1. #hosts文件
  2. [webserver]
  3. 192.168.203.[129:130]
  5. [dbserver]
  6. 192.168.203.131
  8. [appsrvs]
  9. 192.168.203.[129:131]
  11. [all_servers]
  12. dbserver
  13. webserver
  15. #配置文件
  16. vim /etc/ansible/ansible.cfg 
  17. # uncomment this to disable SSH key host checking 是否输入yes
  18. host_key_checking = False
  19. #修改默认模块-配置文件
  20. module_name = shell
  22. #生成秘钥
  23. ssh-keygen -f /root/.ssh/id_rsa -P' '
  24. ip=192.168.203
  25. for i in {129..131};do
  26.     ssh-copy-id $ip.$i
  27. done 
  29. [root@dba project]# ansible all -i hosts  --list-hosts
  30.   hosts (3):
  31.     192.168.203.129
  32.     192.168.203.130
  33.     192.168.203.131
  35. #ansible 资产 -i hosts 模块 参数
  36. ansible all -m ping
  39. [root@dba ~]# ansible webserver --list-hosts
  40.   hosts (2):
  41.     192.168.203.129
  42.     192.168.203.130
  44.   #差集
  45.  [root@dba ~]# ansible 'web:&app' --list-hosts
  46.   hosts (2):
  47.     192.168.203.129
  48.     192.168.203.130
  49.     #并集
  50. [root@dba ~]# ansible web:db --list-hosts
  51.   hosts (3):
  52.     192.168.203.129
  53.     192.168.203.130
  54.     192.168.203.131
  56. 查看模块帮助
  57. [root@dba ~]# ansible-doc -s command
  58. - name: Execute commands on targets
  59.   command:
  60.       argv:                  # Passes the command as a list rather than a string. Use `argv' to avoid quoting values that would otherwise be interpreted incorrectly (for example "user
  61.                                name"). Only the string or the list form can be provided, not both.  One or the other must be provided.
  62.       chdir:                 # Change into this directory before running the command.
  63.       cmd:                   # The command to run.
  64.       creates:               # A filename or (since 2.0) glob pattern. If it already exists, this step *won't* be run.
  65.       free_form:             # The command module takes a free form command to run. There is no actual parameter named 'free form'.
  66.       removes:               # A filename or (since 2.0) glob pattern. If it already exists, this step *will* be run.
  67.       stdin:                 # Set the stdin of the command directly to the specified value.
  68.       stdin_add_newline:     # If set to `yes', append a newline to stdin data.
  69.       strip_empty_ends:      # Strip empty lines from the end of stdout/stderr in result.
  70.       warn:                  # Enable or disable task warnings.
  72. ---
  73. [root@dba ~]# ansible web  -a 'cat /etc/centos-release'
  74. 192.168.203.130 | CHANGED | rc=0 >>
  75. CentOS Linux release 7.9.2009 (Core)
  76. 192.168.203.129 | CHANGED | rc=0 >>
  77. CentOS Linux release 7.9.2009 (Core)

===============command与shell的区别:shell支持管道符和内置命令
copy
[root@dba ~]# ansible web -m copy -a “src=./nginx.repo dest=/etc/yum.repos.d/nginx.repo”
ansible web -a ‘ls /etc/yum.repos.d’

模块

script

  1. [root@dba project]# ansible db -i hosts   -m script -a '/root/project/test.sh'

copy

  1. ansible web -m copy -a "src=./nginx.repo dest=/etc/yum.repos.d/nginx.repo"
  2. ansible web -a 'ls /etc/yum.repos.d'
  3. ansible web -m copy -a "src=./nginx.repo dest=/etc/yum.repos.d/nginx.repo backup=yes"
  4. ansible web -m shell -a 'ls /etc/yum.repos.d|grep nginx'
  5. #备份-根据hash来判断文件是否需要备份 如果没有改变则不会备份
  6. [root@dba ~]# ansible web -m copy -a "src=./nginx.repo dest=/etc/yum.repos.d/nginx.repo backup=yes"
  8. 192.168.203.129 | SUCCESS => {
  9.     "ansible_facts": {
  10.         "discovered_interpreter_python": "/usr/bin/python"
  11.     }, 
  12.     "changed": false, 
  13.     "checksum": "c62d148a221da3d7de0451794fe32d5b7df8df9e", 
  14.     "dest": "/etc/yum.repos.d/nginx.repo", 
  15.     "gid": 0, 
  16.     "group": "root", 
  17.     "mode": "0644", 
  18.     "owner": "root", 
  19.     "path": "/etc/yum.repos.d/nginx.repo", 
  20.     "size": 398, 
  21.     "state": "file", 
  22.     "uid": 0
  23. }
  24. #对文件的权限和属主进行设置
  25. [root@dba ~]# ansible web -m copy -a "src=./nginx.repo dest=/etc/yum.repos.d/nginx.repo backup=yes owner=nobody group=nobody mode=755"
  26. 192.168.203.131 | CHANGED => {
  27.     "ansible_facts": {
  28.         "discovered_interpreter_python": "/usr/bin/python"
  29.     }, 
  30.     "changed": true, 
  31.     "checksum": "c62d148a221da3d7de0451794fe32d5b7df8df9e", 
  32.     "dest": "/etc/yum.repos.d/nginx.repo", 
  33.     "gid": 0, 
  34.     "group": "root", 
  35.     "md5sum": "094165ee4178bb13167ff8980091fa12", 
  36.     "mode": "0755", 
  37.     "owner": "nobody",
  40. #1.拷贝文件文件至被控节点
  41. [root@m01 ~]# ansible oldboy -m copy -a "src=/etc/hosts dest=/tmp/test.txt"
  42. #2.对远端已有文件进行备份,按照时间信息备份
  43. [root@m01 ~]# ansible oldboy -m copy -a "src=/etc/hosts dest=/tmp/test.txt backup=yes"
  44. #3.向被控端主机写入数据,并且会覆盖远端文件内原有数据信息
  45. [root@m01 ~]# ansible oldboy -m copy -a "content='bgx' dest=/tmp/oldboy"
  47. src             #推送数据的源文件信息
  48. dest            #推送数据的目标路径
  49. backup          #对推送传输过去的文件,进行备份
  50. content         #直接批量在被管理端文件中添加内容
  51. group           #将本地文件推送到远端,指定文件属组信息
  52. owner           #将本地文件推送到远端,指定文件属主信息
  53. mode            #将本地文件推送到远端,指定文件权限信息

