一、Playbook剧本简介
常用于复杂任务的管理,以及管理经常要完成的任务
playbook也是通过模块和它的参数,在被控主机上执行任务,类似远程操作别的主机执行脚本
playbook是一个文件,该文件中需要通过yaml格式进行书写
1.1.yaml语法规范
1.键值对使用冒号:表示,冒号后面必须有空格。 1 : 2
2.数组使用 - 表示,- 后面必须有空格。
3.相同的层级必须有相同的缩进。如果缩进不对,则有语法错误。每一级缩进,建议2个空格。
4.全文不能使用tab,必须使用空格。
1.2yaml语法结构
# 文件位置和名字是固定的,用于设置vim的格式
[root@control ansible]# vim ~/.vimrc #固定路径与名称
set ai # 设置自动缩进
set ts=2 # 设置按tab,缩进2个空格
set et # 将tab转换成相应个数的空格
二、剧本案例
2.1ping案例
[root@control ansible]# vim test.yml
---
- hosts: all
tasks:
- ping:
# 编写用于测试连通性的playbook,相当于执行ansible all -m ping
[root@node1 ansible]# ansible-playbook test.yml
PLAY [all] ******************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************
[WARNING]: Platform linux on host node1 is using the discovered Python interpreter at /usr/bin/python3.7, but future installation of another Python
interpreter could change this. See https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html for more information.
ok: [node1]
TASK [ping] *****************************************************************************************************************************************
ok: [node1]
PLAY RECAP ******************************************************************************************************************************************
node1 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2.2创建file文件/目录案例
[root@control ansible]# vim fileop.yml
---
- name: create dir and copy file
hosts: test,node2 # 这里的名称,必须出现在主机清单文件中
tasks:
- name: create dir
file:
path: /tmp/demo
state: directory
mode: '0755'
- name: copy file
copy:
src: /etc/hosts
dest: /tmp/demo/hosts
2.3插入文本内容,并创建文件
在node2主机上,创建/tmp/hi.txt,其内容为Hello World.
[root@control ansible]# vim helloword.yml
---
- name: create file
hosts: test
tasks:
- name: make file
copy:
content: "Hello World"
dest: /tmp/hi.txt
2.4分段文本内容
| 和 > 的区别:| 它保留换行符,> 把多行合并为一行
# 通过copy模块创建/tmp/1.txt,文件中有两行内容,分别是Hello World和ni hao
[root@control ansible]# vim f1.yml
---
- name: play 1
hosts: test
tasks:
- name: mkfile 1.txt
copy:
dest: /tmp/1.txt
content: |
Hello World!
ni hao.
[root@control ansible]# ansible-playbook f1.yml
[root@node1 ~]# cat /tmp/1.txt # 查看结果
Hello World!
ni hao.
# 通过copy模块创建/tmp/2.txt,文件中有一行内容,分别是Hello World! ni hao
2.5创建用户
# 在test组中的主机上,创建用户bob,附加组是adm;
[root@control ansible]# vim two.yml
---
- name: create user
hosts: test
tasks:
- name: create bob
user:
name: bob
groups: adm
[root@control ansible]# ansible-playbook two.yml
# 在test组中的主机上创建john用户,它的uid是1040,主组是daemon,密码为123
[root@control ansible]# vim user_john.yml
---
- name: create user
hosts: test
tasks:
- name: create user john
user:
name: john
uid: 1040
group: daemon
password: "{{'123'|password_hash('sha512')}}" #sha512进行加密
[root@control ansible]# ansible-playbook user_john.yml
# 在test组中的主机上删除用户john
[root@control ansible]# vim del_john.yml
---
- name: delete user
hosts: test
tasks:
- name: delete user john
user:
name: john
state: absent
[root@control ansible]# ansible-playbook del_john.yml
2.6硬盘管理
常用的分区表类型有:MBR(主引导记录)、GPT(GUID分区表)
MBR最多支持4个主分区,或3个主分区加1个扩展分区。最大支持2.2TB左右的硬盘
GPT最多支持128个主分区。支持大硬盘
parted 模块
用于硬盘分区管理
常用选项:
device:待分区的设备
number:分区编号
state:present表示创建,absent表示删除
part_start:分区的起始位置,不写表示从开头
part_end:表示分区的结束位置,不写表示到结尾
# 在test组中的主机上,对/dev/vdc进行分区,创建1个1GB的主分区
[root@control ansible]# vim disk.yml
---
- name: disk manage
hosts: test
tasks:
- name: create a partition
parted:
device: /dev/vdc
number: 1
state: present
part_end: 1GiB #GiB为1024进制,GB为1000进制
[root@control ansible]# ansible-playbook disk.yml
# 在目标主机上查看结果
[root@node1 ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
.. ...
