1.开机自动挂载
%在真机里
[root@zhenji ~]# vim /etc/fstab #开机自动挂载
/isos/rhel-8.2-x86_64-dvd.iso /var/www/html/westos/ iso9660 loop,ro 0 0
[root@zhenji ~]# mount -a #排错
2.playbook编写
1)httpd
%在虚拟机里
[devops@server1 ansible]$ vim ~/.vimrc
autocmd FileType yaml setlocal ai ts=2 sw=2 et
[devops@server1 ansible]$ ansible-doc dnf #看EXAMPLES
[devops@server1 ansible]$ ansible-doc firewalld #看EXAMPLES
[devops@server1 ansible]$ vim playbook.yml
[devops@server1 ansible]$ ansible-playbook --help
[devops@server1 ansible]$ ansible-playbook --syntax-check playbook.yml #查看错误
[devops@server1 ansible]$ ansible-playbook --list-hosts playbook.yml #主机名字
[devops@server1 ansible]$ ansible-playbook --list-tasks playbook.yml #全部任务
%server1
[devops@server1 ansible]$ ansible-playbook playbook.yml #执行,之后对象改成all一个任务在所有主机中跑完后,再跑下一任务,并行
2)httpd和mysql
[devops@server1 ansible]$ ansible-doc uri #看EXAMPLE
[devops@server1 ansible]$ ansible-doc myspl_user #看EXAMPLE
[devops@server1 ansible]$ ansible-doc myspl_db #看EXAMPLE创建数据库
[devops@server1 ansible]$ cat playbook.yml
---
- hosts: test
tasks:
- name: install apache
dnf:
name: httpd
state: present
- name: start apache
service:
name: httpd
state: started
enabled: yes
- name:
copy:
src: index.html
dest: /var/www/html/index.html
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
- name: accept http
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
- hosts: localhost
become: no
tasks:
- name: Check that a page returns a status 200
uri:
url: http://172.25.3.2
return_content: yes
- hosts: prod
tasks:
- name: install mariadb
dnf:
name:
- mariadb-server
- python3-PyMySQL
state: present
- name: start mariadb
service:
name: mariadb
state: started
enabled: yes
- name: accept 3306
firewalld:
service: mysql
permanent: yes
immediate: yes
state: enabled
- name: Example using login_unix_socket to connect to server
mysql_user:
name: root
password: westos
login_unix_socket: /var/lib/mysql/mysql.sock
- name: Removes anonymous user account for localhost
mysql_user:
login_user: root
login_password: westos
name: ''
host: localhost
state: absent
- name: Create a new database with name 'westos'
mysql_db:
login_user: root
login_password: westos
name: westos
state: present
- name: Create database user with name 'wxh' and password 'westos' with all database PRivileges
mysql_user:
login_user: root
login_password: westos
name: wxh
password: westos
priv: 'westos.*:ALL'
state: present
[devops@server1 ansible]$ ansible-playbook --list-hosts playbook.yml
[devops@server1 ansible]$ ansible-playbook --list-tasks playbook.yml
[devops@server1 ansible]$ ansible-playbook playbook.yml
#若有错误,在给密码的地方,可以使用
[devops@server1 ansible]$ ansible-playbook --start-at-task "Example using login_unix_socket to connect to server" playbook.yml
[devops@server1 ansible]$ vim playbook.yml
#改变的地方
- name: Example using login_unix_socket to connect to server
mysql_user:
name: root
password: westos
login_unix_socket: /var/lib/mysql/mysql.sock
tags: mysql #定义标签
[devops@server1 ansible]$ ansible-playbook -t mysql playbook.yml #只跑标签那部分
- name: Example using login_unix_socket to connect to server
mysql_user:
name: root
password: westos
login_user: root
login_password: westos
tags: mysql
在server3中测试mariadb:
3)httpd和mysql和测试页分开
[devops@server1 ansible]$ cp playbook.yml webserver.yml
[devops@server1 ansible]$ cp playbook.yml database.yml
[devops@server1 ansible]$ ls
ansible.cfg database.yml hosts index.html playbook.yml webserver.yml
[devops@server1 ansible]$ vim playbook.yml
[devops@server1 ansible]$ vim webserver.yml
[devops@server1 ansible]$ vim database.yml
[devops@server1 ansible]$ cp playbook.yml task.yml
[devops@server1 ansible]$ vim task.yml
4)变量
[devops@server1 ansible]$ cp playbook.yml task.yml
[devops@server1 ansible]$ cat task.yml
---
- name: Check that a page returns a status 200
uri:
url: "http://172.25.3.2:{
{ http_port }}"
return_content: yes
status_code: 200
register: result
- debug:
msg: "test ok"
[devops@server1 ansible]$ vim webserver.yml
[devops@server1 ansible]$ ansible-playbook --list-tasks webserver.yml
[devops@server1 ansible]$ ansible-doc debug
[devops@server1 ansible]$ scp server2:/etc/httpd/conf/httpd.conf .
