一、Ansible 概述
1、特点
Ansible基于Python开发,运维工程师对其二次幵发相对较容易。
Ansibled丰富的内置模块,基本可以满足一切需求。
管理模式非常简单,一条命令可以影响上千台机器。
无客户端模式,底层通过SSH通信。
Ansible 发布后,也陆续被 AWS、Google Cloud Platform, Microsoft Azures Cisco、HP、VMwarev Twitter等大公司接纳并投入使用。
2、Ansible工具集
Ansible Playbooks:任务脚本,编排定义Ansible任务集的配置文件,由Ansible按序依次执行, 通常是JSON格式的丫ML文件。
Inventory:Ansible 管理主机清单。
Modules:AnSlble:执行命令功能模块,多数为内置的核心模块,也可以自定义。
Plugins:模块功能的补充,如连接类型插件、循环插件、变量插件、过滤插件等,该功能不常用。
API:供第三方程序调用的应用程序编程接口。
Ansible:组合Inventorys API、Modules、Plugins可以理解为是Ansible 命令工具,其为核心执行工具。
二、Ansible 安装
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo //下载epel源
# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo //下载linux镜像源
# yum -y install ansible
# ansible --version //验证安装结果
ansible 2.9.10
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 6 2016, 00:28:07) [GCC 4.8.5 20150623 (Red Hat 4.8.5-11)]
# ssh-keygen -t rsa //生成密钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): //密钥对存放路径
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): //私钥保护密码
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
01:ff:ae:b3:11:57:a3:b0:fa:a2:82:7c:a8:f0:90:df root@ansible
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| o |
| + o |
| = o . |
| S + |
| . . + |
|=.. . . . |
|o*.o ...o |
|o +.E. .+o |
+-----------------+
# ssh-copy-id root@192.168.1.20 //复制公钥到远端192.168.1.20
# ssh-copy-id root@192.168.1.30 //复制公钥到远端192.168.1.30
# ssh-copy-id root@192.168.1.40 //复制公钥到远端192.168.1.40
# ssh 192.168.1.20
Last login: Sat Jul 11 19:19:40 2020
# exit //退出192.168.1.20 shell环境
登出
Connection to 192.168.1.20 closed.
# ssh 192.168.1.30 //可以免密码登录192.168.1.20
Last login: Mon Jun 1 14:14:02 2020
# exit //退出192.168.1.30 shell环境
登出
Connection to 192.168.1.30 closed.
三、Ansible 配置
# vim /etc/ansible/hosts //编写hosts文件
[web]
192.168.1.20
[nfs]
192.168.1.30
[rsync]
192.168.1.40
[mail]
zs1.kgc.cn
zs[2:5].kgc.cn //[2:5]表示2~5之间的所有数字,即表示zs2.kgc.cn,zs3.kgc.cn······的所有主机
[test01]
www.admin.cn:222 //通过222端口管理设备
[benet:children]
web
nfs
rsync
# ansible -i /etc/ansible/hosts web -m ping //查看主机信息
192.168.1.20 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
针对特定的服务器操作
# ansible web -m command -a "systemctl status httpd" --limit "192.168.1.20" //只对web组中192.168.1.20主机操作。通过--limit参数限定主机的变更
# ansible 192.168.1.20 -m command -a "systemctl status httpd" //只对192.168.1.20主机操作。通过ip限定主机的变更
# ansible 192.168.1.* -m command -a "systemctl status httpd" //只对192.168.1.* 网段主机操作。通过通配符限定主机的变更
四、Ansible 命令
