Ansible中的任务执行控制
实验环境
新建3个虚拟机
ip设定同网段的比如172.25.254.70 71 72 73
virt-mananger 关闭所有虚拟机,并改虚拟机abc内存为768M
在控制机现在ansible的源教程在ansible第一章有教程
控制机:
useradd devops
su - devops
cd ansible/
cp /etc/ansible/ansible.cfg .
ls
vim ansible.cfg
///
inventory = ~/ansible/inventory
#roles_path = /etc/ansible/roles
host_key_checking = False
remote_user = devops
module_name = shell
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
///
vim inventory
///
[westos]
172.25.254.71 ##westosa
172.25.254.72 ##westosb
172.25.254.73 ##westosc
devops用户下
cd ansible
ssh-keygen
for i in 10 20 30
>do
>ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.25.14.$i
>done
openssl passwd -6 ##生成密钥
ansible all -m user -a 'name=devops state=present password="密钥"' -u root
for i in 10 20 30; do ssh-copy-id -i ~/.ssh/id_rsa.pub devops@172.25.14.$i; done
ansible all -m lineinfile -a 'path=/etc/sudoers line="devops ALL=(ALL) NOPASSWD: ALL"' -u root
ansible all -m shell -a 'tail -n 3 /etc/sudoers'
ansible all -m ping
一.循环
1.循环
#1.简单循环
loop: ##赋值列表
- value1
- value2
- ...
{{item}} ##迭代变量名称
#实例#
---
- name: create file
hosts: 172.25.0.254
tasks:
- name: file module
file:
name: /mnt/{{item}}
state: present
loop:
- westos_file1
- westos_file2
实验:
vim user.yml
///
---
- name: create user
hosts: westos
tasks:
- name: westos
user:
name: "{{ item }}"
state: present
loop:
- westos1
- westos2
- westos3
///
ansible-playbook user.yml
或者
vim user_list.yml
///
---
USERS:
- westos1
- westos2
- westos3
///
vim user.yml
///
---
- name: create user
hosts: westos
vars_files:
- ./user_list.yml
tasks:
- name: westos
user:
name: "{{ item }}"
state: present
loop:
"{{ USERS }}"
///
2.循环散列或字典列表
---
- name: create file
hosts: 172.25.0.254
tasks:
- name: file module
service:
name: "{{ item.name}}"
state: "{{ item.state }}"
loop:
- name: httpd
state: started
3.实验:
建立三个用户westos{1,2,3},密码分别为123,456,789
vim user1.yml
///
---
- name: create user
hosts: westos
tasks:
- name: user
user:
name: "{{ item.user }}"
password: "{{ item.passwd }}"
state: present
loop:
- user: westos1
passwd: "$6$aOHp/7b8u2HR1u2/$0vga5bdE8hOLMuXvXsGZA9QQlU6uz2n8/g3LB3IA64B0XSH9Y8K.PFDB3nxLw4U4X1lY02r65c8ifaQPmqSTB/"
- user: westos2
passwd: "$6$EUAMLnZzJuaqJhBS$Vf8OLeVOBnT1f11Wll9lDVY9RkdNwtddMB0gEwjuH97CqJudIAGuh9GvxdWm8l0aPYpVvvfHRsH8PVSHm3UZL/"
- user: westos3
passwd: "$6$Bt8yoy94CY6af1rw$YR0uEZM7tlC21CP7crzE9qw.JsBVsl4lpa1UrI3eoolrcI6qscM.lMoHxkk0FZLmOphARSRz3DSS0lgvShZQP."