yum_repository

  • 一般直接拷贝

gpgcheck yes/no

enable

  1. - name: Add multiple repositories into the same file (1/2)
  2.   yum_repository:
  3.     name: epel
  4.     description: EPEL YUM repo
  5.     file: external_repos
  6.     baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
  7.     gpgcheck: no
  8.     enabled: yes
  1. [root@dba project]# ansible web -i hosts -m  yum_repository -a "name=epel baseurl='http://mirrors.aliyun.com/repo/epel-7.repo' description='epel'"

yum

  • present 确认安装但是不升级
  • installed确认安装
  • latest安装并升级
  • absent、removed移除 
    1. #安装
    2. [root@dba project]# ansible db -i hosts -m yum -a "name=htop state=present"
    3. #删除
    4. [root@dba project]# ansible db -i hosts -m yum -a "name=htop state=absent"

systemd

  • daemon_reload
  • enabled
  • name
  • state started stopped restarted reloaded
  1. #服务重启
  2. [root@dba project]# ansible db -i hosts -m systemd -a "name=sshd state=restarted"
  3. ansible管理服务的启动与停止,使用servicesystemd
  4. #1.启动crond服务,并加入开机自启
  5. [root@m01 ~]# ansible webservers -m service -a "name=crond state=started enabled=yes"
  6. #2.停止crond服务,并删除开机自启
  7. [root@m01 ~]# ansible webservers -m service -a "name=crond state=stopped enabled=no"
  8. #3.重启crond服务
  9. [root@m01 ~]# ansible webservers -m service -a "name=crond state=restarted"
  10. #4.重载crond服务
  11. [root@m01 ~]# ansible webservers -m service -a "name=crond state=reloaded"
  13. name        # 定义要启动服务的名称
  14. state       # 指定服务状态
  15.     started     #启动服务
  16.     stopped     #停止服务
  17.     restarted   #重启服务
  18.     reloaded    #重载服务
  19. enabled         #开机自启

group 模块

ansible db -i hosts -m group -a "name=db_admin"

user

创建用户添加到组

[root@dba project]# ansible db -i hosts -m user -a "user=foo group=db_admin append=yes"

删除

[root@dba project]# ansible db -i hosts -m user -a "user=foo group=db_admin state=absent"

file

  • touch
  • sbaent
  • directory
  • file

创建文件

  1. [root@dba project]# ansible db -i hosts -m file -a "path=/tmp/file.sh state=touch"
  2. [root@dba project]# ansible db -i hosts -m file -a "path=/tmp/file.sh owner=nobody group=nobodymode=644"
  3. #连接的目录必须存在
  4. [root@dba project]# ansible db -i hosts -m file -a "src=/tmp/file.v1.sh dest=/tmp/file.sh state=link"
  5. 192.168.203.131 | FAILED! => {
  6.     "ansible_facts": {
  7.         "discovered_interpreter_python": "/usr/bin/python"
  8.     }, 
  9.     "changed": false, 
  10.     "gid": 0, 
  11.     "group": "root", 
  12.     "mode": "0644", 
  13.     "msg": "src file does not exist, use \"force=yes\" if you really want to create the link: /tmp/file.v1.sh", 
  17.  #   
  18. - name: Create two hard links
  19.   file:
  20.     src: '/tmp/{{ item.src }}'
  21.     dest: '{{ item.dest }}'
  22.     state: hard
  23.   loop:
  24.     - { src: x, dest: y }
  25.     - { src: z, dest: k }
  28. 1.直接修改被控端的权限
  29. [root@m01 ~]# ansible web01 -m file -a "path=/opt mode=0400" -i ./hosts
  31. 2.在被控端创建目录
  32. [root@m01 ~]# ansible oldboy -m file -a "path=/tmp/oldboy state=directory"
  34. 3.在被控端创建文件
  35. [root@m01 ~]# ansible oldboy -m file -a "path=/tmp/tt state=touch mode=555 owner=root group=root"
  37. 4.递归授权目录权限
  38. [root@m01 ~]# ansible oldboy -m file -a "path=/data owner=bgx group=bgx recurse=yes"
  39. path            #指定远程主机目录或文件
  40. recurse         #递归授权
  41. state           #状态
  42.     directory   #在远端创建目录
  43.     touch       #在远端创建文件
  44.     link        #创建链接文件
  45.     absent      #表示删除文件或目录
  46.     mode        #设置文件或目录权限
  47.     owner       #设置文件或目录属主
  48.     group       #设置文件或目录属组

cron

//新建一个任务

  1. [root@dba project]# ansible db -i hosts -m cron -a "name='new job' minute='0' job='ls -alh>/dev/null'"
  3. [root@ansible3 tmp]# crontab -l
  4. #Ansible: new job
  5. 0 * * * * ls -alh>/dev/null
  7. [root@dba project]# ansible db -i hosts -m cron -a "name='new job' state=absent"
  9. [root@dba project]# ansible db -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup mysql" job=/root/mysql_bak.sh'
  11. [root@ansible3 tmp]# crontab -l
  12. #Ansible: backup mysql
  13. 30 2 * * 1-5 /root/mysql_bak.sh
  15. #禁用执行计划
  16. ansible db -m cron -a 'hour=2 minute=30 weekday=1-5 name="backup mysql" job=/root/mysql_bak.sh disabled=yes'

debug

  1. [root@dba project]# ansible db -i hosts -m debug -a "msg='haha'"
  2. 192.168.203.131 | SUCCESS => {
  3.     "msg": "haha"
  4. }

template

  1. [root@dba project]# cat hello_world.j2 
  2. hello {{var}} !
  3. [root@dba project]# ansible db -i hosts -m template -a "src=hello_world.j2 dest=/tmp/j2.txt" -e "var=2021"

unarchive

  1. ansible db -m unarchive -a "src=/root/project/pro.tar.gz dest=/tmp "

lineinfile

  1. <br />

mount

[root@m01 ~]# ansible web01 -m yum -a ‘name=nfs-utils state=present’ -i ./hosts
[root@m01 ~]# ansible web01 -m file -a ‘path=/data state=directory’ -i ./hosts
[root@m01 ~]# ansible web01 -m copy -a ‘content=”/data 172.16.1.0/24(rw,sync,no_all_squash)” dest=/etc/exports’ -i ./hosts
[root@m01 ~]# ansible web01 -m systemd -a “name=nfs state=started enabled=yes” -i ./hosts
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=present”
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=mounted”
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=unmounted”
[root@m01 ~]# ansible web02 -m mount -a “src=172.16.1.7:/data path=/data fstype=nfs opts=defaults state=absent”
present # 开机挂载,仅将挂载配置写入/etc/fstab
mounted # 挂载设备,并将配置写入/etc/fstab
unmounted # 卸载设备,不会清除/etc/fstab写入的配置
absent # 卸载设备,会清理/etc/fstab写入的配置

playbook

  • hosts
  • tasks 任务集
  • variables
  • Templates
  • Hadnders和notify
  • tags
  1. [root@dba project]# cat nginx.yaml
  2. - hosts: web
  3.   remote_user: root
  4.   gather_facts: no
  5.   tasks:
  6.   - name: nginx install
  7.     yum: name=nginx state=present
  8.   - name: html
  9.     copy: src=index.html dest=/usr/share/nginx/html/index.html
  10.   - name: start nginx
  11.     service: name=nginx state=started enabled=yes

