ansible簡介以及一些常用用法

1. ansible

提高效率自動化運維的工具

  • 自動化:
    系統自動化(PXE+KS/PXE+cobblet)
    程序自動化(ansible/saltstack/pupper)
    代碼自動化(JenKins)

程序自動化分爲兩類

1) C/S架構: saltstack puppet
2) 無客戶端模式: ansible(主控端/被控端)

三者區別

ansible: 基於Python開發,使用ssh 協議,沒有客戶端,200-300臺被控端,適用於中小型應用環境,一個系統控制多臺主機

saltstack :基於Python開發,支持統一管理,比較輕量級 500
PYthon編寫,需要部署 agent 主控制端通過安裝在被控制端的代理來對被控端進行操作

puppet: ruby語言編寫,重型,適合大型環境,谷歌使用 軟件過於複雜,國內一般不使用 1000+


、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、

1. 實驗環境

ansible(控制端) : 192.168.116.10/24
server_1 (被控制端): 192.168.116.11/24
server_2(被控制端): 192.168.116.12/24
server_3(被控制端): 192.168.116.13/24

1)安裝ansible

  • 安裝 系統擴展yum源
yum -y install epel-release	
#  epel(extend packages for Enterprose) 屬於 企業版linux擴展源yum 包
  • 創建 yum 緩存,加快下載安裝速度。
[root@tianci ~]# yum makecache fast		
  • 安裝ansible
[root@tianci ~]# yum -y install ansible		

2. 生成祕鑰對

  • 生成祕鑰對,用於免密登錄其他服務器
    另外兩臺服務器也需要

    [root@tianci ~]# ssh-keygen 
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 
    Created directory '/root/.ssh'.
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:6lDiyTi6pBp5q898/TB173uor6CjmeeBkG0u4LCY49M root@tianci
    The key's randomart image is:
    +---[RSA 2048]----+
    |                 |
    |                 |
    |                 |
    |   o             |
    |o o + . S .      |
    |+= B = o . .     |
    |Bo* B.= .   ..   |
    |+O E.=+= . .. .  |
    |B=*.+++o. o++o   |
    +----[SHA256]-----+
    
[root@tianci ~]# ls /root/.ssh/
id_rsa  id_rsa.pub

id_rsa —》 私鑰
id_rsa.pub —》公鑰

  • 將公鑰傳輸並追加至 指定的客戶端,.ssh/authorized_keys(記錄公鑰文件)
[root@tianci ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.116.11 (192.168.116.11)' can't be established.
ECDSA key fingerprint is SHA256:RFjKa//P/N+GhPwpj1/7/StnVP8o7DeQyHfLsjzdDQI.
ECDSA key fingerprint is MD5:64:d6:a3:e8:28:90:46:48:3f:aa:c4:0c:a9:06:ea:31.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
  • 連接進行驗證
[root@tianci ~]# ssh [email protected]
Last login: Fri Sep 27 22:41:03 2019 from 1.1.1.11
[root@localhost ~]# exit
登出
Connection to 192.168.116.11 closed.
  • 傳輸公鑰
[root@tianci ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
[root@tianci ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]

3. 配置文件

ansible.cfg  		----》 配置文件,位於 /etc/ansible/ansible.cfg ,默認不需要修改
hosts				---》 主機清單, 位於 /etc/ansible/hosts  ,需要修改
roles				---》	角色:是一種編寫習慣,可以自己編寫,實現快速的部署
  • 修改 hosts 主機清單 文件
    添加ansible所控制的主機,在hosts 中可以 定義一個標籤(組名)並添加對應主機
    可以根據需求設置對應的組名以及管理地址

  • 在hosts 主機清單末尾追加

[root@localhost ~]# vim /etc/ansible/hosts
[dbserver]            # 自定義標籤(name),相當於組名
192.168.116.11        # 所包含的主機

[webservers]          # 組名/標籤
192.168.116.12
192.168.116.13
# 保存退出
  • 查看ansible 版本號

    [root@tianci ~]# ansible --version
    ansible 2.9.2
      config file = /etc/ansible/ansible.cfg
      configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
      ansible python module location = /usr/lib/python2.7/site-packages/ansible
      executable location = /usr/bin/ansible
      python version = 2.7.5 (default, Apr 11 2018, 07:36:10) [GCC 4.8.5 20150623 (Red Hat 4.8.5-28)]
    

    5.ansible 模塊

  • 查看ansible 的模塊有多少以及有哪些

    [root@tianci ~]# ansible-doc -l | wc -l
    3387
    
  • 查看指定模塊用法

    ansible  -s  模塊名
    
  • ansible 使用模塊格式

ansible 操作對象  -m 模塊名  -a  ‘模塊參數’ 

​ 參數:
​ -a 某些模塊中可以省略

  • 測試 ansible 與所有服務器(hosts 中包含的地址)連接情況
    • 如果都沒得問題,爲安全色(綠色)
ansible all -m ping 

​ 參數:

​ all 表示所有操作對象

例:

[root@tianci ~]# ansible all -m ping 

192.168.116.11 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.116.12 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}
192.168.116.13 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "ping": "pong"
}

1) command 模塊

  • 主要用於執行簡單的shell命令;執行復雜的shell命令會報錯
    • 一般用不到
    • command 模塊稍微複雜一點就傻逼了
  • 爲 操作對象 dbserver組 添加 command 模塊 並在該種中執行指定命令
[root@tianci ~]# ansible dbserver -m command -a 'ls /root'

