Äú¿ÉÒÔ¾èÖú£¬Ö§³ÖÎÒÃǵĹ«ÒæÊÂÒµ¡£

1Ôª 10Ôª 50Ôª





ÈÏÖ¤Â룺  ÑéÖ¤Âë,¿´²»Çå³þ?Çëµã»÷Ë¢ÐÂÑéÖ¤Âë ±ØÌî



  ÇóÖª ÎÄÕ ÎÄ¿â Lib ÊÓƵ iPerson ¿Î³Ì ÈÏÖ¤ ×Éѯ ¹¤¾ß ½²×ù Model Center   Code  
»áÔ±   
   
 
     
   
 ¶©ÔÄ
  ¾èÖú
ansible
 
À´Ô´£º51cto ·¢²¼ÓÚ£º 2017-7-4
  2938  次浏览      31
 

Ò»¡¢½éÉÜ£º

Ä£¿é»¯£¬µ÷ÓÃÌض¨µÄÄ£¿éÀ´Íê³ÉÌض¨ÈÎÎñ£»

»ùÓÚPythonÓïÑÔʵÏÖ£¬ÓÉParamiko, PyYAMLºÍJinja2Èý¸ö¹Ø¼üÄ£¿é>ʵÏÖ£»

Ö§³Ö×Ô¶¨ÒåÄ£¿é

Ö§³Öplaybook£º ¿ÉÒ԰Ѷà¸öÈÎÎñ±àÅźã¬Ò»´ÎÐÔµÄÖ´ÐÐÍê¡£

ÃݵÈÐÔ£º¶à´ÎÖ´ÐеĽá¹ûÊÇÒ»ÑùµÄ¡£

ansibleÃüÁîµÄʹÓ÷½Ê½»¹ÊǺܼòµ¥µÄ£º

ansible <host-pattern> [-f forks]

[-m module_name] [-a args]

host_pattern ÊÇÀ´Ö¸¶¨Ö÷»úµÄ£¬¿ÉÒÔÊǵ¥Ì¨Ö÷»ú£¬Ò²¿ÉÒÔÊÇÖ÷»ú×顣ǰÌáÊÇÒªÔÚansibleµÄhostsÅäÖÃÎļþÖÐÖ¸¶¨¡£

-f Ö¸¶¨Ò»´ÎÅúÁ¿¹ÜÀíµÄÖ÷»úÊýÁ¿¡£ ¿ÉÒÔ˵¾ÍÊDz¢·¢¹ÜÀíÊýÁ¿¡£ Óë×ܵÄÊýÁ¿Ã»ÓйØϵ¡£

-m Ö¸¶¨Ä£¿é¡£

-a Ä£¿é²ÎÊý

ËüËùÓеĹÜÀí¹¦Äܶ¼ÊÇÓɸ÷¸öÄ£¿éËùÌṩ£¬²é¿´Ä£¿éʹÓ÷½·¨£º

ansible-doc [-M module_path] [-l] [-s] [module...]

-M ²é¿´Ä£¿éµÄÏêϸÐÅÏ¢£¬ÒªÖ¸¶¨Ä£¿éµÄ·¾¶

-l ÁгöËùÓÐÄ£¿é¡£

-s ²é¿´Ä£¿éʹÓ÷½Ê½¡£

°²×°£º

ansibleÒÀÀµÓÚPython 2.6»ò¸ü¸ßµÄ°æ±¾¡¢paramiko¡¢PyYAML¼°Jinja2¡£

±àÒë°²×°

# yum -y install python-jinja2 PyYAML

python-paramiko python-babel python-crypto
# python setup.py build
# python setup.py install
# mkdir /etc/ansible
# cp -r examples/* /etc/ansible

×¢Ò⣺²»Í¬°æ±¾µÄansibleµÄ¹¦ÄܲîÒì¿ÉÄܽϴó¡£

ÎÒÕâÀï¾ÍÖ±½Óyum°²×°ÁË¡£

»·¾³£º

ϵͳ£º CentOS Linux release 7.1.1503 (Core)

Èí¼þ£º ansible-1.9.2-1.el7

¿´Ò»ÏÂËùÉú³ÉµÄÎļþ£º

/etc/ansible
/etc/ansible/ansible.cfg #ansibleÖ÷ÅäÖÃÎļþ¡£

Ò»°ã²»ÓÃÐ޸ģ¬Èç¹ûÏë×Ô¶¨Òåһϣ¬Çë¿´ÉÏÃæµÄÍøÖ·¡£
/etc/ansible/hosts #Ö÷ÅäÖÃÎļþÖÐËùÖ¸¶¨µÄÖ÷»úÇåµ¥Îļþ
/etc/ansible/roles #ÓÃÀ´¶¨ÒårolesµÄĿ¼
/usr/bin/ansible
/usr/bin/ansible-doc
/usr/bin/ansible-galaxy
/usr/bin/ansible-playbook
.....

Ê×ÏÈÎÒÃÇÐèÒªÔÚhostsÀïÃ涨Òå¸÷±»¹ÜÖ÷»ú¡£Õâ¸öÎļþ±»³ÆΪinventoryÎļþ¡£

[root@localhost ~]# vim /etc/ansible/hosts
[wserver]
172.16.40.11
172.16.40.12

[dbserver]
172.16.40.20

Õâ¸öÎļþÀïÃ涼ÊÇһЩ¶¨ÒåÖ÷»úµÄÀý×Ó£¬ÎÒÕâÀï°ÑËüÃÇ×¢ÊÍÁË£¬Ìí¼ÓÁËÉÏÃ漸¸ö¡£

inventoryÎļþ×ñÑ­INIÎļþ·ç¸ñ,ÖÐÀ¨ºÅÖеÄÊÇ×éÃû£¬¿ÉÒÔÓø÷¸ö×éÃû±íʾ¶à¸öÖ÷»ú¡£ Ò²¿ÉÒÔÓÃallÀ´±íʾËùÓÐÖ÷»ú¡£ µ±È»Ò²¿ÉÒÔʹÓõ¥¸öÖ÷»ú¡£Í¬Ò»¸öÖ÷»ú¿ÉÒÔ³öÏÖÔÚ¶à¸ö×éÖС£

´ËÍ⣬µ±ÈçÈôÄ¿±êÖ÷»úʹÓÃÁË·ÇĬÈϵÄSSH¶Ë¿Ú£¬»¹¿ÉÒÔÔÚÖ÷»úÃû³ÆÖ®ºóʹÓÃðºÅ¼Ó¶Ë¿ÚºÅÀ´±êÃ÷¡£

È磺 172.16.40.11:22022

×黹¿ÉÒÔ°üº¬ÆäËüµÄ×飬×éǶÌס£

ÔÚÕâÀïÈç¹ûËù¹ÜÀíÖ÷»úµÄϵͳ°æ±¾²»Ò»ÑùҲûÎÊÌ⣬ÒòΪansible»á¼ì²âÖ÷»úµÄϵͳ²ÎÊý²¢×ö³ö²»Í¬µÄÉèÖᣵ«²¢²»ÊǾø¶Ô²»»áÓÐÎÊÌâ¡£

