一、ansible的介绍
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
二、安装ansible
1)、查看环境变量,并修改
[root@server1 ~]# cd ansible/
[root@server1 ansible]# ls
ansible-2.7.8-1.el7.noarch.rpm python2-crypto-2.6.1-13.el7.x86_64.rpm python-paramiko-2.1.1-0.9.el7.noarch.rpm
ansible-tower-setup-bundle-3.4.2-1.el7.tar.gz python2-jmespath-0.9.0-1.el7.noarch.rpm sshpass-1.06-1.el7.x86_64.rpm
libtomcrypt-1.17-25.el7.x86_64.rpm python-httplib2-0.9.2-0.1.el7.noarch.rpm
libtommath-0.42.0-5.el7.x86_64.rpm python-keyczar-0.71c-2.el7.noarch.rpm
[root@server1 ansible]# yum install -y *.rpm
[root@server1 ansible]# cd /etc/ansible/
[root@server1 ansible]# ls
ansible.cfg hosts roles
##ansible.cfg 主配置文件
##hosts 环境变量
##roles 角色
[root@server1 ansible]# vim hosts
[web]
server1
[db]
server2
2)链接,并进行ping命令
[root@server1 ansible]# ansible server1 -m ping
The authenticity of host 'server1 (172.25.38.1)' can't be established.
ECDSA key fingerprint is 61:72:f1:68:be:7f:9b:e4:07:fd:33:5f:58:88:28:d5.
Are you sure you want to continue connecting (yes/no)? yes
server1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added 'server1,172.25.38.1' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
[root@server1 ansible]# ansible server1 -m ping -k
SSH password:
server1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@server1 ansible]# ansible server2 -m ping
The authenticity of host 'server2 (172.25.38.2)' can't be established.
ECDSA key fingerprint is 21:72:e3:92:f8:f6:7d:85:98:49:d4:d5:5b:9a:96:f5.
Are you sure you want to continue connecting (yes/no)? yes
server2 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added 'server2,172.25.38.2' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
[root@server1 ansible]# ansible server2 -m ping -k
SSH password:
server2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
3)多种方式进行操作
[root@server1 ansible]# ansible server* -m ping ##所有server
server1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
server2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@server1 ansible]# ansible all -m ping ##所有节点
server1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
server2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@server1 ansible]# ansible web -m ping ##web
server1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
[root@server1 ansible]# ansible db -m ping ##db
server2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
4)免密登陆
生成密钥
[root@server1 ansible]# cd
[root@server1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
cb:a5:b1:3d:6c:4d:c0:a6:55:33:a2:32:64:3d:34:fb root@server1
The key's randomart image is:
+--[ RSA 2048]----+
| ooo . + |
| o o= o o |
| o o.= |
| o = . |
| S E . |
| . O o |
| = = . |
| . . |
| |
+-----------------+
分发密钥
[root@server1 ~]# ssh-copy-id server1
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@server1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'server1'"
and check to make sure that only the key(s) you wanted were added.
[root@server1 ~]# ssh-copy-id server2
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@server2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'server2'"
and check to make sure that only the key(s) you wanted were added.
三、创建用户,使用用户远端登陆,然后免密登陆root用户
1、ansible的模块帮助
[root@server1 ~]# ansible-doc -l | wc -l
2080
[root@server1 ~]# ansible all -m user -a "name=wxh password=westos"
root ALL=(ALL) ALL
wxh ALL=(ALL) NOPASSWD: ALL
2、创建用户
[root@server1 ~]# ansible all -m user -a "name=wxh password=westos"
[WARNING]: The input password appears not to have been hashed. The 'password'
argument must be encrypted for this module to work properly.
server1 | CHANGED => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/wxh",
"name": "wxh",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
server2 | CHANGED => {
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/wxh",
"name": "wxh",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
3、server1和2修改密码
[root@server1 ~]# passwd wxh
Changing password for user wxh.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@server2 ~]# passwd wxh
Changing password for user wxh.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
4、免密
[root@server1 ~]# ssh-copy-id wxh@server1
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
wxh@server1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'wxh@server1'"
and check to make sure that only the key(s) you wanted were added.
