鏈接https://galaxy.ansible.com 下載對應的Role,至關於倉庫。從倉庫里拉取相關應用node
讓咱們獲取一個nginx的rolepython
經過Yum安裝RPMs適用於 EPEL 6, 7, 以及仍在支持中的Fedora發行版.這裏咱們直接安裝就行。nginx
sudo yum install ansible
示例git
ansible <host-pattern> [-m module_name] [-a args]github
配置主機列表web
鏈接https://galaxy.ansible.com下載對應的Role,至關於倉庫,能夠找到本身想要的應用的role。shell
下載一個nginx的roleapache
$ ansible-galaxy install nginxinc.nginx
- downloading role 'nginx', owned by nginxinc
- downloading role from https://github.com/nginxinc/ansible-role-nginx/archive/0.11.0.tar.gz
列出相關的本地的rolevim
$ ansible-galaxy list - nginxinc.nginx, 0.11.0
刪除一個roleapi
$ ansible-galaxy remove nginxinc.nginx
- successfully removed nginxinc.nginx
這裏咱們須要準備兩臺主機,咱們須要在主機A上生成祕鑰
ssh-keygen -t rsa
主機清單分組
普通分組 [monserver] 10.10.3.150 10.10.3.151 10.10.3.152 [osdserver] 10.10.3.153 10.10.3.154 10.10.3.155 嵌套分組 [cephserver] 10.10.3.15[0:5]
測試cephserver 主機組是否可用
ansible cephserver -m ping -k SSH password: 10.10.3.150 | SUCCESS => { "changed": false, "ping": "pong" } 10.10.3.152 | SUCCESS => { "changed": false, "ping": "pong" } 10.10.3.151 | SUCCESS => { "changed": false, "ping": "pong" } 10.10.3.153 | SUCCESS => { "changed": false, "ping": "pong" } 10.10.3.154 | SUCCESS => { "changed": false, "ping": "pong" } 10.10.3.155 | SUCCESS => { "changed": false, "ping": "pong" }
分發密鑰
咱們怕密碼不一樣,咱們能夠把密碼配置到主機清單的變量裏。
#方法1 [cephserver:vars] ansible_ssh_user=root ansible_ssh_pass=123 ansible_ssh_port=22 #方法2 [osdserver] 10.10.3.153 ansible_ssh_user=root ansible_ssh_pass=123 ansible_ssh_port=22 10.10.3.154 ansible_ssh_user=root ansible_ssh_pass=456 ansible_ssh_port=22 10.10.3.155 ansible_ssh_user=root ansible_ssh_pass=111 ansible_ssh_port=22
這裏咱們用方法一,咱們使用了authorized_key模塊
ansible cephserver -m authorized_key -a "user=root key='{{lookup('file','/root/.ssh/id_rsa.pub')}}'"
10.10.3.150 | CHANGED => {
"changed": true,
"comment": null,
"exclusive": false,
"follow": false,
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuimpsq0vBZHHR9ypSlQjucyliwNQUppIkimDcTYiYg9ttRf0A3foPd01nXiez8TP52csdrEDUnZsy85fugtvRatu9eWi8BWXzVm0/9m7NuCDzyOqeoBHgiPPqdOwX7Djp4D0BRiu4YqhzTTjC+dkMvxJAxVpx6eyJglfPL7fII3iL0b45F812de869rqgP6CFIkNuiZGPtxCa/ngyP/ILCmhLRSOddflE1QKviV6J7+VHPOtvI1iK0TQMI2HZolf9sj7nzzUE0lH8gH4PLh8OF6Yup8QoBvHv6Y+EN3z7ORLEji1Sv2iUClQHgwcd6CWfAgy1NNURCyl92/t8D54f root@ceph-moni-0",
"key_options": null,
"keyfile": "/root/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "root",
"validate_certs": true
}
10.10.3.152 | CHANGED => {
"changed": true,
"comment": null,
"exclusive": false,
"follow": false,
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuimpsq0vBZHHR9ypSlQjucyliwNQUppIkimDcTYiYg9ttRf0A3foPd01nXiez8TP52csdrEDUnZsy85fugtvRatu9eWi8BWXzVm0/9m7NuCDzyOqeoBHgiPPqdOwX7Djp4D0BRiu4YqhzTTjC+dkMvxJAxVpx6eyJglfPL7fII3iL0b45F812de869rqgP6CFIkNuiZGPtxCa/ngyP/ILCmhLRSOddflE1QKviV6J7+VHPOtvI1iK0TQMI2HZolf9sj7nzzUE0lH8gH4PLh8OF6Yup8QoBvHv6Y+EN3z7ORLEji1Sv2iUClQHgwcd6CWfAgy1NNURCyl92/t8D54f root@ceph-moni-0",
"key_options": null,
"keyfile": "/root/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "root",
"validate_certs": true
}
......
