Ansible process control+actual combat (optimization)

Ansible process control+actual combat (optimization)

playbook conditional statement

Whether it is shell or major programming languages, process control and condition judgment are essential. In the process of using Ansible, condition judgment is used very frequently. For example:

1. When we use different systems, we can install the software package by judging the system.

2. During the installation of nfs and rsync, the client server does not need to push configuration files. Previously, we wrote multiple play s, which will affect efficiency.

3. When we install nginx in the source code, we cannot execute it the second time. At this time, we can judge whether it has been installed.

Official writing

- hosts: web_group
  tasks:
    - name: Install CentOS Httpd
      yum:
        name: httpd
        state: present
    #official
      when: ansible_facts['os_family'] == "CentOS"
    #unofficial
      when: ansible_distribution == "CentOS"
 
    - name: Install Ubuntu Httpd
      yum:
        name: apache2
        state: present
      when: ansible_facts['os_family'] == "Ubuntu"

Judgment grouping

tasks:
  - name: "shut down CentOS 6 and Debian 7 systems"
    command: /sbin/shutdown -t now
    when: (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6") or
          (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "7")

List for judging multiple conditions

tasks:
  - name: "shut down CentOS 6 systems"
    command: /sbin/shutdown -t now
    when:
      - ansible_facts['distribution'] == "CentOS"
      - ansible_facts['distribution_major_version'] == "6"

Conditional operation

tasks:
  - shell: echo "only on Red Hat 6, derivatives, and later"
    when: ansible_facts['os_family'] == "RedHat" and ansible_facts['lsb']['major_release']|int >= 6

Fuzzy matching

- hosts: web_group
  tasks:
    - name: SCP Backup Shell
      copy:
        src: ./backup.sh
        dest: /root/backup.sh
      when: ansible_hostname is match "web*"

Small exercise (pushing configuration files to the rsync server)

- hosts: all
  tasks:
    - name: Install Rsyncd Server
      yum:
        name: rsync
        state: present
      when: ansible_hostname == "backup" or ansible_hostname == "nfs"

    - name: Configure Rsync Conf
      copy:
        src: /root/rsyncd/rsyncd.conf
        dest: /etc/rsyncd.conf
      when: ansible_hostname == "backup"

    - name: Create Rsync Password File
      copy:
        content: abc:123
        dest: /etc/rsync.passwd
        mode: 0600
      when: ansible_hostname == "backup"

    - name: Create backup Directory
      file:
        path: /backup
        state: directory
      when: ansible_hostname == "backup"
      
    - name: Create nfs Password File
      copy:
        content: 123
        dest: /etc/rsync.passwd
        mode: 0600
      when: ansible_hostname == "nfs"

    - name: Start Rsync Server
      service:
        name: rsyncd
        state: restarted
        enabled: yes
      when: ansible_hostname == "backup"

Register variables through register, and then judge through the when statement

- hosts: web_group
  tasks:
    - name: Check Httpd Server
      command: systemctl is-active httpd
      ignore_errors: yes
      register: check_httpd
 
    - name: debug outprint
      debug: var=check_httpd
 
    - name: Httpd Restart
      service:
        name: httpd
        state: restarted
      when: check_httpd.rc == 0

playbook Loop Statement

In the previous learning process, we often transfer files and create directories. To create two directories, we need to write two file modules. If we want to create 100 directories, we need to write 100 file modules? Cyclic statements can reduce repetitive code here.

Circular syntax

# Start multiple services
- hosts: all
  tasks:
    - name: Start multi Server
      service:
        name: "{{ item }}"
        state: started
      when: aisible_hostname == "web*"
      with_items:
        - nginx
        - php-fpm

Dictionary loop

# Batch Create Users
- hosts: all
  tasks:
    - name: Create Group
      group:
        name: "{{ item }}"
      with_items:
        - group01
        - group02
    - name: Create User
      user:
        name: "{{ item.name }}"
        group: "{{ item.group }}"
      with_items:
        - {name: "user01",group: "group01"}
        - {name: "user02",group: "group02"}
        
