变量的概述
避免重复代码,方便维护,减少维护成本
ansible变量定义
- 命令行
- -e '变量名=变量值'
- play中定义
- vars
- vars_files
- Inventory中定义
- hosts文件
- host_vars目录
- group——vars目录
优先级
命令行>play>inventory
命令行 > vars_files(play) > vars(play) > host_vars(inventory) > group_vars(inventory) > hosts文件(inventory)
定义ansible变量位置
再play中定义变量
- vars变量
## 变量的定义阶段
- hosts: all
vars:
变量名: 变量值
变量名:
- 变量值1
- 变量值2
tasks:
## 变量的调用阶段
tasks:
- name: 任务名{{ 变量名 }}
file:
path: /root/{{ 变量名 }}
owner: "{{ 变量名 }}"
# 在play中用vars定义变量
- hosts: web_group
vars:
user_group: asd
id: '222'
pkg:
- nginx
- php
- mariadb-server
tasks:
- name: 创建{{ user_group }}组
group:
name: "{{ user_group }}"
gid: "{{ id }}"
- name: 创建{{ user_group }}用户
user:
name: "{{ user_group }}"
uid: "{{ id }}"
group: "{{ id }}"
shell: /sbin/nologin
create_home: False
- name: 安装nginx php mysql
yum:
name: "{{ pkg }}"
state: present
vars_files变量
## 层级变量定义阶段
jiagou:
- lnmp:
pkg:
- nginx
- php
- mysql
- lamp:
pkg:
- httpd
- php
- mysql
- lamt:
pkg:
- httpd
- tomcat
- mysql
## 层级变量调用阶段
- hosts: web_group
tasks:
- name: 安装lamt
yum:
name: "{{ jiagou.lamt.pkg }}"
- hosts: web_group
vars:
user_group: asd
id: '222'
vars_files: ./yjt_var.yml (当前目录下的yjt_var.yml里面编写内容,内容在底下)
tasks:
- name: 创建{{ user_group }}组
group:
name: "{{ user_group }}"
gid: "{{ id }}"
- name: 创建{{ user_group }}用户
user:
name: "{{ user_group }}"
uid: "{{ id }}"
group: "{{ id }}"
shell: /sbin/nologin
create_home: False
## yjt_var.yml内容
user_group: aaa
id: '250'
pkg:
- nginx
- php
- mariadb-server
在inventory中定义变量
在inventory文件中定义变量(几乎不用)
[root@m01 ~]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
[web_group:vars]
user_group=xxx
id='666'
host_vars
## 和yaml文件同级下创建目录
mkdir host_vars
## 针对主机定义变量
vim host_vars/web01 (host_vars下的web01文件)
user_group: user_host_vars_web01
id: '444'
group_vars
## 和yaml文件同级下创建目录
mkdir group_vars
## 针对主机定义变量
vim group_vars/web_group (group_vars下的web_group)
user_group: user_group_vars_web_group
id: '444'
优先级测试
# 1.play中定义变量
vars:vars_user
vars_files:user_vars_files
- hosts: web_group
vars:
- user_group: vars_user
- id: '444'
vars_files: ./yjt_var.yml
tasks:
- name: 创建用户
user:
name: "{{ user_group }}"
uid: "{{ id }}"
state: present
# 2.主机清单定义变量
hosts文件中:user_inventory
[web_group:vars]
user_group=user_inventory
host_vars目录下
- web01
user_group: user_host_vars_web01
- web02
user_group: user_host_vars_web02
group_vars目录下
web_group
user_group: user_group_vars_web_group
# 3.命令行定义变量
ansible-playbook -e 'user_group=command_user'
[root@m01 wordpress_ansible]# ansible-playbook test.yml -i base/hosts -e 'user_group=command_user'
变量注册
当absible的模块在运行之后,其实都会返回一些result结果,就像是执行脚本,我们有的时候需要脚本给我们一些return返回值,我们才知道,上一步是否可以执行成功,但是...默认情况下,ansible的result并不会显示出来,所以,我们可以把这些返回值'存储'到变量中,这样我们就能通过'调用'对应的变量名,从而获取到这些result,这种将模块的返回值,写入到变量中的方法被称为变量注册
[root@m01 ~]# cat asd.yml
- hosts: web_group
tasks:
- name: look paper
shell: "ls -l /etc/nginx"
register: abc
- name: Return result (获取注册的变量值 nginx目录返回记过)
debug:
msg: "{{abc.stdout_lines}}"
只需要打印详细的结果
- hosts: web_group
tasks:
- name: 查看nginx目录
shell: "ls -l /etc/nginx"
register:asd
- name: Return result (获取注册的变量值 nginx目录返回记过)
debug:
msg: "{{ asd.stdout_lines }}"
利用变量注册做判断
- hosts: web_group
tasks:
- name: 查看nginx目录
shell: "ls -l /etc/nginx"
register: asd