安装httpd

  1. - hosts: web
  2.   tasks:
  3.     - name: Installed Httpd Server
  4.       yum: name=httpd state=present
  6.     - name: Start Httpd Server
  7.       systemd: name=httpd state=started enabled=yes
  8. - hosts: web01
  9.   tasks:
  10.     - name: Configure web01 Website
  11.       copy: content='This is Web01' dest=/var/www/html/index.html
  13. - hosts: web02
  14.   tasks:
  15.     - name: Cofnigure webi-2 weisite
  16.       copy: content='This is Web02' dest=/var/www/html/index.html

安装nfs

  1. #模板文件
  2. vim exports.j2
  3. /data 192.168.203.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
  5. #服务端
  6. #1.安装nfs
  7. #2.配置挂载目录
  8. #创建目录 创建用户
  9. #3.启动加入自启
  11. #客户端
  12. #准备目录
  13. #启动rpcbind-安装nfs-utils
  14. #挂载共享目录
  15. - hosts: db
  16.   remote_user: root
  17.   gather_facts: no
  19.   tasks:
  20.    - name: install nfs
  21.      yum: name=nfs-utils state=present
  22.    - name: config nfs
  23.      copy: src=./exports.j2 dest=/etc/exports backup=yes
  24.    - name: nfs group
  25.      group: name=www gid=666
  26.    - name: nfs user
  27.      user: name=www uid=666 group=666 shell=/sbin/nologin create_home=no
  28.    - name: nfs data
  29.      file: path=/data state=directory owner=www group=www recurse=yes
  31.    - name: service start
  32.      service: name=nfs state=started enabled=yes
  34. - hosts: web
  35.   gather_facts: no
  36.   tasks:
  37.    - name: client data
  38.      file: path=/nfs_tt state=directory
  40.    - name: client mount
  41.      mount: 
  42.       src: 192.168.203.131:/data 
  43.       path: /nfs_tt
  44.       fstype: nfs
  45.       opts: defaults
  46.       state: mounted

变量的定义和使用

组变量

  1. #vars
  2. [root@dba project]# cat dp.yaml
  3. - hosts: web
  4.   vars:
  5.     - webpkgs: httpd
  6.     - ftppkgs: vsftpd
  8.   tasks:
  9.    - name: install {{ webpkgs }} {{ ftppkgs }} rpm
  10.      yum:
  11.       name:
  12.        - "{{ webpkgs }}"
  13.        - "{{ ftppkgs }}"
  14.       state: present
  16. # 变量文件
  17. [root@dba project]# cat vars_pub.yaml
  18. webpkgs: httpd
  19. ftppkgs: vsftpd
  21. #cat vars2.yaml
  22. - hosts: web
  23.   vars_files: ./vars_pub.yaml
  25.   tasks:
  26.    - name: install rpm
  27.      yum:
  28.       name:
  29.        - "{{ webpkgs }}"
  30.        - "{{ ftppkgs }}"
  31.       state: present新建
  33. #group_vars目录与主机清单的组名保持一致
  34. [root@dba project]# tree group_vars/
  35. group_vars/
  36. └── web.yaml
  38. #只对web组生效,与主机的组一致
  39. [root@dba project]# cat group_vars/web.yaml
  40. webpkgs: wget
  41. ftppkgs: tree
  43. #对所有组都生效
  44. [root@dba project]# cat group_vars/allml
  45. webpkgs: wget
  46. ftppkgs: tree
  48. #系统提供了一个特殊组all 只需要在vars下建立all的文件变好变量,所以组都能使用,不需要指定变量文件
  49. #还可以通过命令-e指定变量
  50. [root@dba project]# ansible-playbook vars3.yaml
  51. - hosts: web
  53.   tasks:
  54.    - name: install {{ webpkgs }} {{ ftppkgs }} rpm
  55.      yum:
  56.       name:
  57.        - "{{ webpkgs }}"
  58.        - "{{ ftppkgs }}"
  59.       state: present

主机变量

  • 有主机的找主机没有的找组变量 ```yaml [root@dba host_vars]# cat 192.168.203.9 webpkgs: zmap

  • hosts: 192.168.203.129 tasks:

    • name: install {{ webpkgs }} {{ ftppkgs }} rpm yum: name:
      • “{{ webpkgs }}” state: present

  • hosts: 192.168.203.130 tasks:

    • name: install {{ webpkgs }} {{ ftppkgs }} rpm yum: name:
      • “{{ webpkgs }}” state: present

-e指定变量优先级最高

[root@dba project]# ansible-playbook var4.yaml -e ‘webpkgs=lrzsz’

  2. > 总结:
  3. > gorup_vars 针对主机清单的组
  4. > host_vars 针对主机
  5. > gorup_vars/all 对所有的组都有效
  8. 变量优先级--外置-e---->vars_files-------vars---主机清单-host_var-group_vars----group_vars/all
  9. <a name="Gyumx"></a>
  10. ### 注册变量
  12. - debug会输出所有变量的结果
  13. - 然后在根据输出的结果取指定的值
  14. ```yaml
  15.  - hosts: web
  16.    tasks:
  17.      - name: check httpd
  18.        shell: ps aux|grep httpd
  19.        register: check_httpd
  21.      - name: output vars
  22.        debug:
  23.         msg: "{{ check_httpd.stdout_lines }}"

facts变量

  • 可以采集被监控端cpu,内存,网络,磁盘,系统版本等信息 ```yaml
    • hosts: web tasks:
      • name: facts debug: msg: “{{ ansible_fqdn }} ip is {{ ansible_default_ipv4.address }}”

TASK [facts] * ok: [192.168.203.129] => { “msg”: “ansible1 ip is 192.168.203.129” } ok: [192.168.203.130] => { “msg”: “ansible2 ip is 192.168.203.130” }

