|
|
http://www.ansible.com.cn/:参照中文文档
安装方式:采用epel源安装
a安装epel源:
yum install wget
wget dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
yum -y install ansible
b安装epel源:
rpm -ivh http://mirror.serverbeheren.nl/e ... ease-6-8.noarch.rpm
yum install ansible -y
以上两种epel源都可以使用
ansible是基于ssh通信的,所以需要ssh密码共享,节点服务器192.168.1.155,ansible控制端服务器192.168.1.11
基于ssh与节点通信:
ssh-keygen -t rsa -P ''
ssh-copy-id -i .ssh/id_rsa.pub root@192.168.1.155
ansible命令使用
ansible <pattern_goes_here> -m <module_name> -a <arguments>
-f forks:默认为5个,没有超过可以不用定义
-m command:命令操作(默认模块)
-s:以sudo模式
ansible all -m command -a "date"
ansible all -m command -a "service httpd status"
或者直接省略-m command:
ansible all -a "ls /tmp"
首先定义hosts文件:
vim /etc/ansible/hosts
[web]
192.168.1.155
实例演示:
ansible-doc -s copy
ansible web -m copy -a "src=/root/ansible.tar.gz dest=/tmp/"
ansible web -m command -a "ls /tmp"
ansible-doc -s cron
ansible web -m cron -a 'name="custom job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 192.168.31.1"'
ansible web -a "crontab -l"
ansible-doc -s group
ansible web -m group -a "gid=306 system=yes name=mysql"
ansible web -a "tail -1 /etc/group"
ansible-doc -s user
ansible all -m user -a "":group:基本组,groups:附加组
ansible-doc -s yum
ansible web -m yum -a "state=present name=corosync"
ansible web -a "rpm -qa corosync"
ansible-doc -s service
ansible web -m service -a "state=started name=httpd enabled=yes"
ansible web -a "chkconfig --list httpd"
ansible web -m file -a "dest=/tmp/test.txt group=root mode=600 state=touch"
更多模块参考:
ansible-doc -l:列出所有的模块
ansible-doc -s module_name:指出指定模块对应的参数
当使用ansible第一次copy时,遇到如下错误:
[iyunv@RS2 log]# ansible web -m copy -a "src=/root/test.sh dest=/tmp"
192.168.31.115 | FAILED! => {
"changed": false,
"checksum": "31d5f2c4016e2081d99dcd52bf1ab19f48db767e",
"failed": true,
"msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"
}
上述秒数应该是提示libselinux-python没有安装上,于是将它安装:
[iyunv@RS2 log]# ansible web -m yum -a "name=libselinux-python state=present"
再次copy:
[iyunv@RS2 log]# ansible web -m copy -a "src=/root/test.sh dest=/tmp"
192.168.31.115 | SUCCESS => {
"changed": true,
"checksum": "31d5f2c4016e2081d99dcd52bf1ab19f48db767e",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "7aa31a8e7374035b1869a50b12544605",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 181,
"src": "/root/.ansible/tmp/ansible-tmp-1463435307.96-222484590205418/source",
"state": "file",
"uid": 0
}
于是成功解决错误
简单说几个模块:
模块之一:setup(用来查看远程主机的一些基本信息)
ansible web -m setup
模块之file:
directory:如果目录不存在,就创建目录
file:即使文件不存在,也不会被创建
link:创建软链接
hard:创建硬链接
touch:如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间
absent:删除目录、文件或者取消链接文件
模块之- template: Templates a file out to a remote server.
