Ansible playbook基本使用样例

Ansible playbook基本使用样例



[root@manager /etc/ansible/playbook]# cat base.yaml 
- hosts: all
  remote_user: root
    - name: Add Yum Repository
        name: base
        description: Base Aliyun Repositroy
        gpgcheck: no
    - name: Add  Epel Yum Repository
        name: epel
        description: Epel Aliyun Repositroy
        gpgcheck: no

    - name: Installed Package
      yum: name={{ item }} state=present
        - nfs-utils
        - iftop
        - iotop
        - lrzsz
        - vim
    - name: Stop Firewalld Service
      service: name=firewalld state=stopped enabled=no

    - name: Disabled Selinux 
      selinux: state=disabled

    - name: Configure ssh server
      copy: src=./files/sshd.template dest=/etc/ssh/sshd_config
      notify: restart sshd server

    - name: Add Group www
      group: name=www gid=666

    - name: Add User www
      user: name=www uid=666 group=www create_home=no shell=/sbin/nologin
    - name: restart sshd server
      service: name=sshd state=restarted

# sshd.template自行拷贝 /etc/ssh/sshd_config并修改,放置在./files/sshd.template


[root@manager /etc/ansible/playbook]# cat nfs.yaml 
- hosts: nfs
  remote_user: root
    - name: Install nfs-server
      yum: name=nfs-utils state=present

    - name: Configure nfs file
      copy: src=./files/exports.template dest=/etc/exports mode=644
      notify: Restart nfs-server

    - name: Create nfs dir
      file: path=/data state=directory owner=www group=www mode=755 recurse=yes

    - name: Start nfs-server
      service: name=nfs-server state=started

    - name: Restart nfs-server
      service: name=nfs-server state=restarted

# nfs配置文件模板
[root@manager /etc/ansible/playbook]# cat files/exports.template 


[root@manager /etc/ansible/playbook]# cat web.yaml 
- hosts: web
  remote_user: root
    - httpd_id: www
    - httpd_port: 80
    - name: Install Httpd Server
      yum: name={{ item }} state=present
        - httpd
        - php
    - name: Configure Httpd Server
      template: src=./files/httpd.conf.template dest=/etc/httpd/conf/httpd.conf
      notify: Restart Httpd

    - name: Mount nfs_dir
      mount: path=/var/www/html src= fstype=nfs opts=defaults state=mounted 

    - name: Push
      unarchive: src=./files/ dest=/var/www/html/ creates=/var/www/html/index.html
    - name: Start Httpd Server
      service: name=httpd state=started enabled=yes

    - name: Restart Httpd
      service: name=httpd state=restarted



[root@manager /etc/ansible/playbook]# cat rsync.yaml 
- hosts: backup
  remote_user: root  
  vars_files: ./files/vars.yaml
    - name: Install rsyncd
      yum: name=rsync state=present

    - name: Create Directory
      file: path={{ item }} state=directory mode=755 owner=www group=www
        - /backup
        - /data

    - name: Configrue rsync
      template: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }}
        - {src: "./files/rsyncd.conf.template", dest: "/etc/rsyncd.conf", mode: "0644"}
        - {src: "./files/rsync.pass.template", dest: "/etc/rsync.passwd", mode: "0600"}
      notify: Restart rsyncd
        - configrue rsync

    - name: Start rsyncd
      service: name=rsyncd state=started
    - name: Output rsync status 
      shell: netstat -tunlp | grep rsync
      register: Rsync_status
      ignore_errors: yes

    - name: Print Rsync Status
      debug: msg={{ Rsync_status.stdout_lines }}

    - name: Restart rsyncd
      service: name=rsyncd state=restarted

[root@manager /etc/ansible/playbook]# cat files/vars.yaml 
rsyncd_user: www
rsync_auth_user: rsync_backup
rsync_passwd_path: /etc/rsync.passwd
rsync_module: backup
rsync_comment: backup all
rsync_backup_path: /backup
rsync_password: "rsync_backup:00000000"

