总结：运维自动化之ANSIBLE

技术2025-11-28 6

etc/ansible/ansible.cfg 主配置文件，配置ansible工作特性 /etc/ansible/hosts 主机清单 /etc/ansible/roles/ 存放角色的目录

/usr/bin/ansible 主程序，临时命令执行工具 /usr/bin/ansible-doc 查看配置文档，模块功能查看工具 /usr/bin/ansible-galaxy 下载/上传优秀代码或Roles模块的官网平台 /usr/bin/ansible-playbook 定制自动化任务，编排剧本工具/usr/bin/ansible-pull 远程执行命令的工具 /usr/bin/ansible-vault 文件加密工具 /usr/bin/ansible-console 基于Console界面与用户交互的执行工具

环境准备

安装配置软件 [root@CentOS7 ~]# yum install ansible [root@CentOS7 ~]# vim /etc/ansible/ansible.cfg host_key_checking = False #不检查对应服务器的host_key log_path = /var/log/ansible.log #日志文件 module_name = shell #默认模块（command）修改为shell [root@CentOS7 ~]# vim /etc/ansible/hosts #添加管理的主机 [websrvs] 192.168.8.17 192.168.8.27 [appsrvs] 192.168.8.[2:3]7 ##创建基于key的验证 [root@CentOS7 ~]# ssh-keygen [root@CentOS7 ~]# ssh-copy-id 192.168.8.17 [root@CentOS7 ~]# ssh-copy-id 192.168.8.27 [root@CentOS7 ~]# ssh-copy-id 192.168.8.37

ansible-doc

[root@CentOS7 ~]# ansible-doc -l 列出所有模块 [root@CentOS7 ~]# ansible-doc user 查看指定模块帮助用法 [root@CentOS7 ~]# ansible-doc -s user 简要列出指定模块帮助用法

ansible

ansible [-m module_name] [-a args] -m module 指定模块，默认为command -v 详细过程 –vv -vvv更详细 –list-hosts 显示主机列表，可简写 --list -k, --ask-pass 提示输入ssh连接密码，默认Key验证 -C, --check 检查，并不执行 -T, --timeout=TIMEOUT 执行命令的超时时间，默认10s -u, --user=REMOTE_USER 执行远程执行的用户

[root@CentOS7 ~]# ansible all --list-hosts hosts (3): 192.168.8.27 192.168.8.37 192.168.8.17 [root@CentOS7 ~]# ansible websrvs -m ping [root@CentOS7 ~]# ansible 192.168.8.27 -m ping [root@CentOS7 ~]# ansible all -m ping -k -u wang

All ：表示所有Inventory中的所有主机 * :通配符 : 或关系 :&逻辑与 :!逻辑非

[root@CentOS7 ~]# ansible all --list-hosts hosts (3): 192.168.8.27 192.168.8.37 192.168.8.17 [root@CentOS7 ~]# ansible '*' --list-hosts hosts (3): 192.168.8.27 192.168.8.37 192.168.8.17 [root@CentOS7 ~]# ansible '192.168.8.*' --list-hosts hosts (3): 192.168.8.27 192.168.8.17 192.168.8.37 [root@CentOS7 ~]# ansible "websrvs:appsrvs" --list-hosts #或 hosts (3): 192.168.8.17 192.168.8.27 192.168.8.37 [root@CentOS7 ~]# ansible "websrvs:&appsrvs" --list-hosts #与 hosts (1): 192.168.8.27 [root@CentOS7 ~]# ansible "websrvs:!appsrvs" --list-hosts #非 -bash: !appsrvs": event not found #双引号报错，!识别成引用历史命令 [root@CentOS7 ~]# ansible 'websrvs:&appsrvs' --list-hosts #用单引号 hosts (1): 192.168.8.27

ansible命令执行过程

加载自己的配置文件默认/etc/ansible/ansible.cfg加载自己对应的模块文件，如command通过ansible将模块或命令生成对应的临时py文件，并将该文件传输至远程服务器的对应执行用户$HOME/.ansible/tmp/ansible-tmp-数字/XXX.PY文件给文件+x执行执行并返回结果删除临时py文件，退出