192.168.116.11 | CHANGED | rc=0 >>
anaconda-ks.cfg
  • 執行一條稍微兒複雜一點的命令
[root@tianci ~]# ansible dbserver -m command -a 'cat /etc/passwd | wc -l'
192.168.116.11 | FAILED | rc=1 >>
cat:無效選項 -- l
Try 'cat --help' for more information.non-zero return code

2) shell模塊

  • shell模塊可以執行所有的命令

  • 執行上一條讓 command 懵逼的命令

[root@tianci ~]# ansible dbserver -m shell -a 'cat /etc/passwd | wc -l'
192.168.116.11 | CHANGED | rc=0 >>
19

3) cron 模塊

  • 用於爲被控制端設置自動化任務;
    cron == crontab
  • 爲 dbserver中的主機設置一個 crontab
ansible dbserver -m cron -a 'minute="*/2" job="data >> /tmp/date.txt" name="show date" state=present'

參數:

爲 dbserver 組 添加自動化任務,minute= 計劃任務, job=執行語句 name= 描述信息 state=添加/移除

state=present 一般表示添加,新添加的計劃任務

state=absent 一般表示移除

[root@tianci ~]# ansible dbserver -m cron -a 'minute="*/2" job="data >> /tmp/date.txt" name="show date" state=present'

192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true,      ## true 更改成功
    "envs": [], 
    "jobs": [
        "show date"
    ]
}

# 
  • 在被控端查看計劃任務
[root@localhost ~]# crontab -l -u root
#Ansible: show date
*/2 * * * * data >> /tmp/date.txt
  • 移除改組的計劃任務
    • 移除的時候只需要指定 name
[root@tianci ~]# ansible dbserver -m cron -a 'name="show date" state=absent'
192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": []
}
  • 查看驗證(192.168.116.11)
[root@localhost ~]# crontab -l -u root
name

4) user 模塊

  • 主要用於:
1)	useradd one
2)	passwd one
3)	useradd -M -s /sbin/nologin nginx
4)	 useradd -u 1111 nginx
5)	 userdel -r one
  • 例子: 通過user 模塊 創建模塊

    ansible dbserver -m user -a 'name=now state=present'
    
創建一個用戶,   name= 用戶名   state=創建
[root@tianci ~]# ansible dbserver -m user -a 'name=now state=present'

192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1000, 
    "home": "/home/now", 
    "name": "now", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1000
}


  • 例子: 通過 shell 模塊 爲用戶添加密碼
[root@tianci ~]# ansible dbserver -m shell -a 'echo "123.com" | passwd --stdin now'
[root@tianci ~]# ansible dbserver -m shell -a 'echo "123.com" | passwd --stdin now'

192.168.116.11 | CHANGED | rc=0 >>
更改用戶 now 的密碼 。
passwd:所有的身份驗證令牌已經成功更新。
  • 例子: 通過 user 模塊 創建用戶並賦值密碼
    PS: user 模塊中加密 需要使用密文密碼
 首先使用 openssl passwd 生成加密後的密文

[root@tianci ~]# openssl passwd '123.com'
bQs.zEBJmFOLw
[root@tianci ~]# ansible dbserver -m user -a 'name=two password="bQs.zEBJmFOLw" state=present'

# name=用戶  password=密文密碼    state=添加

[WARNING]: The input password appears not to have been hashed. The 'password' argument must be encrypted for this module to work properly.

192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1001, 
    "home": "/home/two", 
    "name": "two", 
    "password": "NOT_LOGGING_PASSWORD", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1001
}
  • 例子: 使用 user 模塊指定家目錄創建
[root@tianci ~]# ansible dbserver -m user -a 'name=nginx create_home=no shell=/no/login state=present'

  # name=用戶  create_home=創建家目錄 no 爲不    shell=指定登錄環境   

  192.168.116.11 | CHANGED => {
      "ansible_facts": {
          "discovered_interpreter_python": "/usr/bin/python"
      }, 
      "changed": true, 
      "comment": "", 
      "create_home": false, 
      "group": 1002, 
      "home": "/home/nginx", 
      "name": "nginx", 
      "shell": "/no/login", 
      "state": "present", 
      "system": false, 
      "uid": 1002
  }

  [root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/passwd | grep "nginx"'
  192.168.116.11 | CHANGED | rc=0 >>
  nginx:x:1002:1002::/home/nginx:/no/login

  

# 通過驗證我們發現,該用戶也有家目錄,但是我們設置不爲其創建家目錄,這是怎麼回事呢
# 是因爲這是一個小BUG,只是顯示有而已,但是沒有家目錄哦

[root@tianci ~]# ansible dbserver -m shell -a 'ls /home/nginx'
192.168.116.11 | FAILED | rc=2 >>
ls: 無法訪問/home/nginx: 沒有那個文件或目錄non-zero return code

  • 例子: 使用 user 模塊創建用戶並指定 uid

    [root@tianci ~]# ansible dbserver -m user -a 'name=three uid=1111 state=present'
      192.168.116.11 | CHANGED => {
          "ansible_facts": {
              "discovered_interpreter_python": "/usr/bin/python"
          }, 
          "changed": true, 
          "comment": "", 
          "create_home": true, 
          "group": 1111, 
          "home": "/home/three", 
          "name": "three", 
          "shell": "/bin/bash", 
          "state": "present", 
          "system": false, 
          "uid": 1111
      }
    
