首页 学习笔记 📖 / 未收录,推送中

请注意,本文最后更新时间:2021-03-01,最后编辑于104天前,内容可能已经不具有时效性,请谨慎参考。

1、工作流程

    • 安装ansible
    • Web backup nfs服务器安装rsync
    • 拷贝rsync配置文件
    • 创建服务端backup的备份目录
    • copy密码文件
    • 启动rsync服务,并运行开机自启
      剧本编写常见错误:
    1. 剧本语法规范是否符合(空格 冒号 短横线)
    2. 剧本中模块使用是否正确
    3. 剧本中一个name标识下面只能写一个模块任务信息
    4. 剧本中尽量不要大量使用shell模块

    Tasks list 和action介绍
    Play的主体部分是task列表,task列表中的各任务按次序逐个在hosts中指定的主机上执行,即在所有主机上完成第一个任务后再开始第二个任务。
    在运行playbook时(从上到下执行),如果一个host执行task失败,整个tasks都会回滚,请修正playbook 中的错误,然后重新执行即可。
    Task的目的是使用指定的参数执行模块,而在模块参数中可以使用变量,模块执行时幂等的,这意味着多次执行是安全的,因为其结果一致。
    每一个task必须有一个名称name,这样在运行playbook时,从其输出的任务执行信息中可以很好的辨别出是属于哪一个task的。如果没有定义name,‘action’的值将会用作输出信息中标记特定的task。
    定义一个task,常见的格式:”module: options” 例如:yum: name=httpd
    ansible的自带模块中,command模块和shell模块无需使用key=value格式

    2、配置主机清单

    可参考主机清单的配置方法:
    https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html

    vim /etc/ansible/hosts
    [rsync:children]
    rsync_server
    rsync_client
    
    [rsync_server]
    172.16.1.41
    
    [rsync_client]
    172.16.1.31
    172.16.1.7
    [rsync_client:vars]
    passfile=rsync-password03

    上面这样配置,前提在/etc/hosts中已经解析过主机
    请输入图片描述
    另一种方法就是在主主机清单中直接添加

    [rsync_server]
    backup ansible_ssh_host=172.16.1.41 ansible_ssh_user=root ansible_ssh_port=22
    
    [rsync_client]
    nfs ansible_ssh_host=172.16.1.31 ansible_ssh_user=root ansible_ssh_port=22
    web ansible_ssh_host=172.16.1.7 ansible_ssh_user=root ansibel_ssh_port=22

    3、编写rsync的配置文件

    vim /etc/rsyncd.conf
    uid = rsync        
    gid = rsync       
    port = 873        
    fake super = yes  
    use chroot = no   
    max connections = 200  
    timeout = 300          
    pid file = /var/run/rsyncd.pid   
    lock file = /var/run/rsync.lock  
    log file = /var/log/rsyncd.log   
    ignore errors                    
    read only = false                
    list = false                     
    hosts allow = 172.16.1.0/24      
    hosts deny = 0.0.0.0/32         
    auth users = rsync_backup        
    secrets file = /etc/rsync.password   
    [backup]                        
    comment = "backup dir by oldboy"  
    path = /backup

    整理好本地文件

    4、编写剧本

    vim /etc/ansible/ansible-playbook/rsync_server.yaml
    - hosts: rsync
      tasks:
        - name: 01-install rsync    #安装rsync
          yum: name=rsync state=installed
    
    - hosts: rsync_server    #备份服务器
      tasks:
        - name: 02-push conf file   #把本地conf文件传输到服务端
          copy:src=/etc/ansible/server_file/rsync_server/rsyncd.conf dest=/etc/
        - name: 03-create user      #创建虚拟用户
          user: name=rsync cerate_home=no shell=/sbin/nologin
        - name: 04-create backup dir #创建目录
          file: path=/backup state=directory owen=rsync group=rsync
        - name: 05-crteate password  #创建密码文件
          copy: content=rsync_backup:123456 dest=/etc/rsync.password mode=600
        - name: 06-restart rsync server
          service: name=rsyncd state=started enable=yes
    - hosts: rsync_client     #客户端
      taska:
        - name: 01-create password file #创建密码文件
          copy: content=123456 dest=/etc/rsync.password mode=600
        - name: 02-create test file    #用于测试
          file: dest=/tem/test.txt state=touch
        - name: 03-check test         #传输到备份服务器
          shell: rsync -avz /tem/test.txt rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password
    

