{"id":97,"date":"2017-03-29T22:45:01","date_gmt":"2017-03-29T14:45:01","guid":{"rendered":"http:\/\/www.jsjs.org\/?p=97"},"modified":"2017-03-29T22:45:01","modified_gmt":"2017-03-29T14:45:01","slug":"centos6-7%e4%b8%8bansible%e9%83%a8%e7%bd%b2","status":"publish","type":"post","link":"https:\/\/blog.jsjs.org\/?p=97","title":{"rendered":"CentOS6.7\u4e0bAnsible\u90e8\u7f72"},"content":{"rendered":"

\"QQ20151022-0@2x\"<\/a><\/p>\n

Ansible<\/a>\u662f\u4e00\u79cd\u96c6\u6210IT\u7cfb\u7edf\u7684\u914d\u7f6e\u7ba1\u7406, \u5e94\u7528\u90e8\u7f72, \u6267\u884c\u7279\u5b9a\u4efb\u52a1\u7684\u5f00\u6e90\u5e73\u53f0. \u5b83\u57fa\u4e8ePython\u8bed\u8a00\u5b9e\u73b0, \u90e8\u7f72\u53ea\u9700\u5728\u4e3b\u63a7\u7aef\u90e8\u7f72Ansible<\/a>\u73af\u5883, \u88ab\u63a7\u7aef\u65e0\u9700\u5b89\u88c5\u4ee3\u7406\u5de5\u5177, \u53ea\u9700\u6253\u5f00SSH, \u8ba9\u4e3b\u63a7\u7aef\u901a\u8fc7SSH\u79d8\u94a5\u8ba4\u8bc1\u5bf9\u5176\u8fdb\u884c\u6240\u6709\u7684\u7ba1\u7406\u76d1\u63a7\u64cd\u4f5c. \u76f8\u5bf9\u4e8eSaltStack, \u5b83\u9664\u4e86\u5229\u7528SSH\u5b89\u5168\u4f20\u8f93, \u65e0\u9700\u5728\u5ba2\u6237\u7aef\u8fdb\u884c\u4efb\u4f55\u914d\u7f6e, \u800c\u4e14\u5b83\u6709\u4e00\u4e2a\u5f88\u5e9e\u5927\u7684\u7528\u6237\u7fa4\u4f53\u4ee5\u53ca\u4e30\u5bcc\u7684API, \u76f8\u5bf9\u9002\u5408\u90e8\u7f72\u5230\u6570\u91cf\u6bd4\u8f83\u5927\u4e14\u5bf9\u7cfb\u7edf\u8f6f\u4ef6\u5b89\u88c5\u8981\u6c42\u6bd4\u8f83\u4e25\u683c\u7684\u96c6\u7fa4\u4e2d.<\/p>\n

\u66f4\u591a\u914d\u7f6e\u53c2\u8003:\u00a0https:\/\/github.com\/ansible<\/a><\/p>\n

\u5b98\u65b9\u6587\u6863:\u00a0http:\/\/docs.ansible.com\/ansible<\/a><\/p>\n

\u672c\u6587\u5c06\u5e2e\u52a9\u5927\u5bb6\u5982\u4f55\u5feb\u901f\u90e8\u7f72\u4e00\u4e2aAnsible<\/a>\u5e73\u53f0.<\/p>\n

