自動化運維(二)——Ansible
阿新 • • 發佈:2018-12-11
23.3 Ansible
Ansible和Saltstack比較類似,都是基於Python開發的,Ansible不需要安裝客戶端,通過ssh去通訊。
Ansible有以下優點:
1. 基於模組工作,模組可以由任何語言開發;
2. 支援命令列使用模組,支援編寫yaml格式的playbook,易於編寫和閱讀;
3. 安裝簡單,CentOS上可直接yum安裝;
4. 有提供UI(瀏覽器圖形化),只是要收費,www.ansible.com/tower ;
安裝Ansible
準備兩臺機器,前面做saltstack有使用兩臺機器lzx和lzx1,IP分別是:192.168.100.150和192.168.100.160。
- 只需要在lzx上安裝ansible:
[[email protected] ~]# yum list |grep ansible
ansible.noarch 2.6.3-1.el7 epel
ansible-doc.noarch 2.6.3-1.el7 epel
ansible-inventory-grapher.noarch 2.4.4-1.el7 epel
ansible-lint.noarch 3.4.21-1.el7 epel
ansible-openstack-modules.noarch 0-20140902git79d751a.el7 epel
ansible-review.noarch 0.13.4-1.el7 epel
kubernetes-ansible.noarch 0.6.0-0.1.gitd65ebd5.el7 epel
python2-ansible-runner.noarch 1.0.1-1.el7 epel
python2-ansible-tower-cli.noarch 3.3.0-2.el7 epel
[ - 金鑰認證:
lzx上執行
[[email protected] ~]# ls ~/.ssh/
id_rsa id_rsa.pub known_hosts //有id_rsa和id_rsa.pub,沒有的話執行ssh-keygen -t rsa,-t 指定金鑰型別
[[email protected] ~]# cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqWlFPl3JwzR3AiJgolBthMJradp2r1UekJZnnU5hVjDb+pZ72YQUfNdatuUMr96avQYsF+V61sOc/cxa3YPn35n36TW8P+u7FMxZf31eqMatcHG/AWvjW0UsDw+zQrBr5414mj+AIYQgj0GtDIQJbfifGizK7i9UPLy7oW3Ss7+G2+fqhJ2hIo6qTSBHwSdN3rn9ypL0dPIEqJyaaBUpg5a5JKv3KHO5EyJt6Z787SPf3snKddQNpLkgoQ8yPcbZQ3BE5gt6DapMMpLEUUR2adIfe0rWqcDr4Gp9QTW0u+/LgFI6I1UKdTVYvU2UkpUf4WEp+6Q8AROasXxljrNC1 lzx1上執行
[[email protected] ~]# mkdir .ssh
[[email protected] ~]# vim .ssh/authorized_keys //寫入下面內容
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqWlFPl3JwzR3AiJgolBthMJradp2r1UekJZnnU5hVjDb+pZ72YQUfNdatuUMr96avQYsF+V61sOc/cxa3YPn35n36TW8P+u7FMxZf31eqMatcHG/AWvjW0UsDw+zQrBr5414mj+AIYQgj0GtDIQJbfifGizK7i9UPLy7oW3Ss7+G2+fqhJ2hIo6qTSBHwSdN3rn9ypL0dPIEqJyaaBUpg5a5JKv3KHO5EyJt6Z787SPf3snKddQNpLkgoQ8yPcbZQ3BE5gt6DapMMpLEUUR2adIfe0rWqcDr4Gp9QTW0u+/LgFI6I1UKdTVYvU2UkpUf4WEp+6Q8AROasXxljrNC1 [email protected]
lzx上執行
[[email protected] ~]# ssh lzx1 //要先配置/etc/hosts檔案才能識別
The authenticity of host 'lzx1 (192.168.100.160)' can't be established.
ECDSA key fingerprint is SHA256:teKu3atU+OByPeXXD2xXhyb30vg6nW8ETqqCr785Dbc.
ECDSA key fingerprint is MD5:13:a4:f1:c0:1f:62:65:d4:f4:4e:42:ab:40:f1:36:60.
Are you sure you want to continue connecting (yes/no)? yes //輸入yes
Warning: Permanently added 'lzx1' (ECDSA) to the list of known hosts.
Enter passphrase for key '/root/.ssh/id_rsa': //沒設定金鑰的密碼就直接回車,有就輸入
[email protected]'s password: //輸入lzx1機器上的root密碼
Last login: Tue Sep 11 10:12:52 2018 from 192.168.100.1
[[email protected] ~]# logout
Connection to lzx1 closed.
