts
vim templates/httpd.conf.j2
---
- hosts: testtasks:- name: install apacheyum:name: httpdstate: present- name: config apachetemplate:src: templates/httpd.conf.j2dest: /etc/httpd/httpd.confnotify: restart apache- name: start apache service:name: httpdstate: startedenabled: yes- name: start firewalldservice:name: firewalldstate: startedenabled: yes- name: enable httpfirewalld:service: httppermanent: yesimmediate: yesstate: enabledhandlers:- name: restart apacheservice:name: httpdstate: restarted
4.2 查询主机信息
vim playbook2.yml
---
- hosts: alltasks:- name: create hostinfotemplate:src: templates/hostinfo.j2dest: /tmp/hostinfo
vim templates/hostinfo.j2
hostname: {
{ ansible_facts['hostname'] }}
hostip: {
{ ansible_facts["eth0"]["ipv4"]["address"] }}
DNS: {
{ ansible_facts['dns']['nameservers'][-1] }}
kernel: {
{ ansible_facts['kernel'] }}
memory_free: {
{ ansible_facts.memfree_mb }}MB
boot partition size: {
{ ansible_facts.devices.vda.partitions.vda1.size }}
- 此例在KVM虚拟机下完成,使用VMware会报错,参数找不到
[root@server20 ~]# cat /temp/hostinfo
hostname: server2
hostip: 192.168.43.2
DNS: 114.114.114.114
kernel: 3.10.0-957.el7.x86_64
memory_free: 582MB
boot partition size: 1.00 GB
4.3 对PlayBook进行加密
ansible-vault encrypt playbook.yml对它进行加密
ansible-vault edit playbook.yml 编辑加密文件
ansible-playbook playbook.yml --ask-vault-pass执行加密文件
ansible-vault decrypt playbook.yml 对加密文件取消加密
ansible-vault create secfile 在一开始就创建加密文件
ansible-vault view secfile 浏览文件
ansible-vault rekey secfile 改密码
4.4 配置haproxy
vim hosts
[test]
server2 [prod]
server3 [webservers:children]
test
prod
- 设置visudo
vim /etc/sudoers
vim palybook4.yml编写playbook
---
- name: deloay apachegather_facts: yeshosts: webserversvars:http_port: 80tasks:- name: install apacheyum:name: - httpd- phpstate: present- name: config apachetemplate:src: templates/httpd.conf.j2dest: /etc/httpd/httpd.confnotify: restart apache- name: copy index.htmlcopy:content: "{
{ ansible_facts['hostname'] }}\n"dest: /var/www/html/index.html- name: start apacheservice: name: "{
{ item }}"state: startedenabled: yesloop:- httpd- firewalld- name: enable httpfirewalld:service: httppermanent: yesimmediate: yesstate: enabledhandlers:- name: restart apacheservice:name: httpdstate: restarted
- name: deploy haproxyhosts: localhosttasks:- name: haproxyyum:name: haproxystate: present- name: config haproxytemplate:src: templates/haproxy.cfg.j2dest: /etc/haproxy/haproxy.cfgnotify: restart haproxy- name: start haproxyservice:name: haproxystate: startedenabled: yeshandlers:- name: restart haproxyservice:name: haproxystate: restarted
- 在 servr1中
yum install -y haproxy
cd /etc/haproxy
cp haproxy.cfg /home/devops/ansible/templates 将文件复制到模板目录下
vim templates/haproxy.cfg
{
% for host in groups['webservers'] %}server {
{
hostvars[host]['ansible_facts']['hostname'] }} {
{
hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }}:80 check
{
% endfor %}
注意:上面的得hostname ip的参数适用于KVM下的虚拟机,对于VMware会参数报错
如果使用VMware虚拟机的话,更改这两个参数
{
% for host in groups['webservers'] %}server {
{
host }} {
{
hostvars[host]['ansible_all_ipv4_addresses'][0] }}:80 check
{
% endfor %}
测试
4.5 配置 keepalived+haproxy
- 新加一台机器 server4 192.168.43.4
useradd devops
echo redhat | passwd --stdin devops给用户设置密码
chmod u+w /etc/sudoers添加写权限
vim /etc/sudoers
devops ALL=(ALL) NOPASSWD: ALL
- 互相免密
cd /home/devops/.ssh
ssh-copy-id server4
vim hosts
vim playbook5.yml
---
- name: deploy apachegather_facts: yeshosts: webserversvars:http_port: 80tasks:- name: install apacheyum:name:- httpd- phpstate: present- name: copy index.htmlcopy:content: "{
{ ansible_facts['hostname'] }}\n"dest: /var/www/html/index.html- name: config apachetemplate:src: templates/httpd.conf.j2dest: /etc/httpd/conf/httpd.confnotify: restart apache- name: start apacheservice: name: "{