\u5b89\u88c5\u73af\u5883:<\/p>\n

System: Centos 6.7 x64<\/p>\n

Master: master.example.com<\/p>\n

Minion: client01.example.com<\/p>\n

Minion: client02.example.com<\/p>\n

\u4e00. \u73af\u5883\u90e8\u7f72\u53ca\u5b89\u88c5<\/strong><\/p>\n

1. \u5173\u95ediptables\u548cSELINUX<\/p>\n

# service iptables stop<\/p>\n

# setenforce 0<\/p>\n

# vi \/etc\/sysconfig\/selinux<\/p>\n

...\nSELINUX=disabled\n...<\/pre>\n
2. Master\u7aef\u5b89\u88c5EPEL\u7b2c\u4e09\u65b9yum\u6e90<\/p>\n
# rpm -Uvh http:\/\/ftp.linux.ncsu.edu\/pub\/epel\/6\/i386\/epel-release-6-8.noarch.rpm<\/a><\/p>\n
3.\u5b89\u88c5Ansible<\/a><\/p>\n
# yum install ansible -y<\/p>\n
4.\u6dfb\u52a0\u73af\u5883\u53d8\u91cf\u4ee5\u4fbfvi\u80fd\u6b63\u5e38\u663e\u793a\u4e2d\u6587\u6ce8\u91ca.<\/p>\n
# vi \/etc\/profile<\/p>\n
\u6dfb\u52a0:<\/p>\n
export LC_ALL=en_US.UTF-8\nexport LANG=en_US.UTF-8\nexport LANGUAGE=en_US.UTF-8<\/pre>\n
#\u00a0source \/etc\/profile<\/p>\n
\u4e8c. \u521d\u59cb\u914d\u7f6e<\/strong><\/p>\n
1. \u4fee\u6539\u4e3b\u673a\u53ca\u7ec4\u914d\u7f6e<\/p>\n
# cd \/etc\/ansible<\/p>\n
# cp hosts hosts.bak<\/p>\n
# cat \/dev\/null > hosts<\/p>\n
# vi \/etc\/ansible\/hosts<\/p>\n
[webservers]\nclient01.example.com\nclient02.example.com\n[nginx01]\nclient01.example.com\n[nginx02]\nclient02.example.com<\/pre>\n
2.\u914d\u7f6eSSH\u79d8\u94a5\u8ba4\u8bc1<\/p>\n
# yum install ssh* -y<\/p>\n
#\u00a0ssh-keygen -t rsa<\/p>\n
Generating public\/private rsa key pair.\nEnter file in which to save the key (\/root\/.ssh\/id_rsa):\nCreated directory '\/root\/.ssh'.\nEnter passphrase (empty for no passphrase):\nEnter same passphrase again:\nYour identification has been saved in \/root\/.ssh\/id_rsa.\nYour public key has been saved in \/root\/.ssh\/id_rsa.pub.\nThe key fingerprint is:\n24:13:34:e9:71:2b:20:0b:48:a6:86:9a:1d:1b:1d:26 root@master.example.com<\/a>\nThe key's randomart image is:\n+--[ RSA 2048]----+\n|ooE o.+.         |\n|* .+..oo.        |\n|oooo.ooo..       |\n|oo.+  o+.        |\n|o o    .S        |\n|                 |\n|                 |\n|                 |\n|                 |\n+-----------------+<\/pre>\n
\u540c\u6b65\u516c\u94a5\u6587\u4ef6id_rsa.pub\u5230\u76ee\u6807\u4e3b\u673a<\/p>\n
#\u00a0ssh-copy-id -i \/root\/.ssh\/id_rsa.pub root@client01.example.com<\/a><\/p>\n
#\u00a0ssh-copy-id -i \/root\/.ssh\/id_rsa.pub root@client02.example.com<\/a><\/p>\n
\u6821\u9a8cSSH\u514d\u5bc6\u7801\u914d\u7f6e\u662f\u5426\u6210\u529f.<\/p>\n
# ssh root@client02.example.com<\/a><\/p>\n
\u5982\u76f4\u63a5\u8fdb\u5165\u5219\u914d\u7f6e\u5b8c\u6210.<\/p>\n
3.\u5b9a\u4e49\u4e3b\u673a\u4e0e\u7ec4<\/p>\n
\u6240\u6709\u5b9a\u4e49\u7684\u4e3b\u673a\u4e0e\u7ec4\u89c4\u5219\u90fd\u5728\/etc\/Ansible<\/a>\/hosts\u4e0b.<\/p>\n
\u5e38\u89c1\u7684\u5199\u6cd5:<\/p>\n
192.168.1.21:2135 \u5b9a\u4e49\u4e00\u4e2aIP\u4e3a192.168.1.21, SSH\u7aef\u53e3\u4e3a2135\u7684\u4e3b\u673a.<\/p>\n
jumper ansible_ssh_port=22 ansible_ssh_host=192.168.1.50 \u5b9a\u4e49\u4e00\u4e2a\u522b\u540d\u4e3ajumper, SSH\u7aef\u53e3\u4e3a22, IP\u4e3a192.168.1.50\u7684\u4e3b\u673a.<\/p>\n
\u7ec4\u6210\u5458\u4e3b\u673a\u540d\u79f0\u8303\u4f8b:<\/p>\n
[webservers]\nwww[001:006].example.com\n[dbservers]\ndb-[a:f].example.com<\/pre>\n
4.\u5b9a\u4e49\u4e3b\u673a\u53d8\u91cf<\/p>\n
\u4e3b\u673a\u53ef\u4ee5\u6307\u5b9a\u53d8\u91cf, \u540e\u9762\u53ef\u4ee5\u4f9bPlaybooks\u8c03\u7528<\/p>\n
[atlanta]\nhost1 http_port=80 maxRequestsPerChild=808\nhost2 http_port=8080 maxRequestsPerChild=909<\/pre>\n
5.\u5b9a\u4e49\u7ec4\u53d8\u91cf<\/p>\n
[atlanta]\nhost1\nhost2\n\n[atlanta:vars]\nntp_server=ntp.atlanta.example.com\nproxy=proxy.atlanta.example.com<\/pre>\n
6.\u5339\u914d\u76ee\u6807<\/p>\n
\u91cd\u542fwebservers\u7ec4\u6240\u6709SSH\u670d\u52a1.<\/p>\n