- lzx上修改配置檔案:
[[email protected] ~]# vim /etc/ansible/hosts //新增下面內容
[testhost] //自定義主機組名字
127.0.0.1
lzx1 //這兩行可以是ip或主機名
遠端執行命令
- lzx上執行命令:
[[email protected] ~]# ansible testhost -m command -a 'w' //-m,指定模組;-a,指定命令
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
127.0.0.1 | SUCCESS | rc=0 >>
10:28:34 up 1:47, 2 users, load average: 0.17, 0.07, 0.06
USER TTY FROM [email protected] IDLE JCPU PCPU WHAT
root pts/0 192.168.100.1 08:41 2.00s 0.81s 0.00s ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/21f0e6a9ae -tt 127.0.0.1 /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1536676113.66-66256136181906/command.py && sleep 0'
root pts/3 127.0.0.1 10:28 1.00s 0.12s 0.04s w
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS | rc=0 >>
10:28:42 up 16 min, 2 users, load average: 0.04, 0.03, 0.05
USER TTY FROM [email protected] IDLE JCPU PCPU WHAT
root pts/0 192.168.100.1 10:12 13:06 0.01s 0.01s -bash
root pts/1 192.168.100.150 10:28 1.00s 0.06s 0.00s w
正常輸出為綠色顯示,出錯為紅色顯示
[[email protected] ~]# ansible testhost -m command -a 'hostname'
Enter passphrase for key '/root/.ssh/id_rsa': Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
127.0.0.1 | SUCCESS | rc=0 >>
lzx
//輸入生成金鑰時設定的密碼
lzx1 | SUCCESS | rc=0 >>
lzx1
也可以指定單獨一臺機器,不指定主機組
[[email protected] ~]# ansible lzx1 -m command -a 'hostname'
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS | rc=0 >>
lzx1
如果執行命令時遇到報錯:“msg”:“Aborting,target uses selinux but python bindings (libselinux-python) aren’t installed”,直接yum安裝 libselinux-python
另外,還可以只有shell模組來執行命令,多用於遠端執行指令碼
[[email protected] ~]# ansible lzx1 -m shell -a 'date'
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS | rc=0 >>
Tue Sep 11 10:39:03 EDT 2018
拷貝檔案或目錄
拷貝目錄時,如果目標指定的目錄不存在,它會自動建立;如果存在,源目錄會放到目標目錄下面。拷貝檔案時,dest指定的名字和源如果不同,並且它不是已經存在的目錄,相當於拷貝過去後又重新命名;如果目錄存在,則會把檔案放在目標目錄下面。
- 拷貝目錄:
[[email protected] ~]# ansible lzx1 -m copy -a "src=/etc/ansible dest=/tmp/ansible_test owner=root group=root mode=0755" //copy表示copy模組;src表示源目錄;dest表示目標目錄;owner指定屬主;group指定屬組;mode指定許可權
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS => {
"changed": true,
"dest": "/tmp/ansible_test/",
"src": "/etc/ansible"
}
到lzx1上檢視
[[email protected] ~]# ls /tmp/
ansible_test //有剛剛拷貝的目錄
mongodb-27019.sock
systemd-private-645901bd56d24e14989826d0df1dc26e-chronyd.service-6UuejO
systemd-private-645901bd56d24e14989826d0df1dc26e-systemd-hostnamed.service-H4iKJy
systemd-private-a6ad68ff8ed74d66ad66a5232a07dab2-chronyd.service-ElmwW4
systemd-private-c40d86d5546d46c68cbb031445b13d64-chronyd.service-LsRxBQ
systemd-private-f43349b80b2a416d9ea1b177669c618f-chronyd.service-sBY7OV
[[email protected] ~]# ls -lt /tmp/ansible_test/
total 0
drwxr-xr-x 3 root root 51 Sep 13 08:51 ansible //屬主屬組許可權都能對應
- 拷貝檔案:
[[email protected] ~]# ansible lzx1 -m copy -a "src=/etc/passwd dest=/tmp owner=root group=root mode=0755"
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS => {
"changed": true,
"checksum": "eb0190ef77febf56f7950c9d54c5799cdfa32ee4",
"dest": "/tmp/passwd",
"gid": 0,
"group": "root",
"md5sum": "55996731e2df563a71a4b9d66094c96c",
"mode": "0755",
"owner": "root",
"size": 1042,
"src": "/root/.ansible/tmp/ansible-tmp-1536843628.27-199330051688323/source",
"state": "file",
"uid": 0
}
到lzx1上檢視
[[email protected] ~]# ls /tmp/
ansible_test
mongodb-27019.sock
passwd //有剛剛拷貝的檔案
systemd-private-645901bd56d24e14989826d0df1dc26e-chronyd.service-6UuejO
systemd-private-645901bd56d24e14989826d0df1dc26e-systemd-hostnamed.service-H4iKJy
systemd-private-a6ad68ff8ed74d66ad66a5232a07dab2-chronyd.service-ElmwW4
systemd-private-c40d86d5546d46c68cbb031445b13d64-chronyd.service-LsRxBQ
systemd-private-f43349b80b2a416d9ea1b177669c618f-chronyd.service-sBY7OV
[[email protected] ~]# ls -lt /tmp/passwd
-rwxr-xr-x 1 root root 1042 Sep 13 09:00 /tmp/passwd
遠端執行指令碼
- 編輯指令碼:
[[email protected] ~]# vim /tmp/1.sh //寫入下面內容
#!/bin/bash
echo `date` > /tmp/123.txt
- 分發指令碼:
[[email protected] ~]# ansible testhost -m copy -a "src=/tmp/1.sh dest=/tmp/test.sh mode=0755" //拷貝指令碼到個機器上
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
19lzx1 | SUCCESS => {
"changed": true,
"checksum": "605c9fa9907b29503e55e10a40e5edf313dda056",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "8877086180b43853c86af1d55989a0b6",
"mode": "0755",
"owner": "root",
"size": 39,
"src": "/root/.ansible/tmp/ansible-tmp-1536844193.91-149423054827561/source",
"state": "file",
"uid": 0
}
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
127.0.0.1 | SUCCESS => {
"changed": true,
"checksum": "605c9fa9907b29503e55e10a40e5edf313dda056",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "8877086180b43853c86af1d55989a0b6",
"mode": "0755",
"owner": "root",
"size": 39,
"src": "/root/.ansible/tmp/ansible-tmp-1536844193.91-3493264441468/source",
"state": "file",
"uid": 0
}
[[email protected] ~]# ls /tmp/ |grep test
test.sh //拷貝成功
到lzx1上檢視
[[email protected] ~]# ls /tmp/ |grep test
ansible_test
test.sh //拷貝成功
- 執行指令碼:
[[email protected] ~]# ansible testhost -m shell -a "/tmp/test.sh" //shell表示shell模組
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS | rc=0 >>
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
127.0.0.1 | SUCCESS | rc=0 >>
- 檢視結果:
[[email protected] ~]# cat /tmp/123.txt
Thu Sep 13 09:15:17 EDT 2018
lzx1上檢視
[[email protected] ~]# cat /tmp/123.txt
Thu Sep 13 09:15:12 EDT 2018
shell模組除了支援執行指令碼之外,還可以帶管道,而command模組不支援帶管道。
- 使用command模組測試:
[[email protected] ~]# ansible testhost -m command -a "cat /etc/passwd|wc -l"
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | FAILED | rc=1 >>
cat: invalid option -- 'l'
Try 'cat --help' for more information.non-zero return code
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
127.0.0.1 | FAILED | rc=1 >>
cat: invalid option -- 'l'
Try 'cat --help' for more information.non-zero return code
- 使用shell模組測試:
[[email protected] ~]# ansible testhost -m shell -a "cat /etc/passwd|wc -l"
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
127.0.0.1 | SUCCESS | rc=0 >>
22
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS | rc=0 >>
23
管理任務計劃
ansible用來管理任務計劃的模組是cron。
- 建立任務計劃:
[[email protected] ~]# ansible lzx1 -m cron -a "name='test cron' job='/bin/touch /tmp/aaa.txt' weekday=6" //建立任務計劃,name指定任務計劃名;job指定任務計劃具體操作;weedday指定任務計劃執行日期,有對應分時日月周
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test corn"
]
}
帶lzx1上檢視
[[email protected] ~]# crontab -l
#Ansible: test cron //這一行不能改動,否則管理時會出錯
* * * * 6 /bin/touch /tmp/aaa.txt //建立成功,與上面一一對應
- 刪除任務計劃:
[[email protected] ~]# ansible lzx1 -m cron -a "name='test cron' state=absent" //刪除任務計劃
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS => {
"changed": true, //需要注意這個有可能是false,這時就表明沒有發生變化
"envs": [],
"jobs": []
}
到lzx1上檢視
[[email protected] ~]# crontab -l
[[email protected] ~]# //沒有任務計劃
其他的時間表示:
分鐘 minute 小時 hour 日期 day 月份 month
安裝包和管理服務
ansible安裝包使用的是yum模組,管理服務的是service模組。
- 安裝包:
[[email protected] ~]# ansible testhost -m yum -a "name=httpd" //給lzx1安裝httpd
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.cn99.com\n * epel: mirror01.idc.hinet.net\n * extras: mirrors.cn99.com\n * updates: mirrors.shu.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-80.el7.centos.1 will be installed\n--> Processing Dependency: httpd-tools = 2.4.6-80.el7.centos.1 for package: httpd-2.4.6-80.el7.centos.1.x86_64\n--> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-80.el7.centos.1.x86_64\n--> Running transaction check\n---> Package httpd-tools.x86_64 0:2.4.6-80.el7.centos.1 will be installed\n---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n httpd x86_64 2.4.6-80.el7.centos.1 updates 2.7 M\nInstalling for dependencies:\n httpd-tools x86_64 2.4.6-80.el7.centos.1 updates 90 k\n mailcap noarch 2.1.41-2.el7 base 31 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package (+2 Dependent packages)\n\nTotal download size: 2.8 M\nInstalled size: 9.6 M\nDownloading packages:\n--------------------------------------------------------------------------------\nTotal 1.1 MB/s | 2.8 MB 00:02 \nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : httpd-tools-2.4.6-80.el7.centos.1.x86_64 1/3 \n Installing : mailcap-2.1.41-2.el7.noarch 2/3 \n Installing : httpd-2.4.6-80.el7.centos.1.x86_64 3/3 \n Verifying : mailcap-2.1.41-2.el7.noarch 1/3 \n Verifying : httpd-tools-2.4.6-80.el7.centos.1.x86_64 2/3 \n Verifying : httpd-2.4.6-80.el7.centos.1.x86_64 3/3 \n\nInstalled:\n httpd.x86_64 0:2.4.6-80.el7.centos.1 \n\nDependency Installed:\n httpd-tools.x86_64 0:2.4.6-80.el7.centos.1 mailcap.noarch 0:2.1.41-2.el7 \n\nComplete!\n"
]
}
到lzx1上檢視:
[[email protected] ~]# rpm -qa |grep httpd
httpd-tools-2.4.6-80.el7.centos.1.x86_64
httpd-2.4.6-80.el7.centos.1.x86_64 //版本與上面安裝的一致
- 解除安裝包:
[[email protected] ~]# ansible lzx1 -m yum -a "name=httpd state=removed" //解除安裝lzx1上面的httpd
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror\nResolving Dependencies\n--> Running transaction check\n---> Package httpd.x86_64 0:2.4.6-80.el7.centos.1 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n httpd x86_64 2.4.6-80.el7.centos.1 @updates 9.4 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package\n\nInstalled size: 9.4 M\nDownloading packages:\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Erasing : httpd-2.4.6-80.el7.centos.1.x86_64 1/1 \n Verifying : httpd-2.4.6-80.el7.centos.1.x86_64 1/1 \n\nRemoved:\n httpd.x86_64 0:2.4.6-80.el7.centos.1 \n\nComplete!\n"
]
}
到lzx1上檢視:
[[email protected] ~]# rpm -qa |grep httpd
httpd-tools-2.4.6-80.el7.centos.1.x86_64 //httpd已經被解除安裝
- 啟動服務:
[[email protected] ~]# ansible lzx1 -m yum -a "name=httpd" //為了測試下面啟動服務再次給lzxx1裝上httpd
[[email protected] ~]# ansible lzx1 -m service -a "name=httpd state=started enabled=yes" //給lzx1啟動httpd服務,並且設定為開機啟動
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
lzx1 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "-.mount basic.target system.slice systemd-journald.socket network.target remote-fs.target nss-lookup.target tmp.mount",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
