标签:cti amp play int index hostname ssh 多个 ifconf
PlayBook即"剧本","兵书"之意,PlayBook是由以下部分组成的
play: 定义的是主机的角色。(主角还是配角)
task: 定义的是具体执行的任务。(角色的台词和动作)
playbook: 由一个或多个play(角色)组成,一个play(角色)可以包含多个task(台词,动作)。
简单理解为: 使用不同的模块完成一件事
# 写playbook:yaml
# 在Ansible中"剧本文件"是以yml结尾的文件。
# 在SaltStack中"剧本文件"是以sls结尾的文件。
# 但是语法,使用的都是yaml语法
| 语法 | 描述 |
|---|---|
| 缩进 | YAML使用固定的缩进风格表示层级结构,每个缩进由两个空格组成, 不能使用TAB |
| 冒号 | 以冒号结尾的除外,其他所有冒号后面所有必须有空格 |
| 短横线 | 表示列表项,使用一个短横杠加一个空格,多个项使用同样的缩进级别作 |
host:对哪些主机进行操作(演员)
remote_user:使用什么用户执行(通行证)
tasks:具体执行任务(台词和动作)
示例:
[root@m01 ~]# cat foo.yml
---
- hosts: all
remote_user: root
vars:
file_name: zls.txt
tasks:
- name: Create New File
file: name=/tmp/{{ file_name }} state=touch
[root@m01 ~]# vim rsync_install.yml
- hosts: web_group
tasks:
- name: Install Httpd Server
yum:
name: httpd
state: present
- name: Start Httpd Server
service:
name: httpd
state: started
## 检测playbook的语法
[root@m01 ~]# ansible-playbook --syntax-check rsync_install.yml
## 执行playbook
[root@m01 ~]# ansible-playbook rsync_install.yml
## 执行之前,可以先测试一下playbook
[root@m01 ~]# ansible-playbook -C rsync_install.yml
# 1.安装httpd
yum install -y httpd
# 2.创建默认页面
echo ‘zls_web_page‘ > /var/www/html/index.html
# 3.启动httpd服务
systemctl start httpd
[root@m01 ~]# vim httpd.yml
- hosts: web_group
tasks:
- name: Install httpd
yum:
name: httpd
state: present
- name: Create Default Web Page
copy:
content: zls_web_page
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
- name: Start httpd Server
service:
name: httpd
state: restarted
enabled: true
[root@m01 ~]# ansible-playbook --syntax-check httpd.yml
playbook: httpd.yml
[root@m01 ~]# ansible-playbook httpd.yml
以上都是单个play
[root@m01 ~]# vim httpd.yml
- hosts: webs
tasks:
- name: Install httpd
yum:
name: httpd
state: present
- name: Start httpd Server
service:
name: httpd
state: started
enabled: true
- hosts: webs
tasks:
- name: Create Default Web01 Page
copy:
content: wbs_{{ ansible_fqdn }}_{{ ansible_default_ipv4[‘address‘] }}page
dest: /var/www/html/index.html
owner: root
group: root
mode: 0644
[root@m01 ~]# ansible-playbook --syntax-check httpd.yml
playbook: httpd.yml
[root@m01 ~]# ansible-playbook httpd.yml
| 主机名 | wanIP | lanIP | 服务 | 角色 |
|---|---|---|---|---|
| m01 | 10.0.0.61 | 172.16.1.61 | ansible | 控制端 |
| backup | 10.0.0.41 | 172.16.1.41 | rsync服务端 | 被控端 |
| web01 | 10.0.0.7 | 172.16.1.7 | rsync客户端 | 被控端 |
| web02 | 10.0.0.8 | 172.16.1.8 | rsync客户端 | 被控端 |
## m01安装ansible
[root@m01 ~]# yum install -y ansible
## 修改配置文件
[root@m01 ~]# vim /etc/ansible/ansible.cfg
...
host_key_checking = False
...
## 1.发送公钥
#!/bin/bash
for i in 7 8 41 61;do
sshpass -p 1 ssh-copy-id -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@172.16.1.$i
done
## 主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
[backup_group]
backup ansible_ssh_host=10.0.0.41
[install_rsync:children]
web_group
backup_group
## 1.安装rsync,web01,web02,backup
## 2.只有backup配置rsync
## 3.只有backup创建密码文件
## 4.web01,web02,backup创建备份目录
## 5.只有backup 启动rsync
## 6.开启防火墙和873端口
## 7.推送脚本到web上
## 8.写定时任务执行脚本
- hosts: install_rsync
tasks:
- name: Install Rsync Server
yum:
name: rsync
state: present
- name: Create backup Directory
file:
path: /backup
onwner: root
group: root
mode: 755
state: directory
- name: Start Firewalld
service:
name: firewalld
state: started
- name: Open 873 Port
firewalld:
port: 873/tcp
state: enabled
permanent: no
- hosts: backup
tasks:
- name: Configure Rsync conf
copy:
src: /root/ansible/rsync/rsyncd.conf
dest: /etc/rsyncd.conf
owner: root
group: root
mode: 644
- name: Create Password File
copy:
content: zls:123
dest: /etc/rsync.pass
owner: root
group: root
mode: 600
- name: Start Rsync Server
service:
name: rsyncd
state: started
enabled: true
- hosts: web_group
tasks:
- name: Push Backup Shell
copy:
src: /root/ansible/rsync/rsync_bak.sh
dest: /root/rsync_bak.sh
owner: root
group: root
mode: 644
- name: Create backup Crond
cron:
name: "backup web data"
job: "/bin/sh /root/rsync_bak.sh &>/dev/null"
# 编辑推送脚本
[root@m01 ~]# vim /root/ansible/rsync/rsync_bak.sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
Host=$(hostname)
Addr=$(ifconfig eth1|awk ‘NR==2{print $2}‘)