ÿ´ÎÖ´ÐвÙ×÷»á·¢ËÍpython½Å±¾µ½¿Í»§¶ËµÄ ¶ÔÓ¦Óû§¼ÒĿ¼ÏµÄ.ansible/tmpĿ¼ÏÂÃæ¡£ ¾ßÌå×÷ÓÃÔÝʱ²»Çå³þ£¬¿ÉÄÜÊÇÓÃÀ´ÊÕ¼¯ÐÅÏ¢¡¢Ö´ÐÐÈÎÎñºÍµ÷Óñ¾µØµÄÃüÁîµÄ°É¡£

¶þ¡¢³£ÓÃÄ£¿é½éÉÜ£º

ÕâÀïÖ»Êdz£ÓõIJ¿·Ö£¬ÏêϸµÄ¿ÉÒÔÓÃansible-docÀ´²é¿´¡£Èç²é¿´Ò»ÏÂuserÄ£¿é¡£

[root@localhost ~]# ansible-doc -s user

´ø=ºÅµÄ±íʾ±ØÑ¡Ïî¡£

http://docs.ansible.com/ansible/modules

_by_category.html

user: Óû§¹ÜÀí

state={present|absent} #present±íʾ´´½¨£¬

absent±íʾɾ³ý¡£
force=yes #Ç¿ÖÆɾ³ýÓû§¡£ Ò»°ãÇé¿öÏÂÓû§

ÔÚÒѵǼ״̬ÏÂÊDz»ÄÜɾ³ýµÄ¡£Ï൱ÓÚuserdel -f
remove=yes #ÔÚɾ³ýÓû§µÄʱºò£¬Í¬Ê±É¾³ý¼Ò

Ŀ¼Óëmail spool¡£Ï൱ÓÚuserdel -r
system=yes #´´½¨µÄϵͳÓû§
uid #Ö¸¶¨uid
shell #Ö¸¶¨shell
password #ÓÃÀ´Ö¸¶¨ÃÜÂ룬ҪÓÃÒѼÓÃܵÄÃÜÂë¡£

ÉÏÃæµÄpasswordºóÃæµÄÃÜÂë¿ÉÒÔÓÃopenssl passwd À´Éú³É¡£µ«ÊǺÃÏñÖ»ÄÜÊÇmd5¼ÓÃܵġ£

[root@localhost ~]# openssl passwd --help
Usage: passwd [options] [passwords]
where options are
-crypt standard Unix password algorithm

(default)
-1 MD5-based password algorithm
.....

Àý£º

root@localhost ~]# openssl passwd -1
Password:
Verifying - Password:
$1$.0isU960$NDoCtqtkDBa2q9TQJYQml1

[root@localhost ~]# ansible all -m user -a

'name=test1 password="$1$.0isU960$NDoCtqtkD

Ba2q9TQJYQml1"'
172.16.40.11 | success >> {
"changed": true,
"comment": "",
"createhome": true,
"group": 1007,
"home": "/home/test1",
"name": "test1",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1007
}
.....

ɾ³ý£º

[root@localhost ~]# ansible all -m user -a

'name=test1 state=absent'

Óëuser²î²»¶à£¬¶øÇÒ²ÎÊýÒ²¾ÍÖ»ÓÐÕ⼸¸ö¡£

cron: ¹ÜÀícron¼Æ»®ÈÎÎñ

day # Day of the month the job should run

( 1-31, *, */2, etc )hour # Hour when the

job should run ( 0-23, *, */2, etc )
job # The command to execute. Required

if state=present.minute # Minute when the

job should run ( 0-59, *, */2, etc )
month # Month of the year the job should

run ( 1-12, *, */2, etc )name= # Description

of a crontab entry.state # Whether to ensure

the job is present or absent.user # The specific

user whose crontab should be modified.weekday

# Day of the week that the job should run

( 0-6 for Sunday-Saturday, *, etc )

ֻҪʹÓùýcron£¬ÎÒÏëÒ²²»Óùý¶à½âÊÍ°É¡£stateÓëÉÏÃæµÄÄ£¿éÒ»¸öÒâ˼£¬Ê±¼ä²ÎÊý²»Ð´±íʾ*¡£

nameÓÃÀ´ÃèÊöÈÎÎñ£¬andibleÒ²ÓÃËüÀ´Ê¶±ð¸÷¸öÌí¼ÓµÄÈÎÎñ£¬²ÅÄÜÓÃÀ´É¾³ý²»Í¬µÄÈÎÎñ¡£

Èç¹ûÓÐnameÏàͬµÄÈÎÎñ£¬»á¸²¸Ç¡£

Àý£º

[root@localhost ~]# ansible wserver -m cron -a

'name=sync_time minute=*/5 job="/sbin/ntpdate

172.16.0.1 > /dev/null;/sbin/hwclock -w"'

Á¬µ½Ò»Ì¨Ö÷»ú¿´Ò»ÏÂcrontab¡£

[root@localhost ~]# crontab -l
*/15 * * * * /sbin/ntpdate 172.16.0.1 >

/dev/null;/sbin/hwclock > /dev/null #Õâ¸ö

ÊÇÔ­À´¾ÍÓеġ£
#Ansible: sync_time #Õâ¸ö¾ÍÊÇÎÒÃǸÕÌí¼ÓµÄ¡£
*/5 * * * * /sbin/ntpdate 172.16.0.1 >

/dev/null;/sbin/hwclock -w

ɾ³ý£º

[root@localhost ~]# ansible wserver -m cron

-a 'name=sync_time state=absent'

²é¿´Ò»Ï£º

#Ansible: etc_tar
30 2 */2 * * /bin/tar -Jcf /var/backup/`/bin

/date +\%Y\%m\%d-\%H\%M`.tar.xz /etc

ping: ̽²âÖ÷»úÊÇ·ñÔÚÏß

[root@localhost ~]# ansible all -m ping

Õâ¸öÄ£¿éûÓвÎÊý£¬Ö»ÊÇÓÃÀ´Ì½²âÖ÷»úÊÇ·ñÔÚÏߵġ£

file: Îļþ¹ÜÀí

path= #±íʾÎļþ·¾¶£¬±ØÑ¡Ïî¡£
mode #±íʾÉèÖÃȨÏÞ
owner #ÊôÖ÷
group #Êô×é
state=directory #´´½¨Ä¿Â¼»òÐÞ¸ÄĿ¼ȨÏÞ¡£
state=touch #´´½¨Îļþ»òÐÞ¸ÄÎļþȨÏÞ¡£
state=file #ÐÞ¸ÄÎļþȨÏÞ¡£
state=link #´´½¨ÎļþµÄ·ûºÅÁ´½Ó¡£src=Ô´Îļþ path=Á´½ÓÎļþ
state=absent #ɾ³ýÎļþ»òĿ¼¡£

