Ansible自动化管理集群，Playbook语法

Ansible配置文件存在优先级的问题

ANSIBLE_CONFIG

ansible.cfg 项目目录

.ansible.cfg 当前用户的家目录

/etc/ansible/ansible.cfg

Ansible配置文件

[root@manager ~]# cat /etc/ansible/ansible.cfg
#inventory      = /etc/ansible/hosts      #主机列表配置文件
#library        = /usr/share/my_modules/  #库文件存放目录
#remote_tmp     = ~/.ansible/tmp          #临时py文件存放在远程主机目录
#local_tmp      = ~/.ansible/tmp          #本机的临时执行目录
#forks          = 5                       #默认并发数
#sudo_user      = root                    #默认sudo用户
#ask_sudo_pass = True                     #每次执行是否询问sudo的ssh密码
#ask_pass      = True                     #每次执行是否询问ssh密码
#remote_port    = 22                      #远程主机端口
host_key_checking = False                 #跳过检查主机指纹
log_path = /var/log/ansible.log           #ansible日志

[privilege_escalation]   #如果是普通用户则需要配置提权
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False

Ansible管理机下发公钥

# sshpass -p 1 ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
# mkdir project1/
# vim hosts
[gaohongyu]
172.16.1.7
172.16.1.8

生产案例1、如果控制端和被控制端第一次通讯，需要确认指纹信息，如果机器特别多少的情况下怎么办？

将 Ansible 配置文件中的 host_key_checking = False 参数注释打开即可。

但要注意ansible.cfg文件的读取顺序。

Ansible模块

帮助文档

ansible-doc yum

命令 command(默认) shell模块 scripts

安装 yum

配置 copy file get_url

启动 service systemd

用户 user group

任务 cron

挂载 mount

防火墙 firewall selinux

command shell 本质上执行都是基础命令 (command不支持管道技术)

[root@m01 project1]# ansible gaohongyu -m command -a "ps aux|grep nginx" -i hosts

[root@m01 project1]# ansible gaohongyu -m shell -a "ps aux|grep nginx" -i hosts

yum模块 (安装present 卸载absent 升级latest 排除exclude 指定仓库enablerepo)

#示例一、安装当前最新的Apache软件，如果存在则更新
# ansible gaohongyu -m yum -a "name=httpd state=latest" -i hosts

#示例二、安装当前最新的Apache软件，通过epel仓库安装
# ansible gaohongyu -m yum -a "name=httpd state=latest enablerepo=epel" -i hosts 

#示例三、通过公网URL安装rpm软件
# ansible gaohongyu -m yum -a "name=https://mirrors.aliyun.com/zabbix/zabbix/4.2/rhel/7/x86_64/zabbix-agent-4.2.3-2.el7.x86_64.rpm state=latest" -i hosts 

#示例五、更新所有的软件包，但排除和kernel相关的
# ansible gaohongyu -m yum -a "name=* state=latest exclude=kernel*,foo*" -i hosts

#示例六、删除Apache软件
# ansible gaohongyu -m yum -a "name=httpd state=absent" -i hosts

copy

 scp /etc/httpd/conf/httpd.conf root@172.16.1.61:/root/project1/

src
dest
owner
group
mode
backup
content

#示例一、将本地的httpd.conf文件Listen端口修改为9999，然后推送到远端服务。
# ansible gaohongyu -m copy -a "src=./httpd.conf dest=/etc/httpd/conf/httpd.conf owner=root group=root mode=644" -i hosts

#示例二、将本地的httpd.conf文件Listen端口修改为9090，然后推送到远端，检查远端是否存在上一次的备份文件
# ansible gaohongyu -m copy -a "src=./httpd.conf dest=/etc/httpd/conf/httpd.conf owner=root group=root mode=644 backup=yes" -i hosts

#示例三、往远程的主机文件中写入内容
# ansible gaohongyu -m copy -a "content=HttpServer... dest=/var/www/html/index.html" -i hosts

get_url

#示例一、下载互联网的软件至本地
url  ==> http  https  ftp
# ansible gaohongyu -m get_url -a "url=http://fj.gaohongyu.com/public/ip.txt dest=/var/www/html/" -i hosts

#示例二、下载互联网文件并进行md5校验(了解)
# ansible gaohongyu -m get_url -a "url=http://fj.gaohongyu.com/public/ip.txt dest=/var/www/html/ checksum=md5:7b86f423757551574a7499f0aae" -i hosts

file 创建目录 授权

path
state
	touch
	directory
recurse
owner group mode 

#示例一、创建文件，并设定属主、属组、权限。
# ansible gaohongyu -m file -a "path=/var/www/html/tt.html state=touch owner=apache group=apache mode=644" -i hosts 

#示例二、创建目录，并设定属主、属组、权限。
# ansible gaohongyu -m file -a "path=/var/www/html/dd state=directory owner=apache group=apache mode=755" -i hosts

#示例三、递归授权目录的方式。
# ansible gaohongyu -m file -a "path=/var/www/html/ owner=apache group=apache mode=755" -i hosts
# ansible gaohongyu -m file -a "path=/var/www/html/ owner=apache group=apache recurse=yes" -i hosts

service

#示例一、启动Httpd服务
[root@ansible ~]# ansible gaohongyu -m service -a "name=httpd state=started"

#示例二、重载Httpd服务
[root@ansible ~]# ansible gaohongyu -m service -a "name=httpd state=reloaded"

#示例三、重启Httpd服务
[root@ansible ~]# ansible gaohongyu -m service -a "name=httpd state=restarted"

#示例四、停止Httpd服务
[root@ansible ~]# ansible gaohongyu -m service -a "name=httpd state=stopped"

#示例五、启动Httpd服务，并加入开机自启
[root@ansible ~]# ansible gaohongyu -m service -a "name=httpd state=started enabled=yes"

---

yum			安装
copy		配置
file		创建目录,或授权
get_url		下载文件
service		启动服务  重载服务

---

group

#示例一、创建news基本组，指定uid为9999
# ansible gaohongyu -m group -a "name=news gid=9999 state=present" -i hosts

#示例二、创建http系统组，指定uid为8888
# ansible gaohongyu -m group -a "name=http gid=8888 system=yes state=present" -i hosts
yes		true	真
no		false	假

#示例三、删除news基本组
# ansible gaohongyu -m group -a "name=news state=absent" -i hosts

user

#示例一、创建joh用户，uid是1040，主要的组是adm
# ansible gaohongyu -m user -a "name=joh uid=1040 group=adm" -i hosts

#示例二、创建joh用户，登录shell是/sbin/nologin，追加bin、sys两个组
# ansible gaohongyu -m user -a "name=joh shell=/sbin/nologin groups=bin,sys" -i hosts 

#示例三、创建jsm用户，为其添加123作为登录密码，并且创建家目录
# ansible localhost -m debug -a "msg={{ '123' | password_hash('sha512', 'salt') }}"
$6$salt$jkHSO0tOjmLW0S1NFlw5veSIDRAVsiQQMTrkOKy4xdCCLPNIsHhZkIRlzfzIvKyXeGdOfCBoW1wJZPLyQ9Qx/1

# ansible gaohongyu -m user -a 'name=jsm password=$6$salt$jkHSO0tOjmLW0S1NFlw5veSIDRAVsiQQMTrkOKy4xdCCLPNIsHhZkIRlzfzIvKyXeGdOfCBoW1wJZPLyQ9Qx/1 create_home=yes'

