Ansible变量
变量的概述
避免重复代码,方便维护,减少维护成本
ansible变量定义
- 命令行
- play中定义
- vars
- vars_files
- inventory中定义
- hosts文件
- host_vars目录
- group_vars目录
优先级
命令行>vars_files(play)>vars(play)>host_vars(inventory)>group_vars(inventory)>hosts文件(inventory)
定义ansible变量位置
在play中定义变量
- vars变量
[root@m01 ansible]# vim test.yml
- hosts: web_group
vars:
user_group: huanglong
id: '438'
pkg:
- mariadb
- rsync
tasks:
- name: 创建{{ user_group }}组
group:
name: "{{ user_group }}"
gid: "{{ id }}"
- name: 创建{{ user_group }}用户
user:
name: "{{ user_group }}"
uid: "{{ id }}"
group: "{{ id }}"
shell: /sbin/nologin
create_home: False
- name: 安装mariadb rsync
yum:
name: "{{ pkg }}"
state: present- vars_flies 变量
[root@m01 ansible]# vim wsh_var.yum
user_group:wsh
id: '123'
pkg:
- mariadb
- rsync
[root@m01 ansible]# vim test.yum
- hosts: web_group
vars:
user_group: zls
id: '438'
pkg:
- mariadb
- rsync
vars_files: ./wsh_var.yml
tasks:
- name: 创建{{ user_group }}组
group:
name:
gid: "{{ id }}"
- name: 创建{{ user_group }}用户
user:
name: "{{ user_group }}"
uid: "{{ id }}"
group: "{{ id }}"
shell: /sbin/nologin
create_home: False
- name: 安装mariadb rsync
yum:
name: "{{ pkg }}"
state: present在inventory中定义变量
- 在inventory文件中定义变量(几乎不用)
[root@m01 ansible]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
[web_group:vars]
user_group=qwe
id='1111'
pkg=mariadb,rsync- host_vars
## 和yaml文件同级下创建目录
[root@m01 ansible]# mkdir host_vars
## 针对主机定义变量
[root@m01 ansible]# mkdir host_vars/web01
user_group: user_vars
id: '234'- group_vars
## 和yaml文件同级下创建目录
[root@m01 ansible]# mkdir group_vars
## 针对主机定义变量
[root@m01 ansible]# vim group_vars/web_group
user_group: user_web_group
id: '2345'优先级测试
[root@m01 ~]# vim touch_file.yml
- hosts: web_group
vars:
filename: vars
vars_files:
- ./vars1.yml
tasks:
- name: Touch vars File
file:
path: /root/{{ filename }}
state: directory
#定义vars_files
[root@m01 ~]# vim vars1.yml
filename: vars_files
#定义group_vars中的web_group
[root@m01 ~]# vim group_vars/web_group
filename: group_vars_web_group
#定义host_vars中的web01
[root@m01 ~]# vim host_vars/web01
[root@m01 ~]# vim host_vars/web01
filename: host_vars
#定义group_vars中的all
[root@m01 ~]# vim group_vars/all
filename: group_vars_all
#测试命令行
[root@m01 ~]# ansible-playbook touch_file.yml -e "filename=vars_command"
#测试所有
[root@m01 ~]# ansible-playbook touch_file.yml项目实战
环境准备
| 主机名 | WanIP | LanIP | 角色 | 应用 |
|---|---|---|---|---|
| m01 | 10.0.0.61 | 172.16.1.61 | ansible管理机 | ansible |
| web01 | 10.0.0.7 | 172.16.1.7 | wordpress网站 | nginx、php、nfs |
| web02 | 10.0.0.8 | 172.16.1.8 | wordpress网站 | nginx、php、nfs |
| nfs | 10.0.0.31 | 172.16.1.31 | 共享存储 | nfs、rsync |
| backup | 10.0.0.41 | 172.16.1.41 | 实时同步 | rsync、nfs |
| db01 | 10.0.0.51 | 172.16.1.51 | 数据库 | mariadb |
先决条件
## 1.规划目录
[root@m01 ansible]# tree ./
./
├── base
│ ├── hosts
│ └── ssh_key.sh
├── mariadb
├── nfs
├── nginx_php
├── rsync
├── wordpress
## 2.安装wordpress
# 添加nginx yum源
[root@m01 nginx_php]# vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