- name: Return result (获取注册的变量值 nginx目录返回结果)
debug:
msg: "{{ asd.stdout_lines }}"
- name: 安装nginx和php
shell: cd /opt && rpm -Uvh *.rpm
when: asd.rc != 0 (在sad.rc的返回值不是0的情况下,执行)
facts缓存
Ansible facts是在被管理追击上通过Ansible自动采集发现的变量。facts包含每台特定的主机信息。比如:被控端的主机名、IP地址、系统版本、CPU数量、内存状态、磁盘状态等等。
facts缓存应用场景
- 根据主机CPU,设置nginx配置文件,cpu亲和 (这个现在不需要用到)
- 根据内存,配置MySQL的配置文件
- 根据IP地址,配置redis配置文件
关闭facts缓存
- hosts: rsync_nfs
gather_facts: False ## 关闭facts缓存(打开了有缓存,但是也会释放,不会影响到第二次读取缓存)
tasks:
- name: 安装rsync和nfs服务
yum:
name:
- rsync
- nfs-utils
state: present
- name: 创建目录
file:
path: /tmp/{{ ansible_memtotal_mb }}
state: directory
实战案例
# 要求
1.nfs
2.rsync
3.nginx 要做共享存储
4.部署wordpress
环境准备
主机名 | WanIP | LanIP | 角色 | 应用 |
m01 | 10.0.0.61 | 172.16.1.61 | ansible管理机 | ansible |
web01 | 10.0.0.7 | 172.16.1.7 | 作业网站 | httpd、php、nfs |
web02 | 10.0.0.8 | 172.16.1.8 | 作业网站 | httpd、php、nfs |
nfs | 10.0.0.31 | 172.16.1.31 | 共享存储 | nfs、rsync |
backup | 10.0.0.41 | 172.16.1.41 | 实时同步备份 | nfs、rsync |
db01 | 10.0.0.51 | 172.16.1.51 | 数据库 | MariaDB、MySQL-python |
先决条件
# 1.操控机上创建用户
[root@m01 base]# groupadd www -g 666
[root@m01 base]# useradd www -u 666 -g 666 -s /sbin/nologin -M
# 2.安装nginx和php
rpm -Uvh *.rpm
# 3.修改nginx主配置文件用户
[root@m01 base]# vim /etc/nginx/nginx.conf
user www;
# 4. copy修改好的文件
[root@m01 base]# cp /etc/nginx/nginx.conf /root/wordpress_ansible/nginx_php/
# 5.修改php配置文件用户
[root@m01 ngx_php]# vim /etc/php-fpm.d/www.conf
[www]
user = www
group = www
listen = /dev/shm/php.sock
listen.owner = www
listen.group = www
# 6.copy修改好的配置文件
[root@m01 ngx_php]# cp /etc/php-fpm.d/www.conf /root/wordpress_ansible/nginx_php/
# 7.创建nginx子配置文件
[root@m01 nginx]# vim /etc/nginx/conf.d/blog.yjt.com.conf
server {
listen 80;
server_name blog.yjt.com;
root /code/wordpress;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass unix:/dev/shm/php.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# 8.copy修改好的配置文件
[root@m01 nginx]# cp /etc/nginx/conf.d/blog.zls.com.conf /root/wordpress_ansible/nginx_php/
# 9.启动nginx和php
[root@m01 ngx_php]# systemctl start nginx php-fpm
# 10.安装wordpress
[root@m01 wordpress_ansible]# mkdir /code
[root@m01 ngx_php]# wget https://cn.wordpress.org/latest-zh_CN.tar.gz -O /code/latest- zh_CN.tar.gz
# 11.解压
[root@m01 code]# tar xf latest-zh_CN.tar.gz
# 12.授权
[root@m01 code]# chown -R www.www /code/
# 13.数据备份
[root@db01 ~]# mysqldump wordpress > /opt/wp_ansible.sql
[root@db01 ~]# scp /opt/wp_ansible.sql 172.16.1.61:/root/wordpress_ansible/mariadb
# 14.将wordpress下的图片打包
root@m01 wordpress_ansible]# ll nfs/
total 92
-rw-r--r-- 1 root root 94006 Jun 29 18:44 2022.tgz
# 15.将提前准备好好的数据库配置文件scp过来
[root@m01 wordpress_ansible]# cat mariadb/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
skip_name_resolve # 加这一行 防止反向解析
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
# 16. 将数据库用户数据备份
[root@db01 ~]# mysqldump -uroot -p123 wordpress > /opt/wp_ansible.sql
# 17.将数据库数据推送
[root@db01 ~]# scp /opt/wp_ansible.sql 172.16.1.61:/root/wordpress_ansible/mariadb
# 18.打包弄好的wordpress
[root@m01 code]# tar zcf wordpress.tgz wordpress/
[root@m01 code]# cp wordpress.tgz /root/wordpress_ansible/wordpress/
# 19.准备rsync配置文件
[root@m01 code]# vim /root/wordpress_ansible/rsync/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