authorized_key
ansible all -m ping 172.16.138.40 | SUCCESS => { "changed": false, "ping": "pong" } 172.16.138.41 | SUCCESS => { "changed": false, "ping": "pong" }
咱們也能夠經過主機組執行命令
$ ansible webhost -m command -a "w" 172.16.138.41 | CHANGED | rc=0 >> 01:35:17 up 29 days, 3:34, 2 users, load average: 0.24, 0.33, 0.27 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 172.16.40.86 23:29 41.00s 0.00s 0.00s -bash root pts/1 k8s-master 01:35 0.00s 0.06s 0.00s w 172.16.138.40 | CHANGED | rc=0 >> 01:35:18 up 29 days, 3:34, 3 users, load average: 0.98, 0.88, 0.86 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 172.16.40.86 23:06 1:08m 0.29s 0.29s -bash root pts/1 172.16.40.86 01:26 6.00s 1.11s 0.00s ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/2c6989e158 -tt 172.16.138.40 /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1553146517.04-153785974352870/AnsiballZ_command.py && sleep 0' root pts/3 k8s-master 01:35 1.00s 0.10s 0.01s w
這裏還有一個shell模塊。一樣也支持寫一個命令。
ansible 172.16.138.41 -m copy -a "src=/etc/ansible dest=/tmp/ansible_test owner=root group=root mode=755" 172.16.138.41 | CHANGED => { "changed": true, "dest": "/tmp/ansible_test/", "src": "/etc/ansible" }
咱們看一下目標主機下/tmp目錄
[root@node02 tmp]# ls ansible_test [root@node02 tmp]# ls ansible_test/ ansible [root@node02 tmp]#
須要注意的是,若是目標主機沒有這個目錄會自動建立這個目錄,若是拷貝是文件,目標主機指定的名字和源若是不一樣,而且不是已經存在的目錄,至關於copy過去又重命名。但相反,若是目標主機上已經處在的目錄,則會直接把文件copy到該目錄下。
抓取遠程節點上的文件,只能複製遠程單個文件,不能複製目錄
$ ansible all -m fetch -a "src=/var/log/messages dest=/root/logs" 10.10.3.150 | CHANGED => { "changed": true, "checksum": "1e74d4714c730e75b453868a1a842e05b5e1504a", "dest": "/root/logs/10.10.3.150/var/log/messages", "md5sum": "32f20a6108ec6a30e5a81435b329c690", "remote_checksum": "1e74d4714c730e75b453868a1a842e05b5e1504a", "remote_md5sum": null } ..... 咱們用tree查看一下目錄 $ tree . ├── 10.10.3.150 │ └── var │ └── log │ └── messages ├── 10.10.3.151 │ └── var │ └── log │ └── messages ├── 10.10.3.152 │ └── var │ └── log │ └── messages ├── 10.10.3.153 │ └── var │ └── log │ └── messages ├── 10.10.3.154 │ └── var │ └── log │ └── messages └── 10.10.3.155 └── var └── log └── messages
建立一個文件夾
ansible all -m file -a "path=/data state=directory" 10.10.3.154 | CHANGED => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/data", "size": 6, "state": "directory", "uid": 0 } .........
建立文件
ansible all -m file -a "path=/data/zzk state=touch" 10.10.3.150 | CHANGED => { "changed": true, "dest": "/data/zzk", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0 } ..........
刪除文件
ansible all -m file -a "path=/data/zzk state=absent" 10.10.3.153 | CHANGED => { "changed": true, "path": "/data/zzk", "state": "absent" }
咱們先隨便寫一個腳本
#!/bin/bash date >> /tmp/data.txt
ansible須要先把腳本copy到對應主機上
$ ansible 172.16.138.41 -m copy -a "src=/tmp/1.sh dest=/tmp/test.sh owner=root group=root mode=755"
172.16.138.41 | CHANGED => {
"changed": true,
"checksum": "a0d6b0777539641b9aab412a0297b1273e836bbb",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "fc416150a5e218531c550b98e6ea35b6",
"mode": "0755",
"owner": "root",
"size": 36,
"src": "/root/.ansible/tmp/ansible-tmp-1553151731.05-254487603693246/source",
"state": "file",
"uid": 0
}
執行遠程腳本
ansible 172.16.138.41 -m shell -a "/tmp/test.sh" 172.16.138.41 | CHANGED | rc=0 >>
ansible 172.16.138.41 -m cron -a "name='test cron' job='touch /tmp/111.txt' weekday=6" 172.16.138.41 | CHANGED => { "changed": true, "envs": [], "jobs": [ "test cron" ] }
咱們看一下目錄主機的定時任務
$ crontab -l #Ansible: test cron * * * * 6 touch /tmp/111.txt
咱們看到有個Ansible的表示,下面是定時任務的內容。
咱們能夠經過state=absent 來刪除定時任務
$ ansible 172.16.138.41 -m cron -a "name='test cron' state=absent" 172.16.138.41 | CHANGED => { "changed": true, "envs": [], "jobs": [] }
playbook就是把一些模塊的集合搞到一個文件裏。play的主要功能在於將事先歸爲一組的主機裝扮成事先經過ansible中的task定義好的角色,從根原本講,所謂的task無非是調用ansible的一個module。將多個play組織在一個playbook中,既可讓他們連通起來按事先編排的機制同唱一臺戲。
核心元素:
例如:
--- #表示開始 - hosts: 172.16.138.41 #指定遠程主機 remote_user: root #指定遠程用戶 tasks: #任務 - name: test_playbook #任務名字 shell: touch /tmp/playbook.txt #具體的任務,核心
執行
ansible-playbook /etc/ansible/test.yaml PLAY [172.16.138.41] ****************************************************************************************************************** TASK [Gathering Facts] **************************************************************************************************************** ok: [172.16.138.41] TASK [test_playbook] ****************************************************************************************************************** [WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. changed: [172.16.138.41] PLAY RECAP **************************************************************************************************************************** 172.16.138.41 : ok=2 changed=1 unreachable=0 failed=0
在palybook中使用file模塊和user模塊
--- - host: monserver remote_user: root tasks: - name: create new file file: name=/data/newfile state=touch - name: create net user user: name=test1
這裏咱們使用-C參數,-C 是測試一下,不執行真正的結果
