使用ansible安裝sersync、nfs、rsync、mariadb、nginx、php部署wordpress
阿新 • • 發佈:2020-07-23
ansible練習
1.安裝rsync
2.安裝nfs
3.sersync
4.mariadb
5.安裝nginx php
6.部署wordpress
#### 目錄結構 [root@m01 ansible]# ll total 0 drwxr-xr-x 2 root root 6 Jun 15 17:11 group_vars drwxr-xr-x 2 root root 6 Jun 15 17:11 host_vars drwxr-xr-x 2 root root 6 Jun 15 17:10 mariadb drwxr-xr-x 2 root root 6 Jun 15 17:10 nfs drwxr-xr-x 2 root root 25 Jun 15 17:11 rsync drwxr-xr-x 2 root root 6 Jun 15 17:10 web #### 主機清單 [root@m01 ansible]# vim /etc/ansible/hosts [web_group] web01 ansible_ssh_host=10.0.0.7 web02 ansible_ssh_host=10.0.0.8 [backup_group] backup ansible_ssh_host=10.0.0.41 [nfs_group] nfs ansible_ssh_host=10.0.0.31 [db_group] db01 ansible_ssh_host=10.0.0.51 [install_nfs:children] web_group nfs_group [install_rsync:children] nfs_group backup_group #### 定義變數 [root@m01 ansible]# vim group_vars/install_rsync rsync_user: zls rsync_pwd: 123 [root@m01 ansible]# vim group_vars/all web_user_group: www #### base基礎優化 1.建立www使用者和組 2.開啟防火牆 3.開啟nfs,http,https,rsync埠 4.關閉selinux - hosts: all tasks: - name: Create {{ web_user_group }} Group group: name: "{{ web_user_group }}" gid: 666 state: present - name: Create {{ web_user_group }} User user: name: "{{ web_user_group }}" uid: 666 group: "{{ web_user_group }}" shell: /sbin/nologin create_home: False - name: Start FireWalld Server service: name: firewalld state: started - name: Open Port firewalld: service: "{{ item }}" state: enabled permanent: no with_items: - nfs - http - https - rsyncd - name: Stop Selinux selinux: state: disabled #### 安裝rsync 提前準備:配置檔案 uid = {{ web_user_group }} gid = {{ web_user_group }} port = 873 fake super = yes use chroot = no max connections = 200 timeout = 600 ignore errors read only = false list = false auth users = {{ rsync_user }} secrets file = /etc/rsync.passwd log file = /var/log/rsyncd.log ##################################### [{{ rsync_dir }}] comment = welcome to oldboyedu backup! path = {{ rsync_dir }} 1.安裝rsync 2.配置rsync 3.建立密碼檔案 4.建立目錄 5.啟動rsync服務 ######################## 部署Rsync ###################### - name: Install Rsync Server yum: name: rsync state: present when: ansible_fqdn == 'nfs' or ansible_fqdn == 'backup' - name: Configure Rsync Config template: src: /ansible/rsync/rsyncd.conf dest: /etc/rsyncd.conf when: ansible_fqdn == 'backup' - name: Create Rsync Pass File copy: content: "{{ rsync_user }}:{{ rsync_pwd }}" dest: /etc/rsync.passwd mode: 0600 when: ansible_fqdn == 'backup' - name: Create {{ rsync_dir }} Directory file: path: /{{ rsync_dir }} owner: "{{ web_user_group }}" group: "{{ web_user_group }}" mode: 0755 state: directory when: ansible_fqdn == 'backup' - name: Start Rsync Server service: name: rsyncd state: started enabled: true when: ansible_fqdn == 'backup' #### 安裝nfs 提前準備:掛載目錄中的使用者圖片等... 1.安裝nfs 2.配置nfs 3.建立共享目錄 4.解壓使用者圖片檔案 5.啟動nfs服務 ######################## 部署NFS ###################### - name: Install NFS Server yum: name: nfs-utils state: present when: ansible_fqdn == 'nfs' or ansible_fqdn is match 'web*' - name: Configure NFS Config copy: content: "/{{ nfs_dir }} 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)" dest: /etc/exports when: ansible_fqdn == 'nfs' - name: Create {{ nfs_dir }} Directory file: path: /{{ nfs_dir }} owner: "{{ web_user_group }}" group: "{{ web_user_group }}" mode: 0755 state: directory when: ansible_fqdn == 'nfs' - name: Start NFS Server service: name: nfs-server state: started enabled: true when: ansible_fqdn == 'nfs' #### 部署sersync 提前準備: 1.sersync安裝包 -rw-r--r-- 1 root root 727290 Jun 15 10:19 sersync2.5.4_64bit_binary_stable_final.tar.gz 2.sersync配置檔案 <inotify> <delete start="true"/> <createFolder start="true"/> <createFile start="true"/> <closeWrite start="true"/> <moveFrom start="true"/> <moveTo start="true"/> <attrib start="true"/> <modify start="true"/> </inotify> <sersync> <localpath watch="/{{ nfs_dir }}"> <remote ip="172.16.1.41" name="{{ rsync_dir }}"/> <!--<remote ip="192.168.8.39" name="tongbu"/>--> <!