  2. <a name="8063a08a"></a>
  3. #### template配合facts使用
  4. ```shell
  5. [root@dba project]# ansible web -m setup -a 'filter=ansible_memtotal_mb'
  6. 192.168.203.129 | SUCCESS => {
  7.     "ansible_facts": {
  8.         "ansible_memtotal_mb": 3770,
  9.         "discovered_interpreter_python": "/usr/bin/python"
  10.     },
  11.     "changed": false
  12. }
  13. 192.168.203.130 | SUCCESS => {
  14.     "ansible_facts": {
  15.         "ansible_memtotal_mb": 3770,
  16.         "discovered_interpreter_python": "/usr/bin/python"
  17.     },
  18.     "changed": false
  19. }
  22. #[root@dba project]# cat memcached.j2
  23. PORT="11211"
  24. USER="memcached"
  25. MAXCONN="1024"
  26. CACHESIZE="{{ ansible_memtotal_mb//2 }}"
  27. OPTIONS=""
  28. #mem.yaml
  29.  - hosts: web
  30.    tasks:
  31.      - name: install 
  32.        yum: name=memcached state=present
  33.      - name: start
  34.        service: name=memcached state=started
  35.      - name: check memcached
  36.        shell: ps aux|grep memcached
  37.        register: check_memcached
  38.      - name:
  39.        template: src=./memcached.j2 dest=/etc/sysconfig/memcached
  41.      - name: output vars
  42.        debug:
  43.         msg: "{{ check_memcached.stdout_lines }}"
  48. #[root@dba project]# cat hostname.yaml
  49. - hosts: db
  50.   tasks:
  51.     - name: get name
  52.       shell: echo $RANDOM|md5sum|head -c 8
  53.       register: get_random
  54.     - name: debug
  55.       debug:
  56.        msg: "{{ get_random }}"
  57.     - name: hostname
  58.       hostname: name={{ get_random.stdout }}

循环控制

when

  1. [root@dba project]# cat when.yaml
  2. - hosts: web
  3.   tasks:
  4.     - name: install httpd
  5.       yum: name=httpd state=present
  6.     - name: install httpd2
  7.       yum: name=httpd2 state=present
  8.       when: ( ansible_distribution == "Ubuntu" )
  10. [root@ans-mgr prod]# ansible web -m setup -a 'filter=ansible_hostname' -i hosts 
  11. 192.168.203.131 | SUCCESS => {
  12.     "ansible_facts": {
  13.         "ansible_hostname": "web01", 
  14.         "discovered_interpreter_python": "/usr/bin/python"
  15.     }, 
  16.     "changed": false
  17. }
  18. 192.168.203.132 | SUCCESS => {
  19.     "ansible_facts": {
  20.         "ansible_hostname": "web02", 
  21.         "discovered_interpreter_python": "/usr/bin/python"
  22.     }, 
  23.     "changed": false
  24. }
  26.   #epel
  27. - hosts: all
  28.   tasks:
  29.   - name: 
  30.     name: yum repo
  31.     yum_repository: ansible epel
  32.       description: EPEL YUM repo
  33.       baseurl: http://mirrors.aliyun.com/epel/7/SRPMS
  34.       gpgcheck: no
  35.       enabled: yes
  36.      when: (ansible_hostname is match ("web*"))
  38.    # 根据check_httpd执行的结果来重启 如果结果是0则重启 如果不是则跳过
  39.   - hosts: web
  40.   tasks:
  41.     - name: check_httpd
  42.       command: systemctl  is-active  httpd
  43.       ignore_errors: yes
  44.       register: check_httpd
  45.     - name: debug
  46.       debug:
  47.         msg: "{{ check_httpd }}"
  48.     - name:
  49.       service: name=httpd state=restarted    
  50.       when: check_httpd.rc == 0
  51. #非零  
  52.       when: check_httpd.rc != 0

items

  • 循环变量 ```yaml

  • hosts: web tasks:

    • name: restart service: name={{ item }} state=restarted with_items:
      • httpd
      • vsftp
    • hosts: db tasks:
      • name: add user user: name={{ item.name }} groups={{ item.groups }} state=present with_items:
        • { name: ‘test1’, groups: ‘bin’}
        • { name: ‘test2’, groups: ‘root’} ```

          headlers

          ```yaml
  • hosts: web force_handlers: yes #强制调用,可选 tasks:
    • name: install yum: name=httpd state=present
    • name: template: src=./httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf notify: server restart httpd

      notify: server nginx httpd -可以通知多个,配置发生变动通知

      触发

      handlers:
    • name: server restart httpd service: name=httpd state=restarted ```

tags标签

[root@dba project]# ansible-playbook tags.yaml -t "status"

[root@dba project]# ansible-playbook tags.yaml --skip-tags "status"

  1. #tags
  2. - hosts: web
  3.   tasks:
  4.     - name: install
  5.       yum: name=httpd state=present
  6.     - name: start
  7.       service: name=memcached state=started
  8.     - name:
  9.       template: src=./httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
  10.     - name:
  11.       shell: 'systemctl status httpd'
  12.       tags: 'status'
  14.   - hosts: web
  15.   gather_facts: no
  16.   tasks:
  17.    - name: install nfs
  18.      yum: name=nfs-utils state=present
  19.      tags: "install"
  20.    - name: client data
  21.      file: path=/nfs_tt state=directory
  23.    - name: client rpc
  24.      yum: name=nfs-utils state=present
  25.    - name: client mount
  26.      tags: 'mount'
  27.      mount:
  28.       src: 192.168.203.131:/data
  29.       path: /nfs_tt
  30.       fstype: nfs
  31.       opts: defaults
  32.       state: mounted

include

  1. cat svc_restart.yaml
  2. - name: Restart httpd server
  3.   service: name=httpd state=restarted
  5. - hosts: web
  6.   tasks:
  7.     - name: cmd
  8.       command: echo "a"
  9.     - name: restart httpd
  10.       include: svc_restart.yaml

change_when

  1. - hosts: web
  2.   tasks:
  3.     - name: install
  4.       yum: name=httpd state=present
  5.     - name: start
  6.       service: name=httpd state=started
  7.     - name:
  8.       template: src=./httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
  9.       notify: server restart httpd
  11.     - name: check status 
  12.       command: /usr/sbin/httpd -t
  13.       register: check_httpd
  14.       changed_when: 
  15.        - ( check_httpd.stdout.find('ok')) 
  16.        - false
  17.       #notify: server nginx httpd  -可以通知多个,配置发生变动通知
  18. #触发
  19.   handlers:  
  20.     - name:   server restart httpd
  21.       service: name=httpd   state=retarted

