Ansible-基礎

Ansible架構

  • Inventory   主機清單,能夠對主機分組
  • ansible-hoc   ansible的命令,適用臨時場景
  • ansible-playbook   ansible是一個場景的集合,是YAML語言
  • 被控端: 被管理的主機
  • 鏈接協議:ansible是用的ssh協議,因此被控端不須要安裝額外的agent,這也是

ansible-galaxy

鏈接https://galaxy.ansible.com 下載對應的Role,至關於倉庫。從倉庫里拉取相關應用node

讓咱們獲取一個nginx的rolepython

 

 

一、安裝

經過Yum安裝RPMs適用於 EPEL 6, 7, 以及仍在支持中的Fedora發行版.這裏咱們直接安裝就行。nginx

sudo yum install ansible

配置文件

  • /etc/ansible/ansible.cfg   主配置文件,配置ansible工做特性
  • /etc/ansible/hosts   主機清單
  • /etc/ansible/roles/  存放角色目錄

程序

  • /usr/bin/ansible   主程序,臨時命令執行工具
  • /usr/bin/ansible-doc  查看配置文檔,模塊文檔
  • /usr/bin/ansible-galaxy  下載\上傳優秀代碼或role模塊的官方平臺
  • /usr/bin/ansible-playbook  定製自動化任務,編排劇本工具
  • /usr/bin/ansible-pull  遠程執行命令工具
  • /usr/bin/ansible-vault  文件加密工具
  • /usr/bin/ansible-console  基於Console界面與用戶交互的執行工具

ansible配置文件詳解

  • inventory      = /etc/ansible/hosts   主機列表配置文件
  • library        = /usr/share/my_modules/   庫文件存放目錄
  • remote_tmp     = ~/.ansible/tmp  臨時py命令文件存放在遠程主機上的目錄
  • local_tmp      = ~/.ansible/tmp  本機的臨時命令執行目錄
  • forks          = 5    默認併發數
  • sudo_user      = root   默認sudo用戶
  • ask_sudo_pass = True  默認sudo用戶是否須要密碼
  • ask_pass      = True  每次執行ansible命令詢問是否須要密碼
  • remote_port    = 22   默認ssh端口
  • host_key_checking = False  檢查對應主機的host_key,建議取消註釋
  • logpath =/var/log/ansible.log 日誌文件存放位置

ansible-doc

  • -a 列出全部模塊文檔(太多不建議)
  • -l  --list 列出全部模塊
  • -s --snippet 顯示指定模塊的playbook模塊

示例git

  • ansible-doc -l   列出全部模塊
  • ansible-doc ping   查看ping模塊文檔
  • ansible-doc -s  ping   查看ping模塊幫助用法

ansible命令用法

ansible <host-pattern> [-m module_name] [-a args]github

  • --version 查看版本
  • -m   指定模塊
  • -v  詳細過程 -vv -vvv更詳細
  • --list-hosts  顯示主機列表,可簡寫--list
  • -k  提示輸入ssh鏈接密碼,默認key驗證
  • -K 提示輸入sudo時候的口令
  • -C --check 檢查,但不執行
  • -T 執行超時時間,默認10s
  • -u 指定遠程執行的用戶
  • -b 代替舊版本的sudo切換

ansible <host-pattern>的格式

配置主機列表web

  • all 表現全部的主機: ansible all -m ping
  • * 通配符(要加引號):  ansible "*" -m ping  ansible "10.10.3.*" -m ping
  • 或關係: ansible "monserver:ceph*" -m ping
  • 與關係:ansible "monserver:&ceph*" -m ping
  • 非關係(要用‘’號): ansible 'cephserver:!monserver' -m ping

 ansible-galaxy

鏈接https://galaxy.ansible.com下載對應的Role,至關於倉庫,能夠找到本身想要的應用的role。shell

下載一個nginx的roleapache

$ ansible-galaxy install nginxinc.nginx
- downloading role 'nginx', owned by nginxinc
- downloading role from https://github.com/nginxinc/ansible-role-nginx/archive/0.11.0.tar.gz

列出相關的本地的rolevim

$ ansible-galaxy list
- nginxinc.nginx, 0.11.0

刪除一個roleapi

$ ansible-galaxy remove nginxinc.nginx
- successfully removed nginxinc.nginx

 

ansible密鑰分發

這裏咱們須要準備兩臺主機,咱們須要在主機A上生成祕鑰

 ssh-keygen -t rsa

主機清單分組

普通分組
[monserver]
10.10.3.150
10.10.3.151
10.10.3.152
[osdserver]
10.10.3.153
10.10.3.154
10.10.3.155
嵌套分組
[cephserver]
10.10.3.15[0:5]

測試cephserver 主機組是否可用

ansible cephserver -m ping -k
SSH password:
10.10.3.150 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
10.10.3.152 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
10.10.3.151 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
10.10.3.153 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
10.10.3.154 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
10.10.3.155 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

分發密鑰

咱們怕密碼不一樣,咱們能夠把密碼配置到主機清單的變量裏。

#方法1
[cephserver:vars]
ansible_ssh_user=root
ansible_ssh_pass=123
ansible_ssh_port=22
#方法2
[osdserver]
10.10.3.153  ansible_ssh_user=root ansible_ssh_pass=123 ansible_ssh_port=22
10.10.3.154  ansible_ssh_user=root ansible_ssh_pass=456 ansible_ssh_port=22
10.10.3.155  ansible_ssh_user=root ansible_ssh_pass=111 ansible_ssh_port=22