#示例四、移除joh用户
# ansible gaohongyu  -m user -a 'name=joh state=absent remove=yes' -i hosts 

#示例五、创建http用户，并为该用户创建2048字节的私钥，存放在~/http/.ssh/id_rsa
# ansible gaohongyu  -m user -a 'name=http generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa' -i hosts

---

1.yum
2.copy
3.group user  file
4.service

---

cron

#示例一、添加定时任务。每分钟执行一次ls  * * * * * ls >/dev/null
# ansible gaohongyu -m cron -a "name=job1 job='ls >/dev/null'" -i hosts 

#示例二、添加定时任务，    每天的凌晨2点和凌晨5点执行一次ls。"0 5,2 * * ls >/dev/null
# ansible gaohongyu -m cron -a "name=job2 minute=0 hour=5,2 job='ls >/dev/null'" -i hosts 

#示例三、关闭定时任务，使定时任务失效
# ansible gaohongyu -m cron -a "name=job2 minute=0 hour=5,2 job='ls >/dev/null' disabled=yes" -i hosts

mount

present	将挂载信息写入/etc/fstab 			unmounted	卸载临时,不会清理/etc/fstab
mounted	先挂载,在将挂载信息/etc/fstab		absent		卸载临时,也会清理/etc/fstab

#环境准备：将172.16.1.61作为nfs服务端，172.16.1.7、172.16.1.8作为nfs客户端挂载
# ansible localhost -m yum -a 'name=nfs-utils state=present'
# ansible localhost -m file -a 'path=/ops state=directory'
# ansible localhost -m copy -a 'content="/ops 172.16.1.0/24(rw,sync)" dest=/etc/exports'
# ansible localhost -m service -a "name=nfs state=restarted"

#示例一、挂载nfs存储至本地的/opt目录，并实现开机自动挂载
# ansible gaohongyu -m mount -a "src=172.16.1.61:/ops path=/opt fstype=nfs opts=defaults state=mounted"  

#示例三、永久卸载nfs的挂载，会清理/etc/fstab
# ansible webservers -m mount -a "src=172.16.1.61:/ops path=/opt fstype=nfs opts=defaults state=absent"

selinux

# ansible gaohongyu -m selinux -a "state=disabled"  -i hosts

firewalld
# ansible gaohongyu -m service -a "name=firewalld state=started" -i hosts

firewalld

示例一 永久放行https的流量,只有重启才会生效
# ansible gaohongyu -m firewalld -a "zone=public service=https permanent=yes state=enabled" -i hosts 

示例一 永久放行8081端口的流量,只有重启才会生效
# ansible gaohongyu -m firewalld -a "zone=public port=8080/tcp permanent=yes state=enabled" -i hosts 

示例一 放行8080-8090的所有tcp端口流量,临时和永久都生效.
# ansible gaohongyu -m firewalld -a "zone=public port=8080-8090/tcp permanent=yes immediate=yes state=enabled" -i hosts

---

1.安装http服务 yum

2.编写简单网页测试内容 copy (Name-gaohongyuEdu.com)

3.启动服务并加入开机自启 service

4.放行firewalld对应的端口 firewalld

playbook 剧本

play	(找谁)
task	(干什么)
找一个人干多件事情		playbook   1个play  多个task
找多个人干多件事情		playbook   多个play  多个task
playbook是由yml语法书写，结构清晰，可读性强，所以必须掌握yml基础语法

语法 描述

缩进 YAML使用固定的缩进风格表示层级结构,每个缩进由两个空格组成, 不能使用tabs

冒号 以冒号结尾的除外，其他所有冒号后面所有必须有空格。

短横线 表示列表项，使用一个短横杠加一个空格。多个项使用同样的缩进级别作为同一列表。

playbook

1.安装http服务 yum

2.编写简单网页测试内容 copy (Name-gaohongyuEdu.com)

3.启动服务并加入开机自启 service

4.放行firewalld对应的端口 firewalld

1.针对gaohongyu组 play

2.做什么任务 task

案例一、使用ansible安装并配置nfs服务

	服务端: 10.0.0.7
		1.安装nfs
		2.配置nfs
		3.根据配置创建目录,创建用户,授权
		4.启动并加入开机自启

	客户端: 10.0.0.8
		1.准备一个空目录
		2.挂载10.7 上共享的目录即可

[root@m01 project1]# cat nfs.yaml
- hosts: 172.16.1.7
  tasks:
    - name: Install NFS Server
      yum: name=nfs-utils state=present

    - name: Configure NFS Server
      copy: src=./exports.j2 dest=/etc/exports backup=yes

    - name: Create NFS Group
      group: name=www gid=666

    - name: Create NFS User
      user: name=www uid=666 group=666 shell=/sbin/nologin create_home=no

    - name: Create NFS Data
      file: path=/data state=directory owner=www group=www recurse=yes

    - name: Service NFS Server
      service: name=nfs state=started enabled=yes

- hosts: 172.16.1.8
  tasks:
    - name: Client Create NFS Data
      file: path=/nfs_tt state=directory

    - name: Client Mount NFS Server
      mount:
        src: 172.16.1.7:/data
        path: /nfs_tt
        fstype: nfs
        opts: defaults
        state: mounted

案例二、使用ansible安装并配置httpd服务

	安装
	配置
	启动  注意端口
	防火墙  

[root@m01 project1]# cat http.yaml
- hosts: gaohongyu
  tasks:

    - name: Installed Httpd Server
      yum: name=httpd state=present

    - name: Configure Httpd Server
      copy: src=./httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf backup=yes

    - name: Configure Httpd WebSite
      copy: src=./tt.j2 dest=/var/www/html/tt.html owner=http group=http mode=644

    - name: Service Httpd Server
      service: name=httpd state=started enabled=yes

    - name: Service Firewalld Server
      service: name=firewalld state=started

    - name: Configure Firewalld Server
      firewalld: zone=public port=9988/tcp permanent=yes immediate=yes state=enabled

案例三、ansible安装并配置httpd服务，根据不同的主机配置不同的网站。（多个play使用方式，但不是生产推荐(了解即可)，生产推荐使用循环方式）

清空原来http软件
# ansible gaohongyu -m yum -a "name=httpd state=absent" -i hosts
gaohongyu:
	1.安装http
	2.配置http
		用户		-->存在?	ttt		gid uid  7788
		端口		-->7788
	3.启动http
	4.防火墙		--->放行7788

172.16.1.7:		web-7...
172.16.1.7:		web-8...

yaml
	play	什么play
	task	什么task
	1.缩进
	2.冒号
	3.横线

作业:
	使用AnsiblePlaybook方式构建LAMP架构，具体操作步骤如下:
		1.使用yum安装 httpd、php、php-mysql、mariadb、firewalld等
		2.启动httpd、firewalld、mariadb等服务
		3.添加防火墙规则，放行http的流量，并永久生效
		4.使用get_url下载http://fj.gaohongyu.com/public/index.php文件
		5.扩展:  可道云代码下载解压到指定目录
		效果: 执行完playbook后,访问网站,就跳出网站安装向导

	apache+php   模块		重启apache
	nginx+php    代理		fastcgi协议
	版本冲突

1.卸载php71w,如果是全新的环境,就不用.
yum list installed |grep php71w|awk '{print $1}'|xargs|sed -r 's#(.*)#yum remove -y \1#g'|bash

----------------------------------------------------------------------------
[root@m01 project1]# cat lamp.yml
#1.缩进
#2.冒号
#3.短横线

