Ansible
1、學習資源
https://www.jianshu.com/p/575ced3a08fa http://www.ansible.com.cn/index.html http://docs.ansible.com/
2、ansible命令的相關用法
指定test組使用shell模塊執行uname -m命令 ansible -i /etc/ansible/hosts test -m shell -a 'uname -m' 本地執行date命令,默認模塊command ansible 127.0.0.1 -a 'date' 指定全部主機執行date ansible all -a 'date' 指定全部主機執行date,並輸入密碼 ansible -i /etc/ansible/hosts -a 'date' -k 查看全部的模塊 ansible-doc -a 查看copy模塊的用法 ansible-doc -s copy ansible-doc -s docker 查看docker的模塊 ansible-doc -l |grep docker 查看命令運行的詳細信息,有助於排錯 ansible -i /etc/ansible/hosts test -m shell -a 'uname -m' -vvv
使用命令行的方式放到後臺運行php
放到後臺去運行,而後查詢ID,查看有沒有跑完
[root@master ~]# ansible all -m ping -B 3600 -P 0
192.168.222.147 | SUCCESS => {
"ansible_job_id": "678581125189.1288",
"changed": true,
"finished": 0,
"results_file": "/root/.ansible_async/678581125189.1288",
"started": 1
}
192.168.222.146 | SUCCESS => {
"ansible_job_id": "36685447786.3154",
"changed": true,
"finished": 0,
"results_file": "/root/.ansible_async/36685447786.3154",
"started": 1
}
[root@master ~]# ansible all -m async_status -a 'jid=678581125189.1288'
192.168.222.147 | SUCCESS => {
"ansible_job_id": "678581125189.1288",
"changed": false,
"finished": 1,
"ping": "pong"
}
192.168.222.146 | FAILED! => {
"ansible_job_id": "678581125189.1288",
"changed": false,
"finished": 1,
"msg": "could not find job",
"started": 1
}
3、playbookhtml
3.1)node
若是你不須要獲取被控機器的 fact 數據的話,你能夠關閉獲取 fact 數據功能。關閉以後,能夠加快 ansible-playbook 的執行效率,尤爲是你管理很大量的機器時,這很是明顯。關閉獲取 facts 很簡單,只須要在 playbook 文件中加上「gather_facts: no」。python
---
- hosts: webservers
vars:
http_port: 80
max_clients: 200
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: pkg=httpd state=latest
- name: write the apache config file
template: src=/srv/httpd.j2 dest=/etc/httpd.conf
notify:
- restart apache
- name: ensure apache is running
service: name=httpd state=started
handlers:
- name: restart apache
service: name=httpd state=restarted
3.2)幾種變量的使用方式mysql
一、在hosts裏面自定義變量
在hosts裏面的主機組裏面,添加key
[test]
192.168.222.146
192.168.222.147
[test:vars]
key=nima
用debug輸出
---
- hosts: all
gather_facts: no
tasks:
- name: display var
debug: msg="{{key}}"
二、在playbook中定義變量,這個高於上面的優先級
---
- hosts: all
gather_facts: no
vars:
key: heihei
tasks:
- name: display var
debug: msg="{{key}}"
---
- hosts: all
gather_facts: no
vars:
key: heihei
ji: hermes
tasks:
- name: display var
debug: msg="{{key}}---{{ji}}"
三、經過文件定義變量var.yml
[root@master playbook]# cat var.yml
---
key3: weiwei
[root@master playbook]# cat var.yml
---
key3: weiwei
[root@master playbook]# cat test.yml
---
- hosts: all
gather_facts: no
vars_files:
- /etc/ansible/playbook/var.yml
tasks:
- name: display var
debug: msg="{{key3}}"
四、從命令行引入變量,內部須要先定義變量,這個優先級最高
ansible-playbook test.yml -e "key3=ni"
五、任務中傳遞的變量
[root@master playbook]# cat test.yml
---
- hosts: all
gather_facts: no
tasks:
- name: register var
shell: hostname
register: info //將處理的字典返回給info
- name: display var
debug: msg="{{info}}" //由於是Python寫的,因此能夠根據鍵得到值debug: msg="{{info.stdout}}"
3.3)playbook幾種循環方式nginx
六、循環列表
---
- hosts: all
gather_facts: no
tasks:
- name: debug loops
debug: msg="{{item}}"
with_items:
- one
- two
- three
- four
例如
---
- hosts: all
gather_facts: no
tasks:
- name: install
yum: name="{{item}}" state=present
with_items:
- nginx
- mysql
- php
- zabbix
七、循環字典
---
- hosts: all
tasks:
- name: dict
debug: msg="name--->{{item.key}}value--->{{item.value}}"
with_items:
- {key: "one",value: "va1"}
- {key: "two",value: "va2"}
八、嵌套循環
[root@master playbook]# cat qiantao.yml
---
- hosts: all
tasks:
- name: debug loops
