json yaml playbook語法

Top

NSD ARCHITECTURE DAY02

1. 練習1：playbook練習
2. 案例2：變量練習
3. 案例3：handlers練習
4. 案例4：編寫playbook

1 練習1：playbook練習

1.1 問題

本案例要求：

• 安裝Apache並修改監聽端口爲8080
• 修改ServerName配置，執行apachectl -t命令不報錯
• 設置默認主頁hello world
• 啓動服務並設開機自啓

1.2 步驟

實現此案例須要按照以下步驟進行。

步驟一：playbook的ping腳本檢測

1. [root@ansible ansible]# vim ping.yml
2. ---
3. - hosts: all
4. remote_user: root
5. tasks:
6. - ping:
7. [root@ansible ansible]# ansible-playbook ping.yml //輸出結果
9. PLAY [all] *******************************************************************
11. TASK [Gathering Facts] *******************************************************
12. ok: [web1]
13. ok: [web2]
14. ok: [cache]
15. ok: [db1]
16. ok: [db2]
18. TASK [ping] ******************************************************************
19. ok: [db1]
20. ok: [web2]
21. ok: [cache]
22. ok: [web1]
23. ok: [db2]
25. PLAY RECAP *******************************************************************
26. cache : ok=2 changed=0 unreachable=0 failed=0
27. db1 : ok=2 changed=0 unreachable=0 failed=0
28. db2 : ok=2 changed=0 unreachable=0 failed=0
29. web1 : ok=2 changed=0 unreachable=0 failed=0
30. web2 : ok=2 changed=0 unreachable=0 failed=0

注意：若是檢測的時候出錯，會在當前的目錄生成一個新的文件（以.retry結尾），能夠去這個文件裏面看是哪一個主機的錯

步驟二：用playbook安裝Apache,修改端口，配置ServerName，修改主頁，設置開機自啓

1. [root@ansible ansible]# vim http.yml
3. ---
4. - hosts: cache
5. remote_user: root
6. tasks:
7. - name: install one specific version of Apache
8. yum:
9. name: httpd        //安裝Apache
10. state: installed
11. - lineinfile:
12. path: /etc/httpd/conf/httpd.conf
13. regexp: '^Listen '
14. line: 'Listen 8080'        //修改端口爲8080
15. - replace:
16. path: /etc/httpd/conf/httpd.conf
17. regexp: '^#(ServerName).*'        //配置ServerName
18. replace: '\1 localhost'
19. - service:
20. name: httpd
21. enabled: yes        //開機自啓
22. state: restarted
23. - copy:
24. src: /root/index.html        //修改主頁，能夠本身寫個頁面
25. dest: /var/www/html/index.html
27. [root@ansible ansible]# curl 192.168.1.56:8080
28. hello world
29. [root@ansible ansible]# ssh cache
30. Last login: Fri Sep 7 09:32:05 2018 from 192.168.1.51
31. [root@cache ~]# apachectl -t
32. Syntax OK

2 案例2：變量練習

2.1 問題

本案例要求熟悉playbook進階：

• 練習使用user模塊添加用戶
• 練習使用變量簡化task，讓play通用性更強
• 練習使用過濾器

2.2 步驟

實現此案例須要按照以下步驟進行。

步驟一：使用user模塊添加用戶，並修改密碼

1. [root@ansible ansible]# vim user.yml
2. ---
3. - hosts: cache
4. remote_user: root
5. vars:
6. username: xiaoming
7. tasks:
8. - name: create user "{{username}}"
9. user: group=wheel uid=1000 name={{username}}
10. - shell: echo 123456 | passwd --stdin xiaoming
11. - shell: chage -d 0 {{username}}
12. [root@ansible ansible]# ansible-playbook user.yml //執行結果
14. PLAY [cache] ******************************************************************
16. TASK [Gathering Facts] ********************************************************
17. ok: [cache]
19. TASK [create user " xiaoming "] ***********************************************
20. changed: [cache]
22. TASK [command] ****************************************************************
23. changed: [cache]
25. TASK [command] ****************************************************************
26. changed: [cache]
28. PLAY RECAP ********************************************************************
29. cache : ok=4 changed=3 unreachable=0 failed=0

步驟二：變量過濾器，建立一個用戶，設置密碼

1. [root@ansible ansible]# vim user1.yml
2. ---
3. - hosts: cache
4. remote_user: root
5. tasks:
6. - user:
7. name: lisi
8. group: root
9. password: "{{'123456' | password_hash('sha512')}}"
10. - shell: chage -d 0 lisi
11. [root@ansible ansible]# ansible-playbook user1.yml
13. PLAY [cache] ******************************************************************
15. TASK [Gathering Facts] ********************************************************
16. ok: [cache]
18. TASK [user] *******************************************************************
19. changed: [cache]
21. TASK [command] ****************************************************************
22. changed: [cache]
24. PLAY RECAP ********************************************************************
25. cache : ok=3 changed=2 unreachable=0 failed=0

