Ansible 的脚本 --- playbook 剧本

目录

1. playbooks 各部分组成

2. playbook剧本实战演练

2.1 实战演练一：给被管理主机安装Apache服务

2.2 实战演练二：使用sudo命令将远程主机创建组

2.3 实战演练三：when条件判断指定的IP地址

2.4 实战演练四：使用with_items迭代循环在远程主机创建组和用户

2.5 实战演练四：在playbook剧本中基于Templates模块创建标签

2.6 实战演练五：在playbook剧本搭建lnmp

---

1. playbooks 各部分组成

（1）Tasks：任务，即通过 task 调用 ansible 的模块将多个操作组织在一个 playbook 中运行
（2）Variables：变量
（3）Templates：模板
（4）Handlers：处理器，当changed状态条件满足时，（notify）触发执行的操作
（5）Roles：角色

2. playbook剧本实战演练

2.1 实战演练一：给被管理主机安装Apache服务

在ansible服务器主机，给远程被管理主机制作安装Apache服务的剧本文件demo1.yaml

cd /etc/yum.repos.d/     #制作本地yum源
cd /etc/ansible/playbook/    #将修改后的httpd.conf文件复制到当前目录中vim /etc/ansible/playbook/play1.yaml - name: first playgather_facts: falsehosts: webserversremote_user: rootvars:- http_port: 8080tasks:- name: disable firewalldservice: name=firewalld state=stopped enabled=no- name: disable selinuxcommand: 'setenforce 0'ignore_errors: yes- name: copy local yum repocopy: src=/etc/yum.repos.d/local.repo  dest=/etc/yum.repos.d/local.repo- name: mount cdrommount: src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted- name: install httpdyum: name=httpd  state=latest- name: copy config template filetemplate: src=httpd.conf.j2  dest=/etc/httpd/conf/httpd.confnotify: "reload httpd"- name: start httpdservice: name=httpd state=started enabled=yeshandlers:- name: reload httpdservice: name=httpd state=reloaded

运行playbook

ansible-playbook test1.yaml
//补充参数：
-k（–ask-pass）：用来交互输入ssh密码
-K（-ask-become-pass）：用来交互输入sudo密码
-u：指定用户
ansible-playbook play1.yaml --syntax-check    #检查yaml文件的语法是否正确
ansible-playbook play1.yaml --list-task       #检查tasks任务
ansible-playbook play1.yaml --list-hosts      #检查生效的主机
ansible-playbook play1.yaml --start-at-task='install httpd'     #指定从某个task开始运行

 

ansible-playbook play1.yaml
systemctl status httpd   #在被控制的主机查看

 

2.2 实战演练二：使用sudo命令将远程主机创建组

在ansible服务器主机，给远程被管理主机制作创建组xy103用户为lixang，并获取网关，主机sudo切换用户plsy2.yaml 

vim /etc/ansible/playbook/play2.yaml - name: second playremote_user: kongxinbecome: yesbecome_user: roothosts: dbserversgather_facts: truevars:- myname: liliang- myclass: xy103tasks:- name: create groupgroup:name: "{{myclass}}"- name: create useruser:name: "{{myname}}"groups: "{{myclass}}"- name: copy filecopy:content: "{{ansible_default_ipv4.gateway}}"dest: /opt/gateway.txt

ansible-playbook play2.yaml

 再被管理主机上查看

 

ansible-playbook test1.yaml -e "myname=kongxin"     #在命令行里定义变量

 

 

ansible-playbook play2.yaml -k -K

 

2.3 实战演练三：when条件判断指定的IP地址

 在Ansible中，提供的唯一一个通用的条件判断是when指令，当when指令的值为true时，则该任务执行，否则不执行该任务。

- name: third playremote_user: roothosts: webserversgather_facts: truetasks:- name: copy scj.sh to 80.30copy: src=/opt/kx.sh  dest=/opt/when: ansible_default_ipv4.address == "192.168.80.30"- name: run kx.sh on 80.20 and 80.30script: '/opt/kx.sh scj tangjun'when: inventory_hostname != "192.168.80.30"

 

2.4 实战演练四：使用with_items迭代循环在远程主机创建组和用户

- name: fourth playremote_user: roothosts: dbserversgather_facts: novars:- mygroups: ["xy101", "xy102", "xy103", "xy104"]- myusers:- {myname: zhangsan, myclass: xy101}- {myname: lisi, myclass: xy102}- {myname: wangwu, myclass: xy103}- {myname: zhaoliu, myclass: xy104}tasks:- name: create groupsgroup: name={{item}}with_items: "{{mygroups}}"- name: create usersuser: name={{item.myname}} groups={{item.myclass}}with_items: "{{myusers}}"

ansible-playbook play.yaml 

2.5 实战演练四：在playbook剧本中基于Templates模块创建标签

可以在一个playbook中为某个或某些任务定义“标签”，在执行此playbook时通过ansible-playbook命令使用–tags选项能实现仅运行指定的tasks。
playbook还提供了一个特殊的tags为always。作用就是当使用always作为tags的task时，无论执行哪一个tags时，定义有always的tags都会执行。

