playbook剧本
是由一个或多个模块组成,完成统一的目的,实现自动化操作,剧本编写遵循yaml语法。
yaml的三要素:
1. 缩进:两个字符,默认的tab键是八个字符,所以要使用tab键,需要修改.vimrc。
[root@ansible ~]# vim .vimrc
set tabstop=2 //添加该行内容指定2字符
2. 冒号:冒号后面需要空格,除非以冒号结尾。
3. 短横杠:列表项,后面跟空格。
playbook语法结构
ansible-playbook 选项 文件路径
选项参数如下:
-C 模拟预运行
--list-hosts:列出清单
--list-tasks:列出任务
--list-tags:列出标签
--syntax-check:语法检查
测试案例:通过playbook安装nginx,复制网页内容。
前提条件:使用ansible安装需要有该服务的配置文件,如没有需要下载服务并配置,配置后才可以发送过去。
1. [root@ansible ~]# yum -y install nginx 2. [root@ansible ~]# echo "192.168.1.5" > /usr/share/nginx/html/index.html 3. [root@ansible ~]# vim nginx.yaml 4. - hosts: web 5. 6. tasks: 7. - name: install nginx 8. yum: name=nginx state=latest 9. 10. - name: config nginx 11. copy: src=/usr/share/nginx/html/index.html dest=/usr/share/nginx/html/ 12. notify: restart nginx 13. 14. - name: start nginx 15. systemd: name=nginx state=started 16. 17. handlers: 18. - name: restart nginx 19. systemd: name=nginx state=restarted 20. [root@ansible ~]# ansible-playbook -C nginx.yaml //测试 21. [root@ansible ~]# ansible-playbook nginx.yaml //执行
执行后访问web服务器(192.168.1.5),可以看到修改后的网页。以上就是一套安装nginx并配置的全部流程,如需修改配置文件只需要ansible修改后使用copy命令即可。
playbook配置web--nfs--rsync架构环境
全局环境:修改各主机名:ansible、web、nfs、rsync。
拓扑图如下:
服务器配置
1. 添加hosts文件
1. [root@ansible ~]# vim /etc/hosts 2. 192.168.1.4 ansible 3. 192.168.1.5 web 4. 192.168.1.6 nfs 5. 192.168.1.7 rsync
2. 安装ansible
1. [root@ansible ~]# yum -y install epel-release 2. 3. [root@ansible ~]# yum -y install ansible
3. ssh公钥
1. [root@ansible ~]# ssh-keygen //按三次回车,保持默认 2. 3. [root@ansible ~]# ssh-copy-id root@web //web服务器 4. 5. [root@ansible ~]# ssh-copy-id root@nfs //nfs服务器 6. 7. [root@ansible ~]# ssh-copy-id root@rsync //rsync服务器
4. 复制/etc/hosts到被管理端
1. [root@ansible ~]# scp /etc/hosts root@web:/etc 2. 3. [root@ansible ~]# scp /etc/hosts root@nfs:/etc 4. 5. [root@ansible ~]# scp /etc/hosts root@rsync:/etc
5. 创建ansible清单
1. [root@ansible ~]# vim /etc/ansible/hosts 2. [web] 3. web 4. [nfs] 5. nfs 6. [backup] 7. rsync
6. 创建ansible目录
[root@ansible ~]# mkdir -p /etc/ansible/ansible_playbook/{conf,scripts}
7. 准备配置文件
conf下准备三个文件,分别为web配置文件,(web配置文件从nginx下复制过来,提前根据需求修改好内容),nfs配置文件,rsync配置文件。
[root@ansible ~]# cd /etc/ansible/ansible_playbook/conf/
1. [root@ansible conf]# vim exports 2. /data 192.168.1.0/24(rw,sync,all_squash) 3. [root@ansible conf]# vim rsyncd.conf 4. uid = nobody 5. gid = nobody 6. port 873 7. address = 192.168.1.7 8. hosts allow = 192.168.1.0/24 9. max connections = 4 10. pid file = /var/run/rsyncd.pid 11. timeout = 900 12. dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 13. [backup] 14. path = /backup 15. read only = no 16. auth users = rsync_backup 17. secrets file = /etc/rsync.password
scripts目录下添加两个脚本文件
1. [root@ansible conf]# cd /etc/ansible/ansible_playbook/scripts/ 2. [root@ansible scripts]# vim rsync_backup.sh 3. #!/usr/bin/bash 4. export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin 5. #1.定义变量 6. Host=$(hostname) 7. Addr=$(ifconfig ens33|awk 'NR==2{print $2}') 8. Date=$(date +%F) 9. Dest=${Host}_${Addr}_${Date} 10. Path=/backup 11. 12. #2.创建备份目录 13. [ -d $Path/$Dest ] || mkdir -p $Path/$Dest 14. 15. #3.备份对应的文件 16. cd / && \ 17. [ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \ 18. [ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && \ 19. 20. #4.携带md5验证信息 21. [ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_${Date} 22. 23. #5.推送本地数据至备份服务器 24. export RSYNC_PASSWORD=1 25. rsync -avz $Path/ rsync_backup@rsync1::backup 26. 27. #6.本地保留最近7天的数据 28. find $Path/ -type d -mtime +7|xargs rm -rf
