码迷,mamicode.com
首页 > 其他好文 > 详细

28.playbook

时间:2020-06-21 00:48:32      阅读:76      评论:0      收藏:0      [点我收藏+]

标签:cti   amp   play   int   index   hostname   ssh   多个   ifconf   

什么是PlayBook

PlayBook即"剧本","兵书"之意,PlayBook是由以下部分组成的

play: 定义的是主机的角色。(主角还是配角)
task: 定义的是具体执行的任务。(角色的台词和动作)
playbook: 由一个或多个play(角色)组成,一个play(角色)可以包含多个task(台词,动作)。

简单理解为: 使用不同的模块完成一件事

写剧本

# 写playbook:yaml
# 在Ansible中"剧本文件"是以yml结尾的文件。
# 在SaltStack中"剧本文件"是以sls结尾的文件。
# 但是语法,使用的都是yaml语法

YAML语法

语法 描述
缩进 YAML使用固定的缩进风格表示层级结构,每个缩进由两个空格组成, 不能使用TAB
冒号 以冒号结尾的除外,其他所有冒号后面所有必须有空格
短横线 表示列表项,使用一个短横杠加一个空格,多个项使用同样的缩进级别作

host:对哪些主机进行操作(演员)
remote_user:使用什么用户执行(通行证)
tasks:具体执行任务(台词和动作)

示例:

[root@m01 ~]# cat foo.yml
---
- hosts: all
  remote_user: root
  vars:
    file_name: zls.txt
  tasks:
    - name: Create New File
      file: name=/tmp/{{ file_name }} state=touch

PlayBook下载httpd

[root@m01 ~]# vim rsync_install.yml
- hosts: web_group
  tasks:
    - name: Install Httpd Server
      yum:
        name: httpd
        state: present
    - name: Start Httpd Server
      service:
        name: httpd
        state: started
## 检测playbook的语法
[root@m01 ~]# ansible-playbook --syntax-check rsync_install.yml

## 执行playbook
[root@m01 ~]# ansible-playbook rsync_install.yml

## 执行之前,可以先测试一下playbook
[root@m01 ~]# ansible-playbook -C rsync_install.yml

PlayBook部署httpd

# 1.安装httpd
yum install -y httpd
# 2.创建默认页面
echo ‘zls_web_page‘ > /var/www/html/index.html
# 3.启动httpd服务
systemctl start httpd
[root@m01 ~]# vim httpd.yml
- hosts: web_group
  tasks:
    - name: Install httpd
      yum:
        name: httpd
        state: present
    - name: Create Default Web Page
      copy:
        content: zls_web_page
        dest: /var/www/html/index.html
        owner: root
        group: root
        mode: 0644
    - name: Start httpd Server
      service:
        name: httpd
        state: restarted
        enabled: true
[root@m01 ~]# ansible-playbook --syntax-check httpd.yml
playbook: httpd.yml

[root@m01 ~]# ansible-playbook httpd.yml

以上都是单个play

[root@m01 ~]# vim httpd.yml
- hosts: webs
  tasks:
    - name: Install httpd
      yum:
        name: httpd
        state: present
    - name: Start httpd Server
      service:
        name: httpd
        state: started
        enabled: true
- hosts: webs
  tasks:
    - name: Create Default Web01 Page
      copy:
        content: wbs_{{ ansible_fqdn }}_{{ ansible_default_ipv4[‘address‘] }}page
        dest: /var/www/html/index.html
        owner: root
        group: root
        mode: 0644

[root@m01 ~]# ansible-playbook --syntax-check httpd.yml
playbook: httpd.yml

[root@m01 ~]# ansible-playbook httpd.yml

第一个环境剧本

主机名 wanIP lanIP 服务 角色
m01 10.0.0.61 172.16.1.61 ansible 控制端
backup 10.0.0.41 172.16.1.41 rsync服务端 被控端
web01 10.0.0.7 172.16.1.7 rsync客户端 被控端
web02 10.0.0.8 172.16.1.8 rsync客户端 被控端
## m01安装ansible
[root@m01 ~]# yum install -y ansible