- hosts: 172.16.1.8   #play
  tasks:

#1.使用yum安装 httpd、php、firewalld等
    - name: Install Httpd PHP firewalld
      yum: name=httpd,php,php-pdo,php-mbstring,php-gd,firewalld state=present

#2.启动httpd、firewalld、服务
    - name: Service Httpd Server
      service: name=httpd state=started

    - name: Service Firewalld Server
      service: name=firewalld state=started

#3.添加防火墙规则，放行http的流量
    - name: Configure Firewalld
      firewalld: port=80/tcp immediate=yes state=enabled

#4.使用get_url下载http://fj.gaohongyu.com/public/index.php文件
    - name: Get Url index.php
      get_url:
        url: http://fj.gaohongyu.com/public/index.php
        dest: /var/www/html/tt.php

#5.扩展:  可道云代码下载解压到指定目录
    - name: Copy Kod Cloud Code
      unarchive: src=./kodexplorer4.40.zip dest=/var/www/html/ mode=0777

#6.变更权限为Httpd进程的运行用户,apache
    - name: Chown Directory
      file: path=/var/www/html owner=apache group=apache recurse=yes 

vars

playbook--->变量-->内容摘要

1.为什么要使用变量

2.ansible怎么定义变量 怎么使用变量{{ 变量名称 }}

1.通过playbook文件中的play进行定义

通过vars来进行定义变量

通过vars_files来进行定义变量

2.通过inventory主机清单进行变量定义

通过host_vars对主机进行定义

通过group_vars对主机组进行定义

3.通过执行playbook时使用-e参数指定变量

3.ansible变量优先级

4.ansible 变量注册

4.ansible facts变量

1.为什么要使用变量
	简化playbook项目的一个维护. 使用一个固定的字符串-->表示一个不固定的值...

2.ansible怎么定义变量 怎么使用变量
	1.通过playbook文件中的play进行定义,通过vars来进行定义变量
		注意: 和shell定义变量的方式不一样,shell:  version=1.12   yml语法: version: 1.12

	定义变量:
		vars:
		  - v1: value
		  - v2: value
		  - v3: value
	使用变量:
		{{ v1 }}
		固定写法{{}} 中间直接填写变量名称即可

1.在playbook文件中的play使用变量
[root@m01 project1]# cat vars_1.yml
- hosts: gaohongyu
  vars:
    - web_packages: httpd-2.4.6
    - ftp_packages: vsftpd-3.0.2

  tasks:
    - name: Installed {{ web_packages }} {{ ftp_packages }}
      yum:
        name:
          - "{{ web_packages }}"
          - "{{ ftp_packages }}"
        state: present	

2.通过定义一个变量文件,然后使用playbook进行调用
[root@m01 project1]# cat vars_public.yml
web_packages: httpd-2.4.6
ftp_packages: vsftpd-3.0.2

[root@m01 project1]# cat vars_1.yml
- hosts: gaohongyu
  vars_files: ./vars_public.yml

  tasks:
    - name: Installed {{ web_packages }} {{ ftp_packages }}
      yum:
        name:
          - "{{ web_packages }}"
          - "{{ ftp_packages }}"
        state: present

通过inventory 主机清单进行变量定义

在项目目录下创建两个变量的目录,host_vars group_vars

#1）在当前的项目目录中创建两个变量的目录
[root@ansible project1]# mkdir host_vars
[root@ansible project1]# mkdir group_vars

#2）在group_vars目录中创建一个文件，文件名与inventory清单中的组名称要保持完全一致。
[root@ansible project1]# cat group_vars/gaohongyu
web_packages: wget
ftp_packages: tree

#3）编写playbook，只需在playbook文件中使用变量即可。
[root@ansible project1]# cat f4.yml
- hosts: gaohongyu
  tasks:
    - name: Install Rpm Packages "{{ web_packages }}" "{{ ftp_packages }}"
      yum:
        name:
          - "{{ web_packages }}"
          - "{{ ftp_packages }}"
        state: present

	注意: 默认情况下,group_vars目录中文件名与hosts清单中的组名保持一致.
		比如在group_vars目录中创建了gaohongyu组的变量,其他组是无法使用gaohongyu组的变量
		系统提供了一个特殊组,all,只需要在group_vars目录下建立一个all文件,编写好变量,所有组都可使用.

hosts_vars

#1）在host_vars目录中创建一个文件，文件名与inventory清单中的主机名称要保持完全一致
[root@ansible project1]# cat hosts
[gaohongyu]
172.16.1.7
172.16.1.8

#2）在host_vars目录中创建文件，给172.16.1.7主机定义变量
[root@ansible project1]# cat host_vars/172.16.1.7
web_packages: zlib-static
ftp_packages: zmap

#3）准备一个playbook文件调用host主机变量
[root@ansible project1]# cat f4.yml
- hosts: 172.16.1.7
  tasks:
    - name: Install Rpm Packages "{{ web_packages }}" "{{ ftp_packages }}"
      yum:
        name:
          - "{{ web_packages }}"
          - "{{ ftp_packages }}"
        state: present

- hosts: 172.16.1.8
  tasks:
    - name: Install Rpm Packages "{{ web_packages }}" "{{ ftp_packages }}"
      yum:
        name:
          - "{{ web_packages }}"
          - "{{ ftp_packages }}"
        state: present

host_vars 特殊的变量目录,针对单个主机进行变量.
group_vars 特殊的变量目录,针对inventory主机清单中的组进行变量定义. 对A组定义的变量 B组无法调用
group_vars/all 特殊的变量文件,可以针对所有的主机组定义变量.

--------------------------------------------------------------------------------------
	3.通过执行playbook时使用-e参数指定变量

[root@m01 project1]# cat vars_7.yml
- hosts: "{{ hosts }}"	#注意:这是一个变量名称
  tasks:
    - name: Install Rpm Packages "{{ web_packages }}" "{{ ftp_packages }}"
      yum:
        name:
          - "{{ web_packages }}"
          - "{{ ftp_packages }}"
        state: present
[root@m01 project1]# #ansible-playbook -i hosts  vars_7.yml -e "hosts=gaohongyu"

ansible变量优先级

定义相同的变量不同的值，来测试变量的优先级。操作步骤如下

1）在plabook中定义vars变量

2）在playbook中定义vars_files变量

3）在host_vars中定义变量

4）在group_vars中定义变量

5）通过执行命令传递变量

[root@m01 project1]# cat vars_8.yml
- hosts: gaohongyu
  vars:
    file_name: play_vars
  vars_files: ./vars_public.yml
  tasks:

    - name: Create Variables {{ file_name }}
      file: path=/tmp/{{ file_name }} state=touch

[root@m01 project1]# vim vars_public.yml
[root@m01 project1]# vim host_vars/172.16.1.7
[root@m01 project1]# vim group_vars/gaohongyu
[root@m01 project1]# vim group_vars/all

变量的优先级

外置传参--->playbook(vars_files--->vars)--->inventory(host_vars-->group_vars/group_name--->group_vars-all)

ansible 变量注册

register  debug

[root@m01 project1]# cat vars_9.yml
- hosts: gaohongyu

  tasks:
    - name: Installed Httpd Server
      yum: name=httpd state=present

    - name: Service Httpd Server
      service: name=httpd state=started

    - name: Check Httpd Server
      shell: ps aux|grep httpd
      register: check_httpd

    - name: OutPut Variables
      debug:
        msg: "{{ check_httpd.stdout_lines }}"

ansible facts变量

	用来采集被控端的状态指标,比如: IP地址  主机名称  cpu信息  内存  等等
	默认情况的facts变量名都已经预先定义好了, 只需要采集被控端的信息,然后传递至facts变量即可.