# ansible webservers -m service -a “name=sshd state=restarted”<\/p>\n
client01.example.com | success >> {\n    \"changed\": true,\n    \"name\": \"sshd\",\n    \"state\": \"started\"\n}\n\nclient02.example.com | success >> {\n    \"changed\": true,\n    \"name\": \"sshd\",\n    \"state\": \"started\"\n}<\/pre>\n
\u4e09. Ansible<\/a>\u5e38\u7528\u6a21\u5757\u53caAPI<\/strong><\/p>\n
1.\u8fdc\u7a0b\u547d\u4ee4\u6a21\u5757<\/p>\n
command: \u6267\u884c\u8fdc\u7a0b\u4e3b\u673aSHELL\u547d\u4ee4:<\/p>\n
# ansible webservers -m command -a “free -m”<\/p>\n
client01.example.com | success | rc=0 >>\n             total       used       free     shared    buffers     cached\nMem:           996        108        887          0          7         41\n-\/+ buffers\/cache:         58        937\nSwap:         1023          0       1023\n\nclient02.example.com | success | rc=0 >>\n             total       used       free     shared    buffers     cached\nMem:           996        108        888          0          7         41\n-\/+ buffers\/cache:         58        937\nSwap:         1023          0       1023<\/pre>\n
script: \u8fdc\u7a0b\u6267\u884cMASTER\u672c\u5730SHELL\u811a\u672c.(\u7c7b\u4f3cscp+shell)<\/p>\n
# echo “df -h” > ~\/test.sh<\/p>\n
# ansible webservers -m script -a “~\/test.sh”<\/p>\n
client01.example.com | success >> {\n    \"changed\": true,\n    \"rc\": 0,\n    \"stderr\": \"OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013\\ndebug1: Reading configuration data \/etc\/ssh\/ssh_config\\r\\ndebug1: Applying options for *\\r\\ndebug1: auto-mux: Trying existing master\\r\\ndebug1: mux_client_request_session: master session id: 2\\r\\ndebug1: mux_client_request_session: master session id: 2\\r\\nShared connection to client01.example.com closed.\\r\\n\",\n    \"stdout\": \"Filesystem      Size  Used Avail Use% Mounted on\\r\\n\/dev\/sda3       6.6G  815M  5.5G  13% \/\\r\\ntmpfs           499M     0  499M   0% \/dev\/shm\\r\\n\/dev\/sda1       190M   27M  154M  15% \/boot\\r\\n\"\n}\n\nclient02.example.com | success >> {\n    \"changed\": true,\n    \"rc\": 0,\n    \"stderr\": \"OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013\\ndebug1: Reading configuration data \/etc\/ssh\/ssh_config\\r\\ndebug1: Applying options for *\\r\\ndebug1: auto-mux: Trying existing master\\r\\ndebug1: mux_client_request_session: master session id: 2\\r\\ndebug1: mux_client_request_session: master session id: 2\\r\\nShared connection to client02.example.com closed.\\r\\n\",\n    \"stdout\": \"Filesystem      Size  Used Avail Use% Mounted on\\r\\n\/dev\/sda3       6.6G  815M  5.5G  13% \/\\r\\ntmpfs           499M     0  499M   0% \/dev\/shm\\r\\n\/dev\/sda1       190M   27M  154M  15% \/boot\\r\\n\"\n}<\/pre>\n
2. copy\u6a21\u5757<\/p>\n
\u5b9e\u73b0\u4e3b\u63a7\u7aef\u5411\u76ee\u6807\u4e3b\u673a\u62f7\u8d1d\u6587\u4ef6, \u7c7b\u4f3cscp\u529f\u80fd.<\/p>\n
\u8be5\u5b9e\u4f8b\u5b9e\u73b0~\/test.sh\u6587\u4ef6\u81f3webservers\u7ec4\u76ee\u6807\u4e3b\u673a\/tmp\u4e0b, \u5e76\u66f4\u65b0\u6587\u4ef6owner\u548cgroup<\/p>\n
# ansible webservers -m copy -a “src=~\/test.sh dest=\/tmp\/ owner=root group=root mode=0755”<\/p>\n
# ansible webservers -m copy -a \"src=~\/test.sh dest=\/tmp\/ owner=root group=root mode=0755\"\nclient01.example.com | success >> {\n    \"changed\": true,\n    \"checksum\": \"c989bd551bfa8c755f6cacacb90c5c509432110e\",\n    \"dest\": \"\/tmp\/test.sh\",\n    \"gid\": 0,\n    \"group\": \"root\",\n    \"md5sum\": \"69a238d8cb3c5f979252010b3299e524\",\n    \"mode\": \"0755\",\n    \"owner\": \"root\",\n    \"size\": 6,\n    \"src\": \"\/root\/.ansible\/tmp\/ansible-tmp-1445322165.21-234077402845688\/source\",\n    \"state\": \"file\",\n    \"uid\": 0\n}\n\nclient02.example.com | success >> {\n    \"changed\": true,\n    \"checksum\": \"c989bd551bfa8c755f6cacacb90c5c509432110e\",\n    \"dest\": \"\/tmp\/test.sh\",\n    \"gid\": 0,\n    \"group\": \"root\",\n    \"md5sum\": \"69a238d8cb3c5f979252010b3299e524\",\n    \"mode\": \"0755\",\n    \"owner\": \"root\",\n    \"size\": 6,\n    \"src\": \"\/root\/.ansible\/tmp\/ansible-tmp-1445322165.2-164402895387597\/source\",\n    \"state\": \"file\",\n    \"uid\": 0\n}<\/pre>\n
3.stat\u6a21\u5757<\/p>\n