1、ansible
| 参数 | 说明 |
|---|---|
| -v (--verbose) | 输出详细的执行过程信息,可以得到执行过程所有信息 |
| -i PATH (--inventory=PATH) | 指定 inventory 信息,默认为/etc/ansibIe/hosts |
| -f NUM (-forks=NUM) | 并发线程数,默认为5个线程 |
| --private-key=PRIVATE_KEY_FILE | 指定密钥文件 |
| -m NAME,--module-name=NAME | 指定执行使用的模块 |
| -M DIRECTORY (--module-path=DIRECTORY) | 指定模块存放路径,默认为/usr/share/ansibIe |
| -a ARGUMENTS (--args=ARGUMENTS) | 指定模块参数 |
| -u USERNAME (--user=USERNAME) | 指定远程主机以USERNAME运行命令 |
| -I subset (--limit=SUBSET) | 限制运行主机 |
| --list-hosts | 列出符合条件的主机列表,不执行任何命令 |
# ansible all -f 5 -m ping //检查所有主机是否存活
192.168.1.20 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.1.30 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.1.40 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
# ansible web --list //列出web组所有的主机列表
hosts (1):
192.168.1.20
# ansible web -m command -a "df -hT" //批量显示web组中的磁盘使用空间
192.168.1.20 | CHANGED | rc=0 >>
文件系统 类型 容量 已用 可用 已用% 挂载点
/dev/mapper/cl-root xfs 50G 4.4G 46G 9% /
devtmpfs devtmpfs 1.4G 0 1.4G 0% /dev
tmpfs tmpfs 1.4G 144K 1.4G 1% /dev/shm
tmpfs tmpfs 1.4G 9.0M 1.4G 1% /run
tmpfs tmpfs 1.4G 0 1.4G 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 173M 842M 18% /boot
/dev/mapper/cl-home xfs 46G 36M 46G 1% /home
tmpfs tmpfs 280M 16K 280M 1% /run/user/0
2、Ansible-doc
# ansible-doc -l //列出支持的模块
fortios_router_community_list Configure com...
azure_rm_devtestlab_info Get Azure Dev...
ecs_taskdefinition register a ta...
avi_alertscriptconfig Module for se...
tower_receive Receive asset...
netapp_e_iscsi_target NetApp E-Seri...
azure_rm_acs Manage an Azu...
fortios_log_syslogd2_filter Filters for r...
......
# ansible-doc ping //查询ping模块的说明信息
> PING (/usr/lib/python2.7/site-packages/ansible/modules/system/ping.py)
A trivial test module, this module always returns `pong' on
successful contact. It does not make sense in playbooks, but
it is useful from `/usr/bin/ansible' to verify the ability to
login and that a usable Python is configured. This is NOT ICMP
ping, this is just a trivial test module that requires Python
on the remote-node. For Windows targets, use the [win_ping]
module instead. For Network targets, use the [net_ping] module
instead.
......
3、Ansible-playbook
Ansible-playbook命令后跟yml格式的playbook文件,playbook文件存放了要执行的任务代码
例:ansible-playbook playbook.yml(指定playbook.yml的绝对路径)
4、Ansible-console
交互操作远程主机,通过cd命令切换主机或分组,列出当前的设备
# ansible-console
Welcome to the ansible console.
Type help or ? to list commands.