# php yum源
[root@m01 nginx_php]# vim /etc/yum.repos.d/php.repo
[php-webtatic]
name = PHP Repository
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0
# 安装php
[root@m01 nginx_php]# yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
# 安装nginx
[root@m01 nginx_php]# yum -y install nginx
# 创建用户和组
[root@m01 nginx_php]# groupadd www -g 666
[root@m01 nginx_php]# useradd www -u 666 -g 666 -s /sbin/nologin -M
# 修改nginx配置文件
[root@m01 nginx_php]# vim /etc/nginx/nginx.conf
user nginx 改成 user www
## 将写好的配置文件复制到当前目录
[root@m01 nginx_php]# cp /etc/nginx/nginx.conf /root/ansible/nginx_php/
# 修改php配置文件
[root@m01 nginx_php]# vim /etc/php-fpm.d/www.conf
user = apache 改成 user = www
group = apache 改成 group = www
# 启动php服务时,可以不用IP地址监听端口,创建php.sock安全套接字文件来监听,该文件的属主和属组
;listen = 127.0.0.1:9000
listen = /dev/php.sock
listen.owenr = www
listen.group = www
# 将修改好的配置文件复制到当前目录
[root@m01 nginx_php]# cp /etc/php-fpm.d/www.conf /root/ansible/nginx_php/
# 配置nginx连接php
[root@m01 nginx_php]# vim /etc/nginx/conf.d/blog.wsh.com.conf
server{
listen 80;
server_name blog.wsh.com;
root /blog/wordpress;
index index.php index.html;
location ~ \.php$ {
#fastcgi_pass 127.0.0.1:9000;
fastcgi_pass unix:/dev/php.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
## 将写好的配置文件复制到当前目录
[root@m01 nginx_php]# cp /etc/nginx/conf.d/blog.wsh.com.conf /root/ansible/nginx_php/
# 启动nginx和php并加入开机自启
[root@m01 nginx_php]# systemctl start nginx php-fpm
[root@m01 nginx_php]# systemctl enable nginx php-fpm
# 创建站点目录并授权
[root@m01 nginx_php]# mkdir /blog
[root@m01 nginx_php]# chown -R www:www /blog
# 下载wordpress
[root@m01 nginx_php]# wget https://cn.wordpress.org/latest-zh_CN.tar.gz -O /blog/latest-zh_CN.tar.gz
# 解压
[root@m01 blog]# tar xf latest-zh_CN.tar.gz
# 安装数据库
[root@db01 ~]# yum -y install mariadb-server
# 启动服务
[root@db01 ~]# systemctl start mariadb.service
# 创建库
MariaDB [(none)]> create database wordpress;
# 创建用户
grant all on *.* to wsh@'%' identified by '123';
## 域名解析
10.0.0.61 blog.wsh.com
数据备份
[root@m01 blog]# tar zcf wordpress.tgz wordpress/
[root@m01 blog]# mv wordpress.tgz /root/ansible/wordpress
[root@db01 ~]# mysqldump wordpress > /opt/wp_ansible.sql
[root@db01 ~]# scp /opt/wp_ansible.sql 172.16.1.61:/root/ansible/mariadb/
[root@m01 mariadb]# vim /root/ansible/rsync/rsyncd.cof
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
[root@db01 ~]# vim /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
## 跳过反向解析
skip_name_resolve
[root@db01 ~]# scp /etc/my.cnf/ 172.16.1.61:/root/ansible/mariadb/Ansible剧本内容
- hosts: all
tasks:
- name: add_group
group:
name: "{{ user_group }}"
gid: "{{id}}"
- name: useradd_user
user:
name: "{{ user_group }}"
uid: "{{ id }}"
group: "{{ id }}"
shell: /sbin/login
create_home: false
- hosts: rsyncd
tasks:
- name: install_rsync_nfs
yum:
name:
- rsync
- nfs-utils
state: present
- hosts: baskup
tasks:
- name: rsync_service
copy:
src: /root/ansible/rsync/rsyncd.cof
dest: /etc
