Ansible自动化运维

Ansible自动化运维

一、Playbook介绍

playbook是ansible的配置、部署、编排语言、他们可以被描述为一个需要希望远程主机执行命令的方案，或者一组ansible模块程序运行的命令的集合

大量实例

http://github.com/ansible/ansible-examples

二、YAML语法详解

YAML（Yet Another Markup Language）语言是一种用来表达数据序列的编程语言，他的主要特点包括：可读性强，语法简单明了，支持丰富的语言解析库，通用性强，ansible和saltstack环境中的配置文件都以YAML格式存在，所以必须要 熟悉YAML格式来配置管理ansible

块序列描述就是将描述的元素序列到Python是列表中，一下代码演示了YAML与Python的对应关系

2.1 块序列描述（列表）

文件内容

[root@ansinble_center tmp]#cat 1.yaml
-
 - alice
 - bob
 - cindy
-
 - a
 - b
 - c

测试结果

[root@ansinble_center tmp]#./loadyaml.py 
[['alice', 'bob', 'cindy'], ['a', 'b', 'c']]
<type 'list'>

2.2 块映射描述（字典）

2.3 两种混合

三、palybook组成

hosts:运行指定任务的目标主机

remote_user:在远程主机以哪个用户的身份执行

sudo_user:非管理员用户有哪一些组成

task:任务列表（模块和参数组成）

install_nginx.yaml

- hosts: webservers
  remote_user: root
  
  tasks:
  - name: create a user
    user: name=nginx1 uid=3000
    ignore_errors: yes
  - name: install nginx
    yum: name=nginx state=present
  - name: start nginx service
    service: name=nginx state=started


这个是转换过来的。。
 [{	hosts: 'webservers',
 	remote_user: 'root',
 	tasks:
 		[{	name: 'create a user',
 			user: 'name=nginx1 uid=3000',
 			ignore_errors: 'yes'},
 		
 		{	name: 'install nginx',
 			yum: 'name=nginx state=present'},
 		
 		{	name: 'start nginx service',
 			service: 'name=nginx state=started'
 		}]

 }]

运行结果

检测playbook影响的主机及任务

ansible-playbook -C --list-hosts --list-tags --list-tasks useradd.yaml

测试结果

查看客户端

[root@localhost ~]# id nginx
uid=498(nginx) gid=498(nginx) groups=498(nginx)
[root@localhost ~]# netstat -nltup | grep '80'
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      15817/nginx         
tcp        0      0 :::80                       :::*                        LISTEN      15817/nginx
[root@localhost ~]# rpm -qa nginx
nginx-1.10.3-1.el6.x86_64

开启nginx

四、playbook核心组件

4.1 Taks

任务，由模块定义的操作的列表

4.2 Variables

当我们需要定制一些模版时，需要从外部传入变量来配置playbook

方法一

tasks内容

- hosts: webservers
  remote_user: root
  tasks: 
    - name: install {{pkgname}}
      yum: name={{pkgname}}
      tags: install {{pkgname}}
    
    - name: start {{pkgname}}
      service: name={{pkgname}} state=started enabled=true

测试

方法二

- hosts: webservers
  remote_user: root
  
  vars:
   - pkgname: nginx
  tasks: 
   - name: install {{pkgname}}
     yum: name={{pkgname}}
     tags: install {{pkgname}}
    
   - name: start {{pkgname}}
     service: name={{pkgname}} state=started enabled=true

测试结果

4.3 Templates

模版templates

当我们根据不同服务器来定制不能的配置文件时，需要借助于模版文件，模版文件的语法为jinja

nginx_jinjia.yaml

nginx_jinjia.yaml文件内容

---
- hosts: webservers
  
  vars: 
    worker_processes: 4
    num_cups: 4
    max_open_file: 65500
    root: /data/www
  remote_user: root
  tasks:
    - name: make sure nginx is at latest version
      yum: name=nginx state=latest
    - name: write the nginx config file
      template: src=/root/nginx.conf dest=/etc/nginx/nginx.conf
      notify:restart nginx
    - name: make sure nginx is running
      service: name=nginx state=started
  handlers:
    - name: restart nginx
      service: name=nginx state=restarted  

/root/nginx.conf文件

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes {{ worker_processes }};
{% if num_cups == 2 %}
worker_cpu_affinity 01 10;
{% else %}
worker_cpu_affinity 0001 0010 0100 1000;
{% endif %}
worker_rlimit_nofile {{ max_open_file }};
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;


# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections  1024;
}


http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.

    # include /etc/nginx/conf.d/*.conf;

    server {
        listen   80 default_server;
        listen   [::]:80 default_server;
        server_name _;
        root   /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }


}

渲染后的文件内容为

运行结果

执行完之后，客户端192.168.217.131的/etc/nginx/nginx.conf文件的内容发生了改变

4.4 Handlers

有特定条件触发的Tasks

触发器handlers

syn_nginx_conf.yaml

/tmp/nginx.conf文件内容

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections  1024;
}


http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

syn_nginx_conf.yaml文件内容

- hosts: webservers
  remote_user: root

  tasks:
    - name: copy config file
      copy: src=/tmp/nginx.conf dest=/etc/nginx/nginx.conf
      notify: reload nginx server
    - name: start nginx service
      service: name=nginx state=started
      
  handlers:
     - name: reload nginx service
       service: name=nginx started=restarted

测试结果

4.5 Roles

角色，以待定的层级目录结构进行组织的tasks，variables，handlers，templates，files（依赖的文件）

4.6 Tags

当有些任务我们需要单独执行或者跳过时，可以给任务打标签

syn_nginx_conf1.yaml 文件内容

- hosts: webservers
  remote_user: root

  tasks:
    - name: copy config file
      copy: src=/tmp/nginx.conf dest=/etc/nginx/nginx.conf
      tags: copyfile
      notify: reload nginx service
    - name: start nginx service
      service: name=nginx state=started

  handlers:
    - name: reload nginx service
      service: name=nginx state=restarted

测试结果

五、playbook执行命令

ansible-playbook YAML文件