Ansible-playbook-02

目录

• 1. playbook
  • 1.1 playbook组成
  • 1.2 playbook格式
  • 1.3 playbook执行命令
  • 1.4 案例1
  • 1.5 案例2

1. playbook

playbook(剧本)使用YAML语法，是一个YAML格式的文件(文件名以.yml结尾)，用于保存针对特定需求的任务列表。

1.1 playbook组成

1. name:自定义任务名
   
2. hosts:指定任务的目标主机
   
3. remote_user：远程主机上，运行此任务的默认身份为root。
   
4. tasks：任务，即定义的具体任务，由模块定义的操作列表。
   
5. handlers：触发器，类似tasks，只是在特定的条件下才会触发的任务。某任务的状态在运行后为changed时，可通过“notify”通知给相应的handlers进行触发执行。
   
6. roles：角色，将hosts剥离出去，由tasks、handlers等所组成的一种特定的结构集合.
   

1.2 playbook格式

1. 通过“-”来代表项，通过冒号 “:”来分隔键和值，整个文件以“---”开始并以“...”结束。
   
2. 所有的“-”和“:”后面均有空格，而且要严格注意缩进和对齐，否则语法可能会报错。
   
3. 每次在执行playbook文件之前，一定要使用“-C”选项来进行预测试。该选项会执行一遍playbook文件，但不会对目标主机进行任何更改，若语法有错或目标主机缺少某个文件，都将报错提示。

1.3 playbook执行命令

ansible-playbook  [ option ] /path_to_yml

[options]
    --syntax-check：检测yaml文件的语法。
    -C：预测试，不会改变目标主机的任何设置。
    --list-tasks：列出yaml文件的任务列表。
    --list-hosts：列出yaml文件的主机列表。
    --list-tags：列出yaml文件中的标签。
    -t TAGS：表示只执行指定标签的任务。
    --skip-tags=SKIP_TAGS：表示除了指定标签的任务，执行其他任务。
    --start-at-task=START_AT：从指定任务开始往下运行。
    

1.4 案例1

• 案例描述：

vm2作为控制机，控制vm3(centos7)，vm4(centos8)
1.搭建网络源仓库
2.安装httpd服务
3.关闭防火墙
4.启动httpd服务

• 过程：

1. 创建inventory清单文件，指定受管主机

[root@vm2 ansible]# pwd
/etc/ansible
[root@vm2 ansible]# vim inventory 

# 将vm3,vm4分为test组
[test]    
vm3 ansible_host=192.168.137.133 ansible_user=root ansible_password=123456
vm4 ansible_host=192.168.137.134 ansible_user=root ansible_password=123456

2. vm2修改ansible.cfg配置文件指定清单

[root@vm2 ansible]# pwd
/etc/ansible
[root@vm2 ansible]# vim ansible.cfg 

# config file for ansible -- https://ansible.com/
# ===============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]
inventory = /etc/ansible/inventory
# some basic default values...

3. 创建myplaybook目录，编写playbook

[root@vm2 ansible]# pwd
/etc/ansible
[root@vm2 ansible]# mkdir myplaybook;cd myplaybook/
[root@vm2 myplaybook]# vim http.yml
---
- name: 1.bulid aliyun's repo for vm3(censtos8)
  hosts: vm3 
  tasks:
    - script: /etc/ansible/script/repo8.sh
      args:
        creates: /etc/yum.repos.d/CentOS-Base.repo
- name: 2.bulid aliyun's repo for vm4(censtos7)
  hosts: vm4 
  tasks:
    - script: /etc/ansible/script/repo7.sh
      args:
        creates: /etc/yum.repos.d/CentOS-Base.repo
- name: 3.install httpd
  hosts: test
  tasks:
    - dnf:
        name: httpd
        state: present
- name: 4.httpd server for test
  hosts: test
  tasks:
    - name: task1:firewall-acl
      script: /etc/ansible/script/firewalld-acl.sh
    - name: restart firewalld
      service:
        name: firewalld
        state: restarted
    - name: task2:start httpd
      service:
        name: httpd
        enabled: yes
        state: started
...