[devops@server1 ansible]$ ls
ansible.cfg database.yml hosts httpd.conf index.html playbook.yml task.yml webserver.yml
[devops@server1 ansible]$ vim webserver.yml
[devops@server1 ansible]$ cp httpd.conf httpd.conf.j2
[devops@server1 ansible]$ vim httpd.conf.j2
改为:
Listen {
{ http_port }}
[devops@server1 ansible]$ ls
ansible.cfg hosts httpd.conf.j2 playbook.yml webserver.yml
database.yml httpd.conf index.html task.yml
[devops@server1 ansible]$ cat task.yml
---
- name: Check that a page returns a status 200
uri:
url: "http://172.25.3.2:{
{ http_port }}"
return_content: yes
status_code: 200
register: result
- debug:
msg: "test ok"
%三个变量web_pkg: httpd;web_svc: httpd;http_port: 80
[devops@server1 ansible]$ vim webserver.yml
[devops@server1 ansible]$ ansible-playbook webserver.yml #运行成功
5)作apache的认证
[root@server2 conf]# htpasswd -c /etc/httpd/conf/htpasswd wxh #创建apache认证用户
New password: westos
Re-type new password: westos
Adding password for user wxh
[root@server2 conf]# ll
total 32
-rw-r--r--. 1 root root 42 Dec 27 15:13 htpasswd
-rw-r--r--. 1 root root 11899 Dec 2 2019 httpd.conf
-rw-r--r--. 1 root root 13064 Dec 2 2019 magic
[root@server2 conf]# cd /var/www/html/
[root@server2 html]# ls
index.html
[root@server2 html]# vim .htaccess
[root@server2 html]# cat .htaccess
AuthType Basic
AuthName "westos auth"
AuthUserFile /etc/httpd/conf/htpasswd
require valid-user
%在server1中:
[devops@server1 ansible]$ scp server2:/etc/httpd/conf/htpasswd .
htpasswd 100% 42 40.6KB/s 00:00
[devops@server1 ansible]$ ls
ansible.cfg hosts httpd.conf index.html task.yml
database.yml htpasswd httpd.conf.j2 playbook.yml webserver.yml
[devops@server1 ansible]$ scp server2:/var/www/html/.htaccess .
.htaccess 100% 95 94.0KB/s 00:00
[devops@server1 ansible]$ ls
ansible.cfg hosts httpd.conf index.html task.yml
database.yml htpasswd httpd.conf.j2 playbook.yml webserver.yml
[devops@server1 ansible]$ l.
. .. .htaccess
[devops@server1 ansible]$ vim webserver.yml
[devops@server1 ansible]$ vim httpd.conf.j2
改为All
AllowOverride All
[devops@server1 ansible]$ cat task.yml
---
- name: Check that a page returns a status 200
uri:
url: "http://172.25.3.2:{
{ http_port }}"
user: wxh
password: westos
return_content: yes
status_code: 200
register: result
- debug:
var: result
[devops@server1 ansible]$ ansible-playbook webserver.yml #如下图,运行成功
6)交互式
%交互式
[devops@server1 ansible]$ cat task.yml
---
- hosts: localhost
vars:
http_port: 80
vars_prompt:
- name: username
prompt: What is your username?