4.使用facts变量根据不同的内存生成不同Memcached配置文件

1）准备两台物理内存不一样的主机
172.16.1.7 1G		memcached 500MB
172.16.1.8 2G		memcached 1Gb

2）如何提取被控端的总内存大小
[root@m01 project1]# ansible 172.16.1.8 -m setup -a "filter=ansible_memtotal_mb" -i hosts
172.16.1.8 | SUCCESS => {
    "ansible_facts": {
        "ansible_memtotal_mb": 1996,
        "discovered_interpreter_python": "/usr/bin/python"
    },
    "changed": false
}

[root@m01 project1]# cat vars_12.yml
- hosts: gaohongyu
  tasks:
    - name: Installed Memcached Server
      yum: name=memcached state=present

    - name: Configure Memcached Server
      template: src=./memcached.j2 dest=/etc/sysconfig/memcached

    - name: Service Memcached Server
      service: name=memcached state=started enabled=yes

    - name: Check Memcached Server
      shell: ps aux|grep memcached
      register: check_mem

    - name: Debug Memcached Variables
      debug:
        msg: "{{ check_mem.stdout_lines }}"

在写任何新的服务之前,请先手动测试一遍,提取安装的命令\配置文件路径\启动命令

[root@m01 project1]# yum install memcached -y

[root@m01 project1]# cat /etc/sysconfig/memcached

PORT="11211"

USER="memcached"

MAXCONN="1024"

CACHESIZE="64"

OPTIONS=""

[root@m01 project1]# systemctl start memcached

1.nginx+php 完成 kod云搭建
2.通过facts变量中的cpu核心数  渲染出不同主机的nginx配置文件   worker_processes
5.如何批量修改服务器主机名称(hostname)  8-10位随机数  (面试题)

---------------------------------
3.完成渲染zabbix的配置文件
4.完成渲染memcached的配置文件
  端口\最大连接数  设定成变量

使用ansible playbook

https://www.gaohongyu.com/bgx/1253.html

nginx+php

1.卸载php低版本

2.安装nginx1.12 ---> epel

3.安装php5.4 ---> base

4.创建组和用户 www

5.配置nginx -->nginx.conf 指定运行的用户身份www

6.配置nginx.conf.d/kod.conf 虚拟主机

7.根据虚拟主机的配置创建存放代码的目录

8.拷贝kod云的代码.解压

9.授权目录的权限

7.配置php-fpm 管理php的用户身份

8.配置php程序,php.ini 调整可道云上传的大小

9.测试nginx 和php的配置文件是否正确,正确则启动

[root@m01 project1]# cat group_vars/all

nginx php variables

web_user: www

nginx_conf: /etc/nginx/nginx.conf

nginx_virt: /etc/nginx/conf.d

nginx_code: /ansible_code

php_fpm_conf: /etc/php-fpm.d/www.conf

php_ini_conf: /etc/php.ini

php_ini_max_upload: 200M

[root@m01 project1]# cat nginx_php.yml

• hosts: gaohongyu

1.卸载php低版本

2.安装nginx1.12 php5.4

tasks:

- name: Installed Nginx

yum: name=nginx,php,php-fpm,php-pdo,php-gd,php-mbstring state=present

4.创建组和用户 www

- name: Create Group {{ web_user }}
  group: name={{ web_user }} gid=666 state=present

- name: Create User {{ web_user }}
  user: name={{ web_user }} uid=666 group=666 shell=/sbin/nologin state=present

5.配置nginx -->nginx.conf 指定运行的用户身份www

- name: Configure Nginx {{ nginx_conf }}
  template: src=./nginx.conf.j2 dest={{ nginx_conf }} backup=yes

6.配置nginx.conf.d/kod.conf 虚拟主机

- name: Configure Virtual {{ nginx_virt }}
  template: src=./kod.conf.j2 dest={{ nginx_virt }}/kod.conf backup=yes

7.根据虚拟主机的配置创建存放代码的目录

- name: Create Kod {{ nginx_code }} Directory
  file: path={{ nginx_code }} state=directory

8.拷贝kod云的代码.解压

- name: Unzip Kod {{ nginx_code }} Directory
  unarchive: src=./backup/kodexplorer4.40.zip dest={{ nginx_code }}

9.授权目录的权限

- name: Chown Kod Data {{ web_user }}
  file: path={{ nginx_code }} owner={{ web_user }} group={{ web_user }} recurse=yes mode=0777

7.配置php-fpm 管理php的用户身份

- name: Configure PHP-FPM {{ php_fpm_conf }}
  template: src=./php_www.conf.j2 dest={{ php_fpm_conf }}

8.配置php程序,php.ini 调整可道云上传的大小

- name: Configure PHP Server {{ php_ini_conf }}
  template: src=./php.ini.j2 dest={{ php_ini_conf }}

9.测试nginx 和php的配置文件是否正确,正确则启动

- name: Service Nginx Server
  service: name=nginx state=started enabled=yes

- name: Service PHP-FPM Server
  service: name=php-fpm state=started enabled=yes

解法一、web_随机数的解法

[root@m01 ~]# cat te.yaml

• hosts: all
  
  tasks:

  • name: 打印facts变量的内容
    
    debug: msg={{ ansible_default_ipv4.address }}

  • name: 使用hostname模块将主机名修改为web_ip
    
    hostname: name=web_{{ ansible_default_ipv4.address }}

    解法二、web_随机数的解法

    [root@m01 ~]# cat te_2.yaml

    • hosts: all
      
      tasks:

    • name: 定义一个随机数，设定为变量，然后后续调用
      
      shell: echo $((RANDOM%200))
      
      register: System_SJ

    • name: 使用debug输出变量结果，这样好知道需要提取的关键值
      
      debug: msg={{ System_SJ }}

    • name: 使用hostname模块将主机名修改为web_随机数
      
      hostname: name=web_{{ System_SJ.stdout }}

[root@m01 project1]# cat vars_14.yml

• hosts: gaohongyu
  
  tasks:

  • name: SHell
    
    shell: echo $RANDOM|md5sum |cut -c 5-10
    
    register: get_random

  • name: Get Facts
    
    debug:
    
    msg: "{{ ansible_date_time.epoch }}"

  • name: Hostname
    
    hostname: name={{ get_random.stdout }}_{{ ansible_date_time.epoch }}

---

---

task控制:

1.判断语句 when

根据主机名称来安装不同的yum仓库

根据主机的系统安装不同的软件包

2.循环语句 with_items: 列表 item

基本循环

字典循环 facts

3.handlers触发

notify 通知

handlers 执行

4.include
	include 				tasks
	include_tasks			tasks
	import_playbook			playbook

5. tags标签
		调试模式使用
	-t 指定
	--skip-tags: 跳过

6.忽略错误ignore_errors: yes

7.错误处理
	fource_handlers: yes  强制调用handlers(少)
	change_when: false    抑制changed状态
	change_when: (check_nginx.stdout.find('ok')

playbook Tasks任务控制:

1.条件判断 when

实践案例一、根据不同操作系统，安装相同的软件包

[root@m01 project1]# cat tasks_1.yml

• hosts: gaohongyu
  
  tasks:

  • name: Installed {{ ansible_distribution }} Httpd Server
    
    yum: name=httpd state=present
    
    when: ( ansible_distribution == "CentOS" )