# Push Profile
- hosts: all
  tasks:    
    - name: Push All Conf
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: "{{ item.owner }}"
        group: "{{ item.group }}"
        mode: "{{ item.mode }}"
      with_items:
        - {src: "/root/rsyncd/rsyncd.conf",dest: "/etc/rsyncd.conf",owner: "root",group: "root",mode: "0644"}
        - {src: "/root/web/nginx.conf",dest: "/etc/nginx/nginx.conf",owner: "root",group: "root",mode: "0644"}
        - {src: "/root/web/blog.abc.com.conf",dest: "/etc/nginx/conf.d/blog.abc.com.conf",owner: "root",group: "root",mode: "0644"} 

playbook handlers

What are handlers

The handler is used to perform tasks under certain conditions. For example, when the configuration file changes, trigger the handler through notify to restart the service. There are similar triggers in saltstack. The writing method is simpler than Ansible. You only need to watch and configure files.

- hosts: web_group
  tasks: 
    - name: Install Nginx Server
      yum:
        name: nginx
        state: present
    
    - name: Push Nginx Conf
      copy:
        src: /root/web/nginx.conf
        dest: /etc/nginx/nginx.conf
        
    - name: Push Vhost Conf
      copy:
        src: /root/web/blog.abc.com.conf
        dest: /etc/nginx/conf.d/blog.abc.com.conf
      notify: Restart Nginx Server
      
  handlers: 
    - name: Restart Nginx Server
      service: 
        name: nginx 
        state: restarted

Enforce handlers

When the task fails to execute, the playbook will not continue to execute, including if the handler is set in the task, but we can take mandatory measures.

- hosts: web_group
  force_handlers: yes
  tasks: 
    - name: Install Nginx Server
      yum:
        name: nginx
        state: present
    
    - name: Push Nginx Conf
      copy:
        src: /root/web/nginx.conf
        dest: /etc/nginx/nginx.conf
        
    - name: Push Vhost Conf
      copy:
        src: /root/web/blog.abc.com.conf
        dest: /etc/nginx/conf.d/blog.abc.com.conf
      notify: Restart Nginx Server
      
  handlers: 
    - name: Restart Nginx Server
      service: 
        name: nginx 
        state: restarted

be careful:

1. No matter how many tasks notify the same handlers, handlers will only run once after all tasks are completed.

2.Handlers can only be run when their tasks are executed; If a task defines notify to call Handlers, but the task is not executed due to condition judgment and other reasons, the Handlers will not be executed.

3.Handlers will only run once at the end of each play; If you want to run Handlers in the middle of a playbook, you need to use the meta module. For example: - meta: flush_handlers.

4. If a play fails before running to the statement calling Handlers, the Handlers will not be executed. We can use the -- force handlers option of the meta module to force the execution of Handlers, even if the play where the Handlers are located fails to run midway.

5. handlers cannot be used to replace tasks

plabybook tags

Task Label

By default, when Ansible executes a playbook, it will execute all the tasks defined in the playbook. The tag function of Ansible can label individual tasks or even the entire playbook, and then use these tags to specify whether to run the specified tasks in the playbook or not.

Labeling method

1. Label a task

2. Multiple tags for one task

3. Mark one tag for multiple task s

How to use the label after typing

-t: Execute the specified tag task

--Skip tags: execute tag tasks other than -- skip tags

- hosts: all
  tasks:    
    - name: Push All Conf
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: "{{ item.owner }}"
        group: "{{ item.group }}"
        mode: "{{ item.mode }}"
      with_items:
        - {src: "/root/web/www.conf",dest: "/etc/php-fpm.d/www.conf",owner: "root",group: "root",mode: "0644"}
        - {src: "/root/web/nginx.conf",dest: "/etc/nginx/nginx.conf",owner: "root",group: "root",mode: "0644"}
        - {src: "/root/web/blog.abc.com.conf",dest: "/etc/nginx/conf.d/blog.abc.com.conf",owner: "root",group: "root",mode: "0644"}
      tags: 
        - manager_nginx_server
        - manager_php_server
      notify: 
        - Reload Nginx Server
        - Restart php Server
      when: ansible_hostname is match 'web*'
      
  handlers: 
    - name: Reload Nginx Server
      service: 
        name: nginx 
        state: reloaded
        