"BlockIOAccounting": "no",
"BlockIOWeight": "18446744073709551615",
"CPUAccounting": "no",
"CPUQuotaPerSecUSec": "infinity",
"CPUSchedulingPolicy": "0",
"CPUSchedulingPriority": "0",
"CPUSchedulingResetOnFork": "no",
"CPUShares": "18446744073709551615",
"CanIsolate": "no",
"CanReload": "yes",
"CanStart": "yes",
"CanStop": "yes",
"CapabilityBoundingSet": "18446744073709551615",
"ConditionResult": "no",
"ConditionTimestampMonotonic": "0",
"Conflicts": "shutdown.target",
"ControlPID": "0",
"DefaultDependencies": "yes",
"Delegate": "no",
"Description": "The Apache HTTP Server",
"DevicePolicy": "auto",
"Documentation": "man:httpd(8) man:apachectl(8)",
"EnvironmentFile": "/etc/sysconfig/httpd (ignore_errors=no)",
"ExecMainCode": "0",
"ExecMainExitTimestampMonotonic": "0",
"ExecMainPID": "0",
"ExecMainStartTimestampMonotonic": "0",
"ExecMainStatus": "0",
"ExecReload": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -k graceful ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStart": "{ path=/usr/sbin/httpd ; argv[]=/usr/sbin/httpd $OPTIONS -DFOREGROUND ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"ExecStop": "{ path=/bin/kill ; argv[]=/bin/kill -WINCH ${MAINPID} ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }",
"FailureAction": "none",
"FileDescriptorStoreMax": "0",
"FragmentPath": "/usr/lib/systemd/system/httpd.service",
"GuessMainPID": "yes",
"IOScheduling": "0",
"Id": "httpd.service",
"IgnoreOnIsolate": "no",
"IgnoreOnSnapshot": "no",
"IgnoreSIGPIPE": "yes",
"InactiveEnterTimestampMonotonic": "0",
"InactiveExitTimestampMonotonic": "0",
"JobTimeoutAction": "none",
"JobTimeoutUSec": "0",
"KillMode": "control-group",
"KillSignal": "18",
"LimitAS": "18446744073709551615",
"LimitCORE": "18446744073709551615",
"LimitCPU": "18446744073709551615",
"LimitDATA": "18446744073709551615",
"LimitFSIZE": "18446744073709551615",
"LimitLOCKS": "18446744073709551615",
"LimitMEMLOCK": "65536",
"LimitMSGQUEUE": "819200",
"LimitNICE": "0",
"LimitNOFILE": "4096",
"LimitNPROC": "3828",
"LimitRSS": "18446744073709551615",
"LimitRTPRIO": "0",
"LimitRTTIME": "18446744073709551615",
"LimitSIGPENDING": "3828",
"LimitSTACK": "18446744073709551615",
"LoadState": "loaded",
"MainPID": "0",
"MemoryAccounting": "no",
"MemoryCurrent": "18446744073709551615",
"MemoryLimit": "18446744073709551615",
"MountFlags": "0",
"Names": "httpd.service",
"NeedDaemonReload": "no",
"Nice": "0",
"NoNewPrivileges": "no",
"NonBlocking": "no",
"NotifyAccess": "main",
"OOMScoreAdjust": "0",
"OnFailureJobMode": "replace",
"PermissionsStartOnly": "no",
"PrivateDevices": "no",
"PrivateNetwork": "no",
"PrivateTmp": "yes",
"ProtectHome": "no",
"ProtectSystem": "no",
"RefuseManualStart": "no",
"RefuseManualStop": "no",
"RemainAfterExit": "no",
"Requires": "basic.target -.mount",
"RequiresMountsFor": "/var/tmp",
"Restart": "no",
"RestartUSec": "100ms",
"Result": "success",
"RootDirectoryStartOnly": "no",
"RuntimeDirectoryMode": "0755",
"SameProcessGroup": "no",
"SecureBits": "0",
"SendSIGHUP": "no",
"SendSIGKILL": "yes",
"Slice": "system.slice",
"StandardError": "inherit",
"StandardInput": "null",
"StandardOutput": "journal",
"StartLimitAction": "none",
"StartLimitBurst": "5",
"StartLimitInterval": "10000000",
"StartupBlockIOWeight": "18446744073709551615",
"StartupCPUShares": "18446744073709551615",
"StatusErrno": "0",
"StopWhenUnneeded": "no",
"SubState": "dead",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TasksAccounting": "no",
"TasksCurrent": "18446744073709551615",
"TasksMax": "18446744073709551615",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "disabled",
"Wants": "system.slice",
"WatchdogTimestampMonotonic": "0",
"WatchdogUSec": "0"
}
}
到lzx1上檢視:
[[email protected] ~]# ps aux |grep httpd
root 1345 0.0 0.4 221972 4972 ? Ss 09:05 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1346 0.0 0.2 221972 2964 ? S 09:05 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1347 0.0 0.2 221972 2964 ? S 09:05 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1348 0.0 0.2 221972 2964 ? S 09:05 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1349 0.0 0.2 221972 2964 ? S 09:05 0:00 /usr/sbin/httpd -DFOREGROUND
apache 1351 0.0 0.2 221972 2964 ? S 09:05 0:00 /usr/sbin/httpd -DFOREGROUND
root 1362 0.0 0.0 112704 972 pts/0 R+ 09:07 0:00 grep --color=auto httpd //httpd服務已經啟動
[[email protected] ~]# systemctl list-unit-files |grep httpd //centos7上檢視開機啟動項
httpd.service enabled //httpd服務已經開機啟動
- 列出ansible的所有模組:
[[email protected] ~]# ansible-doc -l //列出ansible的所有模組,太多,不一一列舉
- 檢視某個模組的文件:
[[email protected] ~]# ansible-doc service //檢視service模組的文件
> SERVICE (/usr/lib/python2.7/site-packages/ansible/modules/system/service.py)
Controls services on remote hosts. Supported init systems include BSD init,
OpenRC, SysV, Solaris SMF, systemd, upstart. For Windows targets, use the
[win_service] module instead.