這裏咱們用方法一,咱們使用了authorized_key模塊

 ansible cephserver -m  authorized_key -a "user=root key='{{lookup('file','/root/.ssh/id_rsa.pub')}}'"
10.10.3.150 | CHANGED => {
    "changed": true,
    "comment": null,
    "exclusive": false,
    "follow": false,
    "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuimpsq0vBZHHR9ypSlQjucyliwNQUppIkimDcTYiYg9ttRf0A3foPd01nXiez8TP52csdrEDUnZsy85fugtvRatu9eWi8BWXzVm0/9m7NuCDzyOqeoBHgiPPqdOwX7Djp4D0BRiu4YqhzTTjC+dkMvxJAxVpx6eyJglfPL7fII3iL0b45F812de869rqgP6CFIkNuiZGPtxCa/ngyP/ILCmhLRSOddflE1QKviV6J7+VHPOtvI1iK0TQMI2HZolf9sj7nzzUE0lH8gH4PLh8OF6Yup8QoBvHv6Y+EN3z7ORLEji1Sv2iUClQHgwcd6CWfAgy1NNURCyl92/t8D54f root@ceph-moni-0",
    "key_options": null,
    "keyfile": "/root/.ssh/authorized_keys",
    "manage_dir": true,
    "path": null,
    "state": "present",
    "unique": false,
    "user": "root",
    "validate_certs": true
}
10.10.3.152 | CHANGED => {
    "changed": true,
    "comment": null,
    "exclusive": false,
    "follow": false,
    "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuimpsq0vBZHHR9ypSlQjucyliwNQUppIkimDcTYiYg9ttRf0A3foPd01nXiez8TP52csdrEDUnZsy85fugtvRatu9eWi8BWXzVm0/9m7NuCDzyOqeoBHgiPPqdOwX7Djp4D0BRiu4YqhzTTjC+dkMvxJAxVpx6eyJglfPL7fII3iL0b45F812de869rqgP6CFIkNuiZGPtxCa/ngyP/ILCmhLRSOddflE1QKviV6J7+VHPOtvI1iK0TQMI2HZolf9sj7nzzUE0lH8gH4PLh8OF6Yup8QoBvHv6Y+EN3z7ORLEji1Sv2iUClQHgwcd6CWfAgy1NNURCyl92/t8D54f root@ceph-moni-0",
    "key_options": null,
    "keyfile": "/root/.ssh/authorized_keys",
    "manage_dir": true,
    "path": null,
    "state": "present",
    "unique": false,
    "user": "root",
    "validate_certs": true
}
......

authorized_key

  • - exclusive [default: no]: 是否移除 authorized_keys 文件中其它非指定 key
  • - key: SSH public key(s) 能夠是字符串或 url,如:https://github.com/username.keys
  • - key_options [Default: None]: 附加到 key 中的字符串,該字符串會加到 key 的開頭
  • - path [Default: (homedir)+/.ssh/authorized_keys]: 指定 authorized_keys 文件存放的位置
  • - state (Choices: present, absent) [Default: present]: present 添加指定 key 到 authorized_keys 文件中;absent 從 authorized_keys 文件中移除指定 key
  • - user: 指定修改遠端服務器上哪一個用戶的 authorized_keys
  • - manage_dir (Choices: yes, no) [Default: yes]: 指定模塊是否應該管理 authorized key 文件所在的目錄。若是設置爲 yes,模塊會建立目錄,以及設置一個已存在目錄的擁有者和權限。若是經過 path 選項,從新指定了一個 authorized key 文件所在目錄,那麼應該將該選項設置爲 no

二、遠程執行命令

ansible all -m ping
172.16.138.40 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
172.16.138.41 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

咱們也能夠經過主機組執行命令

$ ansible webhost -m command -a  "w"
172.16.138.41 | CHANGED | rc=0 >>
 01:35:17 up 29 days,  3:34,  2 users,  load average: 0.24, 0.33, 0.27
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    172.16.40.86     23:29   41.00s  0.00s  0.00s -bash
root     pts/1    k8s-master       01:35    0.00s  0.06s  0.00s w

172.16.138.40 | CHANGED | rc=0 >>
 01:35:18 up 29 days,  3:34,  3 users,  load average: 0.98, 0.88, 0.86
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    172.16.40.86     23:06    1:08m  0.29s  0.29s -bash
root     pts/1    172.16.40.86     01:26    6.00s  1.11s  0.00s ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/2c6989e158 -tt 172.16.138.40 /bin/sh -c '/usr/bin/python /root/.ansible/tmp/ansible-tmp-1553146517.04-153785974352870/AnsiballZ_command.py && sleep 0'
root     pts/3    k8s-master       01:35    1.00s  0.10s  0.01s w
  • webhost 是指定的主機組
  • -m 是指定模塊
  • -a 是執行的命令

這裏還有一個shell模塊。一樣也支持寫一個命令。

三、管理文件和目錄

ansible 172.16.138.41 -m copy -a "src=/etc/ansible dest=/tmp/ansible_test owner=root group=root mode=755"
172.16.138.41 | CHANGED => {
    "changed": true,
    "dest": "/tmp/ansible_test/",
    "src": "/etc/ansible"
}

咱們看一下目標主機下/tmp目錄

[root@node02 tmp]# ls
ansible_test
[root@node02 tmp]# ls ansible_test/
ansible
[root@node02 tmp]#
  • src 指定源目錄
  • dest 指定目標目錄

須要注意的是,若是目標主機沒有這個目錄會自動建立這個目錄,若是拷貝是文件,目標主機指定的名字和源若是不一樣,而且不是已經存在的目錄,至關於copy過去又重命名。但相反,若是目標主機上已經處在的目錄,則會直接把文件copy到該目錄下。

Fetch模塊

抓取遠程節點上的文件,只能複製遠程單個文件,不能複製目錄

$ ansible all -m fetch -a "src=/var/log/messages dest=/root/logs"
10.10.3.150 | CHANGED => {
    "changed": true,
    "checksum": "1e74d4714c730e75b453868a1a842e05b5e1504a",
    "dest": "/root/logs/10.10.3.150/var/log/messages",
    "md5sum": "32f20a6108ec6a30e5a81435b329c690",
    "remote_checksum": "1e74d4714c730e75b453868a1a842e05b5e1504a",
    "remote_md5sum": null
}
.....
咱們用tree查看一下目錄
$ tree
.
├── 10.10.3.150
│   └── var
│       └── log
│           └── messages
├── 10.10.3.151
│   └── var
│       └── log
│           └── messages
├── 10.10.3.152
│   └── var
│       └── log
│           └── messages
├── 10.10.3.153
│   └── var
│       └── log
│           └── messages
├── 10.10.3.154
│   └── var
│       └── log
│           └── messages
└── 10.10.3.155
    └── var
        └── log
            └── messages

File模塊

建立一個文件夾

ansible all -m file -a "path=/data state=directory"
10.10.3.154 | CHANGED => {
    "changed": true,
    "gid": 0,
    "group": "root",
    "mode": "0755",
    "owner": "root",
    "path": "/data",
    "size": 6,
    "state": "directory",
    "uid": 0
}
.........