## 修改配置文件
[root@m01 ~]# vim /etc/ansible/ansible.cfg 
...
host_key_checking = False
...

## 1.发送公钥
#!/bin/bash
for i in 7 8 41 61;do
        sshpass -p 1 ssh-copy-id -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@172.16.1.$i
done

## 主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
[backup_group]
backup ansible_ssh_host=10.0.0.41
[install_rsync:children]
web_group
backup_group
## 1.安装rsync,web01,web02,backup
## 2.只有backup配置rsync
## 3.只有backup创建密码文件
## 4.web01,web02,backup创建备份目录
## 5.只有backup 启动rsync
## 6.开启防火墙和873端口
## 7.推送脚本到web上
## 8.写定时任务执行脚本

- hosts: install_rsync
  tasks:
    - name: Install Rsync Server
      yum:
        name: rsync
        state: present
    - name: Create backup Directory
      file:
        path: /backup
        onwner: root
        group: root
        mode: 755
        state: directory
    - name: Start Firewalld
      service:
        name: firewalld
        state: started

    - name: Open 873 Port
      firewalld:
        port: 873/tcp
        state: enabled
        permanent: no
        
- hosts: backup
  tasks:
    - name: Configure Rsync conf
      copy:
        src: /root/ansible/rsync/rsyncd.conf
        dest: /etc/rsyncd.conf
        owner: root
        group: root
        mode: 644
    - name: Create Password File
      copy:
        content: zls:123
        dest: /etc/rsync.pass
        owner: root
        group: root
        mode: 600
    - name: Start Rsync Server
      service:
        name: rsyncd
        state: started
        enabled: true
- hosts: web_group
  tasks:
    - name: Push Backup Shell
      copy:
        src: /root/ansible/rsync/rsync_bak.sh
        dest: /root/rsync_bak.sh
        owner: root
        group: root
        mode: 644
    - name: Create backup Crond
      cron:
        name: "backup web data"
        job: "/bin/sh /root/rsync_bak.sh &>/dev/null"
        
# 编辑推送脚本
[root@m01 ~]# vim /root/ansible/rsync/rsync_bak.sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
Host=$(hostname)
Addr=$(ifconfig eth1|awk ‘NR==2{print $2}‘)
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
cd / && [ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && [ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz  var/log/messages var/log/secure && [ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_$Date
export RSYNC_PASSWORD=123
rsync -avz $Path/ zls@172.16.1.41::backup
find $Path/ -type d -mtime +7|xargs rm -rf       
        
### 检测语法
[root@m01 rsync]# ansible-playbook --syntax-check rsync.yml
playbook: rsync.yml

### 执行playbook
[root@m01 rsync]# ansible-playbook rsync.yml

作业

要求

1.web01 web02 安装nginx

2.自己写一个前端页面(xxx_web01_page)

3.安装nfs

4.web01和web02随便挂载目录到nfs

5.nfs将共享目录的数据,推送到backup

环境准备

主机名 WAN IP LAN IP 角色(服务)
web01 10.0.0.7 172.16.1.7 nginx,nfs(客户端)
web02 10.0.0.8 172.16.1.8 nginx,nfs(客户端)
nfs 10.0.0.31 172.16.1.31 nfs(服务端),rsync(客户端)
backup 10.0.0.41 172.16.1.41 rsync(服务端)
m01 10.0.0.61 172.16.1.41 管理机(ansible)

1.剧本前准备

# 1.发送公钥
#!/bin/bash
for i in 7 8 9 31 41 61;do
        sshpass -p 1 ssh-copy-id -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@172.16.1.$i
done


# 2.编辑主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[webs]
web01 ansible_ssh_host=172.16.1.7
web02 ansible_ssh_host=172.16.1.8