ansible-playbook -C test.yaml PLAY [monserver] *************************************************************************************** TASK [Gathering Facts] ********************************************************************************* ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [create new file] ********************************************************************************* ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [create net user] ********************************************************************************* changed: [10.10.3.150] changed: [10.10.3.152] changed: [10.10.3.151] PLAY RECAP ********************************************************************************************* 10.10.3.150 : ok=3 changed=1 unreachable=0 failed=0 10.10.3.151 : ok=3 changed=1 unreachable=0 failed=0 10.10.3.152 : ok=3 changed=1 unreachable=0 failed=0
查看playbook執行文件中有哪些主機
ansible-playbook test.yaml --list-hosts playbook: test.yaml play #1 (monserver): monserver TAGS: [] pattern: [u'monserver'] hosts (3): 10.10.3.152 10.10.3.150 10.10.3.151
查看playbook執行文件中,有哪些任務
ansible-playbook test.yaml --list-tasks playbook: test.yaml play #1 (monserver): monserver TAGS: [] tasks: create new file TAGS: [] create net user TAGS: []
在指定主機下執行
ansible-playbook test.yaml --limit 10.10.3.152 PLAY [monserver] *************************************************************************************** TASK [Gathering Facts] ********************************************************************************* ok: [10.10.3.152] TASK [create new file] ********************************************************************************* changed: [10.10.3.152] TASK [create net user] ********************************************************************************* changed: [10.10.3.152] PLAY RECAP ********************************************************************************************* 10.10.3.152 : ok=3 changed=2 unreachable=0 failed=0
變量的來源:
咱們建立一個用戶。經過變量傳過去
--- - name: create_user hosts: 172.16.138.41 remote_user: root gather_facts: false vars: - user: "zzkk" tasks: - name: create-user user: name="{{ user }}"
執行:
ansible-playbook /etc/ansible/user.yaml PLAY [create_user] ******************************************************************************************************************** TASK [create-user] ******************************************************************************************************************** changed: [172.16.138.41] PLAY RECAP **************************************************************************************************************************** 172.16.138.41 : ok=1 changed=1 unreachable=0 failed=0
測試
--- - hosts: monserver remote_user: root tasks: - name: install httpd package yum: name={{ pkname }} - name: start service service: name={{ pkname }} state=started enabled=yes
執行
ansible-playbook -e 'pkname=vsftpd' app.yaml PLAY [monserver] *************************************************************************************** TASK [Gathering Facts] ********************************************************************************* ok: [10.10.3.152] ok: [10.10.3.150] ok: [10.10.3.151] TASK [install httpd package] *************************************************************************** changed: [10.10.3.152] changed: [10.10.3.150] changed: [10.10.3.151] TASK [start service] *********************************************************************************** changed: [10.10.3.150] changed: [10.10.3.152] changed: [10.10.3.151] PLAY RECAP ********************************************************************************************* 10.10.3.150 : ok=3 changed=2 unreachable=0 failed=0 10.10.3.151 : ok=3 changed=2 unreachable=0 failed=0 10.10.3.152 : ok=3 changed=2 unreachable=0 failed=0
palybook中定義變量
--- - hosts: monserver remote_user: root vars: - pkname: vsftpd tasks: - name: install httpd package yum: name={{ pkname }} - name: start service service: name={{ pkname }} state=started enabled=yes
執行
$ ansible-playbook app.yaml PLAY [monserver] ************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************** ok: [10.10.3.152] ok: [10.10.3.150] ok: [10.10.3.151] TASK [install httpd package] ************************************************************************************** changed: [10.10.3.150] changed: [10.10.3.152] changed: [10.10.3.151] TASK [start service] ********************************************************************************************** changed: [10.10.3.150] changed: [10.10.3.152] changed: [10.10.3.151] PLAY RECAP ******************************************************************************************************** 10.10.3.150 : ok=3 changed=2 unreachable=0 failed=0 10.10.3.151 : ok=3 changed=2 unreachable=0 failed=0 10.10.3.152 : ok=3 changed=2 unreachable=0 failed=0
主機清單中定義變量
廣泛變量,就是定義單個主機的變量
[monserver] 10.10.3.150 http_port=81 10.10.3.151 http_port=80 10.10.3.152 http_port=82
--- - hosts: monserver remote_user: root tasks: - name: hostname hostname: name=user{{ http_port }}
執行
