标签:name 0.0 nginx ansible 模块 剧本 root localhost
1. 服务介绍
1.1 自动化运维相关概念
相关概念
了解IaaS PaaS SaaS
IaaS infrastructure as a service
PaaS platform as a service
SaaS software as a service
IAAS 提供基本的硬件
PAAS 购买已经准备好的开发环境 直接开发就行了
SAAS 手机上的大部分软件都是基于SAAS 比如阿里提供给别人用的钉钉 腾讯给我们用的微信(免费)
三个的提供方举例:
IAAS:提供硬件 联想
PAAS:提供操作系统 微软
SAAS:阿里 提供淘宝软件
以邮件系统为例,IAAS就是企业自己购买服务器,自己搭建服务架构,搭建邮件服务器,然后使用企业邮件服务,PAAS就是企业租到了服务器,自己搭建服务,然后使用企业邮箱,SAAS就是企业掏钱购买腾讯企业邮箱,然后使用企业邮箱
1.2 ansible理论
1.2.1 ansible及自动化介绍
ansible:提高效率的工具
自动化:系统自动化(pxe+ks)、程序自动化(ansible、saltstack、puppet)、代码自动化(Jenkins)、
程序自动化工具分为两类:
(1)c/s架构:saltstack puppet
(2)无客户端模式:ansible
区别:
-
puppet:基于ruby开发,支持Linux、Windows、Unix,可以管理千台主机以上
-
saltstack:基于python开发,支持统一管理,比较轻量级
-
ansible:基于python开发,使用ssh协议,没有客户端,200-300台
-
ansible: python编写 适用于中小型应用环境 一个系统控制多台主机 有两个角色 主控端/被控端
-
saltstack: python编写 需要部署agent 主控端通过安装在被控端的代理来对被控端进行操作
-
puppet: ruby语言编写 重型 适合大型环境 谷歌用 软件过于复杂 国内一般用不到
-
其他
1.2.2 ansible特性
- 模块化: 调用特定的模块,完成特定任务,约1000+模块 每个模块功能不同
- 有paramiko(基于ssh开发,主要做远程控制) PyYAML(可以实现剧本) Jinja2(模板语言) 三个关键模块
- 支持自己定义模块
- 安全, 基于openssh
- 支持playbook编排任务
- 幂等性: 一个任务执行1遍和n遍效果一样,不会因为重复执行而带来意外情况(以复制为例,如果进行多次复制,ansible发现已经有了,就不执行了,也不报错)
1.2.3 ansible命令执行过程和执行状态
2. centos7上安装ansible
366 mkdir /media/ansible
367 cp /mnt/hgfs/soft/an/* /media/ansible/
368 createrepo /media/ansible/
370 mount /dev/cdrom /mount
371 yum -y install createrepo
372 createrepo /media/ansible/
374 vim /etc/yum.repos.d/ansible.repo
[ansible]
name=ansible
baseurl=file:///media/ansible
enabled=1
gpgcheck=0
375 yum -y install ansible
376 rpm -e --nodeps python-cryptography
也可以使用yum安装ansible
yum -y install epel-release
yum -y install ansible
3. 配置ansible
277 ansible --version
278 cd /etc/ansible
278 vim hosts 尾部添加内容
[webserver]
192.168.1.22
192.168.1.17
[dbserver]
192.168.1.19
这里的webserver 和 dbserver只是一个分组的名称而已,没有特殊含义
292 ssh-keygen
293 ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.22
294 ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.17
295 ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.19
297 ansible all -m ping
297 ansible all -m ping
192.168.1.17 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.19 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.22 | SUCCESS => {
"changed": false,
"ping": "pong"
}
4. ansible模块使用
4.1 ansible语法和常用命令
ansible <host-patterm> [-m module_name] [-a args]
example: ansible webserver -m ping
帮助命令:
[root@localhost ~]# ansible-doc -h #help信息
[root@localhost ~]# ansible-doc -l #查看ansible的模块
[root@localhost ~]# ansible-doc -s yum #查看某个模块怎么使用
4.2 常用模块
(1)command(-m command可以省略)
[root@localhost ~]# ansible all -m command -a 'date'
[root@localhost ~]# ansible all -m command -a 'ls /home'
(2)corn
[root@localhost ~]# ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello world" name="test cron job"'
[root@localhost ~]# ansible all -a 'crontab -l'
