一、Ansible自動化配置管理
1.什么是ansible?
就是可以通過一個命令行完成一系列的操作,進而減少我們重復性的工作和維護成本,以提高工作效率。
2.ansible功能 優點 特點?
功能:
1.批量執行遠程命令,可以對多臺主機同時進行命令的執行。
2.批量配置軟件服務,可以進行自動化運維的方式配置和管理服務。
3.實現軟件開發功能,jumpserver底層使用ansible來實現的自動化管理工具。
4.編排高級的IT任務,ansible的playbook是一門編程性的語言,可以用來描繪一套IT架構。
特點:
1.容易學習,無代理模式,不像saltstack既要學客戶端與服務端,還需要學習客戶端與服務端中間通訊協議。
2.操作方便靈活,體現ansible有較多的模塊,提供了豐富的功能,playbook則提供類似于編程語言的復雜功能。
3.簡單易用,ansible一個命令就可以完成很多事情。
4.安全可靠,移植性高。
3.ansible 基礎架構? 控制端 被控端 inventory ad-hoc playbook 連接協議
image.png
4.ansible 配置文件 優先級?
[root@m01 ~]# ansible--version #查看ansible的版本號
ANSIBLE_CONFIG
ansible.cfg #當前項目目錄中
.ansible.cfg #當前執行用戶的家目錄
/etc/ansible/ansible.cfg
示例:
[root@m01 ~]# export
ANSIBLE_CONFIG="/tmp/ansible.cfg"
[root@m01 ~]# touch /tmp/ansible.cfg
[root@m01 ~]# mkdir /project1
[root@m01 ~]# cd /project1/
[root@m01 project1]# touch ansible.cfg
[root@m01 project1]# ansible --version
ansible 2.8.5
config file = /project1/ansible.cfg
[root@m01 /]# mkdir /project2
[root@m01 /]# cd /project2/
[root@m01 project2]# touch ansible.cfg
[root@m01 project2]# ansible --version
ansible 2.8.5
config file = /project2/ansible.cfg
[root@m01 tmp]# touch ~/.ansible.cfg
[root@m01 tmp]# ansible --version
ansible 2.8.5
config file = /root/.ansible.cfg
5.ansible inventory主機清單?
#1.基于IP地址+密碼的方式 (10.0.0.61上操作)
[webservers]
172.16.1.7 ansible_ssh_user='root' ansible_ssh_pass='1' #這是要被操作的服務器
172.16.1.8 ansible_ssh_user='root' ansible_ssh_pass='1' #這是要被操作的服務器
#2.場景二、基于密鑰連接,需要先創建公鑰和私鑰,并下發公鑰至被控端
#如果沒有秘鑰,執行以下操作
### 實現免密碼登錄方式
1.創建一對密鑰 公鑰+私鑰 ==配套
[root@m01 ~]# ssh-keygen -C m01@qq.com
.....一路回車.....
2.將管理機的公鑰推送至web服務器上 ( 需要輸入對端服務器的密碼 )
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
#方式一、主機+端口+密鑰
[root@m01 project1]# ls
ansible.cfg file hosts
[root@m01 ~]# cat hosts
[webservers]
172.16.1.7
172.16.1.8
#3.場景三、主機組使用方式
[lbservers] #定義lbservers組
172.16.1.5
172.16.1.6
[webservers] #定義webserver組
172.16.1.7
172.16.1.8
[servers:children] #定義servers組包括兩個子組
[lbservers,webserver]
lbservers
webserver
[root@m01 project1]# ansible webservers --list-hosts -i hosts
hosts (2):
172.16.1.7
172.16.1.8
[root@m01 ~]# vim /etc/ansible/ansible.cfg
#poll_interval = 15
#sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#transport = smart
#remote_port = 22
#module_lang = C
module_set_locale = False
二、Ansible Ad-Hoc
5.ansible ad-Hoc? 單條命令
image.png
command #執行命令 默認 不支持管道
shell #執行命令 支持管道
yum_reposity #yum倉庫配置
yum #yum安裝軟件
get_url #和linux的wget一致
copy #拷貝配置文件
service|systemd #啟動服務
user
group
file #創建目錄 創建文件 遞歸授權
mount #掛載
cron #定時任務
firewalld #防火墻
selinux #selinuix
1.command
ansible webservers -a "ps axu|grep nginx" -i hosts
#不支持管道(簡單命令)
2.shell