  • name: Installed {{ ansible_distribution }} Httpd2 Server
    
    yum: name=httpd2 state=present
    
    when: ( ansible_distribution == "Ubuntu" )

实践案例二、为所有的web主机名添加nginx仓库，其余的都跳过添加

[root@m01 project1]# cat tasks_2.yml

• hosts: all
  
  tasks:
  • name: Create YUM Repo
    
    yum_repository:
    
    name: ansible_nginx
    
    description: ansible_test
    
    baseurl: https://mirrors.gaohongyu.com
    
    gpgcheck: no
    
    enabled: no
    
    when: ( ansible_fqdn is match ("web*"))

主机名称是web或主机名称是lb的则添加这个nginx源

[root@m01 project1]# cat tasks_2.yml

• hosts: all
  
  tasks:
  • name: Create YUM Repo
    
    yum_repository:
    
    name: ansible_nginx
    
    description: ansible_test
    
    baseurl: https://mirrors.gaohongyu.com
    
    gpgcheck: no
    
    enabled: no
    
    when: ( ansible_fqdn is match ("web")) or
    
    ( ansible_fqdn is match ("lb"))

or:

and:

实践案例三、根据命令执行的结果进行判断

[root@m01 project1]# cat tasks_3.yml

• hosts: all
  
  tasks:
  
  #检查httpd服务是否是活动的

  • name: Check Httpd Server
    
    command: systemctl is-active httpd
    
    ignore_errors: yes
    
    register: check_httpd

    如果check_httpd变量中的rc结果等于0，则执行重启httpd，否则跳过

  • name: Httpd Restart
    
    service: name=httpd state=restarted
    
    when: check_httpd.rc == 0

---

2.循环语句 with_items

实践案例一、使用循环启动多个服务

[root@m01 project1]# cat tasks_4.yml

• hosts: webserver
  
  tasks:

  • name: Service Nginx Server
    
    service: name={{ item }} state=restarted
    
    with_items:
    • nginx
    • php-fpm

实践案例二、定义变量方式循环安装软件包

[root@m01 playbook]# cat loop-service-v2.yml

• hosts: web
  
  tasks:
  • name: Installed Httpd Mariadb Package
    
    yum: name={{ pack }} state=latest
    
    vars:
    
    pack:
    • httpd
    • mariadb-server

[root@m01 project1]# cat tasks_5.yml

• hosts: webserver
  
  tasks:
  • name: Installed Httpd Mariadb Package
    
    yum: name={{ pack }} state=latest
    
    vars:
    
    pack:
    • httpd
    • mariadb-server

实践案例三、使用变量字典循环方式批量创建用户

[root@m01 project1]# cat tasks_6.yml

• hosts: webserver
  
  tasks:
  • name: Create User
    
    user: name={{ item.name }} groups={{ item.groups }} state=present
    
    with_items:

实践案例三、使用变量字典循环方式批量拷贝文件

rsync: /etc/rsyncd.conf 644 /etc/rsync.pass 600

[root@m01 project1]# cat tasks_7.yml

• hosts: webserver
  
  tasks:

  • name: Configure Rsyncd Server
    
    copy: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }}
    
    with_items:

  高级写法!!

  • name: Configure PHP-FPM {{ php_fpm_conf }}
    
    template: src={{ item.src }} dest={{ item.dest }}
    
    with_items:
    • { src: './docs1/php_www.conf.j2', dest: '{{ php_fpm_conf }}' }
    • { src: './docs1/php.ini.j2', dest: '{{ php_ini_conf }}' }

  3.handlers 触发器 notify监控 --->通知 ---> Handlers触发

1.安装nginx服务playbook

要求能够实现配置变更,服务自动重载 (万一配置修改错误.怎么办?)

[root@m01 ~]# cat webserver.yml

• hosts: webserver

1.定义变量，在配置文件中调用

vars:

http_port: 8881

2.安装httpd服务

tasks:

- name: Install Httpd Server

yum: name=httpd state=present

3.使用template模板，引用上面vars定义的变量至配置文件中

- name: Configure Httpd Server
  template: src=./httpd.conf dest=/etc/httpd/conf/httpd.conf
  notify:   #调用名称为Restart Httpd Server的handlers(可以写多个)
    - Restart Httpd Server

4.启动Httpd服务

- name: Start Httpd Server
  service: name=httpd state=started enabled=yes

5.如果配置文件发生变化会调用该handlers下面的对应名称的task

handlers:

- name: Restart Httpd Server

service: name=httpd state=restarted

3.handlers注意事项

1.无论多少个task通知了相同的handlers，handlers仅会在所有tasks结束后运行一次。

2.只有task发生改变了才会通知handlers，没有改变则不会触发handlers

3.不能使用handlers替代tasks、因为handlers是一个特殊的tasks。

4.tags标签	根据指定的标签执行  调试
	1.对一个tasks指定一个tags标签
	2.对一个tasks指定多个tags标签
	3.多个tasks任务指定一个tags标签

nginx
installed
	- tags: 1
configure
	- tags: 1
service
    - tags: 1

apache
installed
	- tags: 4
configure
	- tags: 4
service
    - tags: 4

指定执行某个tags标签

[root@m01 docs1]# ansible-playbook -i hosts nginx_php.yml -t "test_user"

忽略执行某个tags标签

[root@m01 docs1]# ansible-playbook -i hosts nginx_php.yml --skip-tags "test_user"

[root@m01 project1]# cat tasks_8.yml

• hosts: webserver
  
  tasks:

  • name: Install Nfs Server
    
    yum: name=nfs-utils state=present
    
    tags: install_nfs

  • name: Service Nfs Server
    
    service: name=nfs-server state=started enabled=yes
    
    tags: start_nfs-server

  5.include包含

1）编写restart_httpd.yml文件

[root@ansible project1]# cat restart_httpd.yml #注意这是一个tasks所有没有play的任何信息

• name: Restart Httpd Server
  
  service: name=httpd state=restarted

2）A Project的playbook如下

[root@ansible project1]# cat a_project.yml

• hosts: webserver
  
  tasks:

  • name: A Project command
    
    command: echo "A"

  • name: Restart httpd
    
    include: restart_httpd.yml

3）B Project的playbook如下

[root@ansible project1]# cat b_project.yml

• hosts: webserver
  
  tasks:

  • name: B Project command
    
    command: echo "B"

  • name: Restart httpd
    
    include_tasks: restart_httpd.yml

  导入一个完整的playbook文件 (play task)
  
  [root@m01 project1]# cat tasks_total.yml

• import_playbook: ./tasks_1.yml

• import_playbook: ./tasks_2.yml
  
  ---------------------------------------------import_playbook include include_tasks

  6.错误忽略ignore_errors
  
  [root@m01 project1]# cat tasks_9.yml

• hosts: webserver
  
  tasks:

  • name: Command
    
    command: /bin/false
    
    ignore_errors: yes

  • name: Create File
    
    file: path=/tmp/tttt state=touch

  7.错误处理changed_when

---

1.强制调用handlers

[root@m01 project1]# cat tasks_10.yml

• hosts: webserver
  
  force_handlers: yes #强制调用handlers

  tasks:

  • name: Touch File
    
    file: path=/tmp/bgx_handlers state=touch
    
    notify: Restart Httpd Server

  • name: Installed Packages
    
    yum: name=sb state=latest

  handlers:

  • name: Restart Httpd Server
    
    service: name=httpd state=restarted

2.关闭changed的状态(确定该tasks不会对被控端做任何的修改和变更.)