root@all (9)[f:5]$ cd web
root@web (1)[f:5]$ list
192.168.1.20
root@web (1)[f:5]$ cd nfs
root@nfs (1)[f:5]$ list
192.168.1.30
五、Ansible 模块
1、command 模块
| 参数 | 说明 |
|---|---|
| chdir | 在远程主机上运行命令前要提前进入的目录 |
| creates | 在命令运行时创建一个文件,如果文件已存在,则不会执行创建任务 |
| removes | 命令运行时移除一个文件,如果文件不存在,则不会执行移除任务 |
| executeble | 指明运行命令的shell程序 |
# ansible all -m command -a "chdir=/home ls ./" //在所有主机上运行* ./"命令,运行前切换到/home目录
192.168.1.40 | CHANGED | rc=0 >>
lisi
192.168.1.30 | CHANGED | rc=0 >>
user1
192.168.1.20 | CHANGED | rc=0 >>
lisi
# ansible web -m command -a "hostname" //查看主机名称
192.168.1.20 | CHANGED | rc=0 >>
web
# ansible web -m command -a "useradd zhangsan" //创建zhangsan用户
192.168.1.20 | CHANGED | rc=0 >>
2、shell 模块
# ansible web -m shell -a 'echo "hello">> /tmp/hello.txt' //在远程主机执行命令在/tmp目录下创建内容为hello的hello.txt文件
192.168.1.20 | CHANGED | rc=0 >>
# ssh 192.168.1.20 cat /tmp/hello.txt
hello
# ansible web -m shell -a "echo 123 | passwd --stdin zhangsan" //更改用户zhangsan的密码
192.168.1.20 | CHANGED | rc=0 >>
更改用户 zhangsan 的密码 。
passwd:所有的身份验证令牌已经成功更新。
3、copy模块
| 参数 | 说明 |
|---|---|
| dest | 指出复制文件的目标目录位置,使用绝对路径。如果源是目录,则目标也要是目录,如果目标文件已存在,会覆盖原有内容 |
| src | 指出源文件的路径,可以使用相对路径和绝对路径,支持直接指定目录。如果源是目录,则目标也要是目录 |
| mode | 指出复制时,目标文件的权限,可选 |
| owner | 指出复制时,目标文件的属主,可选 |
| group | 指出复制时,目标文件的属组,可选 |
| content | 指出复制到目标主机上的内容,不能与src一起使用,相当于复制content指明的数据到目标文件中 |
# ansible benet -m copy -a "src=/etc/hosts dest=/etc/hosts backup=yes" //将本机hosts文件复制到所有主机
例如在ansible上远程配置rsync服务
# mkdir /etc/ansible/conf //修改rsync配置文件,并传到rsync服务器
# cd /etc/ansible/conf
# cp /etc/rsyncd.conf ./
# vim rsyncd.conf
uid = nobody
gid = nobody
port 873
address = 192.168.1.40
hosts allow = 192.168.1.0/24
max connections = 4
pid file = /var/run/rsyncd.pid
timeout = 900
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
[backup]
path = /backup
read only = no
auth users = rsync_backup
secrets file = /etc/rsync.password
# ansible 192.168.1.40 -m copy -a "src=rsyncd.conf dest=/etc/rsyncd.conf backup=yes"
# ansible rsync -m shell -a "rsync --daemon" //启动rsync服务
# ansible rsync -m file -a "path=/backup owner=root group=root recurse=yes mode=777" //创建目录,并赋权,更改属主属组
# ansible rsync -m copy -a "content='rsync_backup:1' dest=/etc/rsync.password owner=root group=root mode=600" //配置rsync服务器的密码文件
# ansible rsync -m shell -a "ls -l /etc/rsync.password"
192.168.1.40 | CHANGED | rc=0 >>
-rw------- 1 root root 14 7月 12 10:06 /etc/rsync.password
# ansible rsync -m shell -a "cat /etc/rsync.password"
192.168.1.40 | CHANGED | rc=0 >>
rsync_backup:1
# ansible benet -m copy -a "content='1' dest=/etc/server.pass owner=root group=root mode=600" //配置所有服务器的rsync连接密码文件
# ansible web -m shell -a "rsync -avz --password-file=/etc/server.pass /etc/httpd/conf/httpd.conf rsync_backup@rsync::backup" //备份WEB的httpd.conf配置文件
192.168.1.20 | CHANGED | rc=0 >>
sending incremental file list
httpd.conf
sent 4602 bytes received 27 bytes 9258.00 bytes/sec
total size is 11753 speedup is 2.54
4、hostname模块
# ansible 192.168.1.30 -m hostname -a "name=demo" //将192.168.1.30主机名改为demo
# ssh 192.168.1.30
Last login: Sun Jul 12 11:10:53 2020 from 192.168.1.10