    - name: Restart php Server
      service:
        name: php-fpm
        state: restarted


[root@m01 m01]# ansible-playbook tag.yml -t manager_nginx_server
[root@m01 m01]# ansible-playbook tag.yml -t manager_php_server

### As long as one tag is executed, the entire handlers will be triggered

playbook include

In the previous process of writing playbooks, we found that writing multiple playbooks can't be executed with one click. In this way, we have to execute a single playbook one by one, which is very tedious. Therefore, there is a function in Playbook called include, which is used to dynamically call the task list.

Call the entire task file: include_tasks (new version: import_playbook)

In saltstack, it is called top file entry file.

Plan directory structure

[root@m01 ~]# mkdir /ansible
[root@m01 ~]# cd /ansible
[root@m01 /ansible]# mkdir mariadb rsync nfs nginx php sersync host_vars group_vars wordpress


Script reuse

[root@m01 /ansible]# cat test.yml 
- hosts: all
  tasks:
    - include_tasks: ./user.yml
    - include_tasks: rsync/install_rsync.yml
    - include_tasks: rsync/config_rsync.yml
    - include_tasks: rsync/start_rsync.yml
    
  handlers: 
  - name: Restart Rsync Server
    service: 
      name: rsync 
      state: restarte

playbook error handling

Ignore errors

By default, playbook will detect the return status of task execution. If an error is encountered, it will immediately terminate the execution of playbook. However, sometimes playbook will continue to execute even if the execution error occurs. Add parameter: ignore_errors:yes Ignore errors

- hosts: web_group
  gather_facts: no
  tasks: 
    - name: judge php
      shell: 'rpm -qa|grep php'
      register: judge_php
      ignore_errors: yes
      
    - name: Install php
      shell: 'rpm -Uvh /tmp/*.rpm'
      when: judge_php.rc != 0	# 0 represents installed

Suppress changed

- hosts: web_group
  gather_facts: no
  tasks:
    - name: check nginx
      shell: '/sbin/nginx -t'
      register: check_nginx
      changed_when:
        - check_nginx.stderr_lines.0.find('ok')
        - false

Actual combat (optimization)

Environmental preparation

host name Internet IP Intranet IP role Deployment Services
m01 10.0.0.61 172.16.1.61 ansible management terminal ansible
backup 10.0.0.41 172.16.1.41 ansible managed end rsync,nfs
nfs 10.0.0.31 172.16.1.31 ansible managed end rsync,nfs,sersync
web01 10.0.0.7 172.16.1.7 ansible managed end, nfs client nginx,nfs,WordPress
web01 10.0.0.8 172.16.1.8 ansible managed end, nfs client nginx,nfs,WordPress
db01 10.0.0.51 172.16.1.51 Managed end, database mariadb

prepare

Installing Ansible

# 1. Install Ansible
[root@m01 ~]# yum install -y ansible

# 2. Modify Ansible configuration file
[root@m01 ~]# vim /etc/ansible/ansible.cfg 
host_key_checking = False             # Put the front#Remove the comment and skip checking the host fingerprint
log_path = /var/log/ansible.log       # Put the front#Remove the comment and open the log file

# 3. Create host list
[root@m01 ~]# vim /etc/ansible/hosts 
[web_group]
web01 ansible_ssh_host=172.16.1.7
web02 ansible_ssh_host=172.16.1.8

[nfs_group]
nfs ansible_ssh_host=172.16.1.31

[bakcup_group]
backup ansible_ssh_host=172.16.1.41

[db_group]
db01 ansible_ssh_host=172.16.1.51

Issue secret key through script

# 1. Create a secret key pair
[root@m01 ~]# ssh-keygen

# 2. Script
[root@m01 ~]# vim ssh_key.sh 
#!/bin/bash

. /etc/init.d/functions

ip='5 6 7 8 9 31 41 51 71'
passwd=1

for n in $ip;do
  ping -c 1 172.16.1.$n &>/dev/null
  if [ $? -eq 0 ];then
    sshpass -p $passwd ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.$n &>/dev/null
    if [ $? -eq 0 ];then
      action "172.16.1.$n ssh-key" /bin/true
    else
      action "172.16.1.$n ssh-key" /bin/false
    fi
  fi
done