private: no
- name: password
prompt: What is your password?
become: no
tasks:
- name: Check webserver
uri:
url: "http://172.25.3.2:{
{ http_port }}"
user: "{
{ username }}"
password: "{
{ password }}"
return_content: yes
status_code: 200
register: result
- debug:
var: result
[devops@server1 ansible]$ vim webserver.yml
最后一行加上:
- import_playbook: task.yml
[devops@server1 ansible]$ ansible-playbook webserver.yml #运行结果如下
7)事实变量
%事实变量,必考点
%不同的主机部署不同的服务
[devops@server1 ansible]$ ansible test -m setup | less #查看事实变量信息
[devops@server1 ansible]$ cat playbook2.yml
---
- hosts: all
tasks:
- name: install apache
dnf:
name: httpd
state: present
when: ansible_hostname == "server2"#判断,只在server2上操作
- name: install mariadb
dnf:
name: mariadb-server
state: present
when: ansible_hostname == "server3"
[devops@server1 ansible]$ ansible-playbook --list-hosts playbook2.yml
[devops@server1 ansible]$ ansible-playbook playbook2.yml
[devops@node1 ansible]$ vim webserver.yml
修改- hosts:all
- name: create index.html
- name: create index.html
copy:
content: "{
{ ansible_hostname }}\n"
dest: /var/www/html/index.html
注释tasks引用
[devops@node1 ansible]$ vim httpd.conf.j2 #取消交互式
修改 AllowOverride None
[devops@server1 ansible]$ ansible-playbook webserver.yml
[devops@node1 ansible]$ curl 10.4.17.242
node2
[devops@node1 ansible]$ curl 10.4.17.243
node3
%让不同的主机监控
%在每个主机上生成一个文件,记录每个主机的信息
[devops@node1 ansible]$ vim playbook3.yml
[devops@node1 ansible]$ vim hostinfo.j2
hostname: {
{ ansible_facts['hostname'] }}
ip: {
{ ansible_facts["enp1s0"]["ipv4"]["address"] }}
DNS: {
{ ansible_facts['dns']['nameservers'][-1] }}
vda1: {
{ ansible_facts['devices']['vda']['partitions']['vda1']['size'] }}
kernel: {
{ ansible_facts['kernel'] }}
[devops@node1 ansible]$ vim httpd.conf.j2
Listen {
{ ansible_facts["enp1s0"]["ipv4"]["address"] }}:{
{ http_port }}
%批量创建用户
%循环字典的key,用item.user,item.passwd
[devops@node1 ansible]$ cat user.yml
---
- hosts: test
# vars:
# passwd: westos
tasks:
- name: create users
user:
name: "{
{ item.user }}"
password: "{
{ item.passwd | password_hash('sha512') }}"
loop:
- { user: 'user1', passwd: '123' }
- { user: 'user2', passwd: '456' }
- { user: 'user3', passwd: '789' }
[devops@node1 ansible]$ ansible-playbook user.yml
%增加安全性,建立数组形式的文件userlist
[devops@node1 ansible]$ cat user.yml
---
- hosts: test
vars_files:
- userlist.yml
tasks:
- name: create users
user:
name: "{
{ item.user }}"
password: "{
{ item.passwd | password_hash('sha512') }}"
loop: "{
{ userlist }}"
[devops@node1 ansible]$ cat userlist.yml
---
userlist:
- user: 'user1'
passwd: '123'
- user: 'user2'
passwd: '456'
- user: 'user3'
passwd: '789'
[devops@node1 ansible]$ ansible-vault --help
[devops@node1 ansible]$ ansible-vault encrypt userlist.yml #给文件加密
New Vault password: westos
Confirm New Vault password: westos
Encryption successful
[devops@node1 ansible]$ ansible-vault view userlist.yml #查看
Vault password: westos
[devops@node1 ansible]$ ansible-vault edit userlist.yml #编辑
[devops@server1 ansible]$ ansible-playbook user.yml --ask-vault-pass #带密码跑user.yml