步驟三：定義一個變量建立用戶

1. [root@ansible ansible]# vim user2.yml
3. ---
4. - hosts: cache
5. remote_user: root
6. vars:
7. user: zhangs
8. tasks:
9. - user:
10. name: "{{user}}"
11. group: root
12. password: "{{'123456' | password_hash('sha512')}}"
13. - shell: chage -d 0 "{{user}}"
14. [root@ansible ansible]# ansible-playbook user2.yml
15. PLAY [cache] ******************************************************************
17. TASK [Gathering Facts] ********************************************************
18. ok: [cache]
20. TASK [user] *******************************************************************
21. changed: [cache]
23. TASK [command] ****************************************************************
24. changed: [cache]
26. PLAY RECAP ********************************************************************
27. cache : ok=3 changed=2 unreachable=0 failed=0

3 案例3：handlers練習

3.1 問題

本案例要求：

• 安裝Apache軟件
• 配置文件，從新載入配置文件讓服務生效
• 使用handlers來實現

3.2 步驟

實現此案例須要按照以下步驟進行。

步驟一：error

playbook從上往下順序執行，若報錯，後面的命令不會在執行，若想解決有兩種方法：

1）當返回值爲假時，顯示true： - shell: setenforce 0 || true

1. [root@ansible ansible]# vim user5.yml
2. ---
3. - hosts: cache
4. remote_user: root
5. vars:
6. user: bb
7. tasks:
8. - shell: setenforce 0 || true
9. - user:
10. name: "{{user}}"
11. group: root
12. password: "{{'123456' | password_hash('sha512')}}"
13. - shell: chage -d 0 "{{user}}"
15. [root@ansible ansible]# ansible-playbook user5.yml
17. PLAY [cache] ******************************************************************
19. TASK [Gathering Facts] ********************************************************
20. ok: [cache]
22. TASK [command] ****************************************************************
23. changed: [cache]
25. TASK [user] *******************************************************************
26. changed: [cache]
28. TASK [command] ****************************************************************
29. changed: [cache]
31. PLAY RECAP ********************************************************************
32. cache : ok=4 changed=3 unreachable=0 failed=0

二、忽略：ignoring_errors: True(推薦使用這個，會有報錯信息，告訴你錯誤忽略，繼續執行下面的命令)

1. [root@ansible ansible]# vim user6.yml
2. ---
3. - hosts: cache
4. remote_user: root
5. vars:
6. user: bb
7. tasks:
8. - shell: setenforce 0
9. ignore_errors: True
10. - user:
11. name: "{{user}}"
12. group: root
13. password: "{{'123456' | password_hash('sha512')}}"
14. - shell: chage -d 0 "{{user}}"
16. [root@ansible ansible]# ansible-playbook user6.yml
18. PLAY [cache] ******************************************************************
20. TASK [Gathering Facts] ********************************************************
21. ok: [cache]
23. TASK [command] ****************************************************************
24. fatal: [cache]: FAILED! => {"changed": true, "cmd": "setenforce 0", "delta": "0:00:00.004198", "end": "2018-09-07 11:08:14.936959", "msg": "non-zero return code", "rc": 1, "start": "2018-09-07 11:08:14.932761", "stderr": "setenforce: SELinux is disabled", "stderr_lines": ["setenforce: SELinux is disabled"], "stdout": "", "stdout_lines": []}
25. ...ignoring
27. TASK [user] *******************************************************************
28. changed: [cache]
30. TASK [command] ****************************************************************
31. changed: [cache]
33. PLAY RECAP ********************************************************************
34. cache : ok=4 changed=3 unreachable=0 failed=0

步驟二： handlers

關注的資源發生變化時採起的操做

1) 使用handlers來配置文件，從新載入配置文件讓服務生效

1. [root@ansible ansible]# vim adhttp.yml
2. ---
3. - hosts: cache
4. remote_user: root
5. tasks:
6. - copy:
7. src: /root/httpd.conf
8. dest: /etc/httpd/conf/httpd.conf
9. owner: root
10. group: root
11. mode: 0644
12. notify:
13. - restart httpd
14. handlers:
15. - name: restart httpd
16. service: name=httpd state=restarted
18. [root@ansible ansible]# ansible-playbook adhttp.yml
20. PLAY [cache] ******************************************************************
22. TASK [Gathering Facts] ********************************************************
23. ok: [cache]
25. TASK [copy] *******************************************************************
26. ok: [cache]
28. PLAY RECAP ********************************************************************
29. cache : ok=2 changed=0 unreachable=0 failed=0
31. [root@ansible ansible]# ssh cache apachectl -t
32. Syntax OK
33. [root@ansible ansible]# curl 192.168.1.56:8080
34. hello world