[nfss]
nfs ansible_ssh_host=172.16.1.31

[backups]
backup ansible_ssh_host=172.16.1.41

[install_nfs:children]
webs
nfss

[install_rsyncd:children]
nfss
backups

# 3.创建ansible目录
[root@m01 ~]# mkdir ansible/nginx/ -p

# 4.编辑rsync配置文件
[root@m01 ~]# vim ansible/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
log file = /var/log/rsyncd.log
auth users = jkz_bak
secrets file = /etc/rsync_pass
[jkz]
comment = welcome to oldboyedu backup!
path = /backup

# 5.编辑推送脚本
[root@m01 ~]# vim beifen.sh 
#!/bin/bash
export RSYNC_PASSWORD=111
H=`hostname`
D=`date +%Y%m%d%H-%M-%S`
P=$(/usr/sbin/ifconfig eth1 |awk ‘NR==2{print $2}‘)

cd /data && tar zcf ${H}_${D}_${P}_etc.tgz /tmp

rsync -za /data jkz_bak@10.0.0.41::jkz

2.编写剧本

[root@m01 ~]# vim ansible/nginx/nginx.yaml
- hosts: all
  tasks:
    - name: start firewalld
      service:
        name: firewalld
        state: started

    - name: open rsync
      firewalld:
        port: 873/tcp
        permanent: no
        state: enabled

    - name: open nginx
      firewalld:
        port: 80/tcp
        permanent: no
        state: enabled

    - name: open nfs
      firewalld:
        service: nfs
        permanent: no
        state: enabled

    - name: create group
      group:
        name: www
        gid: 666

    - name: create user
      user:
        name: www
        uid: 666
        group: www
        shell: /sbin/nolongin
        create_home: no


- hosts: install_nfs
  tasks:
    - name: install-nfs
      yum:
        name: nfs-utils
        state: present

- hosts: nfss
  tasks:
    - name: nfs_page
      copy:
        content: /data 172.16.1.0/24(sync,rw,all_squash,anonuid=666,anongid=666)
        dest: /etc/exports

    - name: create mount dir
      file:
        path: /data
        owner: www
        group: www
        state: directory

    - name: system nfs
      service:
        name: nfs
        state: started
        enabled: yes

- hosts: webs
  tasks:
    - name: create repo
      yum_repository:
        file: nginx
        name: xxx
        description: nginx_org
        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/
        gpgcheck: no
        enabled: yes

    - name: install nginx
      yum:
        name: nginx
        state: present

    - name: system nginx
      service:
        name: nginx
        state: started
        enabled: yes

    - name: make web01 html
      copy:
        content: webs_{{ ansible_fqdn }}_{{ ansible_default_ipv4[‘address‘] }}page
        dest: /usr/share/nginx/html/index.html

    - name: create directory
      file:
        path: /root/aaa
        state: directory

    - name: mount.nfs
      mount:
        src: 172.16.1.31:/data
        path: /root/aaa
        fstype: nfs
        state: mounted

- hosts: install_rsyncd
  tasks:
    - name: install_rsyncd
      yum:
        name: rsync
        state: latest

- hosts: backups
  tasks:
    - name: rsyncd_page
      copy:
        src: /root/ansible/rsyncd.conf
        dest: /etc/rsyncd.conf

    - name: password_file
      copy:
        content: jkz_bak:111
        dest: /etc/rsync_pass
        mode: 0600

    - name: create backup
      file:
        path: /backup
        owner: www
        group: www
        state: directory
        mode: 0755

    - name: system rsync
      service:
        name: rsyncd
        state: started
        enabled: yes

- hosts: nfss
  tasks:
    - name: tp beifen.sh
      copy:
        src: /root/beifen.sh
        dest: /root/beifen.sh

    - name: cron beifen
      cron:
        name: beifen /etc
        job: /usr/bin/sh /root/beifen.sh &</dev/null

3.执行剧本

[root@m01 ~]# ansible-playbook ansible/nginx/nginx.yaml
....

4.查看

是否挂载

技术图片

进入站点目录

技术图片

查看备份是否成功

技术图片

28.playbook

标签:cti   amp   play   int   index   hostname   ssh   多个   ifconf   

原文地址:https://www.cnblogs.com/jkz1/p/13170843.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!