[root@server1 ~]# ssh-copy-id wxh@server2
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
wxh@server2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'wxh@server2'"
and check to make sure that only the key(s) you wanted were added.
测试
1、ping命令
[root@server1 ~]# ansible all -m ping -b
server2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
server1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
2、远端ping
##-b为切换为root用户,远程登陆需要编辑/etc/sudoers
[root@server1 ~]# ansible all -m ping -u wxh -b
server2 | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to server2 closed.\r\n",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
server1 | FAILED! => {
"changed": false,
"module_stderr": "Shared connection to server1 closed.\r\n",
"module_stdout": "sudo: a password is required\r\n",
"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
}
3、按照上面的的步骤作完就可以了
[root@server1 ~]# ansible all -m ping -u wxh -b
server2 | SUCCESS => {
"changed": false,
"ping": "pong"
}
server1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
4、查看hostname
[root@server1 ~]# ansible all -u wxh -b -a "hostname"
server2 | CHANGED | rc=0 >>
server2
server1 | CHANGED | rc=0 >>
server1
5、安装httpd
[root@server1 ~]# ansible server2 -u wxh -b -m yum -a "name=httpd state=present"
[root@server2 ~]# rpm -q httpd
httpd-2.4.6-45.el7.x86_64
6、开启httpd
[root@server1 ~]# ansible server2 -u wxh -b -m service -a "name=httpd state=started"
[root@server2 ~]# netstat -antlp | grep httpd
tcp6 0 0 :::80 :::* LISTEN 2951/httpd
7、传送默认发布页面
[root@server1 ~]# ansible server2 -u wxh -b -m copy -a "src=index.html dest=/var/www/html/index.html"
[root@server2 ~]# curl 172.25.38.2
<h1>server2</h1>
三、file模块 mysql模块,模块整合
1、文件模块
1)软链接
创建
[root@server1 httpd]# ansible server2 -u wxh -b -m file -a "src=/etc/fstab dest=/tmp/fstab state=link"
[root@server2 tmp]# ls
fstab systemd-private-a81ac5b3f1be47baa06fbd969c14eff9-httpd.service-u7YPZV
删除
[root@server1 httpd]# ansible server2 -u wxh -b -m file -a "dest=/tmp/fstab state=absent"
[root@server2 tmp]# ls
systemd-private-a81ac5b3f1be47baa06fbd969c14eff9-httpd.service-u7YPZV
2)创建目录
创建
[root@server1 httpd]# ansible server2 -u wxh -b -m file -a "dest=/tmp/dir1/dir2 state=directory mode 755"
[root@server2 tmp]# ls
dir1 systemd-private-a81ac5b3f1be47baa06fbd969c14eff9-httpd.service-u7YPZV
[root@server2 tmp]# cd dir1/
[root@server2 dir1]# ls
dir2
删除
[root@server1 httpd]# ansible server2 -u wxh -b -m file -a "dest=/tmp/dir1/dir2 state=absent"
[root@server2 tmp]# cd dir1/
[root@server2 dir1]# ls
[root@server2 dir1]#
2、mysql模块
1)安装数据库
[root@server1 httpd]# ansible server2 -m yum -a "name=mariadb-server state=present"
2)登陆
[root@server1 httpd]# ansible server2 -m service -a "name=mariadb state=started"
3)授权
[root@server1 httpd]# ansible server2 -m mysql_user -a "name=wxh password=westos priv=test.*:ALL state=present"
server2 | FAILED! => {
"changed": false,
"msg": "The PyMySQL (Python 2.7 and Python 3.X) or MySQL-python (Python 2.X) module is required."