1. [root@ansible scripts]# vim rsync_check.sh 2. #!/usr/bin/bash 3. 4. #1.定义全局的变量 5. export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin 6. 7. #2.定义局部变量 8. Path=/backup 9. Date=$(date +%F) 10. 11. #3.查看flag文件,将校验的结果保存至result_时间 12. find $Path/*_${Date} -type f -name "flag$Date" >$Path/result_${Date} 13. 14. #4.将校验的结果发送邮件给管理员 15. mail -s "Rsync Backup $Date" 1793594335@qq.com <$Path/result_${Date} 16. 17. #5.删除超过7天的校验结果文件, 删除超过180天的备份数据文件 18. find $Path/ -type f -name "result*" -mtime +7|xargs rm -f 19. find $Path/ -type d -mtime +180|xargs rm -rf
基础环境部署
(1)网络环境(关闭firewall selinux)
(2)epel仓库
(3)安装rsync,nfs-utils
(4)创建组
(5)创建用户
(6)创建目录,并修改权限
(7)推送脚本
(8)推送rsync客户端密码文件,修改权限
(9)计划任务
1. [root@ansible ~]# vim /etc/ansible/ansible_playbook/base.yaml 2. - hosts: all 3. tasks: 4. 5. - name: install rsync nfs-utils 6. yum: name=rsync,nfs-utils state=installed 7. 8. - name: create group www 9. group: name=www gid=666 10. 11. - name: create user www 12. user: name=www uid=666 create_home=no shell=/sbin/nologin 13. 14. - name: create rsync client password 15. copy: content='1' dest=/etc/rsync.pass mode=600 16. 17. - name: create scripts directory 18. file: path=/server/scripts/ recurse=yes state=directory 19. 20. - name: push scripts 21. copy: src=./scripts/rsync_backup.sh dest=/server/scripts 22. 23. - name: crontab 24. cron: name="backup scripts" hour=01 minute=00 job="/usr/bin/bash /server/scripts/rsync_backup.sh &> /dev/null"
rsync配置
(1)安装rsync
(2)配置
(3)启动
(4)脚本
(5)计划任务
1. [root@ansible ~]# vim /etc/ansible/ansible_playbook/rsync.yaml 2. - hosts: rsync 3. tasks: 4. 5. - name: install rsync 6. yum: name=rsync state=installed 7. 8. - name: config rsync 9. copy: src=/etc/ansible/ansible_playbook/conf/rsyncd.conf dest=/etc/rsyncd.conf 10. notify: restart rsync 11. 12. - name: create rsync local user 13. copy: content='rsync_backup:1' dest=/etc/rsync.password mode=600 14. 15. - name: create data 16. file: path=/data state=directory recurse=yes owner=www group=www mode=755 17. 18. - name: create backup 19. file: path=/backup state=directory recurse=yes owner=www group=www mode=755 20. 21. - name: start rsync 22. service: name=rsyncd state=started enabled=yes 23. 24. - name: push check scripts 25. copy: src=./scripts/rsync_check.sh dest=/server/scripts 26. 27. - name: crond check scripts 28. cron: name="check scripts" hour=05 minute=00 job="/usr/bin/bash /server/scripts/rsync_check.sh &> /dev/null" 29. 30. handlers: 31. - name: restart rsync 32. service: name=rsyncd state=restarted
nfs部署
(1)安装nfs-utils
(2)配置
(3)启动
1. [root@ansible ~]# vim /etc/ansible/ansible_playbook/nfs.yaml 2. - hosts: nfs 3. tasks: 4. 5. - name: install nfs 6. yum: name=nfs-utils state=installed 7. 8. - name: config nfs 9. copy: src=./conf/exports dest=/etc/exports 10. notify: restart nfs 11. 12. - name: create data 13. file: path=/data state=directory recurse=yes owner=www group=www mode=755 14. 15. - name: start nfs 16. service: name=nfs-server state=started enabled=yes 17. 18. handlers: 19. - name: restart nfs 20. service: name=nfs-server state=restarted
web部署
(1)本地安装httpd
(2)修改配置文件,复制到/etc/ansible/ansible_playbook/conf
(3)挂载
(4)启动
1. [root@ansible ~]# vim /etc/ansible/ansible_playbook/web.yaml 2. - hosts: web 3. 4. tasks: 5. - name: mount nfs 6. mount: src=nfs:/data path=/data fstype=nfs state=mounted 7. 8. - name: install nginx 9. yum: name=nginx state=installed 10. 11. - name: config nginx 12. copy: src=conf/nginx.conf dest=/etc/nginx/nginx.conf 13. notify: restart nginx 14. 15. - name: start nginx 16. service: name=nginx state=started enabled=yes 17. 18. handlers: 19. - name: restart nginx 20. service: name=nginx state=restarted
执行剧本
1. [root@ansible ~]# cd /etc/ansible/ansible_playbook/ 2. [root@ansible ansible_playbook]# vim main.yaml 3. - import_playbook: base.yaml 4. - import_playbook: rsync.yaml 5. - import_playbook: nfs.yaml 6. - import_playbook: web.yaml 7. 8. 9. [root@ansible ansible_playbook]# ansible-playbook -C main.yaml #测试 10. [root@ansible ansible_playbook]# ansible-playbook main.yaml #执行