\u83b7\u53d6\u8fdc\u7a0b\u6587\u4ef6\u72b6\u6001\u4fe1\u606f, \u5305\u62ecatime, ctime, mtime, md5, uid, gid\u7b49\u4fe1\u606f.<\/p>\n
# ansible webservers -m stat -a “path=\/etc\/sysctl.conf”<\/p>\n
client02.example.com | success >> {\n    \"changed\": false,\n    \"stat\": {\n        \"atime\": 1445312213.9599864,\n        \"checksum\": \"704d7d26321b453d973939ee41aaf9861e238a78\",\n        \"ctime\": 1444969315.401,\n        \"dev\": 2051,\n        \"exists\": true,\n        \"gid\": 0,\n        \"gr_name\": \"root\",\n        \"inode\": 130328,\n        \"isblk\": false,\n        \"ischr\": false,\n        \"isdir\": false,\n        \"isfifo\": false,\n        \"isgid\": false,\n        \"islnk\": false,\n        \"isreg\": true,\n        \"issock\": false,\n        \"isuid\": false,\n        \"md5\": \"9ce78fbee91a542ca29d3e7945486e27\",\n        \"mode\": \"0644\",\n        \"mtime\": 1437725687.0,\n        \"nlink\": 1,\n        \"path\": \"\/etc\/sysctl.conf\",\n        \"pw_name\": \"root\",\n        \"rgrp\": true,\n        \"roth\": true,\n        \"rusr\": true,\n        \"size\": 998,\n        \"uid\": 0,\n        \"wgrp\": false,\n        \"woth\": false,\n        \"wusr\": true,\n        \"xgrp\": false,\n        \"xoth\": false,\n        \"xusr\": false\n    }\n}\n\nclient01.example.com | success >> {\n    \"changed\": false,\n    \"stat\": {\n        \"atime\": 1445312212.9747968,\n        \"checksum\": \"704d7d26321b453d973939ee41aaf9861e238a78\",\n        \"ctime\": 1444969315.401,\n        \"dev\": 2051,\n        \"exists\": true,\n        \"gid\": 0,\n        \"gr_name\": \"root\",\n        \"inode\": 130328,\n        \"isblk\": false,\n        \"ischr\": false,\n        \"isdir\": false,\n        \"isfifo\": false,\n        \"isgid\": false,\n        \"islnk\": false,\n        \"isreg\": true,\n        \"issock\": false,\n        \"isuid\": false,\n        \"md5\": \"9ce78fbee91a542ca29d3e7945486e27\",\n        \"mode\": \"0644\",\n        \"mtime\": 1437725687.0,\n        \"nlink\": 1,\n        \"path\": \"\/etc\/sysctl.conf\",\n        \"pw_name\": \"root\",\n        \"rgrp\": true,\n        \"roth\": true,\n        \"rusr\": true,\n        \"size\": 998,\n        \"uid\": 0,\n        \"wgrp\": false,\n        \"woth\": false,\n        \"wusr\": true,\n        \"xgrp\": false,\n        \"xoth\": false,\n        \"xusr\": false\n    }\n}<\/pre>\n
4.get_url\u6a21\u5757<\/p>\n
\u5b9e\u73b0\u5728\u8fdc\u7a0b\u4e3b\u673a\u4e0b\u8f7d\u6307\u5b9aURL\u5230\u672c\u5730.<\/p>\n
# ansible webservers -m get_url -a “url=http:\/\/www.showerlee.com dest=\/tmp\/index.html mode=0400 force=yes”<\/p>\n
client02.example.com | success >> {\n    \"changed\": true,\n    \"checksum\": \"470d6ab960810153bb8149c3754b0e8a2d89209d\",\n    \"dest\": \"\/tmp\/index.html\",\n    \"gid\": 0,\n    \"group\": \"root\",\n    \"md5sum\": \"009949f770f35a4ea82105e5e923abcb\",\n    \"mode\": \"0400\",\n    \"msg\": \"OK (unknown bytes)\",\n    \"owner\": \"root\",\n    \"sha256sum\": \"\",\n    \"size\": 81635,\n    \"src\": \"\/tmp\/tmpa44PoE\",\n    \"state\": \"file\",\n    \"uid\": 0,\n    \"url\": \"http:\/\/www.showerlee.com\"\n}\n\nclient01.example.com | success >> {\n    \"changed\": true,\n    \"checksum\": \"9b1afd16f97c07638965ba0c5cf01037af00a38a\",\n    \"dest\": \"\/tmp\/index.html\",\n    \"gid\": 0,\n    \"group\": \"root\",\n    \"md5sum\": \"5a935e77927286dfcb7a0190e8af461b\",\n    \"mode\": \"0400\",\n    \"msg\": \"OK (unknown bytes)\",\n    \"owner\": \"root\",\n    \"sha256sum\": \"\",\n    \"size\": 81679,\n    \"src\": \"\/tmp\/tmp5WHuj0\",\n    \"state\": \"file\",\n    \"uid\": 0,\n    \"url\": \"http:\/\/www.showerlee.com\"\n}<\/pre>\n