执行状态：绿色：执行成功并且不需要做改变的操作黄色：执行成功并且对目标主机做变更红色：执行失败

常用模块

command

在远程主机执行命令，默认模块此命令不支持 $VARNAME < > | ; & 等，用shell模块实现，本环境已修改为shell

[root@CentOS7 ~]# ansible websrvs -m command -a 'ls /root' [root@CentOS7 ~]# ansible websrvs -m command -a 'chdir=/root ls' [root@CentOS7 ~]# ansible websrvs -m command -a 'creates=/etc/fstab ls /root' #/fstab存在不运行 [root@CentOS7 ~]# ansible websrvs -m command -a 'creates=/etc/xx ls /root' #/etc/xx不存在，就运行ls /root [root@CentOS7 ~]# ansible websrvs -m command -a 'echo $HOSTNAME' #返回结果错误，不支持$ [root@CentOS7 ~]# ansible websrvs -m command -a 'removes=/data/app ls /root' #app存在就运行

shell

和command相似，用shell执行命令（本环境默认配置，可以不写m）

[root@CentOS7 ~]# ansible all -a "echo $HOSTNAME" 192.168.8.17 | CHANGED | rc=0 >> CentOS7.localdomain [root@CentOS7 ~]# ansible all -a "getenforce" 192.168.8.27 | CHANGED | rc=0 >> Disabled

script

在远程主机上运行ansible服务器上的脚本

[root@CentOS7 ~]# ansible-doc -s script [root@CentOS7 ~]# vim test.sh echo "hello world" [root@CentOS7 ~]# chmod +x test.sh [root@CentOS7 ~]# ansible all -m script -a "/root/test.sh"

copy

从主控端复制文件到远程主机

[root@CentOS7 ~]# ansible websrvs -m copy -a "src=/etc/fstab dest=/data" [root@CentOS7 ~]# ansible websrvs -a 'ls /data' [root@CentOS7 ~]# ansible websrvs -m copy -a "src=/etc/fstab dest=/data owner=wang mode=600 backup=yes" #如目标存在，默认覆盖，此处指定先备份 [root@CentOS7 ~]# ansible websrvs -a "ls /data -l" 192.168.8.27 | CHANGED | rc=0 >> total 4 -rw------- 1 wang root 595 Jul 4 19:53 fstab

fetch

从远程主机提取文件至主控端，copy相反，目前不支持目录

[root@CentOS7 ~]# ansible all -m fetch -a "src=/etc/fstab dest=/data" [root@CentOS7 ~]# tree /data/ /data/ ├── 192.168.8.17 │ └── etc │ └── fstab ├── 192.168.8.27 │ └── etc │ └── fstab └── 192.168.8.37 └── etc └── fstab

file

设置文件属性

[root@CentOS7 ~]# ansible all -m file -a "path=/data/fstab owner=wang mode=700" #修改用户和权限 [root@CentOS7 ~]# ansible all -m file -a "src=/data/fstab path=/data/fstab.link state=link" #创建软连接 [root@CentOS7 ~]# ansible all -m file -a "src=/data/fstab path=/data/fstab.link state=hard" #创建硬链接 [root@CentOS7 ~]# ansible all -m file -a "path=/data/fi.txt state=touch" #创建空文件 [root@CentOS7 ~]# ansible all -m file -a "path=/data/dir state=directory" #创建目录 [root@CentOS7 ~]# ansible all -m file -a "path=/data/fstab state=absent" #删除文件

unarchive

解包解压缩，有两种用法 1、将ansible主机上的压缩包在本地解压缩后传到远程主机上，设置copy=yes. 2、将远程主机上的某个压缩包解压缩到指定路径下，设置copy=no

[root@CentOS7 ~]# tar zcvf sysconfig.tar.gz /etc/sysconfig/ #打包 [root@CentOS7 ~]# ansible all -m unarchive -a "src=/root/sysconfig.tar.gz dest=/data owner=wang mode=700" #传到远程主机解压，修改权限 [root@CentOS7 ~]# ansible all -m file -a "path=/data/etc state=absent" #删除目录etc [root@CentOS7 ~]# ansible all -m copy -a "src=/root/sysconfig.tar.gz dest=/data" #把压缩包考到远程主机 [root@CentOS7 ~]# ansible all -m copy -a "m unarchive -a "src=/data/sysconfig.tar.gz dest=/data owner=wang mode=700 copy=no" #解压（远程主机已有文件） [root@CentOS7 ~]# ansible all -a "ls /data -l" #显示

hostname

管理主机名

[root@CentOS7 ~]# ansible websrvs -m hostname -a "name=webserv"