2）使用腳本調用變量更改服務

1. [root@ansible ansible]# vim adhttp2.yml
2. ---
3. - hosts: cache
4. remote_user: root
5. vars:
6. server: httpd
7. tasks:
8. - copy:
9. src: /root/httpd.conf
10. dest: /etc/httpd/conf/httpd.conf
11. owner: root
12. group: root
13. mode: 0644
14. notify:
15. - restart "{{server}}"
16. handlers:
17. - name: restart "{{server}}"
18. service: name=httpd state=restarted
19. [root@ansible ansible]# ansible-playbook adhttp2.yml
21. PLAY [cache] ************************************************************************************************************
23. TASK [Gathering Facts] **************************************************************************************************
24. ok: [cache]
26. TASK [copy] *************************************************************************************************************
27. ok: [cache]
29. PLAY RECAP **************************************************************************************************************
30. cache : ok=2 changed=0 unreachable=0 failed=0
32. [root@ansible ansible]#

4 案例4：編寫playbook

4.1 問題

本案例要求：

• 把全部監聽端口是8080的Apache服務所有中止

4.2 步驟

實現此案例須要按照以下步驟進行。

步驟一：把監聽端口是8080的Apache服務所有中止

1. [root@ansible ansible]# vim ad.yml
2. ---
3. - hosts: cache
4. remote_user: root
5. tasks:
6. - shell: netstat -atunlp | awk '{print $4}'| awk '-F:' '{print $2}'
7. register: result
8. - service:
9. name: httpd
10. state: stopped
11. [root@ansible ansible]# ansible-playbook ad.yml
13. PLAY [cache] ************************************************************************************************************
15. TASK [Gathering Facts] **************************************************************************************************
16. ok: [cache]
18. TASK [command] **********************************************************************************************************
19. changed: [cache]
21. TASK [service] **********************************************************************************************************
22. changed: [cache]
24. PLAY RECAP **************************************************************************************************************
25. cache : ok=3 changed=2 unreachable=0 failed=0

步驟二：when條件判斷

1）當系統負載超過0.7時，則關掉httpd

1. [root@ansible ansible]# vim when.yml
2. ---
3. - hosts: cache
4. remote_user: root
5. tasks:
6. - shell: uptime | awk '{printf("%.2f",$(NF-2))}'
7. register: result
8. - service:
9. name: httpd
10. state: stopped
11. when: result.stdout|float > 0.7
13. [root@ansible ansible]# ansible-playbook when.yml
15. PLAY [cache] ************************************************************************************************************
17. TASK [Gathering Facts] **************************************************************************************************
18. ok: [cache]
20. TASK [command] **********************************************************************************************************
21. changed: [cache]
23. TASK [service] **********************************************************************************************************
24. changed: [cache]
26. PLAY RECAP **************************************************************************************************************
27. cache : ok=3 changed=2 unreachable=0 failed=0

步驟三：with_items標準循環

1）爲不一樣用戶定義不一樣組

1. [root@ansible ansible]# vim add.yml
3. ---
4. - hosts: web2
5. remote_user: root
6. tasks:
7. - user:
8. name: "{{item.name}}"
9. group: "{{item.group}}"
10. password: "{{'123456'|password_hash('sha512')}}"
11. with_items:
12. - {name: "aa", group: "users"}
13. - {name: "bb", group: "mail" }
14. - {name: "cc", group: "wheel"}
15. - {name: "dd", group: "root" }
16. [root@ansible ansible]# ansible-playbook add.yml
18. PLAY [web2] *************************************************************************************************************
20. TASK [Gathering Facts] **************************************************************************************************
21. ok: [web2]
23. TASK [user] *************************************************************************************************************
24. changed: [web2] => (item={u'group': u'users', u'name': u'aa'})
25. changed: [web2] => (item={u'group': u'mail', u'name': u'bb'})
26. changed: [web2] => (item={u'group': u'wheel', u'name': u'cc'})
27. changed: [web2] => (item={u'group': u'root', u'name': u'dd'})
29. PLAY RECAP **************************************************************************************************************
30. web2 : ok=2 changed=1 unreachable=0 failed=0