ansible web -m template -a "src=/root/ansible/httpd.yaml dest=/tmp":只能复制file,不能复制目录
模块之copy:既能复制文件,也能复制目录
[iyunv@RS2 ansible]# ansible web -m template -a "src=/root/ansible/test dest=/tmp"
192.168.1.155 | FAILED! => {
"changed": false,
"failed": true,
"msg": "IOError: [Errno 21] Is a directory: u'/root/ansible/test'"
}
[iyunv@RS2 ansible]# ansible web -m copy -a "src=/root/ansible/test dest=/tmp"
192.168.1.155 | SUCCESS => {
"changed": false,
"dest": "/tmp/",
"src": "/root/ansible/test"
}
学会模块使用之后就是playbook的编写使用了(基于yaml语言)
playbook:
检测语法错误,并不执行:
[iyunv@RS2 ansible]# ansible-playbook debug.yaml --syntax-check(检测语法)
playbook: debug.yaml
http.yaml
[iyunv@RS2 ansible]# cat httpd.yaml
- hosts: web
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
notify:
- start httpd
handlers:
- name: start httpd
service: name=httpd state=started enabled=yes
[iyunv@RS2 ansible]# ansible-playbook httpd.yaml
PLAY [web] *********************************************************************
TASK [setup] *******************************************************************
ok: [192.168.1.155]
TASK [install httpd] ***********************************************************
changed: [192.168.1.155]
RUNNING HANDLER [start httpd] **************************************************
changed: [192.168.1.155]
PLAY RECAP *********************************************************************
192.168.1.155 : ok=3 changed=2 unreachable=0 failed=0
在playbook中使用item及with_items
copy multi files to destination
[iyunv@RS2 ansible]# cat template.yaml
- hosts: web
remote_user: root
tasks:
- name: copy multi file to destination
template: src=/root/ansible/httpd.yaml dest=/tmp/{{item}}:多个项目同时更新
with_items:
- httpd001.yaml
- httpd002.yaml
- httpd003.yaml
多项目执行:
- name: touch files with an optional mode
file: dest={{item.path}} state=touch mode={{item.mode|default(omit)}}
with_items:
- path: /tmp/foo
- path: /tmp/bar
- path: /tmp/baz
mode: "0444"
[iyunv@RS2 ansible]# cat loop.yaml
- hosts: web
remote_user: root
tasks:
- name: echo variables
shell: echo {{ item }}
with_items: [ 2,3 ]
[iyunv@RS2 ansible]# cat loop.yaml.bak
- hosts: web
remote_user: root
tasks:
- name: echo variables
shell: echo {{ item }}
with_items:
- 2
- 3
when条件使用:
tasks:
- name: "shutdown Debian flavored systems"
command: /sbin/shutdown -t now
when: ansible_os_family == "Debian"
tasks:
- name: "shutdown CentOS 6 and Debian 7 systems"
command: /sbin/shutdown -t now
when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "6") or
(ansible_distribution == "Debian" and ansible_distribution_major_version == "7")
[iyunv@RS2 ansible]# cat delete.yaml
- hosts: web
remote_user: root
tasks:
- name: delete any file
shell: rm -f /tmp/httpd.yaml
when: ansible_os_family == "RedHat":判断节点服务器是否为RedHat系列,是的话就删掉文件
ansible_os_family该值是模块setup中的结果信息
- hosts: web
remote_user: root
tasks:
- name: delete someone file
file: dest=/tmp/httpd/yaml state=absent
fatal: [192.168.1.155]: FAILED! => {"changed": false, "failed": true, "msg":
"value of state must be one of: file,directory,link,hard,touch,absent, got: abent"}
删除文件两种方式,推荐file:
1、file: dest=/tmp/httpd/yaml state=absent
2、shell: rm -f /tmp/httpd.yaml
引用变量加条件when:
[iyunv@RS2 ansible]# cat peci.yaml
- hosts: web
remote_user: root
vars:
peci: true:此处变量可自定义
tasks:
- name: judge peci
shell: echo "hello world"
when: peci
注册变量:
[iyunv@RS2 ansible]# cat variables.yaml
- hosts: web
remote_user: root
tasks:
- name: judge file
shell: ls /root/ansible
register: home_dirs
- name: copy file
template: src=/root/ansible/{{ item }} dest=/tmp/{{ item }}
with_items: home_dirs.stdout.split()----》注册变量的值
利用变量进行替换,以及when结合register的使用,当register的变量result执行成功,when:result|success就继续安装步骤执行
result|success这也就代表注册变量的返回值是成功的
[iyunv@RS2 ansible]# cat test.yaml
- hosts: web
remote_user: root
vars:
apache: httpd
tasks:
- name: install httpd
yum: name={{ apache }} state=present
register: result:将上步骤执行的结果注册到变量result中
- name: start httpd
service: name=httpd state=started enabled=yes
when: result|success:当result变量是成功的话,就执行是service步骤
[iyunv@RS2 ansible]# cat test.yaml
- hosts: web
remote_user: root
vars:
apache: httpd
tasks:
- name: install httpd
yum: name={{ apache }} state=present
register: result
- name: start httpd
service: name=httpd state=started enabled=yes
when: result|success
- name: display time:这一步骤并没有执行,退出了,证明了失败了才会执行
shell: date
when: result|failed
TASK [display time] ************************************************************
skipping: [192.168.1.155]
[iyunv@RS2 ansible]# cat test.yaml
- hosts: web
remote_user: root
vars:
apache: httpd
tasks:
- name: install httpd
yum: name={{ apache }} state=present
register: result
- name: start httpd
service: name=httpd state=started enabled=yes
when: result|success
- name: display time
shell: date
when: result|failed
[iyunv@RS2 ansible]# vim test.yaml
[iyunv@RS2 ansible]# ansible-playbook test.yaml --syntax-check
playbook: test.yaml
[iyunv@RS2 ansible]# ansible-playbook test.yaml
PLAY [web] *********************************************************************
TASK [setup] *******************************************************************
ok: [192.168.1.155]
TASK [install httpd] ***********************************************************
fatal: [192.168.1.155]: FAILED! => {"changed": true, "cmd": "ls /root/ansible", "delta": "0:00:00.021731", "end": "2016-07-30 16:58:19.750658", "failed": true, "rc": 2, "start": "2016-07-30 16:58:19.728927", "stderr": "ls: 无法访问/root/ansible: 没有那个文件或目录", "stdout": "", "stdout_lines": [], "warnings": []}
NO MORE HOSTS LEFT *************************************************************
to retry, use: --limit @test.retry
PLAY RECAP *********************************************************************可以看出并没有执行failed错误的那条date命令,表明错误操作就直接不进行下面操作
192.168.1.155 : ok=1 changed=0 unreachable=0 failed=1
[iyunv@RS2 ansible]# cat test.
