共计 9471 个字符,预计需要花费 24 分钟才能阅读完成。
此处记录下palybook的一些常用写法样例,多写你就熟了
节点基本初始化
[root@manager /etc/ansible/playbook]# cat base.yaml
---
- hosts: all
remote_user: root
tasks:
- name: Add Yum Repository
yum_repository:
name: base
description: Base Aliyun Repositroy
baseurl: http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
gpgcheck: no
- name: Add Epel Yum Repository
yum_repository:
name: epel
description: Epel Aliyun Repositroy
baseurl: http://mirrors.aliyun.com/epel/7/$basearch
gpgcheck: no
- name: Installed Package
yum: name={{ item }} state=present
with_items:
- nfs-utils
- iftop
- iotop
- lrzsz
- vim
- name: Stop Firewalld Service
service: name=firewalld state=stopped enabled=no
- name: Disabled Selinux
selinux: state=disabled
- name: Configure ssh server
copy: src=./files/sshd.template dest=/etc/ssh/sshd_config
notify: restart sshd server
- name: Add Group www
group: name=www gid=666
- name: Add User www
user: name=www uid=666 group=www create_home=no shell=/sbin/nologin
handlers:
- name: restart sshd server
service: name=sshd state=restarted
# sshd.template自行拷贝 /etc/ssh/sshd_config并修改,放置在./files/sshd.template
nfs部署
[root@manager /etc/ansible/playbook]# cat nfs.yaml
---
- hosts: nfs
remote_user: root
tasks:
- name: Install nfs-server
yum: name=nfs-utils state=present
- name: Configure nfs file
copy: src=./files/exports.template dest=/etc/exports mode=644
notify: Restart nfs-server
- name: Create nfs dir
file: path=/data state=directory owner=www group=www mode=755 recurse=yes
- name: Start nfs-server
service: name=nfs-server state=started
handlers:
- name: Restart nfs-server
service: name=nfs-server state=restarted
# nfs配置文件模板
[root@manager /etc/ansible/playbook]# cat files/exports.template
/data 172.16.1.0/24(rw,sync,anonuid=666,anongid=666)
部署httpd
[root@manager /etc/ansible/playbook]# cat web.yaml
---
- hosts: web
remote_user: root
vars:
- httpd_id: www
- httpd_port: 80
tasks:
- name: Install Httpd Server
yum: name={{ item }} state=present
with_items:
- httpd
- php
- name: Configure Httpd Server
template: src=./files/httpd.conf.template dest=/etc/httpd/conf/httpd.conf
notify: Restart Httpd
- name: Mount nfs_dir
mount: path=/var/www/html src=172.16.1.31:/data fstype=nfs opts=defaults state=mounted
- name: Push kaoshi.zip
unarchive: src=./files/kaoshi.zip dest=/var/www/html/ creates=/var/www/html/index.html
- name: Start Httpd Server
service: name=httpd state=started enabled=yes
handlers:
- name: Restart Httpd
service: name=httpd state=restarted
部署rsync+sersync
rsync
[root@manager /etc/ansible/playbook]# cat rsync.yaml
---
- hosts: backup
remote_user: root
vars_files: ./files/vars.yaml
tasks:
- name: Install rsyncd
yum: name=rsync state=present
- name: Create Directory
file: path={{ item }} state=directory mode=755 owner=www group=www
with_items:
- /backup
- /data
- name: Configrue rsync
template: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }}
with_items:
- {src: "./files/rsyncd.conf.template", dest: "/etc/rsyncd.conf", mode: "0644"}
- {src: "./files/rsync.pass.template", dest: "/etc/rsync.passwd", mode: "0600"}
notify: Restart rsyncd
tags:
- configrue rsync
- name: Start rsyncd
service: name=rsyncd state=started
- name: Output rsync status
shell: netstat -tunlp | grep rsync
register: Rsync_status
ignore_errors: yes
- name: Print Rsync Status
debug: msg={{ Rsync_status.stdout_lines }}
handlers:
- name: Restart rsyncd
service: name=rsyncd state=restarted
[root@manager /etc/ansible/playbook]# cat files/vars.yaml
rsyncd_user: www