    # 驗證
    
    [root@tianci ~]# ansible dbserver -m shell -a 'id three'
    192.168.116.11 | CHANGED | rc=0 >>
    uid=1111(three) gid=1111(three)=1111(three)
    
    
    
  • 例子: 使用 user 模塊刪除用戶

[root@tianci ~]# ansible dbserver -m user -a 'name=noe remove=yes state=present'
# name=刪用戶名         remove=是否刪除      
192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1112, 
    "home": "/home/noe", 
    "name": "noe", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1112
}

5) group 模塊

  • 添加 組
    例子: 通過 group模塊添加組並指定 gid

     [root@tianci ~]# ansible dbserver -m group -a 'name=market system=yes state=present gid=1234'
    
    # name=組名       system=該組是否出現在遠程主機上 
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "gid": 1234, 
        "name": "market", 
        "state": "present", 
        "system": true
    }
    
    # 驗證
    
    [root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/group | grep "market"'
    192.168.116.11 | CHANGED | rc=0 >>
    market:x:995:
    
    
    
  • 例子: 通過 group 模塊 刪除組
    刪除

     [root@tianci ~]# ansible dbserver -m group -a 'name=market state=absent'
    
     # name=組名      state=執行
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "name": "market", 
        "state": "absent"
    }
    
    # 驗證
    
    [root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/group | grep "market"'
    192.168.116.11 | FAILED | rc=1 >>
    non-zero return code
    

6) copy 模塊

1) 從主控端複製文件到被控制端(類似於scp)
2) 主控制被控制複製和粘貼被控制的文件

[root@tianci ~]# echo "copy module of ansible " > ansible.txt
[root@tianci ~]# ansible all -m copy -a 'src=/root/ansible.txt dest=/root'                # 將ansible 本身的 文件 複製粘貼至 所有主機中 /root下

# src=複製(本地)     dest=目標地址(被控端)

# 驗證

[root@tianci ~]# andible all -m shell -a 'cat /root/ansible.txt'
bash: andible: 未找到命令...
[root@tianci ~]# ansible all -m shell -a 'cat /root/ansible.txt'
192.168.116.13 | CHANGED | rc=0 >>
copy module of ansible

192.168.116.11 | CHANGED | rc=0 >>
copy module of ansible

192.168.116.12 | CHANGED | rc=0 >>
copy module of ansible


# 添加remote_src=yes 表示複製粘貼都在 ansible主機執行

[root@tianci ~]# ansible webservers -m copy -a 'src=/etc/resolv.conf dest=/rot remote_src=yes'          ## 驗證ansible的冪等性;
[root@tianci ~]# ansible webservers -m copy -a 'src=/etc/resolv.conf dest=/rot remote_src=yes backup=yes'      ## 修改一下被控制端/root/resolv.conf 的內容,使其可以發生文件覆蓋,此時加上backup 將覆蓋文件前的文件進行備份

# src=源    dest=目標地址    remote_src=如果是yes將src轉到遠程主機上

# backup=覆蓋時是否進行備份 ,在復重複制時ansible會比較兩個文件中的內容,如果一樣則不會進行覆蓋,但是會提示執行完畢

# 如果內容不一樣則會覆蓋,但是backup會將源文件進行備份(日期+時間+文加名)


7) file 模塊

1)	修改文件屬性(owner group mode權限) 	---》 chown  chmod
2)	軟連接、硬鏈接
3)	創建目錄或者文件
4)	刪除文件或者目錄
5)	 遞歸設置目錄權限以及屬主屬組
  • 例子:更改文件或者目錄屬主屬組

    - [root@tianci ~]# ansible dbserver -m file -a 'path=/root/anaconda-ks.cfg owner=tianci group=tianci'
    
    # path=文件路徑      owner=屬主      group=屬組
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "gid": 1000, 
        "group": "tianci", 
        "mode": "0600", 
        "owner": "tianci", 
        "path": "/root/anaconda-ks.cfg", 
        "secontext": "system_u:object_r:admin_home_t:s0", 
        "size": 1257, 
        "state": "file", 
        "uid": 1000
    

    驗證 :

 [root@tianci ~]# ansible dbserver -m shell -a 'ls -l /root/anaconda-ks.cfg'
192.168.116.11 | CHANGED | rc=0 >>
-rw-------. 1 tianci tianci 1257 9月  27 22:17 /root/anaconda-ks.cfg
  • 例子:修改文件權限

    - [root@tianci ~]# ansible dbserver -m file -a 'path=/root/anaconda-ks.cfg mode=7777'
      192.168.116.11 | CHANGED => {
          "ansible_facts": {
              "discovered_interpreter_python": "/usr/bin/python"
          }, 
          "changed": true, 
          "gid": 1000, 
          "group": "now", 
          "mode": "07777", 
          "owner": "now", 
          "path": "/root/anaconda-ks.cfg", 
          "secontext": "system_u:object_r:admin_home_t:s0", 
          "size": 1257, 
          "state": "file", 
          "uid": 1000
      }
    
    # 驗證
    
    [root@tianci ~]# ansible dbserver -m shell -a 'ls -l /root/anaconda-ks.cfg'
    192.168.116.11 | CHANGED | rc=0 >>
    -rwsrwsrwt. 1 tianci tianci 1257 9月  27 22:17 /root/anaconda-ks.cfg
    
    
    
  • 例子:創建軟連接與硬鏈接

    • 軟連接
[root@tianci ~]# ansible dbserver -m file -a 'src=/etc/hosts dest=/root/host state=link'