debug: msg="name--->{{item[0]}} value--->{{item[1]}}"
with_nested:
- ['a','b']
- ['c','d','e']
九、散列循環,對於自定義的變量循環
---
- hosts: all
gather_facts: no
vars:
user:
shan:
name: shan
shell: bash
heihei:
name: heihei
shell: jjj
tasks:
- name: loop
debug: msg="{{item.key}}"
with_dict: "{{user}}"
十、文件循環
---
- hosts: all
tasks:
# first ensure our target directory exists
- file: dest=/etc/fooapp state=directory
# copy each file over that matches the given pattern
- copy: src={{ item }} dest=/etc/fooapp/ owner=root mode=600
with_fileglob:
- /playbooks/files/fooapp/*
十一、達到某條件終止循環
- shell: /usr/bin/foo
register: result
until: result.stdout.find("all systems go") != -1
retries: 5
delay: 10
[root@master playbook]# cat heihei.yml
---
- hosts: all
gather_facts: no
tasks:
- name: os
shell: /bin/uname -m
register: result
until: result.stdout == "i686"
retries: 3
delay: 5
3.4)條件判斷when,when result|skipped這種方式是jinjia2的方式,result是執行命令的返回字典,當skipped爲true的時候,當前task執行。web
十二、條件判斷 when
tasks:
- command: /bin/false
register: result
ignore_errors: True
- command: /bin/something
when: result|failed
- command: /bin/something_else
when: result|success
- command: /bin/still/something_else
when: result|skipped
---
- hosts: all
tasks:
- name: redhat install nginx
yum: name=nginx.i686 state=present
when: ansible_os_family == "RedHat"
- name: restart nginx
shell: /etc/init.d/nginx reload
when: ansible_os_family == "RedHat"
3.5)jinjia2過濾器redis
---
- hosts: all
gather_facts: no
vars:
list: [1,2,3,4]
one: "1"
str: "string"
ansible: "hermes"
tasks:
- name: print str
debug: msg="{{str}}"
- name: run commands
shell: df -h
register: info
- name: pprint info
debug: msg="{{info.stdout|pprint}}"
- name: info
debug: msg="{{info}}"
- name: debug conditionals filter
debug: msg="the run commands status is changed"
when: info|changed
- name: debug int caplitailize filter
debug: msg="the int value is===>{{one|int}} the lower value is===>{{str|capitalize}}"
- name: debug default filter
debug: msg="the variable value is===>{{ansible|default('ansible is not define')}}"
- name: debug list max and min filter
debug: msg="the list max value is==={{list|max}} and list min value is===>{{list|min}}"
- name: debug random filter
debug: msg="the list random value is {{list|random}} {{1000|random(1,10)}}"
- name: debug join
debug: msg="the top filter value is {{list|join("+")}}"
- name: debug replace
debug: msg="the replace value is {{str|replace("t","T")}}"
- name: debug regex_replace
debug: msg="the regex_replace value is {{str|regex_replace('.*tr(.*)$','weiwei')}}"
3.6)jinjia2語法邏輯控制,,須要使用template模塊。sql
[root@master playbook]# cat f2.j2
{% set list=['one','two','three'] %}
{% for i in list %}
{{i}}
{% endfor%}
{% set list1=['one','two','three'] %}
{% for i in list1 %}
{% if i == 'one' %}
===>{{i}}
{% elif loop.index ==2 %}
===>{{i}}
{% else %}
===>{{i}}
{% endif %}
{% endfor %}
{% set dict={'key':'value'}%}
{% for key,value in dict.iteritems()%}
{{key}}===>{{value}}
{% endfor %}
{% set dict1={'key1':{'key2':'vlan'}}%}
{{dict1['key1']['key2']}}
[root@master playbook]# cat jinjia2.yml
---
- hosts: all
gather_facts: no
tasks:
- name: template
template: src=/etc/ansible/playbook/f2.j2 dest=/tmp/f2
4、Playbook的標準目錄結構,標準很重要。docker
production # inventory file for production servers 關於生產環境服務器的清單文件
stage # inventory file for stage environment 關於 stage 環境的清單文件
group_vars/
group1 # here we assign variables to particular groups 這裏咱們給特定的組賦值
group2 # ""
host_vars/
hostname1 # if systems need specific variables, put them here 若是系統須要特定的變量,把它們放置在這裏.