{ item }}"state: startedenabled: yesloop:- httpd- firewalld- name: start firewalldservice: name: firewalldstate: startedenabled: yes- name: enable httpfirewalld:service: httppermanent: yesimmediate: yesstate: enabledhandlers:- name: restart apacheservice:name: httpdstate: restarted- name: deploy haproxyhosts: haproxytasks:- name: install haproxyyum:name: haproxystate: present- name: config haproxytemplate:src: templates/haproxy.cfg.j2dest: /etc/haproxy/haproxy.cfgnotify: restart haproxy- name: start haproxyservice:name: haproxystate: startedenabled: yeshandlers:- name: restart haproxyservice:name: haproxystate: restarted- name: deploy keepalivedhosts: keepalivedtasks: - name: install keepalivedyum:name: keepalivedstate: present- name: config keepalivedtemplate:src: templates/keepalived.conf.j2dest: /etc/keepalived/keepalived.confnotify: restart keepalived- name: start keepalivedservice:name: keepalivedstate: startedenabled: yeshandlers: - name: restart keepalivedservice:name: keepalivedstate: restarted
- 在server1
yum install -y keepalived安装
拷贝 配置文件到templates下
[devops@server1 ansible]$ cp /etc/keepalived/keepalived.conf templates/
[devops@server1 ansible]$ cd templates/
[devops@server1 templates]$ mv keepalived.conf keepalived.conf.j2
vim keepalived.conf.j2编辑配置文件
[devops@server1 ansible]$ cat templates/keepalived.conf.j2
! Configuration File for keepalivedglobal_defs {notification_email {root@localhost}notification_email_from keepalived@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id LVS_DEVELvrrp_skip_check_adv_addrvrrp_garp_interval 0vrrp_gna_interval 0
}vrrp_instance VI_1 {state {
{ STATE }}interface ens33virtual_router_id {
{ VRID }}priority {
{ PRI }}advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.43.100}
}
- 创建变量目录host_vars
[devops@server1 ansible]$ mkdir host_vars
[devops@server1 ansible]$ cd host_vars/
[devops@server1 host_vars]$ vim server2
[devops@server1 host_vars]$ cat server2
---
STATE: MASTER
VRID: 60
PRI: 100
[devops@server1 host_vars]$ vim server3
[devops@server1 host_vars]$ cat server3
---
STATE: BACKUP
VRID: 60
PRI: 50
- 第5步中的变量设置方法,可能在某些环境下不能运行,会报错,也可以直接在hosts文件中定义变量(不过这种方法过于老旧,不推荐)
4.6 不同的变量设置方法
- 通过vars_files关键字引入变量文件:
[devops@server1 ansible]$ mkdir vars创建目录
[devops@server1 ansible]$ cd vars/
[devops@server1 vars]$ vim keepalived.yml
[devops@server1 vars]$ cat keepalived.yml
---
keepalived:master:state: MASTERvrid: 60pri: 100backup:state: BACKUPvrid: 60pri: 50
- 需要两个模板文件,将之前的模板文件复制一份,分别命名为为
keepalived.conf.master.j2和keepalived.conf.backup.j2
[devops@server1 ansible]$ cd templates/
[devops@server1 templates]$ mv keepalived.conf.j2 keepalived.conf.master.j2
[devops@server1 templates]$ cp keepalived.conf.master.j2 keepalived.conf.backup.j2
cat keepalived.conf.master.j2
! Configuration File for keepalivedglobal_defs {notification_email {root@localhost}notification_email_from keepalived@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id LVS_DEVELvrrp_skip_check_adv_addrvrrp_garp_interval 0vrrp_gna_interval 0
}vrrp_instance VI_1 {state {
{ keepalived['master']['state'] }}interface ens33virtual_router_id {
{ keepalived['master']['vrid'] }}priority {
{ keepalived['master']['pri'] }}advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.43.100}
}
cat keepalived.conf.backup.j2
! Configuration File for keepalivedglobal_defs {notification_email {root@localhost}notification_email_from keepalived@localhostsmtp_server 127.0.0.1smtp_connect_timeout 30router_id LVS_DEVELvrrp_skip_check_adv_addrvrrp_garp_interval 0vrrp_gna_interval 0
}vrrp_instance VI_1 {state {
{ keepalived['master']['state'] }}interface ens33virtual_router_id {
{ keepalived['master']['vrid'] }}priority {
{ keepalived['master']['pri'] }}advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {192.168.43.100}
}
vim playbook5.yml 在上一个的例子上加以改变
cat playbook7.yml
---