5.yum\u6a21\u5757<\/p>\n
Linux\u5305\u7ba1\u7406\u5e73\u53f0\u64cd\u4f5c, \u00a0\u5e38\u89c1\u90fd\u4f1a\u6709yum\u548capt,\u00a0\u6b64\u5904\u4f1a\u8c03\u7528yum\u7ba1\u7406\u6a21\u5f0f<\/p>\n
# ansible servers -m yum -a “name=curl state=latest”<\/p>\n
client01.example.com | success >> {\n    \"changed\": false,\n    \"msg\": \"\",\n    \"rc\": 0,\n    \"results\": [\n        \"All packages providing curl are up to date\"\n    ]\n}\n\nclient02.example.com | success >> {\n    \"changed\": false,\n    \"msg\": \"\",\n    \"rc\": 0,\n    \"results\": [\n        \"All packages providing curl are up to date\"\n    ]\n}<\/pre>\n
6. cron\u6a21\u5757<\/p>\n
\u8fdc\u7a0b\u4e3b\u673acrontab\u914d\u7f6e<\/p>\n
# ansible webservers -m cron -a “name=’check dir’ hour=’5,2′ job=’ls -alh > \/dev\/null'”<\/p>\n
client02.example.com | success >> {\n    \"changed\": true,\n    \"jobs\": [\n        \"check dir\"\n    ]\n}\n\nclient01.example.com | success >> {\n    \"changed\": true,\n    \"jobs\": [\n        \"check dir\"\n    ]\n}<\/pre>\n
7.service\u6a21\u5757<\/p>\n
\u8fdc\u7a0b\u4e3b\u673a\u7cfb\u7edf\u670d\u52a1\u7ba1\u7406<\/p>\n
# ansible webservers -m service -a “name=crond state=stopped”<\/p>\n
#\u00a0ansible webservers -m service -a “name=crond state=restarted”<\/p>\n
#\u00a0ansible webservers -m service -a “name=crond state=reloaded”<\/p>\n
8.user\u670d\u52a1\u6a21\u5757<\/p>\n
\u8fdc\u7a0b\u4e3b\u673a\u7cfb\u7edf\u7528\u6237\u7ba1\u7406<\/p>\n
\u6dfb\u52a0\u7528\u6237:<\/p>\n
# ansible webservers -m user -a “name=johnd comment=’John Doe'”<\/p>\n
\u5220\u9664\u7528\u6237:<\/p>\n
#\u00a0ansible webservers -m user -a “name=johnd state=absent remove=yes”<\/p>\n
\u56db. playbook\u4ecb\u7ecd<\/strong><\/p>\n
playbook\u662f\u4e00\u4e2a\u4e0d\u540c\u4e8e\u4f7f\u7528Ansible<\/a>\u547d\u4ee4\u884c\u6267\u884c\u65b9\u5f0f\u7684\u6a21\u5f0f, \u5176\u529f\u80fd\u662f\u5c06\u5927\u91cf\u547d\u4ee4\u884c\u914d\u7f6e\u96c6\u6210\u5230\u4e00\u8d77\u5f62\u6210\u4e00\u4e2a\u53ef\u5b9a\u5236\u7684\u591a\u4e3b\u673a\u914d\u7f6e\u7ba1\u7406\u90e8\u7f72\u5de5\u5177.<\/p>\n
\u5b83\u901a\u8fc7YAML\u683c\u5f0f\u5b9a\u4e49, \u53ef\u4ee5\u5b9e\u73b0\u5411\u591a\u53f0\u4e3b\u673a\u7684\u5206\u53d1\u5e94\u7528\u90e8\u7f72.<\/p>\n
\u4ee5\u4e0b\u7ed9\u5927\u5bb6\u8be6\u7ec6\u4ecb\u7ecd\u4e00\u4e2a\u9488\u5bf9nginx\u5d4c\u5957\u590d\u7528\u7ed3\u6784\u7684playbook\u90e8\u7f72\u5b9e\u4f8b:<\/p>\n
1. \u6784\u5efa\u76ee\u5f55\u7ed3\u6784<\/p>\n
# cd \/etc\/ansible\/<\/p>\n
# mkdir\u00a0group_vars<\/p>\n
# mkdir roles<\/p>\n
2.\u5b9a\u4e49host<\/p>\n
# vi \/etc\/ansible\/hosts<\/p>\n
[webservers]\nclient01.example.com\nclient02.example.com\n[nginx01]\nclient01.example.com\n[nginx02]\nclient02.example.com<\/pre>\n
3.\u5b9a\u4e49\u53d8\u91cf<\/p>\n
# vi\u00a0\/etc\/ansible\/group_vars\/nginx01<\/p>\n
worker_processes: 4\nnum_cpus: 4\nmax_open_file: 65506\nroot: \/data\nremote_user: root<\/pre>\n
# vi\u00a0\/etc\/ansible\/group_vars\/nginx02<\/p>\n
worker_processes: 2\nnum_cpus: 2\nmax_open_file: 35506\nroot: \/www\nremote_user: root<\/pre>\n
Tips:\u8fd9\u91cc\u5728group_vars\u4e0b\u5b9a\u4e49\u7684\u6587\u4ef6\u540d\u5fc5\u987b\u5bf9\u5e94hosts\u6587\u4ef6\u4e0b\u7684group\u6807\u7b7e, \u901a\u8fc7\u8fd9\u91cc\u5b9a\u4e49\u7684\u4e0d\u540c\u53c2\u6570\u4ece\u800c\u90e8\u7f72\u4e0d\u540c\u7c7b\u578b\u7684\u4e3b\u673a\u914d\u7f6e.<\/p>\n
