Appearance
Ansible 安装配置与实战指南
一、Ansible 安装与基础配置
1. 安装 Python3-pip
bash
yum -y install python3-pip2. 升级 pip 并配置镜像源
bash
python3 -m pip install -i https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple --upgrade pip
pip3 config set global.index-url https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple3. 安装 Ansible
bash
pip3 install ansible4. 基础配置文件
plain
# /etc/ansible/ansible.cfg
[defaults]
host_key_checking = False
deprecation_warnings = False
interpreter_python=/usr/bin/python3
gathering = explicit # 手动收集 facts
[inventory]
[privilege_escalation]
become=True
become_method=sudo
become_user=root5. 主机清单配置
plain
# /etc/ansible/hosts
[lb]
172.16.1.5
172.16.1.6
[web]
172.16.1.7
172.16.1.8
172.16.1.9
172.16.1.10
[data:children]
db
nfs
bak二、核心功能演示
1. 密钥分发与基础测试
bash
# 分发密钥脚本示例
bash /server/scripts/fenfa.sh
# 连接测试
ansible all -m ping
ansible web -m command -a 'hostname -I'2. 文件操作模块
yaml
# 创建目录
ansible abc -m file -a "path=/app/ans/ state=directory"
# 创建软链接
ansible web -m file -a "src=/etc/hosts dest=/app/ans/hosts state=link"
# 用户管理
ansible all -m user -a "name=www-ans uid=2999 group=www-ans create_home=no shell=/sbin/nologin state=present"三、Playbook 实战案例
1. Nginx 部署剧本
yaml
# 02ngx.yml
- hosts: web
tasks:
- name: 配置Nginx源
copy:
src: ./ngx.repo
dest: /etc/yum.repos.d/ngx.repo
- name: 安装Nginx
yum:
name: nginx
state: present
- name: 分发配置文件
copy:
src: ./default.conf
dest: /etc/nginx/conf.d/default.conf
notify: restart_nginx
- name: 启动服务
systemd:
name: nginx
enabled: yes
state: started
handlers:
- name: restart_nginx
systemd:
name: nginx
state: restarted2. Rsync 服务部署
yaml
# 03_rsync.yml
- hosts: bak
tasks:
- name: 安装rsync
yum: name=rsync state=present
tags: install
- name: 配置文件
copy:
src: rsyncd.conf
dest: /etc/rsyncd.conf
tags: configure
- name: 创建用户
user: name=rsync shell=/sbin/nologin state=present
tags: useradd3. NFS 服务部署
yaml
# 10_nfs_server_client.yml
- hosts: nfs
tasks:
- name: 安装依赖包
yum: name=rpcbind,nfs-utils state=latest
- name: 创建共享目录
file:
path: "{{ item.dir }}"
owner: "{{ item.user }}"
state: directory
loop:
- { dir: "/nfsdata/", user: "nobody" }
- { dir: "/nfs/wordpress", user: "www" }四、高级功能实现
1. 变量与模板
yaml
# factvars.yml
- hosts: all
tasks:
- name: 收集系统信息
debug:
msg:
- "主机名: {{ ansible_hostname }}"
- "IP地址: {{ ansible_default_ipv4.address }}"
- name: 渲染模板
template:
src: ./motd.j2
dest: /etc/motd2. 循环控制
yaml
# 批量创建用户
- hosts: all
tasks:
- name: 循环创建用户
user: name="{{ item }}" state=present
loop:
- lidao1
- lidao2
- lidao33. 条件判断
yaml
# 包管理判断
- hosts: all
tasks:
- name: 安装软件包
yum: name=tree state=latest
when: ansible_distribution == "CentOS"五、角色化部署规范
1. 目录结构
bash
/server/ans/roles/
├── group_vars/
│ └── all/
│ └── main.yml
├── hosts
├── rsync_server/
│ ├── files/
│ │ └── rsyncd.conf
│ ├── handlers/
│ │ └── main.yml
│ └── tasks/
│ └── main.yml
└── top.yml2. 角色任务示例
yaml
# rsync_server/tasks/main.yml
- name: 配置rsync服务
copy:
src: rsyncd.conf
dest: /etc/rsyncd.conf
notify: restart_rsync
- name: 创建共享目录
file:
path: /backup
owner: rsync
state: directory六、调试与优化
1. 调试命令
bash
# 语法检查
ansible-playbook --syntax-check playbook.yml
# 标签执行
ansible-playbook -t install playbook.yml
# 详细调试
ansible-playbook -vvv playbook.yml2. 性能优化
plain
# ansible.cfg 优化配置
[defaults]
forks = 50 # 并发数调整
log_path = /var/log/ansible.log3. 安全加固
bash
# 加密敏感数据
ansible-vault encrypt group_vars/all/vault.yml
# 解密执行
ansible-playbook --ask-vault-pass playbook.yml