}
这里需要在server2端安装依赖
[root@server1 httpd]# ansible server2 -m yum -a "name=MySQL-python state=present"
授权
[root@server1 httpd]# ansible server2 -m mysql_user -a "name=wxh password=westos priv=test.*:ALL state=present"
测试:
[root@server2 dir1]# mysql -uwxh -pwestos test
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [test]>
3、模块整合
一些列模块的使用,要使用ansible-playbooks
1)yml语言的小技巧
缩进 两个空格
- 和 : 后要有空格
少用tab
2)ansible端 建立目录,并编写任务
[root@server1 ~]# cd /etc/ansible/
[root@server1 ansible]# mkdir playbooks
[root@server1 ansible]# cd playbooks/
[root@server1 playbooks]# mkdir httpd
[root@server1 playbooks]# cd httpd/
[root@server1 httpd]# vim httpd.yml
---
# httpd部署
- hosts: server2
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: config httpd
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
2)复制server2端的httpd的配置文件
[root@server2 ~]# cd /etc/httpd/conf
[root@server2 conf]# scp httpd.conf server1:/etc/ansible/playbooks/httpd
The authenticity of host 'server1 (172.25.38.1)' can't be established.
ECDSA key fingerprint is 61:72:f1:68:be:7f:9b:e4:07:fd:33:5f:58:88:28:d5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server1,172.25.38.1' (ECDSA) to the list of known hosts.
root@server1's password:
httpd.conf 100% 11KB 11.5KB/s 00:00
3)检查httpd.yml,并运行
[root@server1 httpd]# ansible-playbook httpd.yml --syntax-check ##检查语法
playbook: httpd.yml
[root@server1 httpd]# ansible-playbook httpd.yml --list-host ##查看主机
playbook: httpd.yml
play #1 (server2): server2 TAGS: []
pattern: [u'server2']
hosts (1):
server2
[root@server1 httpd]# ansible-playbook httpd.yml --list-task ##查看任务个数
playbook: httpd.yml
play #1 (server2): server2 TAGS: []
tasks:
install httpd TAGS: []
config httpd TAGS: []
start httpd TAGS: []
[root@server1 httpd]# ansible-playbook httpd.yml ##运行
PLAY [server2] *****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [server2]
TASK [install httpd] ***********************************************************
ok: [server2]
TASK [config httpd] ************************************************************
ok: [server2]
TASK [start httpd] *************************************************************
ok: [server2]
PLAY RECAP *********************************************************************
server2 : ok=4 changed=0 unreachable=0 failed=0
[root@server1 httpd]#
测试:
1、查看两端的httpd.conf
[root@server1 httpd]# md5sum httpd.yml
def6c227a4e7b75f707781542a2d2bdb httpd.yml
[root@server1 conf]# md5sum httpd.conf
f5e7449c0f17bc856e86011cb5d152ba httpd.conf
[root@server2 conf]# md5sum httpd.conf
f5e7449c0f17bc856e86011cb5d152ba httpd.conf
2、查看所有的server2环境变量
[root@server1 httpd]# ansible server2 -m setup
3、从某一步开始运行的方法
[root@server1 httpd]# ansible-playbook httpd.yml --start-at-task='start httpd'
PLAY [server2] *****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [server2]
TASK [start httpd] *************************************************************
ok: [server2]
PLAY RECAP *********************************************************************
server2 : ok=2 changed=0 unreachable=0 failed=0
4、修改配置文件,查看hash值不同
[root@server1 httpd]# vim httpd.conf
Listen 8080
[root@server1 httpd]# md5sum httpd.conf
04e9239e7bd5d5b9b85864226d60eee5 httpd.conf
5、重新部署修改
[root@server1 httpd]# ansible-playbook httpd.yml
PLAY [server2] *****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [server2]
TASK [install httpd] ***********************************************************
ok: [server2]
TASK [config httpd] ************************************************************
changed: [server2]
TASK [start httpd] *************************************************************
ok: [server2]
RUNNING HANDLER [restart httpd] ************************************************
changed: [server2]
PLAY RECAP *********************************************************************