* note: This module has a corresponding action plugin.
OPTIONS (= is mandatory):
- arguments
Additional arguments provided on the command line
(Aliases: args)[Default: (null)]
- enabled
Whether the service should start on boot. *At least one of state and enabled
are required.*
[Default: (null)]
type: bool
= name
Name of the service.
- pattern
If the service does not respond to the status command, name a substring to
look for as would be found in the output of the `ps' command as a stand-in for
a status result. If the string is found, the service will be assumed to be
running.
[Default: (null)]
version_added: 0.7
- runlevel
For OpenRC init scripts (ex: Gentoo) only. The runlevel that this service
belongs to.
[Default: default]
- sleep
If the service is being `restarted' then sleep this many seconds between the
stop and start command. This helps to workaround badly behaving init scripts
that exit immediately after signaling a process to stop.
[Default: (null)]
version_added: 1.3
- state
`started'/`stopped' are idempotent actions that will not run commands unless
necessary. `restarted' will always bounce the service. `reloaded' will
always reload. *At least one of state and enabled are required.* Note that
reloaded will start the service if it is not already started, even if your
chosen init system wouldn't normally.
(Choices: reloaded, restarted, running, started, stopped)[Default: (null)]
- use
The service module actually uses system specific modules, normally through
auto detection, this setting can force a specific module.
Normally it uses the value of the 'ansible_service_mgr' fact and falls back to
the old 'service' module when none matching is found.
[Default: auto]
version_added: 2.2
NOTES:
* For Windows targets, use the [win_service] module instead.
AUTHOR: Ansible Core Team, Michael DeHaan
METADATA:
status:
- stableinterface
supported_by: core
EXAMPLES:
- name: Start service httpd, if not running
service:
name: httpd
state: started
- name: Stop service httpd, if running
service:
name: httpd
state: stopped
- name: Restart service httpd, in all cases
service:
name: httpd
state: restarted
- name: Reload service httpd, in all cases
service:
name: httpd
state: reloaded
- name: Enable service httpd, and not touch the running state
service:
name: httpd
enabled: yes
- name: Start service foo, based on running process /usr/bin/foo
service:
name: foo
pattern: /usr/bin/foo
state: started
- name: Restart network service for interface eth0
service:
name: network
state: restarted
args: eth0
使用ansible playbook
playbook相當於把模組寫入到配置檔案裡面,這樣就避免我們在命令列下頻繁地敲命令。
- 編輯一個簡單的playbook:
[[email protected] ~]# cd /etc/ansible/
[[email protected] ansible]# vim test.yml //寫入下面內容,playbook以.yml作為字尾名,注意空格
--- //表示開頭,不可忽略
- hosts: lzx1 //指定針對哪些主機操作,多個主機用逗號分隔,也可以使用主機組
remote_user: root //指定執行使用者
tasks: //指定任務
- name: test_playbook //描述任務,後面執行過程中會顯示出來
shell: touch /tmp/lzxlzx.txt //具體任務內容,shell表示shell模組
- 執行上面的playbook:
[[email protected] ansible]# ansible-playbook test.yml //執行playbook
PLAY [lzx1] ************************************************************************************************
TASK [Gathering Facts] *************************************************************************************
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
ok: [lzx1]
TASK [test_playbook] ***************************************************************************************
[WARNING]: Consider using the file module with state=touch rather than running touch. If you need to use //這裡提示使用playbook不如使用file module的state=touch選項
command because file is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
changed: [lzx1]
PLAY RECAP *************************************************************************************************
lzx1 : ok=2 changed=1 unreachable=0 failed=0 //執行成功
到lzx1上檢視:
[[email protected] ~]# ls -lt /tmp/lzxlzx.txt
-rw-r--r-- 1 root root 0 Sep 18 09:33 /tmp/lzxlzx.txt //檔案已生成
playbook中的變數
- 編輯一個建立使用者的playbook:
[[email protected] ansible]# vim create_user.yml //寫入下面內容,注意空格
---
- name: create_user //作用描述,後面執行過程中會顯示出來
hosts: lzx1 //指定執行主機
user: root //指定執行使用者
gather_facts: false //gather_facts指定在下面任務執行前是否執行setup模組獲取主機相關資訊,false表示不獲取
vars: //指定變數
- user: "test" //定義了user變數
tasks: //指定任務
- name: create user //描述任務
user: name= "{{ user }}" //變數名要用引號括起來;user指定呼叫user模組,name是user模組裡面的引數,增加的使用者名稱字呼叫了上面user變數的值
- 執行上面的playbook:
[[email protected] ansible]# ansible-playbook create_user.yml
PLAY [create_user] *****************************************************************************************
TASK [create user] *****************************************************************************************
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
ok: [lzx1]
changed: [lzx1]
PLAY RECAP *************************************************************************************************
lzx1 : ok=1 changed=1 unreachable=0 failed=0 //表示執行成功
到lzx1上檢視:
[[email protected] ~]# tail /etc/passwd
polkitd:x:999:997:User for polkitd:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