ansible webservers -m shell -a "ps aux|grep nginx" -
i hosts #支持管道
3.yum
state:
present 安裝
absent 卸載
latest 最新
enablerepo #指定使用按個倉庫
disablerepo #排除使用哪個倉庫
#1.安裝最新的httpd服務
[root@manager project1]# ansible webservers -m yum
-a "name=httpd state=latest disablerepo=webtatic-
php" -i hosts
#2.移除httpd服務
[root@manager project1]# ansible webservers -m yum
-a "name=httpd state=absent disablerepo=webtatic-
php" -i hosts
#3.安裝httpd指定從按個倉庫安裝
- name: install the latest version of Apache from
the testing repo
[root@manager project1]# ansible webservers -m yum
-a "name=httpd state=latest enablerepo=testing" -i
hosts
#4.通過URL方式進行安裝
[root@manager project1]# ansible webservers -m yum
-a
"name=https://mirrors.aliyun.com/zabbix/zabbix/3.0/
rhel/7/x86_64/zabbix-agent-3.0.0-1.el7.x86_64.rpm
state=present disablerepo=webtatic-php" -i hosts
- name: install nginx rpm from a local file (軟件包
必須在被控端主機)
[root@manager project1]# ansible webservers -m yum
-a "name=/root/zabbix-agent-4.0.0-2.el7.x86_64.rpm
state=present disablerepo=webtatic-php" -i hosts
4.copy
src #本地路徑,可以是相對,可以是絕對
dest #目標位置
owner #屬主
group #屬組
mode #權限
backup #備份
[root@manager project1]# ansible webservers -m copy
-a "src=./file/ansible.oldxu.com.conf
dest=/etc/nginx/conf.d/ansible.oldxu.com.conf
owner=root group=root mode=644" -i hosts
[root@manager project1]# ansible webservers -m copy
-a "src=./file/ansible.oldxu.com.conf
dest=/etc/nginx/conf.d/ansible.oldxu.com.conf
owner=root group=root mode=644 backup=yes" -i hosts
5.service|systemd
state
started #啟動
stopped #停止
restarted #重啟
reloaded #重載
enabled #是否開機自啟
yes #是
no #否
[root@manager project1]# ansible webservers -m
systemd -a "name=nginx state=restarted enabled=yes"
-i hosts
6.file
#創建 /code/ansible
path #路徑
state
touch #創建文件
directory #創建目錄
owner #屬主
group #屬組
mode #權限
#準備站點
[root@manager project1]# ansible webservers -m file -a "path=/code/ansible state=directory mode=755 owner=www group=www" -i hosts
#準備站點代碼
[root@manager project1]# ansible webservers -m copy -a "src=./file/index.html dest=/code/ansible/index.html owner=www group=www mode=644" -i hosts
7.user group
#group 整數int 小數 flot dasdsa str 真|假
bool
[root@manager project1]# ansible webservers -m
group -a "name=www gid=666 state=present" -i hosts
#user
name #名稱
uid #uid
group #組名或gid
create_home #是否創建家目錄
system #是否作為系統組
shell #指定登錄shell
state
present
absent
remove
groups
append
password
#---------------------------------------------------------------------------
# 程序使用 www 666 666 /sbin/nologin /home
-->無
[root@manager project1]# ansible webservers -m user -a "name=www uid=666 group=666 create_home=no shell=/sbin/nologin state=present" -i hosts