server2 : ok=5 changed=2 unreachable=0 failed=0
[root@server1 httpd]#
[root@server2 conf]# netstat -antlp | grep httpd
tcp6 0 0 :::8080 :::* LISTEN 13509/httpd
4、模块部署时,多个参数的设定
1).j2模式
[root@server1 httpd]# mv httpd.conf httpd.conf.j2
[root@server1 httpd]# vim httpd.conf.j2
Listen {{ http_port }}
[root@server1 httpd]# vim httpd.yml
# httpd部署
- hosts: server2
vars:
http_port: 80
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: config httpd
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
2)、修改
[root@server1 httpd]# ansible-playbook httpd.yml
PLAY [server2] *****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [server2]
TASK [install httpd] ***********************************************************
ok: [server2]
TASK [config httpd] ************************************************************
changed: [server2]
TASK [start httpd] *************************************************************
ok: [server2]
RUNNING HANDLER [restart httpd] ************************************************
changed: [server2]
PLAY RECAP *********************************************************************
server2 : ok=5 changed=2 unreachable=0 failed=0
3)、查看端口号由8080变为80
[root@server2 dir1]# netstat -antlp | grep httpd
tcp6 0 0 :::80 :::* LISTEN 15053/httpd
4)设置变量的两种方式
(1)在.yml语句里面设置 ##这种方式的优先级更高
(2)在/etc/ansible/hosts 里面设置
首先,我们在/etc/ansible/hosts里面设置两个变量,使得server1和server2创造的httpd有不同的端口
编辑/etc/ansible/hosts
[root@server1 httpd]# vim /etc/ansible/hosts
[web]
server1 host_port=80
[db]
server2 host_port=8080
编辑httpd.yml
[root@server1 httpd]# vim httpd.yml
---
# httpd部署
- hosts: all
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: config httpd
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
修改j2文件
[root@server1 ansible]# vim httpd.conf.j2
Listen {{ host_port }}
部署
[root@server1 ansible]# ansible-playbook httpd.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [server1]
ok: [server2]
TASK [install httpd] ***********************************************************
ok: [server1]
changed: [server2]
TASK [config httpd] ************************************************************
ok: [server1]
changed: [server2]
TASK [start httpd] *************************************************************
changed: [server1]
changed: [server2]
RUNNING HANDLER [restart httpd] ************************************************
changed: [server2]
PLAY RECAP *********************************************************************
server1 : ok=4 changed=1 unreachable=0 failed=0
server2 : ok=5 changed=4 unreachable=0 failed=0
查看发现一个是80端口,一个是8080端口
[root@server1 ansible]# netstat -antlp | grep httpd
tcp6 0 0 :::80 :::* LISTEN 2799/httpd
[root@server2 ~]# netstat -antlp | grep httpd
tcp6 0 0 :::8080 :::* LISTEN 2479/httpd
然后,我们使用在.yml里面设置变量
[root@server1 ansible]# vim httpd.yml
---
# httpd部署
- hosts: all
vars:
http_port: 80
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: config httpd
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
部署
[root@server1 ansible]# ansible-playbook httpd.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [server2]
ok: [server1]
TASK [install httpd] ***********************************************************
ok: [server1]
ok: [server2]
TASK [config httpd] ************************************************************
ok: [server1]
changed: [server2]
TASK [start httpd] *************************************************************
ok: [server1]
ok: [server2]
RUNNING HANDLER [restart httpd] ************************************************
changed: [server2]
PLAY RECAP *********************************************************************
server1 : ok=4 changed=0 unreachable=0 failed=0
server2 : ok=5 changed=2 unreachable=0 failed=0
查看,发现两个都变为80端口,进行了覆盖
[root@server1 ansible]# netstat -antlp | grep httpd
tcp6 0 0 :::80 :::* LISTEN 2799/httpd