hostname2 # ""
library/ # if any custom modules, put them here (optional) 若是有自定義的模塊,放在這裏(可選)
filter_plugins/ # if any custom filter plugins, put them here (optional) 若是有自定義的過濾插件,放在這裏(可選)
site.yml # master playbook 主 playbook
webservers.yml # playbook for webserver tier Web 服務器的 playbook
dbservers.yml # playbook for dbserver tier 數據庫服務器的 playbook
roles/
common/ # this hierarchy represents a "role" 這裏的結構表明了一個 "role"
tasks/ #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- variables associated with this role
defaults/ #
main.yml # <-- default lower priority variables for this role
meta/ #
main.yml # <-- role dependencies
webtier/ # same kind of structure as "common" was above, done for the webtier role
monitoring/ # ""
fooapp/ # ""
5、接着是一個haproxy+lnmp的案例Playbook,經過角色來配置,內容很糙,學習階段使用挺好。
5.1)目錄結構
[root@master ansible]# tree . . ├── all ├── ansible.cfg ├── group_vars │ ├── haproxy │ ├── mysql │ └── nginx ├── hosts ├── roles │ ├── base │ │ ├── files │ │ │ └── CentOS-Base.repo │ │ └── tasks │ │ └── main.yml │ ├── haproxy │ │ ├── tasks │ │ │ └── main.yml │ │ └── templates │ │ └── haproxy.cfg.j2 │ ├── mysql │ │ └── tasks │ │ └── main.yml │ └── nginx │ ├── tasks │ │ └── main.yml │ └── templates │ └── index.htm.j2 └── site.yml
5.2)主機配置
[nginx] 192.168.222.147 [haproxy] 192.168.222.146
5.3)全部的變量配置跟入口文件site.yml在同一個層級
[root@master ansible]# for i in `ls group_vars`;do echo $i;cat group_vars/$i;done haproxy --- mode: http balance: roundrobin mysql --- user: ansible password: ansible database: ansible nginx --- nginx: nginx-1.12.2.tar.gz php: php-7.1.12.tar.gz
5.4)入口文件site.yml
[root@master ansible]# cat site.yml --- - name: replace yum hosts: all roles: - base - name: install nginx hosts: nginx roles: - nginx - name: install mysql hosts: nginx roles: - mysql - name: install haproxy hosts: haproxy roles: - haproxy
5.5)base角色,用來同步被控制機的yum源於控制機一致。
[root@master base]# tree .
.
├── files
│ └── CentOS-Base.repo
└── tasks
└── main.yml
[root@master tasks]# cat main.yml
---
- copy: src=CentOS-Base.repo dest=/etc/yum.repos.d/CentOS-Base.repo
5.6)nginx角色
[root@master nginx]# tree .
.