admin:x:1000:1000:admin:/home/admin:/bin/bash
mongod:x:997:995:mongod:/var/lib/mongo:/bin/false
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
git:x:1001:1001::/home/git:/usr/bin/git-shell
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
test:x:1002:1002::/home/test:/bin/bash //這裡說明有test使用者
playbook中的迴圈
- 編輯一個帶迴圈的playbook:
[[email protected] ansible]# vim while.yml //寫入下面內容,注意空格
---
- hosts: lzx1
user: root
tasks:
- name: change mode for files //描述人物
file: path=/tmp/{{ item }} state=touch mode=600 //使用file模組,指定路徑和要操作的檔名和許可權;state=touch 建立檔案;items為變數名
with_items:
- 1.txt
- 2.txt
- 3.txt
- 執行上面的playbook:
[[email protected] ansible]# ansible-playbook while.yml
PLAY [lzx1] ************************************************************************************************
TASK [Gathering Facts] ************************************************************************************* //Gathering Facts表示在收集資訊,不禁掉會自動收集資訊
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
ok: [lzx1]
TASK [change mode for files] *******************************************************************************
changed: [lzx1] => (item=1.txt)
changed: [lzx1] => (item=2.txt)
changed: [lzx1] => (item=3.txt)
PLAY RECAP *************************************************************************************************
lzx1 : ok=2 changed=1 unreachable=0 failed=0
到lzx1上檢視
[[email protected] ~]# ls -l /tmp/
total 12
-rw-r--r-- 1 root root 29 Sep 13 09:15 123.txt
-rw------- 1 root root 0 Sep 20 08:18 1.txt
-rw------- 1 root root 0 Sep 20 08:18 2.txt
-rw------- 1 root root 0 Sep 20 08:18 3.txt //這裡有剛剛建立的檔案,並且許可權均為600
drwx------ 2 root root 61 Sep 18 08:50 ansible_KZIszY
drwxr-xr-x 3 root root 21 Sep 13 08:51 ansible_test
-rw-r--r-- 1 root root 0 Sep 18 09:33 lzxlzx.txt
srwx------ 1 mongod mongod 0 Sep 20 07:23 mongodb-27019.sock
-rwxr-xr-x 1 root root 1042 Sep 13 09:00 passwd
drwx------ 3 root root 17 Sep 20 07:20 systemd-private-3f6f6b8540bb4821baa29cc8d067029b-chronyd.service-ATfvsa
drwx------ 3 root root 17 Sep 20 07:21 systemd-private-3f6f6b8540bb4821baa29cc8d067029b-httpd.service-B5HtVK
drwx------ 3 root root 17 Sep 20 07:20 systemd-private-3f6f6b8540bb4821baa29cc8d067029b-systemd-hostnamed.service-sfZTSG
drwx------ 3 root root 17 Sep 20 07:23 systemd-private-48497924bb434b52bc8db3b05c607623-chronyd.service-cFxvoE
drwx------ 3 root root 17 Sep 20 07:23 systemd-private-48497924bb434b52bc8db3b05c607623-httpd.service-PGzvnW
drwx------ 3 root root 17 Sep 13 08:41 systemd-private-c40d86d5546d46c68cbb031445b13d64-chronyd.service-LsRxBQ
playbook中的條件判斷
- 編輯一個帶條件判斷的playbook:
[[email protected] ansible]# vim when.yml //寫入下面內容,注意空格
---
- hosts: testhost //這裡如果單獨指定某一臺機器,那判斷條件就失效了
user: root
gather_facts: True //這裡表示收集資訊,不加這行預設也表示收集資訊
tasks:
- name: use when
shell: touch /tmp/when.txt
when: ansible_ens33.ipv4.address == "192.168.100.160" //when模組,代表條件判斷,這裡判斷的內容是在gather_facts收集的資訊裡
- 執行上面的playbook:
[[email protected] ansible]# ansible-playbook when.yml
PLAY [testhost] ********************************************************************************************
TASK [Gathering Facts] *************************************************************************************
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
ok: [lzx1]
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
ok: [127.0.0.1]
TASK [use when] ********************************************************************************************
skipping: [127.0.0.1]
[WARNING]: Consider using the file module with state=touch rather than running touch. If you need to use
command because file is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
changed: [lzx1]
PLAY RECAP *************************************************************************************************
127.0.0.1 : ok=1 changed=0 unreachable=0 failed=0
lzx1 : ok=2 changed=1 unreachable=0 failed=0 //lzx未發生變化,lzx1發生了變化
到lzx1上檢視
[[email protected] ~]# ls -l /tmp/
total 12
-rw-r--r-- 1 root root 29 Sep 13 09:15 123.txt
-rw------- 1 root root 0 Sep 20 08:18 1.txt
-rw------- 1 root root 0 Sep 20 08:18 2.txt
-rw------- 1 root root 0 Sep 20 08:18 3.txt
drwx------ 2 root root 61 Sep 18 08:50 ansible_KZIszY
drwxr-xr-x 3 root root 21 Sep 13 08:51 ansible_test
-rw-r--r-- 1 root root 0 Sep 18 09:33 lzxlzx.txt
srwx------ 1 mongod mongod 0 Sep 20 07:23 mongodb-27019.sock
-rwxr-xr-x 1 root root 1042 Sep 13 09:00 passwd
drwx------ 3 root root 17 Sep 20 07:20 systemd-private-3f6f6b8540bb4821baa29cc8d067029b-chronyd.service-ATfvsa
drwx------ 3 root root 17 Sep 20 07:21 systemd-private-3f6f6b8540bb4821baa29cc8d067029b-httpd.service-B5HtVK
drwx------ 3 root root 17 Sep 20 07:20 systemd-private-3f6f6b8540bb4821baa29cc8d067029b-systemd-hostnamed.service-sfZTSG
drwx------ 3 root root 17 Sep 20 07:23 systemd-private-48497924bb434b52bc8db3b05c607623-chronyd.service-cFxvoE
drwx------ 3 root root 17 Sep 20 07:23 systemd-private-48497924bb434b52bc8db3b05c607623-httpd.service-PGzvnW
drwx------ 3 root root 17 Sep 13 08:41 systemd-private-c40d86d5546d46c68cbb031445b13d64-chronyd.service-LsRxBQ