# src=源        dest=目標       state= link  軟連接

192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "dest": "/root/host", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "secontext": "unconfined_u:object_r:admin_home_t:s0", 
    "size": 10, 
    "src": "/etc/hosts", 
    "state": "link", 
    "uid": 0
}

state=link 軟連接

state=hard 硬鏈接

  • 硬鏈接
[root@tianci ~]# ansible dbserver -m file -a 'src=/etc/hosts dest=/root/hosts state=hard'
192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "dest": "/root/hosts", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "secontext": "system_u:object_r:net_conf_t:s0", 
    "size": 158, 
    "src": "/etc/hosts", 
    "state": "hard", 
    "uid": 0
}
  • 在被控制端查看
[root@localhost ~]# ll /root/
總用量 12
-rwsrwsrwt. 1 now  now  1257 9月  27 22:17 anaconda-ks.cfg
-rw-r--r--. 1 root root   24 1月   8 16:08 ansible.txt
lrwxrwxrwx. 1 root root   10 1月   8 16:43 host -> /etc/hosts               ## 軟連接
-rw-r--r--. 2 root root  158 6月   7 2013 hosts                             ## 硬鏈接
  • 例子:創建文件

    - [root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file.txt state=touch'
    
    # state=touch  創建文件  
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "dest": "/tmp/file.txt", 
        "gid": 0, 
        "group": "root", 
        "mode": "0644", 
        "owner": "root", 
        "secontext": "unconfined_u:object_r:user_tmp_t:s0", 
        "size": 0, 
        "state": "file", 
        "uid": 0
    }
    
    # 驗證
    
    [root@tianci ~]# ansible dbserver -m shell -a 'ls /root/file.txt'
    192.168.116.11 | CHANGED | rc=0 >>
    /root/file.txt
    
    
    
  • 創建目錄

     [root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file state=directory'
    
    # state=directory    創建目錄
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "gid": 0, 
        "group": "root", 
        "mode": "0755", 
        "owner": "root", 
        "path": "/tmp/file", 
        "secontext": "unconfined_u:object_r:user_tmp_t:s0", 
        "size": 6, 
        "state": "directory", 
        "uid": 0
    }
    
    # 驗證
    
    [root@tianci ~]# ansible dbserver -m shell -a 'ls /tmp/ | grep 'file''
    192.168.116.11 | CHANGED | rc=0 >>
    file
    
  • 刪除目錄

    - [root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file state=absent'
    
    # state=absent    移除
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "path": "/tmp/file", 
        "state": "absent"
    }
    
    # 驗證
    
    [root@tianci ~]# ansible dbserver -m shell -a 'ls /tmp/ | grep 'file''
    192.168.116.11 | CHANGED | rc=0 >>
    
  • 遞歸設置權限

# 如果指定目錄或者文件不存在則創建

[root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file mode=0777 recurse=yes'
192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "path": "/tmp/file", 
    "secontext": "unconfined_u:object_r:user_tmp_t:s0", 
    "size": 6, 
    "state": "directory", 
    "uid": 0
}

# 驗證

[root@tianci ~]# ansible dbserver -m shell -a 'ls -l /tmp/ | grep 'file''
192.168.116.11 | CHANGED | rc=0 >>
drwxr-xr-x. 2 now now    6 1月   8 22:41 file
  • 遞歸設置屬主屬組
[root@tianci ~]# ansible dbserver -m file -a 'path=/tmp/file owner=now group=now recurse=yes'

# recurse=yes     是否遞歸

192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "gid": 1000, 
    "group": "now", 
    "mode": "0777", 
    "owner": "now", 
    "path": "/tmp/file", 
    "secontext": "unconfined_u:object_r:user_tmp_t:s0", 
    "size": 6, 
    "state": "directory", 
    "uid": 1000
}


8) yum 模塊

  • 作用: 主控端空值被控端 使其使用yum 安裝rpm包
    PS: 被控端yum 可用
    常規操作:
    yum -y install
    yum -y remove

  • 例子:通過 yum 模塊安裝

    - [root@tianci ~]# ansible dbserver -m yum -a 'name=wget state=present'
    
    # name=rpm包名字,如果安裝多個用逗號隔開即可
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "changes": {
            "installed": [
                "wget"
            ]
        }
    
  • 例子: 通過 yum 模塊卸載

    [root@tianci ~]# ansible dbserver -m yum -a 'name=gcc,c++ state=absent'
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "changes": {
            "removed": [
                "gcc"
            ]
        }
    
  • service 模塊
    作用: 操控被控制端開啓,關閉、重啓、重載(視具體服務而定)
    1) notice: service 可以管理rpm包安裝的服務源碼安裝的服務建議使用shell模塊直接執行命令

服務狀態(state)
started / stopped / restarted

例子:關閉防火牆

[root@tianci ~]# ansible dbserver -m service -a 'name=firewalld state=stopped'

# name=服務名字

192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "name": "firewalld", 
    "state": "stopped", 

## 類似於以下這種情況一般是 該軟件已經存在


[root@tianci ~]# ansible dbserver -m yum -a 'name=wget state=present'
192.168.116.11 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "wget-1.14-15.el7_4.1.x86_64 providing wget is already installed"
    ]
}
[root@tianci ~]# ansible dbserver -m shell -a 'rpm -qa | grep wget'
[WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.  If you need to use command because yum, dnf or zypper is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.