jinra

  1. #结合facts变量
  2. # cat memcached.j2
  3. PORT="11211"
  4. USER="memcached"
  5. MAXCONN="1024"
  6. CACHESIZE="{{ ansible_memtotal_mb//2 }}"
  7. OPTIONS=""
  9. #jinra
  10. #if
  11. {% if ansible_fqdn == "web01" %}
  12.     echo "123"
  13. {% if ansible_fqdn == "web02" %}
  14.     echo "456"
  15. {% endif %}
  17. #for
  18. {% for in range{1,10} %}
  19.   echo $i
  20. {% endfor %}
  24. #1)主机变量
  25.  host_vars/192.168.203.129
  26.  state: MASTER
  27.  pri: 150
  29. host_vars/192.168.203.130
  30.  state: BACKUP
  31.  pri: 100
  33.  #2) conf.j2
  35.  router_id ansible_fqdn
  37.  3)分发
  38.  - hosts: lb
  39.    tasks:
  40.     - name: conf
  41.       template: src=./keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
  42.       when: ( ansible_fqdn == "web01" )
  43.       notify: restart keepalived
  44.     - name:  restart keepalived
  45.        template: src=./keepalived-slave.conf.j2 dest=/etc/keepalived/keepalived.conf
  46.        when: ( ansible_fqdn == "web02" )
  47.        notify: restart keepalived
  49.    handlers:
  50.      - name:  restart keepalived
  51.        service: name=keepalived  state=restarted
  53.  jinra实现keepalived渲染配置:
  54.  router_id ansible_fqdn
  56. {% if ansible_fqdn == "web01" %}
  57.     state MASTER
  58.     priority 150
  59. {% endif ansible_fqdn == "web02" %}
  60.     state BACKUP
  61.     priority 100
  62. {% endif %}

roles

[root@dba project2]# tree .
.
├── hosts
├── memcached
│ ├── files
│ ├── handlers
│ │ └── main.yaml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ └── memcached.j2
│ └── vars
├── site.yaml

  1. #tasks/main.yml
  2. - name: install memcached
  3.   yum: name=memcached state=present
  4. - name: config
  5.   template: src=memcached.j2 dest=/etc/sysconfig/memcached
  6.   notify: restart memcache
  8. #handlers/main.yaml
  9. - name: start
  10.   service: name=memcached state=started enabled=yes
  11. cat handlers/main.yaml
  12. - name: restart memcache
  13.   service: name=memcached state=restarted
  14. #memcached.j2 
  15. [root@dba memcached]# cat templates/memcached.j2
  16. PORT="11211"
  17. USER="memcached"
  18. MAXCONN="1024"
  19. CACHESIZE="{{ ansible_memtotal_mb//2 }}"
  20. OPTIONS=""
  22. #site.yaml
  23. - hosts: db
  24.   roles:
  25.    - memcached

galaxy

  1.  ansible-galaxy init test
  2.  [root@dba test]# tree .
  3. .
  4. ├── defaults
  5.    └── main.yml
  6. ├── files
  7. ├── handlers
  8.    └── main.yml
  9. ├── meta
  10.    └── main.yml
  11. ├── README.md
  12. ├── tasks
  13.    └── main.yml
  14. ├── templates
  15. ├── tests
  16.    ├── inventory
  17.    └── test.yml
  18. └── vars
  19.     └── main.yml

综合项目

lb01 192.168.203.130 nginx+keepalived
lb02 192.168.203.151 nginx+keepalived
web01 192.168.203.131 nginx+php
web02 192.168.203.132 nginx+php
backup 192.168.203.133 rsync-server
nfs 192.168.203.134
db 192.168.203.135 mysql+ redis

基础环境

  1. #配置ssh免密
  2. #配置host文件
  3. cat hosts 
  4. [web]
  5. 192.168.203.131
  6. 192.168.203.132
  7. [db]
  8. 192.168.203.135
  9. [lb]
  10. 192.168.203.130
  11. 192.168.203.151
  12. [nfs]
  13. 192.168.203.134
  14. [backup]
  15. 192.168.203.133
  17. #前置环境
  18. mkdir base/{tasks,handlers,templates} -pv
  20. cat base/tasks/main.yaml
  21. #disable
  22. - name: disable firewall
  23.   service: name=firewalld state=stopped enabled=no
  24. - name: disble selinux
  25.   selinux: state=disabled
  26. #add user
  27. - name: add {{ web_user }} {{ web_user_id }} group
  28.   group: name={{ web_user }} gid={{ web_user_id }}
  30. - name: add user
  31.   user: name={{ web_user }} uid={{ web_user_id }} group={{ web_user }}
  33.  #add repo
  34. - name: add base yum repo
  35.   yum_repository:
  36.     name: base
  37.     description: Base aliyun repo
  38.     baseurl: https://mirrors.aliyun.com/centos/$releasever/os/$basearch/
  39.     gpgcheck: no
  40.     enabled: yes
  42. - name: add epel yum repo
  43.   yum_repository:
  44.     name: epel
  45.     description: EPEL aliyun repo
  46.     baseurl: https://mirrors.aliyun.com/epel/7/$basearch/
  47.     gpgcheck: no
  48.     enabled: yes
  50. - name: add nginx yum repo
  51.   yum_repository:
  52.     name: nginx
  53.     description: nginx repo
  54.     baseurl: http://nginx.org/packages/centos/$releasever/$basearch/
  55.     gpgcheck: no
  56.     enabled: yes
  57.   when: ( ansible_hostname is match ("web*")) or
  58.         ( ansible_hostname is match ("lb*"))
  60. - name: add php yum repo
  61.   yum_repository:
  62.     name: php
  63.     description: php repo
  64.     baseurl: https://us-east.repo.webtatic.com/yum/el7/x86_64/
  65.     gpgcheck: no
  66.     enabled: yes
  67.   when: ( ansible_hostname is match ("web*"))
  69. - name: install pks
  70.   yum: name={{ packages }} state=present
  71.   vars:
  72.    packages:
  73.     - rsync
  74.     - nfs-utils
  75.     - net-tools
  76.     - wget
  77.     - tree
  78.     - lrzsz
  79.     - vim
  80.     - unzip
  81.     - httpd-tools
  82.     - bash-completion
  83.     - iotop
  85. #变量
  86. [root@dba project3]# cat group_vars/all
  87. web_user: www
  88. web_user_id: 666

nginx

[root@ans-mgr roles]# mkdir nginx/{tasks,handlers,templates} -pv

  1. ##基础模块nginx/
  2. #templates/nginx.conf.j2
  3. #修改nginx配置的如下部分其他地方不变
  4. user {{ web_user }};
  5. worker_processes {{ ansible_processor_cores }};
  7. events {
  8.     worker_connections {{ ansible_processor_cores * 2048 }};
  9. }
  10. #tasks/main.yaml
  11. - name: install nginx
  12.   yum: name=nginx state=present
  14. - name: config nginx
  15.   template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
  16.   notify: restart nginx service 
  18. - name: check status 
  19.   command: /usr/sbin/nginx -t
  20.   register: check_nginx
  21.   changed_when: 
  22.    - ( check_nginx.stdout.find('successfully'))  
  24. - name: start nginx
  25.   service: name=nginx state=started
  27. #handlers/main.yaml
  28. - name: restart nginx service
  29.   service: name=nginx state=restarted
  31. #变量
  32. [root@dba project3]# cat group_vars/all
  33. web_user: www
  34. web_user_id: 666
  35. #site
  36. [root@dba project3]# cat site.yaml
  37. - hosts: all
  38.   roles:
  39.    - base
  41. - hosts: web
  42.   roles:
  43.    - role: nginx
  44.      tags: nginx
  46. #运行
  47. ansible-playbook site.yaml  -i hosts -t nginx

