一,ansible的学习笔记
ansible inventory文件格式
172.17.42.101 ansible_ssh_pass='123456'
172.17.42.102 ansible_ssh_pass='123456'
[docker]
172.17.42.10[1:3]
[docker:vars]
ansible_ssh_pass='123456'
[ansible:children]
docker
ansible inventory内置参数
ansible_ssh_host
ansible_ssh_port
ansible_ssh_user
ansible_ssh_pass
ansible_sudo
ansible_sudo_pass
ansible_sudo_exe
ansible_connection
ansible_ssh_private_key_file
ansible_shell_type
ansible_python_interpreter
ansible_*_interpreter
2.ansibie学习
ansible-doc -l | wc 统计ansible的模块数量
ansible-doc command 模块的帮助信息
ansible-doc -s 模块,查看模块的参数信息
command 模块
ansible test -m command -a 'ip a show dev eth0' 或者 ansible test -a 'ip a show dev eth0'
- name: return motd to registered var
command: cat /etc/motd
register: mymotd
script模块
ansible test -m script -a '/home/test.sh 12 34'
- script: /some/local/create_file.sh --some-arguments 1234
args:
creates: /the/created/file.txt
shell模块
ansilbe test -m shell -a "df -h"
- name: 临时关闭 selinux
shell: "setenforce 0"
failed_when: false
- name: 禁用系统 swap
shell: "swapoff -a && sysctl -w vm.swappiness=0"
ignore_errors: true
- name: Execute the command in remote shell; stdout goes to the specified file on the remote.
shell: somescript.sh >> somelog.txt
args:
chdir: somedir/
creates: somelog.txt
copy模块
ansible test -m copy -a "src=/etc/fstab dest=/etc/fstab owner=root group=root mode=0755"
- name: 下载证书工具 CFSSL和 kubectl
copy: src={{ base_dir }}/bin/{{ item }} dest={{ bin_dir }}/{{ item }} mode=0755
with_items:
- cfssl
- cfssl-certinfo
- cfssljson
- kubectl
tags: upgrade_k8s
- name: copy test
copy:
src: /mine/ntp.conf
dest: /etc/ntp.conf
owner: root
group: root
mode: 0644
backup: yes
stat模块
ansible test -m stat -a "path=/etc/sysctl.conf"
- name: 读取ca证书stat信息
stat: path="{{ ca_dir }}/ca.pem"
register: p
- stat:
path: /etc/foo.conf
register: st
- fail:
msg: "Whoops! file ownership has changed"
when: st.stat.pw_name != 'root'
yum模块
ansible test -m yum -a "name=httpd state=present disble_gpg_check=yes enablerepo=epel"
备注:#state (Choices: present, installed, latest, absent, removed)[Default: present]
- name: install the nginx rpm from a remote repo
yum:
name: http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
state: present
- name: 安装keepalived
yum: name={{item}} state=present
with_items:
- keepalived
- name: 安装基础软件包
yum: name={{ item }} state=latest
with_items:
- psmisc # 安装psmisc 才能使用命令killall,它在keepalive的监测脚本中使用到
- nfs-utils # 挂载nfs 共享文件需要 (创建基于 nfs的PV 需要)
- net-tools
cron模块
ansible test -m cron -a "name='test' hour='2-5' minute='*/5' day='1' mouth='3,4' weekday='1' job='ls -a' user=tom"
- cron:
name: yum autoupdate
weekday: 2
minute: 0
hour: 12
user: root
job: "YUMINTERACTIVE: 0 /usr/sbin/yum-autoupdate"
cron_file: ansible_yum-autoupdate
mount模块
ansible test -m mount -a "path=/mnt/data src=/dev/sd0 fstype=xfs state=present ots=ro"
ansible -i /etc/ansible/.hosts-root jr-root -c paramiko -m mount -a "name=/mnt src=/dev/sda5 fstype=ext4 opts=ro state=present"
- name: Mount up device by UUID
mount:
path: /home
src: UUID=b3e48f45-f933-4c8e-a700-22a159ec9077
fstype: xfs
opts: noatime
state: present
service模块
ansible test -m service -a "name=httpd state=running"
state的选项可以是stopped restarted started reloaded等
# Example action to stop service httpd, if running
- service:
name: httpd
state: stopped
- name: 设置keepalived自启动
service: name=keepalived state=started enabled=yes daemon_reload=yes
- name: 设置kubelet自启动
service: name=kubelet state=restarted enabled=yes daemon_reload=yes
synchronize模块
aisible test -m synchronize -a "src=some/relative/path dest=/some/absolute/path"
- name: 安装kubeconfig配置文件
synchronize: src=/root/.kube/config dest=/root/.kube/config
delegate_to: "{{ groups.deploy[0] }}"
- synchronize:
src: some/relative/path
dest: /some/absolute/path
template模块
ansible test -m template -a "src=/mytemplate/foo.j2 dest=/etc/file.conf owner=root group=root mode=0644"
- name: 准备CA配置文件
template: src=ca-config.json.j2 dest={{ ca_dir }}/ca-config.json
when: p.stat.isreg is not defined
- template:
src: /mytemplates/foo.j2
dest: /etc/file.conf
owner: bin
group: wheel
mode: 0644
get_url
ansible test -m get_url -a " url='http://www.baidu.com' dest=/root/test.html mode=0777"
file模块
file模块主要用于远程主机上的文件操作,file模块包含如下选项:
– force:需要在两种情况下强制创建软链接,一种是源文件不存在但之后会建立的情况下;另一种是目标软链接已存在,需要先取消之前的软链,然后创建新的软链,有两个选项:yes|no
– group:定义文件/目录的属组
– mode:定义文件/目录的权限
– owner:定义文件/目录的属主
– path:必选项,定义文件/目录的路径
– recurse:递归的设置文件的属性,只对目录有效
– src:要被链接的源文件的路径,只应用于state=link的情况