´´½¨Ä¿Â¼Êǵݹ鴴½¨µÄ£¬Ò²¾ÍÊÇ»á×Ô¶¯´´½¨ËùÐèµÄĿ¼¡£ ¶øÎļþ»òÁ´½ÓÎļþ¶¼²»ÐС£

Àý£º´´½¨Ä¿Â¼¡£

[root@localhost ~]# ansible wserver -m file

-a 'path=/var/backup/ state=directory'
[root@localhost ~]# ansible wserver -m file

-a 'path=/tmp/6/7/8/9 state=directory'

Àý£º´´½¨Á´½ÓÎļþ¡£°ÑetcĿ¼Á´½ÓÖÁ/tmp/etc¡£

[root@localhost ~]# ansible wserver -m file

-a 'path=/tmp/etc src=/etc state=link'

copy: ¸´ÖÆÎļþ

content #´úÌæsrc£¬ÉèÖÃÎļþÖеÄÄÚÈÝΪָ¶¨µÄÄÚÈÝ¡£

Èç¹ûÄ¿±êÎļþ²»´æÔÚ£¬Ôò×Ô¶¯´´½¨Ëæ»úÃû³ÆÎļþ¡£
#Èç¹ûÔ­À´ÎļþÓÐÊý¾Ý£¬Ôò¸²¸Ç¡£ ÔÝʱ²»ÖªµÀÓÐʲôÓá£
src #Ô´Îļþ·¾¶¡£
owner #ÊôÖ÷¡£
group #Êô×é¡£
mode #ȨÏÞ¡£
dest= #Ä¿±ê·¾¶¡£
backup #¸²¸ÇÎļþ֮ǰ£¬Ïȱ¸·Ý¡£ yes/no

Àý£º °Ñ/etc/nginxĿ¼¸´ÖƵ½Ô¶³ÌÖ÷»úµÄ/etc/ÏÂÃæ¡£

[root@localhost ~]# ansible wserver -m copy

-a 'src=/etc/nginx dest=/etc/'

Àý£º¸´ÖƱ¾µØµÄ/home/star/httpd.confÎļþµ½Ô¶³ÌÖ÷»úµÄ/e

ansible wserver -m copy -a 'src=/home/star/

httpd.conf owner=root group=root mode=644

dest=/etc/httpd/conf/'

tc/httpd/conf/Ŀ¼Ï£¬²¢ÐÞ¸ÄȨÏÞ¡£

Àý£º ÐÞ¸ÄÔ¶³ÌÖ÷»úµÄ/var/listenÎļþÄÚÈÝΪ, µÚÒ»ÐÐlisten=80 µÚ¶þÐÐlisten=8080

[root@localhost ~]# ansible wserver -m copy -a 'content="listen=80\nlisten=8080\n"

dest=/var/listen'

²é¿´Ò»ÏÂÔ¶³ÌÖ÷»úµÄÕâ¸öÎļþ£º

[root@localhost ~]# ssh 172.16.40.11 'cat /var/listen'
listen=80
listen=8080

template£ºÄ£°å¸´ÖÆÎļþ

Ò²ÊÇÓÃÀ´¸´ÖÆÊý¾ÝµÄ£¬Ö»²»¹ýÎļþÖеÄÊý¾Ý¿ÉÒÔÓñäÁ¿Ìæ»»£¬Îª²»Í¬µÄÖ÷»ú¸½¼Ó²»Í¬µÄ±äÁ¿£¬»á°ÑÎļþÖж¨ÒåµÄ±äÁ¿ÔÚ·¢ËÍ֮ǰת»»Îª¸ø¶ÔÓ¦Ö÷»úËù¶¨ÒåµÄ±äÁ¿µÄÖµ£¬Ò²¾Í¿ÉÒÔʵÏÖ²»Í¬µÄÖ÷»úËù¸´ÖƵÄÎļþÖеÄÊý¾ÝÊDz»Í¬µÄ¡£

¶øͬ×éÖÐÖ÷»ú¶¨Ò岻ͬµÄ±äÁ¿¿ÉÒÔͨ¹ý¶¨ÒåÖ÷»ú±äÁ¿À´ÊµÏÖ

Ö÷»ú±äÁ¿£º¶¨ÒåÔÚinventoryÖеÄÖ÷»úÖ®ºóµÄ±äÁ¿

È磺

[wserver]
172.16.40.11 port=8800
172.16.40.12 port=8888

Òª¸´ÖƵÄÔ´ÎļþÖÐÒýÓñäÁ¿¿ÉÒÔÕâÑù£º Listen {{ port }}

µ«ÎÒÕâÀïºÃÏñ˵µ±Ç°°æ±¾ÖÐtemplate²»Ö§³ÖÃüÁîÐÐʹÓÃ

[root@localhost ~]# ansible wserver -m

template -a 'src=/home/star/http.conf

dest=/etc/httpd/conf'
172.16.40.11 | FAILED => in current versions

of ansible, templates are only usable in

playbooks
172.16.40.12 | FAILED => in current versions

of ansible, templates are only usable in playbooks

Ò»»á¶ùÔÚplaybooksµÄʱºòÔÙÀ´ËµÃ÷templateÄ£¿é¡£ ÆäËü±äÁ¿Ò²ÔÚÄÇÀï˵Ã÷¡£

yum: yum°²×°Èí¼þ£¬Ò²ÓÐapt,zypper¡£

conf_file #É趨Զ³Ìyum°²×°Ê±ËùÒÀÀµµÄÅäÖÃÎļþ¡£

ÈçÅäÖÃÎļþûÓÐÔÚĬÈϵÄλÖá£
disable_gpg_check #ÊÇ·ñ½ûÖ¹GPG checking£¬

Ö»ÓÃÓÚ`present' or `latest'¡£
disablerepo #ÁÙʱ½ûֹʹÓÃyum¿â¡£ Ö»ÓÃÓÚ°²×°»ò¸üÐÂʱ¡£
enablerepo #ÁÙʱʹÓõÄyum¿â¡£Ö»ÓÃÓÚ°²×°»ò¸üÐÂʱ¡£
name= #Ëù°²×°µÄ°üµÄÃû³Æ
state #present°²×°£¬ latest°²×°×îеÄ, absent жÔØÈí¼þ¡£
update_cache #Ç¿ÖƸüÐÂyumµÄ»º´æ¡£

Àý£º°²×°httpd¡£

ÕâÀïÖ»ÊÇ˵Ã÷Ò»ÏÂconf_fileµÄÓ÷¨£¬yumµÄ²Ö¿âÎļþûÓÐÔÚ/etc/yum.repos.d/Ŀ¼ÏµĻ°¡£

[root@localhost ~]# ansible wserver -m yum

-a 'name=httpd state=present conf_file="

/root/local.repo"'

Èç¹û¿â±¾À´ÊǽûֹʹÓõģ¬¾ÍÒªÓÃenablerepoÀ´ÁÙʱʹÓÃÕâ¸ö¿â¡£

ÕâÀïµÄyum¿âÎļþÒѾ­ÔÚ/etc/yum.repos.d/Ŀ¼ÏÂÁË£¬²»ÐèÒªconf_fileÖ¸¶¨ÅäÖÃÎļþÁË¡£

[root@localhost html]# ansible wserver -m

yum -a 'name=httpd state=present enablerepo=local'

ÕâÀïµÄ¿âID ¾ÍÊÇlocal.