- name: touch_passwd
copy:
content: 'rsync_backup:123'
dest: /etc/rsync.passwd
mode: 0600
- name: directory_backup
file:
path: /backup
owner: "{{ user_group }}"
group: "{{ user_group }}"
mode: 0755
state: directory
- name: start_rsync
service:
name: rsyncd
state: started
enabled: true
- hosts: nfs
tasks:
- name: touch_passwd
copy:
content: '123'
dest: /etc/rsync.passwd
mode: 0600
- name: touch_nfs.conf
copy:
content: '/data 172.16.1.0/24(rw,sync,anonuid=666,anongid=666,all_squash)'
dest: /etc/exports
- name: directory_data
file:
path: /data
owner: "{{ user_group }}"
group: "{{ user_group }}"
mode: 0755
state: directory
- name: start_nfs
service:
name: nfs
state: started
enabled: true
- hosts: web_group
tasks:
- name: yum_repository nginx
yum_repository:
name: nginx-stble
description: "nginx stable repo"
baseurl: http://nginx.org/packages/centos/$releasever/$basearch/
enabled: true
gpgcheck: false
file: nginx
- name: yum_repository php
yum_repository:
name: php-webtatic
description: PHP Repository
baseurl: http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck: false
enabled: true
file: php
- name: remove php
yum:
name:
- php-mysql-5.4
- php
- php-fpm
- php-common
state: absent
- name: install nginx php
yum:
name:
- nginx
- php71w
- php71w-cli
- php71w-common
- php71w-devel
- php71w-embedded
- php71w-gd
- php71w-mcrypt
- php71w-mbstring
- php71w-pdo
- php71w-xml
- php71w-fpm
- php71w-mysqlnd
- php71w-opcache
- php71w-pecl-memcached
- php71w-pecl-redis
- php71w-pecl-mongodb
state: present
- name: nginx_conf
copy:
src: /root/ansible/nginx_php/nginx.conf
dest: /etc/nginx
- name: nginx_blog
copy:
src: /root/ansible/nginx_php/blog.wsh.com.conf
dest: /etc/nginx/conf.d
- name: php_conf
copy:
src: /root/ansible/nginx_php/www.conf
dest: /etc/php-fpm.d/www.conf
- name: start_nginx
service:
name: nginx
state: started
enabled: true
- name: start_nginx
service:
name: php-fpm
state: started
enabled: true
- name: directory_mkdir
file:
path: /blog
owner: "{{ user_group }}"
group: "{{ user_group }}"
state: directory
- name: wordpress_data
unarchive:
src: /root/ansible/wordpress/wordpress.tgz
dest: /blog
owner: "{{ user_group }}"
group: "{{ user_group }}"
- name: mount_nfs
mount:
src: 172.16.1.31:/data
path: /blog/wordpress/wp-content/uploads
fstype: nfs
state: mounted
- hosts: db01
tasks:
- name: mysql_install
yum:
name:
- mariadb-server
- MySQL-python
- name: my_cnf
copy:
src: /root/ansible/mariadb/my.cnf
dest: /etc
- name: start_mariadb
service:
name: mariadb
state: started
enabled: true
- name: create_wordpress_mysql
mysql_db:
name: wordpress
state: present
- name: imput_mysql
mysql_user:
name: wsh
password: "123"
host: "%"
priv: "*.*:ALL"
state: present
- name: mysql_file
copy:
src: /root/ansible/mariadb/wp_ansible.sql
dest: /opt
- name: put_mysql
mysql_db:
name: wordpress
state: import
target: /opt/wp_ansible.sql
[root@nfs ~]# ll /data/2022/06/
total 20
-rw-r--r-- 1 www www 17710 Jun 29 19:21 1.webp