# hostname
demo
5、yum模块
| 参数 | 说明 |
|---|---|
| name | 程序包的名称,可以带上版本号。若不指明版本,则默认为最新版本 |
| state=present | latest |
| disablerepo | 在用yum安装时,临时禁用某个仓库的ID |
| enablerepo | 在用yum安装时,临时启用某个仓库的ID |
| confjile | yum运行时的配置文件,而不是使用默认的配置文件 |
| diable_gpg_check=yes | no |
# ansible web -m yum -a "name=httpd state=installed" //在web主机安装httpd服务
# ssh 192.168.1.20 rpm -qa | grep httpd
httpd-2.4.6-93.el7.centos.x86_64
httpd-tools-2.4.6-93.el7.centos.x86_64
6、service 模块
| 参数 | 说明 |
|---|---|
| name | 被管理的服务名称 |
| state=started | stopped |
| enabled=yes | no |
| run level | 如果设定了enabled开机自启动,则要定义在哪些运行目标下自动启动 |
# ansible web -m service -a "name=httpd state=stopped enabled=yes" //启动httpd服务,并设置为开机启动
7、user模块
| 参数 | 说明 | 参数 | 说明 |
|---|---|---|---|
| name | 必选参数,账号名称 | state=present | absent |
| system=yes/no | 是否为系统账号 | uid | 用户UID |
| group | 用户的基本组 | groups | 用户的附加组 |
| shell | 默认使用的shell | home | 用户的家目录 |
| move_home=yes/no | 如果设置的家目录已经存在,是否将已存在的家目录进行移动 | password | 用户的密码,建议使用加密后的字符串 |
| comment | 用户的注释信息 | remove=yes/no | 当state=absent时,是否要删除用户的家目录 |
# ansible all -m user -a "name=www" //在所有清单主机上创建用户www,gid 666
# ansible web -m shell -a "echo 123 | passwd --stdin www" //更改web主机用户www的密码
192.168.1.20 | CHANGED | rc=0 >>
更改用户 www 的密码 。
passwd:所有的身份验证令牌已经成功更新。
# ansible web -m user -a 'name=user1 system=yes uid=501 group=root groups=sshd shell=/sbin/nologin home=/home/user1 password=user1 comment="test user"'
# ssh 192.168.1.20 tail -1 /etc/passwd
user1:x:501:0:test user:/home/user1:/sbin/nologin
# ansible web -m user -a "name=user1 remove=yes state=absent" //删除user1用户
# ssh 192.168.1.20 tail -1 /etc/passwd
www:x:1002:1002::/home/www:/bin/bash
8、group模块
# ansible all -m group -a "name=www gid=666" //在所有清单主机上创建组www,gid 666
# ansible all -m group -a "name=www gid=666 state=absent" //在所有清单主机删除组www
9、file模块
# ansible rsync -m file -a "path=/backup owner=root group=root recurse=yes mode=777" //创建目录,并赋权,更改属主属组
# ansible rsync -m file -a "path=/test.txt owner=root group=root state=touch mode=777" //创建文件
10、mount模块
# ansible nfs -m file -a "path=/nfs owner=root group=root recurse=yes mode=777"
# vim exports
/nfs 192.168.1.0/24(rw,sync,no_root_squash)
# ansible nfs -m copy -a "src=exports dest=/etc/exports"
# ansible nfs -m service -a "name=nfs state=restarted"
# ansible nfs -m service -a "name=rpcbind state=restarted"
# ansible web -m mount -a "src=192.168.1.30:/nfs path=/var/www/html fstype=nfs state=mounted"
六、playbook配置文件
1、执行配置文件
| 参数 | 说明 |
|---|---|
| hosts | 任务的目标主机,多个主机用冒号分隔,一般调用/etc/ansible/hosts中的分组信息 |
| remote_user | 远程主机上,运行此任务的身份默认为root |
| tasks | 任务,即定义的具体任务,由模块定义的操作列表 |
| handlers | 触发器,只是在特定的条件下才会触发的任务 |
| roles | 角色,将hosts剥离出去,由tasks、handlers等所组成的一种特定的结构集合 |
因为需要缩进两个字符,默认的tab键是四个字符,所以要使用tab键,需要修改.vimrc
# vim /root/.vimrc
set tabstop=2
::: warning
注意:各个要素务必对齐,冒号和横杠后面要有空格
:::
# vim /etc/ansible/hosts //修改 hosts 文件
[web1]
192.168.1.30
[web2]
192.168.1.40
# vim /etc/ansible/a.yml //创建a.yml文件
#针对web1(192.168.1.30)的操作
- hosts: web1
#远端执行用户身份为root
remote_user: root
#任务列表
tasks:
