您现在的位置是:首页 >技术交流 >【运维知识进阶篇】Ansible自动化运维-PlayBook详解网站首页技术交流

【运维知识进阶篇】Ansible自动化运维-PlayBook详解

我是koten 2024-07-01 18:01:02
简介【运维知识进阶篇】Ansible自动化运维-PlayBook详解

这篇文章给大家介绍下PlayBook,我们叫它剧本,它是以一种固定的格式,将多个ad-hoc放入yml文件中。在Ansible中,剧本文件是yml结尾的,在SaltStack中剧本文件是sls结尾的,但是两者语法都是使用的yaml语法。

PlayBook与ad-hoc区别

1、PlayBook功能比ad-hoc全,是对ad-hoc的一种编排

2、PlayBook能很好的控制先后执行顺序,以及依赖关系

3、PlayBook语法展现更加直观

4、PlayBook可以持久使用,ad-hoc无法持久使用

YAML语法

语法描述
缩进YAML使用固定的缩进风格表示层级结构,每个缩进由两个空格组成,不能使用TAB
冒号以冒号结尾的除外,其他所有冒号后面所有空格
短横线表示列表项,使用一个短横线加一个空格,多个项使用同样的缩进级别作为同一列表

PlayBook部署实战

1、部署httpd

1、安装httpd服务
2、启动httpd服务并加入开机自启动
3、编写网站页面并启动
4、开启防火墙端口
5、不同的主机配置不同的网站
#创建剧本存放目录
[root@Ansible ~]# mkdir -p ansible/httpd

#编辑主机列表
[root@Ansible ~]# cat /etc/ansible/hosts

[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8

#编写剧本
[root@Ansible ~]# cat ansible/httpd/httpd.yml 
- hosts: web_group
  tasks:
    - name: Install httpd Server    #安装httpd
      yum: 
        name: httpd
        state: present
    - name: Start httpd Server      #开启httpd服务
      systemd:
        name: httpd
        state: started
        enabled: yes
    - name: Start Firewalld Server  #开启防火墙
      systemd: 
        name: firewalld
        state: started
        enabled: yes
    - name: Config Firewalld Server #配置防火墙服务
      firewalld:
        service: http
        immediate: yes
        permanent: yes
        state: enabled
- hosts: web01
  tasks: 
  - name: Config Httpd Server        #增加Web01页面
    copy:
        content: Web01
        dest: /var/www/html/index.html
- hosts: web02
  tasks:
  - name: Config Httpd Server        #增加Web02页面
    copy:
        content: Web02
        dest: /var/www/html/index.html   
[root@Ansible ~]# ansible-playbook --syntax-check ansible/httpd/httpd.yml    #检查语法

playbook: ansible/httpd/httpd.yml
[root@Ansible ~]# ansible-playbook ansible/httpd/httpd.yml    #执行剧本

#浏览器访问10.0.0.7和10.0.0.8即可

 

 2、Backup备份服务器和客户端的部署

#创建rsync剧本存放目录
[root@Ansible ~]# mkdir ansible/rsyncd

#编辑主机列表
[root@Ansible ~]# cat /etc/ansible/hosts 
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8

[backup_group]
backup ansible_ssh_host=10.0.0.41

#准备rsync配置文件
[root@Ansible ~]# cat ansible/rsyncd/rsyncd.conf    #最好是与剧本放到同一目录
uid = rsync
gid = rsync
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
path = /backup

#编写剧本
[root@Ansible ~]# cat ansible/rsyncd/rsyncd.yml
- hosts: all
  tasks:
    - name: Install Rsyncd Server
      yum: 
        name: rsync
        state: present
    - name: Create www Group
      group:
        name: www
        gid: 666
    - name: Create www User
      user:
        name: www
        uid: 666
        group: www
        shell: /sbin/nologin
        create_home: false
- hosts: backup_group
  tasks:
    - name: Scp Rsync Config
      copy: 
        src: /root/ansible/rsyncd/rsyncd.conf
        dest: /etc/rsyncd.conf
        owner: root
        group: root
        mode: 0644
    - name: Create backup Directory
      file:
        path: /backup
        state: directory
        mode: 0755
        owner: www
        group: www
        recurse: yes
    - name: Start Rsyncd Server
      systemd:
        name: rsyncd 
        state: started

#检查剧本
[root@Ansible ~]# ansible-playbook --syntax-check ansible/rsyncd/rsyncd.yml 

playbook: ansible/rsyncd/rsyncd.yml

#运行剧本
[root@Ansible ~]# ansible-playbook ansible/rsyncd/rsyncd.yml

完成后还可以尝试给客户端推送数据,加入crontab做备份等等操作。 

3、NFS服务部署

#1、添加目标服务器到主机列表并做ssh免密钥
[root@Ansible ~]# cat /etc/ansible/hosts
[nfs_group]
nfs ansible_ssh_host=10.0.0.31