[root@server2 ~]# netstat -antlp | grep httpd
tcp6 0 0 :::80 :::* LISTEN 4127/httpd
5)分组
编辑/etc/ansible/hosts
[root@server1 httpd]# vim /etc/ansible/hosts
[web]
server1 http_host=172.25.85.1
[db]
server2 http_host=172.25.85.1
[webserver:children] ##这里是一个分组
web
db
[webserver:vars] ##这里如果不限制,可以设定为all
http_port=80
编辑httpd.yml
[root@server1 httpd]# vim httpd.yml
---
# httpd部署
- hosts: all
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: config httpd
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
修改j2文件
[root@server1 ansible]# vim httpd.conf.j2
Listen {{ http_host }}:{{ http_port }}
部署
[root@server1 ansible]# ansible-playbook httpd.yml
查看
[root@server1 ansible]# netstat -antlp | grep httpd
tcp 0 0 172.25.85.1:80 0.0.0.0:* LISTEN 5290/httpd
[root@server2 ~]# netstat -antlp | grep httpd
tcp 0 0 172.25.85.2:80 0.0.0.0:* LISTEN 5074/httpd
6)判断
环境:
server1 172.25.85.1 rhel7
server2 172.25.85.2 rhel7
server3 172.25.85.3 rhel6
目标针对不同的系统部署httpd
可以筛选环境变量以达到判断的目的
[root@server1 httpd]# ansible server3 -m setup -a "filter=ansible_dis*"
server3 | SUCCESS => {
"ansible_facts": {
"ansible_distribution": "RedHat",
"ansible_distribution_file_parsed": true,
"ansible_distribution_file_path": "/etc/redhat-release",
"ansible_distribution_file_search_string": "Red Hat",
"ansible_distribution_file_variety": "RedHat",
"ansible_distribution_major_version": "6",
"ansible_distribution_release": "Santiago",
"ansible_distribution_version": "6.5"
},
"changed": false
}
[root@server1 httpd]# vim /etc/ansible/hosts
[web]
server1 http_host=172.25.85.1
[db]
server2 http_host=172.25.85.2
[rhel6]
server3 http_host=172.25.85.3
[all:vars]
http_port=80
[root@server1 ansible]# ls
ansible.cfg httpd6.conf.j2 httpd.retry roles
hosts httpd7.conf.j2 httpd.yml
[root@server1 ansible]# vim httpd7.conf.j2
Listen {{ http_host }}:{{ http_port }}
[root@server1 ansible]# vim httpd6.conf.j2
Listen {{ http_host }}:{{ http_port }}
[root@server1 ansible]# vim /etc/ansible/httpd.yml
---
# httpd部署
- hosts: all
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
tags: install
- name: config httpd
template: src=httpd{{ ansible_distribution_major_version }}.conf.j2 dest=/etc/httpd/conf/httpd.conf ##这里选色版本号,进行配置
notify: restart httpd
tags: config
- name: start httpd
service: name=httpd state=started
tags: start
handlers:
- name: restart httpd
service: name=httpd state=restarted
部署三个httpd
[root@server1 ansible]# ansible-playbook httpd.yml
PLAY [all] *******************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************
ok: [server1]
ok: [server2]
ok: [server3]
TASK [install httpd] *********************************************************************************************************************************
ok: [server1]
ok: [server2]
ok: [server3]
TASK [config httpd] **********************************************************************************************************************************
ok: [server2]
ok: [server1]
changed: [server3]
TASK [start httpd] ***********************************************************************************************************************************
changed: [server3]
ok: [server2]
ok: [server1]
RUNNING HANDLER [restart httpd] **********************************************************************************************************************
changed: [server3]
PLAY RECAP *******************************************************************************************************************************************
server1 : ok=4 changed=0 unreachable=0 failed=0
server2 : ok=4 changed=0 unreachable=0 failed=0
server3 : ok=5 changed=3 unreachable=0 failed=0
查看
[root@server3 ~]# netstat -antlp | grep httpd
tcp 0 0 172.25.85.3:80 0.0.0.0:* LISTEN 1362/httpd
五、角色的部署
通过roles部署一个zabbix
1、查看roles的树结构
[root@server1 roles]# tree .
.