#任务名称
- name: adduser
#执行user模块,创建用户
user: name=user2 state=present
#创建tag标签
tags :
#tag标签为aaa
- aaa
#任务名称
- name: addgroup
#执行group模块,创建组
group: name=root system=yes
#创建tag标签
tags :
#tag标签为bbb
- bbb
#针对web2(192.168.1.40)的操作
- hosts: web2
#远端执行用户身份为root
remote_user: root
#任务列表
tasks:
#任务名称
- name: copy file to web
#执行copy模块,复制文件
copy: src=/etc/passwd dest=/home
#创建tag标签
tags:
#tag标签为ccc
- ccc
ansible-playbook命令用法:
ansible-playbook [option] /PATH/TO/PLAYBOOK. yaml
| 参数 | 说明 |
|---|---|
| --syntax-check | 检测yaml文件的语法 |
| -C(--check) | 预测试,不会改变目标主机的任何设置 |
| --list-hosts | 列出yaml文件影响的主机列表 |
| --list-tasks | 列出yaml文件的任务列表 |
| --list-tags | 列出yaml文件中的标签 |
| -t TAGS (--tags=TAGS) | 表示只执行指定标签的任务 |
| --skip-tags=SKIP_TAGS | 表示除了指定标签的任务,执行其他任务 |
| --start-at-task=START_AT | 从指定的任务开始往下运行 |
# ansible-playbook --syntax-check /etc/ansible/a.yml //语法检查
playbook: /etc/ansible/a.yml
# ansible-playbook -C /etc/ansible/a.yml //预测试
# ansible-playbook --list-hosts /etc/ansible/a.yml //列出主机
playbook: /etc/ansible/a.yml
play #1 (web1): web1 TAGS: []
pattern: [u'web1']
hosts (1):
192.168.1.30
play #2 (web2): web2 TAGS: []
pattern: [u'web2']
hosts (1):
192.168.1.40
# ansible-playbook --list-tasks /etc/ansible/a.yml //列出任务
playbook: /etc/ansible/a.yml
play #1 (web1): web1 TAGS: []
tasks:
adduser TAGS: [aaa]
addgroup TAGS: [bbb]
play #2 (web2): web2 TAGS: []
tasks:
copy file to web TAGS: [ccc]
# ansible-playbook --list-tags /etc/ansible/a.yml //列出标签
playbook: /etc/ansible/a.yml
play #1 (web1): web1 TAGS: []
TASK TAGS: [aaa, bbb]
play #2 (web2): web2 TAGS: []
TASK TAGS: [ccc]
# ansible-playbook /etc/ansible/a.yml //执行任务
# ssh 192.168.1.30 tail -1 /etc/passwd
user2:x:1002:1002::/home/user2:/bin/bash
# ssh 192.168.1.40 tail -1 /etc/passwd
www:x:1001:1001::/home/www:/bin/bash
# ssh 192.168.1.40 ls -l /home/passwd
-rw-r--r-- 1 root root 2232 7月 13 17:36 /home/passwd
2、触发器
正常情况下 httpd 监听 80 端口
# ssh 192.168.1.30 netstat -lnpt | grep 80 //正常情况下 httpd监听80端口
tcp6 0 0 :::80 :::* LISTEN 64665/httpd
# vim /etc/ansible/httpd.yml //创建 httpd.yml 配置文件
- hosts: web1
remote_user: root
tasks:
#修改端口
- name: change port
command: sed -i 's/Listen\ 80/Listen\ 8080/g' /etc/httpd/conf/httpd.conf
#配置触发条件
notify:
#完成该任务后调用名为"restart httpd server"的触发器
- restart httpd server
#配置触发器
handlers:
#指定触发器名字
- name: restart httpd server
#触发任务为重启 httpd 服务
service: name=httpd state=restarted
# ansible-playbook /etc/ansible/httpd.yml //执行 yml 文件
# ssh 192.168.1.30 netstat -lnpt | grep 8080 //远端主机已经运行8080端口
tcp6 0 0 :::8080 :::* LISTEN 66255/httpd
3、角色
# mkdir -p /etc/ansible/roles/mariadb/{files,tasks,handlers} //创建角色目录
# cd /etc/ansible/roles/mariadb/tasks/ //进入mariadb角色文件夹的tasks
# vim main.yml //编写main.yml 文件
- name: install mariadb
yum: name=mariadb-server state=present
- name: move config file
shell: "[ -e /etc/my.cnf ]&& mv /etc/my.cnf /etc/my.cnf.bak"
- name: provide a new config file
#src可以不指定路径,自动到角色目录下的files文件夹去找
copy: src=my.cnf dest=/etc/my.cnf
- name: reload mariadb
shell: systemctl restart mariadb
- name: create database testdb
