role角色
- 为了实现playbook重用,可以使用role角色
- 角色role相当于把任务打散,放到不同的目录中
- 再把一些固定的值,如用户名、软件包、服务等,用变量来表示
- role角色定义好之后,可以在其他playbook中直接调用
[root@control ansible]
[defaults]
inventory = hosts
[root@control ansible]
Hostname: {{ansible_hostname}}
Date: {{ansible_date_time.date}}
Contact to: {{admin}}
[root@control ansible]
---
- name: modifty /etc/motd
hosts: test
vars:
admin: root@tedu.cn
tasks:
- name: modify motd
template:
src: motd.j2
dest: /etc/motd
[root@control ansible]
[root@node1 ~]
Hostname: node1
Date: 2021-11-01
Contact to: root@tedu.cn
[root@control ansible]
[defaults]
inventory = hosts
roles_path = roles
[root@control ansible]
[root@control ansible]
[root@control ansible]
motd
[root@control ansible]
[root@control ansible]
roles/motd/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
[root@control ansible]
Hostname: {{ansible_hostname}}
Date: {{ansible_date_time.date}}
Contact to: {{admin}}
[root@control ansible]
admin: zzg@tedu.cn
[root@control ansible]
- name: modify motd
template:
src: motd.j2
dest: /etc/motd
[root@control ansible]
---
- name: modify motd with role
hosts: test
roles:
- motd
[root@control ansible]
- ansible的公共角色仓库:https://galaxy.ansible.com/
[root@zzgrhel8 ~]
[root@zzgrhel8 ~]
role案例
- 创建名为pkgs的角色。用于装包。包名使用变量pkg代表
- 创建inst_http.yml,调用pkgs角色,安装httpd
- 创建inst_php.yml,调用pkgs角色,安装php
[root@control ansible]
[root@control ansible]
---
- name: install rpm pkg
yum:
name: "{{pkg}}"
state: present
[root@control ansible]
---
pkg: httpd
[root@control ansible]
---
- name: install httpd pkg
hosts: test
roles:
- pkgs
[root@control ansible]
[root@control ansible]
---
- name: install php pkg
hosts: node2
vars:
pkg: php
roles:
- pkgs
[root@control ansible]
ansible加解密文件
- ansible加解密文件使用ansible-vault命令
[root@control ansible]
[root@control ansible]
Hi ni hao
[root@control ansible]
New Vault password: 123456
Confirm New Vault password: 123456
Encryption successful
[root@control ansible]
$ANSIBLE_VAULT;1.1;AES256
37373366353566346235613731396566646533393361386131313632306563633336333963373465
6164323461356130303863633964393339363738653036310a666564313832316263393061616330
32373133323162353864316435366439386266616661373936363563373634356365326637336165
6336636230366564650a383239636230623633356565623461326431393634656666306330663533
6235
[root@control ansible]
Vault password: 123456
Decryption successful
[root@control ansible]
Hi ni hao
[root@control ansible]
New Vault password: 123456
Confirm New Vault password: 123456
Encryption successful
[root@control ansible]
Vault password: 123456
New Vault password: abcd
Confirm New Vault password: abcd
Rekey successful
[root@control ansible]
Vault password: abcd
Hi ni hao
[root@control ansible]
[root@control ansible]
[root@control ansible]
Encryption successful
[root@control ansible]
[root@control ansible]
Decryption successful
[root@control ansible]
hello world
特殊的主机清单变量
- 如果远程主机没有使用免密登陆,如果远程主机ssh不是标准的22端口,可以设置特殊的主机清单变量
ansible_ssh_user
:指定登陆远程主机的用户名ansible_ssh_pass
:指定登陆远程主机的密码ansible_ssh_port
:指定登陆远程主机的端口号
[root@control ansible]
[root@control ~]
[root@control ~]
[root@control myansible]
[defaults]
inventory = hosts
[root@control myansible]
[group1]
node1
node2
node3
[root@control myansible]
[root@node1 ~]
[root@node1 ~]
Port 220
[root@node1 ~]
[root@zzgrhel8 ~]
[root@control myansible]
[group1]
node1 ansible_ssh_user=root ansible_ssh_pass=a ansible_ssh_port=220
node2 ansible_ssh_user=root ansible_ssh_pass=a
node3 ansible_ssh_user=root ansible_ssh_pass=a
[root@control myansible]