├── mariadb
│ ├── defaults
│ ├── files
│ │ └── my.cnf
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
├── zabbix-server
│ ├── files
│ │ ├── zabbix.repo
│ │ └── zabbix_server.conf
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
├── zabbix-server.retry
└── zabbix-server.yml
14 directories, 9 files
2、zabbix-server的配置
1)主配置
[root@server1 roles]# cat zabbix-server/tasks/main.yml
- name: copy zabbix.repo ##拷贝zabbix的yum源
copy: src=zabbix.repo dest=/etc/yum.repos.d/zabbix.repo
- name: install zabbix-server ##安装zabbix服务
yum: name=zabbix-server,zabbix-agent state=present
notify: "init zabbix db" ##触发器为init zabbix db
- name: config zabbix server ##复制zabbix-server的配置文件,其中修改了数据库的名称和密码
copy: src=zabbix_server.conf dest=/etc/zabbix/zabbix_server.conf
notify: restart zabbix server ##触发器为restart zabbix server
- name: start zabbix server ##启动zabbix,server和agent
service: name={{ item }} state=started
with_items:
- zabbix-server
- zabbix-agent
2)查看触发器
[root@server1 roles]# cat zabbix-server/handlers/main.yml
- name: create datbase ##创建数据库
mysql_db: name=zabbix state=present
listen: "init zabbix db"
- name: create zabbix user ##创建用户
mysql_user: name=zabbix password=zabbix priv=zabbix.*:ALL state=present
listen: "init zabbix db"
- name: import create.sql.gz ##导入数据库
mysql_db: name=zabbix state=import target=/usr/share/doc/zabbix-server-mysql-4.0.5/create.sql.gz
listen: "init zabbix db"
- name: restart zabbix server ##启动zabbix
service: name=zabbix-server state=restarted
3)这是zabbix的yum源
[root@server1 roles]# cat zabbix-server/files/zabbix.repo
[zabbix]
name=zabbix4.0
baseurl=http://172.25.85.250/pub/zabbix/4.0
gpgcheck=0
4)zabbix-server的配置文件
[root@server1 roles]# cat zabbix-server/files/zabbix_server.conf
这里是zabbix_server的配置文件,只需要修改数据库的名称密码为zabbix即可
3、数据库
1)主配置
[root@server1 roles]# cat mariadb/tasks/main.yml
- name: install mariadb server ##安装数据库
yum: name=mariadb-server,MySQL-python state=present
- name: config mariadb ##修改数据库的配置文件
copy: src=my.cnf dest=/etc/my.cnf
notify: restart mariadb
- name: start mariadb server ##启动数据库
service: name=mariadb state=started
2)触发器
[root@server1 roles]# cat mariadb/handlers/main.yml
- name: restart mariadb ##重启数据库
service: name=mariadb state=restarted
3)查看数据库的配置文件
[root@server1 roles]# cat mariadb/files/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
#
#
character-set-server=utf8 ##修改了格式
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
4、主程序
[root@server1 roles]# cat zabbix-server.yml
---
#zabbix-server部署
- hosts: server2
roles:
- mariadb ##依次执行mariadb和zabbix-server
- zabbix-server
5、部署
[root@server1 roles]# ansible-playbook zabbix-server.yml
PLAY [server2] ***************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************
ok: [server2]
TASK [mariadb : install mariadb server] **************************************************************************************************************
ok: [server2]
TASK [mariadb : config mariadb] **********************************************************************************************************************
ok: [server2]
TASK [mariadb : start mariadb server] ****************************************************************************************************************
ok: [server2]
TASK [zabbix-server : copy zabbix.repo] **************************************************************************************************************
ok: [server2]
TASK [zabbix-server : install zabbix-server] *********************************************************************************************************
changed: [server2]
TASK [zabbix-server : config zabbix server] **********************************************************************************************************
changed: [server2]
TASK [zabbix-server : start zabbix server] ***********************************************************************************************************
changed: [server2] => (item=zabbix-server)
changed: [server2] => (item=zabbix-agent)
RUNNING HANDLER [zabbix-server : create datbase] *****************************************************************************************************
changed: [server2]
RUNNING HANDLER [zabbix-server : create zabbix user] *************************************************************************************************
changed: [server2]
RUNNING HANDLER [zabbix-server : import create.sql.gz] ***********************************************************************************************
changed: [server2]
RUNNING HANDLER [zabbix-server : restart zabbix server] **********************************************************************************************
changed: [server2]