жÔØ£º


[root@localhost html]# ansible wserver -m

yum -a 'name=httpd state=absent'

×¢Ò⣺·µ»ØµÄÊý¾ÝµÄ "changed": true,

°²×°°ü×飬ֻҪÔÚÃû³ÆÇ°Ãæ¼ÓÉÏ@¾Í¿ÉÒÔÁË¡£

È磺°²×°¿ª·¢¹¤¾ßµÄ°ü×飺

[root@localhost html]# ansible dbserver

-m yum -a 'name="@Development Tools" state=present'

service: ·þÎñ³ÌÐò¹ÜÀí

arguments #ÃüÁîÐÐÌṩ¶îÍâµÄ²ÎÊý
enabled #ÉèÖÿª»úÆô¶¯¡£
name= #·þÎñÃû³Æ
runlevel #¿ª»úÆô¶¯µÄ¼¶±ð£¬Ò»°ã²»ÓÃÖ¸¶¨¡£
sleep #ÔÚÖØÆô·þÎñµÄ¹ý³ÌÖУ¬ÊÇ·ñµÈ´ý¡£

ÈçÔÚ·þÎñ¹Ø±ÕÒÔºóµÈ´ý2ÃëÔÙÆô¶¯¡£
state #startedÆô¶¯·þÎñ£¬ stoppedÍ£Ö¹·þÎñ£¬

restartedÖØÆô·þÎñ£¬ reloadedÖØÔØÅäÖá£

Æô¶¯httpd·þÎñ£º

[root@localhost html]# ansible all -m service

-a 'name=httpd state=started'

ÉèÖÿª»úÆô¶¯£º

[root@localhost ~]# ansible all -m service

-a 'name=httpd enabled=yes'

ÖØÆô·þÎñ£º

[root@localhost ~]# ansible all -m service

-a 'name=httpd sleep=2 state=restarted'

command: Ö±½ÓÖ´ÐÐÃüÁĬÈÏÄ£¿é£¬¿ÉÒÔ²»ÓÃÖ¸¶¨¡£

ÏÔʾËùÓÐÖ÷»úʱ¼ä£º

[root@localhost ~]# ansible all -a 'date'
172.16.40.20 | success | rc=0 >>
Thu Feb 11 16:04:37 CST 2016

172.16.40.12 | success | rc=0 >>
Thu Feb 11 16:04:37 CST 2016

172.16.40.11 | success | rc=0 >>
Thu Feb 11 16:04:37 CST 2016

Õâ¸öÄ£¿éÓëshell²î²»¶à£¬µ«ÊDz»ÄÜÖ´ÐйܵÀÀàµÄ²Ù×÷£¬È磺

»¹Óе㲻ͬÊÇ£¬commandÊÇÔÚµ±Ç°shellËùÖ´ÐеÄÃüÁ¶øshellÊÇÔÚ×ÓshellÖÐÖ´ÐеÄÃüÁî¡£µ«ÊÇÔÚ±»¿Ø¶ËºÍ¹ÜÀí¶ËÓÃpstree²é¿´½ø³ÌµÄʱºò£¬È´Ò²Ã»·¢ÏÖ²»Ò»ÑùµÄ¡£Õâ¸ö˵·¨ÏÖÔÚÊÇÓе㲻Ã÷°×¡£

shell: Ö±½ÓÖ´ÐÐÃüÁ²ÎÊýÒ»°ãÒ²Óò»µ½¡£

Õâ¸ö¿ÉÒÔÖ´ÐйܵÀÀàµÄÃüÁÈ磺

script£º·¢Ëͽű¾µ½¸÷±»¹ÜÀí½Úµã£¬²¢Ö´ÐС£Í¬Ñù²»ÐèÒª²ÎÊý¡£

[root@localhost ~]# ansible all -m script -a 'test.sh'

Ö±½ÓÔÚ-a ºóÃæÖ¸¶¨½Å±¾¼´¿É¡£

selinux£º ¹ÜÀíselinux¡£

conf #Ö¸¶¨Ó¦ÓÃselinuxµÄÅäÖÃÎļþ¡£
state=enforcing|permissive|disabled

#¶ÔÓ¦ÓÚselinuxÅäÖÃÎļþµÄSELINUX¡£
policy=targeted|minimum|mls #¶ÔÓ¦ÓÚ

selinuxÅäÖÃÎļþµÄSELINUXTYPE

¹Ø±Õselinux:

[root@localhost ~]# ansible all -m

selinux -a 'state=disabled'

ÔÚselinux´¦ÓÚenforceing״̬ϵÄʱºòºÃÏñÖ»ÄÜÓÃpermissive¡£

ÔÚstate·ÇdisabledµÄÇé¿öϱØÐëÒªÖ¸¶¨policy¡£

setup£º»ñÈ¡Ö¸¶¨Ö÷»úµÄfacts¡£

factsÊÇÓÉÕýÔÚͨÐŵÄÔ¶³ÌÄ¿±êÖ÷»ú·¢»ØµÄÐÅÏ¢£¬ÕâЩÐÅÏ¢±»±£´æÔÚansible±äÁ¿ÖС£

[root@localhost ~]# ansible 172.16.40.11 -m setup

·µ»ØºÜ¶à¶ÔÓ¦Ö÷»úµÄÐÅÏ¢£¬ÔÚºóÃæµÄ²Ù×÷ÖпÉÒÔ¸ù¾Ý²»Í¬µÄÐÅÏ¢À´×ö²»Í¬µÄ²Ù×÷¡£ÈçredhatϵÁÐÓÃyum°²×°£¬¶ødebianϵÁÐÓÃaptÀ´°²×°Èí¼þ¡£

Èý¡¢playbook¡£

playbook¾ÍÊÇÒ»¸öÓÃyamlÓï·¨°Ñ¶à¸öÄ£¿é¶ÑÆðÀ´µÄÒ»¸öÎļþ¶øÒÑ¡£

yaml£º http://www.yaml.org

3.1: ½á¹¹½éÉÜ

playbooksºËÐÄÔªËØ£º

Tasks ¶¨ÒåÈÎÎñ

Variables ¶¨Òå±äÁ¿

Templates ¶¨ÒåÄ£°å

Handlers Notify ´¦Àí

Roles

³ýÁ˺ËÐÄÔªËØÒÔÍ⻹ÓжîÍâµÄÔªËØ£¬¶øÿ¸öÔªËØÒ²°üº¬Á˶ÀÓеÄÔªËØ¡£

YAML²Î¿¼Á˶àÖÖÓïÑÔ£¬ÆäÖоÍÓÐpython¡£ËùÒÔÔÚдplaybookµÄʱºò£¬¶ÎÂäËõ½øºÜÖØÒª¡£

¿´Ò»ÏÂÏÂÃæÕâ¸öÀý×Ó£¬×îÍâΧ¾ÍÊÇÖ÷ÒªµÄÔªËØ£¬¶ø¸÷¸öÖ÷ÔªËØÀïÃ滹Óи÷¸ö×ÓÔªËØ¡£

ÿһ¸ö-¿ªÊ¼±íʾһ¸öÁбíµÄ¿ªÊ¼£¬µ½ÏÂÒ»¸ö-֮ǰ½áÊø£¬Ò²¿ÉÒÔ˵ÕâÖ®¼ä¾ÍÊÇÒ»¸öÏîÄ¿£¬Ò»³öÏ·¡£

¸÷¸öÁбíÖ®¼äÊÇûÓйØϵµÄ£¬ÎÒÃÇÖ»ÒªÇø·Ö¿ªÒ²¾Í²»»ìÂÒÁË¡£tasksÀïÃæ¾ÍÊÇÄ£¿éµÄʹÓÃÁË£¬ËùÒÔÕûÌåÀ´Ëµ½á¹¹»¹ÊǺÜÖ±¹ÛµÄ¡£