[root@manager /etc/ansible/playbook]# cat files/rsyncd.conf.template 
uid = {{ rsyncd_user }}             
gid = {{ rsyncd_user }}            
port = 873              
fake super = yes          
use chroot = no           
max connections = 20        
timeout = 600           
ignore errors           
read only = false         
list = false            
auth users = {{ rsync_auth_user }}     
secrets file = {{ rsync_passwd_path}}  
log file = /var/log/rsync.log     

[{{ rsync_module }}]              
comment = {{ rsync_comment }}         
path = {{ rsync_backup_path }}

[{{ sersync_module }}]              
comment = {{ sersync_comment }}         
path = {{ sersync_backup_path }}


[root@manager /etc/ansible/playbook]# cat sssersync.yaml 
- hosts: nfs
    - name: Create rsync.pass
      copy: content="00000000" dest=/etc/rsync.pass mode=600

    - name: Configure sersync file
      template: src=./files/confxml.xml dest=/usr/local/sersync/ mode=755
      notify: Restart sersyncd
    - name: sersync_status
      shell: ps -ef |grep sersync | grep -v grep | wc -l
      register: sersync_status

    - name: Configure execute sersync file
      copy: src=./files/sersync2 dest=/usr/local/sersync/ mode=755

    - name: Start sersyncd
      shell: pkill sersyncd2;/usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
      when: sersync_status.stdout != '1'

    - name: Restart sersyncd
      shell: pkill sersyncd2;/usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml

# 模板文件自行挖空哈 {{ rsyncd_user }}
[root@manager /etc/ansible/playbook]# cat files/vars.yaml 
rsyncd_user: www
rsync_auth_user: rsync_backup
rsync_passwd_path: /etc/rsync.passwd
rsync_module: backup
rsync_comment: backup all
rsync_backup_path: /backup
rsync_password: "rsync_backup:00000000"

sersync_module: data
sersync_comment: backup all
sersync_backup_path: /data


[root@manager /etc/ansible/playbook]# cat mail.yaml 
- hosts: backup
  vars_files: ./files/vars.yaml
    - name: Install mailx
      yum: name=mailx state=present

    - name: render mailx file
      template: src=./files/mail.rc.template dest=/etc/mail.rc mode=644

    - name: copy
      copy: src=./files/ dest=/server/scripts/ mode=755

    - name: Creat crontab
      cron: name="sendmail" minute=01 hour=02 job='/bin/sh /server/scripts/'

[root@manager /etc/ansible/playbook]# cat files/mail.rc.template 
set from={{ stmp_user }}
set smtp={{ smtp_server }}
set smtp-auth-user={{ stmp_auth_user }}
set smtp-auth-password={{ smpt_auth_password }}
set smtp-auth=login
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/

[root@manager /etc/ansible/playbook]# cat files/vars.yaml 
rsyncd_user: www
rsync_auth_user: rsync_backup
rsync_passwd_path: /etc/rsync.passwd
rsync_module: backup
rsync_comment: backup all
rsync_backup_path: /backup
rsync_password: "rsync_backup:00000000"

sersync_module: data
sersync_comment: backup all
sersync_backup_path: /data

smtp_server: smtps://
smpt_auth_password: xxxxxxxxxx


# 检测playbook语法
[root@manager /etc/ansible/playbook]# ansible-playbook -i hosts xxxx.yaml --syntax-check

# 运行playbook
[root@manager /etc/ansible/playbook]# ansible-playbook -i hosts xxxx.yaml

[root@k8s-master project]# ansible-playbook --help
usage: ansible-playbook [-h] [--version] [-v] [-k]
                        [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
                        [-c CONNECTION] [-T TIMEOUT]
                        [--ssh-common-args SSH_COMMON_ARGS]
                        [--sftp-extra-args SFTP_EXTRA_ARGS]
                        [--scp-extra-args SCP_EXTRA_ARGS]
                        [--ssh-extra-args SSH_EXTRA_ARGS] [--force-handlers]
                        [--flush-cache] [-b] [--become-method BECOME_METHOD]
                        [--become-user BECOME_USER] [-K] [-t TAGS]
                        [--skip-tags SKIP_TAGS] [-C] [--syntax-check] [-D]
                        [-i INVENTORY] [--list-hosts] [-l SUBSET]
                        [-e EXTRA_VARS] [--vault-id VAULT_IDS]
                        [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
                        [-f FORKS] [-M MODULE_PATH] [--list-tasks]
                        [--list-tags] [--step] [--start-at-task START_AT_TASK]
                        playbook [playbook ...]