PLAY RECAP *******************************************************************************************************************************************
server2 : ok=12 changed=7 unreachable=0 failed=0
测试:在server2查看到 zabbix-server和zabbix-agent
[root@server2 ~]# netstat -antlp
tcp6 0 0 :::10050 :::* LISTEN 13555/zabbix_agentd
tcp6 0 0 :::10051 :::* LISTEN 13866/zabbix_server
六、Zabbix-agent部署lamp
这里以
Server1 172.25.85.1为 ansible服务器
Server2 172.25.85.2为zabbix-server
Server3 172.25.85.3为zabbix-agent
Server2之前已经部署好了,下面部署server3
1、在server1,编写snsible-playbook的文件
[root@server1 roles]# pwd
/etc/ansible/roles
[root@server1 roles]# ls
httpd zabbix-agent zabbix-server
mariadb zabbix-agent.yml zabbix-server.yml
1)Httpd
roles的结构
[root@server1 roles]# tree httpd/
httpd/
├── files
│ └── httpd.conf
├── handlers
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
└── vars
2)httpd任务文件
[root@server1 roles]# cat httpd/tasks/main.yml
- name: install httpd ##安装httpd
yum: name=httpd state=present
- name: config httpd ##复制配置文件,并重启动
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd ##启动httpd
service: name=httpd state=started
3)httpd触发器文件
[root@server1 roles]# cat httpd/handlers/main.yml ##重启httpd
- name: restart httpd
service: name=httpd state=restarted
4)Zabbix-agent
树结构
[root@server1 roles]# tree zabbix-agent
zabbix-agent
├── files
│ └── zabbix.repo
├── handlers
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
│ └── zabbix_agentd.conf.j2
└── vars
└── main.yml
5)zabbix-agent主任务文件
[root@server1 roles]# cat zabbix-agent/tasks/main.yml
- name: copy zabbix.repo ##复制yum源
copy: src=zabbix.repo dest=/etc/yum.repos.d/zabbix.repo
- name: install zabbix-agent ##安装zabbix-agent
yum: name=zabbix-agent state=present
- name: config zabbix agent ##修改配置文件并重启
template: src=zabbix_agentd.conf.j2 dest=/etc/zabbix/zabbix_agentd.conf
notify: restart zabbix server
- name: start zabbix agent ##启动zabbix-agent
service: name={{ item }} state=started
with_items:
- zabbix-agent
6)yum源
[root@server1 roles]# cat zabbix-agent/files/zabbix.repo
[zabbix]
name=zabbix4.0
baseurl=http://172.25.85.250/4.0
gpgcheck=0
7)触发器
[root@server1 roles]# cat zabbix-agent/handlers/main.yml
- name: restart zabbix agent
service: name=zabbix_agent state=restarted
8)变量
[root@server1 roles]# cat zabbix-agent/vars/main.yml
host_name: { ansible_hostname }
9)配置文件,这里只列出修改项目
[root@server1 roles]# cat zabbix-agent/templates/zabbix_agentd.conf.j2
Server=172.25.85.2
ServerActive=172.25.85.2
Hostname={{ hostname }} ##变量为主机名称
部署
[root@server1 roles]# ansible-playbook zabbix-agent.yml
PLAY [server3] ***************************************************************************************************************************************
TASK [Gathering Facts] *******************************************************************************************************************************
ok: [server3]
TASK [httpd : install httpd] *************************************************************************************************************************
ok: [server3]
TASK [httpd : config httpd] **************************************************************************************************************************
ok: [server3]
TASK [httpd : start httpd] ***************************************************************************************************************************
ok: [server3]
TASK [zabbix-agent : copy zabbix.repo] ***************************************************************************************************************
ok: [server3]
TASK [zabbix-agent : install zabbix-agent] ***********************************************************************************************************
ok: [server3]
TASK [zabbix-agent : config zabbix agent] ************************************************************************************************************
ok: [server3]
TASK [zabbix-agent : start zabbix agent] *************************************************************************************************************
ok: [server3] => (item=zabbix-agent)
PLAY RECAP *******************************************************************************************************************************************
server3 : ok=8 changed=0 unreachable=0 failed=0
查看
[root@server3 zabbix]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 656/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 780/master
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 16079/zabbix_agentd
tcp 0 0 172.25.85.3:22 172.25.85.1:36476 ESTABLISHED 16554/sshd: root@no
tcp 0 0 172.25.85.3:22 172.25.85.250:47684 ESTABLISHED 2038/sshd: root@pts
tcp6 0 0 :::80 :::* LISTEN 2670/httpd
tcp6 0 0 :::22 :::* LISTEN 656/sshd
tcp6 0 0 ::1:25 :::* LISTEN 780/master
tcp6 0 0 :::10050 :::* LISTEN 16079/zabbix_agentd