192.168.116.11 | CHANGED | rc=0 >>
wget-1.14-15.el7_4.1.x86_64


  1. hostname 修改主機名
	1)	 hostname  	臨時
	2)	hostnamectl    永久
	3)	vim 配置文件
	4)	通過 ansible hostname模塊
  • 例子: 通過hostname修改主機名

    - [root@tianci ~]# ansible dbserver -m hostname -a 'name=localhost.localdomain'
    
    # name=名字
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "ansible_domain": "localdomain", 
            "ansible_fqdn": "localhost.localdomain", 
            "ansible_hostname": "localhost", 
            "ansible_nodename": "localhost.localdomain", 
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "name": "localhost.localdomain"
    }
    

9) script 模塊

  • 作用:用於將主控端的腳本在被控端運行

常用的腳本:

​ 1)shell ----》 .sh
​ 2)python ----》 .py

  • 例子: 通過 script 模塊 執行主控端腳本

  • 首先編寫腳本文件,批量創建用戶( user1–user10)

[root@tianci ~]# vim test.sh

#! /bin/bash
for i in {1..10}
        do
                useradd user$i
                echo "123.com" | passwd --stdin user$i
        done
  • 調用腳本
[root@tianci ~]# ansible dbserver -m script -a '/root/test.sh'

# 調用主控端腳本不需要使用任何參數,直接輸入腳本位置即可。

192.168.116.11 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.116.11 closed.\r\n", 
    "stderr_lines": [
…………
…………
        "更改用戶 user9 的密碼 。", 
        "passwd:所有的身份驗證令牌已經成功更新。", 
        "更改用戶 user10 的密碼 。", 
        "passwd:所有的身份驗證令牌已經成功更新。"
    ]
}



  • 驗證
[root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/passwd'
192.168.116.11 | CHANGED | rc=0 >>
user1:x:1113:1113::/home/user1:/bin/bash
user2:x:1114:1114::/home/user2:/bin/bash
user3:x:1115:1115::/home/user3:/bin/bash
user4:x:1116:1116::/home/user4:/bin/bash
user5:x:1117:1117::/home/user5:/bin/bash
user6:x:1118:1118::/home/user6:/bin/bash
user7:x:1119:1119::/home/user7:/bin/bash
user8:x:1120:1120::/home/user8:/bin/bash
user9:x:1121:1121::/home/user9:/bin/bash
user10:x:1122:1122::/home/user10:/bin/bash
  • 例子: 通過script 模塊 執行腳本批量刪除用戶 (user1 – user10)

    - [root@tianci ~]# vim userdel.sh
      #! /bin/bash
      for i in {1..10}
              do
                      userdel user$1
              done
              
    
    # 運行腳本
    
      [root@tianci ~]# ansible dbserver -m script -a '/root/userdel.sh'
    192.168.116.11 | CHANGED => {
        "changed": true, 
        "rc": 0, 
        "stderr": "Shared connection to 192.168.116.11 closed.\r\n", 
        "stderr_lines": [
            "Shared connection to 192.168.116.11 closed."
        ], 
        "stdout": "", 
        "stdout_lines": []
    }
    
    # 驗證
    
    [root@tianci ~]# ansible dbserver -m shell -a 'tail /etc/passwd'
    192.168.116.11 | CHANGED | rc=0 >>
    dbus:x:81:81:System message bus:/:/sbin/nologin
    
    
    

10) setup 模塊

  • 用於獲取被控端的 ansible變量
    獲取的變量主要是用於模板中,可以利用變量,實現對被控端的快速配置和差異化配置

  • 例子: 通過setup模塊獲取所有的 變量

    - [root@tianci ~]# ansible dbserver -m setup -a ''
    
    # 此操作是獲取所有的變量,
    
    
    
    例子:通過 setup 模塊獲取指定參數的變量
    [root@tianci ~]# ansible dbserver -m setup -a 'filter="*cpu*"'
    
    # filter=變量      * 通配符,
    
    192.168.116.11 | SUCCESS => {
        "ansible_facts": {
            "ansible_processor_vcpus": 1, 
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": false
    }
    
    
    

11) fetch 模塊

  • 作用: 拿取被控端文件

  • 例子: 通過 fetch 模塊 將被控端的文件 拉取到主控端

    - [root@tianci ~]# ansible all -m fetch -a 'src=/etc/resolv.conf dest=/tcp/test'
    
    # src=源(被控端)     dest=目標地址(主控端)    
    
    192.168.116.11 | CHANGED => {
        "changed": true, 
        "checksum": "dfb754d542e43feec14d581300236fa04a56597d", 
        "dest": "/tcp/test/192.168.116.11/etc/resolv.conf", 
        "md5sum": "653fab6375ea318ef8d245125b8de19f", 
        "remote_checksum": "dfb754d542e43feec14d581300236fa04a56597d", 
        "remote_md5sum": null
    }
    192.168.116.13 | CHANGED => {
        "changed": true, 
        "checksum": "dfb754d542e43feec14d581300236fa04a56597d", 
        "dest": "/tcp/test/192.168.116.13/etc/resolv.conf", 
        "md5sum": "653fab6375ea318ef8d245125b8de19f", 
        "remote_checksum": "dfb754d542e43feec14d581300236fa04a56597d", 
        "remote_md5sum": null
    }
    192.168.116.12 | CHANGED => {
        "changed": true, 
        "checksum": "dfb754d542e43feec14d581300236fa04a56597d", 
        "dest": "/tcp/test/192.168.116.12/etc/resolv.conf", 
        "md5sum": "653fab6375ea318ef8d245125b8de19f", 
        "remote_checksum": "dfb754d542e43feec14d581300236fa04a56597d", 
        "remote_md5sum": null
    }
    
