Ansible基础篇

一、安装配置

1.1 安装
yum -y install ansible
1.2 配置
cp /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg_bak
#
vim /etc/ansible/ansible.cfg
#
[defaults]
inventory = /etc/ansible/hosts #主机清单
forks = 5 #执行任务线程数(并发数)
sudo_user = root #提权用户,新版本中sudo_user变为become参数
remote_port = 22 #操作目标主机默认端口
host_key_checking = False #主机key检查,建议关闭,避免初次访问目标主机时提示接收指纹的交互
timeout = 10 #默认连接超时时间,单位秒
log_path = /var/log/ansible.log #日志文件
#private_key_file = /root/.ssh/id_rsa #默认基于密钥对的方式

二、主机配置

2.1 账号认证
[mysql-cluster]
10.0.0.17 ansible_ssh_user=root ansible_ssh_pass=123123 ansible_ssh_port=22
10.0.0.14 ansible_ssh_user=root ansible_ssh_pass=123123 ansible_ssh_port=22
2.2 免密钥
#
ssh-keygen -t rsa
ssh-copy-id root@10.0.0.11
#
[mysql-cluster]
www.ac.com
www.ab.com
10.0.0.11
2.3 变量定义
[mysql-cluster]
www.ac.com
www.ab.com

[mysql-cluster:vars] #基于vars定义,可在剧本中调用
db_conf=/etc/my.cnf
db_port=36306
2.4 组的继承
[mysql-cluster]
www.ac.com
www.ab.com

[mysql-app]
10.0.2.7
10.0.2.8

[dbapp:children] #定义子组,只需要操作父组即可;
mysql-cluster
mysql-app
2.5 检测主机
# 测试
ansible mysql-app --list-hosts #查看组内的主机
ansible 10.0.2.7 -m ping
ansible all -m ping
ansible mysql-app -m ping
ansible "~^mysql" -m ping #支持正则,以mysql开头的主机

三、常用模块

3.1 shell模块
ansible apps -m shell -a "pwd" -u www -k #-k表示输入密码,-u指定用户
ansible apps -m shell -a "pwd"
ansible apps -m shell -a "df -h"

#sudo提权实现
ansible apps -m shell -a "ls /root" -u www -k --become --become-user root --ask-become-pass
3.2 copy模块
ansible apps -m copy -a "src=/opt/nginx.tar.gz dest=/tmp"
ansible apps -m copy -a "src=/opt/nginx.tar.gz dest=/tmp backup=yes" #先执行备份再拷贝
3.3 file模块
# state: touch(文件)/directory(目录)/link(软连接)/absent(删除)/hard(硬链)
ansible apps -m file -a "dest=/tmp/nginx-1.19.6.tar.gz mode=600" #设置权限
ansible apps -m file -a "dest=/tmp/nginx-1.19.6.tar.gz mode=600 group=root owner=root" #设置权限
ansible apps -m file -a "dest=/tmp/www mode=755 owner=root group=root state=directory" #创建目录
ansible apps -m file -a "dest=/tmp/www state=absent" #删除文件
ansible apps -m file -a "path=/tmp/a.sh mode=755 owner=root group=root state=touch" #创建文件
3.4 yum模块
# state: present(安装)/latest(最新)/absent(卸载)
ansible apps -m yum -a "name=memcached state=present"
ansible apps -m shell -a "rpm -qa |grep memcached"
ansible apps -m yum -a "name=memcached state=absent" #卸载服务
ansible apps -m yum -a "name=memcached state=present disablerepo=zabbix"  #指定源
3.5 user模块
#常用参数
name=username
state=persent|absent
system=yes|no #是否为系统账号
uid=用户id
group=组
grouds=附加组
shell=登陆shell
home=家目录
password=密码
remove=yes|no #当absent是是否同时移除用户家目录

#创建用户
ansible apps -m user -a "name=tomcat group=tomcat groups=nginx uid=500 shell=/bin/bash home=/home/nginx state=persent"
3.6 git模块
ansible apps -m shell -a "yum -y install git"
ansible apps -m shell -a "mkdir /tmp/a"
ansible apps -m git -a "repo=https://github.com/ansible/ansible.git dest=/tmp/a"
3.7 service模块
state=started|stopped|restarted
enable=yes|no

#启动服务
ansible apps -m service -a "name=redis state=started enabled=yes"
ansible apps -m service -a "name=nginx state=started"
ansible apps -m service -a "name=nginx state=started enabled=yes"
3.8 setup模块
ansible apps -m setup
ansible apps -m setup -a "filter=absible_*_mb"