php

  1. - name: install php
  2.   yum: name={{ item }} state=present
  3.   with_items:
  4.    - php71w 
  5.    - php71w-cli 
  6.    - php71w-common 
  7.    - php71w-devel 
  8.    - php71w-embedded 
  9.    - php71w-gd 
  10.    - php71w-mcrypt 
  11.    - php71w-mbstring 
  12.    - php71w-pdo 
  13.    - php71w-xml 
  14.    - php71w-fpm 
  15.    - php71w-mysqlnd 
  16.    - php71w-opcache 
  17.    - php71w-pecl-memcached 
  18.    - php71w-pecl-redis 
  19.    - php71w-pecl-mongodb
  22. - name: config php
  23.   template: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode }}
  24.   with_items:
  25.    - { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644'}
  26.    - { src: 'www.conf.j2', dest: '/etc/php-fpm.d/www.conf', mode: '0644'}
  27.   notify: restart nginx service 
  29. - name: check status 
  30.   command: /usr/sbin/nginx -t
  31.   register: check_nginx
  32.   changed_when: 
  33.    - ( check_nginx.stdout.find('successfully'))  
  35. - name: start php
  36.   service: name=php-fpm state=started
  38. #handlers/main.yaml
  39. - name: restart php service
  40.   service: name=php-fpm state=restarted
  42.  #j2
  43.  [root@ans-mgr php]# cat templates/php.ini.j2 | grep server_
  44. session.save_path = "tcp://{{ redis_server_ip }}:{{ redis_server_port }}"
  47. #group_vars/all
  48. redis_server_ip: 192.168.203.135
  49. redis_server_port: 6379
  51.  [root@ans-mgr roles]# cat site.yaml 
  52. - hosts: all
  53.   roles:
  54.    - base
  56. - hosts: web
  57.   roles:
  58.    - role: nginx
  59.    - role: php
  60.      tags: web

nfs

  1.      #nfs
  2. #客户端
  3. #准备目录
  4. #挂载共享目录
  5. #task/main.yaml
  6. - name: install nfs
  7.   yum: name=nfs-utils state=present
  8. - name: config nfs
  9.   template: src=exports.j2 dest=/etc/exports
  10.   notify: restart nfs
  12. - name: nfs group
  13.   group: name={{ nfs_user }} gid={{ nfs_user_id }}
  15. - name: nfs user
  16.   user: name={{ nfs_user }} uid={{ nfs_user_id }} group={{ nfs_user }} shell=/sbin/nologin create_home=no
  18. - name: nfs share directory
  19.   file: path={{ nfs_dir }} state=directory owner={{ nfs_user }} group={{ nfs_user }} recurse=yes
  21. - name: service start
  22.      service: name=nfs state=started enabled=yes
  23. ###挂载
  24. - hosts: web
  25.   gather_facts: no
  26.   tasks:
  27.    - name: client data
  28.      file: path=/nfs_tt state=directory
  30.    - name: client mount
  31.      mount: 
  32.       src: 192.168.203.131:/data 
  33.       path: /nfs_tt
  34.       fstype: nfs
  35.       opts: defaults
  36.       state: mounted
  38.  #handlers/main.yaml
  39. - name:  restart nfs
  40.   service: name=nfs state=restarted
  42. #all
  43. web_user: www
  44. web_user_id: 666
  46. nfs_user: nfs
  47. nfs_user_id: 888
  48. nfs_dir: /data
  49. nfs_share_ip: 192.168.203.0/24
  51. #j2 exports
  52. {{ nfs_dir }} {{ nfs_share_ip }}(rw,sync,all_squash,anonuid={{ nfs_user_id }},anongid={{ nfs_user_id }})
  54. #site.yaml
  55. - hosts: all
  56.   roles:
  57.    - base
  59. - hosts: web
  60.   roles:
  61.    - role: nginx
  62.      tags: nginx
  64. - hosts: nfs
  65.   roles:
  66.    - role: nfs
  67.      tags: nfs



redis

  1. #redis
  2. - name: install redis
  3.   yum: name=reids-server state=present
  4. - name: config redis
  5.   template: src=redis.conf.j2 dest=/etc/redis.conf
  6.   notify: restart redis
  8. - name: service start
  9.      service: name=redis state=started enabled=yes
  11.  #handlers/main.yaml
  12. - name:  restart redis
  13.   service: name=redis state=restarted
  15. #j2
  16. bindip  {{ ansible_default_ipv4.address }}
  18. #
  19. - hosts: db
  20.   roles:
  21.    - role: redis
  22.      tags: redis