Runs Ansible playbooks, executing the defined tasks on the targeted hosts.

positional arguments:
  playbook              Playbook(s)

optional arguments:
  --ask-vault-pass      ask for vault password
  --flush-cache         clear the fact cache for every host in inventory
  --force-handlers      run handlers even if a task fails
  --list-hosts          outputs a list of matching hosts; does not execute
                        anything else
  --list-tags           list all available tags
  --list-tasks          list all tasks that would be executed
  --skip-tags SKIP_TAGS
                        only run plays and tasks whose tags do not match these
  --start-at-task START_AT_TASK
                        start the playbook at the task matching this name
  --step                one-step-at-a-time: confirm each task before running
  --syntax-check        perform a syntax check on the playbook, but do not
                        execute it
  --vault-id VAULT_IDS  the vault identity to use
  --vault-password-file VAULT_PASSWORD_FILES
                        vault password file
  --version             show program's version number, config file location,
                        configured module search path, module location,
                        executable location and exit
  -C, --check           don't make any changes; instead, try to predict some
                        of the changes that may occur
  -D, --diff            when changing (small) files and templates, show the
                        differences in those files; works great with --check
  -M MODULE_PATH, --module-path MODULE_PATH
                        prepend colon-separated path(s) to module library (def
  -e EXTRA_VARS, --extra-vars EXTRA_VARS
                        set additional variables as key=value or YAML/JSON, if
                        filename prepend with @
  -f FORKS, --forks FORKS
                        specify number of parallel processes to use
  -h, --help            show this help message and exit
  -i INVENTORY, --inventory INVENTORY, --inventory-file INVENTORY
                        specify inventory host path or comma separated host
                        list. --inventory-file is deprecated
  -l SUBSET, --limit SUBSET
                        further limit selected hosts to an additional pattern
  -t TAGS, --tags TAGS  only run plays and tasks tagged with these values
  -v, --verbose         verbose mode (-vvv for more, -vvvv to enable
                        connection debugging)

Connection Options:
  control as whom and how to connect to hosts

  --private-key PRIVATE_KEY_FILE, --key-file PRIVATE_KEY_FILE
                        use this file to authenticate the connection
  --scp-extra-args SCP_EXTRA_ARGS
                        specify extra arguments to pass to scp only (e.g. -l)
  --sftp-extra-args SFTP_EXTRA_ARGS
                        specify extra arguments to pass to sftp only (e.g. -f,
  --ssh-common-args SSH_COMMON_ARGS
                        specify common arguments to pass to sftp/scp/ssh (e.g.
  --ssh-extra-args SSH_EXTRA_ARGS
                        specify extra arguments to pass to ssh only (e.g. -R)
  -T TIMEOUT, --timeout TIMEOUT
                        override the connection timeout in seconds
  -c CONNECTION, --connection CONNECTION
                        connection type to use (default=smart)
  -k, --ask-pass        ask for connection password
                        connect as this user (default=None)

Privilege Escalation Options:
  control how and which user you become as on target hosts

  --become-method BECOME_METHOD
                        privilege escalation method to use (default=sudo), use
                        `ansible-doc -t become -l` to list valid choices.
  --become-user BECOME_USER
                        run operations as this user (default=root)
  -K, --ask-become-pass
                        ask for privilege escalation password
  -b, --become          run operations with become (does not imply password
版权声明:本站原创文章,由 xadocker 2019-07-20发表,共计9471字。