1 Ansible rolers 介绍

官方地址

https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html

1. Ansible安装部署和主机清单配置目录

[root@m01 ~] yum install ansible -y

1.png

2.png

3.png

[root@m01 ~/.ssh] ssh-copy-id 10.0.0.31 -o StrictHostKeyChecking=no

2. SSH使用密码连接并且端口号不是22

4.png

3. Ansible 常用模块

5.png

5.png

6.png

7.png

3 file 文件相关

命令解释：

https://docs.ansible.com/ansible/latest/modules/file_module.html#file-module

8.png

9.png

10.png

4. script 执行脚本

11.png

[root@m01 ~] ansible -vvvv web -m script -a "/root/echo_ip.sh" 

5.cron 定是任务 *****

12.png

13.png

6 group 组相关

14.png

8. yum 安装软件

15.png

9.service 服务启动

16.png

10 mount 挂载命令

[root@m01 ~] ansible backup -m mount -a "src=172.16.1.31:/data path=/data fstype=nfs state=mounted"

17.png

18.png

11. unarchive 解压缩

19.png

20.png

12. archive 压缩

21.png

22.png

23.png

13 编写NFS和Rsync的Ansible 一键安装脚本

13.2 正常的流程

1  手动完成
2  按服务分类或者服务器分类 收集所有的操作步骤
3  收集所有的配置文件和密码文件
4  把shell命令翻译成ansible 命令

13.2 rsync 安装

[root@m01 ~] vim ansible_rsync.sh 
#!/bin/bash
#1.创建组
ansible backup -m group -a "name=www gid=666
"
#2.创建用户
ansible backup -m user -a "name=www uid=666 group=www shell=/sbin/nologin create_home=no"

#3.配置文件
ansible backup -m copy -a "src=/opt/rsyncd.conf dest=/etc/"

#4.配置虚拟用户密码文件
ansible backup -m copy -a "src=/opt/rsync.passwd dest=/etc/ mode='0600'"

#5. 创建数据目录并更改权限
ansible backup -m file -a "name=rsync state=latest"
ansible backup -m file -a "path=/data state=directory owner=www group=www"
ansible backup -m file -a "path=/backup state=directory owner=www group=www"

#6. 启动
ansible backup -m service -a "name=rsyncd state=started enabled=yes"

-----------------------------------------------------------------------------------------

20.05.4

24.png

4.剧本的格式书写要求

1.严格的缩进表示层级关系
2.一定不要使用 tab
3.：后面必须有空格
4. - 后面必须有空格
5. yaml 格式的文件后缀名需要改成yaml或者 yml 

4.1.playbook剧本的优势

1.减少重复书写的指令：ansible backup -m file -a
2.看起来简洁清晰
3.功能强大，可以控制流程
4.其他剧本可以复用
5.提供检查语法和模拟执行

24.png

25.png

5.剧本高级特性-循环

26.png

6.高级特性-变量

27.png

6.1.使用变量获取主机的eth1地址和主机名

28.png

29.png

7.剧本高级特性--注册变量

30.png

8.如果配置文件发生了变化，就重启服务，否则不重启

31.png

9.剧本高级特性-服务状态管理

32.png

10.剧本高级特性-选择标签

33.png

11.编写 rsync 角色

34.png

[root@m01 /etc/ansible/roles] mkdir rsync/{tasks,handlers,files,templates,vars} -p

35.png

[root@m01 /etc/ansible/roles/rsync/files] cat rsyncd.conf 
uid = www
gid = www 
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /opt/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
path = /backup

[data]
path = /data
 
[root@m01 /etc/ansible/roles/rsync/files] cat rsync.passwd 
rsync_backup:123456

35.png

[root@m01 /etc/ansible/roles/rsync/handlers] cat main.yaml 
- name: restart rsyncd
  service: 
    name: rsyncd
    state: restarted

36.png

[root@m01 /etc/ansible/roles/rsync/tasks] cat main.yaml   
- name: 01_add_group
  group:
    name: www
    gid: 666

- name: 02_add_user
  user: 
    name: www 
    uid: 666 
    group: www 
    create_home: no 
    shell: /sbin/nologin

- name: 03_mkdir
  file:
    path: /data 
    state: directory 
    owner: www 
    group: www

- name: 04_yum
  yum: 
    name: rsync
    state: latest

- name: 05_cofing
  copy: 
    src: "{{ item.src }}" 
    dest: /etc/
    mode: "{{ item.mode }}"
  loop:
    - { src: rsyncd.conf,  mode: "0644" }
    - { src: rsync.passwd, mode: "0600" }
  notify: restart rsyncd 

- name: 07_start
  service: 
    name: rsyncd 
    state: started 
    enabled: yes

37.png

12.编写 jinga 模版文件

[root@m01 /etc/ansible/roles] mkdir sshd/{tasks,handlers,files,templates,vars} -p

38.png

39.png

18 Port {{ ssh_port }}
21 ListenAddress {{ ansible_facts.eth0.ipv4.address }}

40.png

[root@m01 /etc/ansible/roles/sshd] cat handlers/main.yml 
- name: restart sshd
  service:
    name: sshd
    state: restarted

[root@m01 /etc/ansible/roles/sshd] cat tasks/main.yml 
- name: 01-copy_config
  template:
    src: sshd_config.j2
    dest: /etc/ssh/sshd_config
  notify: restart sshd

[root@m01 /etc/ansible/roles/sshd] cat vars/main.yml 
sshd_port: 22

[root@m01 /etc/ansible/roles] cat sshd.yml 
- hosts: web
  roles:
    - sshd

41.png

42.png

43.png

13.ansible 拆分各个服务角色文件

44.png

[root@m01 /etc/ansible/roles/init] vim tasks/main.yaml 
- name: 01_add_group
  group:
    name: www
    gid: 666

- name: 02_add_user
  user:
    name: www
    uid: 666
    group: www
    create_home: no
    shell: /sbin/nologin

- name: 03_mkdir
  file:
    path: /data
    state: directory
    owner: www
    group: www

- name: 04_yum
  yum:
    name: rsync
    state: latest

45.png

  oot@m01 /etc/ansible/roles/rsync/tasks]# vim main.yaml 
- name: 01_cofing
  copy:
    src: "{{ item.src }}"
    dest: /etc/
    mode: "{{ item.mode }}"
  loop:
    - { src: rsyncd.conf,  mode: "0644" }
    - { src: rsync.passwd, mode: "0600" }
  notify: restart rsyncd

- name: 02_start
  service:
    name: rsyncd
    state: started
    enabled: yes

[root@m01 /etc/ansible/roles]# vim rsync.yml 
- hosts: backup
  roles:
    - init
    - rsync

46.png