[root@m01 project1]# cat tasks_11.yml

• hosts: webserver
  
  tasks:

  • name: Installed Httpd Server
    
    yum: name=httpd state=present

  • name: Service Httpd Server
    
    service: name=httpd state=started

  • name: Check Httpd Server
    
    shell: ps aux|grep httpd
    
    register: check_httpd
    
    changed_when: false

  • name: OutPut Variables
    
    debug:
    
    msg: "{{ check_httpd.stdout_lines }}"

案例三、使用changed_when检查tasks任务返回的结果

[root@m01 project1]# cat tasks_12.yml

• hosts: webserver
  
  tasks:

  • name: Installed Nginx Server
    
    yum: name=nginx state=present

  • name: Configure Nginx Server
    
    copy: src=./nginx.conf.j2 dest=/etc/nginx/nginx.conf
    
    notify: Restart Nginx Server

  • name: Check Nginx Configure Status
    
    command: /usr/sbin/nginx -t
    
    register: check_nginx
    
    changed_when:

    • ( check_nginx.stdout.find('successful'))
    • false

  • name: Service Nginx Server
    
    service: name=nginx state=started

  handlers:

  • name: Restart Nginx Server
    
    service: name=nginx state=restarted

nginx +php : kod #y一定要实现自动化配置文件,注意有些不重要的内容,不要打印changd状态

问题: lnmp.yml 如何实现变更配置端口8080,执行playbook后,所有被控端主机马上变更. handlers:

问题: 测试希望仅执行某个特定的tasks任务时,怎么办? tags

问题: 检测nginx php的语法,正常则启动或重启,不正常则忽略. (changed_when var.stdout.find(''))

---------------先写思路:

[root@m01 project1]# cat lnmp.yml

• hosts: webserver
  
  tasks:

  • name: Installed Nginx PHP-FPM Server
    
    yum: name={{ packages }} state=present
    
    vars:
    
    packages:
    
    - nginx
    
    - php
    
    - php-fpm
    
    - php-cli
    
    - php-pdo
    
    - php-mbstring
    
    - php-gd

  • name: Create Nginx Group {{ web_user }}
    
    group: name={{ web_user }} gid=666 state=present

  • name: Create Nginx User {{ web_user }}
    
    user: name={{ web_user }} uid=666 group={{ web_user }} state=present

  • name: Create Kod {{ kod_server_path }} Directory
    
    file: path={{ kod_server_path }} state=directory

  • name: Unzip Kod {{ kod_server_path }} Directory
    
    unarchive: src=./playbook/kodexplorer4.40.zip dest={{ kod_server_path }}

  • name: Chown Kod Data {{ web_user }}
    
    file: path={{ kod_server_path }} owner={{ web_user }} group={{ web_user }} recurse=yes mode=0777

  • name: Configure Nginx Server
    
    template: src={{ item.src }} dest={{ item.dest }} backup=yes
    
    with_items:

    • {src: './kod.conf.j2',dest: '/etc/nginx/conf.d/kod.conf'}
      
      notify: Restart Nginx Server

  • name: Check Nginx Server
    
    shell: /usr/sbin/nginx -t
    
    register: check_nginx
    
    changed_when:

    • ( check_nginx.stdout.find('successful'))
    • false

  • name: Configure PHP-FPM Server
    
    template: src={{ item.src }} dest={{ item.dest }} backup=yes
    
    with_items:

    • {src: './php_www.conf.j2',dest: '/etc/php-fpm.d/www.conf'}
      
      notify: Restart PHP-FPM Server

  • name: Check PHP-FPM Server
    
    shell: /usr/sbin/php-fpm -t
    
    register: check_phpfpm
    
    changed_when:

    • ( check_phpfpm.stdout.find('successful'))
    • false

  • name: Start Nginx PHP Server
    
    service: name={{ item }} state=started enabled=yes
    
    with_items:

    • nginx
    • php-fpm

  handlers:

  • name: Restart Nginx Server
    
    service: name=nginx state=restarted

  • name: Restart PHP-FPM Server
    
    service: name=php-fpm state=restarted

[root@m01 project1]# cat group_vars/all

nginx php variables

web_user: www

nginx_conf: /etc/nginx/nginx.conf

nginx_virt: /etc/nginx/conf.d

nginx_code: /ansible_code

server_port: 80

kod_server_name: kod.gaohongyu.com

kod_server_path: /nginx_code

php_fpm_conf: /etc/php-fpm.d/www.conf

php_ini_conf: /etc/php.ini

php_ini_max_upload: 200M

---

jinja2 了解项

1.jinja2

2.ansible与jinja关系

3.jinja2循环 判断语句

{% if EXPR %}...{% elif EXPR %}...{% endif%} 作为条件判断

--------------------------------------判断语句

{% if ansible_fqdn == "web01" %}

echo "123"

{% elif ansible_fqdn == "web02" %}

echo "456"

{% else %}

echo "789"

--------------------------------------循环语句

{% for i in EXPR %}...{% endfor%} 作为循环表达式

{% for i in range(1,10) %}

server 172.16.1.{{i}};

{# COMMENT #} 表示注释

---

---

4.jinja2 渲染 nginx_proxy配置文件 keepalived配置文件

[root@m01 project1]# cat jinja_2.yml

• hosts: lbserver
  
  vars:

  • http_port: 80

  • server_name: kod.gaohongyu.com
    
    tasks:

  • name: Installed Nginx Server
    
    yum: name=nginx state=present

  • name: Configure Nginx Virt
    
    template: src=./kod_proxy.conf.j2 dest=/etc/nginx/conf.d/proxy_kod.gaohongyu.com.conf
    
    notify: Restart Nginx Server

  • name: Started Nginx Server
    
    service: name=nginx state=started enabled=yes

  handlers:

  • name: Restart Nginx Server
    
    service: name=nginx state=restarted
    
    -------------------------------------------------------------nginx_proxy
    
    [root@m01 project1]# cat kod_proxy.conf.j2
    
    upstream {{ server_name }} {
    
    {% for i in range(1,10) %}
    
    server 172.16.1.{{i}}:{{http_port}} weight=2;
    
    {% endfor %}
    
    }

server {

listen {{ http_port }};

server_name {{ server_name }};

location / {

proxy_pass http://{{ server_name }};

include proxy_params;

}

}

jinja循环高级用法

循环inventory主机清单中的webserver组,将提取到的IP赋值给i变量.

upstream {{ server_name }} {

{% for i in groups['webserver'] %}

server {{i}}:{{http_port}} weight=2;

官方

something that applies to all app servers.