# 3. Execute script
[root@m01 ~]# sh ssh_key.sh

Plan directory structure

[root@m01 ~]# mkdir /ansible
[root@m01 ~]# cd /ansible
[root@m01 /ansible]# mkdir mariadb rsync nfs nginx php sersync host_vars group_vars wordpress

[root@m01 /ansible]# ll
total 12
drwxr-xr-x 2 root root   22 Aug 17 15:02 base
drwxr-xr-x 2 root root   75 Aug 16 18:45 group_vars
drwxr-xr-x 2 root root   57 Aug 16 18:15 host_vars
drwxr-xr-x 2 root root   84 Aug 16 21:21 mariadb
drwxr-xr-x 2 root root   72 Aug 16 21:10 nfs
drwxr-xr-x 2 root root  121 Aug 16 21:32 nginx
drwxr-xr-x 2 root root  103 Aug 16 21:44 php
drwxr-xr-x 2 root root   97 Aug 16 21:06 rsync
drwxr-xr-x 2 root root  127 Aug 16 21:12 sersync
-rw-r--r-- 1 root root 1247 Aug 17 15:02 task.yml
drwxr-xr-x 2 root root   84 Aug 16 21:51 wordpress

Prepare configuration file

# 1.nginx configuration file

[root@m01 /ansible/nginx]# vim nginx.conf 
user {{ name }};
......
http {
	......
	client_max_body_size 1024m;
	......
}

[root@m01 /ansible/nginx]# vim blog.abc.com.conf 
server {
        listen 80;
        server_name blog.abc.com;
        root /code/wordpress;

        location / {
                index index.php;
        }

        location ~ \.php$ {
                fastcgi_pass unix:/dev/shm/php71w.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include /etc/nginx/fastcgi_params;
        }
}

# 2. php fpm configuration file (www.conf)
[root@m01 /ansible/php]# vim www.conf
user = www
group = www
listen = unix:/dev/shm/php71w.sock

# 3.rsync configuration file
[root@m01 /ansible/rsync]# vim rsyncd.conf 
uid = {{ name }}
gid = {{ name }}
port = 873
fake super = yes
use chroot = no
max connections = 200
ignore errors
read only = false
list = false
auth users = {{ rsync_user }}
secrets file = {{ rsync_passwd_file }}
log file = /var/log/rsyncd.log

[{{ backup_dir }}]
comment = welcome to Linux
path = /{{ backup_dir }}/web_data

# 4.sersync startup script
[root@m01 /ansible/sersync]# vim sersyncd.service 
[Unit]
# describe 
Description=This is sersync start service
# describe 
After=xxxxxxxxxxxxxxxxxxxxxxxxxx

[Service]
# Background running 
Type=forking
ExecStart=/app/GNU-Linux-x86/sersync2 -rdo /app/GNU-Linux-x86/confxml.xml
ExecStop=kill -3 `ps -ef|grep [s]ersync|awk '{print $2}'`
ExecReload=kill -1 `ps -ef|grep [s]ersync|awk '{print $2}'`
PrivateTmp=true

[Install]
WantedBy=multi-user.target

# 5. Prepare the php installation package and wordpress installation package
[root@m01 /ansible/php]# ll
total 19236
-rw-r--r-- 1 root root 19674604 Aug 16 17:55 php.tgz

[root@m01 /ansible/wordpress]# ll
total 16048
-rw-r--r-- 1 root root 16429648 Aug 16 17:57 wordpress.tgz

# 6.sersync installation package (modify the configuration file)
[root@m01 /ansible/sersync]# ll
-rw-r--r-- 1 root root    376 Aug 13 10:18 sersyncd.service
-rw-r--r-- 1 root root 727285 Aug 11 22:48 sersync.tgz

Start (write playbook)