mysql

  1. #mysql
  2. Ansible 角色:安装mysql(简易版)
  3. 基于ansible一键部署mysql的角色,自动安装mysql-python 方便后期使用mysql相关模块便于操作,并且设置默认root账号登录密码
  5. 一、版本要求
  6. 被控节点:Centos7
  7. 控制节点:Ansible2.9
  8. (控制节点其他版本的Ansible没有测试过)
  9. mysql 版本:mysql57-community-release-el7-9
  10. #前提做好yum源和ssh免密
  12. 二、如何使用
  13. 1、进入ansible默认角色目录
  14. cd /etc/ansible/roles
  15. 1
  16. 如果在ansible.cfg中更改了默认的角色目录,根据你自己角色目录进行更改
  18. 2、创建一个角色
  19. ansible-galaxy init mysql_install
  21. 5、主机清单
  22. [root@dba project4]# cat hosts
  23. [db]
  24. 192.168.203.135
  26. #结构
  27. [root@dba mysql_install]# tree .
  28. defaults
  29.   └─main.yml  
  30. files
  31.   ├─change_root_passwd.sh
  32.   └─mysql57-community-release-el7-9.noarch.rpm
  33. handlers
  34. meta
  35. tasks
  36.   ├─change_root_password.yml
  37.   ├─install.yml
  38.   ├─main.yml
  39.   └─mysql-py_install.yml
  40. templates
  41. tests
  42.   └─test.yml
  43. vars
  45. 三、实例剧本
  46. ---
  47. - hosts: db
  48.   roles:
  49.     - mysql_install
  50.   vars:
  51.     #一键部署,设置登录root密码
  52.     mysql_passwd: "123456"
  54. 8
  55. 四、角色详解
  56. defaults
  57.   └─main.yml  
  58. files
  59.   ├─change_root_passwd.sh
  60. handlers
  61. meta
  62. tasks
  63.   ├─change_root_password.yml
  64.   ├─install.yml
  65.   ├─main.yml
  66.   └─mysql-py_install.yml
  67. templates
  68. tests
  69.   └─test.yml
  70. vars
  72. 2、任务
  73. 主任务
  74. main.yml
  75. ---
  76. # tasks file for mysql_install
  78. #剧本执行顺序
  80. - include: install.yml
  81. - include: mysql-py_install.yml
  82. - include: change_root_password.yml
  84. 安装任务
  85. install.yml
  87. ---
  88.   #创建临时文件夹任务
  89.   - name: create directory
  90.     file:
  91.       path: "{{ mysql_temp_path }}"
  92.       state: directory
  94.   #复制rpm安装包任务
  95.   - name: copy rpm package
  96.     copy: 
  97.       src: "{{ rpm_package_name }}"
  98.       dest: "{{ mysql_temp_path }}"
  100.   #安装本地rpm安装包
  101.   - name: install rpm 
  102.     yum: 
  103.       name: "{{ rpm_package_location }}"
  104.       state: present
  105.   #安装mysql-server
  106.   - name: install mysql server
  107.     yum:
  108.       name: mysql-server
  109.       state: present
  110.   #启动mysql
  111.   - name: start mysql
  112.     service:
  113.       name: mysqld
  114.       state: started
  116. 远程主机安装mysql-python模块任务
  117. mysql-py_install.yml
  119. ---
  120.   #安装epel扩展源任务
  121.   - name: install Extended source
  122.     yum: 
  123.       name: epel-release
  124.       state: present
  126.   #安装依赖包  
  127.   - name: install mysql-python dependency packages
  128.     yum:
  129.       name: "{{ dependency_packages }}"
  130.       state: present
  131.   #安装mysql模块
  132.   - name: install mysql-python module
  133.     pip:
  134.       name: mysql-python
  136. 更改root密码任务
  137. change_root_password.yml
  139. --- 
  140.   #找到安装完成之后的临时密码任务
  141.   - name: find temp passwd
  142.     shell: "{{ find_temp_passwd_code }}"
  143.     register: results
  144.     tags: passwd
  146.   #复制脚本文件任务
  147.   - name: copy script file
  148.     copy:
  149.       src: change_root_passwd.sh
  150.       dest: "{{ change_passwd_sh }}"
  151.     tags: passwd
  153.   #为什么不直接使用script模块:
  154.   #   脚本中有变量,如果使用script模块,参数不可以在ansible服务器上传入脚本
  155.   #所以使用copy模块复制脚本到远程主机之后,使用lineinfile模块替换掉脚本中的
  156.   #变量。
  158.   #用临时密码的变量替换脚本中的临时密码变量任务
  159.   - name: send temp root password to shell file
  160.     lineinfile:
  161.       path: "{{ change_passwd_sh }}"
  162.       regexp: '^PASSWORD='
  163.       line: "PASSWORD={{ temp_password }}"
  164.     tags: passwd
  166.   #用主任务定义的新密码的变量替换脚本中的新密码变量任务
  167.   - name: send new root password to shell file
  168.     lineinfile:
  169.       path: "{{ change_passwd_sh }}"
  170.       regexp: '^New_Pass='
  171.       line: "New_Pass={{ new_pass }}"
  172.     tags: passwd
  174.   #跑脚本任务
  175.   - name: change root password
  176.     shell: "sh {{ change_passwd_sh }}"
  177.     tags: passwd
  179. 3、变量
  180. ---
  181. # defaults file for mysql_install
  183. #剧本变量
  185. #mysql临时文件夹
  186. mysql_temp_path: "/etc/tmp/mysql"
  187. #rpm包名称
  188. rpm_package_name: "mysql57-community-release-el7-9.noarch.rpm"
  189. #rpm包位置
  190. rpm_package_location: "{{ mysql_temp_path }}/{{ rpm_package_name }}"
  191. #找到临时文件的命令
  192. find_temp_passwd_code: "grep 'temporary password' /var/log/mysqld.log"
  193. #更换root密码脚本
  194. change_passwd_sh: "{{ mysql_temp_path }}/change_root_passwd.sh"
  195. #临时密码,取值为找到临时文件命令输出切片
  196. temp_password: "{{ results.stdout[-14:] }}"
  197. #新密码,在主任务do.yml中定义
  198. new_pass: "{{ mysql_passwd }}"
  199. #依赖包
  200. dependency_packages:
  201.   - mysql
  202.   - mysql-devel
  203.   - python-devel
  204.   - python-pip
  206. 4、脚本
  207. 更改密码脚本
  208. change_root_passwd.sh
  210. #!/bin/bash
  211. Host=127.0.0.1
  212. User=root
  213. PASSWORD=
  214. PORT=3306
  215. New_Pass=
  216. mysql -u$User -p'$PASSWORD' --connect-expired-password <<EOF
  217. set global validate_password_policy=LOW;
  218. set global validate_password_length=6;
  219. set password =password("$New_Pass");
  220. EOF
  221. ————————————————
  222. 版权声明:本文为CSDN博主「2huxy」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
  223. 原文链接:https://blog.csdn.net/qq_42267013/article/details/115368911