[root@localhost ~]# ansible webserver -m cron -a 'minute="*/10" job="/bin/echo hello hansir" name="test cron job" state=absent'
state=present表示添加,添加的时候 state=present 可以省略 ,state=absent表示删除 name为描述信息
[root@localhost ~]# ansible webserver -m cron -a 'job=date name=showdate state=present'
[root@localhost ~]# ansible webserver -m cron -a 'job=date name=showdate state=absent'
(3)user
[root@localhost ~]# ansible all -m user -a 'name="user1"' #添加用户
[root@localhost ~]# ansible all -m user -a 'name="user1" state=absent' #删除用户
[root@localhost ~]# ansible all -m user -a 'name=tie create_home=yes shell=/bin/bash'
#这是创建一个普通用户,如果要加码,自己再写命令进行加密,如下
[root@localhost ~]# ansible all -m shell -a 'echo 1234.com | passwd --stdin tie'
[root@localhost ~]# ansible all -m user -a 'name=nginx shell=/sbin/nologin create_home=no'
192.168.20.126 | CHANGED => { #创建nginx用户,要求不可登陆,没有家目录
"ansible_facts": { #虽然这里显示有家目录,但是其实没有的
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 1002,
"home": "/home/nginx",
"name": "nginx",
"shell": "/sbin/nologin",
"state": "present",
"system": false,
"uid": 1002
}
[root@localhost ~]# ansible all -m user -a 'name=tie remove=yes state=absent' #删除用户并清空与用户有关的目录
(4)group
[root@localhost ~]# ansible dbserver -m group -a 'name="mysql" gid=700 system=yes' #公共组
[root@localhost ~]# ansible dbserver -m user -a 'name="benet" uid=700 system=yes group=mysql' #把用户加入组中
[root@localhost ~]# ansible dbserver -a 'tail -n1 /etc/passwd'
192.168.1.19 | SUCCESS | rc=0 >>
benet:x:700:700::/home/benet:/bin/bash
(5)copy文件分发
[root@localhost ~]# ansible webserver -m copy -a 'src=/media/ansible/ansible-2.4.2.0-2.el7.noarch.rpm dest=/root mode=0644 owner=root group=root'
[root@localhost ~]# ansible webserver -m copy -a 'src=/etc/sysctl.conf dest=/etc/sysctl.conf backup=yes'
这里要注意,如果copy相同的文件,文件内容要有变动,否则不会覆盖文件
backup=yes的话 对方在覆盖文件之前会现在原来的目录里做一个备份文件,如下
[root@localhost ~]# ls /etc/sysctl.conf*
/etc/sysctl.conf /etc/sysctl.conf.51901.2019-07-05@22:09:15~
(6)file 创建文件、修改文件属性 比如属主属组权限、创建目录
[root@localhost ~]# ansible dbserver -m file -a 'owner=benet group=mysql mode=0644 path=/tmp/test.ansible'
[root@localhost ~]# ansible dbserver -a 'ls -l /tmp/test.ansible'
192.168.1.19 | SUCCESS | rc=0 >>
-rw-r--r--. 1 benet mysql 13 Sep 21 15:40 /tmp/test.ansible
[root@localhost ~]# ansible dbserver -m file -a 'path=/tmp/test.link src=/tmp/test.ansible state=link'#创建软链接
[root@localhost ~]# ansible all -m file -a 'path=/tmp/testd src=/etc/hosts state=hard' 创建硬链接
[root@localhost ~]# ansible all -m file -a 'path=/tmp/test.test state=touch'
192.168.20.125 | CHANGED => { #创建文件
[root@localhost ~]# ansible all -m file -a 'path=/tmp/test.test state=absent' #删除文件
[root@localhost ~]# ansible all -m file -a 'path=/tmp/test state=directory' #创建目录
(7)yum
[root@localhost ~]# ansible webserver -m yum -a 'name=zsh,vsftpd state=present' #装zsh和vsftpd