- hosts: 172.16.100.68 #¶¨ÒåÖ÷»ú
vars: #¶¨Òå±äÁ¿
var1: value
var2: value
tasks: #¶¨ÒåÈÎÎñ
- name: #ÈÎÎñÃû³Æ¡£
#ÕâÀï¾Í¿ÉÒÔ¿ªÊ¼ÓÃÄ£¿éÀ´Ö´ÐоßÌåµÄÈÎÎñÁË¡£
- name:

- name:

handlers: #¶¨Òå´¥·¢Í¨ÖªËù×÷µÄ²Ù×÷¡£

ÀïÃæÒ²ÊǸútasksÒ»Ñù£¬ÓÃÄ£¿é¶¨ÒåÈÎÎñ¡£
- name:

remote_user: #Ô¶³ÌÖ÷»úÖ´ÐÐÈÎÎñʱµÄÓû§¡£

Ò»°ã¶¼ÊÇroot£¬Ò»°ãÒ²²»ÓÃÖ¸¶¨¡£
- hosts: 172.16.100.69
vars:
tasks:
handlers:
remote_user:

-±íʾһ¸öÁбíµÄ¿ªÊ¼£¬Ò»¸öÁбí±íʾһ¸ö¶ÀÁ¢µÄÕûÌå½á¹¹£¬¶øÁбíÀïÃæµÄÔªËØ(±íÏÊÇÓÉ×Öµä×é³ÉµÄ£¬×ÖµäÖд洢µÄ¾ÍÊǸ÷¸öÒª¶¨ÒåµÄ¼üÖµ¡£È磺tasksÊÇ×ÖµäµÄ¼ü£¬ÀïÃæµÄ¸÷²¿·ÖÊÇÖµ¡£Ö»²»¹ýÕⲿ·ÖͬʱÓÖÊÇÁÐ±í¡£

varsÊÇÓÃÀ´¶¨Òå±äÁ¿µÄ£¬ËùÒÔÀïÃæµÄ¸÷±äÁ¿¶¼ÊÇ×Öµä¶ø²»ÊÇÁÐ±í¡£Ö»²»¹ývarsÊÇ×ÖµäµÄ¼ü£¬ÀïÃæµÄÁ½ÏîÊÇ×ÖµäµÄÖµ£¬¶øÕâ¸öֵͬÑùÒ²ÊÇ×ֵ䡣

ÍøÉÏÓеÄ˵ÿһ¸ö-±íʾһ¸ö±íÏî¡£²»¹ýÒâ˼²î²»¶à£¬Ö»²»¹ý×îÍâΧ¼ÓÁËÒ»¸öÁбí¶øÒÑ¡£²»¹ýÕâÑùºÃÂÒ°¡¡£

ÕâÀï¸úʹÓÃûÓйØϵ£¬Èç¹û¸Ð¾õ»ìÂҾͲ»ÓùÜÁË¡£Á˽âÒ»ÏÂpythonµÄ»°Ò²¾ÍÈÝÒ×Àí½âÁË¡£

½á¹¹²î²»¶àÒ²¾ÍÊÇÕâÑùÁË£¬À´²¹³äµã£º

¸÷×ÖµäÏîµÄ¼üðºÅÓëÖµÖ®¼äÒªÓпոñ¡£ È磺hosts: abc

×ÖµäÏîÒªÓë-Ö®¼äÓпոñ¡£±íʾÔڽṹÄÚ¡£²¢²»ÊÇ˵HostsÌØÊâÒªÔÚ-µÄºóÃæ¡£ ËüÒ²¿ÉÒÔÔÚÏÂÃæµÄÒ»ÐпªÊ¼¡£È磺


hosts:
tasks:

-±íʾÁбíµÄ¿ªÊ¼£¬ºóÃæµÄhosts¸úÏÂÃæµÄvarsÖ®ÀàµÄ¶¼ÊÇͬһ¼¶¡£²»¹ýҪעÒâÇ°Ã涼ҪÓÐÁ½¸ö¿Õ¸ñµÄËõ½ø£¬±íʾÔڴ˽ṹÄÚ¡£¾ÍºÃÏñÊǵÚÒ»¼¶½á¹¹Îª- £¬ ÿ¶þ¼¶½á¹¹ÓëµÚÒ»¼¶½á¹¹Ö®¼äÒªÓÿոñ¸ô¿ª¡£

3.2:±äÁ¿

±äÁ¿Ãû½öÄÜÓÉ×Öĸ¡¢Êý×ÖºÍÏ»®Ïß×é³É£¬ÇÒÖ»ÄÜÒÔ×Öĸ¿ªÍ·¡£

±äÁ¿ÖÖÀࣺ

1¡¢facts£ºÓÉÔ¶³ÌÖ÷»ú·¢»ØµÄÖ÷»úÊôÐÔÐÅÏ¢£¬ÕâЩÐÅÏ¢±»±£´æÔÚansible±äÁ¿ÖУ»ÎÞÐ붨Ò壬¿ÉÖ±½Óµ÷Óã»

2¡¢×Ô¶¨Òå±äÁ¿£º

2.1¡¢Í¨¹ýÃüÁîÐд«µÝ£º ansible-playbook Ö¸ÁîºóÃæÖ¸¶¨±äÁ¿£º--extra-vars "var1= var2=" £¬¼òд -e ¡°vars="

2.2¡¢Í¨¹ýroles´«µÝ

2.3¡¢Ö÷»ú±äÁ¿£º¶¨ÒåÔÚinventoryÖеÄÖ÷»úÖ®ºóµÄ±äÁ¿

2.4¡¢×é±äÁ¿£º¶¨ÒåÔÚinventoryÖеÄ×éÉϵıäÁ¿¡£È磺

[wserver]
172.16.40.11 port=8800
172.16.40.12 port=8888

[wserver:vars]
port=80

[dbserver]
172.16.40.20

[dbserver:vars]
port=3306

2.5¡¢ÔÚplaybookµÄvarsÔªËØÏÂÃ涨Òå±äÁ¿.