cron

计划任务

[root@CentOS7 ~]# ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.16.0.1 &>/dev/null' name=Synctime" [root@CentOS7 ~]# ansible websrvs -a "crontab -l" 192.168.8.27 | CHANGED | rc=0 >> #Ansible: Synctime */5 * * * * /usr/sbin/ntpdate 172.16.0.1 &>/dev/null [root@CentOS7 ~]# ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.16.0.1 &>/dev/null' name=Synctime disabled=yes" #禁用 [root@CentOS7 ~]# ansible websrvs -m all -a "crontab -l" 192.168.8.27 | CHANGED | rc=0 >> #Ansible: Synctime #*/5 * * * * /usr/sbin/ntpdate 172.16.0.1 &>/dev/null [root@CentOS7 ~]# ansible websrvs -m cron -a "minute=*/5 job='/usr/sbin/ntpdate 172.16.0.1 &>/dev/null' name=Synctime disabled=no" #启用 [root@CentOS7 ~]# ansible websrvs -m cron -a "name=Synctime state=absent" #删除

yum

管理包

[root@CentOS7 ~]# ansible websrvs -m yum -a "name=httpd" #安装 [root@CentOS7 ~]# ansible websrvs -m yum -a "name=httpd state=absent" #删除

service

管理服务

[root@CentOS7 ~]# ansible websrvs -a "sed -i 'm service -a "name=httpd state=started enabled=yes" #开机启动、启动 [root@CentOS7 ~]# ansible websrvs -a "sed -i 'm service -a "name=httpd state=stopped" #停止 [root@CentOS7 ~]# ansible websrvs -a "sed -i 's#^Listen 80#Listen 8080#' /etc/httpd/conf/httpd.conf" #修改配置 [root@CentOS7 ~]# ansible websrvs -a "sed -i 'm service -a "name=httpd state=started" #启动

user

管理用户

[root@CentOS7 ~]# ansible websrvs -m user -a 'name=user1 comment="test user" uid=2048 home=/app/user1 group=root create_home=no' #不创建家目录 [root@CentOS7 ~]# ansible websrvs -m user -a 'name=sysuser1 system=yes home=/app/sysuser1' [root@CentOS7 ~]# ansible websrvs -m user -a 'name=user1 state=absent remove=yes' #删除（remove删除家目录）

group

管理组

[root@CentOS7 ~]# ansible srv -m group -a "name=testgroup system=yes" [root@CentOS7 ~]# ansible srv -m group -a "name=testgroup state=absent"

chdir 切换目录 creates 文件在不运行后面命令 removes 文件在运行后面命令 src 源路径 dest 目标路径 path 文件 owner: 所有者 mode 文件权限 state 文件属性（directory目录 absent删除 touch空文件 link软链接 hard硬链接）

ansible-galaxy

连接 https://galaxy.ansible.com 下载相应的roles

[root@CentOS7 ~]# ansible-galaxy list 列出所有已下载的galaxy [root@CentOS7 ~]# ansible-galaxy install geerlingguy.redis #下载 [root@CentOS7 ~]# ansible-galaxy remove geerlingguy.redis #删除

ansible-playbook

[root@CentOS7 /data/playbook]# cat hello.yml --- - hosts: all tasks: - name: first yml command: /bin/echo "hello world" [root@CentOS7 /data/playbook]# ansible-playbook hello.yml

ansible-vault

管理加密解密yml文件

[root@CentOS7 ~]# ansible-vault encrypt hello.yml #加密 [root@CentOS7 ~]# ansible-vault decrypt hello.yml #解密 [root@CentOS7 ~]# ansible-vault view hello.yml #查看 [root@CentOS7 ~]# ansible-vault edit hello.yml #编辑加密文件 [root@CentOS7 ~]# ansible-vault rekey hello.yml #修改口令 [root@CentOS7 ~]# ansible-vault create new.yml #创建新文件

ansible-console

可交互执行命令

playbook

playbook是由一个或多个“play”组成的列表 Playbook采用YAML语言编写

httpd.yml

[root@CentOS7 /data/playbook]# cp /etc/httpd/conf/httpd.conf /data/playbook/ [root@CentOS7 /data/playbook]# vim httpd.conf Listen 8080 [root@CentOS7 /data/playbook]# cat httpd.yml --- - hosts: appsrvs remote_user: root tasks: - name: 安装httpd yum: name=httpd - name: 编辑配置文件 copy: src=/data/playbook/httpd.conf dest=/etc/httpd/conf/ - name: 启动服务 service: name=httpd state=started enabled=yes [root@CentOS7 /data/playbook]# ansible-playbook httpd.yml