2）嵌套循環，循環添加多用戶

1. [root@ansible ansible]# vim add1.yml
2. ---
3. - hosts: web2
4. remote_user: root
5. vars:
6. un: [a, b, c]
7. id: [1, 2, 3]
8. tasks:
9. - name: add users
10. shell: echo {{item}}
11. with_nested:
12. - "{{un}}"
13. - "{{id}}"
15. [root@ansible ansible]# ansible-playbook add1.yml
17. PLAY [web2] *************************************************************************************************************
19. TASK [Gathering Facts] **************************************************************************************************
20. ok: [web2]
22. TASK [add users] ********************************************************************************************************
23. changed: [web2] => (item=[u'a', 1])
24. changed: [web2] => (item=[u'a', 2])
25. changed: [web2] => (item=[u'a', 3])
26. changed: [web2] => (item=[u'b', 1])
27. changed: [web2] => (item=[u'b', 2])
28. changed: [web2] => (item=[u'b', 3])
29. changed: [web2] => (item=[u'c', 1])
30. changed: [web2] => (item=[u'c', 2])
31. changed: [web2] => (item=[u'c', 3])
33. PLAY RECAP **************************************************************************************************************
34. web2 : ok=2 changed=1 unreachable=0 failed=0

步驟四：tags給指定的任務定義一個調用標識

1）tags 樣例

1. [root@ansible ansible]# vim adhttp.yml
2. ---
3. - hosts: cache
4. remote_user: root
5. tasks:
6. - copy:
7. src: /root/httpd.conf
8. dest: /etc/httpd/conf/httpd.conf
9. owner: root
10. group: root
11. mode: 0644
12. tags: config_httpd
13. notify:
14. - restart httpd
15. handlers:
16. - name: restart httpd
17. service: name=httpd state=restarted

2）調用方式

1. [root@ansible ansible]# ansible-playbook adhttp.yml --tags=config_httpd
3. PLAY [cache] *****************************************************************
5. TASK [Gathering Facts] *******************************************************
6. ok: [cache]
8. TASK [copy] ******************************************************************
9. ok: [cache]
11. PLAY RECAP *******************************************************************
12. cache : ok=2 changed=0 unreachable=0 failed=0

3）include and roles

在編寫playbook的時候隨着項目愈來愈大，playbook愈來愈複雜。能夠把一些play、task 或 handler放到其餘文件中，經過包含進來是一個不錯的選擇

roles像是增強版的include，它能夠引入一個項目的文件和目錄

通常所需的目錄層級有

vars：變量層

tasks：任務層

handlers：觸發條件

files：文件

template：模板

default：默認，優先級最低

1. ...
2. tasks:
3. - include: tasks/setup.yml
4. - include: tasks/users.yml user=plj
5. //users.yml 中能夠經過{{ user }}來使用這些變量
6. handlers:
7. - include: handlers/handlers.yml

步驟五：debug檢測

1. [root@ansible ansible]# ansible-playbook --syntax-check http.yml //檢測語法
3. playbook: http.yml
4. [root@ansible ansible]# ansible-playbook -C http.yml //測試運行
6. [root@ansible ansible]# ansible-playbook http.yml --list-tasks
7. //顯示要執行的工做
9. playbook: http.yml
11. play #1 (cache): cache    TAGS: []
12. tasks:
13. install one specific version of Apache    TAGS: []
14. lineinfile    TAGS: []
15. replace    TAGS: []
16. service    TAGS: []
17. copy    TAGS: []
20. [root@ansible ansible]# vim debug.yml
21. ---
22. - hosts: cache
23. remote_user: root
24. tasks:
25. - shell: uptime |awk '{printf("%f\n",$(NF-2))}'
26. register: result
27. - shell: touch /tmp/isreboot
28. when: result.stdout|float > 0.5
29. - name: Show debug info
30. debug: var=result
32. [root@ansible ansible]# ansible-playbook debug.yml         //運行
34. PLAY [cache] ************************************************************************************************************
36. TASK [Gathering Facts] **************************************************************************************************
37. ok: [cache]
39. TASK [command] **********************************************************************************************************
40. changed: [cache]
42. TASK [command] **********************************************************************************************************
43. skipping: [cache]
45. TASK [Show debug info] **************************************************************************************************
46. ok: [cache] => {
47. "result": {
48. "changed": true,
49. "cmd": "uptime |awk '{printf(\"%f\\n\",$(NF-2))}'",
50. "delta": "0:00:00.005905",
51. "end": "2018-09-07 12:57:51.371013",
52. "failed": false,
53. "rc": 0,
54. "start": "2018-09-07 12:57:51.365108",
55. "stderr": "",
56. "stderr_lines": [],
57. "stdout": "0.000000",
58. "stdout_lines": [
59. "0.000000"
60. ]
61. }
62. }
64. PLAY RECAP **************************************************************************************************************
65. cache : ok=3 changed=1 unreachable=0 failed=0