{% endfor %}

https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html

-------------------------------------------------------------keepalived

1）Inventory中的host_vars根据不同主机设定不同的变量。

[root@m01 project1]# cat host_vars/172.16.1.5

state: MASTER

prioroty: 150

[root@m01 project1]# cat host_vars/172.16.1.6

state: BACKUP

prioroty: 100

1. 准备keeplaived配置文件
   
   [root@m01 project1]# cat keepalived.conf.j2
   
   global_defs {
   
   router_id {{ ansible_fqdn }}
   
   }

vrrp_instance VI_1 {

state {{ state }}

priority {{ prioroty }}

interface eth0

virtual_router_id 50

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

10.0.0.3

}

}

3) 使用playbook分发配置文件

[root@m01 project1]# cat jinja_3.yml

• hosts: lbserver
  
  tasks:
  • name: Copy Keepalived
    
    template: src=./keepalived.conf.j2 dest=/tmp/keepalived.conf

---

[root@m01 project1]# cat jinja_4.yml

• hosts: lbserver
  
  tasks:

  • name: Copy Keepalived Master
    
    template: src=./keepalived-master.conf dest=/tmp/keepalived.conf
    
    when: ( ansible_fqdn == "lb01" )

  • name: Copy Keepalived Slave
    
    template: src=./keepalived-slave.conf dest=/tmp/keepalived.conf
    
    when: ( ansible_fqdn == "lb02" )

--------------------jinja实现keepalived

[root@m01 project1]# cat keepalived.conf.j2

global_defs {

router_id {{ ansible_fqdn }}

}

vrrp_instance VI_1 {

{% if ansible_fqdn == "lb01" %}

state MASTER

priority 150

{% elif ansible_fqdn == "lb02" %}

state BACKUP

priority 100

相同点

interface eth0
virtual_router_id 50
advert_int 1
authentication {
    auth_type PASS
    auth_pass 1111

}

virtual_ipaddress {

10.0.0.3

}

}

------------------------------判断变量是否有值

• hosts: webservers
  
  gather_facts: no
  
  vars:
  
  PORT: 13306
  
  tasks:
  • name: Copy MySQL Configure
    
    template: src=./my.cnf.j2 dest=/tmp/my.cnf

---

[root@m01 project1]# cat my.cnf.j2

{% if PORT %}

bind-address=0.0.0.0:{{ PORT }}

{% else %}

bind-address=0.0.0.0:3306

实例

[root@m01 project1]# cat jinja_1.yml

• hosts: webserver
  
  tasks:
  • name: Copy Template File /etc/motd
    
    template: src=./motd.j2 dest=/etc/motd
    
    [root@m01 project1]# cat motd.j2

Welcome to Alibaba Cloud Elastic Compute Service !

This System Hostname: {{ ansible_hostname }}

This System total Memory is: {{ ansible_memtotal_mb }} MB

This System free Memory is: {{ ansible_memfree_mb }} MB

roles

Roles基于一个已知的文件结构 tasks handlers templates .....

Roles小技巧:

1.创建roles目录结构，手动或使用ansible-galaxy init test roles

2.编写roles的功能，也就是tasks。

3.最后playbook引用roles编写好的tasks。

[root@m01 project2]# mkdir memcached/{tasks,handlers,templates,vars,files} -pv

mkdir: 已创建目录 "memcached"

mkdir: 已创建目录 "memcached/tasks"

mkdir: 已创建目录 "memcached/handlers"

mkdir: 已创建目录 "memcached/templates"

mkdir: 已创建目录 "memcached/vars"

mkdir: 已创建目录 "memcached/files"

[root@m01 project2]# mkdir {nginx,php-fpm}/{tasks,handlers,templates} -p

galaxy

/root/.ansible/roles

作业:

1.使用roles编写nginx负载均衡的配置文件(jinja) + keepalived高可用(jinja2)

2.使用roles编写nginx+php实现kod正常运行

3.解析kod.gaohongyu.com 10.0.0.3 能正常打开可道云

4.测试keeplaived高可用

1.基础环境:

1) 关闭防火墙 Firewalld Selinux

2) 创建统一用户www,uid为666 gid为666

2) 添加base epel仓库

3) 特定主机需要添加特定的仓库源 nginx php mysql zabbix elk .....

4) 安装基础软件包 rsync nfs-utils net-tools lrzsz wget unzip vim tree.....

6) 内核升级\内核参数调整\文件描述符调整

[root@m01 roles]# cat hosts

[lbserver]

172.16.1.5

172.16.1.6

[webserver]

172.16.1.7

172.16.1.8

[nfsserver]

172.16.1.31

[dbserver]

172.16.1.51

[root@m01 roles]# mkdir base/{tasks,handlers,templates,vars,files} -p

• name: Disabled Firewalld Server
  
  service: name=firewalld state=stopped enabled=no

• name: Disabled Selinux Server
  
  selinux: state=disabled

• name: Create Web {{ web_user }} {{ web_user_id }} Group
  
  group: name={{ web_user }} gid={{ web_user_id|int }}

• name: Create Web {{ web_user }} {{ web_user_id }} User
  
  user: name={{ web_user }} uid={{ web_user_id|int }} group={{ web_user }}

• name: Add Base Yum Repository
  
  yum_repository:
  
  name: base
  
  description: Base Aliyun Repository
  
  baseurl: http://mirrors.aliyun.com/centos/\(releasever/os/\)basearch/
  
  gpgcheck: yes
  
  gpgkey: http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

• name: Add Epel Yum Repository
  
  yum_repository:
  
  name: epel
  
  description: Epel Aliyun Repository
  
  baseurl: http://mirrors.aliyun.com/epel/7/$basearch
  
  gpgcheck: no

• name: Add Nginx Yum Repository
  
  yum_repository:
  
  name: nginx
  
  description: Nginx Repository
  
  baseurl: http://nginx.org/packages/centos/7/$basearch/
  
  gpgcheck: no
  
  when: ( ansible_hostname is match('web')) or
  
  ( ansible_hostname is match ('lb'))

• name: Add PHP Yum Repository
  
  yum_repository:
  
  name: php71w
  
  description: php Repository
  
  baseurl: http://us-east.repo.webtatic.com/yum/el7/x86_64/
  
  gpgcheck: no
  
  when: ( ansible_hostname is match('web*'))

• name: Installed Packages All
  
  yum: name={{ packages }} state=present
  
  vars:
  
  packages:
  
  - rsync
  
  - nfs-utils
  
  - net-tools
  
  - wget
  
  - tree
  
  - lrzsz
  
  - vim
  
  - unzip
  
  - httpd-tools
  
  - bash-completion
  
  - iftop
  
  - iotop
  
  - glances

• name: Change Limit /etc/security/limit.conf
  
  pam_limits:
  
  domain: "*"
  
  limit_type: "{{ item.limit_type }}"
  
  limit_item: "{{ item.limit_item }}"
  
  value: "{{ item.value }}"
  
  with_items:

---

Nginx 基础模块

[root@m01 roles]# mkdir nginx/{tasks,handlers,templates} -p

基础任务

[root@m01 opt]# cat roles/nginx/tasks/main.yml

• name: Installed Nginx Server
  
  yum: name=nginx state=present

• name: Configure Nginx Server
  
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
  
  notify: Restart Nginx Server

• name: Started Nginx Server
  
  service: name=nginx state=started

触发器

[root@m01 opt]# cat roles/nginx/handlers/main.yml

• name: Restart Nginx Server
  
  service: name=nginx state=restarted

nginx的模板配置文件

[root@m01 opt]# cat roles/nginx/templates/nginx.conf.j2

user {{ web_user }};

error_log /var/log/nginx/error.log warn;

pid /var/run/nginx.pid;

worker_processes {{ ansible_processor_cores }};

events {

worker_connections {{ ansible_processor_cores * 2048 }};

}

http {

include /etc/nginx/mime.types;

default_type application/octet-stream;

client_max_body_size 64m;

log_format main '$remote_addr - \(remote_user [\)time_local] "\(request" '
'\)status \(body_bytes_sent "\)http_referer" '