当修改配置后拷贝服务不重启，配合handlers使用可以重启服务

handlers和notify结合使用触发条件

[root@CentOS7 /data/playbook]# cat httpd.yml - hosts: appsrvs remote_user: root tasks: - name: 安装httpd yum: name=httpd - name: 编辑配置文件 copy: src=/data/playbook/httpd.conf dest=/etc/httpd/conf/ notify: restart httpd ##notify:必须与 handlers:- name一致 - name: 启动服务 service: name=httpd state=started enabled=yes handlers: - name: restart httpd service: name=httpd state=restarted [root@CentOS7 /data/playbook]# ansible-playbook httpd.yml [root@CentOS7 /data/playbook]# cat ngnix.yml --- - hosts: websrvs remote_user: root tasks: - name: add group nginx user: name=nginx state=present - name: add user nginx user: name=nginx state=present group=nginx - name: Install Nginx yum: name=nginx state=present - name: config copy: src=/root/config.txt dest=/etc/nginx/nginx.conf notify: #触发列表 - Restart Nginx - Check Nginx Process handlers: - name: Restart Nginx service: name=nginx state=restarted enabled=yes - name: Check Nginx process shell: killall -0 nginx > /tmp/nginx.log

二进制安装mariadb10

[root@CentOS7 ~/mariadb-10.2.25-linux-x86_64]# cat /data/playbook/install_mariadb.yml --- - hosts: appsrvs remote_user: root tasks: - name: 创建用户 user: name=mysql system=yes home=/data/mysql create_home=no shell=/sbin/nologin - name: 解压 unarchive: src=/root/mariadb-10.2.25-linux-x86_64.tar.gz dest=/usr/local copy=yes owner=mysql group=mysql - name: 创建软链接mysql file: src=/usr/local/mariadb-10.2.25-linux-x86_64 dest=/usr/local/mysql state=link - name: 创建目录 file: path=/data/mysql state=directory owner=mysql group=mysql - name: 创建mysql数据库 shell: chdir=/usr/local/mysql scripts/mysql_install_db --datadir=/data/mysql --user=mysql - name: 修改环境变量 copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh - name: 准备配置文件 copy: src=/data/playbook/my-huge.cnf dest=/etc/my.cnf - name: 配置服务脚本 shell: cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld - name: 启动服务 shell: /etc/init.d/mysqld start [root@CentOS7 /data/playbook]# ansible-playbook install_mariadb.yml

tags标签

可以指定特定tags执行

[root@CentOS7 /data/playbook]# cat httpd_tags.yml --- - hosts: appsrvs remote_user: root tasks: - name: 安装httpd yum: name=httpd - name: 编辑配置文件 copy: src=/data/playbook/httpd.conf dest=/etc/httpd/conf/ tags: conf notify: restart httpd - name: 启动服务 service: name=httpd state=started enabled=yes handlers: - name: restart httpd service: name=httpd state=restarted [root@CentOS7 /data/playbook]# ansible-playbook --list-tags httpd_tags.yml #列出标签 [root@CentOS7 /data/playbook]# ansible-playbook -t conf httpd_tags.yml #运行标签只运行编辑配置文件，并触发notify（重启服务）

变量

setup模块

ansible setup facts 远程主机的所有变量都可直接调用 {{ }}引用变量

[root@CentOS7 /data/playbook]# ansible 192.168.8.27 -m setup [root@CentOS7 /data/playbook]# ansible 192.168.8.27 -m setup -a "filter=*version*" [root@CentOS7 /data/playbook]# ansible 192.168.8.27 -m setup |grep major "ansible_distribution_major_version": "7" "ansible_hostname": "CentOS7", "ansible_nodename": "CentOS7.localdomain", [root@CentOS7 /data/playbook]# cat var.yml --- - hosts: websrvs remote_user: root tasks: - name: 创建文件 file: name=/data/{{ansible_nodename}}.log state=touch [root@CentOS7 /data/playbook]# ansible-playbook var.yml