[root@localhost ~]# ansible webserver -m yum -a 'name=vsftpd state=absent'
(8)service
[root@localhost ~]# ansible webserver -a 'service httpd status'
[root@localhost ~]# ansible webserver -m service -a 'name=httpd state=started' 还可以写stopped restarted reloaded
(9)shell
[root@localhost ~]# ansible webserver -m shell -a 'ls /root | grep install.log' #shell可以使用管道符
[root@localhost ~]# ansible dbserver -m shell -a 'echo 'redhat' | passwd --stdin benet'
[root@localhost ~]# ansible dbserver -m shell -a 'echo 'y' | yum install vsftpd'
(10)script
[root@localhost ~]# vim test.sh
#!/bin/bash
#this is test script
echo "hello ansible thanks hansir" > /tmp/script.ansible
[root@localhost ~]# ansible dbserver -m script -a 'test.sh'
(11)setup 采集客户端讯息 #这里筛选的变量 后边模板template会用到
[root@localhost ~]# ansible all -m setup #采集客户端所有信息
[root@localhost ~]# ansible all -m setup -a 'filter=ansible_hostname'
[root@localhost ~]# ansible dbserver -m setup -a 'filter=*address*'
192.168.20.125 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.122.1",
"192.168.20.125"
],
"ansible_all_ipv6_addresses": [
"fe80::20c:29ff:fe24:241c"
],
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
(12)ping
[root@localhost ~]# ansible all -m ping
(14)fetch #主控端去被控端抓取文件
[root@localhost ~]# mkdir /data
[root@localhost ~]# ansible all -m fetch -a 'src=/var/log/messages dest=/data'
192.168.20.126 | CHANGED => {
[root@localhost ~]# tree /data
/data
├── 192.168.20.125
│ └── var
│ └── log
│ └── messages
└── 192.168.20.126
└── var
└── log
└── messages
6 directories, 2 files
(15) unarchive 解压模块: 将主控端的包解压后放在被控端 无需传输tar包
[root@localhost ~]# ansible webserver -m unarchive -a 'src=/root/ios.tar.gz dest=/usr/src remote_src=yes'
(16)hostname
[root@localhost ~]# ansible webserver -m hostname -a 'name=webserver'
关于模块部分 还有一些非常好用的 没有在这个文章里 读者客户点击 https://blog.csdn.net/weixin_43557605/article/details/102659689
结合这个模块 和replace模块 基本上可以实现用剧本安装和配置所有的服务
下边的第五部分是剧本 playbook 是ansible的任务编排 这部分和角色 roles都很重要 这部分掌握了基础模块后要大量练习 建议最好可以写出一个LNMP的部署剧本 以后完成LNMP一键部署 关于LNMP的剧本 我已经写出来了 在https://blog.csdn.net/weixin_43557605/article/details/103924815 这部分没有写PHP的 因为 会这两个 PHP的自然可以写出来 没有难度
5. playbook
5.1 常规playbook使用
YAML基础元素
结构用空格表示
序列结构用-
键值对用:
扩展名为yaml yml
task:任务,要调用模块,完成某个操作
variable:变量
handlers:触发器
[root@localhost ~]# vim test.yaml
- hosts: webserver
remote_user: root
tasks:
- name: install vsftpd
command: yum -y install vsftpd
- name: start vsftpd
service: name=vsftpd state=started
[root@localhost ~]# ansible-playbook test.yaml
[root@localhost ~]# ansible all -a 'service vsftpd status'
[WARNING]: Consider using service module rather than running service
192.168.1.19 | FAILED | rc=1 >>
vsftpd: unrecognized servicenon-zero return code
192.168.1.17 | SUCCESS | rc=0 >>
vsftpd (pid 15076) 正在运行...
192.168.1.22 | SUCCESS | rc=0 >>
vsftpd (pid 5920) 正在运行...