    请输入图片描述

    5、检查剧本

    ansible-playbook --syntax-check rsync_server.yaml

    请输入图片描述
    测试

    ansible-playbook -C rsync_server.yaml

    请输入图片描述
    请输入图片描述
    PS:测试环境可能会出现报错
    最终结果:

    ansible-playbook rsync_server.yaml

    请输入图片描述

    剧本中设置变量信息
    方式一:直接在剧本文件编写

    vars:
      oldboy01: data01
      oldboy02: data02

    方式二:在命令行中进行指定

    ansible-playbook --extra-vars=oldboy01=data01
    

    方式三:在主机清单文件编写

    [oldboy]
    oldboy01=data01
    oldboy02=data02
    

    三种变量设置方式都配置了,三种方式的优先级???
    最优先: 命令行变量设置
    次优先: 剧本中变量设置
    最后: 主机清单变量设置

    - hosts: rsync
      tasks:
        - name:  01-install rsync
          yum: name=rsync state=installed
    
    - hosts: rsync_server
      tasks:
       #- name: 01-install rsync
        # yum: name=rsync state=installed
       - name: 02-push conf file
         copy: src=/etc/ansible/server_file/rsync_server/rsyncd.conf dest=/etc/
       - name: 03-create user
         user: name=rsync create_home=no shell=/sbin/nologin
         #shell: useradd rsync -M -s /sbin/nologin
       - name: 04-create backup dir
         file: path=/backup state=directory owner=rsync group=rsync
       - name: 05-create password file
         copy: content=rsync_backup:123456 dest=/etc/rsync.password mode=600
       - name: 06-restart rsync server
         service: name=rsyncd state=started enabled=yes
       - name: 07-check server port
         shell: netstat -lntup|grep 873
         register: get_server_port
       - name: 08-display port info
         debug: msg={{ get_server_port.stdout_lines }}

    ansible-playbook rsync_server.yaml
    请输入图片描述

    6、拓展应用

    ansible添加判断信息

    如何指定判断条件:
    (ansible_hostname == "nfs01")
    (ansible_hostname == "web01")
    setup模块中显示被管理主机系统的详细信息

    - hosts: rsync
      tasks:
        - name:  01-install rsync
          yum: name=rsync state=installed
    
    - hosts: rsync_server
      tasks:
       #- name: 01-install rsync
        # yum: name=rsync state=installed
       - name: 02-push conf file
         copy: src=/etc/ansible/server_file/rsync_server/rsyncd.conf dest=/etc/
       - name: 03-create user
         user: name=rsync create_home=no shell=/sbin/nologin
         #shell: useradd rsync -M -s /sbin/nologin
       - name: 04-create backup dir
         file: path=/backup state=directory owner=rsync group=rsync
       - name: 05-create password file
         copy: content=rsync_backup:123456 dest=/etc/rsync.password mode=600
       - name: 06-restart rsync server
         service: name=rsyncd state=started enabled=yes
    
    - hosts: rsync_client
      tasks:
        #- name: 01-install rsync
         # yum: name=rsync state=installed
        - name: 02-create password file
          copy: content=123456 dest=/etc/rsync.password mode=600
        - name: 03-create test nfs file
          file: dest=/tmp/test.txt state=touch
          when: (ansible_hostname == "nfs01")
        - name: 03-create test nfs file
          file: dest=/tmp/test.txt state=touch

