文章目录
架构接上一篇
一.安装部署
[root@base2 ~]# ls
ansible-2.7.8-1.el7.noarch.rpm
ansible-tower-setup-bundle-3.4.2-1.el7.tar.gz
libtomcrypt-1.17-25.el7.x86_64.rpm
libtommath-0.42.0-5.el7.x86_64.rpm
python2-crypto-2.6.1-13.el7.x86_64.rpm
python2-jmespath-0.9.0-1.el7.noarch.rpm
python-httplib2-0.9.2-0.1.el7.noarch.rpm
python-keyczar-0.71c-2.el7.noarch.rpm
python-paramiko-2.1.1-0.9.el7.noarch.rpm
[root@base2 ~]# yum install -y *.rpm
[root@base2 ~]# cd /etc/ansible/
[root@base2 ansible]# ll
total 24
-rw-r--r-- 1 root root 20277 Feb 22 07:04 ansible.cfg # 主配置文件
-rw-r--r-- 1 root root 1016 Feb 22 07:04 hosts # 定义主机变量
drwxr-xr-x 2 root root 6 Feb 22 07:04 roles # 存放角色的文件
#添加主机,我是分组存放主机的
[root@base2 ansible]# vim hosts
[web]
base2
[db]
base3
#我们现在用密码来连接
[root@base2 ansible]# ansible base2 -m ping # -m 调用模块,连接base2
[root@base2 ansible]# ansible base2 -m ping -k # -k表示使用密码
SSH password:
[root@base2 ansible]# ansible base3 -m ping -k
SSH password:
#为了方便,我设置成为免密
[root@base2 ansible]# ssh-copy-id base2 # 建立免密
[root@base2 ansible]# ssh-copy-id base3 # 建立免密
[root@base2 ansible]# ansible base* -m ping # 测试,不需要密码就可以成功
二.用ansible来部署远程服务
1.创建远程用户,并免密
[root@base2 ansible]# ansible all -m user -a "name=lala password=redhat" # 给所有节点创建用户
[root@base3 ~]# id lala # 在远程端查看,用户建立成功
uid=1000(lala) gid=1000(lala) groups=1000(lala)
[root@base3 ~]# cat /etc/shadow | tail -n 1
[root@base2 ansible]# ssh-copy-id lala@base2 # 当我们给普通用户免密时,发现自己设置的密码不能使用
[root@base2 ansible]# passwd lala # 所以我们还需要手动修改密码
[root@base3 ~]# passwd lala # 修改远程主机用户密码
[root@base2 ansible]# ssh-copy-id lala@base2 # 免密成功
同样的cp给base3
[root@base2 ansible]# ansible all -m ping
[root@base2 ansible]# vim /etc/sudoers # 修改普通用户权限
92 lala ALL=(ALL) NOPASSWD: ALL
[root@base3 ~]# vim /etc/sudoers
92 lala ALL=(ALL) NOPASSWD: ALL
注:修改文件时,文件为只读,wq! 退出去即可
[root@base2 ansible]# ansible all -m ping -u lala -b # -b表示切换为超户
[root@base2 ansible]# ansible all -u lala -b -a "hostname"
2. yum模块的使用(为远程主机安装httpd)
[root@base2 ansible]# ansible base3 -u lala -b -m yum -a "name=httpd state=present"
name=httpd # 以普通用户的身份登录远程,并用-b切换为超户
在远程主机base3上查看是否安装成功
[root@base3 ~]# rpm -qa httpd # 远程查看,安装成功
httpd-2.4.6-45.el7.x86_64
在ansible服务端远程开启httpd服务
[root@base2 ansible]# ansible base3 -u lala -b -m service -a "name=httpd state=started" # 远程开启httpd服务
查看远程主机是否开启成功
[root@base3 ~]# netstat -antlp | grep httpd # 查看远程主机,开启成功
修改默认发布目录,方便测试
[root@base2 ansible]# vim index.html
www.westos.org
[root@base2 ansible]# ansible base3 -u lala -b -m copy -a "src=index.html dest=/var/www/html/index.html" # 远程修改默认发布目录
测试:
[root@foundation78 ~]# curl 172.25.78.13 # 测试
www.westos.org
3.安装数据库
[root@base2 ansible]# ansible base3 -m yum -a "name=mariadb-server state=present" # 远程安装数据库
[root@base2 ansible]# ansible base3 -m service -a "name=mariadb state=started" # 开启mysql
[root@base2 ansible]# ansible base3 -m mysql_user -a "name=haha password=westos priv=test.*:ALL state=present" # 授权,执行失败,缺少模块
[root@base2 ansible]# ansible base3 -m yum -a "name=MySQL-python state=present" # 安装模块
[root@base2 ansible]# ansible base3 -m mysql_user -a "name=haha password=westos priv=test.*:ALL state=present" # 重新授权
在远程主机上登录数据库查看
[root@base3 ~]# mysql
MariaDB [(none)]> use mysql
MariaDB [mysql]> select Host,User,Password from user where User="haha";
4.整合模块(以httpd服务为例)
**我们之前的所有模块都是自己一个一个自己加的,这样太麻烦了,所以我们现在用playbooks来整合模块**
[root@base2 ansible]# pwd
/etc/ansible
[root@base2 ansible]# mkdir playbooks
[root@base2 ansible]# cd playbooks/
[root@base2 playbooks]# mkdir httpd