ansible-playbook -C host.yaml PLAY [monserver] ************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************** ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [hostname] *************************************************************************************************** changed: [10.10.3.150] changed: [10.10.3.151] changed: [10.10.3.152] PLAY RECAP ******************************************************************************************************** 10.10.3.150 : ok=2 changed=1 unreachable=0 failed=0 10.10.3.151 : ok=2 changed=1 unreachable=0 failed=0 10.10.3.152 : ok=2 changed=1 unreachable=0 failed=0
公共變量
[cephserver:vars] ansible_ssh_user=root ansible_ssh_pass=123 ansible_ssh_port=22
建立三個文件,並修復其權限爲600
--- - hosts: 172.16.138.41 user: root task: - name: "touch 1 2 3 file and change file mode" file: path=/tmp/{{ item }} state=touch mode=600 with_items: - 1.txt - 2.txt - 3.txt
執行:
ansible-playbook /etc/ansible/while.yaml PLAY [172.16.138.41] ****************************************************************************************************************** TASK [Gathering Facts] **************************************************************************************************************** ok: [172.16.138.41] TASK [touch 1 2 3 file and change file mode] ****************************************************************************************** changed: [172.16.138.41] => (item=1.txt) changed: [172.16.138.41] => (item=2.txt) changed: [172.16.138.41] => (item=3.txt) PLAY RECAP **************************************************************************************************************************** 172.16.138.41 : ok=2 changed=1 unreachable=0 failed=0
咱們查看一下gather_facts收集到的信息,來做爲咱們判斷的條件,這裏咱們要獲取IP地址。
ansible 172.16.138.41 -m setup .... "ansible_ens160": { "active": true, "device": "ens160", .... "ipv4": { "address": "172.16.138.41", "broadcast": "172.16.138.255", "netmask": "255.255.255.0", "network": "172.16.138.0" }, ....
咱們寫一個判斷條件 當ansible_ens160.ipv4.address = 172.16.138.41 執行建立文件
--- - hosts: webhost user: root gather_facts: True tasks: - name: stady when shell: touch /tmp/when.txt when: ansible_ens160.ipv4.address == "172.16.138.41"
執行結果:
ansible-playbook /etc/ansible/when.yaml PLAY [webhost] ************************************************************************************************************************ TASK [Gathering Facts] **************************************************************************************************************** ok: [172.16.138.41] ok: [172.16.138.40] TASK [stady when] ********************************************************************************************************************* skipping: [172.16.138.40] [WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. changed: [172.16.138.41] PLAY RECAP **************************************************************************************************************************** 172.16.138.40 : ok=1 changed=0 unreachable=0 failed=0 172.16.138.41 : ok=2 changed=1 unreachable=0 failed=0
這裏咱們看到跳過172.16.138.40,在172.16.138.41中執行。
module 具備」冪等」性,因此當遠端系統被人改動時,能夠重放 playbooks 達到恢復的目的. playbooks 自己能夠識別這種改動,而且有一個基本的 event system(事件系統),能夠響應這種改動.
(當發生改動時)’notify’ actions 會在 playbook 的每個 task 結束時被觸發,並且即便有多個不一樣的 task 通知改動的發生, ‘notify’ actions 只會被觸發一次.
舉例來講,好比多個 resources 指出由於一個配置文件被改動,因此 apache 須要從新啓動,可是從新啓動的操做只會被執行一次.
樣例:
安裝http服務,並將配置文件copy到遠程服務裏
---
- hosts: monserver
remote_user: root
tasks:
- name: install httpd package
yum: name=httpd
- name: copy conf file
copy: src=files/httpd.conf dest=/etc/httpd/ backup=yes
- name: start service
service: name=httpd state=started enabled=yes
執行:
$ ansible-playbook httpd.yaml
PLAY [monserver] ***************************************************************************************
TASK [Gathering Facts] *********************************************************************************
ok: [10.10.3.152]
ok: [10.10.3.151]
ok: [10.10.3.150]
TASK [install httpd package] ***************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]
TASK [start service] ***********************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]
PLAY RECAP *********************************************************************************************
10.10.3.150 : ok=3 changed=2 unreachable=0 failed=0
10.10.3.151 : ok=3 changed=2 unreachable=0 failed=0
10.10.3.152 : ok=3 changed=2 unreachable=0 failed=0
確認是否安裝成功
ansible monserver -m shell -a "ss -ntlp | grep :80" 10.10.3.152 | CHANGED | rc=0 >> LISTEN 0 128 :::80 :::* users:(("httpd",pid=7626,fd=4),("httpd",pid=7625,fd=4),("httpd",pid=7624,fd=4),("httpd",pid=7623,fd=4),("httpd",pid=7622,fd=4),("httpd",pid=7621,fd=4)) 10.10.3.151 | CHANGED | rc=0 >> LISTEN 0 128 :::80 :::* users:(("httpd",pid=20020,fd=4),("httpd",pid=20019,fd=4),("httpd",pid=20018,fd=4),("httpd",pid=20017,fd=4),("httpd",pid=20016,fd=4),("httpd",pid=20015,fd=4)) 10.10.3.150 | CHANGED | rc=0 >> LISTEN 0 128 :::80 :::* users:(("httpd",pid=3437,fd=4),("httpd",pid=3436,fd=4),("httpd",pid=3435,fd=4),("httpd",pid=3434,fd=4),("httpd",pid=3433,fd=4),("httpd",pid=3432,fd=4))
這裏咱們將配置文件的http端口改爲81
..... # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses. # #Listen 12.34.56.78:80 Listen 81 .....