vdc 253:32 0 20G 0 disk
`-vdc1 253:33 0 1023M 0 part
#对/dev/vdc进行分区,创建1个新的5GB的主分区,
#创建名为my_vg的卷组,它由上面创建的vdc1和vdc2构成
#在my_vg卷组上创建名为my_lv的逻辑卷,大小1G
#格式化my_lv为ext4,将my_lv挂载到/data
[root@control ansible]# vim disk.yml
---
- name: disk manage
hosts: test
tasks:
- name: create a partition
parted:
device: /dev/vdc
number: 1
state: present
part_end: 1GiB
- name: add a new partition
parted:
device: /dev/vdc
number: 2
state: present
part_start: 1GiB
part_end: 6GiB
- name: create my_vg
lvg:
vg: my_vg
pvs: /dev/vdc1,/dev/vdc2
- name: create my_lv
lvol:
vg: my_vg
lv: my_lv
size: 1G
- name: mkfs my_lv
filesystem:
dev: /dev/my_vg/my_lv
fstype: ext4
- name: mount my_lv
mount:
path: /data
src: /dev/my_vg/my_lv
fstype: ext4
state: mounted
2.7yum模块
2.7.1安装软件包
# 在test组中的主机上,安装httpd、php、php-mysqlnd
[root@control ansible]# vim pkg.yml
---
- name: install pkgs
hosts: test
tasks:
- name: install web pkgs # 此任务通过yum安装三个包
yum:
name: httpd,php,php-mysqlnd
state: present
还有其他2种写法
# 安装多个软件包,还可以写为:
---
- name: install pkgs
hosts: test
tasks:
- name: install web pkgs
yum:
name: [httpd,php,php-mysqlnd]
state: present
# 安装多个软件包,还可以写为:
---
- name: install pkgs
hosts: test
tasks:
- name: install web pkgs
yum:
name:
- httpd
- php
- php-mysqlnd
state: present
2.7.2yum升级update
# 编辑pkg.yml,在test组中的主机上升级所有的包到最新版本
[root@control ansible]# yum update
---
- name: install pkgs
hosts: test
tasks:
- name: install web pkgs
yum:
name:
- httpd
- php
- php-mysqlnd
state: present
- name: install dev group
yum:
name: "@Development Tools"
state: present
- name: update system # 相当于yum update命令
yum:
name: "*" # 表示系统已经安装的所有包
state: latest
[root@control ansible]# ansible-playbook pkg.yml
2.8启动服务
---
- name: Start service httpd, if not started #启动服务
service:
name: httpd
state: started
- name: Stop service httpd, if started #关闭服务
service:
name: httpd
state: stopped
- name: Restart service httpd, in all cases #重启服务
service:
name: httpd
state: restarted
- name: Reload service httpd, in all cases #更新服务
service:
name: httpd
state: reloaded
2.9防火墙
用于配置防火墙的模块
常用选项:
port:声明端口
permanent:永久生效,但不会立即生效
immediate:立即生效,临时生效
state:enabled放行;disabled拒绝
防火墙一般默认拒绝,明确写入允许的服务。
有一些服务有名字,有些服务没有名字。但是最终都是基于TCP或UDP的某些端口。
比如http服务基于TCP80端口。服务名和端口号对应关系的说明文件是:/etc/services
配置服务器的防火墙,一般来说只要配置开放哪些服务或端口即可。没有明确开放的,都默认拒绝。
[root@control ansible]# vim firewall.yml
---
- name: configure test
hosts: test
tasks:
- name: install httpd pkg # 这里通过yum模块装httpd
yum:
name: httpd
state: present
- name: start httpd service # 这里通过service模块启httpd服务
service:
name: httpd
state: started
enabled: yes
[root@control ansible]# ansible-playbook firewall.yml
[root@control ansible]# curl http://192.168.88.11/ # 可访问
# 安装并启动firewalld
[root@control ansible]# vim firewall.yml
---
- name: configure test
hosts: test
tasks:
- name: start firewalld service # 这里通过service模块启firewalld服务
service:
name: firewalld
state: started
enabled: yes
[root@control ansible]# ansible-playbook firewall.yml