3.3 ʹÓãº

ʵÏÖÄ¿±ê£º

1¡¢wserver×éÖ÷»ú°²×°httpd¡£

2¡¢¸´ÖƱ¾»úÒÑÅäÖúõÄhttpdÅäÖÃÎļþµ½¸÷Ö÷»ú¡£

3¡¢Æô¶¯httpd£¬²¢ÉèÖÿª»úÆô¶¯¡£

[root@localhost ~]# vim httpd.yml

- hosts: wserver
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: copy httpd configuration
copy: src=/root/httpd dest=/etc/
- name: start httpd
service: name=httpd state=started
- name: boot httpd start
service: name=httpd enabled=yes

Ö´Ðйý³Ì¡£ÓÃansible-playbookÀ´Ö´ÐÐplaybookÎļþ¡£ÎļþÀ©Õ¹ÃûËæÒ⣬ÎÒÕâÀïÏ°¹ßÓÃymlÁË¡£

***±íʾ·¢Éú±ä»¯£¬ÂÌÉ«±íʾδ±ä»¯£¬ºìÉ«±íʾ´íÎó¡£ ok=5 changed=4 ±íʾÍê³ÉÁË5¸ö£¬ÆäÖÐ4¸ö·¢Éú±ä»¯¡£

²é¿´httpdÊÇ·ñÆô¶¯£º

[root@localhost ~]# ansible wserver -m shell

-a 'ss -tnlp' #Ö±½Ó²é¿´ÐÅÏ¢£¬µ«¶àÁËÒԺ󡣡£¡£
[root@localhost ~]# ansible wserver -m shell

-a 'ss -tnlp' | grep httpd | wc -l #¿ÉÒÔÖ±½ÓÓÃ

wcÀ´¼ÆÊý¡£

ÊÇ·ñ¿ª»úÆô¶¯£º

[root@localhost ~]# ansible wserver -m shell

-a 'systemctl status httpd'
»òÕߣº
[root@localhost ~]# ansible wserver -m shell

-a 'systemctl status httpd' | grep enabled | wc -l

Ìõ¼þÅжϣº

Èç¹ûÒª¹ÜÀíÓÐÖ÷»úÖÐÓв»Í¬ÏµÁеÄϵͳ£¬ÕâÀïÖ»ÊÇ×ö¸ö±ÈÓ÷¡£Õý³£Çé¿öÏÂÓ¦¸ÃÁ¬ÏµÍ³°æ±¾¶¼ÊÇÏàͬµÄ¡£

±ÈÈçÓÐһ̨ubuntuµÄÖ÷»ú£¬ÒòΪËüµÄÈí¼þ¹ÜÀíÓõÄÊÇapt-get¡£ÔÚansibleÀïÃæÊÇÓÃaptÄ£¿éÀ´²Ù×÷µÄ¡£¶øÇÒÅäÖÃÎļþÒ²²»Ò»Ñù£¬Èí¼þµÄÃû³ÆÒ²²»Ò»Ñù£¬·þÎñ½Å±¾Ò²²»Ò»Ñù¡£¶î£¬¸´ÔÓÁ˺ÃÏñ¡£

Ö»ÒªÔÚÒ»¸öÈÎÎñµÄ×îºó¼ÓÉÏwhen¾Í¿ÉÒÔÁË£¬Òâ˼ÊÇ˵ֻÓе±ºóÃæµÄÌõ¼þÂú×ãµÄʱºò²ÅÖ´ÐдËÈÎÎñ¡£

Ìõ¼þ±äÁ¿¾ÍÊÇfactsÀàµÄ±äÁ¿¡£¿ÉÒÔÓÃansible Ö÷»ú -m setupÀ´²é¿´£¬ÉÏÃæÄ£¿é²¿·ÖҲ˵ÁË¡£¿ÉÒÔÓÃansible_os_familyÕâ¸ö±äÁ¿¡£

- hosts: wserver
remote_user: root
tasks:
- name: install httpd redhat
yum: name=httpd state=present
when: ansible_os_family == "RedHat"
- name: copy httpd configuration
copy: src=/root/httpd dest=/etc/
when: ansible_os_family == "RedHat"

- name: install apache2 debian
apt: name=apache2 state=present
when: ansible_os_family == "Debian"
- name: copy apache2 configuration
copy: src=/root/apache2 dest=/etc/
when: ansible_os_family == "Debian"

- name: start httpd
service: name=httpd state=started
when: ansible_os_family == "RedHat"
- name: boot httpd start
service: name=httpd enabled=yes
when: ansible_os_family == "RedHat"


- name: start apache2
service: name=apache2 state=started
when: ansible_os_family == "Debian"
- name: boot apache2 start
service: name=apache2 enabled=yes
when: ansible_os_family == "Debian"

Ö´ÐÐЧ¹û£º

ÕâÀïÒòΪapache2µÄÅäÖÃÎļþûÓÐÐ޸ģ¬Óë°²×°Íê³ÉËùÉú³ÉµÄÅäÖÃһģһÑù£¬Í¨¹ý¼ìÑé·¢ÏÖÒ»Ñù¾Í²»»áÔÙ¸´ÖÆÁË¡£ËùÒÔÊÇÂÌÉ«µÄ×Ö¡£

ÓÐûÓз¢ÏÖÕâÑùÂé·³µÄ²»ÊÇÒ»ÐÇ°ëµã°¡¡£

ÔÙÌùÒ»¸öɾ³ýÕâЩÈí¼þµÄ£º

- hosts: wserver
remote_user: root
tasks:
- name: stop httpd
service: name=httpd state=stopped
when: ansible_os_family == "RedHat"
- name: erase httpd
yum: name=httpd state=absent
when: ansible_os_family == "RedHat"
- name: erase /etc/httpd
file: path=/etc/httpd state=absent
when: ansible_os_family == "RedHat"

- name: stop apache2
service: name=apache2 state=stopped
when: ansible_os_family == "Debian"
- name: erase apache2
apt: name=apache2 state=absent purge=yes
when: ansible_os_family == "Debian"
- name: erase /etc/apache2
file: path=/etc/apache2 state=absent
when: ansible_os_family == "Debian"

±êÇ©£º

ÓÐʱºòÖ»ÏëÓÃÕâ¸öÎļþÖеĸ´ÖÆÅäÖÃÎļþµÄ¹¦ÄÜ£¬¶ø²»ÏëÔÙÿһÏ¼ì²é£¬ËäȻҲûʲôÎÊÌâ¡£

- hosts: wserver
remote_user: root
tasks:
- name: install httpd redhat
yum: name=httpd state=present

- name: copy httpd configuration
copy: src=/root/httpd dest=/etc/
tags: config #¼ÓÁËÒ»¸ötags.

