1. Playbook简介
Playbook包含plays,每一个play里面包含task。
playbook是一些列的task按照一定的规则和顺序组合在一起的执行工作流。
假如Ansible的模块是设备的零件,那么PlayBook就是整个设备的设计蓝图。
Links:
playbook例子:
--- - hosts: webservers vars: http_port: 80 max_clients: 200 remote_user: root tasks: - name: ensure apache is at the latest version yum: pkg=httpd state=latest - name: write the apache config file template: src=/srv/httpd.j2 dest=/etc/httpd.conf notify: - restart apache - name: ensure apache is running service: name=httpd state=started handlers: - name: restart apache service: name=httpd state=restarted
hosts和Users
每份PlayBook都需要指定针对哪些主机进行运维,而hosts变量则说明了这个问题。而Users则说明了采用什么用户执行这条命令
针对WebServer主机组。采用Root用户执行命令
--- - hosts: webservers remote_user: root
采用sudo模式执行
--- - hosts: webservers remote_user: yourname sudo: yes
针对特定的任务采用sudo
--- - hosts: webservers remote_user: yourname tasks: - service: name=nginx state=started sudo: yes
采用自己的账户登录,采用其他账户执行sudo
--- - hosts: webservers remote_user: yourname sudo: yes sudo_user: postgres
Tasks list
每一个PlayBook都会有一份作业列表,说明究竟要按照怎么样的顺序去执行这些命令。
使用服务模块
tasks: - name: make sure apache is running service: name=httpd state=running
使用Command模块
tasks: - name: disable selinux command: /sbin/setenforce 0
使用Shell模块
tasks: - name: run this command and ignore the result shell: /usr/bin/somecommand || /bin/true
使用文件模块
tasks: - name: Copy ansible inventory file to client copy: src=/etc/ansible/hosts dest=/etc/ansible/hosts owner=root group=root mode=0644
使用模板模块
tasks: - name: create a virtual host file for {{ vhost }} template: src=somefile.j2 dest=/etc/httpd/conf.d/{{ vhost }}
Handlers
可以把Handlers看做是观察者模式,一旦某个动作有反应了,就会回调给定的方法
配置完模板之后调用重启的方法,但是下面的这种写法只有在文件被修改了之后才会调用
- name: template configuration file template: src=template.j2 dest=/etc/foo.conf notify: - restart memcached - restart apache
当然也可以写成这种
handlers: - name: restart memcached service: name=memcached state=restarted - name: restart apache service: name=apache state=restarted
执行PlayBook
ansible-playbook playbook.yml -f 10
执行前检查
ansible-playbook playbook.yml --list-hosts
我们可以写一个很长的PlayBook来完成一些运维工作,但是一份很大的PlayBook就很难达到重用的目标,这个时候就可以采用Include了
Include
2.1简单的include文件
--- # possibly saved as tasks/foo.yml - name: placeholder foo command: /bin/foo - name: placeholder bar command: /bin/bar从yml里面引用
tasks: - include: tasks/foo.yml2.2 引用的同时传入变量
tasks: - include: wordpress.yml user=timmy - include: wordpress.yml user=alice - include: wordpress.yml user=bob也可以采用结构化的列表传入变量:tasks: - include: wordpress.yml vars: wp_user: timmy some_list_variable: - alpha - beta - gamma2.3 在handler中也可以使用include--- # this might be in a file like handlers/handlers.yml - name: restart apache service: name=apache state=restarted在playbook主文件中添加如下代码:handlers: - include: handlers/handlers.yml一个完整的带引用的PlayBook例子
- name: this is a play at the top level of a file hosts: all remote_user: root tasks: - name: say hi tags: foo shell: echo "hi..." - include: load_balancers.yml - include: webservers.yml - include: dbservers.yml3. 采用角色组织模块
3.1基本结构编写一个很大的ansible会涉及到文件组织的问题,这个时候可以使用Role组织文件
site.yml webservers.yml fooservers.yml roles/ common/ files/ templates/ tasks/ handlers/ vars/ meta/ webservers/ files/ templates/ tasks/ handlers/ vars/ meta/实际使用的时候,就可以采用Role了
--- - hosts: webservers roles: - common - webservers如果roles/x/tasks/main.yml存在,则文件中的task会被自动添加到play中
如果roles/x/handlers/main.yml存在,则文件中的task会被自动添加到play中
如果roles/x/vars/main.yml存在,则文件中的task会被自动添加到play中
如果roles/x/meta/main.yml存在,则文件中的role的依赖项会被自动添加到role列表中
task中的copy, scripts, template, include不需要指定相对或者绝对路径,task会自动到相应目录中查找。
3.2当然也可以传变量
--- - hosts: webservers roles: - common - { role: foo_app_instance, dir: '/opt/a', port: 5000 } - { role: foo_app_instance, dir: '/opt/b', port: 5001 }还可以定义role应用得条件:
--- - hosts: webservers roles: - { role: some_role, when: "ansible_os_family == 'RedHat'" }
完整例子如下:
--- - hosts: webservers pre_tasks: - shell: echo 'hello' roles: - { role: some_role } tasks: - shell: echo 'still busy' post_tasks: - shell: echo 'goodbye'3.3 role依赖性
在role中可以定义默认变量,在role目录下添加: defaults/main.yml
使用role依赖性,可以是role在应用时自动调用相应的role
vi roles/myapp/meta/main.yml
--- dependencies: - { role: common, some_parameter: 3 } - { role: apache, port: 80 } - { role: postgres, dbname: blarg, other_parameter: 12 }
也可以将role路径改为绝对路径:
--- dependencies: - { role: '/path/to/common/roles/foo', x: 1 }
role支持源安装
--- dependencies: - { role: 'git+http://git.example.com/repos/role-foo,v1.1,foo' } - { role: '/path/to/tar/file.tgz,,friendly-name' }
一般role依赖不支持重载,要使用重载,需要添加参数 allow_duplicates: yes
3.4在role中嵌入模块
在role中创建modules
roles/ my_custom_modules/ library/ module1 module2在role主文件中引用modules- hosts: webservers roles: - my_custom_modules - some_other_role_using_my_custom_modules - yet_another_role_using_my_custom_modules