[root@control ansible]# curl http://192.168.88.11/ # 被拒绝
curl: (7) Failed to connect to 192.168.88.11 port 80: 没有到主机的路由
# 配置防火墙规则,放行http协议
[root@control ansible]# vim firewall.yml
---
- name: configure test
hosts: test
tasks:
- name: set firewalld rules # 通过firewalld模块开放80端口
firewalld:
port: 80/tcp
permanent: yes
immediate: yes
state: enabled
[root@control ansible]# ansible-playbook firewall.yml
[root@control ansible]# curl http://192.168.88.11/ # 可访问
三、进阶语法
3.1错误处理 ignore_errors
场景1:(局部忽略错误)
当Playbook中包含很多任务时,当某一个任务遇到错误,它将崩溃,终止执行
# 在test组中的主机上启动mysqld服务,然后创建/tmp/service.txt
# 因为目标主机上没有mysqld服务,所以它将崩溃,终止执行。即,不会创建/tmp/service.txt文件
[root@control ansible]# vim myerr.yml # 编辑myerr.yml,如果myslqd服务无法启动,则忽略它
---
- name: my errors
hosts: test
tasks:
- name: start mysqld service
service:
name: mysqld
state: started
enabled: yes
ignore_errors: yes # 即使这个任务失败了,也要继续执行下去
- name: touch a file
file:
path: /tmp/service.txt
state: touch
场景2:(全局忽略错误)
通过全局设置,无论哪个任务出现问题,都要忽略错误
[root@control ansible]# vim myerr.yml
---
- name: my errors
hosts: test
ignore_errors: yes
tasks:
- name: start mysqld service
service:
name: mysqld
state: started
enabled: yes
- name: touch a file
file:
path: /tmp/mysql.txt
state: touch
3.2触发执行任务 handlers
通过handlers定义触发执行的任务
在tasks中定义的任务,通过notify关键通知handlers中的哪个任务要执行
只有tasks中的任务状态是changed才会进行通知,类似条件语句,若是则执行,若否则不执行以下语句。
场景1:我部署的服务httpd,我更改了配置文件则handlers提醒要重启动服务,
若配置文件无变化,则不重启。
# 下载被控端的node1上的/etc/httpd/conf/httpd.conf到我本地上
[root@control ansible]# vim get_conf.yml
---
- name: download httpd.conf
hosts: test
tasks:
- name: get httpd.conf
fetch:
src: /etc/httpd/conf/httpd.conf
dest: ./
flat: yes # 直接下载文件,不要目录
[root@control ansible]vim +45 httpd.conf
... ...
Listen {{http_port}}
... ...
# 修改httpd服务的端口为8000,重启httpd
[root@control ansible]# vim trigger.yml
---
- name: configure httpd
hosts: test
vars:
http_port: "80"
tasks:
- name: upload httpd.conf
template:
src: ./httpd.conf
dest: /etc/httpd/conf/httpd.conf
notify: restart httpd # 通知restart httpd需要执行
handlers:
- name: restart httpd
service:
name: httpd
state: restarted
[root@control ansible]# ansible-playbook trigger.yml
#第一次运行Playbook,因为第1个任务是黄色的changed,所以handlers中的任务也被触发执行
[root@control ansible]# ansible-playbook trigger.yml
# 第二次运行Playbook,因为第1个任务是绿色的OK(配置文件无变化为绿色),不再触发执行其他任务
3.3 when条件
只有满足某一条件时,才执行任务
常用的操作符:
==:相等 !=:不等
>:大于 <:小于
<=:小于等于 >=:大于等于
多个条件或以使用and或or进行连接
# 当test组中的主机内存大于2G的时候,才安装mariadb-server
[root@control ansible]# vim when1.yml
---
- name: install mariadb
hosts: test
tasks:
- name: install mariadb pkg
yum:
name: mariadb-server
state: present
when: ansible_memtotal_mb>2048
[root@control ansible]# ansible-playbook when1.yml
# 如果目标主机没有2GB内存,则不会安装mariadb-server
################多条件--
#操作系统是 CentOS 且版本是 8.5,或操作系统是 CentOS 且版本是 7.x
[root@control ansible]# vim when2.yml
---
- name: Simple Playbook with Conditional Tasks
hosts: all
tasks:
- name: Gather facts
ansible.builtin.setup:
- name: Task A - For CentOS 8.5
debug:
msg: "This task is running on CentOS 8.5."