讓咱們從新執行palybook,看看會發生什麼
$ ansible-playbook httpd.yaml PLAY [monserver] *************************************************************************************** TASK [Gathering Facts] ********************************************************************************* ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [install httpd package] *************************************************************************** ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [copy conf file] ********************************************************************************** changed: [10.10.3.152] changed: [10.10.3.150] changed: [10.10.3.151] TASK [start service] *********************************************************************************** ok: [10.10.3.152] ok: [10.10.3.150] ok: [10.10.3.151] PLAY RECAP ********************************************************************************************* 10.10.3.150 : ok=4 changed=1 unreachable=0 failed=0 10.10.3.151 : ok=4 changed=1 unreachable=0 failed=0 10.10.3.152 : ok=4 changed=1 unreachable=0 failed=0
其實這裏咱們發現,任務只執行了「copy conf file」這個task,咱們再堅持一下遠程端口看看有沒有啓動81
$ ansible monserver -m shell -a "ss -ntlp | grep :81" 10.10.3.150 | FAILED | rc=1 >> non-zero return code 10.10.3.152 | FAILED | rc=1 >> non-zero return code 10.10.3.151 | FAILED | rc=1 >> non-zero return code
咱們能夠看到這裏報錯, 沒有返回對應的端口,說明就沒有啓動81端口,咱們須要的發現配置文件發送變化,就自動重啓。這裏咱們使用handler來實現
--- - hosts: monserver remote_user: root tasks: - name: install httpd package yum: name=httpd - name: copy conf file copy: src=files/httpd.conf dest=/etc/httpd/ backup=yes notify: restart service - name: start service service: name=httpd state=started enabled=yes handlers: - name: restart service service: name=httpd state=restarted
執行驗證:
$ ansible-playbook httpd.yaml PLAY [monserver] *************************************************************************************** TASK [Gathering Facts] ********************************************************************************* ok: [10.10.3.150] ok: [10.10.3.151] ▽ ok: [10.10.3.152] TASK [install httpd package] *************************************************************************** ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [copy conf file] ********************************************************************************** changed: [10.10.3.152] changed: [10.10.3.150] changed: [10.10.3.151] TASK [start service] *********************************************************************************** ok: [10.10.3.152] ok: [10.10.3.150] ok: [10.10.3.151] RUNNING HANDLER [restart service] ********************************************************************** changed: [10.10.3.152] changed: [10.10.3.150] changed: [10.10.3.151] PLAY RECAP ********************************************************************************************* 10.10.3.150 : ok=5 changed=2 unreachable=0 failed=0 10.10.3.151 : ok=5 changed=2 unreachable=0 failed=0 10.10.3.152 : ok=5 changed=2 unreachable=0 failed=0
$ ansible monserver -m shell -a "ss -ntlp | grep :81"
10.10.3.150 | CHANGED | rc=0 >>
LISTEN 0 128 :::81 :::* users:(("httpd",pid=6255,fd=4),("httpd",pid=6254,fd=4),("httpd",pid=6253,fd=4),("httpd",pid=6252,fd=4),("httpd",pid=6251,fd=4),("httpd",pid=6250,fd=4))
10.10.3.151 | CHANGED | rc=0 >>
LISTEN 0 128 :::81 :::* users:(("httpd",pid=21469,fd=4),("httpd",pid=21468,fd=4),("httpd",pid=21467,fd=4),("httpd",pid=21466,fd=4),("httpd",pid=21465,fd=4),("httpd",pid=21464,fd=4))
10.10.3.152 | CHANGED | rc=0 >>
LISTEN 0 128 :::81 :::* users:(("httpd",pid=9087,fd=4),("httpd",pid=9086,fd=4),("httpd",pid=9085,fd=4),("httpd",pid=9084,fd=4),("httpd",pid=9083,fd=4),("httpd",pid=9082,fd=4))
簡單使用方法:
在當前目錄下建立templates目錄,下負責nginx的配置文件
建立一個playbook
--- - hosts: monserver remote_user: root tasks: - name: install nginx yum: name=nginx - name: copy template template: src=templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf - name: start nginx service: name=nginx state=started enabled=yes
執行:
ansible-playbook temp.yaml PLAY [monserver] ************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************** ok: [10.10.3.150] ok: [10.10.3.151] ok: [10.10.3.152] TASK [install nginx] ********************************************************************************************** changed: [10.10.3.150] changed: [10.10.3.152] changed: [10.10.3.151] TASK [copy template] ********************************************************************************************** ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [start nginx] ************************************************************************************************ changed: [10.10.3.152] changed: [10.10.3.151] changed: [10.10.3.150] PLAY RECAP ******************************************************************************************************** 10.10.3.150 : ok=4 changed=2 unreachable=0 failed=0 10.10.3.151 : ok=4 changed=2 unreachable=0 failed=0 10.10.3.152 : ok=4 changed=2 unreachable=0 failed=0
咱們使用系統變量修改nginx work進程數:
獲取變量的方法,咱們可使用 ansible monserver -m setup | grep "processor" 獲取CPU個數
修改nginx模板文件
$ vim templates/nginx.conf.j2 # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes {{ ansible_processor_vcpus**2 }}; error_log /var/log/nginx/error.log; .....