--<remote ip="192.168.8.40" name="tongbu"/>--> </localpath> <rsync> <commonParams params="-az"/> <auth start="true" users="{{ rsync_user }}" passwordfile="/etc/rsync.pas"/> <userDefinedPort start="false" port="874"/><!-- port=874 --> <timeout start="false" time="100"/><!-- timeout=100 --> <ssh start="false"/> </rsync> 1.解壓sersync: GNU-Linux-x86 2.安裝inotify-tools 3.配置sersync 4.建立密碼檔案 5.啟動sersync ######################## 部署sersync ###################### - name: Install Inotify-tools yum: name: inotify-tools state: present when: ansible_fqdn == 'nfs' - name: Unarchive Sersync Server unarchive: src: /ansible/sersync/sersync2.5.4_64bit_binary_stable_final.tar.gz dest: /usr/local/ when: ansible_fqdn == 'nfs' - name: Configure Sersync Config template: src: /ansible/sersync/confxml.xml dest: /usr/local/GNU-Linux-x86/confxml.xml when: ansible_fqdn == 'nfs' - name: Create Rsync Client Pass File copy: content: "{{ rsync_pwd }}" dest: /etc/rsync.pas mode: 0600 when: ansible_fqdn == 'nfs' - name: Start Sersync Server shell: "/usr/local/GNU-Linux-x86/sersync2 -dro /usr/local/GNU-Linux-x86/confxml.xml" when: ansible_fqdn == 'nfs' #### 部署mariadb 提前準備SQL語句 1.安裝mariadb-server 2.啟動mariadb 3.建立wp_user使用者 4.匯入wordpress.sql檔案 ######################## 部署mariadb ###################### - name: Install MariaDB Server yum: name: - mariadb-server - MySQL-python state: present when: ansible_fqdn == 'db01' - name: Start MariaDB Server service: name: mariadb state: started enabled: true when: ansible_fqdn == 'db01' - name: Create WordPress User mysql_user: name: wp_user password: '123' host: '%' priv: '*.*:ALL' state: present when: ansible_fqdn == 'db01' - name: Push SQL File to DB copy: src: /ansible/mariadb/wordpress.sql dest: /tmp/wordpress.sql when: ansible_fqdn == 'db01' - name: Import WordPress Data mysql_db: state: import name: all target: /tmp/wordpress.sql when: ansible_fqdn == 'db01' #### 部署ngx和php和wp 提前準備: 1.nginx主配置檔案 2.nginx虛擬主機配置 3.php的www.conf 4.nginx_php安裝包 5.wordpress安裝包 步驟: 1.安裝nginx和php 2.配置nginx和php 3.建立站點目錄 4.解壓程式碼 5.啟動nginx和php 6.掛載站點目錄 ######################## 部署nginx、php、wordpress ###################### - name: Unarchive Nginx and PHP unarchive: src: /ansible/web/nginx_php.tgz dest: /root when: ansible_fqdn is match 'web*' - name: Install Nginx and PHP yum: name: /root/nginx_php/{{ item }} state: present with_items: "{{ nginx_php_packages }}" when: ansible_fqdn is match 'web*' - name: Push Nginx PHP Conf copy: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" } - { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" } - { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" } when: ansible_fqdn is match 'web*' - name: Create HTML Dir file: path: /code owner: "{{ web_user_group }}" group: "{{ web_user_group }}" state: directory when: ansible_fqdn is match 'web*' - name: Unarchive WordPress Package unarchive: src: /ansible/web/wordpress.tgz dest: /code owner: "{{ web_user_group }}" group: "{{ web_user_group }}" when: ansible_fqdn is match 'web*' - name: Start Nginx Server service: name: "{{ item }}" state: started enabled: true with_items: - nginx - php-fpm when: ansible_fqdn is match 'web*' - name: Mount NFS Share Directory mount: path: /code/wordpress/wp-content/uploads src: 172.16.1.31:/{{ nfs_dir }} fstype: nfs state: mounted when: ansible_fqdn is match 'web*'
playbook觸發器 handler
handler用來執行某些條件下的任務,比如當配置檔案發生變化的時候,通過notify觸發handler去重啟服務。
在saltstack中也有類似的觸發器,寫法相對Ansible簡單,只需要watch,配置檔案即可。
大白話:監控某一個步驟,一旦該步驟發生了變化,則立馬觸發該步驟的觸發器,執行對應的步驟
注意: 1.無論多少個task通知了相同的handlers,handlers僅會在所有tasks結束後執行一次。 2.Handlers只有在其所在的任務被執行時,才會被執行;如果一個任務中定義了notify呼叫Handlers,但是由於條件判斷等原因,該任務未被執行,那麼Handlers同樣不會被執行。 3.Handlers只會在每一個play的末尾執行一次;如果想在一個playbook中間執行Handlers,則需要使用meta模組來實現。例如: -meta: flush_handlers。(不要強制執行) 4.如果一個play在執行到呼叫Handlers的語句之前失敗了,那麼這個Handlers將不會被執行。我們可以使用meta模組的--force-handlers選項來強制執行Handlers,即使Handlers所在的play中途執行失敗也能執行。(不要強制執行) 5.不能使用handlers替代tasks
觸發器的寫法:
- hosts: web01 task: - name: Push Nginx PHP Conf copy: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" } - { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" } - { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" } when: ansible_fqdn is match 'web*' notify: Restart Nginx And PHP handlers: - name: Restart Nginx And PHP service: name: "{{ item }}" state: restarted with_items: - nginx - php-fpm 注意:tasks中的notify名字必須和handlers中的- name名字對應上,否則觸發器和任務沒有做任何關聯
tag標籤
預設情況下,Ansible在執行一個playbook時,會執行playbook中定義的所有任務,Ansible的標籤(tag)功能可以給單獨任務甚至整個playbook打上標籤,然後利用這些標籤來指定要執行playbook中的個別任務,或不執行指定的任務。
打標籤的方式
1.對一個task打一個標籤
我只想推送nginx的配置檔案
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" }
- { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" }
when: ansible_fqdn is match 'web*'
notify: Restart Nginx And PHP
tags: config_nginx
#### 執行:
[root@m01 ansible]# ansible-playbook lnmp.yml -t config_nginx
2.對一個task打多個標籤
有一個功能任務,我安裝nginx的時候需要建立www使用者,安裝nfs的時候,需要建立www使用者,安裝rsync的時候需要建立www使用者
建立www使用者這個功能,有多個任務都需要使用
tag: install_nginx
tag: install_nfs
tag: install_rsync
- name: Create {{ web_user_group }} Group
group:
name: "{{ web_user_group }}"
gid: 666
state: present
tags:
- install_nginx
- install_nfs
- install_rsync
[root@m01 ansible]# ansible-playbook lnmp.yml -t install_nginx
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" }
- { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" }
when: ansible_fqdn is match 'web*'
notify: Restart Nginx And PHP
tags:
- congfig_nginx
- install_nginx
3.對多個task打一個標籤
我只想重新安裝nginx
1.安裝nginx
tag: install_nginx
2.配置nginx打一個標籤
tag: install_nginx
- name: Unarchive Nginx and PHP
unarchive:
src: /ansible/web/nginx_php.tgz
dest: /root
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Install Nginx and PHP
yum:
name: /root/nginx_php/{{ item }}
state: present
with_items: "{{ nginx_php_packages }}"
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/web/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/web/www.zls.com.conf",dest: "/etc/nginx/conf.d/www.zls.com.conf" }
- { src: "/ansible/web/www.conf",dest: "/etc/php-fpm.d/www.conf" }
when: ansible_fqdn is match 'web*'
notify: Restart Nginx And PHP
tags:
- congfig_nginx
- install_nginx
- name: Create HTML Dir
file:
path: /code
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
state: directory
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Unarchive WordPress Package
unarchive:
src: /ansible/web/wordpress.tgz
dest: /code
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Start Nginx Server
service:
name: "{{ item }}"
state: started
enabled: true
with_items:
- nginx
- php-fpm
when: ansible_fqdn is match 'web*'
tags: install_nginx
- name: Mount NFS Share Directory
mount:
path: /code/wordpress/wp-content/uploads
src: 172.16.1.31:/{{ nfs_dir }}
fstype: nfs
state: mounted
when: ansible_fqdn is match 'web*'
tags: install_nginx
#### 執行:
[root@m01 ansible]# ansible-playbook lnmp.yml -t install_nginx
-t:執行指定的tag
--skip-tags:跳過指定的tag
playbook的複用
只調用task:include_tasks
呼叫整個task檔案:include (新版本:import_playbook)
在saltstack中,叫做top file入口檔案。
示例一:
[root@m01 m01]# cat task.yml
- hosts: web_group
vars:
- http_port: 8080
tasks:
- include_tasks: task_install.yml
- include_tasks: task_configure.yml
- include_tasks: task_start.yml
handlers:
- name: Restart Httpd Server
systemd:
name: httpd
state: restarted
[root@m01 m01]# cat task_install.yml
- name: Install Http Server
yum:
name: httpd
state: present
[root@m01 m01]# cat task_configure.yml
- name: configure httpd server
template:
src: ./httpd.j2
dest: /etc/httpd/conf/httpd.conf
notify: Restart Httpd Server
[root@m01 m01]# cat task_start.yml
- name: start httpd server
service:
name: httpd
state: started
enabled: yes
示例二
- include: httpd.yml
- include: nfs.yml
- include: rsync.yml
示例三
- import_playbook: httpd.yml
- import_playbook: nfs.yml
- import_playbook: rsync.yml
忽略錯誤
預設playbook會檢測task執行的返回狀態,如果遇到錯誤則會立即終止playbook的後續task執行,然鵝有些時候playbook即使執行錯誤了也要讓其繼續執行。
加入引數:ignore_errors:yes 忽略錯誤
[root@m01 ~]# cat ignore.yml
- hosts: web_group
tasks:
- name: Ignore False
command: /bin/false
ignore_errors: yes
- name: touch new file
file:
path: /tmp/zls.txt
state: touch