四、剧本语法

4.1 剧本格式
#剧本以.yml结尾的文件,使用yaml语法 ------------------------------
- hosts: web # 主机组
  user: root # 运行用户
  tasks: # 执行任务
    - name: create nginx user #任务名
      user: name=nginx state=persent #模块:具体操作(任务的执行)

#运行剧本
ansible-playbook userCreate.yml

#默认执行剧本时,会自动搜索facts变量
#可通过 gather_facts参数取消该行为
#好处:减少剧本执行时间,但后续将无法使用facts中的变量
- hosts: web
  gather_facts: false
4.2 变量定义
- hosts: web
  gather_facts: false
  user: root
  vars:
    - username: "www"
  tasks:
    - name: create www user    
      user: name={{ username }} state=persent
4.3 条件判断
- hosts: web
  gather_facts: false
  user: root
  tasks:
    - name: install mysql
      yum: name=mariadb-server state=persent
      when: ansible_nodename == "web1"  #匹配条件,当只有匹配上的主机才会执行该任务,ansible_nodename是fatch中的变量
    - name: install dhcp
      yum: name=dhcp state=persent
4.4 循环实现
- hosts: web
  gather_facts: false
  user: root
  tasks:
    - name: install mysql
      yum: name={{ item }} state=persent #使用item变量实现循环任务赋值
      with_items: 
        - bind
        - mysql
        - net-tools
4.5 字典赋值
- hosts: web
  user: root
  vars:
    - username: "www"
  tasks:
    - name: create www user
      user: name={{ item['username'] }} uid={{ item['userid'] }} shell=/sbin/nologin
      with_items: 
        - {"username":"user1","userid":3000}
        - {"username":"user2","userid":3001}

五、配置示例

5.1 安装redis服务
- hosts: apps
  user: root
  gather_facts: false
  vars:
    - basedir: "/usr/local/redis"
  tasks:
    - name: copy redis package
      copy: src=/tmp/redis-5.0.7.tar.gz dest=/tmp
    - name: install make lib
      shell: yum -y install gcc gcc-c++ make
    - name: unzip redis
      shell: cd /tmp;tar xf redis-5.0.7.tar.gz
    - name: in make dir
      shell: cd /tmp/redis-5.0.7/;make
    - name: make redis
      shell: cd /tmp/redis-5.0.7/;make install PREFIX={{basedir}}
    - name: mkdir directory
      shell: mkdir {{basedir}}/{etc,logs,data};cp /tmp/redis-5.0.7/redis.conf {{basedir}}/etc/
5.2 安装mysql服务
-  hosts: apps
   user: root
   gather_facts: false
   vars:
     - pkg: "mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz"
     - dir: "/data/packages/mysql_ansible"
   tasks:
     - name: copy mysql install pkg
       copy: src={{dir}}/{{pkg}} dest=/tmp

     - name: copy mysql init script
       copy: src={{dir}}/init.sh dest=/tmp mode=750

     - name: install mysql
       shell: "cd /tmp/;./init.sh {{pkg}}"

     - name: init path
       shell: "source /etc/profile"
5.3 安装nginx服务
- hosts: apps
  user: root
  gather_facts: false
  vars:
    - basedir: /usr/local/nginx
    - user: nginx
    - curdir: /data/packages/nginx_ansible
    - pkg: nginx-1.19.6.tar.gz
  tasks:
    - name: copy nginx pkg
      copy: src={{curdir}}/{{pkg}} dest=/tmp backup=yes
    - name: tar nginx pkg
      shell: "cd /tmp;tar xf {{pkg}}"
    - name: install make lib
      shell: "yum -y install gcc gcc-c++ make pcre-devel openssl-devel zlib-devel"
    - name: make nginx
      shell: "cd /tmp/nginx-1.19.6;./configure --prefix={{basedir}};make;make install"
    - name: start nginx
      shell: "/usr/local/nginx/sbin/nginx"
5.4 安装jdk环境
- hosts: apps
  user: root
  gather_facts: false
  vars:
    - basedir: /data/software
    - pkg: jdk-8u241-linux-x64.tar.gz
    - path: jdk1.8.0_241
    - curdir: /data/packages/java_ansible
  tasks:
    - name: copy jdk file
      copy: src={{curdir}}/{{pkg}} dest=/tmp
    - name: tar jdk
      shell: "cd /tmp;tar xf {{pkg}} -C {{basedir}}"
    - name: add jdk path
      shell: echo "export PATH={{basedir}}/{{path}}/bin:\$PATH" >> /etc/profile

#
ansible apps -m shell -a "source /etc/profile;java -version"