修改playbook使用handlers
--- - hosts: monserver remote_user: root tasks: - name: install nginx yum: name=nginx - name: copy template template: src=templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf notify: restart nginx - name: start nginx service: name=nginx state=started enabled=yes handlers: - name: restart nginx service: name=nginx state=restarted
執行:
ansible-playbook temp.yaml PLAY [monserver] ************************************************************************************************** TASK [Gathering Facts] ******************************************************************************************** ok: [10.10.3.150] ok: [10.10.3.151] ok: [10.10.3.152] ▽ TASK [install nginx] ********************************************************************************************** ok: [10.10.3.150] ok: [10.10.3.151] ok: [10.10.3.152] TASK [copy template] ********************************************************************************************** changed: [10.10.3.150] changed: [10.10.3.152] changed: [10.10.3.151] TASK [start nginx] ************************************************************************************************ ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] RUNNING HANDLER [restart nginx] *********************************************************************************** changed: [10.10.3.150] changed: [10.10.3.152] changed: [10.10.3.151] PLAY RECAP ******************************************************************************************************** 10.10.3.150 : ok=5 changed=2 unreachable=0 failed=0 10.10.3.151 : ok=5 changed=2 unreachable=0 failed=0 10.10.3.152 : ok=5 changed=2 unreachable=0 failed=0
驗證:
$ ansible monserver -m shell -a "ps -ef | grep nginx " 10.10.3.151 | CHANGED | rc=0 >> root 24713 1 0 14:40 ? 00:00:00 nginx: master process /usr/sbin/nginx nginx 24714 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24715 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24716 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24717 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24718 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24719 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24720 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24721 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24722 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24723 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24724 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24725 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24726 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24727 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24728 24713 0 14:40 ? 00:00:00 nginx: worker process nginx 24729 24713 0 14:40 ? 00:00:00 nginx: worker process root 24850 24849 0 14:41 pts/0 00:00:00 /bin/sh -c ps -ef | grep nginx root 24852 24850 0 14:41 pts/0 00:00:00 grep nginx ....
一樣也能夠引用主機清單、playbook等裏面的變量。
when 既中文含義是「當」,當怎麼怎麼就怎麼怎麼
當hostname=ceph-osd-1的時候安裝服務
--- - hosts: cephserver remote_user: root tasks: - name: install nginx when: ansible_hostname == "ceph-osd-1" yum: name=nginx - name: copy template when: ansible_hostname == "ceph-osd-1" template: src=templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf notify: restart nginx - name: start nginx when: ansible_hostname == "ceph-osd-1" service: name=nginx state=started enabled=yes handlers: - name: restart nginx service: name=nginx state=restarted
--- - hosts: monserver remote_user: root tasks: - name: create some file file: name=/data/{{ item }} state=touch with_items: - file1 - file2 - file3 - name: install spme packages yum: name= {{ item }} with_items: - htop - sl - hping3
執行:
ansible-playbook -C testitem.yaml PLAY [monserver] ********************************************************************************************************** TASK [Gathering Facts] **************************************************************************************************** ok: [10.10.3.150] ok: [10.10.3.151] ok: [10.10.3.152] TASK [create some file] *************************************************************************************************** ok: [10.10.3.150] => (item=file1) ok: [10.10.3.152] => (item=file1) ok: [10.10.3.151] => (item=file1) ok: [10.10.3.150] => (item=file2) ok: [10.10.3.152] => (item=file2) ok: [10.10.3.151] => (item=file2) ok: [10.10.3.150] => (item=file3) ok: [10.10.3.152] => (item=file3) ok: [10.10.3.151] => (item=file3) TASK [install spme packages] ********************************************************************************************** ok: [10.10.3.152] => (item=htop) ok: [10.10.3.150] => (item=htop) ok: [10.10.3.151] => (item=htop) ok: [10.10.3.152] => (item=sl) ok: [10.10.3.150] => (item=sl) ok: [10.10.3.151] => (item=sl) ok: [10.10.3.152] => (item=hping3) ok: [10.10.3.150] => (item=hping3) ok: [10.10.3.151] => (item=hping3) PLAY RECAP **************************************************************************************************************** 10.10.3.150 : ok=3 changed=0 unreachable=0 failed=0 10.10.3.151 : ok=3 changed=0 unreachable=0 failed=0 10.10.3.152 : ok=3 changed=0 unreachable=0 failed=0 [root@ceph-moni-0 ansible]# ansible-playbook testitem.yaml PLAY [monserver] ********************************************************************************************************** TASK [Gathering Facts] **************************************************************************************************** ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [create some file] *************************************************************************************************** changed: [10.10.3.152] => (item=file1) changed: [10.10.3.151] => (item=file1) ▽ changed: [10.10.3.150] => (item=file1) changed: [10.10.3.150] => (item=file2) changed: [10.10.3.152] => (item=file2) changed: [10.10.3.151] => (item=file2) changed: [10.10.3.150] => (item=file3) changed: [10.10.3.152] => (item=file3) changed: [10.10.3.151] => (item=file3) TASK [install spme packages] ********************************************************************************************** ok: [10.10.3.152] => (item=htop) ok: [10.10.3.151] => (item=htop) ok: [10.10.3.150] => (item=htop) ok: [10.10.3.151] => (item=sl) ok: [10.10.3.152] => (item=sl) ok: [10.10.3.150] => (item=sl) ok: [10.10.3.151] => (item=hping3) ok: [10.10.3.152] => (item=hping3) ok: [10.10.3.150] => (item=hping3) PLAY RECAP **************************************************************************************************************** 10.10.3.150 : ok=3 changed=1 unreachable=0 failed=0 10.10.3.151 : ok=3 changed=1 unreachable=0 failed=0 10.10.3.152 : ok=3 changed=1 unreachable=0 failed=0
