Ansible自动化运维实践
1、前言
ansible作为自动化运维工具,实现了批量系统配置、批量程序部署、批量运行命令等功能。
2、环境
server2:172.25.69.2(管理结点)
server3:172.25.69.3(从属结点)
server4:172.25.69.4(从属结点)
3、安装并进行连通结点
(1)server2管理结点安装ansible
从官网下载rpm包,并解决依赖性,使用yum命令安装即可
(2)每个结点创建用户并设定密码
(3)server2管理结点登陆创建用户并设定工作目录
su - ansi
mkdir ansible
cp /etc/ansible/ansible.cfg ansible/
cp /etc/ansible/hosts ansible/编辑hosts文件
test组包含server3主机,server组包含server4主机
编辑ansible.cfg文件
设定工作区间为当前目录
(4)设置ssh免密登陆
命令:ssh-keygen
将密钥分发至各个结点
ssh-copy-id server3
ssh-copy-id server4
(5)测试是否连通
命令:ansible all -m ping
(6)复制文件测试分发状况
3、赋予使用ansible用户root权限
(1)修改配置文件
ansible.cfg
(2)每个结点修改用户权限
/etc/sudoers
ansi ALL=(ALL) NOPASSWD:ALL
修改后无需使用source命令加载
(3)测试是否有权限
4、使用ansible安装httpd
(1)修改hosts文件
[test]
server3
[server]
server4
[host]
test
server(2)安装httpd
ansible test -m yum -a "name=httpd state=present #为test组安装httpd
(3)删除httpd
ansible test -m yum -a "name=httpd state=absent" #删除test组的httpd
(4)启动httpd
ansible test -m service -a "name=httpd state=started"
(5)查看httpd状态
ansible test -m service -a "systemctl status httpd"
(6)关闭httpd
ansible test -m service -a "name=httpd state=stoped"
5、使用ansible注册用户(此处的密码设定有问题,需设定字母加数字)
6、使用ansible的playbook模式安装httpd
(1)创建inst_httpd.yml(文件名自定义)
---
- hosts: test
tasks: #任务
- name: install httpd #提示名称
yum: #使用yum
name: httpd #安装内容
state: present #安装版本
- name: copy httpd.conf
copy: #复制功能
src: files/httpd.conf #源文件,当前执行ansibleplaybook主机
dest: /etc/httpd/conf/httpd.conf #目标文件
owner: root #目标文件所属者
group: root #目标文件所属组
mode: 777 #目标文件权限
notify: restart #触发器
- name: copy index.html
copy:
src: files/index.html
dest: /var/www/html/index.html #复制默认发布文件用于测试
- name: start httpd firewalld
service:
name: "{{ item }}" #使用变量从loop从获取
state: started #开启服务
loop:
- httpd
- firewalld
- name: config firewalld #配置防火墙
firewalld:
service: http #防火墙添加服务
permanent: yes
immediate: yes #开启
state: enabled #开机自启动
handlers: #触发器触发内容
- name: restart
service:
name: httpd
state: restarted #重启httpd
- hosts: localhost #测试httpd是否成功开启并能访问
become: no #是否成为root用户进行操作
tasks:
- name: curl http
uri:
url: http://172.25.69.3
status_code: 200
7、使用ansible的playbook模式获取主机信息
(1)使用命令行获取信息
ansible test -m setup
(2)创建变量文件
(3)编写yaml文件
---
- hosts: all
tasks:
- name: get messages
template:
src: templates/file
dest: /tmp/file(4)执行
8、使用ansible的playbook模式安装haproxy实现轮询
访问server2轮询访问server3和server4,server3安装httpd,server4安装nginx
文件名:inst_haproxy
---
- hosts: web
tasks:
- name: install httpd
yum:
name: httpd
state: present
- name: copy httpd.conf
copy:
src: files/httpd.conf
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 777
notify: restart
- name: copy index.html
copy:
content: "{{ ansible_facts['hostname'] }}"
dest: /var/www/html/index.html
- name: start httpd firewalld
service:
name: "{{ item }}"
state: started
loop:
- httpd
- firewalld
- name: config firewalld
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
handlers:
- name: restart
service:
name: httpd
state: restarted
- hosts: localhost
tasks:
- name: install haproxy
yum:
name: haproxy
state: present
- name: configure haproxy
template:
src: templates/haproxy.cfg
dest: /etc/haproxy/haproxy.cfg
notify: restart haproxy
- name: start haproxy
service:
name: haproxy
state: started
handlers:
- name: restart haproxy
service:
name: haproxy
state: restartedtemplate目录下的文件的haproxy配置文件haproxy.cfg
(1)执行脚本
(2)测试
9、使用ansible roles安装httpd
(1)修改配置文件ansible.cfg
(2)新建roles目录
mkdir roles
(3)使用ansible-galaxy创建对象
进入files目录