剧本补充内容
1. yum安装多个包
- name: Installation dependency
yum: name="pcre-devel,zlib-devel" state=installed
2. 检测剧本语法的命令
# ansible-playbook nginx.yml --syntax-check
3. 做软链接
- name: file
file: path=/usr/local/nginx/sbin/* src=/usr/local/sbin/ state=link
4. 解压包
- name: unarchive
unarchive: src=/root/nginx-1.15.4.tar.gz dest=/usr/src mode=0755
5. 添加无家目录用户
- name: useradd nginx
user: name=nginx shell=/sbin/nologin home=null
ansible加密命令
剧本的其他使用提示
1)限制只在谁上执行
ansible-playbook file.yml --limits 192.168.20.101
2)查看任务列表
ansible-playbook file.yml --list-tasks
3)查看tags
[root@localhost ~]# ansible-playbook file.yml --list-tags
5.2 handlers在playbook中的使用
问题引入:在dbserver上装httpd,配置并运行的过程中出现配置文件修改,但是服务没有重启的情况
vim file.yml
- hosts: dbserver
remote_user: root
tasks:
- name: install httpd
yum: name=httpd
- name: copy conf file
copy: src=files/httpd.conf dest=/etc/httpd/conf
- name: ensure apache is running
service: name=httpd state=started enabled=yes
[root@localhost ~]# mkdir files
[root@localhost ~]# cp /etc/httpd/conf/httpd.conf files/
[root@localhost ~]# ansible-playbook file.yml --syntax-check #检测语法错误
playbook: file.yml
[root@localhost ~]# ansible-playbook -C file.yml #检测运行过程
PLAY [dbserver] ***********************************************************************
TASK [Gathering Facts] ****************************************************************
ok: [192.168.20.125]
TASK [install httpd] ******************************************************************
changed: [192.168.20.125]
TASK [copy conf file] *****************************************************************
changed: [192.168.20.125]
TASK [ensure apache is running] *******************************************************
changed: [192.168.20.125]
PLAY RECAP ****************************************************************************
192.168.20.125 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
第一次我们先不对本机的httpd.conf做修改,先直接运行file.yml
[root@localhost ~]# ansible-playbook file.yml
[root@localhost ~]# ansible dbserver -m shell -a 'ss -ntl | grep :80'
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 :::80 :::*
我们现在修改本机的httpd.conf 把监听端口改为800 然后执行剧本 之后查看dbserverd800端口有没有被监听
[root@localhost ~]# ansible-playbook file.yml
[root@localhost ~]# ansible dbserver -m shell -a 'ss -ntl | grep :80'
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 :::80 :::*
再次查看的时候,发现80端口依然在监听 而不是800端口 也就是说 改了配置文件 但是无法重启
针对上边的问题,playbook引入handlers即可解决,handlers类似于触发器,达到条件即可触发某个动作,我们在这里准备这样做:用handlers监控配置文件的修改情况,如果配置文件修改了,就触发httpd重启服务,操作如下
[root@localhost ~]# vim file.yml
- hosts: dbserver
remote_user: root
tasks:
- name: install httpd
yum: name=httpd
- name: copy conf file
copy: src=files/httpd.conf dest=/etc/httpd/conf
notify: restart httpd
- name: ensure apache is running
service: name=httpd state=started enabled=yes
handlers:
- name: restart httpd
service: name=httpd state=restarted
上述的意思是说,规定了一个handlers的动作是重启httpd,使用
notify对第二步进行监控,只要第二步进行了,也就是说配置文件
修改了,就触发handler中名字是“restart httpd”的操作,可以有多
个触发,只要名字对应即可
我们现在再次修改本机的httpd.conf文件,端口改为8080,然后
执行剧本,查看运行端口
[root@localhost ~]# ansible-playbook file.yml
[root@localhost ~]# ansible dbserver -m shell -a 'ss -ntl | grep :8080'
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 :::8080 :::*
可以看到dbserver现在运行的是8080端口,问题得到了解决
这里需要说明的是,tasks里边的动作通过notify的监控,可以同时触发多个handlers的动作,如下:
copy src=... dest=...
nitofy:
- restart nginx
- check process
5.3 tags在playbook中的使用
tags其实就是为tasks里的某个动作打一个标签,打完标签之后,可以进行引用,如下:
[root@localhost ~]# vim file.yml #对启动httpd的动作打一个标签
- hosts: dbserver
remote_user: root
tasks:
- name: install httpd
yum: name=httpd
- name: copy conf file
copy: src=files/httpd.conf dest=/etc/httpd/conf
notify: restart httpd
- name: ensure apache is running
service: name=httpd state=started enabled=yes
tags: rshttpd
handlers:
- name: restart httpd
service: name=httpd state=restarted
[root@localhost ~]# ansible dbserver -m service -a 'name=httpd state=stopped'