    执行后nfs服务器会生成一个test.txt文件,而其他服务器则不会
    获取内置变量方法:

    ansible oldboy -m setup -a "filter=ansible_hostname"
    常见主机信息:
    ansible_all_ipv4_addresses:                仅显示ipv4的信息。
    ansible_devices:                           仅显示磁盘设备信息。
    ansible_distribution:                      显示是什么系统,例:centos,suse等。
    ansible_distribution_major_version:        显示是系统主版本。
    ansible_distribution_version:              仅显示系统版本。
    ansible_machine:                           显示系统类型,例:32位,还是64位。
    ansible_eth0:                              仅显示eth0的信息。
    ansible_hostname:                          仅显示主机名。
    ansible_kernel:                            仅显示内核版本。
    ansible_lvm:                               显示lvm相关信息。
    ansible_memtotal_mb:                       显示系统总内存。
    ansible_memfree_mb:                        显示可用系统内存。
    ansible_memory_mb:                         详细显示内存情况。
    ansible_swaptotal_mb:                      显示总的swap内存。
    ansible_swapfree_mb:                       显示swap内存的可用内存。
    ansible_mounts:                            显示系统磁盘挂载情况。
    ansible_processor:                         显示cpu个数(具体显示每个cpu的型号)。
    ansible_processor_vcpus:                   显示cpu个数(只显示总的个数)。
    
    获取子信息方法:
    ansible_eth0[ipv4]

    在剧本中设置注册信息

    - hosts: rsync_server
      tasks:
        - name: check server port
          shell: netstat -lntup        --- 端口信息
          register: get_server_port   <--端口信息
    
        - name: display port info
          debug: msg={{ get_server_port.stdout_lines }}

    显示进程信息,表示服务已经正常启动
    PS: 设置变量不能有空格信息

    在剧本中设置循环信息

    格式

    vim test04.yml
        - hosts: all
          remote_user: root
          tasks:
            - name: Add Users
              user: name={{ item.name }} groups={{ item.groups }} state=present
              with_items: 
                - { name: 'testuser1', groups: 'bin' }
                - { name: 'testuser2', groups: 'root' }
        
        vim test05.yml
        - hosts: all
          remote_user: root
          tasks:
            - name: Installed Pkg
              yum: name={{ item }}  state=present
              with_items:
                - wget
                - tree
                    - lrzsz    

    示例

    - hosts: rsync
      tasks:
        - name:  01-install rsync
          yum: name=rsync state=installed
    
    - hosts: rsync_server
      tasks:
       - name: 02-push conf file & password file
         copy: src=/etc/ansible/server_file/rsync_server/{{ item.src }} dest={{ item.dest }} mode={{ item.mode }}
         with_items:
           - { src: 'rsyncd.conf', dest: '/etc/', mode: '644'}
           - { src: 'rsync.password', dest: '/etc/', mode: '600' }
       - name: 03-create user
         user: name=rsync create_home=no shell=/sbin/nologin
         #shell: useradd rsync -M -s /sbin/nologin
       - name: 04-create backup dir
         file: path=/backup state=directory owner=rsync group=rsync
       - name: 05-restart rsync server
         service: name=rsyncd state=started enabled=yes
    
        - hosts: rsync_client
          tasks:
            #- name: 01-install rsync
             # yum: name=rsync state=installed
            - name: 02-create password file
              copy: content=123456 dest=/etc/rsync.password mode=600
            - name: 03-create test file
              file: dest=/tmp/test.txt state=touch
            - name: 04-check test
              shell: rsync -avz /tmp/test.txt rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password
    

    请输入图片描述

    剧本执行出现错误排查思路/步骤:
    1) 找到剧本中出现问题关键点
    2) 将剧本中的操作转换成模块进行操作
    3) 将模块的功能操作转换成linux命令
    本地管理主机上执行命令测试
    远程被管理主机上执行命令测试

    - name: 01-install rsync
      yum:
        name: ['rsync', 'tree', 'wget']  --- saltstack
        state: installed
    
    - name: xxx 
      yum: name=xxx state=installed      --- ansible
    

    在剧本中设置忽略错误
    默认playbook会检查命令和模块的返回状态,如遇到错误就中断playbook的执行
    可以加入ignore_errors: yes忽略错误
    vim test06.yml