-rwxr-xr-x 1 root root 39 Sep 13 09:10 test.sh
-rw-r--r-- 1 root root 0 Sep 20 08:40 when.txt //多了when.txt檔案
playbook中的handlers
我們在命令列下,經常會用到這樣的命令:command1 && command2,這表示command1執行成功後才執行command2,command1若執行失敗,則不執行command2。
playbook中,handlers就類似與符號 && ,起到與它一致的作用。 經常用於在執行task之後,伺服器發生變化之後要執行的一些操作。比如在修改了配置檔案後,需要重啟一下服務。
- 編輯一個帶handlers的playbook:
[[email protected] ansible]# vim hand.yml //寫入下面內容,注意空格
---
- name: handlers test
hosts: lzx1
user: root
tasks:
- name: copy file
copy: src=/etc/passwd dest=/tmp/aaa.txt //copy模組;src表示原始檔,dest表示目標檔案
notify: test handlers //與handlers關聯,表示接下來要執行handlers,後面指定handlers名字
handlers:
- name: test handlers //定義handlers名字
shell: echo "111111" >> /tmp/aaa.txt //shell模組,執行後面具體操作
- 執行上面的playbook:
[[email protected] ansible]# ansible-playbook hand.yml
PLAY [handlers test] ***************************************************************************************
TASK [Gathering Facts] *************************************************************************************
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
ok: [lzx1]
TASK [copy file] *******************************************************************************************
changed: [lzx1]
RUNNING HANDLER [test handlers] ****************************************************************************
changed: [lzx1]
PLAY RECAP *************************************************************************************************
lzx1 : ok=3 changed=2 unreachable=0 failed=0
到lzx1上檢視
[[email protected] ~]# tail /tmp/aaa.txt
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:997:User for polkitd:/:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
admin:x:1000:1000:admin:/home/admin:/bin/bash
mongod:x:997:995:mongod:/var/lib/mongo:/bin/false
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
111111 //說明上面handlers執行成功
需要注意的是,上面如果目標檔案不存在,則copy時會失敗,進而也不會執行後面的handlers
playbook安裝nginx
在學習了playbook的這些用法後,接下來我們嘗試通過playbook去原始碼安裝nginx。
首先在一臺機器上編譯安裝好nginx、打包,然後再用ansible去分發。
- 建立管理目錄:
[[email protected]]# mkdir nginx_install //建立nginx安裝管理目錄
[[email protected] ansible]# cd nginx_install/
[[email protected] nginx_install]# mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars} //級聯建立目錄
[[email protected] nginx_install]# ls
roles
[[email protected] nginx_install]# ls roles/
common install
[[email protected] nginx_install]# ls roles/common/
files handlers meta tasks templates vars
[[email protected] nginx_install]# ls roles/install/
files handlers meta tasks templates vars
files存放安裝檔案,handler存放handlers檔案,meta存放說明資訊、說明角色依賴等資訊,tasks存放核心配置檔案,templates存放配置檔案、啟動指令碼等模板檔案,vars存放定義的變數
如果機器沒有安裝nginx,需要先安裝好才能進行下一步,nginx的安裝步驟請參考這裡:https://blog.csdn.net/miss1181248983/article/details/80890649l ,可以先安裝好pcre-devel和zlib-devel依賴包,否則初始化會報錯,這裡就不再贅述。
- 打包nginx:
[[email protected] nginx_install]# ls /usr/local/nginx/ //nginx程式主目錄
client_body_temp conf fastcgi_temp html logs proxy_temp sbin scgi_temp uwsgi_temp
[[email protected] nginx_install]# ls /etc/init.d/nginx //nginx啟動指令碼
/etc/init.d/nginx
[[email protected] nginx_install]# ls /usr/local/nginx/conf/nginx.conf //nginx配置檔案
/usr/local/nginx/conf/nginx.conf
[[email protected] nginx_install]# cd /usr/local/
[[email protected] local]# tar czvf nginx.tar.gz --exlude "nginx.conf" --exclude "vhost" nginx/ //打包程式主目錄,除配置檔案和虛擬主機目錄外
nginx/
nginx/sbin/
nginx/sbin/nginx
nginx/conf/
nginx/conf/koi-win
nginx/conf/koi-utf
nginx/conf/win-utf
nginx/conf/mime.types
nginx/conf/mime.types.default
nginx/conf/fastcgi_params
nginx/conf/fastcgi_params.default
nginx/conf/fastcgi.conf
nginx/conf/fastcgi.conf.default
nginx/conf/uwsgi_params
nginx/conf/uwsgi_params.default
nginx/conf/scgi_params
nginx/conf/scgi_params.default
nginx/conf/nginx.conf.default
nginx/logs/
nginx/logs/error.log
nginx/logs/nginx.pid
nginx/logs/nginx_error.log
nginx/logs/access.log
nginx/html/
nginx/html/50x.html
nginx/html/index.html
nginx/client_body_temp/
nginx/proxy_temp/
nginx/fastcgi_temp/
nginx/uwsgi_temp/
nginx/scgi_temp/
- 移動打包檔案到ansible中nginx對應的安裝管理目錄中:
[[email protected] local]# mv nginx.tar.gz /etc/ansible/nginx_install/roles/install/files/
[[email protected] local]# cp nginx/conf/nginx.conf /etc/ansible/nginx_install/roles/install/templates/
[[email protected] local]# cp /etc/init.d/nginx /etc/ansible/nginx_install/roles/install/templates/
//將nginx目錄放到files下面,將啟動指令碼和配置檔案放到templates下面
- 定義common目錄下的tasks,nginx是需要一些依賴包:
[[email protected] local]# cd /etc/ansible/nginx_install/roles/common/
[[email protected] common]# ls
files handlers meta tasks templates vars
[[email protected] common]# vim tasks/main.yml //寫入下面內容,注意空格
- name: install initializtion require software
yum: name={{ item }} state=installed //採用迴圈安裝依賴包
with_items:
- pcre-devel
- zlib-devel
- 定義變數:
[[email protected] common]# vim /etc/ansible/nginx_install/roles/install/vars/main.yml //寫入下面內容,注意空格
nginx_user: www
nginx_port: 80
nginx_basedir: /usr/local/nginx //左邊為變數名,右邊為變數的值
- 拷貝需要用到的檔案文件到目標機器:
[[email protected] common]# vim /etc/ansible/nginx_install/roles/install/tasks/copy.yml //寫入下面內容,注意空格