[root@localhost ~]# ansible-playbook -t rshttpd file.yml #只执行rshttpd这个标签的步骤
[root@localhost ~]# ansible dbserver -m shell -a 'ss -ntl | grep :8080'
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 :::8080 :::*
这里要说明的是,-t后边可以跟多个标签,用逗号分隔即可,另外,多个动作可以共用一个标签
5.4 变量在playbook中的使用
变量的简单使用
[root@localhost ~]# vim file.yml
- hosts: webserver
remote_user: root
tasks:
- name: install httpd
yum: name={{ pkname }}
- name: ensure apache is running
service: name={{ pkname }} state=started enabled=yes
[root@localhost ~]# ansible-playbook -e 'pkname=httpd' file.yml #执行剧本的时候声明变量
在剧本中声明变量
[root@localhost ~]# vim file.yml
- hosts: all
remote_user: root
vars:
- pkname1: httpd
- pkname2: vsftpd
tasks:
- name: install httpd
yum: name={{ pkname1 }}
- name: ensure apache is running
yum: name={{ pkname2 }}
[root@localhost ~]# ansible all -m yum -a 'name=httpd state=absent'
[root@localhost ~]# ansible-playbook file.yml
在配置文件中声明变量
- 对某一个主机生效的(普通变量)
- 对某一个组生效的(公共变量)
vim /etc/ansible/hosts
[webservers]
192.168.20.101 http_port=81
192.168.20.102 http_port=82
[webservers:vars]
nodename=www
domainname=kgc.cn
vim file.yml
- hosts: all
remote_user: root
tasks:
- name: set hostname
hostname: name={{nodename}}{{http_port}}.{{domainname}}
ansible-playbook file.yml
还有一种方式
ansible-playbook -e 'nodename=web domainname=example.com' file.yml #这个时候-e的生效
变量的优先级比较:
命令行 > 普通变量 > 公共变量
5.5 使用template对nginx实行区别化配置
首先需要在自己写的yml文件的统计目录创建templates目录,并把文件复制一份过来,改为jinja2格式的
[root@localhost ~]# ls
anaconda-ks.cfg Downloads initial-setup-ks.cfg Pictures Videos
Desktop files Music Public
Documents file.yml original-ks.cfg Templates
[root@localhost ~]# mkdir templates
[root@localhost ~]# cp /etc/nginx/nginx.conf templates/nginx.conf.j2
这个时候要用到一些系统变量,这些变量是从setup模块找的
我们这里准备对两台主机安装nginx,然后让worker进程数与cpu成正比
如下,可以看到两天主机,一个cpu是2,另一个cpu个数是4,变量是ansible_processor_vcpus
[root@localhost ~]# ansible all -m setup -a 'filter=*cpu*'
192.168.20.125 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 4,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
192.168.20.126 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 2,
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
编辑模板文件
[root@localhost ~]# vim templates/nginx.conf.j2
6 worker_processes {{ansible_processor_vcpus}};
[root@localhost ~]# vi test.yml
- hosts: all
remote_user: root
tasks:
- name: install nginx
yum: name=nginx
- name: copy template
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: start nginx
service: name=nginx state=started
[root@localhost ~]# ansible-playbook -C test.yml
PLAY [all] ****************************************************************************
TASK [Gathering Facts] ****************************************************************
ok: [192.168.20.125]
ok: [192.168.20.126]
TASK [install nginx] ******************************************************************
changed: [192.168.20.126]
changed: [192.168.20.125]
TASK [copy template] ******************************************************************
changed: [192.168.20.125]
changed: [192.168.20.126]
TASK [start nginx] ********************************************************************
changed: [192.168.20.125]
changed: [192.168.20.126]
PLAY RECAP ****************************************************************************
192.168.20.125 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.20.126 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@localhost ~]# ansible-playbook test.yml
[root@localhost ~]# ansible all -m shell -a 'ps -aux | grep nginx' #上边4个,下边2个,符合预期
192.168.20.125 | CHANGED | rc=0 >>
root 3705 0.0 0.1 122928 2244 ? Ss 09:22 0:00 nginx: master process /usr/sbin/nginx
nginx 3706 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3707 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3708 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3709 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
