文章目录
Ansible自动化运维
一、Playbook介绍
playbook是ansible的配置、部署、编排语言、他们可以被描述为一个需要希望远程主机执行命令的方案,或者一组ansible模块程序运行的命令的集合
大量实例
http://github.com/ansible/ansible-examples
二、YAML语法详解
YAML(Yet Another Markup Language)语言是一种用来表达数据序列的编程语言,他的主要特点包括:可读性强,语法简单明了,支持丰富的语言解析库,通用性强,ansible和saltstack环境中的配置文件都以YAML格式存在,所以必须要 熟悉YAML格式来配置管理ansible
块序列描述就是将描述的元素序列到Python是列表中,一下代码演示了YAML与Python的对应关系
2.1 块序列描述(列表)
文件内容
[root@ansinble_center tmp]#cat 1.yaml
-
- alice
- bob
- cindy
-
- a
- b
- c
测试结果
[root@ansinble_center tmp]#./loadyaml.py
[['alice', 'bob', 'cindy'], ['a', 'b', 'c']]
<type 'list'>
2.2 块映射描述(字典)
2.3 两种混合
三、palybook组成
hosts:运行指定任务的目标主机
remote_user:在远程主机以哪个用户的身份执行
sudo_user:非管理员用户有哪一些组成
task:任务列表(模块和参数组成)
install_nginx.yaml
- hosts: webservers
remote_user: root
tasks:
- name: create a user
user: name=nginx1 uid=3000
ignore_errors: yes
- name: install nginx
yum: name=nginx state=present
- name: start nginx service
service: name=nginx state=started
这个是转换过来的。。
[{ hosts: 'webservers',
remote_user: 'root',
tasks:
[{ name: 'create a user',
user: 'name=nginx1 uid=3000',
ignore_errors: 'yes'},
{ name: 'install nginx',
yum: 'name=nginx state=present'},
{ name: 'start nginx service',
service: 'name=nginx state=started'
}]
}]
运行结果
检测playbook影响的主机及任务
ansible-playbook -C --list-hosts --list-tags --list-tasks useradd.yaml
测试结果
查看客户端
[root@localhost ~]# id nginx
uid=498(nginx) gid=498(nginx) groups=498(nginx)
[root@localhost ~]# netstat -nltup | grep '80'
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 15817/nginx
tcp 0 0 :::80 :::* LISTEN 15817/nginx
[root@localhost ~]# rpm -qa nginx
nginx-1.10.3-1.el6.x86_64
开启nginx
四、playbook核心组件
4.1 Taks
任务,由模块定义的操作的列表
4.2 Variables
当我们需要定制一些模版时,需要从外部传入变量来配置playbook
方法一
tasks内容
- hosts: webservers
remote_user: root
tasks:
- name: install {{pkgname}}
yum: name={{pkgname}}
tags: install {{pkgname}}
- name: start {{pkgname}}
service: name={{pkgname}} state=started enabled=true
测试
方法二
- hosts: webservers
remote_user: root
vars:
- pkgname: nginx
tasks:
- name: install {{pkgname}}
yum: name={{pkgname}}
tags: install {{pkgname}}
- name: start {{pkgname}}
service: name={{pkgname}} state=started enabled=true
测试结果
4.3 Templates
模版templates
当我们根据不同服务器来定制不能的配置文件时,需要借助于模版文件,模版文件的语法为jinja
nginx_jinjia.yaml
nginx_jinjia.yaml文件内容
---
- hosts: webservers
vars:
worker_processes: 4
num_cups: 4
max_open_file: 65500
root: /data/www
remote_user: root
tasks:
- name: make sure nginx is at latest version
yum: name=nginx state=latest
- name: write the nginx config file
template: src=/root/nginx.conf dest=/etc/nginx/nginx.conf
notify:restart nginx
- name: make sure nginx is running
service: name=nginx state=started
handlers:
- name: restart nginx
service: name=nginx state=restarted
/root/nginx.conf文件
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes {{ worker_processes }};
{% if num_cups == 2 %}
worker_cpu_affinity 01 10;
{% else %}
worker_cpu_affinity 0001 0010 0100 1000;
{% endif %}
worker_rlimit_nofile {{ max_open_file }};
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
# include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
渲染后的文件内容为
运行结果
执行完之后,客户端192.168.217.131的/etc/nginx/nginx.conf文件的内容发生了改变
4.4 Handlers
有特定条件触发的Tasks
触发器handlers
syn_nginx_conf.yaml
/tmp/nginx.conf文件内容
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
syn_nginx_conf.yaml文件内容
- hosts: webservers
remote_user: root
tasks:
- name: copy config file
copy: src=/tmp/nginx.conf dest=/etc/nginx/nginx.conf
notify: reload nginx server
- name: start nginx service
service: name=nginx state=started
handlers:
- name: reload nginx service
service: name=nginx started=restarted
测试结果
4.5 Roles
角色,以待定的层级目录结构进行组织的tasks,variables,handlers,templates,files(依赖的文件)
4.6 Tags
当有些任务我们需要单独执行或者跳过时,可以给任务打标签
syn_nginx_conf1.yaml 文件内容
- hosts: webservers
remote_user: root
tasks:
- name: copy config file
copy: src=/tmp/nginx.conf dest=/etc/nginx/nginx.conf
tags: copyfile
notify: reload nginx service
- name: start nginx service
service: name=nginx state=started
handlers:
- name: reload nginx service
service: name=nginx state=restarted
测试结果
五、playbook执行命令
ansible-playbook YAML文件