建立文件

 ansible all -m file -a "path=/data/zzk state=touch"
10.10.3.150 | CHANGED => {
    "changed": true,
    "dest": "/data/zzk",
    "gid": 0,
    "group": "root",
    "mode": "0644",
    "owner": "root",
    "size": 0,
    "state": "file",
    "uid": 0
}
..........

刪除文件

ansible all -m file -a "path=/data/zzk state=absent"
10.10.3.153 | CHANGED => {
    "changed": true,
    "path": "/data/zzk",
    "state": "absent"
}

 

三、腳本管理

咱們先隨便寫一個腳本

#!/bin/bash
date >> /tmp/data.txt

ansible須要先把腳本copy到對應主機上

$ ansible 172.16.138.41 -m copy  -a "src=/tmp/1.sh dest=/tmp/test.sh owner=root group=root mode=755"
172.16.138.41 | CHANGED => {
    "changed": true,
    "checksum": "a0d6b0777539641b9aab412a0297b1273e836bbb",
    "dest": "/tmp/test.sh",
    "gid": 0,
    "group": "root",
    "md5sum": "fc416150a5e218531c550b98e6ea35b6",
    "mode": "0755",
    "owner": "root",
    "size": 36,
    "src": "/root/.ansible/tmp/ansible-tmp-1553151731.05-254487603693246/source",
    "state": "file",
    "uid": 0
}

執行遠程腳本

ansible 172.16.138.41 -m shell -a "/tmp/test.sh"
172.16.138.41 | CHANGED | rc=0 >>

四、管理任務計劃

ansible 172.16.138.41 -m cron -a "name='test cron' job='touch /tmp/111.txt' weekday=6"
172.16.138.41 | CHANGED => {
    "changed": true,
    "envs": [],
    "jobs": [
        "test cron"
    ]
}
  • cron 定時任務模塊
  • name 指定定時任務的名字
  • job 指定定時任務的內容
  • weekday 指定是時間計劃,也可使用*****表示

咱們看一下目錄主機的定時任務

$ crontab -l
#Ansible: test cron
* * * * 6 touch /tmp/111.txt

咱們看到有個Ansible的表示,下面是定時任務的內容。

咱們能夠經過state=absent 來刪除定時任務

$ ansible 172.16.138.41 -m cron -a "name='test cron' state=absent"
172.16.138.41 | CHANGED => {
    "changed": true,
    "envs": [],
    "jobs": []
}

五、Playbook

playbook就是把一些模塊的集合搞到一個文件裏。play的主要功能在於將事先歸爲一組的主機裝扮成事先經過ansible中的task定義好的角色,從根原本講,所謂的task無非是調用ansible的一個module。將多個play組織在一個playbook中,既可讓他們連通起來按事先編排的機制同唱一臺戲。

核心元素:

  • hosts  執行的主機列表
  • tasks  任務集
  • varniables  內置變量或者自定義變量在playbook中調用
  • templates  模板,能夠替換模板中的變量並實現一些簡單邏輯文件
  • handlers  和notity結合使用,由特定條件觸發的操做,知足條件方可執行,不然不執行。
  • tags  標籤  指定某條任務執行,用於選擇運行playbook中的部分代碼,ansible具備冪等性,所以會自動跳過沒有變化的部分,即使如此,有些代碼爲測試其確實沒有發生變化的時間依然會很是的長。此時,若是確信沒有其餘變化, 就能夠經過tags跳過這些代碼片斷。

例如:

---   #表示開始
- hosts: 172.16.138.41   #指定遠程主機
  remote_user: root   #指定遠程用戶
  tasks:   #任務
    - name: test_playbook   #任務名字
      shell: touch /tmp/playbook.txt   #具體的任務,核心

執行

ansible-playbook /etc/ansible/test.yaml

PLAY [172.16.138.41] ******************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [172.16.138.41]

TASK [test_playbook] ******************************************************************************************************************
 [WARNING]: Consider using the file module with state=touch rather than running 'touch'.  If you need to use command because file is
insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.

changed: [172.16.138.41]

PLAY RECAP ****************************************************************************************************************************
172.16.138.41              : ok=2    changed=1    unreachable=0    failed=0

在palybook中使用file模塊和user模塊

---
- host: monserver
  remote_user: root

  tasks:
    - name: create new file
      file: name=/data/newfile state=touch
    - name: create net user
      user: name=test1

這裏咱們使用-C參數,-C 是測試一下,不執行真正的結果

ansible-playbook -C test.yaml

PLAY [monserver] ***************************************************************************************

TASK [Gathering Facts] *********************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [create new file] *********************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [create net user] *********************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

PLAY RECAP *********************************************************************************************
10.10.3.150                : ok=3    changed=1    unreachable=0    failed=0
10.10.3.151                : ok=3    changed=1    unreachable=0    failed=0
10.10.3.152                : ok=3    changed=1    unreachable=0    failed=0

查看playbook執行文件中有哪些主機

ansible-playbook test.yaml --list-hosts

playbook: test.yaml

  play #1 (monserver): monserver    TAGS: []
    pattern: [u'monserver']
    hosts (3):
      10.10.3.152
      10.10.3.150
      10.10.3.151

查看playbook執行文件中,有哪些任務

ansible-playbook test.yaml --list-tasks

playbook: test.yaml

  play #1 (monserver): monserver    TAGS: []
    tasks:
      create new file    TAGS: []
      create net user    TAGS: []

在指定主機下執行

ansible-playbook test.yaml --limit 10.10.3.152

PLAY [monserver] ***************************************************************************************

TASK [Gathering Facts] *********************************************************************************
ok: [10.10.3.152]

TASK [create new file] *********************************************************************************
changed: [10.10.3.152]

TASK [create net user] *********************************************************************************
changed: [10.10.3.152]