4. 创建script目录，并编写repo7.sh,repo8.sh,firewalld-acl.sh脚本，并修改权限使之可以执行

[root@vm2 ansible]# mkdir script;cd script/
[root@vm2 script]# vim repo7.sh
##搭建centos7版本的aliyun源

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo;
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo;
sed -i 's/$releasever/7/g' /etc/yum.repos.d/*;
dnf makecache

[root@vm2 script]# vim repo8.sh 
##搭建centos8版本的aliyun源

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo;
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo;
sed -i 's/$releasever/8/g' /etc/yum.repos.d/*;
dnf makecache

[root@vm2 script]# vim firewalld-acl.sh 
##写防火墙acl规则

firewall-cmd --add-rich-rule 'rule family=ipv4 source address=192.168.137.0/24 service name=http accept' --permanent;
firewall-cmd --reload


##修改脚本权限
[root@vm2 script]# chmod o+x *
[root@vm2 script]# ll
total 12
-rw-r--r-x. 1 root root 140 Aug 31 11:47 firewalld-acl.sh
-rw-r--r-x. 1 root root 293 Aug 31 09:29 repo7.sh
-rw-r--r-x. 1 root root 292 Aug 31 09:29 repo8.sh

5. 检查playbook的语法

[root@vm2 myplaybook]# ansible-playbook --syntax-check http.yml 

playbook: http.yml

6. 执行playbook

[root@vm2 script]# ansible-playbook ../myplaybook/http.yml 

PLAY [1.bulid aliyun's repo for vm3(censtos8)] ***************************************************

TASK [Gathering Facts] ***************************************************************************
ok: [vm3]

TASK [script] ************************************************************************************
skipping: [vm3]

PLAY [2.bulid aliyun's repo for vm4(censtos7)] ***************************************************

TASK [Gathering Facts] ***************************************************************************
ok: [vm4]

TASK [script] ************************************************************************************
skipping: [vm4]

PLAY [3.install httpd] ***************************************************************************

TASK [Gathering Facts] ***************************************************************************
ok: [vm4]
ok: [vm3]

TASK [dnf] ***************************************************************************************
ok: [vm4]
ok: [vm3]

PLAY [4.httpd server for test] *******************************************************************

TASK [Gathering Facts] ***************************************************************************
ok: [vm4]
ok: [vm3]

TASK [task1:firewall-acl] ************************************************************************
changed: [vm4]
changed: [vm3]

TASK [restart firewalld] *************************************************************************
changed: [vm4]
changed: [vm3]

TASK [task2:start httpd] *************************************************************************
ok: [vm4]
ok: [vm3]

PLAY RECAP ***************************************************************************************
vm3                        : ok=7    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
vm4                        : ok=7    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
 

7. 测试vm3,vm4的httpd服务

• vm3(192.168.137.133)

• vm4(192.168.137.134)

1.5 案例2

• 案例描述

1.vm2(192.168.137.129.1.)做为控制机，vm1(192.168.137.128)
2.vm1已经安装了httpd服务,防火墙可通过
3.要求vm1通过虚拟主机的方式部署httpd服务
4.(同IP同端口不同域名)www.wisan.com，www.runtime.com

• 过程

1. vm2上创建清单文件，将vm1添加进清单

[root@vm2 ansible]# pwd
/etc/ansible
[root@vm2 ansible]# vim inventory 
[webservers]
vm1 ansible_host=192.168.137.128 ansible_user=root ansible_password=fyj970801

2. 修改ansible.cfg，指定清单,添加域名到IP的映射

[root@vm2 ansible]# pwd
/etc/ansible
[root@vm2 ansible]# ls
ansible.cfg  hosts  hosts.rpmsave  inventory  myplaybook  roles  script
[root@vm2 ansible]# vim ansible.cfg

[defaults]
inventory = /etc/ansible/inventory

[root@vm2 ansible]# vim /etc/hosts 

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.137.128 www.wisan.com www.runtime.com

3. vm2上编写vhosts.conf虚拟主机配置文件

[root@vm2 myplaybook]# pwd
/etc/ansible/myplaybook
[root@vm2 myplaybook]# ls
http_conf  http_file  http-vm1.yml  http.yml  secret  vars
[root@vm2 myplaybook]# vim http_conf/vhosts.conf 

<VirtualHost 192.168.137.128:80>
     ServerName www.wisan.com
     DocumentRoot "/var/www/html/wisan"
     ErrorLog "/var/log/httpd/error_log"
     CustomLog "/var/log/httpd/access_log" common
   <Directory "/var/www/html/wisan">
         Require all granted
   </Directory>
</VirtualHost>

<VirtualHost 192.168.137.128:80>
     ServerName www.runtime.com
     DocumentRoot "/var/www/html/runtime"
     ErrorLog "/var/log/httpd/error_log"
     CustomLog "/var/log/httpd/access_log" common
   <Directory "/var/www/html/runtime">
         Require all granted
   </Directory>

</VirtualHost>

4. vm2上编写网站项目

[root@vm2 http_file]# pwd
/etc/ansible/myplaybook/http_file
[root@vm2 http_file]# mkdir wisan runtime
[root@vm2 http_file]# ll
total 0
drwxr-xr-x. 2 root root 24 Aug 31 23:03 runtime
drwxr-xr-x. 2 root root 24 Sep  1 06:32 wisan
[root@vm2 http_file]# vim wisan/index.html 
hello wisan!
[root@vm2 http_file]# vim runtime/index.html 
hello runtime!