    - hosts: all
      remote_user: root
      tasks:
        - name: Ignore False
          command: /bin/false
          ignore_errors: yes
        - name: touch new file
          file: path=/tmp/oldboy_ignore state=touch        
    

    在剧本中设置标签功能

    - hosts: test
      ignore_errors: yes
      remote_user: root
      tasks:
        - name: Check File
          file: path=/tmp/this_is_{{ ansible_hostname }}_file state=touch
          when: (ansible_hostname == "nfs01") or (ansible_hostname == "backup")
          tags: t1
    
        - name: bad thing
          command: ech 123
          #ignore_errors: yes
          tags: t2
    
        - name: install httpd
          yum: name=httpd state=installed
          when: (ansible_all_ipv4_addresses == ["172.16.1.7","10.0.0.7"])
          tags: t3
    
        - name: install httpd2
          yum: name=httpd2 state=installed
          when: (ansible_distribution == "ubuntu")
          tags: t4
          

    指定执行哪个标签任务: ansible-playbook --tags=t2 test05.yml
    跳过指定标签任务: ansible-playbook --skip-tags=t2 test05.yml

    示例

    - hosts: rsync
      tasks:
        - name:  01-install rsync
          yum: name=rsync state=installed
    
    - hosts: rsync_server
      tasks:
       - name: 02-push conf file
         copy: src=/etc/ansible/server_file/rsync_server/rsyncd.conf dest=/etc/
       - name: 03-create user
         user: name=rsync create_home=no shell=/sbin/nologin
       - name: 04-create backup dir
         file: path=/backup state=directory owner=rsync group=rsync
         tags: t4
       - name: 05-create password file
         copy: content=rsync_backup:123456 dest=/etc/rsync.password mode=600
       - name: 06-restart rsync server
         service: name=rsyncd state=started enabled=yes
    
    - hosts: rsync_client
      tasks:
        - name: 02-create password file
          copy: content=123456 dest=/etc/rsync.password mode=600
        - name: 03-create test file
          file: dest=/tmp/test.txt state=touch
        - name: 04-check test
          shell: rsync -avz /tmp/test.txt rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password

    结果

    ansible-playbook --tags=t2 test05.yml 

    请输入图片描述

    在剧本中设置触发功能

    - hosts: backup
      remote_user: root
      tasks:
        - name: 01 Install rsync
          yum: name=rsync state=present
        
        - name: 02 push config file
          copy: src=./file/{{ item.src }} dest=/etc/{{ item.dest }} mode={{ item.mode }} 
          with_items:
            - { src: "rsyncd.conf", dest: "rsyncd.conf", mode: "0644" }
            - { src: "rsync.password", dest: "rsync.password", mode: "0600" }
          notify: restart rsync server
    
      handlers:
        - name: restart rsync server
          service: name=rsyncd state=restarted   

    示例

    - hosts: rsync
      tasks:
        - name:  01-install rsync
          yum: name=rsync state=installed
    
    - hosts: rsync_server
      tasks:
       - name: 02-push conf file
         copy: src=/etc/ansible/server_file/rsync_server/rsyncd.conf dest=/etc/
         notify: restart rsync server
       - name: 03-create user
         user: name=rsync create_home=no shell=/sbin/nologin
       - name: 04-create backup dir
         file: path=/backup state=directory owner=rsync group=rsync
       - name: 05-create password file
         copy: content=rsync_backup:123456 dest=/etc/rsync.password mode=600
       - name: 06-restart rsync server
         service: name=rsyncd state=started enabled=yes
      handlers:
        - name: restart rsync server
          service: name=rsyncd state=restarted
    
    - hosts: rsync_client
      tasks:
        - name: 02-create password file
          copy: content=123456 dest=/etc/rsync.password mode=600
        - name: 03-create test file
          file: dest=/tmp/test.txt state=touch
        - name: 04-check test
          shell: rsync -avz /tmp/test.txt rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password
    