Define variables

[root@m01 /ansible/group_vars]# vim all
name: www
id: 666
backup_dir: backup
data_dir: data
nfs_ip: 172.16.1.0/24
install_sersync_dir: app
rsync_passwd_file: /etc/rsync.passwd
rsync_user: abc
rsync_passwd: 123

base project (basic optimization)

[root@m01 /ansible/base]# cat base.yml
- name: Stop Firewalld Server
  service:
    name: firewalld
    state: stopped
    
- name: Disabled Selinux
  selinux:
    state: disabled
   
- name: Create {{ name }} Group
  group:
    name: "{{ name }}"
    gid: "{{ id }}"
  with_items: www
  
- name: Create {{ name }} User
  user:
    name: "{{ name }}"
    uid: "{{ id }}"
    group: "{{ id }}"
    shell: /sbin/nologin
    create_home: no
    
- name: File Limits
  pam_limits:
    domain: '*'
    limit_type: '-'
    limit_item: nofile
    value: '65535'

mariadb project

# Install mariadb
[root@m01 /ansible/mariadb]# vim install_mariadb.yml
- name: Install Mariadb Server
  yum:
    name:
      - mariadb-server
      - MySQL-python
    state: present
  when: ansible_hostname == "db01"

# Start mariadb   
[root@m01 /ansible/mariadb]# vim start_mariadb.yml
- name: Start Mariadb Server
  service:
    name: mariadb
    state: started
    enabled: yes
  when: ansible_hostname == "db01"

# Create database and user
[root@m01 /ansible/mariadb]# vim config_mariadb.yml
- name: Create wordpress Database
  mysql_db:
    name: "{{ item.name }}"
    state: present
    encoding: utf8
  with_items:
    - {name: "wordpress"}
    - {name: "zh"}
  when: ansible_hostname == "db01"
  
- name: Create wordpress User
  mysql_user:
    name: "{{ item.name }}"
    state: present
    priv: "{{ item.priv }}"
    host: "{{item.host }}"
    password: "{{ item.password }}"
  with_items:
    - {name: "wordpress",priv: "*.*:ALL",host: "172.16.1.%",password: "123"}
  when: ansible_hostname == "db01"

rsync project

# Install rsync
[root@m01 /ansible/rsync]# vim install_rsync.yml
- name: Install Rsync Server
  yum:
    name: rsync
    state: present
  when: ansible_hostname == "backup" or ansible_hostname == "nfs"

# Configure rsync
[root@m01 /ansible/rsync]# vim config_rsync.yml
- name: Push Rsync Conf
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - {src: "/ansible/rsync/rsyncd.conf",dest: "/etc/rsyncd.conf"}
  notify: restart rsync
  when: ansible_hostname == "backup"
    
      
- name: Create Rsync Password File
  copy:
    content: abc:123
    dest: "{{ rsync_passwd_file }}"
    owner: root
    group: root
    mode: 0600
  when: ansible_hostname == "backup"
        
- name: Create {{ backup_dir }} Directory
  file: 
    path: /{{ backup_dir }}/web_data
    state: directory
    owner: "{{ name }}"
    group: "{{ name }}"
  when: ansible_hostname == "backup"

# Start rsync
[root@m01 /ansible/rsync]# vim start_rsync.yml
- name: Start Rsync Server
  service:
    name: rsyncd
    state: started
    enabled: yes
  when: ansible_hostname == "backup"
        

nfs project

# Install nfs
[root@m01 /ansible/nfs]# vim install_nfs.yml
- name: Install nfs Server
  yum: 
    name: nfs-utils
    state: present
  when: ansible_hostname == "backup" or ansible_hostname == "nfs" or ansible_hostname == "web01" or ansible_hostname == "web02"
  
# Configure nfs
[root@m01 /ansible/nfs]# vim config_nfs.yml
- name: Config nfs Conf
  copy:
    content: /{{ data_dir }}/web_data {{ nfs_ip }}(rw,sync,all_squash,anonuid={{ id }},anongid={{ id }})
    dest: /etc/exports
  notify: restart nfs
  when: ansible_hostname == "nfs" or ansible_hostname == 'backup'
    