PLAY RECAP *********************************************************************************************
10.10.3.152                : ok=3    changed=2    unreachable=0    failed=0

 

六、Playbook變量

變量的來源:

  • ansible setup facts 來和獲取系統變量,舉例:ansible monserver  -m  setup  過濾:ansible monserver  -m  setup  -a "filter=ansible_hostname"
  • 在/etc/ansible/hosts中定義
  1. 普通變量:主機組中主機單獨定義,優先級高於公共變量
  2. 公共(組)變量:針對主機組中全部主機定義統一變量
  • 經過命令行指定變量,優先級最高。 ansible-playbook -e varname=value
  • 在playbook中定義
  • 在role中定義

 

咱們建立一個用戶。經過變量傳過去

---
- name: create_user
  hosts: 172.16.138.41
  remote_user: root
  gather_facts: false
  vars:
    - user: "zzkk"
  tasks:
    - name: create-user
      user: name="{{ user }}"

執行:

ansible-playbook /etc/ansible/user.yaml

PLAY [create_user] ********************************************************************************************************************

TASK [create-user] ********************************************************************************************************************
changed: [172.16.138.41]

PLAY RECAP ****************************************************************************************************************************
172.16.138.41              : ok=1    changed=1    unreachable=0    failed=0

測試

---
- hosts: monserver
  remote_user: root

  tasks:
    - name: install httpd package
      yum: name={{ pkname }}
    - name: start service
      service: name={{ pkname }} state=started enabled=yes

執行

ansible-playbook -e 'pkname=vsftpd' app.yaml

PLAY [monserver] ***************************************************************************************

TASK [Gathering Facts] *********************************************************************************
ok: [10.10.3.152]
ok: [10.10.3.150]
ok: [10.10.3.151]

TASK [install httpd package] ***************************************************************************
changed: [10.10.3.152]
changed: [10.10.3.150]
changed: [10.10.3.151]

TASK [start service] ***********************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

PLAY RECAP *********************************************************************************************
10.10.3.150                : ok=3    changed=2    unreachable=0    failed=0
10.10.3.151                : ok=3    changed=2    unreachable=0    failed=0
10.10.3.152                : ok=3    changed=2    unreachable=0    failed=0

 palybook中定義變量

---
- hosts: monserver
  remote_user: root
  vars:
    - pkname: vsftpd

  tasks:
    - name: install httpd package
      yum: name={{ pkname }}
    - name: start service
      service: name={{ pkname }} state=started enabled=yes

執行

$ ansible-playbook app.yaml

PLAY [monserver] **************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************
ok: [10.10.3.152]
ok: [10.10.3.150]
ok: [10.10.3.151]

TASK [install httpd package] **************************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

TASK [start service] **********************************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

PLAY RECAP ********************************************************************************************************
10.10.3.150                : ok=3    changed=2    unreachable=0    failed=0
10.10.3.151                : ok=3    changed=2    unreachable=0    failed=0
10.10.3.152                : ok=3    changed=2    unreachable=0    failed=0

主機清單中定義變量

廣泛變量,就是定義單個主機的變量

[monserver]
10.10.3.150 http_port=81
10.10.3.151 http_port=80
10.10.3.152 http_port=82
---
- hosts: monserver
  remote_user: root

  tasks:
    - name: hostname
      hostname: name=user{{ http_port }}

執行

ansible-playbook -C host.yaml

PLAY [monserver] **************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [hostname] ***************************************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.151]
changed: [10.10.3.152]

PLAY RECAP ********************************************************************************************************
10.10.3.150                : ok=2    changed=1    unreachable=0    failed=0
10.10.3.151                : ok=2    changed=1    unreachable=0    failed=0
10.10.3.152                : ok=2    changed=1    unreachable=0    failed=0

公共變量

[cephserver:vars]
ansible_ssh_user=root
ansible_ssh_pass=123
ansible_ssh_port=22

 

 

七、playbook循環

建立三個文件,並修復其權限爲600

---
- hosts: 172.16.138.41
  user: root
  task:
    - name: "touch 1 2 3 file and change file mode"
      file: path=/tmp/{{ item }} state=touch mode=600
      with_items:
        - 1.txt
        - 2.txt
        - 3.txt

執行:

ansible-playbook /etc/ansible/while.yaml

PLAY [172.16.138.41] ******************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [172.16.138.41]

TASK [touch 1 2 3 file and change file mode] ******************************************************************************************
changed: [172.16.138.41] => (item=1.txt)
changed: [172.16.138.41] => (item=2.txt)
changed: [172.16.138.41] => (item=3.txt)

PLAY RECAP ****************************************************************************************************************************
172.16.138.41              : ok=2    changed=1    unreachable=0    failed=0

八、playbook 條件判斷

咱們查看一下gather_facts收集到的信息,來做爲咱們判斷的條件,這裏咱們要獲取IP地址。

ansible 172.16.138.41 -m setup
....
"ansible_ens160": {
            "active": true,
            "device": "ens160",
.... 
 "ipv4": {
                "address": "172.16.138.41",
                "broadcast": "172.16.138.255",
                "netmask": "255.255.255.0",
                "network": "172.16.138.0"
            },
....

咱們寫一個判斷條件 當ansible_ens160.ipv4.address = 172.16.138.41 執行建立文件

---
- hosts: webhost
  user: root
  gather_facts: True
  tasks:
    - name: stady when
      shell: touch /tmp/when.txt
      when: ansible_ens160.ipv4.address == "172.16.138.41"

執行結果:

ansible-playbook /etc/ansible/when.yaml

PLAY [webhost] ************************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [172.16.138.41]
ok: [172.16.138.40]

TASK [stady when] *********************************************************************************************************************
skipping: [172.16.138.40]
 [WARNING]: Consider using the file module with state=touch rather than running 'touch'.  If you need to use command because file is
insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.

changed: [172.16.138.41]

PLAY RECAP ****************************************************************************************************************************
172.16.138.40              : ok=1    changed=0    unreachable=0    failed=0
172.16.138.41              : ok=2    changed=1    unreachable=0    failed=0

這裏咱們看到跳過172.16.138.40,172.16.138.41中執行。

八、playbook Handlers

module 具備」冪等」性,因此當遠端系統被人改動時,能夠重放 playbooks 達到恢復的目的. playbooks 自己能夠識別這種改動,而且有一個基本的 event system(事件系統),能夠響應這種改動.