- name: start httpd
service: name=httpd state=started

- name: boot httpd start
service: name=httpd enabled=yes

 

ÎÒÕâÀïµÄhttpd¸øÖØа²×°ÁË£¬ËùÒÔÅäÖÃÎļþÊDz»Í¬µÄ£¬²Å»áÏÔʾchanged¡£²»È»»áÊÇÂÌÉ«µÄok¡£

ÏÖÔÚÖ»Ö´ÐÐÁËconfig±ê·ûËùÖ¸¶¨µÄÈÎÎñÁË¡£ ÎÒÕâÀïÍüÁË°ÑhostsÎļþÖеÄ172.16.40.1È¥µôÁË¡£

ÄÇô¸´ÖÆÍêÅäÖÃÎļþÒÔºóÓ¦¸ÃÖØÔØÅäÖÃÎļþ²Å¶Ô¡£¿ÉÊǾÍËãÔÙÌí¼ÓÒ»¸öÈÎÎñ£¬ÒòΪÎÒÃÇÖ¸¶¨Á˱êÇ©Ò²²»»áÖ´ÐС£ÄÇô¾Í¿ÉÒÔÓÃhandlersÀ²¡£

handlers£º

Ò²ÊÇtaskÈÎÎñ£¬µ«Ö»ÓÐÆä¹Ø×¢µÄÌõ¼þÂú×ãʱ£¬²Å»á±»´¥·¢Ö´ÐС£ÕâÀïµÄÌõ¼þÆäʵ¾ÍÊÇ·¢ÉúÐ޸ġ£

Èç¹ûÎÒÃǸ´ÖÆÅäÖÃÎļþºÍÔ¶³ÌÖ÷»úÉϵÄÒ»Ñù£¬ÄǾͲ»»á´¥·¢ÁË¡£

- hosts: wserver
remote_user: root
tasks:
- name: install httpd redhat
yum: name=httpd state=present

- name: copy httpd configuration
copy: src=/root/httpd dest=/etc/
notify: reload httpd #Ìí¼ÓÁËÒ»ÐÐÕâ¸ö¡£

ÓÃÒÔ´¥·¢Ãû³ÆΪreload httpdµÄhandlers¡£
tags: config

- name: start httpd
service: name=httpd state=started

- name: boot httpd start
service: name=httpd enabled=yes
handlers:
- name: reload httpd
service: name=httpd state=reloaded

ÏÖÔÚÅäÖÃÎļþûÓÐÐÞ¸Ä֮ǰ£º

ÐÞ¸ÄÖ®ºó£º

templates£º

ÓÃÓÚÉú³ÉÎı¾Îļþ£¨ÅäÖÃÎļþ£©£»Ä£°åÎļþÖпÉʹÓÃjinja2±í´ïʽ£¬±í´ïʽҪ¶¨ÒåÔÚ{{ }}£¬Ò²¿ÉÒÔ¼òµ¥µØ½öÖ´ÐбäÁ¿Ìæ»»£»ÎÒÃÇÕâÀïÒ²Ö»À´ÑÝʾһϱäÁ¿Ìæ»»µÄ¡£

ÈçÎÒÏë¸ø²»Í¬µÄÖ÷»úµÄÅäÖÃÎļþËù¼àÌýµÄ¶Ë¿Ú²»Ò»Ñù¡£

¿ÉÒÔͨ¹ýÖ÷»ú±äÁ¿£¬¶¨Òå/etc/ansible/hostsÎļþ£º

[wserver]
172.16.40.11 port=8800
172.16.40.12 port=8888

ÐÞ¸ÄÒª¸´ÖƹýÈ¥µÄÅäÖÃÎļþ£¬

Listen {{ port }} #httpdµÄÅäÖÃÎļþ£¬

listenÓÃÀ´¼àÌý¶Ë¿Ú¡£ÔÚ¸´ÖÆ֮ǰansible»á°Ñ

{{ port }}Ì滻Ϊ¶ÔÓ¦Ö÷»úËùÉèÖõıäÁ¿Öµ¡£

ÏÖÔÚµÄplaybookÎļþ£ºÎªÁ˽Úʡƪ·ù£¬ÎÒÕâÀï°ÑÏÖÔÚÓò»µ½¶¼É¾ÁË¡£¶øÒòΪÊÇÐ޸Ķ˿ڣ¬ËùÒÔ°Ñreload¸Ä³ÉÁËrestart¡£

- hosts: wserver
remote_user: root
tasks:
- name: template httpd configuration
template: src=/root/httpd/conf/httpd.conf

dest=/etc/httpd/conf/ #srcºÃÏñ²»ÄÜÔÙָĿ¼ÁË¡£
notify: restart httpd

handlers:
- name: restart httpd
service: name=httpd state=restarted

һ̨Ö÷»ú¼àÌýÔÚ8800£¬Ò»Ì¨Ö÷»ú¼àÌýÔÚ8888¡£

µü´ú£º

Èç¹ûÏëÒªÅúÁ¿´´½¨¶à¸öÓû§Ôõô°ì£¬µ±È»ÓÃscriptÄ£¿é×î¼òµ¥ÁË£¬²»¹ýÕâÀïÒ²Ö»ÊÇÀ´ËµÃ÷Ò»ÏÂÎÊÌâ¶øÒÑ£º

ÔÚtaskÖе÷ÓÃÄÚÖõÄitem±äÁ¿£»ÔÚij¸ötaskºóÃæʹÓÃwith_itemsÓï¾äÀ´¶¨ÒåÔªËØÁÐ±í£»

- hosts: wserver
remote_user: root
tasks:
- name: create test user
user: name={{ item }} state=present
with_items:
- test1
- test2
- test3
- test4

¶øÉÏÃæËùÖ¸¶¨item»¹¿ÉÒÔÓÐ×Ó¼¯£¬ ¿ÉÒÔÓÃ×ÖµäÀ´±íʾitemÖеĸ÷¸ö¼üÖµ£¬¶ø²»Ö»ÊÇÓñíʾµ¥¸öÖµ¡£

È磺

- hosts: wserver
remote_user: root
tasks:
- name: create test user
user: name={{ item.user }} group={{ item.group }}

state=present
with_items:
- { user: "test10", group: "root" }
- { user: "test11", group: "root" }
- { user: "test12", group: "root" }

һֱûÓнéÉÜvars×Ô¶¨Òå±äÁ¿£¬ÕâÀïÎÒÃÇÀ´¿´Ò»Ï¡£

ÕâÑùÏë´´½¨Ê²Ã´Óû§£¬¾Í¿ÉÒÔÖ±½ÓÐÞ¸ÄvarsÀïÃæµÄ±äÁ¿¾Í¿ÉÒÔ¡£

ËÄ¡¢roles¡£

rolesÖ»ÊÇ°ÑÈÎÎñ¸ø·ÖÀë³öÈ¥ÁË¡£Ö»ÒªÔÚplaybookÎļþÖе÷ÓôËrole¾Í¿ÉÖ´ÐÐÕâЩÈÎÎñ¡£

ÈçÎÒÃǶ¨ÒåÁËÒ»¸öºÜ¸´ÔÓµÄÈÎÎñ£¬µ«ÊÇÒªÓÃÔÚÁíÍâµÄÖ÷»ú×é»òÖ»ÏëÓÃÓÚµ¥Ì¨Ö÷»úµÄʱºò¾ÍÒªÐÞ¸ÄÕâ¸öÎļþ£¬×ÜÐÞ¸ÄÒ²²»ÊÇ°ì·¨¡£ ¿ÉÒÔ¸´Öƶà·Ý£¬µ«ÓÐʱºòÒ²²»¹»Áé»î¡£