when: ansible_facts['distribution'] == 'CentOS' and ansible_facts['distribution_version'].startswith('8.5')
- name: Task B - For other operating systems
debug:
msg: "This task is running on a different OS than CentOS 8.5."
when: not (ansible_facts['distribution'] == 'CentOS' and ansible_facts['distribution_version'].startswith('8.5'))
3.4 任务块block
可以通过block关键字,将多个任务组合到一起
可以将整个block任务组,一起控制是否要执行
# 如果test组中的主机系统发行版是RedHat,则安装并启动httpd
[root@control ansible]# vim block1.yml
---
- name: block tasks
hosts: test
tasks:
- name: define a group of tasks
block:
- name: install httpd # 通过yum安装httpd
yum:
name: httpd
state: present
- name: start httpd # 通过service启动httpd服务
service:
name: httpd
state: started
enabled: yes
when: ansible_distribution=="RedHat" # 条件为真才会执行上面的任务
[root@control ansible]# ansible-playbook block1.yml
3.5 任务块rescue和always
block和rescue、always联合使用:
block中的任务都成功,rescue中的任务不执行
block中的任务出现失败(failed),rescue中的任务执行
block中的任务不管怎么样,always中的任务总是执行
[root@control ansible]# vim block2.yml
---
- name: block test
hosts: test
tasks:
- name: block / rescue / always test1
block:
- name: touch a file
file:
path: /tmp/test1.txt
state: touch
rescue:
- name: touch file test2.txt
file:
path: /tmp/test2.txt
state: touch
always:
- name: touch file test3.txt
file:
path: /tmp/test3.txt
state: touch
# 执行playbook node1上将会出现/tmp/test1.txt和/tmp/test3.txt
[root@control ansible]# ansible-playbook block2.yml
[root@node1 ~]# ls /tmp/test*.txt
/tmp/test1.txt /tmp/test3.txt
# 修改上面的playbook,使block任务出错
[root@node1 ~]# rm -f /tmp/test*.txt
[root@control ansible]# vim block2.yml
---
- name: block test
hosts: test
tasks:
- name: block / rescue / always test1
block:
- name: touch a file
file:
path: /tmp/abcd/test11.txt
state: touch
rescue:
- name: touch file test22.txt
file:
path: /tmp/test22.txt
state: touch
always:
- name: touch file test33.txt
file:
path: /tmp/test33.txt
state: touch
# 因node1没/tmp/abcd目录,所以block任务失败。转而执行rescue中的任务。always中的任务总是执行
[root@control ansible]# ansible-playbook block2.yml
[root@node1 ~]# ls /tmp/test*.txt
/tmp/test22.txt /tmp/test33.txt
3.6 loop 循环
相当于shell中for循环
ansible中循环用到的变量名是固定的,叫 item
# 在test组中的主机上创建5个目录/tmp/{aaa,bbb,ccc,ddd,eee}
[root@control ansible]# vim loop1.yml
---
- name: use loop
hosts: test
tasks:
- name: create directory
file:
path: /tmp/{{item}} //固定结构
state: directory
loop: [aaa,bbb,ccc,ddd,eee] //传参给上面item
# 上面写法,也可改为:
---
- name: use loop
hosts: test
tasks:
- name: create directory
file:
path: /tmp/{{item}}
state: directory
loop:
- aaa
- bbb
- ccc
- ddd
- eee
[root@control ansible]# ansible-playbook loop1.yml
# 使用复杂变量。创建zhangsan用户,密码是123;创建lisi用户,密码是456
# item是固定的,用于表示循环中的变量
# 循环时,loop中每个-后面的内容作为一个整体赋值给item。
# loop中{}中的内容是自己定义的,写法为key:val
# 取值时使用句点表示。如下例中取出用户名就是{{item.uname}}
[root@control ansible]# vim loop_user.yml
---
- name: create users
hosts: test
tasks:
- name: create multiple users
user:
name: "{{item.uname}}"
password: "{{item.upass|password_hash('sha512')}}"
loop:
- {"uname": "zhangsan", "upass": "123"}
- {"uname": "lisi", "upass": "456"}
[root@control ansible]# ansible-playbook loop_user.yml
3.7 role角色
为了实现playbook重用,可以使用role角色
角色role相当于把任务打散,放到不同的目录中
再把一些固定的值,如用户名、软件包、服务等,用变量来表示