命令:ansible-galaxy init Apache
(4)在tasts目录下编辑main.yml文件
---
# tasks file for Apache
- name: install httpd
yum:
name: httpd
state: present
- name: copy httpd.conf
template:
src: templates/httpd.conf
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 777
notify: restart
- name: copy index.html
copy:
src: files/index.html
dest: /var/www/html/index.html
- name: start httpd firewalld
service:
name: "{{ item }}"
state: started
loop:
- httpd
- firewalld
- name: config firewalld
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled(5)在handlers目录编辑main.yml
---
- name: restart
service:
name: httpd
state: restarted(6)分别在目录下放置配置文件及默认发布文件
(7)在ansible目录下编辑启动文件
---
- hosts: web
roles:
- Apache (8)启动脚本
10、使用ansible roles安装haproxy
(1)进入roles目录初始化对象
命令:ansible-galaxy init Haproxy
(2)进入tasks目录编辑main.yml文件
---
# tasks file for Haproxy_Apache
- name: install haproxy
yum:
name: haproxy
state: present
- name: configure haproxy
template:
src: templates/haproxy.cfg
dest: /etc/haproxy/haproxy.cfg
notify: restart haproxy
- name: start haproxy
service:
name: haproxy
state: started
handlers/main.yml
---
# handlers file for Haproxy_Apache
- name: restart haproxy
service:
name: haproxy
state: restarted(3)复制haproxy配置文件至templates
(4)ansible目录下设置调度文件
---
- hosts: host #包含sercer3,server4,server5
roles:
- Apache
- hosts: localhost
roles:
- Haproxy
11、使用ansible roles安装keepalived
(1)初始化对象
命令:ansible-galaxy init Keepalived
(2)tasks/main.yml
---
# tasks file for keepalived
- name: install keepalived
yum:
name: keepalived
state: present
- name: configure keepalived
template:
src: keepalived.conf
dest: /etc/keepalived/keepalived.conf
notify: restart keepalived
- name: start keepalived
service:
name: keepalived
state: started(3)handle/main.yml
---
# handlers file for keepalived
- name: restart keepalived
service:
name: keepalived
state: restarted
templates/keepalived.conf(4)template/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state {{ state }}
interface eth0
virtual_router_id {{ vrid }}
priority {{ priority }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.69.69
}
}(5)调度文件
---
- hosts: web
roles:
- Apache
- hosts: keepalived
roles:
- Haproxy
- Keepalivedhosts文件
[web]
server3
server4
server5
[keepalived]
server2 state=MASTER vrid=100 priority=100
server5 state=BACKUP vrid=90 priority=50(6)测试
出现虚拟ip
轮询调度访问
12、使用ansible playbook模块的异常处理
block:
用于捕获语句块的错误
always:无论task状态如何都会执行的语句块
resue:
当出现错误时做的处理
#以下为yml文件
---
- hosts: server2
tasks:
- name: add user test
block:
- debug:
msg: 'i will throw a exception'
command: /bin/false
rescue:
- debug:
msg: 'i catch excep'
always:
- debug:
msg: "ok"
13、使用ansible playbook模块拓展逻辑卷
my_disk.yml
---
- hosts: server2
vars_files:
- storage_vars.yml
tasks:
- name: Create a new primary partition
parted:
device: /dev/vda
number: "{{ item.number }}"
part_start: "{{ item.start }}"
part_end: "{{ item.end }}"
state: present
loop: "{{ partitions }}"
- name: create volume group
lvg:
vg: test_vg
pvs: /dev/vda1
- name: Create a logical volume
lvol:
vg: test_vg
lv: test
size: 100%VG
resizefs: true
force: yes
state: present
# when: test not in ansible_lvm['lvs']
- name: Create a xfs filesystem
filesystem:
fstype: xfs
dev: /dev/test_vg/test
- name: mount lvs
mount:
path: /var/www/html
src: /dev/test_vg/test
fstype: xfs
state: mounted
opts: noatimestorage_vars.yml
---
partitions:
- number: 1
start: 1MiB
end: 1GiB
扫一扫
185
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