shell: mysql -u root -e "create database testdb;grant all on testdb.* to 'test'@'192.168.1.%' identified by 'test123';flush privileges;"
notify:
- restart mariadb
# cd ../handlers/ //进入rnariadb角色文件夹的handlers
# vim main.yml //编写main.yml文件
- name: restart mariadb
service: name=mariadb state=restarted
# cp /etc/my.cnf /etc/ansible/roles/mariadb/files/ //提前准备my.cnf配置文件,准备复制到被管理主机
# cd ../../..
# vim mariadb.yml
- hosts: web1
remote_user: root
roles:
- mariadb
# ansible-playbook /etc/ansible/mariadb.yml
# mysql -u test -p -h 192.168.1.30 //查看远端主机
Enter password: //无密码
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 5
Server version: 5.5.65-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
4、playbook配置web-nfs-rsync架构环境
# yum -y install httpd
# cp /etc/httpd/conf/httpd.conf ./ //复制httpd配置文件
# vim httpd.conf //按需求修改配置文件
# mkdir -p /etc/ansible/ansible_playbook/{conf,file,scripts,tools} //创建ansible目录
# vim /etc/ansible/hosts //创建ansible清单
[web]
192.168.1.20
[nfs]
192.168.1.30
[rsync]
192.168.1.40
# vim /etc/ansible/ansible_playbook/base.yaml //基础环境部署
- hosts: all
tasks:
- name: clear repos.d
file: path=/etc/yum.repos.d/ state=absent
- name: create repos.d
file: path=/etc/yum.repos.d/ state=directory
- name: install base repo
get_url: url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo
- name: install epel repo
get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo
- name: install rsync nfs-utils
yum: name=rsync,nfs-utils state=installed
- name: create group www
group: name=www gid=666
- name: create user www
user: name=www uid=666 create_home=no shell=/sbin/nologin
- name: create rsync client password
copy: content='1' dest=/etc/rsync.pass mode=600
- name: create scripts directory
file: path=/server/scripts/ recurse=yes state=directory
- name: push scripts
copy: src=./scripts/rsync_backup.sh dest=/server/scripts
- name: crontab
cron: name="backup scripts" hour=01 minute=00 job="/usr/bin/bash /server/scripts/rsync_backup.sh &> /dev/null"
# vim /etc/ansible/ansible_playbook/rsync.yaml //rsync配置
- hosts: rsync
tasks:
- name: install rsync
yum: name=rsync,mailx state=installed
- name: config rsync
copy: src=/etc/ansible/ansible_playbook/conf/rsyncd.conf dest=/etc/rsyncd.conf
notify: restart rsync
- name: create rsync local user
copy: content='rsync_backup:1' dest=/etc/rsync.password mode=600
- name: create data
file: path=/data state=directory recurse=yes owner=www group=www mode=755
- name: create backup
file: path=/backup state=directory recurse=yes owner=www group=www mode=755
- name: start rsync
service: name=rsyncd state=started enabled=yes
- name: push check scripts
copy: src=./scripts/rsync_check.sh dest=/server/scripts/
- name: crond check scripts
cron: name="check scripts" hour=05 minute=00 job="/usr/bin/bash /server/scripts/rsync_check.sh &> /dev/null"
handlers:
- name: restart rsync
service: name=rsyncd state=restarted
# vim /etc/ansible/ansible_playbook/nfs.yaml //nfs部署
- hosts: nfs
tasks:
- name: install nfs
yum: name=nfs-utils state=installed
- name: config nfs
copy: src=./conf/exports dest=/etc/exports