root 3883 0.0 0.0 113128 1196 pts/1 S+ 09:23 0:00 /bin/sh -c ps -aux | grep nginx
root 3885 0.0 0.0 112660 952 pts/1 S+ 09:23 0:00 grep nginx
192.168.20.126 | CHANGED | rc=0 >>
root 3468 0.0 0.1 122928 2244 ? Ss 09:22 0:00 nginx: master process /usr/sbin/nginx
nginx 3469 0.0 0.1 125472 3552 ? S 09:22 0:00 nginx: worker process
nginx 3470 0.0 0.1 125472 3540 ? S 09:22 0:00 nginx: worker process
root 3643 0.0 0.0 113128 1196 pts/1 S+ 09:23 0:00 /bin/sh -c ps -aux | grep nginx
root 3645 0.0 0.0 112660 952 pts/1 S+ 09:23 0:00 grep nginx
如果要修改,加入handlers比较好,我们把worker数量改为cpu个数+2(如果想写成平方 **2)
[root@localhost ~]# vim templates/nginx.conf.j2
worker_processes {{ansible_processor_vcpus+2}};
[root@localhost ~]# vim test.yml
- hosts: all
remote_user: root
tasks:
- name: install nginx
yum: name=nginx
- name: copy template
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: restart nginx
- name: start nginx
service: name=nginx state=started
handlers:
- name: restart nginx
service: name=nginx state=restarted
[root@localhost ~]# ansible all -m shell -a 'ps -aux | grep nginx' #可以看出上边6个下边4个
192.168.20.125 | CHANGED | rc=0 >>
root 3705 0.0 0.1 122928 2244 ? Ss 09:22 0:00 nginx: master process /usr/sbin/nginx
nginx 3706 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3707 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3708 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3709 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3710 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3711 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
root 3883 0.0 0.0 113128 1196 pts/1 S+ 09:23 0:00 /bin/sh -c ps -aux | grep nginx
root 3885 0.0 0.0 112660 952 pts/1 S+ 09:23 0:00 grep nginx
192.168.20.126 | CHANGED | rc=0 >>
root 3468 0.0 0.1 122928 2244 ? Ss 09:22 0:00 nginx: master process /usr/sbin/nginx
nginx 3469 0.0 0.1 125472 3552 ? S 09:22 0:00 nginx: worker process
nginx 3470 0.0 0.1 125472 3540 ? S 09:22 0:00 nginx: worker process
nginx 3471 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
nginx 3472 0.0 0.1 125472 3564 ? S 09:22 0:00 nginx: worker process
root 3643 0.0 0.0 113128 1196 pts/1 S+ 09:23 0:00 /bin/sh -c ps -aux | grep nginx
root 3645 0.0 0.0 112660 952 pts/1 S+ 09:23 0:00 grep nginx
下边试着用变量结合template来修改nginx配置
[root@localhost ~]# vim /etc/ansible/hosts
[dbserver]
192.168.20.125 http_port=81
[webserver]
192.168.20.126 http_port=82
[root@localhost ~]# vim templates/nginx.conf.j2
39 listen {{http_port}} default_server;
[root@localhost ~]# ansible-playbook test.yml
[root@localhost ~]# ansible all -m shell -a 'ss -ntpl | grep nginx' #如下ipv4的端口都改过来了
192.168.20.125 | CHANGED | rc=0 >>
LISTEN 0 128 *:81 *:* users:(("nginx",pid=4388,fd=6),("nginx",pid=4387,fd=6),("nginx",pid=4386,fd=6),("nginx",pid=4385,fd=6),("nginx",pid=4384,fd=6),("nginx",pid=4383,fd=6),("nginx",pid=4382,fd=6))
LISTEN 0 128 :::80 :::* users:(("nginx",pid=4388,fd=7),("nginx",pid=4387,fd=7),("nginx",pid=4386,fd=7),("nginx",pid=4385,fd=7),("nginx",pid=4384,fd=7),("nginx",pid=4383,fd=7),("nginx",pid=4382,fd=7))
192.168.20.126 | CHANGED | rc=0 >>
LISTEN 0 128 *:82 *:* users:(("nginx",pid=4144,fd=6),("nginx",pid=4143,fd=6),("nginx",pid=4142,fd=6),("nginx",pid=4141,fd=6),("nginx",pid=4140,fd=6))
LISTEN 0 128 :::80 :::* users:(("nginx",pid=4144,fd=7),("nginx",pid=4143,fd=7),("nginx",pid=4142,fd=7),("nginx",pid=4141,fd=7),("nginx",pid=4140,fd=7))
tempalte结合when进行条件判断
加入某个服务,对于不同的系统版本,配置文件不一样,这个时候就需要区别对待
[root@localhost ~]# vim test.yml
- hosts: all
remote_user: root
tasks:
- name: install nginx
yum: name=nginx
- name: copy template for centos7
template: src=nginx.conf7.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_version == "7"
notify: restart nginx
- name: copy template for centos6
template: src=nginx.conf6.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_version == "6"
notify: restart nginx
- name: start nginx
service: name=nginx state=started
handlers:
- name: restart nginx
service: name=nginx state=restarted
此时需要在templates目录里准备好两个模板文件
上边的系统版本号变量可以使用ansible命令获得
[root@localhost ~]# ansible all -m setup -a 'filter=*version*'
6. roles 角色
6.1 roles的说明
roles的思想是把原来写在一个playbook的内容分成不同的部分,之后再进行统一的调用,这种方法,可以防止因为个人书写习惯不同而带来的额外的维护成本,在比较复杂的场景中建议使用roles来简化工作,同时,已经有很多人写了大量优秀的角色放在网上,可以供我们下载使用,网站在此 http://galaxy.ansible.com 如果网络比较好 可以直接使用ansible-galaxy命令安装角色 免去了安装的繁琐工作 但是 对于角色的编辑我们也应该掌握基础 下边是自己动手编写角色 在后边的文章https://blog.csdn.net/weixin_43557605/article/details/102661361 和 https://blog.csdn.net/weixin_43557605/article/details/103767610有网络角色的使用方法
操作要求: 要求在roles目录进行相关的操作,ansible安装完毕之后,在/etc/ansible/目录下就有一个roles目录,可以在这个ansible目录里操作,也可以在其他任何目录里操作,但是要求yml文件和roles目录在同一级目录里
roles的目录说明
- files目录: 主要是放一些copy模块需要用到的文件或者script模块用到的脚本
- templates目录:template模块查找所需要的模板文件的目录
- tasks目录:定义任务操作的目录,这个目录里至少要有一个main.yml
- handlers目录:触发操作的目录,这个目录至少要有一个main.yml
- vars目录:定义变量的目录 至少包含一个main.yml目录
- meta目录:定义角色的特殊设定及依赖关系
- default目录:设定默认变量的时候使用此目录里的main.yml
6.2 roles实战—源码安装nginx
[root@localhost ~]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg hosts roles
[root@localhost ansible]# mkdir -pv roles/nginx/{tasks,files,handlers,vars,templates}
mkdir: created directory ‘roles/nginx’
mkdir: created directory ‘roles/nginx/tasks’
mkdir: created directory ‘roles/nginx/files’
mkdir: created directory ‘roles/nginx/handlers’
mkdir: created directory ‘roles/nginx/vars’
mkdir: created directory ‘roles/nginx/templates’
本机安装nginx,过程省略
[root@localhost ansible]# cp /root/nginx-1.15.4.tar.gz roles/nginx/files/
[root@localhost ansible]# cp /usr/local/nginx/conf/nginx.conf roles/nginx/templates/nginx.conf.j2
[root@localhost ansible]# cd roles/nginx/tasks/
[root@localhost tasks]# vim install.yml
- name: install dependent packages
yum: name={{item}}
with_items:
- gcc
- gcc-c++
- pcre-devel
- zlib-devel
- openssl-devel
- name: add nginx user
user: name=nginx create_home=no shell=/sbin/nologin uid=888
- name: unarchive tar file
unarchive: src={{tarball_name}} dest=/usr/src/
- name: configure nginx
shell: ./configure --prefix={{base_dir}} --user={{user}} --group={{group}} --with-http_stub_status_module --with-http_gzip_static_module && make && make install
args:
chdir: /usr/src/{{nginx_dir}}
- name: copy template
template: src=nginx.conf.j2 dest={{base_dir}}/conf/nginx.conf
- name: make soft link
file: src={{base_dir}}/sbin/nginx dest=/usr/sbin/nginx state=link
[root@localhost tasks]# vim test.yml
- name: test syntax error of nginx
shell: /usr/local/nginx/sbin/nginx -t
notify: start nginx
[root@localhost tasks]# vim main.yml
- import_tasks: install.yml #include很快会被取消,这里用import_tasks
- import_tasks: test.yml
[root@localhost tasks]# vim ../templates/nginx.conf.j2
3 worker_processes {{ansible_processor_vcpus+2}};
[root@localhost tasks]# vim ../handlers/main.yml
- name: start nginx
shell: nginx
[root@localhost tasks]# vim ../vars/main.yml
tarball_name: nginx-1.15.4.tar.gz
nginx_dir: nginx-1.15.4
base_dir: /usr/local/nginx
cmd: /usr/local/nginx/sbin/nginx
user: nginx
group: nginx
[root@localhost tasks]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg hosts roles
[root@localhost ansible]# vim nginx_roles.yml
- hosts: all
remote_user: root
roles:
- role: nginx
测试执行过程:
[root@localhost ansible]# ansible-playbook -C nginx_roles.yml
PLAY [all] ****************************************************************************
TASK [Gathering Facts] ****************************************************************
ok: [192.168.20.125]
ok: [192.168.20.126]
TASK [nginx : install dependent packages] *********************************************
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions
is deprecated. Instead of using a loop to supply multiple items and specifying `name:
"{{item}}"`, please use `name: ['gcc', 'gcc-c++', 'pcre-devel', 'zlib-devel',
'openssl-devel']` and remove the loop. This feature will be removed in version 2.11.
Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions
is deprecated. Instead of using a loop to supply multiple items and specifying `name:
"{{item}}"`, please use `name: ['gcc', 'gcc-c++', 'pcre-devel', 'zlib-devel',
'openssl-devel']` and remove the loop. This feature will be removed in version 2.11.
Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
changed: [192.168.20.125] => (item=[u'gcc', u'gcc-c++', u'pcre-devel', u'zlib-devel', u'openssl-devel'])
changed: [192.168.20.126] => (item=[u'gcc', u'gcc-c++', u'pcre-devel', u'zlib-devel', u'openssl-devel'])
TASK [nginx : add nginx user] *********************************************************
changed: [192.168.20.125]
changed: [192.168.20.126]
TASK [nginx : unarchive tar file] *****************************************************
fatal: [192.168.20.125]: FAILED! => {"changed": false, "msg": "dest '/usr/src/nginx-1.15.4' must be an existing dir"}
fatal: [192.168.20.126]: FAILED! => {"changed": false, "msg": "dest '/usr/src/nginx-1.15.4' must be an existing dir"}
PLAY RECAP ****************************************************************************
192.168.20.125 : ok=3 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
192.168.20.126 : ok=3 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
检测执行过程没有错误,可以执行
[root@localhost ansible]# ansible all -m shell -a 'ps -aux | grep nginx'
192.168.20.125 | CHANGED | rc=0 >>
root 19567 0.0 0.0 20556 616 ? Ss 13:06 0:00 nginx: master process nginx
nginx 19568 0.0 0.0 23092 1380 ? S 13:06 0:00 nginx: worker process
root 19647 0.0 0.0 113176 1220 pts/1 S+ 13:06 0:00 /bin/sh -c ps -aux | grep nginx
root 19649 0.0 0.0 112708 964 pts/1 S+ 13:06 0:00 grep nginx
192.168.20.126 | CHANGED | rc=0 >>
root 19612 0.0 0.0 20556 620 ? Ss 13:06 0:00 nginx: master process nginx
nginx 19613 0.0 0.0 23092 1384 ? S 13:06 0:00 nginx: worker process
root 19692 0.0 0.0 113176 1220 pts/1 S+ 13:06 0:00 /bin/sh -c ps -aux | grep nginx
root 19694 0.0 0.0 112708 960 pts/1 S+ 13:06 0:00 grep nginx
变量没有成功,因为install.yml文件里忘记写template模块了 这个时候可以自己去吧后两台的
nginx杀掉,也可以改一下handler 让handler触发,我们采用后者,改完之后再次执行
如下出来效果了,一个4个worker 一个6个worker
[root@localhost ansible]# ansible all -m shell -a 'ps -aux | grep nginx'
192.168.20.126 | CHANGED | rc=0 >>
root 23027 0.0 0.0 20556 620 ? Ss 13:12 0:00 nginx: master process nginx
nginx 23028 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 23029 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 23030 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 23031 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
root 23113 0.0 0.0 113176 1220 pts/1 S+ 13:12 0:00 /bin/sh -c ps -aux | grep nginx
root 23115 0.0 0.0 112708 964 pts/1 R+ 13:12 0:00 grep nginx
192.168.20.125 | CHANGED | rc=0 >>
root 22978 0.0 0.0 20556 680 ? Ss 13:12 0:00 nginx: master process nginx
nginx 22979 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22980 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22981 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22982 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22983 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
nginx 22984 0.0 0.0 23092 1380 ? S 13:12 0:00 nginx: worker process
root 23065 0.0 0.0 113176 1216 pts/1 S+ 13:12 0:00 /bin/sh -c ps -aux | grep nginx
root 23067 0.0 0.0 112708 964 pts/1 R+ 13:12 0:00 grep nginx
标签:name,0.0,nginx,ansible,模块,剧本,root,localhost 来源: https://blog.csdn.net/weixin_43557605/article/details/87903146
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。