rsync_auth_user: rsync_backup
rsync_passwd_path: /etc/rsync.passwd
rsync_module: backup
rsync_comment: backup all
rsync_backup_path: /backup
rsync_password: "rsync_backup:00000000"
[root@manager /etc/ansible/playbook]# cat files/rsyncd.conf.template
uid = {{ rsyncd_user }}
gid = {{ rsyncd_user }}
port = 873
fake super = yes
use chroot = no
max connections = 20
timeout = 600
ignore errors
read only = false
list = false
auth users = {{ rsync_auth_user }}
secrets file = {{ rsync_passwd_path}}
log file = /var/log/rsync.log
[{{ rsync_module }}]
comment = {{ rsync_comment }}
path = {{ rsync_backup_path }}
[{{ sersync_module }}]
comment = {{ sersync_comment }}
path = {{ sersync_backup_path }}
sersync
[root@manager /etc/ansible/playbook]# cat sssersync.yaml
---
- hosts: nfs
tasks:
- name: Create rsync.pass
copy: content="00000000" dest=/etc/rsync.pass mode=600
- name: Configure sersync file
template: src=./files/confxml.xml dest=/usr/local/sersync/ mode=755
notify: Restart sersyncd
- name: sersync_status
shell: ps -ef |grep sersync | grep -v grep | wc -l
register: sersync_status
- name: Configure execute sersync file
copy: src=./files/sersync2 dest=/usr/local/sersync/ mode=755
- name: Start sersyncd
shell: pkill sersyncd2;/usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
when: sersync_status.stdout != '1'
handlers:
- name: Restart sersyncd
shell: pkill sersyncd2;/usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
# 模板文件自行挖空哈 {{ rsyncd_user }}
[root@manager /etc/ansible/playbook]# cat files/vars.yaml
rsyncd_user: www
rsync_auth_user: rsync_backup
rsync_passwd_path: /etc/rsync.passwd
rsync_module: backup
rsync_comment: backup all
rsync_backup_path: /backup
rsync_password: "rsync_backup:00000000"
sersync_module: data
sersync_comment: backup all
sersync_backup_path: /data
mailx部署
[root@manager /etc/ansible/playbook]# cat mail.yaml
---
- hosts: backup
vars_files: ./files/vars.yaml
tasks:
- name: Install mailx
yum: name=mailx state=present
- name: render mailx file
template: src=./files/mail.rc.template dest=/etc/mail.rc mode=644
- name: copy check.sh
copy: src=./files/check.sh dest=/server/scripts/ mode=755
- name: Creat crontab
cron: name="sendmail" minute=01 hour=02 job='/bin/sh /server/scripts/check.sh'
[root@manager /etc/ansible/playbook]# cat files/mail.rc.template
set from={{ stmp_user }}
set smtp={{ smtp_server }}
set smtp-auth-user={{ stmp_auth_user }}
set smtp-auth-password={{ smpt_auth_password }}
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/
[root@manager /etc/ansible/playbook]# cat files/vars.yaml
rsyncd_user: www
rsync_auth_user: rsync_backup
rsync_passwd_path: /etc/rsync.passwd
rsync_module: backup
rsync_comment: backup all
rsync_backup_path: /backup
rsync_password: "rsync_backup:00000000"
sersync_module: data
sersync_comment: backup all
sersync_backup_path: /data
stmp_user: 1793360097@qq.com
smtp_server: smtps://smtp.qq.com:465
stmp_auth_user: 1793360097@qq.com
smpt_auth_password: xxxxxxxxxx
ansible-playbook指令
# 检测playbook语法
[root@manager /etc/ansible/playbook]# ansible-playbook -i hosts xxxx.yaml --syntax-check
# 运行playbook
[root@manager /etc/ansible/playbook]# ansible-playbook -i hosts xxxx.yaml
[root@k8s-master project]# ansible-playbook --help
usage: ansible-playbook [-h] [--version] [-v] [-k]
[--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
[-c CONNECTION] [-T TIMEOUT]
[--ssh-common-args SSH_COMMON_ARGS]
[--sftp-extra-args SFTP_EXTRA_ARGS]
[--scp-extra-args SCP_EXTRA_ARGS]
[--ssh-extra-args SSH_EXTRA_ARGS] [--force-handlers]