///
[注意] 此处的密码为openssl passwd -6生成。
"{{ item.user }}"更正规的写法应该是"{{ item['user'] }}"
二.条件
when:
- 条件1
- 条件2
1.条件判断
= value == "字符串",value == 数字
< value < 数字
> value > 数字
<= value <= 数字
>= value >= 数字
!= value != 数字
is defined value is defined 变量存在
is not defined value is not defined 变量不存在
in value is in value 变量为
not in value is not in value 变量不为
bool变量 为true value value的值为true
bool变量 false not value value的值为false
value in value2 value的值在value2列表中
实验:
ansible 172.25.14.10 -m file -a ‘path=/mnt/file state=touch’
vim test1.yml
///
---
- name: test
hosts: all
tasks:
- name: test
shell: test -e /mnt/file
ignore_errors: yes ##忽略错误
register: OUTPUT
- name: show messages
debug:
msg: /mnt/file is not find
when: OUTPUT.rc != 0
- name: show messages
debug:
msg: /mnt/file is exit
when: OUTPUT.rc == 0
///
判断实验
给虚拟机westosc加上一个10G的硬盘
ansible 172.25.254.71 -m shell -a 'fdisk -l'
vim test2.yml
///
---
- name: test
hosts: all
tasks:
- name: show messages
debug:
msg: vdb not find
when: ansible_facts['devices']['vdb'] is not defined
- name: show messages
debug:
msg: vdb is exist
when: ansible_facts['devices']['vdb'] is defined
///
2.多条条件组合
when:
条件1 and 条件2
- 条件1
- 条件2
when:
条件1 or 条件2
when: >
条件1
or
条件2
实验多条条件组合
#and
vim test2.yml
///
---
- name: test
hosts: all
tasks:
- name: show messages
debug:
msg: vdb not find
when:
- ansible_facts['devices']['vdb'] is not defined
- inventory_hostname in "172.25.14.20"
##
- name: show messages
debug:
msg: vdb is exist
when:
- ansible_facts['devices']['vdb'] is defined
- inventory_hostname in "172.25.14.20"
///
#or
///
- name: show messages
debug:
msg: vdb not find
when:
- ansible_facts['devices']['vdb'] is not defined or inventory_hostname in "172.25.14.20"
///
///
- name: show messages
debug:
msg: vdb not find
when: >
ansible_facts['devices']['vdb'] is not defined
or
inventory_hostname in "172.25.14.20"
///
测试题
测试题:
建立playbook ~/ansibles/lvm.yml要求如下:
*建立大小为1500M名为exam_lvm的lvm 在westos组中
*如果westos不存在请输出:
vg westos is not exist
*如果westos大小不足1500M请输出:
vg westos is less then 1500M
并建立800M大小的lvm
vim lvm.yml
///
---
- name: create lvm
hosts: all
tasks:
- name: create 1500M lvm
lvol:
lv: exam_lvm
vg: westos
size: 1500M
when: ansible_facts['lvm']['vgs']['westos'] is defined
ignore_errors: yes
register: OUTPUT
- name: debug size message
debug:
msg: vg westos is less than 1500M
when:
- ansible_facts['lvm']['vgs']['westos'] is defined
- OUTPUT.rc != 0
- name: create 800M lvm
lvol:
lv: example_lvm
vg: westos
size: 800M
when:
- ansible_facts['lvm']['vgs']['westos'] is defined
- OUTPUT.rc != 0
- name: debug messages
debug:
msg: vg westos is not exist
when: ansible_facts['lvm']['vgs']['westos'] is not defined
报错是内存不够了
三.触发器
1.触发器
notify: 触发器当遇到更改时触发handlers
handlers: 触发器触发后执行的动作
#实例#
---
- name: create virtualhost for web server
hosts: 172.25.0.254
vars_files:
./vhost_list.yml
tasks:
- name: create document
file:
path: "{{web2.document}}"
state: directory
- name: create vhost.conf
copy:
dest: /etc/httpd/conf.d/vhost.conf
content:
"<VirtualHost *:{{web1.port}}>\n\tServerName {{web1.name}}\n\tDocumentRoot {{web1.document}}\n\tCustomLog logs/{{web1.name}}.log combined\n</VirtualHost>\n\n<VirtualHost *:{{web2.port}}>\n\tServerName {{web2.name}}\n\tDocumentRoot {{web2.document}}\n\tCustomLog logs/{{web2.name}}.log combined\n</VirtualHost>"
notify:
restart apache
handlers:
- name: restart apache
service:
name: httpd
state: restarted
实验
实验:
///
---
- name: web server
hosts: all
tasks:
- name: install apache
dnf:
name: httpd
state: latest
- name: start service
service:
name: httpd