准备好的目录结构
[root@m01 wordpress_ansible]# tree
├── base
│ ├── hosts #主机清单
│ └── ssh_key.sh #密钥脚本
├── lnmp.yml # playbook
├── mariadb
│ ├── my.cnf # 数据库配置文件
│ └── wp_ansible.sql # 数据库数据备份
├── nfs
│ └── 2022.tgz # 数据库图片备份
├── nginx_php
│ ├── blog.yjt.com.conf # nginx子配置文件
│ ├── nginx.conf # nginx主配置文件
│ ├── nginx_php.tgz # nginx和php安装包
│ └── www.conf # php配置文件
├── rsync
│ └── rsyncd.conf # rsync配置文件
└── wordpress
└── wordpress.tgz # wordpress数据备份
[root@m01 wordpress_ansible]# vim lnmp.yml
- hosts: all
tasks:
- name: create www group
group:
name: www
gid: 666
- name: Greate www User
user:
name: www
group: '666'
uid: 666
shell: /sbin/nologin
create_home: False
- hosts: rsyncd
tasks:
- name: Install Rsync And NFS Service
yum:
name:
- nfs-utils
- rsync
state: present
- hosts: backup
tasks:
- name: Configure Rsync Conf
copy:
src: /root/wordpress_ansible/rsync/rsyncd.conf
dest: /etc
- name: Set Rsync Password File
copy:
content: 'rsync_bacup:123'
dest: /etc/rsync.passwd
mode: 0600
- name: Create Backup Directory
file:
path: /backup
owner: www
group: www
mode: 0755
state: directory
- name: Start Rsync Service
service:
name: rsyncd
state: started
enabled: True
- hosts: nfs
tasks:
- name: Create Client Password File
copy:
content: '123'
dest: /etc/rsync.passwd
mode: 0600
- name: Configure NFS Conf
copy:
content: /data 172.16.1.0/24(rw,sync,anonuid=666,anongid=666,all_squash)
dest: /etc/exports
- name: Create NFS Directory
file:
path: /data
owner: www
group: www
mode: 0755
state: directory
- name: 推送用户数据
unarchive:
src: /root/wordpress_ansible/nfs/2022.tgz
dest: /data
owner: www
group: www
- name: Start NFS Service
service:
name: nfs
state: started
enabled: True
- hosts: web_group
tasks:
- name: 解压nginx和php到web端
unarchive:
src: /root/wordpress_ansible/nginx_php/nginx_php.tgz
dest: /opt
- name: 安装nginx和php
shell: cd /opt && rpm -Uvh *.rpm
- name: 推送nginx主配置文件
copy:
src: /root/wordpress_ansible/nginx_php/nginx.conf
dest: /etc/nginx
- name: 推送nginx虚拟机配置文件
copy:
src: /root/wordpress_ansible/nginx_php/blog.yjt.com.conf
dest: /etc/nginx/conf.d
- name: 推送PHP配置文件
copy:
src: /root/wordpress_ansible/nginx_php/www.conf
dest: /etc/php-fpm.d
- name: 启动nginx服务
service:
name: nginx
state: started
enabled: True
- name: 启动php服务
service:
name: php-fpm
state: started
enabled: True
- name: 创建站点目录
file:
path: /code
owner: www
group: www
mode: 0755
state: directory
- name: 部署wordpress代码
unarchive:
src: /root/wordpress_ansible/wordpress/wordpress.tgz
dest: /code
owner: www
group: www
- name: 挂载nfs
mount:
src: 172.16.1.31:/data
path: /code/wordpress/wp-content/uploads
fstype: nfs
state: mounted
- hosts: db01
tasks:
- name: 安装数据库和连接插件
yum:
name:
- mariadb-server
- MySQL-python
state: present
- name: 推送数据库的配置文件
copy:
src: /root/wordpress_ansible/mariadb/my.cnf
dest: /etc
- name: 启动数据库
service:
name: mariadb
state: started
enabled: True
- name: 创建wordpress数据库
mysql_db:
name: wordpress
state: present
- name: 创建wp_user用户
mysql_user:
name: wp_user
password: '123'
host: '%'
priv: '*.*:ALL'
state: present
- name: 推送sql文件
copy:
src: /root/wordpress_ansible/mariadb/wp_ansible.sql
dest: /opt
- name: 导入数据
mysql_db:
name: wordpress
state: import
target: /opt/wp_ansible.sql