[--flush-cache] [-b] [--become-method BECOME_METHOD]
[--become-user BECOME_USER] [-K] [-t TAGS]
[--skip-tags SKIP_TAGS] [-C] [--syntax-check] [-D]
[-i INVENTORY] [--list-hosts] [-l SUBSET]
[-e EXTRA_VARS] [--vault-id VAULT_IDS]
[--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
[-f FORKS] [-M MODULE_PATH] [--list-tasks]
[--list-tags] [--step] [--start-at-task START_AT_TASK]
playbook [playbook ...]
Runs Ansible playbooks, executing the defined tasks on the targeted hosts.
positional arguments:
playbook Playbook(s)
optional arguments:
--ask-vault-pass ask for vault password
--flush-cache clear the fact cache for every host in inventory
--force-handlers run handlers even if a task fails
--list-hosts outputs a list of matching hosts; does not execute
anything else
--list-tags list all available tags
--list-tasks list all tasks that would be executed
--skip-tags SKIP_TAGS
only run plays and tasks whose tags do not match these
values
--start-at-task START_AT_TASK
start the playbook at the task matching this name
--step one-step-at-a-time: confirm each task before running
--syntax-check perform a syntax check on the playbook, but do not
execute it
--vault-id VAULT_IDS the vault identity to use
--vault-password-file VAULT_PASSWORD_FILES
vault password file
--version show program's version number, config file location,
configured module search path, module location,
executable location and exit
-C, --check don't make any changes; instead, try to predict some
of the changes that may occur
-D, --diff when changing (small) files and templates, show the
differences in those files; works great with --check
-M MODULE_PATH, --module-path MODULE_PATH
prepend colon-separated path(s) to module library (def
ault=~/.ansible/plugins/modules:/usr/share/ansible/plu
gins/modules)
-e EXTRA_VARS, --extra-vars EXTRA_VARS
set additional variables as key=value or YAML/JSON, if
filename prepend with @
-f FORKS, --forks FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory INVENTORY, --inventory-file INVENTORY
specify inventory host path or comma separated host
list. --inventory-file is deprecated
-l SUBSET, --limit SUBSET
further limit selected hosts to an additional pattern
-t TAGS, --tags TAGS only run plays and tasks tagged with these values
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
Connection Options:
control as whom and how to connect to hosts
--private-key PRIVATE_KEY_FILE, --key-file PRIVATE_KEY_FILE
use this file to authenticate the connection
--scp-extra-args SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--sftp-extra-args SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f,
-l)
--ssh-common-args SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
--ssh-extra-args SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
-T TIMEOUT, --timeout TIMEOUT
override the connection timeout in seconds
(default=10)
-c CONNECTION, --connection CONNECTION
connection type to use (default=smart)
-k, --ask-pass ask for connection password
-u REMOTE_USER, --user REMOTE_USER
connect as this user (default=None)
Privilege Escalation Options:
control how and which user you become as on target hosts
--become-method BECOME_METHOD
privilege escalation method to use (default=sudo), use
`ansible-doc -t become -l` to list valid choices.
--become-user BECOME_USER
run operations as this user (default=root)
-K, --ask-become-pass
ask for privilege escalation password
-b, --become run operations with become (does not imply password
prompting)
正文完