# 正常用戶 oldxu 1000 1000 /bin/bash
/home/oldxu
[root@manager project1]# ansible webservers -m user -a "name=oldxu" -i hosts
# 移除oldxu用戶,并刪除家目錄所有內容.
[root@manager project1]# ansible webservers -m user -a "name=oldxu state=absent remove=yes" -i hosts
# 創建 other用戶.有兩個附加組root bin,創建家目錄,指定登錄shell,設定密碼123
#生成一個密碼
ansible all -i localhost, -m debug -a "msg={{ '123'| password_hash('sha512', 'mysecretsalt') }}"
[root@manager project1]# ansible webservers -m user -a 'name=other groups='root,bin' create_home=yes
shell=/bin/bash
password="$6$mysecretsalt$gIIYs0Xgc7sSQkH.zKaz8/Afa
MomYzR1QZYtccwmJcUt8VpLq4D055UCCX4MlwgePOP80ZRwhppv
BF72RIAVi/"' -i hosts
8.mount
#提前準備好nfs服務端
[root@web01 ~]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/zrlog 172.16.1.0/24
#用管理端操作被控端,讓被控端掛載nfs存儲數據
present #寫入/etc/fstab
absent #卸載/etc/fstab
mounted #臨時掛載
unmounted #卸載當前掛載
#掛載過程中,如果目錄不存在,則會創建該目錄
[root@manager project1]# ansible webservers -m mount -a "src=172.16.1.31:/data/zrlog path=/test_zrlog fstype=nfs opts=defaults state=mounted" -i hosts
[root@manager project1]# ansible webservers -m mount -a "src=172.16.1.31:/data/zrlog path=/test_zrlog fstype=nfs opts=defaults state=unmounted" -i hosts
9.cron
minute #分
hour #時
day #日
month #月
week #周
job #
[root@manager project1]# ansible webservers -m cron -a 'name=test_job minute=00 hour=02 job="/bin/bash /server/scripts/client_to_data_server.sh
&>/dev/null"' -i hosts
[root@manager project1]# ansible webservers -m cron -a 'name=test job="/bin/bash /server/scripts/test.sh &>/dev/null"' -i hosts
[root@manager project1]# ansible webservers -m cron -a 'name=test job="/bin/bash /server/scripts/test.sh &>/dev/null" state=absent' -i hosts
10.firewalld
[root@manager project1]# ansible webservers -m systemd -a "name=firewalld state=started" -i hosts
#針對服務
[root@manager project1]# ansible webservers -m firewalld -a "service=http state=enabled" -i hosts
#針對端口
[root@manager project1]# ansible webservers -m firewalld -a "port=9999/tcp state=enabled" -i hosts
#針對source來源
#針對rule
11.selinux
[root@manager project1]# ansible webservers -m selinux -a "state=disabled" -i hosts
12.get_url
13.yum_repositry
三、例題
1.安裝httpd服務
2.編寫簡單網頁測試內容
3.啟動服務并加入開機自啟動
4.放行對應的端口
四、Ansible Playbook
1.什么是Playbook?
playbook是由一個或多個play組成,一個play可以包含多個task任務,可以理解為:使用不同模塊來共同完成一件事情。
playbook 劇本 -----------> YAML 格式的一種文件
? play 找誰 -----------> 找那個主機 web 01
? task 做什么 ------------> 做那件事情 yum copy
2.Playbook和Ad-Hoc的區別?
image.png
3.Playbook三板斧? 縮進 冒號 短橫線
image.png
1.使用playbook編寫一個創建文件的yml
[root@manager project1]# cat f1.yml
- hosts: webservers
tasks:
- name: Create New File
file: path=/tmp/123.txt state=touch owner=root group=root mode=600
- name: Create New File2
file:
path: /tmp/456.txt
state: touch
owner: root
group: root
mode: 0666
案例一、使用ansible安裝并配置nfs服務
#172.16.1.31 nfs
#172.16.1.7 clinet
#172.16.1.8 clinet
#1.新增一臺nfs服務器
[root@manager project1]# cat hosts
[nfsservers]
172.16.1.31
[webservers]
172.16.1.7
172.16.1.8
[root@manager project1]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31
#2.測試三臺主機是否通
[root@manager project1]# ansible all -m ping -i hosts
#3.編寫一個nfs-server的yml
1.安裝nfs yum
2.配置nfs copy
3.初始化環境
用戶 group user
目錄 file
授權 file
4.啟動服務 systemd
[root@manager project1]# cat nfs_server.yml
- hosts: nfsservers
tasks:
- name: Installed NFS Server
yum:
name: nfs-utils
state: present
- name: Configure NFS Server