├── tasks
│ └── main.yml
└── templates
└── index.htm.j2
[root@master tasks]# cat main.yml
---
- yum: name=libtool-libs state=present
- shell: mkdir -p /usr/local/services
- shell: mkdir /data/soft -p
- copy: src=/data/{{nginx}}.rpm dest=/data/soft/{{nginx}}.rpm
- copy: src=/data/{{php}}.rpm dest=/data/soft/{{php}}.rpm
- shell: rpm -qa|grep {{nginx}} || rpm -ivh /data/soft/{{nginx}}
- shell: rpm -qa|grep {{php}} || rpm -ivh /data/soft/{{php}}
- shell: chdir=/usr/local/servers/ test -d nginx
- shell: chdir=/usr/local/servers/ test -d php
- shell: netstat -tnlp|grep nginx || /sbin/service nginx start
- template: src=index.htm.j2 dest=/data/htdocs/www/index.htm
[root@master templates]# cat index.htm.j2
{{ ansible_default_ipv4.address}}
5.7)mysql角色
[root@master tasks]# cat main.yml
---
- name: install mysql-server
yum: name={{item}} state=installed
with_items:
- mysql-server
- mysql-python
- name: start msyql
service: name=mysqld state=started enabled=yes
- name: create database
mysql_db: name={{database}} state=present
- name: create user
mysql_user: name={{user}} password={{password}} priv={{database}}.*:ALL host='%' state=present
5.8)haproxy角色
[root@master haproxy]# tree .
.
├── tasks
│ └── main.yml
└── templates
└── haproxy.cfg.j2
[root@master tasks]# cat main.yml
---
- name: install haproxy
yum: name={{item}} state=present
with_items:
- haproxy
- name: copyhaproxy.conf
template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg owner=root group=root mode=644
- name: start haproxy
service: name=haproxy state=started enabled=yes
[root@master templates]# cat haproxy.cfg.j2
global
log 127.0.0.1 local0 info
log 127.0.0.1 local1 warning
maxconn 4096
chroot /usr/local/haproxy #改變當前的工做目錄
pidfile /usr/local/haproxy/conf/haproxy.pid
user root
group root
daemon
stats socket /var/run/haproxy.sock mode 600 level admin
stats timeout 2m
defaults
log global
mode {{mode}}
option http-keep-alive
option httplog
option dontlognull
retries 3
maxconn 2000
timeout connect 5000ms #??server???5s
timeout client 50000ms #???????50s
timeout server 50000ms #server?????50s
frontend ansible
bind {{ansible_default_ipv4.address}}:80
mode {{mode}}
#option httplog
log global
default_backend nginx
backend nginx
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance {{balance}}
#server web-node1 192.168.222.147:8080 check source 192.168.222.140:1025-65000 inter 2000 rise 30 fall 15
{% for host in groups['nginx'] %} #循環的NGINX組
server {{hostvars[host].get('ansible_hostname')}} {{hostvars[host].get('inventory_hostname')}}:80 check inter 3000 rise 3 fall 2
{% endfor %}
6、ansible優化執行速度,標準化,能夠參考以下連接,我寫的也很糙,時間很少。
https://blog.csdn.net/felix_yujing/article/details/76796522
一、開啓ssh長鏈接 在openssh5.6之後的版本就能夠支持multiplexing,,,不用管被管理端,只要改管理端 [root@master ansible]# ssh -v vim ansible.cfg ssh_args = -C -o ControlMaster=auto -o ControlPersist=5d 二、開啓pipelining 將操做變成命令給遠端去執行,而不是變成文件到遠端去執行。,,可是這個須要在被管理端進行一些配置修改 # Enabling pipelining reduces the number of SSH operations required to # execute a module on the remote server. This can result in a significant # performance improvement when enabled, however when using "sudo:" you must # first disable 'requiretty' in /etc/sudoers # # By default, this option is disabled to preserve compatibility with # sudoers configurations that have requiretty (the default on many distros). # #pipelining = False pipelining = True 三、開啓accelerate模式,依賴ansible中的長鏈接,開啓這個須要在管理端和被管理端安裝python-keyczar [accelerate] accelerate_port = 5099 accelerate_timeout = 30 accelerate_connect_timeout = 5.0 四、設置facts緩存 gathering = smart fact_caching_timeout = 86400 fact_caching_connection = /dev/shm/ansible_fact_cache ansible還支持把數據放到redis裏面,讀取速度更快 gathering = smart fact_caching_timeout = 86400 fact_caching = reids
相關文章
- 1. Ansible--初始ansible
- 2. Ansible--Ansible之Playbook
- 3. Ansible--Ansible之Roles
- 4. [ansible] Ansible Inventory Manager
- 5. Ansible之ansible-playbook roles
- 6. Ansible 一: 配置ansible
- 7. ansible
- 8. Ansible
- 更多相關文章...
- • NewSQL-TiDB相關
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