- name: third playremote_user: roothosts: dbserversgather_facts: truetasks:- name: copy filecopy: src=/etc/hosts dest=/opt/tags:- test- name: touch filefile: path=/opt/myhosts  state=touchtags: - only- always
~             

ansible-playbook play5.yaml --tags="test"

ansible-playbook play5.yaml --tags="only"

 添加always标签都会执行

ansible-playbook play5.yaml --tags="always"

2.6 实战演练五：在playbook剧本搭建lnmp

192.168.80.10  centos 7-1

192.168.80.20  centos 7-2

192.168.80.30   centos 7-3

192.168.80.40   centos 7-4

免交互

ssh-copy-id root@192.168.80.20
ssh-copy-id root@192.168.80.30
ssh-copy-id root@192.168.80.40

vim /etc/ansible/hosts

编写palybook

- name: nginx playhosts: webserversremote_user: rootgather_facts: falsevars:- nginx_addr: 192.168.80.20- nginx_port: 80- nginx_hostname: www.xy101.com- root_dir: /var/www/html- php_addr: 192.168.80.30- php_port: 9000tasks:- name: disable firewalldservice: name=firewalld  state=stopped  enabled=no- name: disable selinuxcommand: 'setenforce 0'ignore_errors: true- name: copy nginx repocopy: src=/opt/nginx/nginx.repo  dest=/etc/yum.repos.d/- name: install nginxyum: name=nginx state=latest- name: create root dirfile: path={{root_dir}}  state=directory- name: copy nginx config template filetemplate: src=/opt/nginx/nginx.conf.j2  dest=/etc/nginx/nginx.confnotify: 'reload nginx'- name: create nfs configcopy: content="{{root_dir}} 192.168.80.0/24(rw,sync,no_root_squash)"  dest=/etc/exports- name: restart rpcbind,nfs,nginxservice: name={{item}}  state=restarted  enabled=yeswith_items:- rpcbind- nfs- nginxhandlers:- name: reload nginxservice: name=nginx  state=reloaded- name: mysql playhosts: dbserversremote_user: rootgather_facts: falsetasks:- name: disable mysql_server firewalldservice: name=firewalld  state=stopped  enabled=no- name: disable mysql_server selinuxcommand: 'setenforce 0'ignore_errors: true- name: remove mariadbyum: name=mariadb*  state=absent- name: copy mysql repocopy: src=/opt/mysql/mysql-community.repo  dest=/etc/yum.repos.d/- name: modify mysql reporeplace: path=/etc/yum.repos.d/mysql-community.repo  regexp="gpgcheck=1"  replace="gpgcheck=0"- name: install mysqlyum: name=mysql-server state=present- name: start mysqlservice: name=mysqld  state=started  enabled=yes- name: init mysqlscript: '/opt/mysql/mysql-init.sh'- name: php playhosts: phpserversremote_user: rootgather_facts: falsevars:- php_username: nginx- php_addr: 192.168.80.30:9000- nginx_addr: 192.168.80.20- root_dir: /var/www/htmltasks:- name: disable php_server firewalldservice: name=firewalld  state=stopped  enabled=no- name: disable php_server selinuxcommand: 'setenforce 0'- name: unarchive php tar pkgunarchive: copy=yes  src=/opt/php/php.tar.gz  dest=/mnt/- name: copy local repocopy: src=/opt/php/local.repo  dest=/etc/yum.repos.d/- name: create reposhell: 'createrepo /mnt && yum clean all && yum makecache'- name: install phpyum: name=php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache,php72w-ldap,php72w-bcmath  state=present- name: create php useruser: name={{php_username}}  shell=/sbin/nologin  create_home=no- name: modify php.inireplace: path=/etc/php.ini  regexp=";date.timezone ="  replace="date.timezone = Asia/Shanghai"- name: modify user and group in www.confreplace: path=/etc/php-fpm.d/www.conf  regexp="apache"  replace="{{php_username}}"notify: "reload php-fpm"- name: modify listen in www.confreplace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1:9000"  replace="{{php_addr}}"notify: "reload php-fpm"- name: modify listen.allowed_clients in www.confreplace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1"  replace="{{nginx_addr}}"notify: "reload php-fpm"- name: start php-fpmservice: name=php-fpm  state=started  enabled=yes- name: create www root dirfile: path={{root_dir}}  state=directory- name: mount nfsmount: src="{{nginx_addr}}:{{root_dir}}"  path={{root_dir}}  fstype=nfs  state=mounted  opts="defaults,_netdev"handlers:- name: reload php-fpmservice: name=php-fpm  state=reloaded