- name: Creat Share Directory
  file: 
    path: /{{ data_dir }}/web_data
    state: directory
    recurse: yes
    owner: "{{ name }}"
    group: "{{ name }}"
  when: ansible_hostname == "nfs" or ansible_hostname == 'backup'

# Start nfs
[root@m01 /ansible/nfs]# vim start_nfs.yml
- name: Start nfs Server
  service:
    name: nfs-server
    state: started
    enabled: yes
  when: ansible_hostname == "nfs" or ansible_hostname == 'backup'

sersync project

# Project preparation
[root@m01 /ansible/sersync]# ll
total 732
-rwxr-xr-x 1 root root   2213 Aug 17 15:15 confxml.xml
-rw-r--r-- 1 root root    376 Aug 16 18:00 sersyncd.service
-rw-r--r-- 1 root root 727286 Aug 17 15:12 sersync.tgz

# Install sersync
[root@m01 /ansible/sersync]# vim install_sersync.yml
- name: Create app Directory
  file:
    path: /{{ install_sersync_dir }}
    state: directory
    recurse: yes
  when: ansible_hostname == "nfs"

- name: Install sersync Server
  unarchive:
    src: /ansible/sersync/sersync.tgz
    dest: /{{ install_sersync_dir }}
  when: ansible_hostname == "nfs"

# Configure sersync
[root@m01 /ansible/sersync]# vim config_sersync.yml
- name: Push All File
  template:
    src:  "{{ item.src }}"
    dest:  "{{ item.dest }}"
  with_items:
    - {src: "./confxml.xml",dest: "/{{ install_sersync_dir }}/GNU-Linux-x86/confxml.xml"}
    - {src: "./sersyncd.service",dest: "/usr/lib/systemd/system/sersyncd.service"}
  notify: restart sersync
  when: ansible_hostname == 'nfs'

- name: Create Password File
  copy:
    content: "{{ rsync_passwd }}"
    dest: "{{ rsync_passwd_file }}"
    mode: 0600
  when: ansible_hostname == "nfs"

# Start sersync
[root@m01 /ansible/sersync]# vim start_sersync.yml
- name: Start sersync Server
  service:
    name: sersyncd
    state: started
    enabled: yes
  when: ansible_hostname == "nfs"
             

nginx project

# Project preparation
[root@m01 /ansible/nginx]# ll
total 20
-rw-r--r-- 1 root root 323 Aug 16 17:54 blog.abc.com.conf
-rw-r--r-- 1 root root 761 Aug 16 17:54 nginx.conf

# Install nginx
[root@m01 /ansible/nginx]# vim install_nginx.yml
- name: Install Nginx Server
  yum:
    name: nginx
    state: present
  when: ansible_hostname is match "web*"
        
# Configure nginx        
[root@m01 /ansible/nginx]# vim config_nginx.yml
- name: Push Nginx Conf
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - {src: "./nginx.conf",dest: "/etc/nginx/nginx.conf"}
    - {src: "./blog.abc.com.conf",dest: "/etc/nginx/conf.d/blog.abc.com.conf"}
  notify: restart nginx
  when: ansible_hostname is match "web*"

# start nginx 
[root@m01 /ansible/nginx]# vim start_nginx.yml
- name: Start Nginx Server
  service:
    name: nginx
    state: started
    enabled: yes   
  when: ansible_hostname is match "web*"

php project

# Project preparation
[root@m01 /ansible/php]# ll
-rw-r--r-- 1 root root 19674604 Aug 16 17:55 php.tgz
-rw-r--r-- 1 root root    17993 Aug 17 16:21 www.conf

# Install PHP
[root@m01 /ansible/php]# vim install_php.yml    
- name: Unarchive php 
  unarchive:
    src: ./php.tgz
    dest: /tmp
  when: ansible_hostname is match "web*"

- name: Judge PHP
  shell: 'rpm -qa|grep php'
  register: get_php
  ignore_errors: yes
  when: ansible_hostname is match 'web*'

- name: Install php Server
  shell: 'rpm -Uvh /tmp/*.rpm'
  ignore_errors: yes
  when: (ansible_hostname == "web01" and get_php.rc != 0) or (ansible_hostname == "web02" and get_php.rc != 0)