    # 驗證
    
    [root@tianci ~]# ls /tcp/test/
    192.168.116.11  192.168.116.12  192.168.116.13
    
    
    
  1. replace 模塊
  • 作用: 可以實現對文件間的內容切換

    [root@tianci ~]# vim test.txt
    
    hello worald
    hello
    
    [root@tianci ~]# ansible dbserver -m replace -a 'path=/root/test.txt regexp="hello" replace="aaaaa"'
    
    # path=修改的文件      regexp=匹配的字符        replace=替換的東西
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "msg": "2 replacements made"
    }
    
    
    [root@tianci ~]# ansible dbserver -m shell -a 'cat /root/test.txt'
    192.168.116.11 | CHANGED | rc=0 >>
    aaaaa worald
    aaaaa
    
  • 例子:將整行內容替換

    - [root@tianci ~]# ansible dbserver -m shell -a 'cat /root/aaa.txt'
      192.168.116.11 | CHANGED | rc=0 >>
      aaaaaa
    
    # ^ 以什麼開頭
    
    # $ 以什麼結尾
    
    [root@tianci ~]# ansible dbserver -m replace -a 'path=/root/aaa.txt regexp="^aaaaaa$" replace="abcdefg"'
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "changed": true, 
        "msg": "1 replacements made"
    }
    
    [root@tianci ~]# ansible dbserver -m shell -a 'cat /root/aaa.txt'
    192.168.116.11 | CHANGED | rc=0 >>
    abcdefg
    
    
    

13) template 模塊

  • 作用: 主要用於主控端使用模板配置被控端配置文件的場景,
    需要用到模板文件、文件必須以 .j2 結尾

  • 安裝 服務 進行測試

[root@tianci ~]# ansible webservers -m shell -a 'mount /dev/cdrom /media'
[WARNING]: Consider using the mount module rather than running 'mount'.  If you need to use command because mount is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.

192.168.116.13 | CHANGED | rc=0 >>
mount: /dev/sr0 寫保護,將以只讀方式掛載

192.168.116.12 | CHANGED | rc=0 >>
mount: /dev/sr0 寫保護,將以只讀方式掛載

# 通過ansible yum 安裝 httpd

[root@tianci ~]# ansible webservers -m yum -a 'name=httpd state=installed'

# 主控端安裝 web 服務

[root@tianci ~]# yum -y install httpd

# 將被控端的 httpd配置文件作爲模板

[root@tianci ~]# cp /etc/httpd/conf/httpd.conf /root/httpd.conf.j2

# 修改其 域名 爲 www.baidu.com

[root@tianci ~]# vim /root/httpd.conf.js 
ServerName www.baidu.com:80

# 通過模板修改

[root@tianci ~]# ansible webservers -m template -a 'src=/root/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf'

# src=主控端模板源         dest=目標地址

192.168.116.13 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "f3385c6f241cc46f9585382b8edd7e287d3367d2", 
    "dest": "/etc/httpd/conf/httpd.conf", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "f7271dedceda064a54c591c904e1ffb6", 
    "mode": "0644", 
    "owner": "root", 
    "size": 11750, 
    "src": "/root/.ansible/tmp/ansible-tmp-1578552032.32-247713146820451/source", 
    "state": "file", 
    "uid": 0
}
192.168.116.12 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "f3385c6f241cc46f9585382b8edd7e287d3367d2", 
    "dest": "/etc/httpd/conf/httpd.conf", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "f7271dedceda064a54c591c904e1ffb6", 
    "mode": "0644", 
    "owner": "root", 
    "size": 11750, 
    "src": "/root/.ansible/tmp/ansible-tmp-1578552032.33-257511787935695/source", 
    "state": "file", 
    "uid": 0
}

# 驗證

[root@tianci ~]# ansible webservers -m shell -a 'cat /etc/httpd/conf/httpd.conf | grep "ServerName"'
192.168.116.12 | CHANGED | rc=0 >>

# ServerName gives the name and port that the server uses to identify itself.

ServerName www.baidu.com:80

192.168.116.13 | CHANGED | rc=0 >>

# ServerName gives the name and port that the server uses to identify itself.

ServerName www.baidu.com:80
  • 例子: 引用變量進行修改
[root@tianci ~]# vim /root/httpd.conf.j2 
ServerName www.baidu.com:{{http_port}}

# 修改hosts 主機清單的變量與端口號
[root@tianci ~]# vim /etc/ansible/hosts 
[webservers]
192.168.116.12 http_port=8888
192.168.116.13 http_port=8888




unarchive 模塊
作用: 將主控端的壓縮文件,解壓後 放在被控端


# 將 tar 包解壓至 被控端的目錄中

[root@tianci ~]# ansible webservers -m unarchive -a 'src=/root/nginx-1.12.2.tar.gz dest=/usr/src'

# src=主控端源       dest=目標地址(被空端)

# 驗證

[root@tianci ~]# ansible webservers -m shell -a 'ls /usr/src | grep "nginx*"'
192.168.116.13 | CHANGED | rc=0 >>
nginx-1.12.2

192.168.116.12 | CHANGED | rc=0 >>
nginx-1.12.2


14) lineinfile 模塊

  • 作用: 修改文件中的內容

BOF begin of file 文件開頭
EOF end of file 文件結尾

參數:

參數 含義
path 指定要操作的文件對象
regexp 匹配條件
insertbefore 在某行之前插入
line 要寫入文件的內容
insertafter 在某行之後插入
  • 如果使用 insertbefore或者 insertafter 必須使用 state= 參數