ËùÒԾͿÉÒÔÓÃrole°ÑÈÎÎñÖ÷Ìå·ÖÀë³öÀ´£¬Ö»ÔÚplaybookÖÐдһЩ¶îÍâµÄ¶«Î÷£¬Èç±äÁ¿£¬Ö÷»úµÈµÈ¡£

rolesÓÃÓÚʵÏÖ¡°´úÂ븴Óᱡ£

rolesÒÔÌض¨µÄ²ã´ÎÐ͸ñʽ×éÖ¯ÆðÀ´playbookÖеĸ÷Ö÷ÔªËØ£¨vars, tasks, handlers£©¡£Ã¿Ò»¸öÖ÷ÔªËض¼ÒÔÒ»¸öĿ¼À´±íʾ¡£

¸÷Ŀ¼ÈçÏ£º

files£º´Ë½ÇÉ«ÖÐÓõ½µÄËùÓÐÎļþ¾ù·ÅÖÃÓÚ´ËĿ¼ÖУ» ¶ÔÓ¦ÓÚcopyÄ£¿é¡£

templates£ºJinja2Ä£°åÎļþ´æ·ÅλÖÃ; ¶ÔÓ¦ÓÚtemplateÄ£¿é¡£

tasks£ºÈÎÎñÁбíÎļþ£»ÀïÃæ¿ÉÒÔÓжà¸öÎļþ£¬µ«ÖÁÉÙÓÐÒ»¸ö½Ð×ömainµÄÎļþ£»

handlers£º´¦ÀíÆ÷ÁбíÎļþ£»ÀïÃæ¿ÉÒÔÓжà¸öÎļþ£¬µ«ÖÁÉÙÓÐÒ»¸ö½Ð×ömainµÄÎļþ£»

vars£º±äÁ¿×ÖµäÎļþ£»ÀïÃæ¿ÉÒÔÓжà¸öÎļþ£¬µ«ÖÁÉÙÓÐÒ»¸ö½Ð×ömainµÄÎļþ£»

meta£º´Ë½ÇÉ«µÄÌØÊâÉ趨¼°ÒÀÀµ¹Øϵ£»

ÔÚ/etc/ansible/roles/Ŀ¼ÏÂÃæµÄĿ¼¾ÍÊǸ÷¸öµ¥¶ÀµÄrule¡£µ÷ÓõÄʱºòÖ±½Óµ÷ÓÃĿ¼Ãû³Æ¡£

[root@localhost createweb]# pwd
/etc/ansible/roles/createweb
[root@localhost createweb]# ls
files handlers meta tasks templates vars
[root@localhost createweb]# tree -L 2
.
©À©¤©¤ files #´æ·ÅcopyÓõ½µÄÎļþ¡£
©¦ ©À©¤©¤ config
©¦ ©À©¤©¤ httpd
©¦ ©À©¤©¤ index.php
©¦ ©À©¤©¤ iptables.bak.conf
©¦ ©¸©¤©¤ rc.local
©À©¤©¤ handlers #¶¨Òåhandlers¡£
©¦ ©¸©¤©¤ main
©À©¤©¤ meta
©À©¤©¤ tasks #¶¨ÒåÈÎÎñ¡£
©¦ ©¸©¤©¤ main
©À©¤©¤ templates #´æ·ÅtemplateÄ£¿éÓõ½µÄÎļþ¡£
©¦ ©¸©¤©¤ httpd.conf
©¸©¤©¤ vars #¶¨Òå±äÁ¿¡£
©¸©¤©¤ main

ÈçÎÒÕâÀïµÄtasks/mainÎļþ£º

Ч¹û¾ÍÊÇ£º°²×°httpd£¬´´½¨ËùÐèÒªµÄÍøҳĿ¼£¬´´½¨ÈÕ־Ŀ¼£¬¸´ÖÆËùÓÐÅäÖÃÎļþ£¬¸´ÖÆphp²âÊÔÒ³Ãæ¡£²¢Æô¶¯httpd¡£

- name: install httpd
yum: name=httpd state=present
- name: install php
yum: name=php state=present
- name: install mod_ssl
yum: name=mod_ssl state=present

#create http_page file
- name: create directory
file: state=directory path={{ http_page_path_www }}
file: state=directory path={{ http_page_path_myadm }}

#create log_file directory
- name: create log directory
file: state=directory path={{ http_log_path_www }}
file: state=directory path={{ http_log_path_myadm }}

- name: copy all web config
copy: src=httpd dest=/etc/
notify: restart httpd

- name: copy php_test file
copy: src=index.php dest=/web/vhosts/www/
copy: src=index.php dest=/web/vhosts/myadm/

- name: start httpd and enabled
service: name=httpd state=started enabled=yes

handlers/main

- name: restart httpd
service: name=httpd state=restarted

vars/main

http_port: 8000

http_log_path_www: /var/log/httpd/www
http_log_path_myadm: /var/log/httpd/myadm

http_page_path_www: /web/vhosts/www
http_page_path_myadm: /web/vhosts/myadm

¶¨Òåplaybook:

- hosts: wserver
roles:
- createweb

ÎÒÕâ¸öµÄÖ´Ðнá¹ûÔÚÔ¶³ÌÖ÷»úÉÏÓеãÎÊÌâ¡£²»¹ý´óÌåÉÏÒ²¾ÍÊÇÕâÖֽṹ£¬ÔÚplaybookµÄrolesÀïÃ滹¿ÉÒÔ¶¨ÒåºÜ²ÎÊý£¬ÕâÀï¾ÍÏȲ»½éÉÜÁË£¬ÒÔºóÓÐʱ¼äÔÙÀ´¸Ä¸Ä¡£

 

   
2938 ´Îä¯ÀÀ       31
Ïà¹ØÎÄÕÂ
DevOpsתÐÍÈÚÈëµ½ÆóÒµÎÄ»¯
DevOps ÄÜÁ¦Ä£ÐÍ¡¢Ñݽø¼°°¸ÀýÆÊÎö
»ùÓÚ DevOps ÀíÄîµÄ˽ÓÐ PaaS ƽ̨ʵ¼ù
΢Èí¿ª·¢ÍŶӵÄDevOpsʵ¼ùÆôʾ
Ïà¹ØÎĵµ
DevOpsÇý¶¯Ó¦ÓÃÔËά±ä¸ïÓë´´ÐÂ
ÔËά¹ÜÀí¹æ»®
ÈçºÎʵÏÖÆóÒµÓ¦Óò¿Êð×Ô¶¯»¯
ÔËά×Ô¶¯»¯Êµ¼ù֮·
Ïà¹Ø¿Î³Ì
×Ô¶¯»¯ÔËά¹¤¾ß£¨»ùÓÚDevOps£©
»¥ÁªÍøÔËάÓëDevOps
MySQLÐÔÄÜÓÅ»¯¼°ÔËάÅàѵ
ITϵͳÔËά¹ÜÀí