- name: deploy apachegather_facts: yeshosts: webserversvars:http_port: 80tasks:- name: install apacheyum:name:- httpd- phpstate: present- name: copy index.htmlcopy:content: "{
{ ansible_facts['hostname'] }}\n"dest: /var/www/html/index.html- name: config apachetemplate:src: templates/httpd.conf.j2dest: /etc/httpd/conf/httpd.confnotify: restart apache- name: start apacheservice: name: "{
{ item }}"state: startedenabled: yesloop:- httpd- firewalld- name: start firewalldservice: name: firewalldstate: startedenabled: yes- name: enable httpfirewalld:service: httppermanent: yesimmediate: yesstate: enabledhandlers:- name: restart apacheservice:name: httpdstate: restarted- name: deploy haproxyhosts: haproxytasks:- name: install haproxyyum:name: haproxystate: present- name: config haproxytemplate:src: templates/haproxy.cfg.j2dest: /etc/haproxy/haproxy.cfgnotify: restart haproxy- name: start haproxyservice:name: haproxystate: startedenabled: yeshandlers:- name: restart haproxyservice:name: haproxystate: restarted- name: deploy keepalivedhosts: keepalivedvars_files:- vars/keepalived.ymltasks: - name: install keepalivedyum:name: keepalivedstate: present- name: config keepalivedtemplate:src: templates/keepalived.conf.master.j2dest: /etc/keepalived/keepalived.confwhen: ansible_hostname == "server1"notify: restart keepalived- name: config keepalivedtemplate:src: templates/keepalived.conf.backup.j2dest: /etc/keepalived/keepalived.confwhen: ansible_hostname == "server4"notify: restart keepalived- name: start keepalivedservice:name: keepalivedstate: startedenabled: yeshandlers: - name: restart keepalivedservice:name: keepalivedstate: restarted
[devops@server1 ansible]$ tree
.
├── ansible.cfg
├── hosts
├── host_vars
│ ├── server2
│ └── server3
├── httpd
├── index.html
├── lists
├── playbook2.yml
├── playbook4.yml
├── playbook5.yml
├── playbook6.yml
├── playbook7.yml
├── playbook.yml
├── secfile
├── templates
│ ├── haproxy.cfg.j2
│ ├── hostinfo.j2
│ ├── httpd.conf.j2
│ ├── keepalived.conf.backup.j2
│ └── keepalived.conf.master.j2
└── vars└── keepalived.yml4.7 例子整合
可以将上面几个例子整合一下
---
- name: deploy SLBgather_facts: yeshosts: allvars:http_port: 80vars_files:- vars/keepalived.ymltasks:- name: deploy apacheblock:- name: install apacheyum:name:- httpd- phpstate: present- name: copy index.htmlcopy:content: "{
{ ansible_facts['hostname'] }}\n"dest: /var/www/html/index.html- name: config apachetemplate:src: templates/httpd.conf.j2dest: /etc/httpd/conf/httpd.confnotify: restart apache- name: start apacheservice: name: "{
{ item }}"state: startedenabled: yesloop:- httpd- firewalld- name: start firewalldservice: name: firewalldstate: startedenabled: yes- name: enable httpfirewalld:service: httppermanent: yesimmediate: yesstate: enabledwhen: ansible_hostname in groups['webservers']- name: deploy haproxyblock:- name: install haproxyum:name: haproxystate: present- name: config haproxytemplate:src: templates/haproxy.cfg.j2dest: /etc/haproxy/haproxy.cfgnotify: restart haproxy- name: start haproxyservice:name: haproxystate: startedenabled: yeswhen: ansible_hostname in groups['haproxy']- name: deploy keepalivedblock:- name: install keepalivedyum:name: keepalivedstate: present- name: config keepalivedtemplate:src: templates/keepalived.conf.master.j2dest: /etc/keepalived/keepalived.confwhen: ansible_hostname == "server1"notify: restart keepalived- name: config keepalivedtemplate:src: templates/keepalived.conf.backup.j2dest: /etc/keepalived/keepalived.confwhen: ansible_hostname == "server4"notify: restart keepalived- name: start keepalivedservice:name: keepalivedstate: startedenabled: yeswhen: ansible_hostname in groups['webservers']handlers: - name: restart apacheservice:name: httpdstate: restarted- name: restart haproxyservice:name: haproxystate: restarted- name: restart keepalivedservice:name: keepalivedstate: restarted
注意:触发器不能写在block中,将触发器统一整合在最后,每个模块的格式都是一样的,最后一行写明执行条件