copy:
src: ./file/exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
backup: yes
- name: Create NFS Group www
group:
name: www
gid: 666
- name: Create NFS User www
user:
name: www
group: www
uid: 666
create_home: no
shell: /sbin/nologin
- name: Create NFS Share Directory
file:
path: /ansible_data
state: directory
owner: www
group: www
mode: 0755
recurse: yes
- name: Systemd NFS Server
systemd:
name: nfs
state: restarted
enabled: yes
#4.編寫一個nfs-clinet的yml
[root@manager project1]# cat nfs_client.yml
- hosts: webservers
tasks:
- name: Mount NFS Server share directory
mount:
src: 172.16.1.31:/ansible_data
path: /mnt
fstype: nfs
opts: defaults
state: mounted
案例二、使用ansible安裝并配置nginx服務
1.安裝 yum
2.配置 copy
3.啟動 systmd
handlers
[root@manager project1]# cat nginx.yml
- hosts: webservers
tasks:
- name: Installed Nginx Server
yum:
name: nginx
state: present
- name: Configure Nginx Server
copy:
src: ./file/nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: 0644
backup: yes
notify: Restart Nginx Server
- name: Systmd nginx Server
systemd:
name: nginx
state: started
enabled: yes
handlers:
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
案例三、使用AnsiblePlaybook方式構建LAP架構,具體操作步驟如下
1.使用yum安裝 httpd、php、firewalld等 7.1 5.3
2.使用get_url下載http://fj.xuliangwei.com/public/index.php文件
3.啟動httpd、firewalld、等服務
4.添加防火墻規則,放行http的流量*
[root@manager project1]# cat hosts
[nfsservers]
172.16.1.31
[backupservers]
172.16.1.41
[web:children]
nfsservers
backupservers
[webservers]
172.16.1.7
172.16.1.8
#具體配置
[root@manager project1]# cat lamp.yml
- hosts: web
tasks:
- name: Installed Httpd Server
yum:
name: httpd
state: present
- name: Installed PHP Server
yum:
name: php
state: present
- name: Configure Httpd WebSite
get_url:
url: http://fj.xuliangwei.com/public/index.php
dest: /var/www/html/index.php
mode: 0644
- name: Systemd Httpd Server
systemd:
name: httpd
state: started
- name: Systemd Firewalld Server
systemd:
name: firewalld
state: started
- name: Configure Firewalld Rule
firewalld:
service: http
state: enabled
案例五、搭建可道云網盤 31 41 apache+php
1.安裝 apache+php
2,下載代碼
3.啟動 systemd
4.下載代碼 wget 解壓
- 作業: Nginx+PHP 搭建可道云
- 1.先手動實現
- 1.配置yum源 nginx php
- 2.安裝軟件包 (循環的方式)
- nginx php71w
- 3.創建用戶 www 統一UID和GID
- 4.配置nginx.conf配置文件,修改啟用用戶為www
- 5.配置php的權限 /etc/php-fpm.d/www.conf
- 6.添加虛擬主機 /etc/nginx/conf.d/xx.conf
- 7.創建網站的站點目錄
- 8.傳輸代碼至站點目錄
- 9.啟動nginx和php
- 10.修改配置還需要能夠實現自動重啟
- 2.ansible方式
- 推代碼 (git+jenkins)
- 1.如果是文件夾, 如何防止重復推送
- 2.如果是壓縮包,又怎么辦呢?
- 1.先手動實現
( Cobbler 標準-->腳本-->文檔 自動化 平臺化 )
ansbile 檢測語法
[root@m01 project1]# ansible-playbook --sybtax -i hosts f10.yml
五、Ansible varialbes
1.什么是變量?
? 以一個固定的字符串,表示一個不固定的值 version: 1.12
2.定義變量?
- 1.在playbook中定義變量?
- vars 關鍵字
[root@manager project1]# cat f2.yml
- hosts: webservers
vars:
- file_name: playbook_vars #創建的文件名
tasks:
- name: Create New File
file:
path: /tmp/{{ file_name }} #指定創建的文件位置
state: touch
vars_file 屬于一種共享的方式
image.png
[root@manager project1]# cat vars_file.yml
web_packages: httpd
ftp_packages: vsftpd
[root@manager project1]# cat f2.yml
- hosts: webservers
vars:
- file_name: playbook_vars
#調用共享vars_file文件,只不過剛好文件名叫vars_file
vars_files: ./vars_file.yml
tasks:
- name: Create New File
file:
path: /tmp/{{ file_name }}
state: touch
- name: Installed Packages {{ web_packages }}
yum:
name: "{{ web_packages }}"
state: present
2.在inventory主機清單中定義變量?