- name: create data
file: path=/data state=directory recurse=yes owner=www group=www mode=755
- name: start nfs
service: name=nfs-server state=started enabled=yes
handlers:
- name: restart nfs
service: name=nfs-server state=restarted
# cd /etc/ansible/ansible_playbook/scripts/
# vim rsync_backup.sh
#!/usr/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#1.定义变量
Host=$(hostname)
Addr=$(ifconfig ens33|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
#2.创建备份目录
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
#3.备份对应的文件
cd / && \
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && \
#4.携带md5验证信息
[ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_${Date}
#4.推送本地数据至备份服务器
export RSYNC_PASSWORD=1
rsync -avz $Path/ rsync_backup@rsync1::backup
#5.本地保留最近7天的数据
find $Path/ -type d -mtime +7|xargs rm -rf
# vim rsync_check.sh
#!/usr/bin/bash
#1.定义全局的变量
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
#2.定义局部变量
Path=/backup
Date=$(date +%F)
#3.查看flag文件,将校验的结果保存至result_时间
find $Path/*_${Date} -type f -name "flag$Date" >$Path/result_${Date}
#4.将校验的结果发送邮件给管理员
mail -s "Rsync Backup $Date" 1793594335@qq.com <$Path/result_${Date}
#5.删除超过7天的校验结果文件, 删除超过180天的备份数据文件
find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
find $Path/ -type d -mtime +180|xargs rm -rf
# cd
# wget https://files.cnblogs.com/files/hypj/sersync2.5.4_64bit_binary_stable_final.tar.gz
# tar zxf sersync2.5.4_64bit_binary_stable_final.tar.gz -C /etc/ansible/ansible_playbook/
# cd /etc/ansible/ansible_playbook/
# mv GNU-Linux-x86/ tools/sersync
# cd tools/sersync/
# vim confxml.xml
<sersync>
<localpath watch="/data">
<remote ip="192.168.1.104" name="data"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
# cd
# vim /etc/ansible/ansible_playbook/sersync.yaml //sersync部署
- hosts: nfs
tasks:
- name: scp sersync
copy: src=./tools/sersync/ dest=/usr/local/sersync owner=www group=www mode=755
- name: start sersync
shell: pgrep sersync;
[ $? -eq 0 ] || /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
# cp httpd.conf /etc/ansible/ansible_playbook/conf
# vim /etc/ansible/ansible_playbook/web.yaml //web部署
- hosts: web
tasks:
- name: mount nfs
mount: src=nfs1:/data path=/data fstype=nfs state=mounted
- name: install httpd
yum: name=httpd state=installed
- name: config httpd
copy: src=./conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started enabled=yes
handlers:
- name: restart httpd
service: name=httpd state=restarted
# cd /etc/ansible/ansible_playbook/conf/
# vim rsyncd.conf
uid = nobody
gid = nobody
port 873
address = 192.168.1.40
hosts allow = 192.168.1.0/24
max connections = 4
pid file = /var/run/rsyncd.pid
timeout = 900
dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
[backup]
path = /backup
read only = no
auth users = rsync_backup
secrets file = /etc/rsync.password
# vim exports
/data 192.168.1.0/24(rw,sync,all_squash)
# cd ../
# vim main.yaml
- import_playbook: base.yaml
- import_playbook: rsync.yaml
- import_playbook: nfs.yaml
- import_playbook: sersync.yaml
- import_playbook: web.yaml
# ansible-playbook main.yaml
评论区