    请输入图片描述
    请输入图片描述

    7、编写NFS访问脚本

    1、创建目录

    mkdir nfs-file
    mkdir nfs-file/nfs-client
    nkdir nfs-file/nfs-server
    

    tree nfs-file/
    nfs-file/
    ├── nfs-client
    └── nfs-server
    2、编写剧本信息
    主机清单:(vim /etc/ansible/hosts)

    [nfs:children]
       nfs_server
       nfs_client
       [nfs_server]
       172.16.1.31
       [nfs_client]
       172.16.1.7
       #172.16.1.8
       #172.16.1.9
    
    vim nfs-server.yaml
    
    - hosts: nfs
      tasks:
        - name: 01-install nfs software
          yum:
            name: ['nfs-utils','rpcbind']
            state: installed
    
    - hosts: nfs_server
      vars:
        Test_dir: /test
      tasks:
        - name: 01-copy conf file
          copy: src=/etc/ansible/ansible-playbook/nfs-file/nfs-server/exports dest=/etc/
          notify: restart nfs server
        - name: 02-create data dir
          file: path={{ Test_dir }} state=directory owner=nfsnobody group=nfsnobody
           # path: ['data01','data02','data03']\
           # state: directory
           # owner: nfsnobody
           # group: nfsnobody
        - name: 03-boot server
          #service: name=rpcbind state=started enabled=yes
          #service: name=nfs state=started enabled=yes
          service: name={{ item }} state=started enabled=yes
          with_items:
            - rpcbind
            - nfs
    
      handlers:
        - name: restart nfs server
          service: name=nfs state=restarted
    
    - hosts: nfs_client
      vars:
        Test_dir: /test
      tasks:
        - name: 01-mount
          mount: src=172.16.1.31:{{ Test_dir }} path=/mnt fstype=nfs state=mounted
        - name: 02-cheak mount info
          shell: df -h|grep /test
          register: mount_info
        - name: display mount info
          debug: msg={{ mount_info.stdout_lines }}
    
    echo '/data 172.16.1.0/24(rw,sync)' >nfs-file/nfs-server/exports
    

    请输入图片描述

    将多个剧本进行整合

    方式一:include_tasks: f1.yml

    - hosts: all
      remote_user: root
      tasks:
        - include_tasks: f1.yml
        - include_tasks: f2.yml
    

    方式二:include: f1.yml

    - include:f1.yml    
    - include:f2.yml
    

    方式三:- import_playbook:

    cat main.yml 
    - import_playbook: base.yml     
    - import_playbook: rsync.yml    
    - import_playbook: nfs.yml      
    - import_playbook: oxxx.yml
    - import_playbook: rsync.yml
    - import_playbook: nfs.yml
    

    建议使用第三种方法

    vim site.yaml
    - import_playbook: rsync_server.yaml
    - import_playbook: nfs-server.yaml
    

    ansible程序roles --- 规范

    剧本编写完问题:

    1. 目录结构不够规范
    2. 编写好的任务如何重复调用
    3. 服务端配置文件改动,客户端参数信息也自动变化
    4. 汇总剧本中没有显示主机角色信息
    5. 一个剧本内容信息过多,不容易进行阅读,如何进行拆分

    第一个历程: 规范目录结构

    cd /etc/ansible/roles
    mkdir {rsync,nfs}   --- 创建相应角色目录
    mkdir {nfs,rsync}/{vars,tasks,templates,handlers,files}  --- 创建角色目录下面的子目录
    tree 
    .
    ├── nfs
    │   ├── files       --- 保存需要分发文件目录 
    │   ├── handlers    --- 保存触发器配置文件信息
    │   ├── tasks       --- 保存要执行的动作信息文件   ok
    │   ├── templates   --- 保存需要分发模板文件 模板文件中可以设置变量信息
    │   └── vars        --- 保存变量信息文件
    └── rsync
        ├── files
        ├── handlers
        ├── tasks
        ├── templates
        └── vars