(當發生改動時)’notify’ actions 會在 playbook 的每個 task 結束時被觸發,並且即便有多個不一樣的 task 通知改動的發生, ‘notify’ actions 只會被觸發一次.

舉例來講,好比多個 resources 指出由於一個配置文件被改動,因此 apache 須要從新啓動,可是從新啓動的操做只會被執行一次.

樣例:

安裝http服務,並將配置文件copy到遠程服務裏

---
- hosts: monserver
  remote_user: root

  tasks:
    - name: install httpd package
      yum: name=httpd
    - name: copy conf file
      copy: src=files/httpd.conf dest=/etc/httpd/ backup=yes
    - name: start service
      service: name=httpd state=started enabled=yes

執行:

$ ansible-playbook httpd.yaml

PLAY [monserver] ***************************************************************************************

TASK [Gathering Facts] *********************************************************************************
ok: [10.10.3.152]
ok: [10.10.3.151]
ok: [10.10.3.150]

TASK [install httpd package] ***************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

TASK [start service] ***********************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

PLAY RECAP *********************************************************************************************
10.10.3.150                : ok=3    changed=2    unreachable=0    failed=0
10.10.3.151                : ok=3    changed=2    unreachable=0    failed=0
10.10.3.152                : ok=3    changed=2    unreachable=0    failed=0

確認是否安裝成功

ansible monserver -m shell -a "ss -ntlp | grep :80"
10.10.3.152 | CHANGED | rc=0 >>
LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=7626,fd=4),("httpd",pid=7625,fd=4),("httpd",pid=7624,fd=4),("httpd",pid=7623,fd=4),("httpd",pid=7622,fd=4),("httpd",pid=7621,fd=4))

10.10.3.151 | CHANGED | rc=0 >>
LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=20020,fd=4),("httpd",pid=20019,fd=4),("httpd",pid=20018,fd=4),("httpd",pid=20017,fd=4),("httpd",pid=20016,fd=4),("httpd",pid=20015,fd=4))

10.10.3.150 | CHANGED | rc=0 >>
LISTEN     0      128         :::80                      :::*                   users:(("httpd",pid=3437,fd=4),("httpd",pid=3436,fd=4),("httpd",pid=3435,fd=4),("httpd",pid=3434,fd=4),("httpd",pid=3433,fd=4),("httpd",pid=3432,fd=4))

這裏咱們將配置文件的http端口改爲81

.....
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 81

.....

讓咱們從新執行palybook,看看會發生什麼

$ ansible-playbook httpd.yaml

PLAY [monserver] ***************************************************************************************

TASK [Gathering Facts] *********************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [install httpd package] ***************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [copy conf file] **********************************************************************************
changed: [10.10.3.152]
changed: [10.10.3.150]
changed: [10.10.3.151]

TASK [start service] ***********************************************************************************
ok: [10.10.3.152]
ok: [10.10.3.150]
ok: [10.10.3.151]

PLAY RECAP *********************************************************************************************
10.10.3.150                : ok=4    changed=1    unreachable=0    failed=0
10.10.3.151                : ok=4    changed=1    unreachable=0    failed=0
10.10.3.152                : ok=4    changed=1    unreachable=0    failed=0

其實這裏咱們發現,任務只執行了「copy conf file」這個task,咱們再堅持一下遠程端口看看有沒有啓動81

$ ansible monserver -m shell -a "ss -ntlp | grep :81"
10.10.3.150 | FAILED | rc=1 >>
non-zero return code

10.10.3.152 | FAILED | rc=1 >>
non-zero return code

10.10.3.151 | FAILED | rc=1 >>
non-zero return code

咱們能夠看到這裏報錯, 沒有返回對應的端口,說明就沒有啓動81端口,咱們須要的發現配置文件發送變化,就自動重啓。這裏咱們使用handler來實現

---
- hosts: monserver
  remote_user: root

  tasks:
    - name: install httpd package
      yum: name=httpd
    - name: copy conf file
      copy: src=files/httpd.conf dest=/etc/httpd/ backup=yes
      notify: restart service
    - name: start service
      service: name=httpd state=started enabled=yes

  handlers:
    - name: restart service
      service: name=httpd state=restarted

執行驗證:

$ ansible-playbook httpd.yaml

PLAY [monserver] ***************************************************************************************

TASK [Gathering Facts] *********************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.151]

▽
ok: [10.10.3.152]

TASK [install httpd package] ***************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [copy conf file] **********************************************************************************
changed: [10.10.3.152]
changed: [10.10.3.150]
changed: [10.10.3.151]

TASK [start service] ***********************************************************************************
ok: [10.10.3.152]
ok: [10.10.3.150]
ok: [10.10.3.151]

RUNNING HANDLER [restart service] **********************************************************************
changed: [10.10.3.152]
changed: [10.10.3.150]
changed: [10.10.3.151]

PLAY RECAP *********************************************************************************************
10.10.3.150                : ok=5    changed=2    unreachable=0    failed=0
10.10.3.151                : ok=5    changed=2    unreachable=0    failed=0
10.10.3.152                : ok=5    changed=2    unreachable=0    failed=0

$ ansible monserver -m shell -a "ss -ntlp | grep :81"
10.10.3.150 | CHANGED | rc=0 >>
LISTEN     0      128         :::81                      :::*                   users:(("httpd",pid=6255,fd=4),("httpd",pid=6254,fd=4),("httpd",pid=6253,fd=4),("httpd",pid=6252,fd=4),("httpd",pid=6251,fd=4),("httpd",pid=6250,fd=4))

10.10.3.151 | CHANGED | rc=0 >>
LISTEN     0      128         :::81                      :::*                   users:(("httpd",pid=21469,fd=4),("httpd",pid=21468,fd=4),("httpd",pid=21467,fd=4),("httpd",pid=21466,fd=4),("httpd",pid=21465,fd=4),("httpd",pid=21464,fd=4))