  • 例子: 通過 lineinfile 模塊在 nginx.conf文件的開頭前插入一行

    [root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf insertbefore=BOF line='#aaaaaaaa''
    
    192.168.116.11 | CHANGED => {
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python"
        }, 
        "backup": "", 
        "changed": true, 
        "msg": "line added"
    }
    
    
    

    驗證:

    [root@tianci ~]# ansible dbserver -m shell -a 'head -n 2 /root/nginx.conf'
    
    192.168.116.11 | CHANGED | rc=0 >>
    #aaaaaaaa
    
  • 例子: 在文件的末尾插入一行

    [root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf insertafter=EOF line="# bbbbbbbbbbb"'
      192.168.116.11 | CHANGED => {
    "ansible_facts": {
          "discovered_interpreter_python": "/usr/bin/python"
      }, 
      "backup": "", 
      "changed": true, 
      "msg": "line added"
      }
    

    驗證:

[root@tianci ~]# ansible dbserver -m shell -a 'tail -n 2 /root/nginx.conf'
192.168.116.11 | CHANGED | rc=0 >>
}

# bbbbbbbbbbb
  • 例子: 在指定的行 前/後 插入內容
    • 在 /root/nginx.conf 文件中的 #charset koi8-r; 行 之後 插入 charset koi8-r;
[root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf insertafter="        #charset koi8-r;" line="        charset koi8-r;" state=present'
  • 在 /root/nginx.conf 文件的 server { 之前插入 upstream{
[root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf insertbefore="    server {"  line="        upstrame{" state=present'
  • 例子: 刪除指定的行
    將剛剛添加的# bbbbbbbbbbb 刪除
[root@tianci ~]# ansible dbserver -m lineinfile -a 'path=/root/nginx.conf regexp="# bbbbbbbbbbb" state=absent'
192.168.116.11 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "backup": "", 
    "changed": true, 
    "found": 1, 
    "msg": "1 line(s) removed"
}


4. ansible 的任務編排

​ playbook(劇本)

1) ansible 劇本的文件 後綴 爲 .yml .yaml

  • 格式:
帶有 - 的行爲 描述行,描述行下的爲執行語句


- hosts: 操作對象
  remote_user: 遠程用戶
  tasks:
    - name: 描述信息
      模塊名: 執行任務
    - name: 描述信息
      模塊名: 執行任務  
      [root@tianci ~]# vim tset.yml
      
      - hosts: dbserver       # 描操作對象,可以是主機、主機清單(組名標籤)
        remote_user: root     # 遠程執行的用戶
        tasks:                # 計劃任務
          - name: install vsftpd      # 描述信息
            yum: name=vsftpd          # 執行任務     模塊名 執行語句
          - name: start vsftpd        # 描述信息
            service: name=vsftpd state=started    # 執行任務:   模塊名  加執行語句

  • 檢測語法錯誤
# 如果由錯誤直接提示,如沒有錯誤輸入劇本名稱

[root@tianci ~]# ansible-playbook tset.yml --syntax-check playbook: tset.yml
  • 運行劇本
    • 以下屬於 劇本的運行過程,列出了描述信息以及執行進度
[root@tianci ~]# ansible-playbook tset.yml 

PLAY [dbserver] *****************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************
ok: [192.168.116.11]

……………………
  • 在使用 shell腳本時,可以在shell下使用args添加參數
    例子

    - ​    shell:  ./config ~~~~
    		args:
      ​         chdir: /usr/local/nginx-1.11.1
    
    ## 意思是在編譯時首先進入到  下面那個目錄
    
  • 例子: 通過 ansible - playbook(劇本) 爲被控端安裝 LNMP 環境

    部署 Nginx

- hosts: webservers
  remote_user: root
  tasks:
    - name: install nginx
      unarchive: src=/root/nginx-1.11.1.tar.gz dest=/usr/src
    - name: yum install pcre8 openssl*
      yum: name=pcre*,openssl-devel,pcre-devel,zlib-devel
    - name: make nginx
      shell: ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-pcre && make && make install
      args:
        chdir: /usr/src/nginx-1.11.1
    - name: create nginx running user
      user: name=nginx create_home=no shell=/sbin/nologin state=present
    - name: create link /usr/local/nginx/sbin/nginx /usr/sbin/nginx
      file: src=/usr/local/nginx/sbin/nginx  dest=/usr/sbin/nginx state=link
    - name: start nginx
      shell: nginx

部署MySQL

- hosts: webservers
  remote_user: root
  tasks:
    - name: jie ya tar_cmake
      unarchive: src=/root/cmake-2.8.7.tar.gz dest=/usr/src
    - name: cd /usr/src/cmake*  gmake install cmake
      shell: ./configure &&  gmake && gmake install
      args:
        chdir: /usr/src/cmake-2.8.7
    - name: jie ya tar_mysql
      unarchive: src=/root/mysql-5.5.22.tar.gz dest=/usr/src
    - name: yum install
      yum: name=pcre-devel,ncurses,ncurses-devel
    - name: cd /usr/src/mysql* && make && make install msyql
      shell: cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DSYSCONFDIR=/etc -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH-EXTRA_CHARSETS=all && make && make install
      args:
        chdir: /usr/src/mysql-5.5.22
    - name: create mysql running user
      user: name=mysql state=present
    - name: mysql link
      shell: ln -s /usr/local/mysql/bin/* /usr/local/bin
    - name: updata mysql user\group
      file: path=/usr/local/mysql owner=mysql group=mysql recurse=yes
    - name: copy mysql_config_file
      copy: src=/usr/local/mysql/support-files/my-medium.cnf dest=/etc/my.cnf remote_src=yes
    - name: copy msyqld
      copy: src=/usr/local/mysql/support-files/mysql.server dest=/etc/init.d/mysqld remote_src=yes
    - name: chkconfig
      shell: chkconfig --add mysqld
    - name: chu shi hua mysql
      shell: /usr/local/mysql/scripts/mysql_install_db --user=mysql --group=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data/
    - name: permission
      file: path=/etc/init.d/mysqld mode=755
    - name: start mysql
      service: name=mysqld state=started