/etc/ansible/hosts中定义

普通变量

[root@CentOS7 /data/playbook]# vim /etc/ansible/hosts [websrvs] 192.168.8.17 hostname=node1 192.168.8.27 hostname=node2 [root@CentOS7 /data/playbook]# cat var2.yml --- - hosts: websrvs remote_user: root tasks: - name: 创建文件 file: name=/data/{{hostname}}.log state=touch [root@CentOS7 /data/playbook]# ansible-playbook var2.yml

共享变量

[root@CentOS7 /data/playbook]# vim /etc/ansible/hosts [websrvs] 192.168.8.17 hostname=node1 #单机变量 192.168.8.27 hostname=node2 [websrvs:vars] #组变量 suf=txt [root@CentOS7 /data/playbook]# cat var3.yml --- - hosts: websrvs remote_user: root tasks: - name: 创建文件 file: name=/data/{{hostname}}.{{suf}} state=touch [root@CentOS7 /data/playbook]# ansible-playbook var3.yml

ansible -e 直接赋值

[root@CentOS7 /data/playbook]# ansible-playbook -e hostname=test -e suf=log var3.yml

playbook yml赋值

[root@CentOS7 /data/playbook]# vim var.yml --- - hosts: websrvs remote_user: root vars: - hostname: testfile - suf: pdf tasks: - name: 创建文件 file: name=/data/{{hostname}}.{{suf}} state=touch [root@CentOS7 /data/playbook]# ansible-playbook var.yml

独立的变量YAML文件中定义

[root@CentOS7 /data/playbook]# cat vars.yml hostname: testnode suf: yml [root@CentOS7 /data/playbook]# cat var4.yml --- - hosts: websrvs remote_user: root vars_files: - vars.yml tasks: - name: 创建文件 file: name=/data/{{hostname}}.{{suf}} state=touch [root@CentOS7 /data/playbook]# ansible-playbook var4.yml

template 模板

template功能：根据模块文件动态生成对应的配置文件 template文件必须存放于templates目录下，且命名为 .j2 结尾 yaml/yml 文件需和templates目录平级，目录结构如下： ./ ├── temnginx.yml └── templates 、 └── nginx.conf.j2

[root@CentOS7 /data/playbook]# mkdir templates [root@CentOS7 /data/playbook]# cp httpd.conf templates/httpd.conf.j2 [root@CentOS7 /data/playbook]# vim templates/httpd.conf.j2 Listen {{httpd_port}} [root@CentOS7 /data/playbook]# vim /etc/ansible/hosts [websrvs:vars] httpd_port=8000 [root@CentOS7 /data/playbook]# cp httpd.yml httpd_template.yml [root@CentOS7 /data/playbook]# vim httpd_template.yml --- - hosts: websrvs remote_user: root tasks: - name: 安装httpd yum: name=httpd - name: 编辑配置文件 template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf notify: restart httpd - name: 启动服务 service: name=httpd state=started enabled=yes handlers: - name: restart httpd service: name=httpd state=restarted [root@CentOS7 /data/playbook]# vim templates/httpd.conf.j2 Listen {{httpd_port+100}} #支持数字运算

when条件判断

条件测试:如果需要根据变量、facts或此前任务的执行结果来做为某task执行与否的前提时要用到条件测试,通过when语句实现，在task中使用，jinja2的语法格式

[root@CentOS7 /data/playbook]# vim /etc/ansible/hosts [websrvs] 192.168.8.17 httpd_port=7717 192.168.8.27 httpd_port=7727 192.168.8.6 httpd_port=6666 [root@CentOS7 /data/playbook]# ls templates/httpd*.conf.j2 templates/httpd6.conf.j2 templates/httpd7.conf.j2 [root@CentOS7 /data/playbook]# vim templates/httpd6.conf.j2 Listen {{httpd_port}} [root@CentOS7 /data/playbook]# cat httpd_when.yml --- - hosts: websrvs remote_user: root tasks: - name: 安装httpd yum: name=httpd - name: 编辑配置文件 template: src=httpd7.conf.j2 dest=/etc/httpd/conf/httpd.conf tags: conf when: ansible_distribution_major_version == "7" notify: restart httpd - name: 编辑配置文件 template: src=httpd6.conf.j2 dest=/etc/httpd/conf/httpd.conf tags: conf when: ansible_distribution_major_version == "6" notify: restart httpd - name: 启动服务 service: name=httpd state=started enabled=yes handlers: - name: restart httpd service: name=httpd state=restarted

with_items迭代

迭代：当有需要重复性执行的任务时，可以使用迭代机制对迭代项的引用，固定变量名为”item“ 在task中使用with_items给定要迭代的元素列表列表格式：字符串字典

