Ansible环境配置
| master ip | 192.168.1.1 |
|---|---|
| node1 ip | 192.168.1.2 |
| node22 ip | 192.168.1.3 |
安装ansible
[root@master ~]yum install -y ansible
Ansible 配置文件由几个部分组成,每个部分都包含定义为键值对的设置,请使用以下两个部分:
[defaults]设置易操作的默认值
[privilege_escalation]配置 Ansible 如何在托管主机上执行权限升级.例如,下面是一个典型的 ansible.cfg 文件
[root@master ~] cat /etc/ansible/ansible.cfg
inventory =./inventory #定义inventory
remote_user=user #定义操作远程主机的用户
ask_pass=false #是否询问密码
[privilege_escalation]
become = true #是否支持提权
become_method=sudo #提权方法
become_user=root #提权的用户
become_ask_pass=false #提权时是否询问密码
[root@master ~] cat /etc/ansible/hosts
[web]
ansible-node1
ansible-node2
ansible-node3
列出所有主机
[root@master ~] ansible all --list-hosts
客户端创建用户
[root@ansible-node2 sudoers.d]# cat /etc/sudoers.d/devops
devops ALL=(ALL) NOPASSWD: ALL
Ansible的常用模块使用
command模块: 在所有节点上运行hostname命令
ansible all -m command ‘hostname’
copy模块: 使用户devops用户将content写入/etc/motd文件
ansible localhost -m copy -a 'content="Managed by Ansible\n" dest=/etc/motd' -u devops
file模块: 更改所有节点上/tmp/test.sh的权限为600,属主和属组为root
ansible all -m file -a “dest=/tmp/test.sh mode=600 owner=root group=root”
cron模块: 在所有节点上定义一个计划任务,每隔3分钟更新一次时间
ansible all -m cron -a ‘name=”custom job” minute=*/3 hour=* day=* month=* weekday=* job=”/usr/sbin/ntpdate 192.168.0.1″‘
group模块: 在所有节点上创建一个组名为bob,gid为2022的组
ansible all -m group -a ‘gid=2022 name=bob’
user模块: 在所有节点上创建一个用户名为devops,uid为4000
ansible all -m user -a 'name=devops uid=4000 state=present'
yum模块: 在所有节点上安装 httpd 服务
ansible all -m yum -a “state=present name=httpd”
service模块: 启动所有节点上的 httpd 服务,并让其开机自启动
ansible all -m service -a ‘name=httpd state=started enabled=yes’
script模块: 在所有节点上执行/root/test.sh脚本(该脚本是在ansible控制节点上的)
ansible all -m script -a ‘/root/test.sh’
ping模块: 检查所有节点机器是否还能连通
ansible all -m ping
Ansible的Playbook用法
ansible的PlayBook常用模块
Files modules:
copy: 将本地文件复制到托管主机
file: 设置文件的权限和其他属性
lineinfile: 确保文件中有或没有特定的行
synchronize: 使用 rsync 同步内容
Software package:
package: 使用操作系统自带的自动检测包管理器模块管理包
yum: 使用 YUM 包管理器管理包
apt: 使用 APT 包管理器管理包
dnf: 使用 DNF 包管理器管理包
gem: 管理 ruby gem
pip: 从 PyPI 管理 Python 包
System modules:
firewalld: 使用防火墙 firewalld 管理任意端口/服务
reboot: 重启机器
service: 管理服务
user: 添加、移除和管理用户账户
Net Tools modules:
get_url: 通过 HTTP、HTTPS 或 FTP 下载文件
nmcli: 管理网络
uri: 与 web 服务交互
语法检查
ansible-playbook user.yml --syntax-check
尝试运行PlayBook
ansible-playbook user.yml -C
查看ansible的playbook帮助
ansible-doc Modules_Name
Ansible变量的用法
利用变量创建用户
[root@ansible-node1 vars]# cat user1.yml
---
- name: create user
hosts: all
vars:
username: bob
uid: 4002
tasks:
- name: create user bob
user:
name: ""
uid: ""
利用变量文件创建用户
[root@ansible-node1 vars]# cat user.yml
user1: tom
user2: jerry
[root@ansible-node1 vars]# cat user2.yml
---
- name: create user
hosts: all
vars_files:
/root/playbooks/vars/user.yml
tasks:
- name: create user bob
user:
name: ""
state: present
安装httpd,firewalled服务并启动,开放http规则且访问该页面
---
- name: Deploy and start Apache HTTPD service
hosts: all
vars:
web_pkg: httpd
firewall_pkg: firewalld
web_service: httpd
firewall_service: firewalld
python_pkg: python-httplib2
rule: http
tasks:
- name: Required packages are installed and up to date
yum:
name:
- ""
- ""
- ""
state: latest
- name: The service is started and enabled
service:
name: ""
state: started
enabled: true
- name: The service is started and enabled
service:
name: ""
state: started
enabled: true
- name: Web content is in place
copy:
content: "Web content is in place"
dest: "/var/www/html/index.html"
- name: The firewall port for is open
firewalld:
service: ""
permanent: true
immediate: true
state: enabled
- name: Verify the Apache service
hosts: localhost
become: false
tasks:
- name: Ensure the webserver is reachable
uri:
url: http://127.0.0.1
status_code: 200
Ansible模板实例
为所有主机发送公钥
---
- name: configure root punlic key
hosts: all
tasks:
- name: Set authorized key taken from file
authorized_key:
user: root
state: present
key: ""
为所有主机安装httpd,修改index.html,启动服务并设置开机自启
---
- name: install and start Appach
hosts: all
tasks:
- name: httpd package is present
yum:
name: httpd
state: present
- name: provide centent of index.html
copy:
src: /root/index.html
dest: /var/www/html/index.html
- name: Start service httpd, if not started
service:
name: httpd
state: started
enabled: true
删除所有主机上用户为james且uid为4000
---
- name: Configure important user consistertly
hosts: all
tasks:
- name: delete user james with uid 4000
user:
name: james
uid: 4000
state: absent
将多行content写入所有主机的/tmp/mine.conf
---
- name: Configure important file
hosts: all
tasks:
- name: Copy using inline content
copy:
content: | #多行 ># 多行合并为一行
'# This file was moved to /etc/other.conf'
'# This is a test'
dest: /tmp/mine.conf
多任务批量操作案例
---
- name: Configure httpd and firewalled
hosts: all
tasks:
- name: install httpd and firewalled service
yum:
name:
- httpd
- firewalld
state: latest
- name: Copy usingin line content
copy:
content: |
'#This is a test web service'
dest: '/var/www/html/index.html'
- name: Start service firewalld,if notstarted
service:
name: firewalld
state: started
enabled: yes
- name: Configure firewalld rule for httpd
firewalld:
service: http
permanent: true
immediate: yes
state: enabled
- name: Start service httpd,if notstarted
service:
name: httpd
state: started
enabled: yes
- name: Check that a page returns a status 200 and fail if the word AWESOME is not in the page conte uri
uri:
url: http://127.0.0.1
return_content: yes
status_code: 200