? 1.清單文件中直接定義 hosts文件定義--
[webservers]
172.16.1.7
172.16.1.8
[webservers:vars]
file_name=hostsfile_group_vars
[root@m01 project2]# cat f3.yml
- hosts: webservers
tasks:
- name: Create New File
file:
path: /tmp/{{ file_name }}
state: touch
? 2.創建hosts_vars group_vars 目錄 (用的多)
[root@manager project1]# mkdir host_vars #單個主機
[root@manager project1]# mkdir group_vars #主機組
#1.單個主機定義和使用方式 (host_vars能分別對不同的主機定義變量)
[root@manager project1]# cat host_vars/172.16.1.7
host_vars_name: 172.16.1.7
[root@manager project1]# cat host_vars/172.16.1.8
host_vars_name: 172.16.1.8
[root@manager project1]# cat f4.yml
- hosts: webservers
tasks:
- name: Create New File
file:
path: /opt/{{ host_vars_name }}
state: touch
#2.針對主機組定義的方式
#給指定的webserver組設定變量.其他組主機無法使用該變量
[root@manager project1]# cat group_vars/webservers
group_host_vars: webservers
[root@manager project1]# cat f5.yml
- hosts: webservers
tasks:
- name: Create New File {{ group_host_vars }}
file:
path: /opt/{{ group_host_vars }}
state: touch
#3.針對主機組定義的方式 (給所有的主機和主機組設定變量)
[root@manager project1]# cat group_vars/all
group_host_vars: all
[root@manager project1]# cat f5.yml
- hosts: webservers
tasks:
- name: Create New File {{ group_host_vars }}
file:
path: /opt/{{ group_host_vars }}
state: touch
? 3.通過外置傳參定義變量? -e
[root@m01 project1]# cat f6.yml
- hosts: web
tasks:
- name: Create New File {{ web_vars }}
file:
path: /opt/{{ web_vars }}
state: touch
[root@manager project1]# ansible-playbook -i hosts f6.yml -e "web_vars=123"
3.變量沖突,優先級?
6.定義相同的變量不同的值,來測試變量的優先級。操作步驟如下 file_name:
??1)在plabook中定義vars變量
??2)在playbook中定義vars_files變量
??3)在inventory主機定義變量
??4)在inventory主機組定義變量
??5)在host_vars中定義變量
??6)在group_vars中定義變量 組 all組
??7)通過執行命令傳遞變量
?
?
優先級測試:
外置傳入參數優先級最高 ---> playbook ( --> (用的最多) vars_files(共享)--->vars(私有) )
---> host_vars --> group_vars/group_name ---> group_vars/all (用的最多)
4.變量注冊?
[root@manager project1]# cat f8.yml
- hosts: webservers
tasks:
# System_Status=$(netstat -lntp)
- name: Get Network Status
shell: netstat -lntp | grep "nginx"
register: System_Status
# echo "$System_Status"
- name: Debug output Variables
debug:
msg: "{{ System_Status.stdout_lines }}"
5.facts變量?
#1.根據主機的cpu信息,生成不同的配置.
A: 1核心 work_process 1;
B: 2核心 work_process 2;
#2.根據主機名稱設定不同配置文件
zabbix_agent
Server: ===> 指向172.16.1.61
Hostname: web01 web02
[root@manager project1]# cat ./file/zabbix_agent.conf.j2
Server={{ zabbix_server_ip }}
ServerActive={{ zabbix_server_ip }}
Hostname={{ ansible_hostname }}
[root@manager project1]# cat f11.yml
- hosts: webservers
vars:
- zabbix_server_ip: 172.16.1.61
tasks:
- name: Configure zabbix-agent.conf
template:
src: ./file/zabbix_agent.conf.j2
dest: /tmp/zabbix-agent.conf
#3.根據主機的內存生成不同的配置文件,memcached
[root@manager project1]# cat f12.yml
- hosts: webservers
tasks:
- name: Installed Memcached Server
yum:
name: memcached
state: present
- name: Configure Memcached Server
template:
src: ./file/memcached.j2
dest: /etc/sysconfig/memcached
notify: Restart Memcached Server
- name: System Memcached Server
systemd:
name: memcached
state: started
enabled: yes
handlers:
- name: Restart Memcached Server
systemd:
name: memcached
state: restarted
[root@manager project1]# cat file/memcached.j2
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="{{ ansible_memtotal_mb //2 }}"
OPTIONS=""
1.根據cpu
2.根據內存
3.根據主機名
4.Redis配置文件 bind本地地址
5.操作系統不統一
變量可以進行運算 + - * //
#1.定義變量
playbook
vars 私有
vars_files 共享
inventory
host_vars
group_vars
group_vars/group_name
group_vars/all
外置傳參
-e
#2.測試優先級
在不改變playbook變量的情況下,使用新的值測試.
#3.變量注冊register
1.將任務執行的結果存儲至特定的變量中
2.可以使用debug模塊將變量進行打印輸出
python: 字典
json 格式化數據
{
k1: v1
k2: v2
}
#4.facts
image.png
[root@manager project1]# cat f13.yml
- hosts: webservers
tasks:
- name: RANDOM
shell: echo "$RANDOM"
register: System_SJ
- name: Debug
debug:
msg: "web_{{ System_SJ.stdout }}"
#1.提取facts變量中的IP地址 mac地址 UUID 等等 只要唯一
ansible_default_ipv4.address
[root@manager project1]# cat f14.yml
- hosts: webservers
tasks:
- name: Debug
debug:
msg: "web_{{ ansible_default_ipv4.address }}"
Ansible 流程控制
8.判斷語句
- 1.centos和ubuntu系統都需要安裝httpd, 判斷系統.