test.retry test.yaml
[iyunv@RS2 ansible]# cat test.yaml
- hosts: web
remote_user: root
vars:
apache: httpd
tasks:
- name: install httpd
shell: ls /root/ansible
register: result
ignore_errors: True:接入忽略错误,加入了这行后面failed操作步骤继续运行
- name: start httpd
service: name=httpd state=started enabled=yes
when: result|success
- name: display time
shell: date
when: result|failed
[iyunv@RS2 ansible]# ansible-playbook test.yaml
PLAY [web] *********************************************************************
TASK [setup] *******************************************************************
ok: [192.168.1.155]
TASK [install httpd] ***********************************************************
fatal: [192.168.1.155]: FAILED! => {"changed": true, "cmd": "ls /root/ansible", "delta": "0:00:00.009894", "end": "2016-07-30 17:01:51.789377", "failed": true, "rc": 2, "start": "2016-07-30 17:01:51.779483", "stderr": "ls: 无法访问/root/ansible: 没有那个文件或目录", "stdout": "", "stdout_lines": [], "warnings": []}
...ignoring
TASK [start httpd] *************************************************************上述result是错误结果,所以skip
skipping: [192.168.1.155]
TASK [display time] ************************************************************此处命令成功:ignore_errors: True是加入了这一行
changed: [192.168.1.155]
PLAY RECAP *********************************************************************
192.168.1.155 : ok=3 changed=1 unreachable=0 failed=0
定义变量,替换文件名,进行copy
[iyunv@RS2 ansible]# cat test1.
test1.retry test1.yaml
[iyunv@RS2 ansible]# cat test1.yaml
- hosts: web
remote_user: root
vars:
src_file: test.yaml
tasks:
- name: copy test.yaml to destination
copy: src=/root/ansible/{{ src_file }} dest=/tmp/{{ src_file }}
[iyunv@RS2 ansible]# ansible-playbook test1.yaml
PLAY [web] *********************************************************************
TASK [setup] *******************************************************************
ok: [192.168.1.155]
TASK [copy test.yaml to destination] *******************************************
changed: [192.168.1.155]
PLAY RECAP *********************************************************************
192.168.1.155 : ok=2 changed=1 unreachable=0 failed=0
错误样例:
[iyunv@RS2 ansible]# cat test1.yaml
- hosts: web
remote_user: root
vars:
src_file: /root/ansible/test.yaml
tasks:
- name: copy test.yaml to destination
copy: src={{ src_file }} dest=/tmp/{{ src_file }}
[iyunv@RS2 ansible]# ansible-playbook test1.yaml
PLAY [web] *********************************************************************
TASK [setup] *******************************************************************
ok: [192.168.1.155]
TASK [copy test.yaml to destination] *******************************************
fatal: [192.168.1.155]: FAILED! => {"changed": false, "checksum": "f0f36e6c39f0fdd58399e8cccaa9dcf30e1cef18", "failed": true, "msg": "Destination directory /tmp//root/ansible does not exist"}
NO MORE HOSTS LEFT *************************************************************
to retry, use: --limit @test1.retry
PLAY RECAP *********************************************************************
192.168.1.155 : ok=1 changed=0 unreachable=0 failed=1
安装lamp
[iyunv@RS2 ansible]# cat lamp.yaml
- hosts: web
remote_user: root
tasks:
- name: install php php-mysql httpd
yum: name={{ item }} state=present
with_items:
- httpd
- php
- php-mysql
- mysql-server
register: result
- name: start httpd server
service: name=httpd state=started enabled=yes
when: result|success
- name: start mysql server
service: name=mysqld state=started enabled=yes
when: result|success
[iyunv@RS2 ansible]# ansible-playbook lamp.yaml
PLAY [web] *********************************************************************