[root@base2 playbooks]# cd httpd/
[root@base2 httpd]# vim httpd.yml # 一定要注意缩进
---
# httpd部署
- hosts: base3
remote_user: root
tasks:
- name: install httpd
yum:
name: httpd
state: present
- name: config httpd
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
[root@base2 httpd]# ansible-playbook httpd.yml --syntax-check # 检测语法
[root@base2 httpd]# ansible-playbook httpd.yml --list-host # 查看主机
[root@base2 httpd]# ansible-playbook httpd.yml --list-task # 查看任务列表
[root@base2 httpd]# scp root@172.25.78.13:/etc/httpd/conf/httpd.conf /etc/ansible/playbooks/httpd/ # 运行文件
[root@base2 httpd]# ansible base3 -m setup # 查看base3上的所有远程信息
检测文件是否被篡改,查到的一样,说明没有被篡改
[root@base2 httpd]# md5sum httpd.conf
f5e7449c0f17bc856e86011cb5d152ba httpd.conf
[root@base3 conf]# md5sum httpd.conf
f5e7449c0f17bc856e86011cb5d152ba httpd.conf
[root@base2 httpd]# ansible-playbook httpd.yml --start-at-task="start httpd" # 指定任务执行,仅仅执行了安装的任务
[root@base2 httpd]# vim httpd.conf # 修改端口号
42 Listen 8080
[root@base2 httpd]# md5sum httpd.conf # 检测到文件被篡改
04e9239e7bd5d5b9b85864226d60eee5 httpd.conf
[root@base2 httpd]# ansible-playbook httpd.yml # 执行文件
在远程客户端查看,端口修改成功
[root@base3 conf]# netstat -antlp | grep httpd
四.jinja模块的使用
修改端口:
第一种方法:
[root@base2 httpd]# mv httpd.conf httpd.conf.j2 # j2=jinja2
[root@base2 httpd]# vim httpd.conf.j2
42 Listen {{ http_port }} # 调用端口变量
[root@base2 httpd]# vim httpd.yml
—
# httpd部署
- hosts: base3
vars:
http_port: 80 # 传入变量,这个变量会自动被识别
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: config httpd
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
[root@base2 httpd]# ansible-playbook httpd.yml --syntax-check
[root@base2 httpd]# ansible-playbook httpd.yml # 执行成功
在远程客户端查看
[root@base3 conf]# netstat -antlp | grep 80 # 查看端口,修改成功
第二种方法:
[root@base2 httpd]# vim /etc/ansible/hosts
[web]
base2 http_port=8080
[db]
base3
[root@base2 httpd]# vim httpd.yml
# httpd部署
- hosts: all
vars:
http_port: 80
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: config httpd
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
[root@base2 httpd]# netstat -antlp | grep 8080
[root@base2 httpd]# netstat -antlp | grep 80
如上效果显示,我们设置的8080端口没有生效,因为httpd.yml文件的优先级比hosts文件的优先级高,所以我们设定的端口并没有生效,我们可以换一种方法来实现
[root@base2 httpd]# pwd
/etc/ansible/playbooks/httpd
[root@base2 httpd]# vim /etc/ansible/hosts
[web]
base2 http_port=8080
[db]
base3 http_port=80
[root@base2 httpd]# vim httpd.yml
---
# httpd部署
- hosts: all
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: config httpd
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
[root@base2 httpd]# ansible-playbook httpd.yml --syntax-check
[root@base2 httpd]# ansible-playbook httpd.yml
[root@base2 httpd]# netstat -antlp | grep 8080 # 端口修改成功
第三种方法(识别ip来修改端口):
[root@base2 httpd]# vim httpd.conf.j2
42 Listen {{ http_host }}:{{ http_port}} # 调用ip和端口变量
[root@base2 httpd]# vim /etc/ansible/hosts
[web]
base2 http_host=172.25.78.12
[db]
base3 http_host=172.25.78.13
[webserver:children]
web
db
[webserver:vars]
http_port=80
[root@base2 httpd]# vim httpd.yml
---
# httpd部署
- hosts: all
vars:
http_port: 80
remote_user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: config httpd
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
[root@base2 httpd]# ansible-playbook httpd.yml --syntax-check
[root@base2 httpd]# ansible-playbook httpd.yml
查看两台主机端口是否都修改成功
[root@base2 httpd]# netstat -antlp | grep httpd
[root@base3 ~]# netstat -antlp | grep httpd
扫一扫
480
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