'"\(http_user_agent" "\)http_x_forwarded_for"';

access_log  /var/log/nginx/access.log main;
sendfile        on;
tcp_nopush      on;
tcp_nodelay     on;

keepalive_timeout  65;
keepalive_requests 100;

server_tokens on;
gzip on;
include /etc/nginx/conf.d/*.conf;

}

---

PHP 基础模块

[root@m01 roles]# mkdir php-fpm/{tasks,handlers,templates} -p

基础任务

[root@m01 opt]# cat roles/php-fpm/tasks/main.yml

• name: Remove PHP-FPM Server
  
  yum: name="php--5" state=absent

• name: Installed PHP-FPM Server
  
  yum: name={{ packages }} state=present
  
  vars:
  
  packages:
  
  - php71w
  
  - php71w-cli
  
  - php71w-common
  
  - php71w-devel
  
  - php71w-embedded
  
  - php71w-gd
  
  - php71w-mcrypt
  
  - php71w-mbstring
  
  - php71w-pdo
  
  - php71w-xml
  
  - php71w-fpm
  
  - php71w-mysqlnd
  
  - php71w-opcache
  
  - php71w-pecl-memcached
  
  - php71w-pecl-redis
  
  - php71w-pecl-mongodb

• name: Configure PHP-FPM Server
  
  template: src=www.conf.j2 dest=/etc/php-fpm.d/www.conf
  
  notify: Restart PHP-FPM Server

• name: Configure PHP.INI Server
  
  template: src=php.ini.j2 dest=/etc/php.ini
  
  notify: Restart PHP-FPM Server

• name: Start PHP-FPM Server
  
  service: name=php-fpm state=started enabled=yes

触发器

[root@m01 opt]# cat roles/php-fpm/handlers/main.yml

• name: Restart PHP-FPM Server
  
  service: name=php-fpm state=restarted

php-fpm模板配置文件

[root@m01 opt]# cat roles/php-fpm/templates/www.conf.j2

[www]

user = {{ web_user }}

group = {{ web_user }}

listen = 127.0.0.1:9000

listen.allowed_clients = 127.0.0.1

pm = dynamic

pm.max_children = 50

pm.start_servers = 10

pm.min_spare_servers = 5

pm.max_spare_servers = 35

slowlog = /var/log/php-fpm/www-slow.log

php_admin_value[error_log] = /var/log/php-fpm/www-error.log

php_admin_flag[log_errors] = on

php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache

php.ini配置文件...

[root@m01 opt]# cat roles/php-fpm/templates/php.ini.j2

....

[Session]

session.save_handler = redis

session.save_path = "tcp://{{ redis_server_ip }}:{{ redis_server_port }}"

....

---

NFS 基础模块

[root@m01 roles]# mkdir nfs/{tasks,handlers,templates} -p

基础任务

[root@m01 opt]# cat roles/nfs/tasks/main.yml

• name: Install NFS Server
  
  yum: name=nfs-utils state=present

• name: Configure NFS Server
  
  template: src=exports.j2 dest=/etc/exports
  
  notify: Restart NFS Server

• name: Create NFS Server Share Directory
  
  file: path={{ nfs_dir }} state=directory owner={{ web_user }} group={{ web_user }}

• name: Started NFS Server
  
  service: name=nfs state=started enabled=yes

触发器

[root@m01 opt]# cat roles/nfs/handlers/main.yml

• name: Restart NFS Server
  
  service: name=nfs state=restarted

模板配置文件

[root@m01 opt]# cat roles/nfs/templates/exports.j2

{{ nfs_dir }} {{ nfs_share_ip }}(rw,sync,all_squash,anonuid={{ web_user_id }},anongid={{ web_user_id }})

---

Redis 基础模块

[root@m01 roles]# mkdir redis/{tasks,handlers,templates} -p

基础任务

[root@m01 opt]# cat roles/redis/tasks/main.yml

• name: Install Redis Server
  
  yum: name=redis state=present

• name: Configure Redis Server
  
  template: src=redis.conf.j2 dest=/etc/redis.conf
  
  notify: Restart Redis Server

• name: Started Redis Server
  
  service: name=redis state=started enabled=yes

触发器

[root@m01 opt]# cat roles/redis/handlers/main.yml

• name: Restart Redis Server
  
  service: name=redis state=restarted

redis模板配置文件(注意修改bind,其他略)

[root@m01 opt]# cat roles/redis/templates/redis.conf.j2

bind 127.0.0.1 {{ ansible_eth1.ipv4.address }}

---

MySQL 基础模块

[root@m01 roles]# mkdir mysql/{tasks,handlers,templates} -p

mysql_db Add or remove MySQL databases fr...

mysql_user Adds or removes a user from a My..

基础任务

[root@m01 opt]# cat roles/mysql/tasks/main.yml

• name: Install Mriadb Server
  
  yum: name={{ packages }} state=present
  
  vars:
  
  packages:
  
  - mariadb
  
  - mariadb-server
  
  - MySQL-python

• name: Configure Mariadb Server
  
  template: src=my.cnf.j2 dest=/etc/my.cnf backup=yes
  
  notify: Restart Mariadb Server

• name: Started Mariadb Server
  
  service: name=mariadb state=started enabled=yes

• name: Create Application Database
  
  mysql_db: name={{ item }} state=present
  
  with_items:

  • wordpress
  • zh
  • phpmyadmin
  • zabbix
  • jpress

• name: Create Web Remote Application DB User
  
  mysql_user:
  
  name: "{{ web_db_user }}"
  
  password: "{{ web_db_pass }}"
  
  priv: '.:ALL'
  
  host: '%'
  
  state: present

触发器

[root@m01 opt]# cat roles/mysql/handlers/main.yml

• name: Restart Mariadb Server
  
  service: name=mariadb state=restarted

模板配置文件mysql

[root@m01 opt]# cat roles/mysql/templates/my.cnf.j2 r

[mysqld]

datadir=/var/lib/mysql

socket=/var/lib/mysql/mysql.sock

symbolic-links=0

[mysqld_safe]

log-error=/var/log/mariadb/mariadb.log

pid-file=/var/run/mariadb/mariadb.pid

!includedir /etc/my.cnf.d

---

Keepalived 基础模块

[root@m01 roles]# mkdir keepalived/{tasks,handlers,templates} -p

基础任务

[root@m01 opt]# cat roles/keepalived/tasks/main.yml

• name: Install keepalived Server
  
  yum: name=keepalived state=present

• name: Configure Keepalived Server
  
  template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
  
  notify: Restart keepalived Server

• name: Start Keepalived Server
  
  service: name=keepalived state=started enabled=yes

触发器

[root@m01 opt]# cat roles/keepalived/handlers/main.yml

• name: Restart keepalived Server
  
  service: name=keepalived state=restarted

模板配置文件

[root@m01 opt]# cat roles/keepalived/templates/keepalived.conf.j2

global_defs {

router_id {{ ansible_hostname }}

}

vrrp_instance VI_1 {

{% if ansible_hostname == "lb01" %}

state MASTER

priority 150

{% elif ansible_hostname == "lb02" %}

state BACKUP

priority 100

{% endif %}

interface eth0

virtual_router_id 50

advert_int 1

authentication {

auth_type PASS

auth_pass 1111

}

virtual_ipaddress {

10.0.0.3

}

}

---

wordpress引入 (nginx+php) code代码

[root@m01 roles]# mkdir wordpress/{tasks,handlers,templates,files,meta} -p

---

wordpress引入 nginx_proxy

[root@m01 roles]# mkdir wordpress_proxy/{tasks,handlers,templates,files,meta} -p