mysql 这里一直报错误密码不对 但是日志显示已经对了,没解决

网上看到的https://www.5axxw.com/questions/content/6027sc

  1. --
  2. - name: root | stat to check whether /root/.my.cnf exists
  3.   stat:
  4.     path: /root/.my.cnf
  5.   register: cnf_file
  7. - block:
  9.     - name: root | place temporary cnf file
  10.       template:
  11.         src: temp_cnf.j2
  12.         dest: /etc/my.cnf
  13.         mode: '0644'
  15.     - name: root | start mysql to add the debian-sys-maint user
  16.       systemd:
  17.         name: mysql
  18.         state: started
  19.         enabled: true
  21.     - name: root | get temp root password
  22.       shell: >-
  23.         grep 'temporary password' /var/log/mysqld.log |
  24.         awk '{print $NF}' | tail -n 1
  25.       register: temp_root_pw
  26.       no_log: true
  28.     - name: root | set root password
  29.       shell: >-
  30.         mysqladmin -u root
  31.         --password="{{ temp_root_pw.stdout }}"
  32.         password "{{ mysql_root_password }}"
  33.       no_log: true
  35.     - name: root | set debian-sys-maint user and password
  36.       mysql_user:
  37.         name: debian-sys-maint
  38.         password: "{{ mysql_system_password }}"
  39.         priv: '*.*:ALL,GRANT'
  40.         update_password: always
  41.         state: present
  42.         login_unix_socket: /var/run/mysqld/mysqld.sock
  43.         login_user: root
  44.         login_password: "{{ mysql_root_password }}"
  45.       no_log: true
  47.     - name: root | copy root.cnf
  48.       template:
  49.         src: root.cnf.j2
  50.         dest: /etc/mysql/root.cnf
  51.         mode: '0600'
  52.         owner: root
  53.         group: root
  55.     - name: root | make symlink of file for root db access
  56.       file:
  57.         state: link
  58.         src: /etc/mysql/root.cnf
  59.         path: /root/.my.cnf
  61.     - name: root | delete anonymous connections
  62.       mysql_user:
  63.         name: ""
  64.         host_all: true
  65.         state: absent
  66.       no_log: true
  68.     - name: root | secure root user
  69.       mysql_user:
  70.         name: root
  71.         host: "{{ item }}"
  72.       no_log: true
  73.       loop:
  74.         - ::1
  75.         - 127.0.0.1
  76.         - localhost
  78.     - name: root | ensure test database is removed
  79.       mysql_db:
  80.         name: test
  81.         login_user: root
  82.         state: absent
  84.     - name: root | stop mysql again
  85.       systemd:
  86.         name: mysql
  87.         state: stopped
  88.         enabled: true
  90.     - name: root | remove mysqld log file
  91.       file:
  92.         path: /var/log/mysqld.log
  93.         state: absent
  95.   when: not cnf_file.stat.exists
  96. The temp_cnf.j2:
  98. [client]
  99. socket=/var/run/mysqld/mysqld.sock
  101. [mysqld]
  102. server-id=1
  103. datadir=/var/lib/mysql
  104. socket=/var/run/mysqld/mysqld.sock
  105. log-error=/var/log/mysqld.log
  106. pid-file=/var/run/mysqld/mysqld.pid
  107. 以及root.cnf.j2
  109. # {{ ansible_managed }}
  111. # This file is symlinked to /root/.my.cnf to use passwordless login for the root user
  113. [client]
  114. socket   = {{ mysqld.socket }}
  115. user     = debian-sys-maint
  116. password = {{ percona_system_password }}
  118. [mysql_upgrade]
  119. socket   = {{ mysqld.socket }}
  120. user     = debian-sys-maint
  121. password = {{ percona_system_password }}
  122. Some vars:
  124. mysql_root_password: my_password
  125. mysql_system_password: my_password
  126. mysqld:
  127.   socket: /var/run/mysqld/mysqld.sock 
  128. 应该适用于CentOS 8Rocky LinuxOracle Linux

结合项目: shell脚本调用的方式还是没有解决,直接不调了

  1. cat  mysql_install/tasks/main.yml
  2. # tasks file for mysql_install
  3. #创建临时文件夹任务
  4.   - name: create directory
  5.     file:
  6.       path: "{{ mysql_temp_path }}"
  7.       state: directory
  9.   #复制rpm安装包任务
  10. #  - name: copy rpm package
  11. #    copy:
  12. #      src: "{{rpm_package_name}}"
  13. #      dest: "{{mysql_temp_path}}"
  15.   #安装本地rpm安装包
  16. #  - name: install rpm
  17. #    yum:
  18. #      name: "{{rpm_package_location}}"
  19. #      state: present
  20.   #安装mysql-server
  21.   - name: install mysql server
  22.     yum:
  23.       name: mysql-server
  24.       state: present
  25.   #启动mysql
  26.   - name: start mysql
  27.     service:
  28.       name: mysqld
  29.       state: started
  30. #  - name: install Extended source
  31. #    yum:
  32. #      name: epel-release
  33. #      state: present
  35.   #安装依赖包
  36.   - name: install mysql-python dependency packages
  37.     yum:
  38.       name: "{{ dependency_packages }}"
  39.       state: present
  40.   #安装mysql模块
  41.   - name: install mysql-python module
  42.     pip:
  43.       name: mysql-python
  44. #  - name: install Extended source
  45. #    yum:
  46. #      name: epel-release
  47. #      state: present
  49.   #安装依赖包
  50.   - name: install mysql-python dependency packages
  51.     yum:
  52.       name: "{{ dependency_packages }}"
  53.       state: present
  54.   #安装mysql模块
  55.   - name: install mysql-python module
  56.     pip:
  57.       name: mysql-python
  59.   - name: root | get temp root password
  60.     shell: grep 'temporary password' /var/log/mysqld.log |awk '{print $NF}' | tail -n 1
  61.     register: temp_root_pw
  62.     no_log: true
  64.   - name: root | set root password
  65.     shell: mysqladmin -u root --password="{{ temp_root_pw.stdout }}" password "{{ mysql_passwd }}"
  66.     no_log: true
  67.   - name: root | secure root user
  68.     mysql_user:
  69.         name: root
  70.         host: "{{ item }}"
  71.     no_log: true
  72.     loop:
  73.         - '%'
  74.         - 127.0.0.1
  75.         - localhost
  1. #mysql模块
  2. #base
  3. # Enable to use MySQL 5.7
  4. - name: add mysql yum repo
  5.   yum_repository:
  6.     name: mysql
  7.     description: mysql repo 
  8.     baseurl: http://repo.mysql.com/yum/mysql-5.7-community/el/7/$basearch/
  9.     gpgcheck: no
  10.     enabled: yes
  11.   when: ( ansible_hostname is match ("db*"))
  13. #mysql 
  14. - name: install mysql
  15.   yum: 
  16.     name: ['mysql-server', 'MySQL-python']
  17.     state: present
  20. - name: config mysql
  21.   template: src=my.cnf.j2 dest=/etc/my.cnf backup=yes
  22.   notify: restart mysql
  24. - name: service start
  25.   service: name=mysqld state=started enabled=yes
  27. #handlers/main.yaml 
  28. - name:  restart mysql
  29.   service: name=mysqld state=restarted
  31. - name: create database
  32.   mysql_db: 
  33.     name: wordpress 
  34.     state: present
  35.     login_user: root
  36.     login_password: "{{ mysql_pass }}"
  39. - name: create mysql user/pass grant
  40.   mysql_user: 
  41.     name: "{{ db_user }}"
  42.     password: "{{ db_pass }}"  
  43.     priv: '*.*:ALL'
  44.     host: '%'
  45.     state: present
  46.     login_user: root
  47.     login_password: "{{ mysql_passwd }}"
  50. #group/all 变量
  51. #db
  52. db_user: lc
  53. db_pass: 123456
  54. mysql_pass: 123456