4.\u521b\u5efaroles\u5165\u53e3\u6587\u4ef6<\/p>\n
# vi\u00a0\/etc\/ansible\/site.yml<\/p>\n
- hosts: webservers\n  roles:\n  - base_env\n- hosts: nginx01\n  roles:\n  - nginx01\n- hosts: nginx02\n  roles:\n  - nginx02<\/pre>\n
Tips: \u8fd9\u91cc\u7684roles:<\/strong>\u4e0b\u7684\u5b57\u7b26\u4e32\u9700\u5bf9\u5e94roles\u76ee\u5f55\u4e0b\u7684\u76ee\u5f55\u540d.<\/p>\n
5.\u5b9a\u4e49\u5168\u5c40role base_env<\/p>\n
\u521b\u5efa\u76ee\u5f55\u7ed3\u6784<\/p>\n
# mkdir\u00a0-p\u00a0\/etc\/ansible\/roles\/base_env\/tasks<\/p>\n
# vi\u00a0\/etc\/ansible\/roles\/base_env\/tasks\/main.yml<\/p>\n
# \u5c06EPEL\u7684yum\u6e90\u914d\u7f6e\u6587\u4ef6\u4f20\u9001\u5230\u5ba2\u6237\u7aef\n- name: Create the contains common plays that will run on all nodes\n  copy: src=epel.repo dest=\/etc\/yum.repos.d\/epel.repo\n- name: Create the GPG key for EPEL\n  copy: src=RPM-GPG-KEY-EPEL-6 dest=\/etc\/pki\/rpm-gpg\n\n# \u5173\u95edSELINUX\n- name: test to see if selling is running\n  command: getenforce\n  register: sestatus\n  changed_when: false\n\n# \u5220\u9664iptables\u9ed8\u8ba4\u89c4\u5219\u5e76\u4fdd\u5b58\n- name: remove the default iptables rules\n  command: iptables -F\n- name: save iptables rules\n  command: service iptables save<\/pre>\n
\u5c06\u5bf9\u5e94\u9700\u8981\u62f7\u8d1d\u5230\u8fdc\u7a0b\u7684\u6587\u4ef6\u590d\u5236\u5230base_env\/files\u76ee\u5f55\u4e0b<\/p>\n
# mkdir -p\u00a0\u00a0\/etc\/ansible\/roles\/base_env\/files<\/p>\n
# cp\u00a0\/etc\/yum.repos.d\/epel.repo\u00a0\/etc\/ansible\/roles\/base_env\/files<\/p>\n
# cp\u00a0\/etc\/pki\/rpm-gpg\/RPM-GPG-KEY-EPEL-6\u00a0\/etc\/ansible\/roles\/base_env\/files<\/p>\n
6. \u5b9a\u4e49nginx01\u548cngnix02 role<\/p>\n
\u521b\u5efa\u76ee\u5f55\u7ed3\u6784<\/p>\n
# mkdir -p\u00a0\/etc\/ansible\/roles\/nginx{01,02}<\/p>\n
# mkdir -p\u00a0\/etc\/ansible\/roles\/nginx01\/tasks<\/p>\n
# mkdir -p\u00a0\/etc\/ansible\/roles\/nginx02\/tasks<\/p>\n
# vi\u00a0\/etc\/ansible\/roles\/nginx01\/tasks\/main.yml<\/p>\n
# \u5b89\u88c5nginx\u6700\u65b0\u7248\u672c\n- name: ensure nginx is at the latest version\n  yum: pkg=nginx state=latest\n\n# \u5c06nginx\u914d\u7f6e\u6587\u4ef6\u4f20\u9001\u5230\u8fdc\u7a0b\u76ee\u5f55\n- name: write the nginx config file\n  template: src=nginx.conf dest=\/etc\/nginx\/nginx.conf\n  notify: restart nginx # \u91cd\u542fnginx\n\n# \u521b\u5efanginx\u6839\u76ee\u5f55\n- name: Create Web Root\n  file: dest={{ root }} mode=775 state=directory owner=nginx group=nginx\n  notify: reload nginx\n- name: ensure nginx is running\n  service: name=nginx state=restarted<\/pre>\n
# cp \/home\/ansible\/roles\/nginx01\/tasks\/main.yml\u00a0\/home\/ansible\/roles\/nginx02\/tasks\/main.yml<\/p>\n
7.\u5b9a\u4e49files<\/p>\n
# mkdir -p \/etc\/ansible\/roles\/nginx01\/templates<\/p>\n
# mkdir -p\u00a0\/etc\/ansible\/roles\/nginx02\/templates<\/p>\n
# vi\u00a0\/etc\/ansible\/roles\/nginx01\/templates\/nginx.conf<\/p>\n
# For more information on configuration, see:\n\nuser              nginx;\nworker_processes  {{ worker_processes }};\n{% if num_cpus == 2 %}\nworker_cpu_affinity 01 10;\n{% elif num_cpus == 4 %}\nworker_cpu_affinity 1000 0100 0010 0001;\n{% elif num_cpus >= 8 %}\nworker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;\n{% else %}\nworker_cpu_affinity 1000 0100 0010 0001;\n{% endif %}\nworker_rlimit_nofile {{ max_open_file }};\n\nerror_log  \/var\/log\/nginx\/error.log;\n#error_log  \/var\/log\/nginx\/error.log  notice;\n#error_log  \/var\/log\/nginx\/error.log  info;\n\npid        \/var\/run\/nginx.pid;\n\nevents {\n    worker_connections  {{ max_open_file }};\n}\n\n\nhttp {\n    include       \/etc\/nginx\/mime.types;\n    default_type  application\/octet-stream;\n\n    log_format  main  '$remote_addr - $remote_user [$time_local] \"$request\" '\n                      '$status $body_bytes_sent \"$http_referer\" '\n                      '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n    access_log  \/var\/log\/nginx\/access.log  main;\n\n    sendfile        on;\n    #tcp_nopush     on;\n\n    #keepalive_timeout  0;\n    keepalive_timeout  65;\n\n    #gzip  on;\n\n    # Load config files from the \/etc\/nginx\/conf.d directory\n    # The default server is in conf.d\/default.conf\n    #include \/etc\/nginx\/conf.d\/*.conf;\n    server {\n        listen       80 default_server;\n        server_name  _;\n\n        #charset koi8-r;\n\n        #access_log  logs\/host.access.log  main;\n\n        location \/ {\n            root   {{ root }};\n            index  index.html index.htm;\n        }\n\n        error_page  404              \/404.html;\n        location = \/404.html {\n            root   \/usr\/share\/nginx\/html;\n        }\n\n        # redirect server error pages to the static page \/50x.html\n        #\n        error_page   500 502 503 504  \/50x.html;\n        location = \/50x.html {\n            root   \/usr\/share\/nginx\/html;\n        }\n\n    }\n\n}<\/pre>\n
Tip:\u00a0worker_processes, num_cpus, max_open_file, root\u7b49\u53c2\u6570\u4f1a\u8c03\u7528group_vars\u76ee\u5f55\u4e0b\u914d\u7f6e\u6587\u4ef6\u4e2d\u76f8\u5e94\u7684\u53d8\u91cf\u503c<\/p>\n
# cp\u00a0\/etc\/ansible\/roles\/nginx01\/templates\/nginx.conf\u00a0\u00a0\/etc\/ansible\/roles\/nginx02\/templates\/nginx.conf<\/p>\n
8.\u6267\u884cplaybook<\/p>\n
# ansible-playbook -i\u00a0\/etc\/ansible\/hosts\u00a0\/etc\/ansible\/site.yml -f 10<\/p>\n
Tips: -f \u4e3a\u542f\u52a810\u4e2a\u5e76\u884c\u8fdb\u7a0b\u6267\u884cplaybook, -i \u5b9a\u4e49inventory host\u6587\u4ef6, site.yml \u4e3a\u5165\u53e3\u6587\u4ef6<\/p>\n
PLAY [webservers] *************************************************************\n\nGATHERING FACTS ***************************************************************\nok: [client02.example.com]\nok: [client01.example.com]\n\nTASK: [base_env | Create the contains common plays that will run on all nodes] ***\nok: [client01.example.com]\nok: [client02.example.com]\n\nTASK: [base_env | Create the GPG key for EPEL] ********************************\nok: [client02.example.com]\nok: [client01.example.com]\n\nTASK: [base_env | test to see if selling is running] **************************\nok: [client01.example.com]\nok: [client02.example.com]\n\nTASK: [base_env | remove the default iptables rules] **************************\nchanged: [client02.example.com]\nchanged: [client01.example.com]\n\nTASK: [base_env | save iptables rules] ****************************************\nchanged: [client01.example.com]\nchanged: [client02.example.com]\n\nPLAY [nginx01] ****************************************************************\n\nGATHERING FACTS ***************************************************************\nok: [client01.example.com]\n\nTASK: [nginx01 | ensure nginx is at the latest version] ***********************\nok: [client01.example.com]\n\nTASK: [nginx01 | write the nginx config file] *********************************\nok: [client01.example.com]\n\nTASK: [nginx01 | Create Web Root] *********************************************\nok: [client01.example.com]\n\nTASK: [nginx01 | ensure nginx is running] *************************************\nchanged: [client01.example.com]\n\nPLAY [nginx02] ****************************************************************\n\nGATHERING FACTS ***************************************************************\nok: [client02.example.com]\n\nTASK: [nginx02 | ensure nginx is at the latest version] ***********************\nok: [client02.example.com]\n\nTASK: [nginx02 | write the nginx config file] *********************************\nok: [client02.example.com]\n\nTASK: [nginx02 | Create Web Root] *********************************************\nok: [client02.example.com]\n\nTASK: [nginx02 | ensure nginx is running] *************************************\nchanged: [client02.example.com]\n\nPLAY RECAP ********************************************************************\nclient01.example.com       : ok=11   changed=3    unreachable=0    failed=0\nclient02.example.com       : ok=11   changed=3    unreachable=0    failed=0<\/pre>\n