10.10.3.152 | CHANGED | rc=0 >>
LISTEN     0      128         :::81                      :::*                   users:(("httpd",pid=9087,fd=4),("httpd",pid=9086,fd=4),("httpd",pid=9085,fd=4),("httpd",pid=9084,fd=4),("httpd",pid=9083,fd=4),("httpd",pid=9082,fd=4))

 九、template模板

  • 文本文件
  • Jinjia2語言,有下面形式:
  1. 字符串:使用單引號或者雙引號
  2. 數字:整數,浮點數
  3. 列表:[item1,item2....]
  4. 元組:(item1,item2...)
  5. 字典:{key1:value1,key2:value2....}
  6. 布爾型:true/false
  • 算術運算:「+」,「-」,「*」,「/」,「//」,「%」,「**」
  • 比較操做:==,!=,>,>=,<,<=
  • 邏輯運算:and,or,not
  • 流表達式:For If When

簡單使用方法:

在當前目錄下建立templates目錄,下負責nginx的配置文件

建立一個playbook

---
- hosts: monserver
  remote_user: root

  tasks:
    - name: install nginx
      yum: name=nginx
    - name: copy template
      template: src=templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf
    - name: start nginx
      service: name=nginx state=started enabled=yes

執行:

ansible-playbook  temp.yaml

PLAY [monserver] **************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.151]
ok: [10.10.3.152]

TASK [install nginx] **********************************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

TASK [copy template] **********************************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [start nginx] ************************************************************************************************
changed: [10.10.3.152]
changed: [10.10.3.151]
changed: [10.10.3.150]

PLAY RECAP ********************************************************************************************************
10.10.3.150                : ok=4    changed=2    unreachable=0    failed=0
10.10.3.151                : ok=4    changed=2    unreachable=0    failed=0
10.10.3.152                : ok=4    changed=2    unreachable=0    failed=0

咱們使用系統變量修改nginx work進程數:

獲取變量的方法,咱們可使用 ansible monserver -m setup | grep "processor" 獲取CPU個數

修改nginx模板文件

$ vim templates/nginx.conf.j2
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes {{ ansible_processor_vcpus**2 }};
error_log /var/log/nginx/error.log;
.....

修改playbook使用handlers

---
- hosts: monserver
  remote_user: root

  tasks:
    - name: install nginx
      yum: name=nginx
    - name: copy template
      template: src=templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf
      notify: restart nginx
    - name: start nginx
      service: name=nginx state=started enabled=yes

  handlers:
    - name: restart nginx
      service: name=nginx state=restarted

執行:

ansible-playbook temp.yaml

PLAY [monserver] **************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.151]
ok: [10.10.3.152]

▽

TASK [install nginx] **********************************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.151]
ok: [10.10.3.152]

TASK [copy template] **********************************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

TASK [start nginx] ************************************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

RUNNING HANDLER [restart nginx] ***********************************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

PLAY RECAP ********************************************************************************************************
10.10.3.150                : ok=5    changed=2    unreachable=0    failed=0
10.10.3.151                : ok=5    changed=2    unreachable=0    failed=0
10.10.3.152                : ok=5    changed=2    unreachable=0    failed=0

驗證:

$ ansible monserver -m shell -a "ps -ef  | grep nginx "
10.10.3.151 | CHANGED | rc=0 >>
root     24713     1  0 14:40 ?        00:00:00 nginx: master process /usr/sbin/nginx
nginx    24714 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24715 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24716 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24717 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24718 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24719 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24720 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24721 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24722 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24723 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24724 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24725 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24726 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24727 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24728 24713  0 14:40 ?        00:00:00 nginx: worker process
nginx    24729 24713  0 14:40 ?        00:00:00 nginx: worker process
root     24850 24849  0 14:41 pts/0    00:00:00 /bin/sh -c ps -ef | grep nginx
root     24852 24850  0 14:41 pts/0    00:00:00 grep nginx

....

一樣也能夠引用主機清單、playbook等裏面的變量。

when用法

when 既中文含義是「當」,當怎麼怎麼就怎麼怎麼

當hostname=ceph-osd-1的時候安裝服務

---
- hosts: cephserver
  remote_user: root
  tasks:
    - name: install nginx
      when: ansible_hostname == "ceph-osd-1"
      yum: name=nginx
    - name: copy template
      when: ansible_hostname == "ceph-osd-1"
      template: src=templates/nginx.conf.j2 dest=/etc/nginx/nginx.conf
      notify: restart nginx
    - name: start nginx
      when: ansible_hostname == "ceph-osd-1"
      service: name=nginx state=started enabled=yes
  handlers:
    - name: restart nginx
      service: name=nginx state=restarted

 

迭代機制, with_items

---
- hosts: monserver
  remote_user: root

  tasks:
    - name: create some file
      file: name=/data/{{ item }} state=touch
      with_items:
        - file1
        - file2
        - file3
    - name: install spme packages
      yum: name= {{ item }}
      with_items:
        - htop
        - sl
        - hping3

執行:

ansible-playbook -C testitem.yaml

PLAY [monserver] **********************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.151]
ok: [10.10.3.152]

TASK [create some file] ***************************************************************************************************
ok: [10.10.3.150] => (item=file1)
ok: [10.10.3.152] => (item=file1)
ok: [10.10.3.151] => (item=file1)
ok: [10.10.3.150] => (item=file2)
ok: [10.10.3.152] => (item=file2)
ok: [10.10.3.151] => (item=file2)
ok: [10.10.3.150] => (item=file3)
ok: [10.10.3.152] => (item=file3)
ok: [10.10.3.151] => (item=file3)

TASK [install spme packages] **********************************************************************************************
ok: [10.10.3.152] => (item=htop)
ok: [10.10.3.150] => (item=htop)
ok: [10.10.3.151] => (item=htop)
ok: [10.10.3.152] => (item=sl)
ok: [10.10.3.150] => (item=sl)
ok: [10.10.3.151] => (item=sl)
ok: [10.10.3.152] => (item=hping3)
ok: [10.10.3.150] => (item=hping3)
ok: [10.10.3.151] => (item=hping3)