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
cd / && [ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && [ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && [ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_$Date
export RSYNC_PASSWORD=123
rsync -avz $Path/ zls@172.16.1.41::backup
find $Path/ -type d -mtime +7|xargs rm -rf
### 检测语法
[root@m01 rsync]# ansible-playbook --syntax-check rsync.yml
playbook: rsync.yml
### 执行playbook
[root@m01 rsync]# ansible-playbook rsync.yml
要求
1.web01 web02 安装nginx
2.自己写一个前端页面(xxx_web01_page)
3.安装nfs
4.web01和web02随便挂载目录到nfs
5.nfs将共享目录的数据,推送到backup
| 主机名 | WAN IP | LAN IP | 角色(服务) |
|---|---|---|---|
| web01 | 10.0.0.7 | 172.16.1.7 | nginx,nfs(客户端) |
| web02 | 10.0.0.8 | 172.16.1.8 | nginx,nfs(客户端) |
| nfs | 10.0.0.31 | 172.16.1.31 | nfs(服务端),rsync(客户端) |
| backup | 10.0.0.41 | 172.16.1.41 | rsync(服务端) |
| m01 | 10.0.0.61 | 172.16.1.41 | 管理机(ansible) |
# 1.发送公钥
#!/bin/bash
for i in 7 8 9 31 41 61;do
sshpass -p 1 ssh-copy-id -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@172.16.1.$i
done
# 2.编辑主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[webs]
web01 ansible_ssh_host=172.16.1.7
web02 ansible_ssh_host=172.16.1.8
[nfss]
nfs ansible_ssh_host=172.16.1.31
[backups]
backup ansible_ssh_host=172.16.1.41
[install_nfs:children]
webs
nfss
[install_rsyncd:children]
nfss
backups
# 3.创建ansible目录
[root@m01 ~]# mkdir ansible/nginx/ -p
# 4.编辑rsync配置文件
[root@m01 ~]# vim ansible/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
log file = /var/log/rsyncd.log
auth users = jkz_bak
secrets file = /etc/rsync_pass
[jkz]
comment = welcome to oldboyedu backup!
path = /backup
# 5.编辑推送脚本
[root@m01 ~]# vim beifen.sh
#!/bin/bash
export RSYNC_PASSWORD=111
H=`hostname`
D=`date +%Y%m%d%H-%M-%S`
P=$(/usr/sbin/ifconfig eth1 |awk ‘NR==2{print $2}‘)
cd /data && tar zcf ${H}_${D}_${P}_etc.tgz /tmp
rsync -za /data jkz_bak@10.0.0.41::jkz
[root@m01 ~]# vim ansible/nginx/nginx.yaml
- hosts: all
tasks:
- name: start firewalld
service:
name: firewalld
state: started
- name: open rsync
firewalld:
port: 873/tcp
permanent: no
state: enabled
- name: open nginx
firewalld:
port: 80/tcp
permanent: no
state: enabled
- name: open nfs
firewalld:
service: nfs
permanent: no
state: enabled
- name: create group
group:
name: www
gid: 666
- name: create user
user:
name: www
uid: 666
group: www
shell: /sbin/nolongin
create_home: no
- hosts: install_nfs
tasks:
- name: install-nfs
yum:
name: nfs-utils
state: present
- hosts: nfss
tasks:
- name: nfs_page
copy:
content: /data 172.16.1.0/24(sync,rw,all_squash,anonuid=666,anongid=666)
dest: /etc/exports
- name: create mount dir
file:
path: /data
owner: www
group: www
state: directory
- name: system nfs
service:
name: nfs
state: started
enabled: yes
- hosts: webs
tasks:
- name: create repo
yum_repository:
file: nginx
name: xxx
description: nginx_org
baseurl: http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck: no
enabled: yes
- name: install nginx
yum:
name: nginx
state: present
- name: system nginx
service:
name: nginx
state: started
enabled: yes
- name: make web01 html
copy:
content: webs_{{ ansible_fqdn }}_{{ ansible_default_ipv4[‘address‘] }}page
dest: /usr/share/nginx/html/index.html
- name: create directory
file:
path: /root/aaa
state: directory
- name: mount.nfs
mount:
src: 172.16.1.31:/data
path: /root/aaa
fstype: nfs
state: mounted
- hosts: install_rsyncd
tasks:
- name: install_rsyncd
yum:
name: rsync
state: latest
- hosts: backups
tasks:
- name: rsyncd_page
copy:
src: /root/ansible/rsyncd.conf
dest: /etc/rsyncd.conf
- name: password_file
copy:
content: jkz_bak:111
dest: /etc/rsync_pass
mode: 0600
- name: create backup
file:
path: /backup
owner: www
group: www
state: directory
mode: 0755
- name: system rsync
service:
name: rsyncd
state: started
enabled: yes
- hosts: nfss
tasks:
- name: tp beifen.sh
copy:
src: /root/beifen.sh
dest: /root/beifen.sh
- name: cron beifen
cron:
name: beifen /etc
job: /usr/bin/sh /root/beifen.sh &</dev/null
[root@m01 ~]# ansible-playbook ansible/nginx/nginx.yaml
....
是否挂载
进入站点目录
查看备份是否成功
标签:cti amp play int index hostname ssh 多个 ifconf
原文地址:https://www.cnblogs.com/jkz1/p/13170843.html