TASK [setup] *******************************************************************
ok: [192.168.1.155]
TASK [install php php-mysql httpd] *********************************************
changed: [192.168.1.155] => (item=[u'httpd', u'php', u'php-mysql', u'mysql-server'])
TASK [start httpd server] ******************************************************
changed: [192.168.1.155]
TASK [start mysql server] ******************************************************
changed: [192.168.1.155]
PLAY RECAP *********************************************************************
192.168.1.155 : ok=4 changed=3 unreachable=0 failed=0
file做文件覆盖到节点目标机:
[iyunv@RS2 tmp]# cat copy.yaml
- hosts: web
remote_user: root
tasks:
- name: copy file to destination
file: src=/tmp/yum.log dest=/tmp/yum.log state=touch
[iyunv@RS2 tmp]# ansible-playbook copy.yaml
PLAY [web] *********************************************************************
TASK [setup] *******************************************************************
ok: [192.168.1.155]
TASK [copy file to destination] ************************************************
changed: [192.168.1.155]
PLAY RECAP *********************************************************************
192.168.1.155 : ok=2 changed=1 unreachable=0 failed=0
roles:
roles:在/etc/ansible/roles/下面创建一个role名称(比如nginx为例)
roles内各目录中可用的文件
tasks目录:至少创建一个名为main.yml的文件,其定义了此角色的任务列表:此文件可以使用 include包含其他的位于此目录中的tasks文件:
files目录:存放由copy或者script等模块调用的文件:
templates目录:templates模块会自动在此目录中寻找Jinjia2模板文件:
handlers目录:此目录中应当包含一个main。
yml文件:用于定义此角色用到的各handler:在handler中使用include包含的其他的handler文件也应该位于此目录中:
vars目录:应当包含一个main.yml文件,用于定义此角色用到的变量
meta目录:应当包含一个main.yml文件,用于定义此角色的特殊设定及其依赖关系:ansible 1.3及其以后的版本才支持
default目录:为当前角色定义默认变量时使用此目录,应该包含一个main.yml文件
handlers:
handler/main.yaml
---
- name: start nginx
service: name=nginx state=started
- name: reload nginx
service: name=nginx state=reloaded
Meta
Meta/main.yaml
---
dependencies:
- { roles: ssl }
templates
templates/serversforhackers.com.conf:一个配置文件就行
variables
vars/main.yml
---
domain: www.my.com
http_port: 80
tasks:
tasks/main.yaml
---
- name: install nginx
yum: name=nginx state=present
register: result
notify:
- start nginx
- name: copy configure file to destination
template: src=/path/to/serversforhackers.com.conf.j2
dest=/path/to/serversforhackers.com.conf owner=root group=root
- name: create web root directory
file: dest=/www/html owner=nginx group=nginx state=directory mode=775 recurse=yes
notify:
- reload nginx
实例验证:
[iyunv@RS2 nginx]# cat handlers/main.yaml
---
- name: start httpd
service: name=httpd state=started
- name: restart httpd
service: name=httpd state=restarted
[iyunv@RS2 nginx]# cat tasks/main.yaml
---
- name: install httpd
yum: name=httpd state=present
notify:
- start httpd
- name: copy the configure file to destination
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify:
- restart httpd
[iyunv@RS2 nginx]# cat templates/httpd.conf.j2 :也就是httpd.conf配置文件后缀加上j2
[iyunv@RS2 nginx]# cat vars/main.yaml
---
http_port: 80
[iyunv@RS2 workflow]# cat install_httpd.yaml
---
- hosts: web
remote_user: root
roles:
- nginx
[iyunv@RS2 ansible]# tree整个目录结果
.
|-- ansible.cfg
|-- hosts
|-- hosts.bak
|-- roles
| `-- nginx----》角色名
| |-- files
| |-- handlers-----》定义后续notify的处理play
| | `-- main.yaml
| |-- meta----》定义依赖
| |-- tasks-----》定义任务执行play
| | `-- main.yaml
| |-- templates----》定义模板文件
| | `-- httpd.conf.j2
| `-- vars:定义变量
| `-- main.yaml
`-- workflow-----》工作目录,存放各种playbook来执行角色
|-- install_httpd.retry
`-- install_httpd.yaml-----playbook来执行整个roles下的nginx
附上目录结构图:
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-8-2 09:53:04
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