- name: Copy Nginx Software
copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root //copy模組,拷貝nginx.tar.gz;src寫的是相對路徑,這裡它會自動去files目錄查詢對應檔案
- name: Uncompression Nginx Software
shell: tar zxvf /tmp/nginx.tar.gz -C /usr/local //shell模組,用來解壓
- name: Copy Nginx Start Script
template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755 //template模組,拷貝啟動指令碼;src寫的是相對路徑,這裡它會自動去template目錄查詢對應檔案
- name: Copy Nginx Config
template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root mode=0644 //template模組,拷貝配置檔案;src寫的是相對路徑,這裡它會自動去template目錄查詢對應檔案
- 建立使用者,啟動服務,刪除壓縮包:
[[email protected] common]# vim /etc/ansible/nginx_install/roles/install/tasks/install.yml //寫入下面內容,注意空格
- name: Create Nginx User
user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin //user模組,建立nginx使用者,定義shell,之前vars裡面已定義使用者
- name: Start Nginx Service
shell: /etc/init.d/nginx start //shell模組,啟動nginx服務
- name: Add Boot Start Nginx Service
shell: chkconfig --level 345 nginx on //shell模組,將nginx服務加入開機啟動,這裡CentOS7也支援該命令
- name: Delete Nginx compression files
shell: rm -rf /tmp/nginx.tar.gz //shell模組,刪除壓縮包
- 建立main.yml來呼叫copy.yml和install.yml:
[[email protected] common]# vim /etc/ansible/nginx_install/roles/install/tasks/main.yml //寫入下面內容,注意空格
- include: copy.yml
- include: install.yml
- 定義入口配置檔案:
[[email protected] common]# vim /etc/ansible/nginx_install/install.yml //寫入下面內容,注意空格
--- //這裡是總的開頭,上面都是子配置檔案,所以不需要加---,但這裡不可省略
- hosts: lzx1 //通常生產環境下,為一組機器,例如testhost
remote_user: root //定義遠端執行使用者
gather_facts: True //收集資訊
roles:
- common
- install
- 檢視lzx1上是否有/usr/local/nginx目錄:
[[email protected] ~]# ls /usr/local/
bin etc games include lib lib64 libexec sbin share src
[[email protected] ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.100.160:27019 0.0.0.0:* LISTEN 869/mongod
tcp 0 0 127.0.0.1:27019 0.0.0.0:* LISTEN 869/mongod
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 751/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 842/master
tcp6 0 0 :::22 :::* LISTEN 751/sshd
tcp6 0 0 ::1:25 :::* LISTEN 842/master
在執行playbook之前,我們必須要保證目標機器上沒有/usr/local/nginx目錄,沒有安裝nginx。同時,80埠必須沒有佔用,否則執行下面的playbook會報錯。
- 執行入口配置檔案:
[[email protected] common]# ansible-playbook /etc/ansible/nginx_install/install.yml //執行該playbook
PLAY [lzx1] ********************************************************************************************
TASK [Gathering Facts] *********************************************************************************
Enter passphrase for key '/root/.ssh/id_rsa': //輸入生成金鑰時設定的密碼
ok: [lzx1]
TASK [common : install initializtion require software] *************************************************
ok: [lzx1] => (item=[u'pcre-devel', u'zlib-devel'])
TASK [install : Copy Nginx Software] *******************************************************************
ok: [lzx1]
TASK [install : Uncompression Nginx Software] **********************************************************
[WARNING]: Consider using the unarchive module rather than running tar. If you need to use command
because unarchive is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
changed: [lzx1]
TASK [install : Copy Nginx Start Script] ***************************************************************
ok: [lzx1]
TASK [install : Copy Nginx Config] *********************************************************************
ok: [lzx1]
TASK [install : Create Nginx User] *********************************************************************
ok: [lzx1]
TASK [install : Start Nginx Service] *******************************************************************
changed: [lzx1]
TASK [install : Add Boot Start Nginx Service] **********************************************************
changed: [lzx1]
TASK [install : Delete Nginx compression files] ********************************************************
[WARNING]: Consider using the file module with state=absent rather than running rm. If you need to
use command because file is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
changed: [lzx1]
PLAY RECAP *********************************************************************************************
lzx1 : ok=10 changed=4 unreachable=0 failed=0 //執行成功
到lzx1上檢視:
[[email protected] ~]# ps aux |grep nginx
root 2595 0.0 0.0 20556 628 ? Ss 23:33 0:00 nginx: master process /usr/local/ngin/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 2597 0.0 0.3 23044 3212 ? S 23:33 0:00 nginx: worker process
nobody 2598 0.0 0.3 23044 3212 ? S 23:33 0:00 nginx: worker process
root 2724 0.0 0.0 112704 968 pts/0 R+ 23:39 0:00 grep --color=auto nginx
[[email protected] ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.100.160:27019 0.0.0.0:* LISTEN 869/mongod
tcp 0 0 127.0.0.1:27019 0.0.0.0:* LISTEN 869/mongod
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2595/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 751/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 842/master
tcp6 0 0 :::22 :::* LISTEN 751/sshd
tcp6 0 0 ::1:25 :::* LISTEN 842/master
[[email protected] ~]# date
Fri Sep 21 23:40:50 EDT 2018
目標機器lzx1上已經啟動了nginx服務,並監聽了80埠