role角色定义好之后,可以在其他playbook中直接调用
# 使用常规playbook,修改/etc/motd的内容
# 1. 修改默认配置
[root@control ansible]# vim ansible.cfg
[defaults]
inventory = hosts
# 2. 创建motd模板文件
[root@control ansible]# vim motd.j2
Hostname: {{ansible_hostname}} # facts变量,主机名
Date: {{ansible_date_time.date}} # facts变量,日期
Contact to: {{admin}} # 自定义变量
# 3. 编写playbook
[root@control ansible]# vim motd.yml
---
- name: modifty /etc/motd
hosts: test
vars:
admin: root@tedu.cn # 自定义名为admin的变量
tasks:
- name: modify motd
template:
src: motd.j2
dest: /etc/motd
[root@control ansible]# ansible-playbook motd.yml
[root@node1 ~]# cat /etc/motd
Hostname: node1
Date: 2021-11-01
Contact to: root@tedu.cn
# 创建角色
# 1. 声明角色存放的位置
[root@control ansible]# vim ansible.cfg
[defaults]
inventory = hosts
roles_path = roles # 定义角色存在当前目录的roles子目录中
# 2. 创建角色目录
[root@control ansible]# mkdir roles
# 3. 创建名为motd的角色
[root@control ansible]# ansible-galaxy init roles/motd
[root@control ansible]# ls roles/
motd # 生成了motd角色目录
[root@control ansible]# yum install -y tree
[root@control ansible]# tree roles/motd/
roles/motd/
├── defaults # 定义变量的目录,优先级低
│ └── main.yml
├── files # 保存上传的文件(如copy模块用到的文件)
├── handlers # handlers任务写到这个目录的main.yml中
│ └── main.yml
├── meta # 原数据
│ └── main.yml
├── README.md # 保存角色如何使用之类的说明
├── tasks # 保存任务
│ └── main.yml
├── templates # 保存template模块上传的模板文件
├── tests # 保存测试用的playbook。可选
│ ├── inventory
│ └── test.yml
└── vars # 定义变量的位置,推荐使用的位置
└── main.yml
# 4. 将不同的内容分别写到对应目录的main.yml中
# 4.1 创建motd.j2模板文件
[root@control ansible]# vim roles/motd/templates/motd.j2
Hostname: {{ansible_hostname}}
Date: {{ansible_date_time.date}}
Contact to: {{admin}}
# 4.2 创建变量
[root@control ansible]# vim roles/motd/vars/main.yml # 追加一行
admin: zzg@tedu.cn
# 4.3 创建任务
[root@control ansible]# vim roles/motd/tasks/main.yml # 追加
- name: modify motd
template:
src: motd.j2 # 这里的文件,自动到templates目录下查找
dest: /etc/motd
# 5. 创建playbook,调用motd角色
[root@control ansible]# vim role_motd.yml
---
- name: modify motd with role
hosts: test
roles:
- motd
# 6. 执行playbook
[root@control ansible]# ansible-playbook role_motd.yml
ansible的公共角色仓库:https://galaxy.ansible.com/
# 在公共仓库中搜索与httpd相关的角色
[root@zzgrhel8 ~]# ansible-galaxy search httpd
# 如果找到相应的角色,如名字为myhttpd,可以下载它到roles目录
[root@zzgrhel8 ~]# ansible-galaxy install myhttpd -p roles/
3.8 ansible-vault加解密文件
ansible加解密文件使用ansible-vault命令
[root@control ansible]# echo "Hi ni hao" > hello.txt
[root@control ansible]# cat hello.txt
Hi ni hao
# 加密文件
[root@control ansible]# ansible-vault encrypt hello.txt
New Vault password: 123456
Confirm New Vault password: 123456
Encryption successful
[root@control ansible]# cat hello.txt
$ANSIBLE_VAULT;1.1;AES256
37373366353566346235613731396566646533393361386131313632306563633336333963373465
6164323461356130303863633964393339363738653036310a666564313832316263393061616330
32373133323162353864316435366439386266616661373936363563373634356365326637336165
6336636230366564650a383239636230623633356565623461326431393634656666306330663533
# 解密
[root@control ansible]# ansible-vault decrypt hello.txt
Vault password: 123456
Decryption successful
[root@control ansible]# cat hello.txt
Hi ni hao
# 加密后更改密码
[root@control ansible]# ansible-vault rekey hello.txt # 改密码