– dest:被链接到的路径,只应用于state=link的情况
– state:
directory:如果目录不存在,创建目录
file:即使文件不存在,也不会被创建
link:创建软链接
hard:创建硬链接
touch:如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间
absent:删除目录、文件或者取消链接文件
ansible test -m file -a "name=test path=/root/test.js state=touch mode=0777"
- name: prepare some dirs
file: name={{ item }} state=directory
with_items:
- "{{ bin_dir }}"
- "{{ ca_dir }}"
- /root/.kube
- /etc/docker
- file:
path: /etc/foo.conf
owner: foo
group: foo
mode: 0644
user模块
ansible test -m user -a "name=jerry state=present"
ansible -i /etc/ansible/.hosts-root jr-root -c paramiko -m user -a "name=foo password=123456 home=/home/foo shell=/sbin/nologin"
- name: add user
user: name: jams shell=/bin/bash
groups: admins,develops'
append: yes
- user:
name: james
shell: /bin/bash
groups: admins,developers
append: yes
group
ansible test -m group -a "name=testadmin state=present"
- name: add group
group: name=somegroup state=present
# Example group command from Ansible Playbooks
- group:
name: somegroup
state: present
lineinfile
ansible test -m lineinfile -a " dest=/etc/sysconfig/selinux regexp='^SELINUX=' line='SELINUX=disabled'"
- lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1'
line: '127.0.0.1 localhost'
owner: root
group: root
mode: 0644
- name: 写入环境变量$PATH
lineinfile:
dest: ~/.bashrc
state: present
regexp: 'kubeasz'
line: 'export PATH={{ bin_dir }}:$PATH # generated by kubeasz'
- name: 修改 /etc/sysconfig/kubelet
lineinfile:
dest: /etc/sysconfig/kubelet
regexp: 'KUBELET_EXTRA_ARGS'
backrefs: yes
line: 'Environment="KUBELET_EXTRA_ARGS= --fail-swap-on=false --cgroup-driver=cgroupfs --pod-infra-container-image={{local_images}}/pause-amd64:3.1"'
replace
ansible test -m replace -a 'path=/testdir/test regexp="ABC" replace=abc'
- replace:
path: /home/jdoe/.ssh/known_hosts
regexp: '^old\.host\.name[^\n]*\n'
owner: jdoe
group: jdoe
mode: 0644
- replace:
path: /etc/hosts
regexp: '(\s+)old\.host\.name(\s+.*)?$'
replace: '\1new.host.name\2'
backup: yes
package模块
- name: 安装系统通用软件
package: name={{ item }} state=latest
with_items:
- jq # 轻量JSON处理程序,安装docker查询镜像需要
- socat # 用于port forwarding
- bash-completion # bash命令补全工具,需要重新登录服务器生效
- rsync
modprobe模块
- name: 加载内核模块
modprobe: name={{ item }} state=present
with_items:
- br_netfilter
- ip_vs
- ip_vs_rr
- ip_vs_wrr
- ip_vs_sh
- nf_conntrack_ipv4
ignore_errors: true
ansible -i hosttest test -m copy -a 'src=/root/host.py dest=/root/hostpy owner=root group=root mode=0644 backup=yes' -o
实践
1.根据操作系统版本安装软件
- hosts: all
remote_user: root
tasks:
- name: install nginx package
yum: name=nginx state=latest
- name: start nginx service on CentOS6
shell: service nginx start
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "6"
- name: start nginx service
shell: systemctl start nginx.service
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
2.交互式创建用户并设置密码
---
- hosts: test70
remote_user: root
vars_prompt:
- name: "user_name"
prompt: "Enter user name"
private: no
- name: "user_password"
prompt: "Enter user password"
encrypt: "sha512_crypt"
confirm: yes
tasks:
- name: create user
user:
name: "{{user_name}}"
password: "{{user_password}}"
3.根据字典创建用户组及用户
- hosts: all
remote_user: root
tasks:
- name: create groups
group: name={{ item }} state=present
with_items:
- groupx1
- groupx2
- groupx3
- name: create users
user: name={{ item.name }} group={{ item.group }} state=present
with_items:
- {name: 'userx1', group: 'groupx1'}
- {name: 'userx2', group: 'groupx2'}
- {name: 'userx3', group: 'groupx3'}
4.根据字符串列表安装软件
- hosts: websrvs
remote_user: root
tasks:
- name: install packages
yum: name={{ item }} state=latest
with_items:
- httpd
- php
- php-mysql
- php-mbstring
- php-gd
5.安装http软件并检查服务状态
---
- hosts: all
remote_user: root
tasks:
- name: 安装httpd
yum: name={{ item }} state=present
with_items:
- httpd
- httpd-devel
- name: 复制配置文件
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0775
with_items:
- {
src: "/tmp/httpd.conf",
dest: "/etc/httpd/conf/httpd.conf"
}
- {
src: "/tmp/httpd.conf",
dest: "/etc/httpd/conf/httpd-vhosts.conf"
}
- name: 检查服务状态
service:name=httpd state=started enabled=yes
6.安装http软件,并触发启动服务
- hosts: websrvs
remote_user: root
tasks:
- name: install httpd package
yum: name=httpd state=latest
- name: install conf file
copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd service
- name: start httpd service
service: name=httpd state=started
handlers:
- name: restart httpd service
service: name=httpd state=restarted