PLAY RECAP ****************************************************************************************************************
10.10.3.150                : ok=3    changed=0    unreachable=0    failed=0
10.10.3.151                : ok=3    changed=0    unreachable=0    failed=0
10.10.3.152                : ok=3    changed=0    unreachable=0    failed=0

[root@ceph-moni-0 ansible]# ansible-playbook testitem.yaml

PLAY [monserver] **********************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [create some file] ***************************************************************************************************
changed: [10.10.3.152] => (item=file1)
changed: [10.10.3.151] => (item=file1)

▽
changed: [10.10.3.150] => (item=file1)
changed: [10.10.3.150] => (item=file2)
changed: [10.10.3.152] => (item=file2)
changed: [10.10.3.151] => (item=file2)
changed: [10.10.3.150] => (item=file3)
changed: [10.10.3.152] => (item=file3)
changed: [10.10.3.151] => (item=file3)

TASK [install spme packages] **********************************************************************************************
ok: [10.10.3.152] => (item=htop)
ok: [10.10.3.151] => (item=htop)
ok: [10.10.3.150] => (item=htop)
ok: [10.10.3.151] => (item=sl)
ok: [10.10.3.152] => (item=sl)
ok: [10.10.3.150] => (item=sl)
ok: [10.10.3.151] => (item=hping3)
ok: [10.10.3.152] => (item=hping3)
ok: [10.10.3.150] => (item=hping3)

PLAY RECAP ****************************************************************************************************************
10.10.3.150                : ok=3    changed=1    unreachable=0    failed=0
10.10.3.151                : ok=3    changed=1    unreachable=0    failed=0
10.10.3.152                : ok=3    changed=1    unreachable=0    failed=0

驗證:

ansible  monserver  -m shell -a "ls /data"
10.10.3.150 | CHANGED | rc=0 >>
file1
file2
file3

10.10.3.152 | CHANGED | rc=0 >>
file1
file2
file3
newfile

10.10.3.151 | CHANGED | rc=0 >>
file1
file2
file3

迭代嵌套子變量,使用字典

---
- hosts: monserver
  remote_user: root

  tasks:
    - name: create some group
      group: name={{ item }}
      with_items:
        - g1
        - g2
        - g3
    - name: create some users
      user: name={{ item.name }} group={{ item.group }}
      with_items:
        - {name: 'user1',group: 'g1'}
        - {name: 'user2',group: 'g2'}
        - {name: 'user3',group: 'g3'}

執行:

$ ansible-playbook testitem2.yaml

PLAY [monserver] **********************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************
ok: [10.10.3.152]
ok: [10.10.3.150]
ok: [10.10.3.151]

TASK [create some group] **************************************************************************************************

▽
changed: [10.10.3.150] => (item=g1)
changed: [10.10.3.152] => (item=g1)
changed: [10.10.3.151] => (item=g1)
changed: [10.10.3.152] => (item=g2)
changed: [10.10.3.150] => (item=g2)
changed: [10.10.3.151] => (item=g2)
changed: [10.10.3.152] => (item=g3)
changed: [10.10.3.150] => (item=g3)
changed: [10.10.3.151] => (item=g3)

TASK [create some users] **************************************************************************************************
changed: [10.10.3.152] => (item={u'group': u'g1', u'name': u'user1'})
changed: [10.10.3.151] => (item={u'group': u'g1', u'name': u'user1'})
changed: [10.10.3.150] => (item={u'group': u'g1', u'name': u'user1'})
changed: [10.10.3.152] => (item={u'group': u'g2', u'name': u'user2'})
changed: [10.10.3.150] => (item={u'group': u'g2', u'name': u'user2'})
changed: [10.10.3.151] => (item={u'group': u'g2', u'name': u'user2'})
changed: [10.10.3.152] => (item={u'group': u'g3', u'name': u'user3'})
changed: [10.10.3.150] => (item={u'group': u'g3', u'name': u'user3'})
changed: [10.10.3.151] => (item={u'group': u'g3', u'name': u'user3'})

PLAY RECAP ****************************************************************************************************************
10.10.3.150                : ok=3    changed=2    unreachable=0    failed=0
10.10.3.151                : ok=3    changed=2    unreachable=0    failed=0
10.10.3.152                : ok=3    changed=2    unreachable=0    failed=0

for 循環在template模板中:

咱們建立一個變量字段

---
- hosts: monserver
  remote_user: root
  vars:
    ports:
      - web1:
        name: webhs1
        port: 81
        rootdir: /data/web1
      - web2:
        name: webhs2
        port: 82
        rootdir: /data/web2
      - web3:
        name: webhs3
        port: 83
        rootdir: /data/web3
  tasks:
    - name: copy conf
      template: src=for3.conf.j2 dest=/data/for1.conf

建立template模板配置文件

{% for p in ports %}
server{
   listen {{ p.port }}
   servername {{ p.name }}
   documentroot: {{ p.rootdir }}
}
{% endfor %}

執行:

ansible-playbook  for.yaml

PLAY [monserver] **********************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************
ok: [10.10.3.152]
ok: [10.10.3.150]
ok: [10.10.3.151]

TASK [copy conf] **********************************************************************************************************
changed: [10.10.3.152]
changed: [10.10.3.151]
changed: [10.10.3.150]

PLAY RECAP ****************************************************************************************************************
10.10.3.150                : ok=2    changed=1    unreachable=0    failed=0
10.10.3.151                : ok=2    changed=1    unreachable=0    failed=0
10.10.3.152                : ok=2    changed=1    unreachable=0    failed=0

循環嵌套if判斷

需求是,若是name有定義就添加這個配置,若是沒有就不添加,這裏咱們在前面定義的變量裏註釋兩個name

---
- hosts: monserver
  remote_user: root
  vars:
    ports:
      - web1:
  #      name: webhs1
        port: 81
        rootdir: /data/web1
      - web2:
  #      name: webhs2
        port: 82
        rootdir: /data/web2
      - web3:
        name: webhs3
        port: 83
        rootdir: /data/web3
  tasks:
    - name: copy conf
      template: src=for1.conf.j2 dest=/data/for3.conf

在template中增長判斷

{% for p in ports %}
server{
   listen {{ p.port }}
{% if p.name is defined %}
   servername {{ p.name }}
{% endif %}
   documentroot: {{ p.rootdir }}
}
{% endfor %}

