1 playbook基本使用
##开始使用
[root@ansible ~]# cd /etc/ansible/
[root@ansible ansible]# cat test.yml
---
- hosts: testhost
remote_user: root
tasks:
- name: test_playbook
shell: touch /tmp/ansible_test2.txt
//说明: 第一行需要有三个杠,hosts参数指定了对哪些主机进行参作,如果是多台机器可以用逗号作为分隔,也可以使用主机组,在/etc/ansible/hosts里定义; user参数指定了使用什么用户登录远程主机操作; tasks指定了一个任务,其下面的name参数同样是对任务的描述,在执行过程中会打印出来,shell是ansible模块名字,冒号后面得跟空格。
[root@ansible ansible]# ansible-playbook test.yml //执行
PLAY [testhost] ****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [127.0.0.1]
ok: [192.168.174.129]
TASK [test_playbook] ***********************************************************
[WARNING]: Consider using the file module with state=touch rather than running
'touch'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
changed: [127.0.0.1]
changed: [192.168.174.129]
PLAY RECAP *********************************************************************
127.0.0.1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.129 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
变量
[root@ansible ansible]# cat create_user.yml
---
- name: create_user
hosts: testhost
user: root
gather_facts: false
vars:
- user: "test"
tasks:
- name: create user
user: name="{{user}}"
//name参数对该playbook实现的功能做一个概述,后面执行过程中,会打印 name变量的值 ,可以省略;gather_facts参数指定了在以下任务部分执行前,是否先执行setup模块获取主机相关信息,这在后面的task会使用到setup获取的信息时用到;vars参数,指定了变量,这里指字一个user变量,其值为test ,需要注意的是,变量值一定要用引号引住;user提定了调用user模块,name是user模块里的一个参数,而增加的用户名字调用了上面user变量的值。
[root@ansible ansible]# ansible-playbook create_user.yml //运行
PLAY [create_user] *************************************************************
TASK [create user] *************************************************************
changed: [127.0.0.1]
changed: [192.168.174.129]
PLAY RECAP *********************************************************************
127.0.0.1 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.129 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
循环
[root@ansible ansible]# cat while.yml
---
- hosts: testhost
user: root
tasks:
- name: change mode for files
file: path=/opt/{{ item }} mode=600
with_items:
- 1.txt
- 2.txt
- 3.txt
//with_items为循环的对象,其中引用变量时前缀item变量是固定的,而item后跟的键名就是在with_items中定义的字典键名。
[root@ansible ansible]# ansible-playbook while.yml //执行yml文件
PLAY [testhost] ****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [127.0.0.1]
ok: [192.168.174.129]
TASK [change mode for files] ***************************************************
changed: [127.0.0.1] => (item=1.txt)
changed: [192.168.174.129] => (item=1.txt)
changed: [127.0.0.1] => (item=2.txt)
changed: [192.168.174.129] => (item=2.txt)
changed: [127.0.0.1] => (item=3.txt)
changed: [192.168.174.129] => (item=3.txt)
PLAY RECAP *********************************************************************
127.0.0.1 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.129 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
##条件判断
[root@ansible ansible]# cat when.yml
---
- hosts: testhost
user: root
gather_facts: True
tasks:
- name: user when
shell: touch /opt/when.txt
when: ansible_eno16777736.ipv4.address == "192.168.174.129"
//判断eno16777736网卡IP为192.168.174.129的,对它做出操作,ansible testhost -m setup 可以查看到所有的facter信息
[root@ansible ansible]# ansible-playbook when.yml
PLAY [testhost] **********************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [127.0.0.1]
ok: [192.168.174.129]
TASK [user when] *********************************************************************************************************************
skipping: [127.0.0.1]
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command because file is
insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
changed: [192.168.174.129]
PLAY RECAP ***************************************************************************************************************************
127.0.0.1 : ok=1 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
192.168.174.129 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@ansible ansible]# cat handlers.yml
---
- name: handlers test
hosts: testhost
user: root
tasks:
- name: copy file
copy: src=/etc/passwd dest=/opt/aaa.txt
notify: test handlers
handlers:
- name: test handlers
shell: echo "11111" >> /opt/aaa.txt
//只有copy模块真正执行后,才会去调用下面的handlers相关的操作。也就是说如果1.txt和2.txt内容是一样的,并不会去执行handlers里面的shell相关命令。 这种比较适合配置文件发生更改后,重启服务的操作。
[root@ansible ansible]# ansible-playbook handlers.yml
PLAY [handlers test] *****************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [127.0.0.1]
ok: [192.168.174.129]
TASK [copy file] *********************************************************************************************************************
changed: [127.0.0.1]
changed: [192.168.174.129]