# Configuring PHP
[root@m01 /ansible/php]# vim config_php.yml
- name: Push php Conf
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - {src: "./www.conf",dest: "/etc/php-fpm.d/www.conf"}
  notify: 
    - restart php
    - chmod sock
  when: ansible_hostname is match "web*"

# Start PHP
[root@m01 /ansible/php]# vim start_php.yml
- name: Start php Server
  service:
    name: php-fpm
    state: started
    enabled: yes
  when: ansible_hostname is match "web*"
  
- name: Chmod sock
  file:
    path: /dev/shm/php71w.sock
    state: touch
    owner: "{{ name }}"
    group: "{{ name }}"

wordpress project

# Project preparation
[root@m01 /ansible/wordpress]# ll
-rw-r--r-- 1 root root 16429648 Aug 16 17:57 wordpress.tgz


# Install WordPress
[root@m01 /ansible/wordpress]# vim install_wordpress.yml
- name: Create code Directory
  file:
    path: /code
    state: directory
    owner: "{{ name }}"
    group: "{{ name }}"
    recurse: yes
  when: ansible_hostname is match "web*"
   
- name: Unarchive WordPress 
  unarchive:
    src: ./wordpress.tgz
    dest: /code
    owner: "{{ name }}"
    group: "{{ name }}"
  when: ansible_hostname is match "web*"

- name: Create uploads Directory
  file:
    path: /code/wordpress/wp-content/uploads
    state: directory
    recurse: yes
    owner: "{{ name }}"
    group: "{{ name }}"
  when: ansible_hostname is match "web*"
    
- name: Change /var/lib/nginx/ Jurisdiction
  file:
    path: /var/lib/nginx/
    owner: "{{ name }}"
    group: "{{ name }}"
    recurse: yes
  when: ansible_hostname is match "web*"
    


mount-playbook

[root@m01 mount]# vim mounted_wordpress.yml
- name: Mount Wordpress
  mount: 
    path: /code/wordpress/wp-content/uploads
    src: 172.16.1.31:/{{ data_dir }}/web_data
    fstype: nfs
    state: mounted
  when: ansible_hostname is match "web*"

Entry file playbook

[root@m01 /ansible]# vim task.yml
- hosts: all
  tasks:
    - include_tasks: base/base.yml
    - include_tasks: rsync/install_rsync.yml
    - include_tasks: rsync/config_rsync.yml
    - include_tasks: rsync/start_rsync.yml
    - include_tasks: nfs/install_nfs.yml
    - include_tasks: nfs/config_nfs.yml
    - include_tasks: nfs/start_nfs.yml
    - include_tasks: sersync/install_sersync.yml
    - include_tasks: sersync/config_sersync.yml
    - include_tasks: sersync/start_sersync.yml
    - include_tasks: mariadb/install_mariadb.yml
    - include_tasks: mariadb/start_mariadb.yml
    - include_tasks: mariadb/config_mariadb.yml
    - include_tasks: nginx/install_nginx.yml
    - include_tasks: nginx/start_nginx.yml
    - include_tasks: nginx/config_nginx.yml
    - include_tasks: php/install_php.yml
    - include_tasks: php/config_php.yml
    - include_tasks: php/start_php.yml
    - include_tasks: wordpress/install_wordpress.yml
    - include_tasks: mount/mounted_wordpress.yml
    
  handlers: 
    - name: restart rsync
      service: 
        name: rsync 
        state: restarted
        
    - name: restart nfs
      service: 
        name: nfs-server 
        state: restarted
           
    - name: restart sersync
      service: 
        name: sersyncd 
        state: restarted
        
    - name: restart nginx
      service: 
        name: nginx 
        state: reloaded
        
    - name: restart php-fpm
      service: 
        name: php-fpm 
        state: restarted
        
    - name: chmod sock
      file:
        path: /dev/shm/php71w.sock
        owner: "{{ name }}"
        group: "{{ name }}"

Tags: Operation & Maintenance

Posted by nashruddin on Thu, 29 Sep 2022 09:04:36 +0530