[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8

[backup_group]
backup ansible_ssh_host=10.0.0.41

[nfs_all:children]
nfs_group
web_group

[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.31

#2、创建nfs的目录
[root@Ansible ~]# mkdir ansible/nfs/

#3、准备nfs配置文件添加到管理机中
[root@Ansible ~]# cat ansible/nfs/exports 
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

#4、编写nfs剧本
[root@Ansible ~]# cat ansible/nfs/nfs.yml 
- hosts: nfs_all
  tasks: 
    - name: Install nfs-utils
      yum:
        name: nfs-utils
        state: present
    - name: Create www Group
      group:
        name: www
        gid: 666
    - name: Create www user
      user:
        name: www
        uid: 666
        group: www        
        shell: /sbin/nologin
        create_home: false
- hosts: nfs_group
  tasks:
    - name: Scp NFS server exports
      copy: 
        src: exports
        dest: /etc/exports
        owner: root
        group: root
        mode: 0644
    - name: Create data Directory
      file:
        path: /data
        state: directory
        owner: www
        group: www
        mode: 0755
        recurse: yes
    - name: Start NFS server
      systemd:
        name: nfs-server
        state: started
        enabled: yes
- hosts: web_group
  tasks:
    - name: Mount NFS Server
      mount:
        path: /opt
        src: 10.0.0.31:/data
        fstype: nfs
        opts: defaults
        state: mounted

#5、检查语法
[root@Ansible ~]# ansible-playbook --syntax-check /root/ansible/nfs/nfs.yml 

playbook: /root/ansible/nfs/nfs.yml

#6、执行剧本
[root@Ansible ~]# ansible-playbook ansible/nfs/nfs.yml

#7、查看web01、web02挂载情况
[root@Web01 ~]# df -h
Filesystem       Size  Used Avail Use% Mounted on
10.0.0.31:/data   19G  2.0G   17G  11% /opt

[root@Web02 ~]# df -h
Filesystem       Size  Used Avail Use% Mounted on
10.0.0.31:/data   19G  2.0G   17G  11% /opt

4、Nginx服务部署

#1、添加目标服务器至主机列表并做免密钥
[root@Ansible ~]# cat /etc/ansible/hosts 
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8

[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.7
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.8

#2、创建剧本存放目录
[root@Ansible ~]# mkdir ansible/nginx

#3、准备nginx配置文件与代码文件
[root@Web01 ~]# scp /etc/nginx/nginx.conf /etc/nginx/conf.d/* 10.0.0.61:/root/ansible/nginx
[root@Web01 ~]# tar zcvf code.tar.gz /code
[root@Web01 ~]# scp code.tar.gz 10.0.0.61:/root/ansible/nginx

#4、写剧本
[root@Ansible ~]# cat ansible/nginx/nginx.yml
- hosts: web_group
  tasks: 
    - name: nginx.repo
      copy:
        src: nginx.repo
        dest: /etc/yum.repos.d/nginx.repo
    - name: install nginx
      yum:
        name: nginx
        state: present
    - name: start and enable nginx
      systemd:
        name: nginx
        state: started
        enabled: yes
    - name: copy nginx.conf to nginx
      copy:
        src: nginx.conf
        dest: /etc/nginx
    - name: copy 'wecenter.conf' to nginx
      copy:
        src: wecenter.conf
        dest: /etc/nginx/conf.d/wecenter.conf
    - name: copy 'wordpress.conf' to nginx
      copy: 
        src: wordpress.conf
        dest: /etc/nginx/conf.d/wordpress.conf
    - name: remove nginx defualt.conf 
      file:
        path: /etc/nginx/conf.d/defualt.conf
        state: absent
    - name: tar xf code.tar.gz
      unarchive:
        src: code.tar.gz
        dest: /
        creates: /code
    - name: Restart Nginx Server
      systemd:
        name: nginx
        state: restarted

#5、检查剧本语法
[root@Ansible ~]# ansible-playbook --syntax-check ansible/nginx/nginx.yml 

playbook: ansible/nginx/nginx.yml

#6、执行剧本
[root@Ansible ~]# ansible-playbook ansible/nginx/nginx.yml 

5、PHP服务部署

#1、将目标主机添加至主机列表
[root@Ansible ~]# cat /etc/ansible/hosts 
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8

#2、创建剧本存放目录
[root@Ansible ~]# mkdir ansible/php

#3、准备必要文件:php71.tar.gz、php.ini、www.conf
[root@Ansible ~]# cd ansible/php/
[root@Ansible php]# rz -E
rz waiting to receive.