- 2.安裝軟件倉庫,只有web組的安裝webtatic其他的主機全部跳過.
- 3.TASK任務, TASK1任務執行成功,才會執行TASK2
#根據不同的系統,安裝不同的服務
- hosts: webservers
tasks:
- name: CentOS Installed Httpd Server
yum:
name: httpd
state: present
when: ( ansible_distribution == "CentOS" )
- name: Ubuntu Installed Httpd Server
yum:
name: httpd2
state: present
when: ( ansible_distribution == "Ubuntu" )
[root@manager project1]# cat f16.yml
- hosts: all
tasks:
- name: Add Nginx Yum Repository
yum_repository:
name: nginx
description: Nginx Repository
baseurl: http://nginx.org/packages/centos/7/$basearch/
when: ( ansible_hostname is match ("web*"))
[root@manager project1]# cat f17.yml
- hosts: webservers
tasks:
- name: Check Httpd Server
command: systemctl is-active httpd
register: Check_Httpd
ignore_errors: yes
#判斷Check_Httpd.rc是否等于0,如果為0則執行任務,否則不執行
- name: Restart Httpd Server
systemd:
name: httpd
state: restarted
when: ( Check_Httpd.rc == 0 )
9.循環語句
#一次啟動多個服務
[root@manager project1]# cat f18.yml
- hosts: webservers
tasks:
- name: Systemd Nginx Status
systemd:
name: "{{ item }}" #調用的變量也不變,也是固定
state: started
#固定的語法格式
with_items:
- nginx
- php-fpm
#一次拷貝多個文件
[root@manager project1]# cat f19.yml
- hosts: webservers
tasks:
- name: Configure nginx.conf
copy:
src: '{{ item.src }}'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
with_items:
- { src: ./file/nginx.conf.j2, dest: /etc/nginx/nginx.conf, mode: '0644' }
- { src: ./file/kold.oldxu.com.conf.j2, dest: /etc/nginx/conf.d/kold.oldxu.com.conf, mode: '0600' }
#創建多個用戶,一次創建多個? 3個用戶 TASK
[root@manager project1]# cat f20.yml
- hosts: webservers
tasks:
- name: Create User
user:
name: "{{ item }}"
with_items:
- test1
- test2
- test3
- test4
#1.創建tt1 --> bin tt2 -->root tt3 --->adm 附加組
[root@manager project1]# cat f20.yml
- hosts: webservers
tasks:
- name: Create User
user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
with_items:
- { name: tt1, groups: bin }
- { name: tt2, groups: root }
- { name: tt3, groups: adm }
1.標準循環 --->居多
item
with_items:
- test
2.字典循環: --->居多
itme.name
with_items:
- { name: test }
3.變量循環
- hosts: webservers
tasks:
- name: ensure a list of packages installed
yum: name={{ packages }} state=present
vars:
packages:
- httpd
- httpd-tools
10.handlers
[root@manager project1]# cat f22.yml
- hosts: webservers
tasks:
- name: Installed Nginx and PHP Packages
yum:
name: nginx
state: present
- name: Configure nginx.conf
template:
src: ./file/nginx.conf.j2
dest: /etc/nginx/nginx.conf
#監控-->changed狀態-->通知-->handlers--->name-->Restart Nginx Server
notify: Restart Nginx Server
#notify:
# - Restart Nginx Server
# - Restart php Server
- name: Systemd Nginx Server
systemd:
name: nginx
state: started
enabled: yes
#當nginx或php配置文件發生變更才會觸發此操作
handlers:
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
#3.handlers注意事項
1.無論多少個task通知了相同的handlers,handlers僅會在所有tasks結束后運行一次。
2.只有task發生改變了才會通知handlers,沒有改變則不會觸發handlers.
3.不能使用handlers替代tasks、因為handlers是一個特殊的tasks。
變量->facts-->判斷-->循環
- 1.安裝Rsyncd服務 (循環)
- 2.安裝Redis (bind 本地IP地址) facts
- 3.安裝NFS (配置文件,創建目錄,客戶端掛載) 變量