執行:

ansible-playbook  for1.yaml

PLAY [monserver] **********************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [copy conf] **********************************************************************************************************
changed: [10.10.3.152]
changed: [10.10.3.151]
changed: [10.10.3.150]

PLAY RECAP ****************************************************************************************************************
10.10.3.150                : ok=2    changed=1    unreachable=0    failed=0
10.10.3.151                : ok=2    changed=1    unreachable=0    failed=0
10.10.3.152                : ok=2    changed=1    unreachable=0    failed=0

查看結果:

ansible monserver -m shell -a "cat /data/for3.conf  "
10.10.3.150 | CHANGED | rc=0 >>
server{
   listen 81
   documentroot: /data/web1
}
server{
   listen 82
   documentroot: /data/web2
}
server{
   listen 83
   servername webhs3
   documentroot: /data/web3
}
.......

 

Role

用於層次性,結構化地組織playbook,roles可以根據層次型結構自動裝載變量文件,tasks以及handlers等。要使用roles只須要在playbook中使用include指令便可。簡單講,roles就是經過將變量、文件、任務、模板及處理器放置於單獨的目錄裏。並能夠便捷的include他們的一種機制。角色通常用於基於主機構建服務的場景中,但也能夠是用於構建守護進程等場景中。

Role各目錄做用:

  • files/ 存放由copy和script模塊等調用文件
  • templates/ template模塊查找所須要的模板目錄
  • tasks/ 定義task,role的基本元素,至少應該包含一個名爲main.yaml的文件,其餘文件須要在此文件中經過include進行包含
  • handlers/ 至少包含一個名爲main.yaml的文件,其餘文件須要在此文件中經過include進行包含
  • vars/ 至少包含一個名爲main.yaml的文件,其餘文件須要在此文件中經過include進行包含
  • mete/ 定義當前角色的特殊設定及其依賴關係,至少包含一個名爲main.yaml的文件,其餘文件須要在此文件中經過include進行包含
  • default/ 設定默認變量時使用此目錄中的main.yaml文件

需求:

經過role安裝nginx,安裝nginx的步驟:

  1. 建立nginx用戶組,group:nginx
  2. 建立nginx用戶,user:nginx
  3. yum安裝nginx  yum:nginx
  4. 拷貝模板:template:nginx.conf.j2
  5. 啓動服務,service:nginx

咱們根據需求和上面的解釋,場景對應的目錄:

mkdir -p testroles/roles/nginx/{tasks,templates}

上面的一、二、3是tasks任務,因此咱們會再tasks目錄下一一建立

$ vim group.yaml
- name: create group
  group: name=nginx
$ vim user.yaml
- name: create user
  user: name=nginx group=nginx system=yes shell=/sbin/nologin
$ vim yum.yaml
- name: install package
  yum: name=nginx
$ vim start.yaml 
- name: start nginx
  service: name=nginx state=started
$ vim restart.yaml 
- name: restart nginx
  service: name=nginx state=restarted
$ vim temp.yaml
- name: copy config
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf

建立配置文件模板

$ vim ../templates/nginx.conf.j2

 For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes {{ ansible_processor_vcpus**2 }};
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
........

這裏咱們的配置文件準備完成了。接下來是關鍵是怎麼調用,這時候咱們須要一個總的tasks文件(main.yaml)。

$ vim roles/nginx/tasks/main.yaml
- include: group.yaml
- include: user.yaml
- include: yum.yaml
- include: temp.yaml
- include: start.yaml

這裏咱們在role目錄平級的目錄建立一個劇本,寫具體怎麼調用:

$ vim nginx-role.yaml

- hosts: monserver
  remote_user: root
  roles:
    - role: nginx

執行:

ansible-playbook -C  nginx-role.yaml

PLAY [monserver] *******************************************************************************

TASK [Gathering Facts] *************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.152]
ok: [10.10.3.151]

TASK [nginx : create group] ********************************************************************
changed: [10.10.3.152]
changed: [10.10.3.151]
changed: [10.10.3.150]

TASK [nginx : create user] *********************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

TASK [nginx : install package] *****************************************************************
changed: [10.10.3.151]
changed: [10.10.3.152]
changed: [10.10.3.150]

TASK [nginx : copy config] *********************************************************************
changed: [10.10.3.152]
changed: [10.10.3.151]
changed: [10.10.3.150]

TASK [nginx : start nginx] *********************************************************************
changed: [10.10.3.152]
changed: [10.10.3.151]
changed: [10.10.3.150]

PLAY RECAP *************************************************************************************
10.10.3.150                : ok=6    changed=5    unreachable=0    failed=0
10.10.3.151                : ok=6    changed=5    unreachable=0    failed=0
10.10.3.152                : ok=6    changed=5    unreachable=0    failed=0

[root@ceph-moni-0 testroles]# ansible-playbook  nginx-role.yaml

PLAY [monserver] *******************************************************************************

TASK [Gathering Facts] *************************************************************************
ok: [10.10.3.150]
ok: [10.10.3.151]
ok: [10.10.3.152]

TASK [nginx : create group] ********************************************************************
changed: [10.10.3.152]
changed: [10.10.3.150]
changed: [10.10.3.151]

TASK [nginx : create user] *********************************************************************
changed: [10.10.3.152]
changed: [10.10.3.150]
changed: [10.10.3.151]

TASK [nginx : install package] *****************************************************************
changed: [10.10.3.152]
changed: [10.10.3.150]
changed: [10.10.3.151]

TASK [nginx : copy config] *********************************************************************
changed: [10.10.3.150]
changed: [10.10.3.152]
changed: [10.10.3.151]

TASK [nginx : start nginx] *********************************************************************
changed: [10.10.3.152]
changed: [10.10.3.150]
changed: [10.10.3.151]

PLAY RECAP *************************************************************************************
10.10.3.150                : ok=6    changed=5    unreachable=0    failed=0
10.10.3.151                : ok=6    changed=5    unreachable=0    failed=0
10.10.3.152                : ok=6    changed=5    unreachable=0    failed=0
相關文章
相關標籤/搜索