[root@Web01 ~]# scp /etc/php.ini /etc/php-fpm.d/www.conf 10.0.0.61:/root/ansible/php
root@10.0.0.61's password: 
php.ini          100%   61KB  16.5MB/s   00:00    
www.conf         100%   18KB   2.4MB/s   00:00 

#4、写剧本
[root@Ansible php]# cat php.yml 
- hosts: web_group
  tasks: 
    - name: tar xf php to web_group
      unarchive:
        src: php71.tar.gz
        dest: /root
    - name: localinstall rpm
      yum:
        name: 
          - /root/autoconf-2.69-11.el7.noarch.rpm
          - /root/automake-1.13.4-3.el7.noarch.rpm
          - /root/libevent-2.0.21-4.el7.x86_64.rpm
          - /root/libjpeg-turbo-1.2.90-8.el7.x86_64.rpm
          - /root/libmcrypt-2.5.8-13.el7.x86_64.rpm
          - /root/libmemcached-1.0.16-5.el7.x86_64.rpm
          - /root/libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm
          - /root/libX11-1.6.7-3.el7_9.x86_64.rpm
          - /root/libX11-common-1.6.7-3.el7_9.noarch.rpm
          - /root/libXau-1.0.8-2.1.el7.x86_64.rpm
          - /root/libxcb-1.13-1.el7.x86_64.rpm
          - /root/libXpm-3.5.12-1.el7.x86_64.rpm
          - /root/libxslt-1.1.28-6.el7.x86_64.rpm
          - /root/mod_php71w-7.1.33-1.w7.x86_64.rpm
          - /root/pcre-devel-8.32-17.el7.x86_64.rpm
          - /root/perl-Data-Dumper-2.145-3.el7.x86_64.rpm
          - /root/perl-Test-Harness-3.28-3.el7.noarch.rpm
          - /root/perl-Thread-Queue-3.02-2.el7.noarch.rpm
          - /root/php71w-cli-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-common-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-devel-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-embedded-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-fpm-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-gd-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-mbstring-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-mcrypt-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-mysqlnd-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-opcache-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-pdo-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-pear-1.10.4-1.w7.noarch.rpm
          - /root/php71w-pecl-igbinary-2.0.5-1.w7.x86_64.rpm
          - /root/php71w-pecl-memcached-3.0.4-1.w7.x86_64.rpm
          - /root/php71w-pecl-mongodb-1.5.3-1.w7.x86_64.rpm
          - /root/php71w-pecl-redis-3.1.6-1.w7.x86_64.rpm
          - /root/php71w-process-7.1.33-1.w7.x86_64.rpm
          - /root/php71w-xml-7.1.33-1.w7.x86_64.rpm
        state: present
    - name: create group
      group:
        name: www
        gid: 666
    - name: create user
      user:
        name: www
        uid: 666
        group: www
        shell: /sbin/nologin
        create_home: false  
    - name: copy php.ini to web_group  
      copy: 
        src: php.ini
        dest: /etc/php.ini
    - name: copy www.conf to web_group
      copy:
        src: www.conf
        dest: /etc/php-fpm.d/www.conf
    - name: start and enable php
      systemd:
        name: php-fpm
        state: started
        enabled: yes

#5、剧本语法检查
[root@Ansible php]# ansible-playbook --syntax-check php.yml

playbook: php.yml

#6、执行剧本
[root@Ansible php]# ansible-playbook php.yml

6、Mariadb服务部署

#1、添加服务器到我们的主机列表并做免密钥
[root@Ansible ~]# cat /etc/ansible/hosts
[mysql_group]
mysql ansible_ssh_host=10.0.0.51

[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.51

#2、创建剧本目录
[root@Ansible ~]# mkdir ansible/mysql

#3、准备好数据库
[root@MySQL ~]# mysqldump -uroot -pkoten.vip -A > all.sql
[root@MySQL ~]# scp all.sql 10.0.0.61:/root/ansible/mysql

#4、写剧本
[root@Ansible ~]# cat ansible/mysql/mysql.yml 
- hosts: mysql_group
  tasks:
    - name: Install mariadb
      yum:
        name: 
          - mariadb-server
          - MySQL-python      
        state: present
    - name: Start httpd Server
      systemd:
        name: mariadb
        state: started
        enabled: yes
    - name: Copy all.sql to Mysql
      copy:
        src: all.sql
        dest: /root/all.sql
    - name: import all.sql
      mysql_db:
        login_host: localhost
        login_port: 3306
        login_user: root
        name: all
        state: import
        target: /root/all.sql
    - name: Restart MariaDB Server
      systemd:
        name: mariadb
        state: restarted

#5、检查
[root@Ansible ~]# ansible-playbook --syntax-check ansible/mysql/mysql.yml 

playbook: ansible/mysql/mysql.yml

#6、执行剧本
[root@Ansible ~]# ansible-playbook ansible/mysql/mysql.yml

 我是koten,10年运维经验,持续分享运维干货,感谢大家的阅读和关注!

风语者!平时喜欢研究各种技术,目前在从事后端开发工作,热爱生活、热爱工作。