\u6700\u7ec8\u90e8\u7f72\u76ee\u5f55\u7ed3\u6784\u5982\u4e0b<\/p>\n
# tree \/etc\/ansible\/<\/p>\n
\/etc\/ansible\/\n\u251c\u2500\u2500 ansible.cfg\n\u251c\u2500\u2500 group_vars\n\u2502   \u251c\u2500\u2500 nginx01\n\u2502   \u2514\u2500\u2500 nginx02\n\u251c\u2500\u2500 hosts\n\u251c\u2500\u2500 hosts.bak\n\u251c\u2500\u2500 roles\n\u2502   \u251c\u2500\u2500 base_env\n\u2502   \u2502   \u251c\u2500\u2500 files\n\u2502   \u2502   \u2502   \u251c\u2500\u2500 epel.repo\n\u2502   \u2502   \u2502   \u2514\u2500\u2500 RPM-GPG-KEY-EPEL-6\n\u2502   \u2502   \u2514\u2500\u2500 tasks\n\u2502   \u2502       \u2514\u2500\u2500 main.yml\n\u2502   \u251c\u2500\u2500 nginx01\n\u2502   \u2502   \u251c\u2500\u2500 tasks\n\u2502   \u2502   \u2502   \u2514\u2500\u2500 main.yml\n\u2502   \u2502   \u2514\u2500\u2500 templates\n\u2502   \u2502       \u2514\u2500\u2500 nginx.conf\n\u2502   \u2514\u2500\u2500 nginx02\n\u2502       \u251c\u2500\u2500 tasks\n\u2502       \u2502   \u2514\u2500\u2500 main.yml\n\u2502       \u2514\u2500\u2500 templates\n\u2502           \u2514\u2500\u2500 nginx.conf\n\u2514\u2500\u2500 site.yml\n\n11 directories, 13 files<\/pre>\n
\u5230\u6b64, \u90e8\u7f72nignx\u5230\u4e24\u53f0\u8fdc\u7a0bwebserver\u670d\u52a1\u5668\u5168\u90e8\u5b8c\u6210.<\/p>\n","protected":false},"excerpt":{"rendered":"
Ansible\u662f\u4e00\u79cd\u96c6\u6210IT\u7cfb\u7edf\u7684\u914d\u7f6e\u7ba1\u7406, \u5e94\u7528\u90e8\u7f72, \u6267\u884c\u7279\u5b9a\u4efb\u52a1\u7684\u5f00\u6e90\u5e73\u53f0. \u5b83\u57fa\u4e8ePython\u8bed\u8a00\u5b9e\u73b0, \u90e8\u7f72\u53ea\u9700\u5728\u4e3b\u63a7\u7aef\u90e8\u7f72Ansible\u73af\u5883, \u88ab\u63a7\u7aef\u65e0\u9700\u5b89\u88c5\u4ee3\u7406\u5de5\u5177, \u53ea\u9700\u6253\u5f00SSH, \u8ba9\u4e3b\u63a7\u7aef\u901a\u8fc7SSH\u79d8\u94a5\u8ba4\u8bc1\u5bf9\u5176\u8fdb\u884c\u6240\u6709\u7684\u7ba1\u7406\u76d1\u63a7\u64cd\u4f5c. \u76f8\u5bf9\u4e8eSaltStack, \u5b83\u9664\u4e86\u5229\u7528SSH\u5b89\u5168\u4f20\u8f93, \u65e0\u9700\u5728\u5ba2\u6237\u7aef\u8fdb\u884c\u4efb\u4f55\u914d\u7f6e, \u800c\u4e14\u5b83\u6709\u4e00\u4e2a\u5f88\u5e9e\u5927\u7684\u7528\u6237\u7fa4\u4f53\u4ee5\u53ca\u4e30\u5bcc\u7684API, \u76f8\u5bf9\u9002\u5408\u90e8\u7f72\u5230\u6570\u91cf\u6bd4\u8f83\u5927\u4e14\u5bf9\u7cfb\u7edf\u8f6f\u4ef6\u5b89\u88c5\u8981\u6c42\u6bd4\u8f83\u4e25\u683c\u7684\u96c6\u7fa4\u4e2d. \u66f4\u591a\u914d\u7f6e\u53c2\u8003:\u00a0https:\/\/github.com\/ansible \u5b98\u65b9\u6587\u6863:\u00a0http:\/\/docs.ansible.com\/ansible \u672c\u6587\u5c06\u5e2e\u52a9\u5927\u5bb6\u5982\u4f55\u5feb\u901f\u90e8\u7f72\u4e00\u4e2aAnsible\u5e73\u53f0. \u5b89\u88c5\u73af\u5883: System: Centos 6.7 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-97","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts\/97","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=97"}],"version-history":[{"count":0,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=\/wp\/v2\/posts\/97\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=97"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=97"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.jsjs.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=97"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}