1. ansible剧本注意事项注意对齐2个空格不能使用tab剧本以yml或yaml结尾1.1. 第一个剧本- hosts: all tasks: - name: 01.打开冰箱门 shell: echo 01.open /tmp/lidao.txt - name: 02.大象放进去 shell: echo 02.put /tmp/lidao.txt - name: 03.关门 shell: echo 03.close /tmp/lidao.txt1.2. 部署rsync服务剧本编写剧本#1.部署rsync服务端 - hosts: bak tasks: - name: 1.安装rsync yum: name: rsync state: latest - name: 2.分发配置文件 copy: src: ./files/rsyncd.conf dest: /etc/rsyncd.conf - name: 3.添加用户 user: name: rsync shell: /sbin/nologin create_home: no state: present - name: 4.创建目录修改所有者 file: path: /ans/backup/ owner: rsync group: rsync state: directory - name: 5.创建密码文件修改权限 lineinfile: path: /etc/rsync.password line: rsync_backup:1 mode: 0600 create: yes - name: 6.启动服务 systemd: name: rsyncd enabled: yes state: started #2.部署客户端 - hosts: nfs tasks: - name: 分发脚本 copy: src: ./files/rsync_backup.sh dest: /server/scripts/ - name: 定时备份 cron: name: 定时备份 minute: 0 hour: 9 job: bash /server/scripts/rsync_backup.sh /dev/null 21编写rsyncd.conf配置文件##rsyncd.conf start## fake super yes uid rsync gid rsync use chroot no max connections 2000 timeout 600 pid file /var/run/rsyncd.pid lock file /var/run/rsync.lock log file /var/log/rsyncd.log ignore errors read only false list false #hosts allow 10.0.0.0/24 #hosts deny 0.0.0.0/32 auth users rsync_backup secrets file /etc/rsync.password ##################################### [backup] comment ansible backup path /ans/backup/编写备份脚本#!/bin/bash ############################################################## # File Name:rsync_backup.sh # Version:V1.0 # Author:zbl # Organization:zhubaolin.blog.csdn.net # Desc: ############################################################## #1.vars datedate %F_%w backup_dir/backup/ client_iphostname -I | awk {print $2} #rsync server vars rsync_userrsync_backup rsync_server_ip172.16.1.41 module_namebackup rsync_password_file/etc/rsync.client #2.check_backup_dir function check_dir() { if [ ! -f ${backup_dir}${client_ip} ];then mkdir -p ${backup_dir}${client_ip} fi return $? } #3.tar function backup_files() { tar zcf ${backup_dir}${client_ip}/etc-${date}.tar.gz /etc rc$? if [ $rc -eq 0 ];then echo 打包成功,生成校验文件中...... md5sum ${backup_dir}${client_ip}/etc-${date}.tar.gz ${backup_dir}${client_ip}/check.md5 else echo 打包失败 fi return $rc } #4.rsync function rsync_backup() { rsync -av ${backup_dir} ${rsync_user}${rsync_server_ip}::${module_name} --password-file${rsync_password_file} rc$? if [ $rc -eq 0 ];then echo 备份成功 else echo 备份失败 fi return $rc } #5.clean old file function clean_oldfile() { old_filefind ${backup_dir} -type f -mtime 7 |wc -l old_filesizedu -sh ${backup_dir} | cut -f1 if [ ${old_file} -gt 1 ];then find ${backup_dir} -type f -mtime 7 |xargs rm -f else echo 当前大于7天文件数:${old_file},备份文件大小:${old_filesize},无需清理 fi return $? } #6.use func function main() { check_dir backup_files rsync_backup clean_oldfile } main1.3. 定期修改密码剧本- hosts: web vars: password: zbl007 tasks: - name: 定期修改密码 user: name: zbl password: {{ password|password_hash(sha512,zbl) }} state: presentuser模块的password选项指定的是加密后的密码password_hash(sha512,salt)密码插件 sha512哈希算法,加盐随机内容固定的生成随机字符命令mkpasswd -l 20 -s 0 -l:生成20个字符 -s:0个特殊字符2. ansible变量ansible定义变量方法说明与特点剧本定义在剧本中创建与使用仅限当前play部分使用独立文件中定义变量文件把写入到文件中通过vars_files指定调取,play中指定变量文件分组变量推荐根据分组自动调用all组创建与使用最方便。group_varsfacts变量剧本运行的时候默认的任务收集信息根据信息创建的变量如果不用建议关闭功能加速剧本运行register变量类似于shell中反引号功能先执行命令结果保留下来主机清单变量批量修改主机名批量修改密码每台机器都不同使用变量形式存放目录用户名 添加用户 创建目录修改所有者2.1. 分组变量创建变量mkdir -p group_vars/all/ vim group_vars/all/vars.yml user: zbl996 dir: /ansible/zbl996/编写剧本使用变量- hosts: web tasks: - name: 添加用户 user: name: {{ user }} shell: /bin/bash create_home: yes state: present - name: 创建目录 file: path: {{ dir }} owner: {{ user }} group: {{ user }} mode: 0755 state: directory运行剧本ansible-playbook -i hosts 04.user.yml检查2.2. facts变量- hosts: all tasks: - name: 输出变量内容 debug: msg: | 主机名: {{ ansible_hostname }} ip: {{ ansible_all_ipv4_addresses }} 内存总大小: {{ ansible_memtotal_mb }} 系统发行版本: {{ ansible_distribution }} 系统版本: {{ ansible_distribution_major_version }} cpu架构: {{ ansible_architecture }} 系统版本昵称: {{ ansible_distribution_release }} 第1块网卡的ip地址: {{ ansible_default_ipv4.address }}查看所有facts变量ansible 172.16.1.10 -m setup在j2模板中使用facts变量vim files/motd.j2 主机名: {{ ansible_hostname }} ip: {{ ansible_all_ipv4_addresses }} 内存总大小: {{ ansible_memtotal_mb }} 系统发行版本: {{ ansible_distribution }} 系统版本: {{ ansible_distribution_major_version }} cpu架构: {{ ansible_architecture }} 系统版本昵称: {{ ansible_distribution_release }} 第1块网卡的ip地址: {{ ansible_default_ipv4.address }}编写playbook剧本分发带有facts变量的文件- hosts: all tasks: - name: copy template: src: ./files/motd.j2 dest: /etc/motd运行playbook剧本ansible-playbook -i hosts 06.facts_copy.yml检查2.2.1. 关闭facts变量ansible.cfg配置文件中添加gathering explicit2.2.2. 临时使用facts变量在playbook中添加- hosts: all gather_facts: true tasks:2.3. register注册变量在playbook中定义register变量- hosts: web tasks: - name: 定义register变量 shell: hostname -I | awk {print $2} register: ip - name: 使用register变量 debug: msg: | 标准输出: {{ ip.stdout }} 错误输出: {{ ip.stderr }} 返回值: {{ ip.rc }} - name: 创建目录 file: path: /backup/{{ ip.stdout }} state: directory运行playbookansible-playbook -i hosts 07.register.yml检查ansible -i hosts web -a ls -l /backup/3. 总结编写剧本playbook目标rsync,nfs,lsyncd,nginx.php,tomcat剧本变量vars,group_vars,facts,register