state: started
enabled: yes
- name: configure firewalld
firewalld:
service: http
state: enabled
permanent: yes
immediate: yes
- name: configure port
lineinfile:
path: /etc/httpd/conf/httpd.conf
line: Listen "{{ port }}"
regexp: "^Listen {{ port }}"
# backrefs: yes
notify:
- firewalld
- restart apache
handlers:
- name: firewalld
firewalld:
port: "{{port}}/tcp"
state: enabled
permanent: yes
immediate: yes
- name: restart apache
service:
name: httpd
state: restarted
///
练习
练习:vsftpd,允许匿名访问
vim vsftpd.yml
///
---
- name: vsftpd
hosts: all
tasks:
- name: install vsftpd
dnf:
name: vsftpd
state: latest
notify:
- restart vsftpd
- firewalld
- name: configure vsftpd
lineinfile:
path: /etc/vsftpd/vsftpd.conf
regexp: "^anonymous_enable="
line: "anonymous_enable={{state}}"
notify:
restart vsftpd
handlers:
- name: restart vsftpd
service:
name: vsftpd
state: restarted
enabled: yes
- name: firewalld
firewalld:
service: ftp
state: enabled
permanent: yes
immediate: yes
四.处理失败任务
1.ignore_errors
#作用:
当play遇到任务失败是会终止
ignore_errors: yes 将会忽略任务失败使下面的任务继续运行
#实例#
---
- name:
hosts: all
tasks:
- name: test
dnf:
name: westos
state: latest
ignore_errors: yes
- name: create file
file:
path: /mnt/westos
state: touch
2.force_handlers
#作用:
#当任务失败后play被终止也会调用触发器进程
#example
---
- name: apache change port
hosts: 172.25.0.254
force_handlers: yes
vars:
http_port: 80
tasks:
- name: configure apache conf file
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: "^Listen"
line: "Listen {{ http_port }}"
notify: restart apache
- name: install error
dnf:
name: westos
state: latest
handlers:
- name: restart apache
service:
name: httpd
state: restarted
enabled: yes
3.changed_when
#作用:
#控制任务在何时报告它已进行更改 (强制成功)
---
- name: apache change port
hosts: 172.25.0.254
force_handlers: yes
vars:
http_port: 8080
tasks:
- name: configure apache conf file
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: "^Listen"
line: "Listen {{ http_port }}"
changed_when: true
notify: restart apache
handlers:
- name: restart apache
service:
name: httpd
state: restarted
enabled: yes
4.failed_when
#当符合条件时强制任务失败
---
- name: test
hosts: 172.25.0.254
tasks:
- name: shell
shell: echo hello
register: westos
failed_when: "'hello' in westos.stdout"
5.block
block: ##定义要运行的任务
rescue: ##定义当block句子中出现失败任务后运行的任务
always: ##定义最终独立运行的任务
测试练习
建立playbook ~/westos.yml要求如下:
建立大小为1500M名为/dev/vdb1的设备
如果/dev/vdb不存在请输入:
/dev/vdb is not exist
如果/dev/vdb大小不足2G请输出:
/dev/vdb is less then 2G
并建立800M大小的/dev/vdb1
此设备挂载到/westos上
---
- name: create vdb1
hosts: all
tasks:
- name: check vdb
debug:
msg: /dev/vdb is not exist
when: ansible_facts['devices']['vdb'] is not defined
- name: create /dev/vdb1
block:
- name: check size 2G
parted:
device: /dev/vdb
number: 1
state: present
part_end: 2GiB
when: ansible_facts['devices']['vdb'] is defined
notify:
- remove 2G
- create vdb1
rescue:
- name: create 800M
parted:
device: /dev/vdb
state: present
number: 1
part_end: 800MiB
when: ansible_facts['devices']['vdb'] is defined
always:
- name: create mount point
file:
path: /westos
state: directory
handlers:
- name: remove 2G
parted:
device: /dev/vdb
number: 1
state: absent
- name: create vdb1
parted:
device: /dev/vdb
number: 1
state: present
part_end: 1500MiB
- name: create filesystem
filesystem:
fstype: xfs
dev: /dev/vdb1
- name: mount /dev/vdb1
mount:
path: /westos
src: /dev/vdb1
fstypes: xfs
state: mounted
ansible all -m parted -a ‘device=/dev/vdb number=1 state=absent’ ##删除设备
ansible all -m mount -a ‘path=/westos state=absent’ ##卸载设备
181
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