- hosts: dbserver
  remote_user: root
  tasks:
    - name: yum install
      yum: name=gd,libxml2-devel,libjpeg-devel,libpng-devel
    - name: jie ya php
      unarchive: src=php-5.3.28.tar.gz dest=/usr/src/
    - name:
      shell: ./configure --prefix=/usr/local/php --with-gd --with-zlib --with-mysql=/usr/local/mysql --with-config-file-path=/usr/local/php --enable-fpm --enable-mbstring --with-jpeg-dir=/usr/lib && make && make install
      args:
        chdir: /usr/src/php-5.3.28
    - name: copy-config-file
      copy: src=/usr/src/php-5.3.28/php.ini-development dest=/usr/local/php/php.ini remote_src=yes
    - name: updata php.ini
      shell: sed -i '/#default_charset = "utf-8"/a\default_charset = "utf-8"' /usr/local/php/php.ini && sed -i '/short_open_tag/c\short_open_tag = On' /usr/local/php/php.ini
    - name: jie ya Zend
      unarchive: src=/root/ZendGuardLoader-php-5.3-linux-glibc23-x86_64.tar.gz dest=/usr/src/
    - name: copy Zend
      copy: src=/usr/src/ZendGuardLoader-php-5.3-linux-glibc23-x86_64/php-5.3.x/ZendGuardLoader.so dest=/usr/local/php/lib/ZendGuardLoader.so remote_src=yes
    - name: sed php.ini_Zend
      lineinfile: path=/usr/local/php/php.ini insertafter=BOF line="Zend_extension=/usr/local/php/lib/ZendGuardLoader"
    - lineinfile: path=/usr/local/php/php.ini insertafter=BOF line="Zend_loader.enable=1"
    - name: tian jia systemctl
      copy: src=/usr/src/php-5.3.28/sapi/fpm/init.d.php-fpm dest=/etc/init.d/php-fpm remote_src=yes
    - name: permisvissi
      file: path=/etc/init.d/php-fpm mode=755
    - name: chkconfig
      shell: chkconfig --add php-fpm
    - name: copy php-fpm_config_fiel
      copy: src=/usr/local/php/etc/php-fpm.conf.default dest=/usr/local/php/etc/php-fpm.conf remote_src=yes
    - name: update php-fpm.conf
      shell: sed -i '/pid = /a\pid = run/php-fpm.pid' /usr/local/php/etc/php-fpm.conf && sed -i '/user = nobody/c\user = nginx' /usr/local/php/etc/php-fpm.conf && sed -i '/group = nobody/c\group = nginx' /usr/local/php/etc/php-fpm.conf
    - name: start php-fpm
      service: name="php-fpm" state=started
    - name: update nginx.conf
      replace: path=/usr/local/nginx/conf/nginx.conf regexp="            index  index.html index.htm;" replace="            index  index.php index.html index.htm;"
    - name: update nginx.conf
      shell: sed -i '/        server_name  localhost;/a \        location ~ \.php$ {\n            root           html;\n            fastcgi_pass   127.0.0.1:9000;\n            fastcgi_index  index.php;\n            fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;\n            include        fastcgi.conf;\n}' /usr/local/nginx/conf/nginx.conf
    - name: restart
      service: name=php-fpm state=restarted

Apache: 劇本

- hosts: dbserver
  remote_user: root
  tasks:
    - name: apr
      unarchive: src=/root/apr-1.5.2.tar.gz dest=/usr/src
    - name: apr-make
      shell: ./configure --prefix=/usr/local/apr && make && make install
      args:
        chdir: /usr/src/apr-1.5.2
    - name: apr-util
      unarchive: src=/root/apr-util.*.tar.gz dest=/usr/src
    - shell: ./configure --prefix=/usr/local/apr-util --with-apr=/usr/loca/apr/bin/apr-1-config && make && make install
      args:
        chdir: /usr/src/apr-util.*
    - name: tar httpd install
      unarchive: src=/root/httpd-2.4.25.tar.gz dest=/usr/src
    - shell: /usr/local/apr-util/bin/* /usr/local/bin
    - yum: name=pcre-devel
    - shell: ./configure --prefix=/usr/local/httpd --enable-so --enable-charset-lite --enable-cgi --enable-rewrite && make && make install
      args:
        chdir: /usr/src/httpd-2.4.25
    - name: you hua httpd path
      shell: ln -s /usr/local/httpd/bin/* /usr/local/bin
    - name: copy httpd-start-config-file
      copy: src=/usr/local/httpd/bin/apachectl dest=/etc/init.d/httpd remote_src=yes
    - shell: chkconfig --add httpd
    - file: path=/etc/init.d/httpd mode=0755
    - name: start httpd-server
      service: name=httpd state=started

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章