    第二个历程: 在roles目录中创建相关文件
    编写文件流程图:
    ·1) 编写tasks目录中的main.yml文件

    vim /etc/ansible/roles/nfs/tasks/main.yml
    - name: 01-copy conf file
      copy: src=/etc/ansible/ansible-playbook/nfs-file/nfs-server/export
    s dest=/etc/
      notify: restart nfs server
    - name: 02-create data dir
      file: path={{ Test_dir }} state=directory owner=nfsnobody group=nf
    snobody
       # path: ['data01','data02','data03']\
       # state: directory
       # owner: nfsnobody
       # group: nfsnobody
    - name: 03-boot server
      service: name={{ item }} state=started enabled=yes
      with_items:
        - rpcbind
        - nfs

    2)编写vars目录中的main.yml文件

    vim /etc/ansible/roles/vars/main.yml
    Test_dir: /test
    

    3) 编写files目录中的文件

    echo '/test 172.16.1.0/24(rw,sync)' >/etc/ansible/files/exports
    

    4) 编写handlers目录中的main.yml文件

    vim /etc/ansible/roles/handlers/main.yml
    - name: restart nfs server
      service: name=nfs state=restarted
    

    目录中文件编写好汇总结构

    [root@m01 nfs]# tree
    .
    ├── files
    │   └── exports
    ├── handlers
    │   └── main.yml
    ├── tasks
    │   └── main.yml
    ├── templates
    └── vars
        └── main.yml
    

    编写一个主剧本文件

    vim /etc/ansible/roles/site.yml
     - hosts: nfs_server
      roles:
        - nfs-server
    
    - hosts: nfs_client
      roles:
        - nfs-client
     ansible-playbook site.yml

    下面开始配置rsync

    vim /etc/ansible/roles/rsync/tasks/main.yml
    - name: 01-install rsync
      yum: name=rsync state=installed
    - name: 02-push conf file
      template: src=rsyncd.conf dest=/etc/
      notify: restart rsync server
    - name: 03-create user
      user: name=rsync create_home=no shell=/sbin/nologin
      #shell: useradd rsync -M -s /sbin/nologin
    - name: 04-create backup dir
      file: path={{ Data_dir }} state=directory owner=rsync group=rsync
    - name: 05-create password file
      copy: content=rsync_backup:123456 dest=/etc/rsync.password mode=60
    0
    - name: 06-restart rsync server
      service: name=rsyncd state=started enabled=yes
    vim /etc/ansible/roles/rsync/vars/main.yml
    Data_dir: /backup
    Port_info: 874
    cp /etc/ansible/server_file/rsync_server/* /etc/ansible/roles/rsync/templates/
    -rw-r--r-- 1 root root 630 Mar  1 21:53 rsyncd.conf
    -rw-r--r-- 1 root root  20 Mar  1 21:40 rsync.password
    vim /etc/ansible/roles/rsync/templates/rsyncd.conf
    uid = rsync
    gid = rsync
    port = {{ Port_info }}
    fake super = yes
    use chroot = no
    max connections = 200
    timeout = 300
    pid file = /var/run/rsyncd.pid
    lock file = /var/run/rsync.lock
    log file = /var/log/rsyncd.log
    ignore errors
    read only = false
    list = false
    hosts allow = 172.16.1.0/24
    hosts deny = 0.0.0.0/32
    auth users = rsync_backup
    secrets file = /etc/rsync.password
    [backup]
    comment = "backup dir by oldboy"
    path = /backup
    
    vim  /etc/ansible/roles/rsync/handlers/main.yml
    - name: restart rsync server
      service: name=rsyncd state=restarted
    cp -a /etc/ansible/roles/rsync/templates/rsyncd.conf /etc/ansible/roles/rsync/files/
    cd /etc/ansible/roles
    vim site.yml   #添加一下内容
    - hosts: rsync_server
      roles:
        - rsync 
    ansible-playbook site.yml
    

    最后目录文件是这个
    请输入图片描述


    您阅读这篇文章共花了:



    文章评论

    评论已关闭

    目录