--- - hosts: websrvs tasks: - name: 创建账户 user: name={{item}} with_items: - tom - alice - jack - rose --- - hosts: websrvs tasks: - name: 删除账户 user: name={{item}} state=absent remove=yes with_items: - tom - alice - jack - rose

迭代嵌套子变量

[root@CentOS7 /data/playbook]# vim with_item.yml --- - hosts: websrvs tasks: - name: 创建组 group: name={{item}} with_items: - group1 - group2 - group3 - name: 创建用户 user: name={{item.name}} group={{item.group}} with_items: - {name: 'user1',group: 'group1'} - {name: 'user2',group: 'group2'} - {name: 'user3',group: 'group3'}

for循环

[root@CentOS7 /data/playbook]# cat for1.yml --- - hosts: appsrvs vars: ports: - 80 - 81 - 82 tasks: - name: config template: src=server.conf.j2 dest=/data/server.conf [root@CentOS7 /data/playbook]# vim templates/server.conf.j2 {%for port in ports%} server { listen {{port}} } {%endfor%} [root@CentOS6 ~]# cat /data/server.conf #效果 server { listen 80 } server { listen 81 } server { listen 82 } [root@CentOS7 /data/playbook]# cat for2.yml --- - hosts: websrvs vars: ports: - listen_port: 80 - listen_port: 81 - listen_port: 82 tasks: - name: config template: src=server.conf.j2 dest=/data/server.conf [root@CentOS7 /data/playbook]# cat templates/server2.conf.j2 {%for port in ports%} server { listen {{port.listen_port}} #字典 } {%endfor%} [root@CentOS7 ~]# cat /data/server2.conf server { listen 80 } server { listen 81 } server { listen 82 }

生成重复语句块

[root@CentOS7 /data/playbook]# vim for3.yml --- - hosts: websrvs vars: ports: - web1: listen_port: 81 name: web1.magedu.com dir: /data/web1 - web1: listen_port: 82 name: web2.magedu.com dir: /data/web2 - web1: listen_port: 83 name: web3.magedu.com dir: /data/web3 tasks: - name: config template: src=server3.conf.j2 dest=/data/server3.conf [root@CentOS7 /data/playbook]# vim templates/server3.conf.j2 {%for port in ports%} server { listen {{port.listen_port}} server_name {{port.name}} root {{port.dir}} } {%endfor%} [root@CentOS6 ~]# cat /data/server3.conf server { listen 81 server_name web1.magedu.com root /data/web1 } server { listen 82 server_name web2.magedu.com root /data/web2 } server { listen 83 server_name web3.magedu.com root /data/web3 }

if判断

[root@CentOS7 /data/playbook]# cat for4.yml --- - hosts: websrvs vars: ports: - web1: listen_port: 81 #name: web1.magedu.com #注释掉 dir: /data/web1 - web1: listen_port: 82 name: web2.magedu.com dir: /data/web2 - web1: listen_port: 83 #name: web3.magedu.com dir: /data/web3 tasks: - name: config template: src=server4.conf.j2 dest=/data/server4.conf [root@CentOS7 /data/playbook]# cat templates/server4.conf.j2 {%for port in ports%} server { listen {{port.listen_port}} {%if port.name is defined%} #判断，不存在跳过 server_name {{port.name}} {%endif%} root {{port.dir}} } {%endfor%} [root@CentOS6 ~]# cat /data/server4.conf server { listen 81 root /data/web1 } server { listen 82 server_name web2.magedu.com root /data/web2 } server { listen 83 root /data/web3 }