RUNNING HANDLER [test handlers] ******************************************************************************************************
changed: [127.0.0.1]
changed: [192.168.174.129]
PLAY RECAP ***************************************************************************************************************************
127.0.0.1 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.129 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2 playbook安装nginx
[root@ansible ~]# cd /etc/ansible/
[root@ansible ansible]# mkdir nginx_install //目录
[root@ansible ansible]# mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars}
//roles目录下有两个角色,common为一些准备操作,install为
安装nginx的操作。每个角色下面又有几个目录,handlers下面是当发生改变时
要执行的操作,通常用在配置文件发生改变,重启服务。files为安装
时用到的一些文件,meta为说明信息,说明角色依赖等信息,tasks里面是
核心的配置文件,templates通常存一些配置文件,
启动脚本等模板文件,vars下为定义的变量
先在一台机器上编译安装好nginx、打包,然后再用ansible去下发 cd /etc/ansible
[root@ansible ~]# cd /etc/ansible 进入ansible配置文件目录
[root@ansible ansible]# mkdir nginx_install 创建一个nginx_install的目录,方便管理
[root@ansible nginx_install]# cd nginx_install
[root@ansible nginx_install]# mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars}
进入ansible配置文件目录 mkdir nginx_install 创建一个nginx_install的目录,方便管理
> cd nginx_install mkdir -p
> roles/{common,install}/{handlers,files,meta,tasks,templates,vars}
说明:roles目录下有两个角色,common为一些准备操作,install为安装nginx的操作。每个角色下面又有几个目录,handlers下面是当发生改变时要执行的操作,通常用在配置文件发生改变,重启服务。files为安装时用到的一些文件,meta为说明信息,说明角色依赖等信息,tasks里面是核心的配置文件,templates通常存一些配置文件,启动脚本等模板文件,vars下为定义的变量
需要事先准备好安装用到的文件
具体如下: 在一台机器上事先编译安装好nginx,配置好启动脚本,配置好配置文件
安装好后,我们需要把nginx目录打包,并放到/etc/ansible/nginx_install/roles/install/files/下面,名字为nginx.tar.gz
启动脚本、配置文件都要放到/etc/ansible/nginx_install/roles/install/templates下面进入/etc/ansible/nginx_install/roles 定义common的tasks,nginx是需要一些依赖包的
[root@ansible nginx_install]# cat /etc/ansible/nginx_install/roles/common/tasks/main.yml
- name: Install initializtion require sofware
yum: name={{ item }} state=installed
with_items:
- zlib-devel
- pcre-devel
定义变量
[root@ansible nginx_install]# cat /etc/ansible/nginx_install/roles/install/vars/main.yml
nginx_user: www
nginx_port: 80
nginx_basedir: /usr/local/nginx
//把所用的东西拷贝到主机清单中的其他机器
[root@ansible nginx_install]# cat /etc/ansible/nginx_install/roles/install/tasks/copy.yml
- name: Copy Nginx Software
copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root
- name: Uncompression Nginx Software
shell: tar zxf /tmp/nginx.tar.gz -C /
- name: Copy Nginx Start Script
template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755
- name: Copy Nginx Config
template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root mode=0644
//建立用户,启动服务并删除压缩包
[root@ansible nginx_install]# cat /etc/ansible/nginx_install/roles/install/tasks/install.yml
- name: Create Nginx User
user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin
- name: Start Nginx Service
shell: /etc/init.d/nginx start
- name: Add Boot Start Nginx Service
shell: chkconfig --level 345 nginx on
- name: Delete Nginx compression files
shell: rm -rf /tmp/nginx.tar.gz
最后创建main.yml调用copy和install
[root@ansible nginx_install]# cat /etc/ansible/nginx_install/roles/install/tasks/main.yml
- include: copy.yml
- include: install.yml
//配置入口文件
[root@ansible nginx_install]# cat /etc/ansible/nginx_install/install.yml
---
- hosts: testhost
remote_user: root
gather_facts: True
roles:
- common
- install
执行
[root@ansible nginx_install]# ansible-playbook install.yml //执行过程
PLAY [testhost] **********************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [127.0.0.1]
ok: [192.168.174.129]
TASK [common : Install initializtion require sofware] ********************************************************************************
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to
supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['zlib-devel', 'pcre-devel']` and remove the loop. This
feature will be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via squash_actions is deprecated. Instead of using a loop to
supply multiple items and specifying `name: "{{ item }}"`, please use `name: ['zlib-devel', 'pcre-devel']` and remove the loop. This
feature will be removed in version 2.11. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
ok: [127.0.0.1] => (item=[u'zlib-devel', u'pcre-devel'])
ok: [192.168.174.129] => (item=[u'zlib-devel', u'pcre-devel'])
TASK [install : Copy Nginx Software] *************************************************************************************************
ok: [127.0.0.1]
changed: [192.168.174.129]
TASK [install : Uncompression Nginx Software] ****************************************************************************************
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you need to use command because unarchive is
insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
changed: [192.168.174.129]
changed: [127.0.0.1]
TASK [install : Copy Nginx Start Script] *********************************************************************************************
ok: [127.0.0.1]
ok: [192.168.174.129]
TASK [install : Copy Nginx Config] ***************************************************************************************************
ok: [127.0.0.1]
ok: [192.168.174.129]
TASK [install : Create Nginx User] ***************************************************************************************************
ok: [127.0.0.1]
ok: [192.168.174.129]
TASK [install : Start Nginx Service] *************************************************************************************************
changed: [127.0.0.1]
changed: [192.168.174.129]
TASK [install : Add Boot Start Nginx Service] ****************************************************************************************
changed: [127.0.0.1]
changed: [192.168.174.129]
TASK [install : Delete Nginx compression files] **************************************************************************************
[WARNING]: Consider using the file module with state=absent rather than running 'rm'. If you need to use command because file is
insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
changed: [127.0.0.1]
changed: [192.168.174.129]
PLAY RECAP ***************************************************************************************************************************
127.0.0.1 : ok=10 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.129 : ok=10 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3 playbook管理配置文件
[root@ansible nginx_install]# mkdir -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks} //创建目录,其中new为更新时用到的,old为回滚时用到的,files下面为nginx.conf和vhosts目录,handlers为重启nginx服务的命令
[root@ansible conf]# \cp -r nginx.conf vhost /etc/ansible/nginx_config/roles/new/files/ //把nginx.conf和vhosts目录放到files目录下面
[root@ansible conf]# cat /etc/ansible/nginx_config/roles/new/vars/main.yml //定义变量
nginx_basedir: /usr/local/nginx
[root@ansible conf]# cat /etc/ansible/nginx_config/roles/new/handlers/main.yml //重新加载服务模块
- name: restart nginx
shell: /etc/init.d/nginx reload
[root@ansible conf]# cat /etc/ansible/nginx_config/roles/new/tasks/main.yml //定义核心任务
- name: copy conf file
copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644
with_items:
- {src: nginx.conf,dest: conf/nginx.conf}
- {src: vhosts,dest: conf/}
notify: restart nginx
[root@ansible conf]# cat /etc/ansible/nginx_config/update.yml //更新文件的总配置入口
---
- hosts: testhost
user: root
roles:
- new
[root@ansible conf]# cat /etc/ansible/nginx_config/rollbask.yml //回滚总配置入口
---
- hosts: testhost
user: root
roles:
- old
[root@ansible tasks]# ansible-playbook /etc/ansible/nginx_config/update.yml //执行更新文件配置后重启。
PLAY [testhost] **********************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [127.0.0.1]
ok: [192.168.174.129]
TASK [new : copy conf file] **********************************************************************************************************
ok: [127.0.0.1] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
ok: [192.168.174.129] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
changed: [127.0.0.1] => (item={u'dest': u'conf/', u'src': u'vhosts'})
changed: [192.168.174.129] => (item={u'dest': u'conf/', u'src': u'vhosts'})
RUNNING HANDLER [new : restart nginx] ************************************************************************************************
changed: [127.0.0.1]
changed: [192.168.174.129]
PLAY RECAP ***************************************************************************************************************************
127.0.0.1 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.129 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@ansible tasks]# rsync -av /etc/ansible/nginx_config/roles/new/ /etc/ansible/nginx_config/roles/old/ //备份
[root@ansible nginx_config]# ansible-playbook rollbask.yml //执行回滚
PLAY [testhost] ****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [192.168.174.129]
ok: [127.0.0.1]
TASK [old : copy conf file] ****************************************************
ok: [127.0.0.1] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
ok: [192.168.174.129] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
ok: [127.0.0.1] => (item={u'dest': u'conf/', u'src': u'vhosts'})
ok: [192.168.174.129] => (item={u'dest': u'conf/', u'src': u'vhosts'})
PLAY RECAP *********************************************************************
127.0.0.1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.174.129 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
扫一扫
1903
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