驗證:
ansible monserver -m shell -a "ls /data" 10.10.3.150 | CHANGED | rc=0 >> file1 file2 file3 10.10.3.152 | CHANGED | rc=0 >> file1 file2 file3 newfile 10.10.3.151 | CHANGED | rc=0 >> file1 file2 file3
迭代嵌套子變量,使用字典
--- - hosts: monserver remote_user: root tasks: - name: create some group group: name={{ item }} with_items: - g1 - g2 - g3 - name: create some users user: name={{ item.name }} group={{ item.group }} with_items: - {name: 'user1',group: 'g1'} - {name: 'user2',group: 'g2'} - {name: 'user3',group: 'g3'}
執行:
$ ansible-playbook testitem2.yaml PLAY [monserver] ********************************************************************************************************** TASK [Gathering Facts] **************************************************************************************************** ok: [10.10.3.152] ok: [10.10.3.150] ok: [10.10.3.151] TASK [create some group] ************************************************************************************************** ▽ changed: [10.10.3.150] => (item=g1) changed: [10.10.3.152] => (item=g1) changed: [10.10.3.151] => (item=g1) changed: [10.10.3.152] => (item=g2) changed: [10.10.3.150] => (item=g2) changed: [10.10.3.151] => (item=g2) changed: [10.10.3.152] => (item=g3) changed: [10.10.3.150] => (item=g3) changed: [10.10.3.151] => (item=g3) TASK [create some users] ************************************************************************************************** changed: [10.10.3.152] => (item={u'group': u'g1', u'name': u'user1'}) changed: [10.10.3.151] => (item={u'group': u'g1', u'name': u'user1'}) changed: [10.10.3.150] => (item={u'group': u'g1', u'name': u'user1'}) changed: [10.10.3.152] => (item={u'group': u'g2', u'name': u'user2'}) changed: [10.10.3.150] => (item={u'group': u'g2', u'name': u'user2'}) changed: [10.10.3.151] => (item={u'group': u'g2', u'name': u'user2'}) changed: [10.10.3.152] => (item={u'group': u'g3', u'name': u'user3'}) changed: [10.10.3.150] => (item={u'group': u'g3', u'name': u'user3'}) changed: [10.10.3.151] => (item={u'group': u'g3', u'name': u'user3'}) PLAY RECAP **************************************************************************************************************** 10.10.3.150 : ok=3 changed=2 unreachable=0 failed=0 10.10.3.151 : ok=3 changed=2 unreachable=0 failed=0 10.10.3.152 : ok=3 changed=2 unreachable=0 failed=0
咱們建立一個變量字段
---
- hosts: monserver
remote_user: root
vars:
ports:
- web1:
name: webhs1
port: 81
rootdir: /data/web1
- web2:
name: webhs2
port: 82
rootdir: /data/web2
- web3:
name: webhs3
port: 83
rootdir: /data/web3
tasks:
- name: copy conf
template: src=for3.conf.j2 dest=/data/for1.conf
建立template模板配置文件
{% for p in ports %} server{ listen {{ p.port }} servername {{ p.name }} documentroot: {{ p.rootdir }} } {% endfor %}
執行:
ansible-playbook for.yaml PLAY [monserver] ********************************************************************************************************** TASK [Gathering Facts] **************************************************************************************************** ok: [10.10.3.152] ok: [10.10.3.150] ok: [10.10.3.151] TASK [copy conf] ********************************************************************************************************** changed: [10.10.3.152] changed: [10.10.3.151] changed: [10.10.3.150] PLAY RECAP **************************************************************************************************************** 10.10.3.150 : ok=2 changed=1 unreachable=0 failed=0 10.10.3.151 : ok=2 changed=1 unreachable=0 failed=0 10.10.3.152 : ok=2 changed=1 unreachable=0 failed=0
需求是,若是name有定義就添加這個配置,若是沒有就不添加,這裏咱們在前面定義的變量裏註釋兩個name
--- - hosts: monserver remote_user: root vars: ports: - web1: # name: webhs1 port: 81 rootdir: /data/web1 - web2: # name: webhs2 port: 82 rootdir: /data/web2 - web3: name: webhs3 port: 83 rootdir: /data/web3 tasks: - name: copy conf template: src=for1.conf.j2 dest=/data/for3.conf
在template中增長判斷
{% for p in ports %} server{ listen {{ p.port }} {% if p.name is defined %} servername {{ p.name }} {% endif %} documentroot: {{ p.rootdir }} } {% endfor %}
執行:
ansible-playbook for1.yaml PLAY [monserver] ********************************************************************************************************** TASK [Gathering Facts] **************************************************************************************************** ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [copy conf] ********************************************************************************************************** changed: [10.10.3.152] changed: [10.10.3.151] changed: [10.10.3.150] PLAY RECAP **************************************************************************************************************** 10.10.3.150 : ok=2 changed=1 unreachable=0 failed=0 10.10.3.151 : ok=2 changed=1 unreachable=0 failed=0 10.10.3.152 : ok=2 changed=1 unreachable=0 failed=0
查看結果:
ansible monserver -m shell -a "cat /data/for3.conf " 10.10.3.150 | CHANGED | rc=0 >> server{ listen 81 documentroot: /data/web1 } server{ listen 82 documentroot: /data/web2 } server{ listen 83 servername webhs3 documentroot: /data/web3 } .......