roles

roles就是通过分别将变量、文件、任务、模板及处理器放置于单独的目录中，并可以便捷地include它们的一种机制复杂场景：建议使用roles，代码复用度高

[root@CentOS7 /data/playbook]# mkdir roles/{mysql,nginx,httpd}/{tasks,files,vars,templates,handlers} -pv [root@CentOS7 /data/playbook]# tree roles/ roles/ ├── httpd │ ├── files │ ├── handlers │ ├── tasks │ ├── templates │ └── vars ├── mysql │ ├── files │ ├── handlers │ ├── tasks │ ├── templates │ └── vars └── nginx ├── files ├── handlers ├── tasks ├── templates └── vars [root@CentOS7 /data/playbook/roles/nginx/tasks]# touch user.yml install.yml config.yml service.yml [root@CentOS7 /data/playbook/roles/nginx/tasks]# vim user.yml - name: 创建用户 user: name=nginx shell=/sbin/nologin system=yes create_home=no [root@CentOS7 /data/playbook/roles/nginx/tasks]# vim install.yml - name: 安装软件 yum: name=nginx [root@CentOS7 /data/playbook/roles/nginx/tasks]# vim config.yml - name: 配置环境 copy: src=nginx.conf dest=/etc/nginx/ [root@CentOS7 /data/playbook/roles/nginx/tasks]# vim service.yml - name: 启动服务 service: name=nginx state=started enabled=yes [root@CentOS7 /data/playbook/roles/nginx/tasks]# vim main.yml - include: user.yml - include: install.yml - include: config.yml - include: service.yml [root@CentOS7 /data/playbook]# cat nginx_role.yml --- - hosts: appsrvs roles: - role: nginx [root@CentOS7 /data/playbook]# ansible-playbook nginx_role.yml [root@CentOS7 /data/playbook]# tree ├── nginx_role.yml ├── roles │ └── nginx │ ├── files │ │ └── nginx.conf │ ├── handlers │ ├── tasks │ │ ├── config.yml │ │ ├── install.yml │ │ ├── main.yml #连接 │ │ ├── service.yml │ │ └── user.yml │ ├── templates │ └── vars

端口配置触发handlers

[root@CentOS7 /data/playbook]# vim roles/nginx/tasks/config.yml - name: 配置环境 copy: src=nginx.conf dest=/etc/nginx/ notify: restart service [root@CentOS7 /data/playbook]# vim roles/nginx/handlers/main.yml - name: restart service service: name=nginx state=restarted [root@CentOS7 /data/playbook]# vim roles/nginx/files/nginx.conf listen 8080 default_server; listen [::]:8080 default_server; [root@CentOS7 /data/playbook]# ansible-playbook nginx_role.yml

网站首页修改

[root@CentOS7 /data/playbook]# cat roles//nginx/files/index.html <h1>welcome to magedu<h1> [root@CentOS7 /data/playbook]# vim roles/nginx/tasks/html.yml - name: 配置网站首页 copy: src=index.html dest=/usr/share/nginx/html [root@CentOS7 /data/playbook]# vim roles/nginx/tasks/main.yml - include: user.yml - include: install.yml - include: config.yml - include: html.yml - include: service.yml [root@CentOS7 /data/playbook]# ansible-playbook nginx_role.yml

搭建appche

[root@CentOS7 /data/playbook/roles/httpd/tasks]# vim install.yml - name: 安装软件 yum: name=httpd [root@CentOS7 /data/playbook/roles/httpd/tasks]# vim config.yml - name: 配置环境 template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf [root@CentOS7 /data/playbook/roles/httpd/tasks]# vim service.yml - name: 启动服务 service: name=httpd state=started enabled=yes [root@CentOS7 /data/playbook/roles/httpd/tasks]# vim html.yml - name: 配置网站首页 copy: src=roles/nginx/files/index.html dest=/var/www/html/ [root@CentOS7 /data/playbook/roles/httpd/tasks]# vim main.yml - include: install.yml - include: config.yml - include: html.yml - include: service.yml [root@CentOS7 /data/playbook/roles/httpd/tasks]# vim ../templates/httpd.conf.j2 User {{username}} Group {{groupname}} [root@CentOS7 /data/playbook/roles/httpd/tasks]# vim ../vars/main.yml username: daemon groupname: daemon [root@CentOS7 /data/playbook]# vim httpd_roles.yml --- - hosts: websrvs roles: - httpd

centos6安装httpd（centos6的配置环境） 7安装nginx

[root@CentOS7 /data/playbook]# ansible all -m yum -a "name=httpd state=absent" #卸载 [root@CentOS7 /data/playbook]# vim roles/httpd/templates/httpd6.conf.j2 User {{username}} Group {{groupname}} [root@CentOS7 /data/playbook]# vim roles/httpd/tasks/config.yml - name: 配置环境centos7 template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf when: ansible_distribution_major_version == "7" - name: 配置环境centos6 template: src=httpd6.conf.j2 dest=/etc/httpd/conf/httpd.conf when: ansible_distribution_major_version == "6" [root@CentOS7 /data/playbook]# cat httpd_roles.yml --- - hosts: websrvs roles: - {role: httpd,when: ansible_distribution_major_version == "6"} - {role: nginx,when: ansible_distribution_major_version == "7"} [root@CentOS7 /data/playbook]# ansible-playbook httpd_roles.yml