Vault password: 123456 # 旧密码
New Vault password: abcd # 新密码
Confirm New Vault password: abcd
Rekey successful
# 不解密文件,查看内容
[root@control ansible]# ansible-vault view hello.txt
Vault password: abcd
Hi ni hao
# 使用密码文件进行加解密
# 1. 将密码写入文件
[root@control ansible]# echo 'tedu.cn' > pass.txt
# 2. 创建明文文件
[root@control ansible]# echo 'hello world' > data.txt
# 3. 使用pass.txt中的内容作为密码加密文件加密data
[root@control ansible]# ansible-vault encrypt --vault-id=pass.txt data.txt
Encryption successful
[root@control ansible]# cat data.txt # 文件已加密
# 4. 使用pass.txt中的内容作为密码解密文件解密data
[root@control ansible]# ansible-vault decrypt --vault-id=pass.txt data.txt
Decryption successful
[root@control ansible]# cat data.txt
hello world
四、参考的一些剧本playbook
4.1 yum源自动化:
由于我这个版本是centos7.9,具体可以更改下url路径
[root@master ansible]# vi yum_repo.yml
---
- name: Configure YUM Repository
hosts: test
become: yes
tasks:
- name: Check if Aliyun YUM repo is already configured
stat:
path: /etc/yum.repos.d/CentOS-Base.repo
register: repo_stat
- name: Backup current YUM repository configuration if exists
when: repo_stat.stat.exists
shell: mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
ignore_errors: yes
- name: Download Aliyun YUM repository configuration if not already configured
when: not repo_stat.stat.exists
get_url:
url: https://mirrors.aliyun.com/repo/Centos-7.repo
dest: /etc/yum.repos.d/CentOS-Base.repo
- name: Clean YUM cache
command: yum clean all
- name: Update YUM cache
command: yum makecache
[root@master ansible]# ansible-playbook yum_repo.yml
centos8.5
[root@master ansible]# vi yum_repo.yml
---
- name: Configure YUM Repository for CentOS 8.5
hosts: your_target_hosts
become: yes
tasks:
- name: Check if Aliyun YUM repo is already configured
stat:
path: /etc/yum.repos.d/CentOS-Base.repo
register: repo_stat
- name: Backup current YUM repository configuration if exists
when: repo_stat.stat.exists
shell: mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
ignore_errors: yes
- name: Download Aliyun YUM repository configuration if not already configured
when: not repo_stat.stat.exists
get_url:
url: https://mirrors.aliyun.com/repo/Centos-8.repo
dest: /etc/yum.repos.d/CentOS-Base.repo
- name: Clean DNF cache
command: dnf clean all
- name: Update DNF cache
command: dnf makecache
4.2 docker安装:
[root@master ansible]# vim installl_docker.yml
---
- name: Install Docker CE and configure Aliyun mirror
hosts: test
become: yes
tasks:
- name: Install required packages
yum:
name:
- yum-utils
- device-mapper-persistent-data
- lvm2
state: present
- name: Add Docker CE repository
command: >
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
args:
creates: /etc/yum.repos.d/docker-ce.repo
- name: Install Docker CE
yum:
name: docker-ce
state: latest
- name: Start and enable Docker service
systemd:
name: docker
state: started
enabled: yes
- name: Create Docker daemon directory if not exists
file:
path: /etc/docker
state: directory
- name: Configure Docker to use Aliyun mirror
copy:
dest: /etc/docker/daemon.json
content: |
{
"registry-mirrors": ["https://gujctxms.mirror.aliyuncs.com"]
}
notify: Restart Docker
[root@master ansible]# ansible-playbook installl_docker.yml