用於層次性,結構化地組織playbook,roles可以根據層次型結構自動裝載變量文件,tasks以及handlers等。要使用roles只須要在playbook中使用include指令便可。簡單講,roles就是經過將變量、文件、任務、模板及處理器放置於單獨的目錄裏。並能夠便捷的include他們的一種機制。角色通常用於基於主機構建服務的場景中,但也能夠是用於構建守護進程等場景中。
Role各目錄做用:
需求:
經過role安裝nginx,安裝nginx的步驟:
咱們根據需求和上面的解釋,場景對應的目錄:
mkdir -p testroles/roles/nginx/{tasks,templates}
上面的一、二、3是tasks任務,因此咱們會再tasks目錄下一一建立
$ vim group.yaml - name: create group group: name=nginx $ vim user.yaml - name: create user user: name=nginx group=nginx system=yes shell=/sbin/nologin $ vim yum.yaml - name: install package yum: name=nginx $ vim start.yaml - name: start nginx service: name=nginx state=started $ vim restart.yaml - name: restart nginx service: name=nginx state=restarted
$ vim temp.yaml
- name: copy config
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
建立配置文件模板
$ vim ../templates/nginx.conf.j2 For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes {{ ansible_processor_vcpus**2 }}; error_log /var/log/nginx/error.log; pid /run/nginx.pid; ........
這裏咱們的配置文件準備完成了。接下來是關鍵是怎麼調用,這時候咱們須要一個總的tasks文件(main.yaml)。
$ vim roles/nginx/tasks/main.yaml - include: group.yaml - include: user.yaml - include: yum.yaml - include: temp.yaml - include: start.yaml
這裏咱們在role目錄平級的目錄建立一個劇本,寫具體怎麼調用:
$ vim nginx-role.yaml - hosts: monserver remote_user: root roles: - role: nginx
執行:
ansible-playbook -C nginx-role.yaml PLAY [monserver] ******************************************************************************* TASK [Gathering Facts] ************************************************************************* ok: [10.10.3.150] ok: [10.10.3.152] ok: [10.10.3.151] TASK [nginx : create group] ******************************************************************** changed: [10.10.3.152] changed: [10.10.3.151] changed: [10.10.3.150] TASK [nginx : create user] ********************************************************************* changed: [10.10.3.150] changed: [10.10.3.152] changed: [10.10.3.151] TASK [nginx : install package] ***************************************************************** changed: [10.10.3.151] changed: [10.10.3.152] changed: [10.10.3.150] TASK [nginx : copy config] ********************************************************************* changed: [10.10.3.152] changed: [10.10.3.151] changed: [10.10.3.150] TASK [nginx : start nginx] ********************************************************************* changed: [10.10.3.152] changed: [10.10.3.151] changed: [10.10.3.150] PLAY RECAP ************************************************************************************* 10.10.3.150 : ok=6 changed=5 unreachable=0 failed=0 10.10.3.151 : ok=6 changed=5 unreachable=0 failed=0 10.10.3.152 : ok=6 changed=5 unreachable=0 failed=0 [root@ceph-moni-0 testroles]# ansible-playbook nginx-role.yaml PLAY [monserver] ******************************************************************************* TASK [Gathering Facts] ************************************************************************* ok: [10.10.3.150] ok: [10.10.3.151] ok: [10.10.3.152] TASK [nginx : create group] ******************************************************************** changed: [10.10.3.152] changed: [10.10.3.150] changed: [10.10.3.151] TASK [nginx : create user] ********************************************************************* changed: [10.10.3.152] changed: [10.10.3.150] changed: [10.10.3.151] TASK [nginx : install package] ***************************************************************** changed: [10.10.3.152] changed: [10.10.3.150] changed: [10.10.3.151] TASK [nginx : copy config] ********************************************************************* changed: [10.10.3.150] changed: [10.10.3.152] changed: [10.10.3.151] TASK [nginx : start nginx] ********************************************************************* changed: [10.10.3.152] changed: [10.10.3.150] changed: [10.10.3.151] PLAY RECAP ************************************************************************************* 10.10.3.150 : ok=6 changed=5 unreachable=0 failed=0 10.10.3.151 : ok=6 changed=5 unreachable=0 failed=0 10.10.3.152 : ok=6 changed=5 unreachable=0 failed=0