5. 编写剧本playbook

[root@vm2 myplaybook]# pwd
/etc/ansible/myplaybook
[root@vm2 myplaybook]# ls
http_conf  http_file  http-vm1.yml  http.yml  secret  vars
[root@vm2 myplaybook]# vim http-vm1.yml 
---
- name: provide http by virtualhost for vm1
  hosts: webservers
  tasks:
    - name: move vm2's vhosts.conf to vm1
      copy:
        src: http_conf/vhosts.conf
        dest: /etc/httpd/conf.d/
      notify: restart httpd
    - name: move wisan/index.html to vm1 for www.wisan.com
      copy:
        src: http_file/wisan
        dest: /var/www/html
    - name: move runtime/index.html to vm1 for www.runtime.com
      copy:
        src: http_file/runtime
        dest: /var/www/html
    - name: start http on vm1
      service:
        name: httpd
        enabled: yes
        state: started
  handlers:
    - name: restart httpd
      service:
        name: httpd
        state: restarted
...

6. 执行剧本

[root@vm2 myplaybook]# pwd
/etc/ansible/myplaybook
[root@vm2 myplaybook]# ls
http_conf  http_file  http-vm1.yml  http.yml  secret  vars
[root@vm2 myplaybook]# vim http-vm1.yml 
[root@vm2 myplaybook]# ansible-playbook  http-vm1.yml 

PLAY [provide http by virtualhost for vm1] **********************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [vm1]

TASK [move vm2's vhosts.conf to vm1] ****************************************************************************
changed: [vm1]

TASK [move wisan/index.html to vm1 for www.wisan.com] ***********************************************************
ok: [vm1]

TASK [move runtime/index.html to vm1 for www.runtime.com] *******************************************************
ok: [vm1]

TASK [start http on vm1] ****************************************************************************************
ok: [vm1]

RUNNING HANDLER [restart httpd] *********************************************************************************
changed: [vm1]

PLAY RECAP ******************************************************************************************************
vm1                        : ok=6    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

[root@vm2 myplaybook]# 

7. 测试:vm1上的效果

[root@vm1 ~]# cd /var/www/html
[root@vm1 html]# ll
total 0
drwxr-xr-x. 2 root root 24 Sep  1 10:36 runtime
drwxr-xr-x. 2 root root 24 Sep  1 10:36 wisan
[root@vm1 html]# cat runtime/index.html 
hello runtime!
[root@vm1 html]# cat wisan/index.html 
hello wisan!

[root@vm1 conf.d]# pwd
/etc/httpd/conf.d
[root@vm1 conf.d]# ls
autoindex.conf  README  userdir.conf  vhosts.conf  welcome.conf
[root@vm1 conf.d]# vim vhosts.conf 

<VirtualHost 192.168.137.128:80>
     ServerName www.wisan.com
     DocumentRoot "/var/www/html/wisan"
     ErrorLog "/var/log/httpd/error_log"
     CustomLog "/var/log/httpd/access_log" common
   <Directory "/var/www/html/wisan">
         Require all granted
   </Directory>  
</VirtualHost>
             
<VirtualHost 192.168.137.128:80>
     ServerName www.runtime.com
     DocumentRoot "/var/www/html/runtime"
     ErrorLog "/var/log/httpd/error_log"
     CustomLog "/var/log/httpd/access_log" common
   <Directory "/var/www/html/runtime">
         Require all granted 
   </Directory>
    
</VirtualHost>


[root@vm1 ~]# ss -antl
State          Recv-Q         Send-Q                 Local Address:Port                 Peer Address:Port        
LISTEN         0              128                          0.0.0.0:22                        0.0.0.0:*           
LISTEN         0              128                             [::]:22                           [::]:*           
LISTEN         0              128                                *:80                              *:*           
[root@vm1 ~]# 

8. vm2控制机上通过域名访问vm1 http服务

[root@vm2 http_conf]# curl www.wisan.com
hello wisan!
[root@vm2 http_conf]# curl www.runtime.com
hello runtime!