二进制安装mariadb

[root@CentOS7 /data/playbook/roles/mysql/files]# ls mariadb-10.2.25-linux-x86_64.tar.gz [root@CentOS7 /data/playbook/roles/mysql/tasks]# vim user.yml - name: 创建用户 user: name=mysql system=yes home=/data/mysql create_home=no shell=/sbin/nologin [root@CentOS7 /data/playbook/roles/mysql/tasks]# vim unarchive.yml - name: 解压 unarchive: src=mariadb-10.2.25-linux-x86_64.tar.gz dest=/usr/local copy=yes owner=mysql group=mysql [root@CentOS7 /data/playbook/roles/mysql/tasks]# vim link.yml - name: 创建软链接mysql file: src=/usr/local/mariadb-10.2.25-linux-x86_64 dest=/usr/local/mysql state=link [root@CentOS7 /data/playbook/roles/mysql/tasks]# vim datadir.yml - name: 创建目录 file: path=/data/mysql state=directory owner=mysql group=mysql [root@CentOS7 /data/playbook/roles/mysql/tasks]# vim database.yml - name: 创建mysql数据库 shell: chdir=/usr/local/mysql scripts/mysql_install_db --datadir=/data/mysql --user=mysql [root@CentOS7 /data/playbook/roles/mysql/tasks]# vim var.yml - name: 修改环境变量 copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh - name: 运行环境变量 shell: source /etc/profile.d/mysql.sh [root@CentOS7 /data/playbook/roles/mysql/tasks]# vim config.yml - name: 准备配置文件 shell: cp /usr/local/mysql/support-files/my-huge.cnf /etc/my.cnf - name: 修改配置文件 shell: sed -i '/\[mysqld\]/a datadir=/data/mysql/' /etc/my.cnf #修改数据库目录 [root@CentOS7 /data/playbook/roles/mysql/tasks]# vim script.yml - name: 配置服务脚本 shell: cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld [root@CentOS7 /data/playbook/roles/mysql/tasks]# vim service.yml - name: 启动服务 shell: /etc/init.d/mysqld start [root@CentOS7 /data/playbook/roles/mysql/tasks]# for file in * ;do echo "- include: $file" >>main.yml;done [root@CentOS7 /data/playbook/roles/mysql/tasks]# cat main.yml - include: user.yml - include: unarchive.yml - include: link.yml - include: datadir.yml - include: database.yml - include: script.yml - include: var.yml - include: config.yml - include: service.yml [root@CentOS7 /data/playbook]# cat mariadb_role.yml --- - hosts: websrvs roles: - mysql [root@CentOS7 /data/playbook]# ansible-playbook -C mariadb_role.yml

加标签

[root@CentOS7 /data/playbook]# cat mariadb_role.yml --- - hosts: websrvs roles: - { role: httpd,tags: [ 'httpd','web' ] } - { role: httpd,tags: [ 'httpd', 'web' ] }

安装memcached

[root@CentOS7 /data/playbook]# vim roles/memcached/templates/memcached.j2 CACHESIZE="{{ansible_memtotal_mb//4}}" #//表示整除（取整数） [root@CentOS7 /data/playbook]# vim roles/memcached/tasks/install.yml - name: 安装memcached yum: name=memcached [root@CentOS7 /data/playbook]# vim roles/memcached/tasks/config.yml - name: 修改配置 template: src=memcached.j2 dest=/etc/sysconfig/memcached [root@CentOS7 /data/playbook]# vim roles/memcached/tasks/service.yml - name: 启动服务 service: name=memcached state=started enabled=yes [root@CentOS7 /data/playbook/roles/memcached/tasks]# vim main.yml - include: install.yml - include: config.yml - include: service.yml [root@CentOS7 /data/playbook]# vim memcached_role.yml --- - hosts: websrvs roles: - memcached [root@CentOS7 /data/playbook]# ansible-playbook memcached_role.yml [root@CentOS7 ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="347" #缓存大小

Processed: 0.014, SQL: 9