awoyaoc 2020-03-27
电影剧本: 电影名 演员 场景 时间 事件 台词 Ansible剧本: 一系列的任务按照我们期望的结果编排在一起 playbook组成: hosts: 定义主机角色 tasks: 具体执行的任务 简单理解:不同的模块去完成一件事
举例: 夏总的阳光快乐时光
- 演员列表: 夏总 场景: - 场景1: 夏总去吃猪脚饭 台词: 老板,来一份猪脚饭,5个卤蛋不要饭 - 场景2: 夏总吃完了付钱 台词: 老板,你有听过深圳九纹龙吗?对,就是我 动作: 咬了根牙签,转身离去 - 需要执行的主机: nfs 任务: - 任务1: 创建用户 动作: 创建用户的命令 - 任务2: 创建目录 动作: 创建目录的命令
1.减少重复命令的书写:ansible backup -m 2.简洁清晰好理解 3.功能强大,可以控制流程,比如:判断,循环,变量,标签 4.可以复用 5.提供语法检查以及模拟执行
1.严格的缩进表示层级关系 2.不要使用tab缩进 3.: 后面一定要有空格 4.- 后面一定要有空格 5.文件后缀名需要改为yaml或yml,vim可以智能高亮提示
hosts: 需要执行的主机 tasks: 需要执行的任务 name: 任务名称
#1.创建www组和www用户 ansible backup -m group -a "name=www gid=666" ansible backup -m user -a "name=www uid=‘666‘ group=www create_home=no shell=/sbin/nologin" #2.创建数据目录并更改授权 ansible backup -m file -a "path=/data state=directory owner=www group=www mode=‘755‘" ansible backup -m file -a "path=/backup state=directory owner=www group=www mode=‘755‘" #3.安装rsync软件 ansible backup -m yum -a "name=rsync state=latest" #4.复制配置文件和密码文件 ansible backup -m copy -a "src=/root/script/rsync/rsyncd.conf dest=/etc/" ansible backup -m copy -a "src=/root/script/rsync/rsync.passwd dest=/etc/ mode=‘600‘" #6.启动服务 ansible backup -m systemd -a "name=rsyncd state=started enabled=yes"
- hosts: backup tasks: #1.创建www组和www用户 - name: create_group group: name: www gid: 666 #2.创建www用户 - name: create_user user: name: www uid: ‘666‘ group: www create_home: no shell: /sbin/nologin #3.创建数据目录并更改授权 - name: create_data file: path: /data state: directory owner: www group: www mode: ‘755‘ #4.安装rsync软件 - name: install_rsync yum: name: rsync state: latest #5.复制配置文件和密码文件 - name: copy_conf copy: src: /root/script/rsync/rsyncd.conf dest: /etc/ - name: copy_pwd copy: src: /root/script/rsync/rsync.passwd dest: /etc/ mode: 600 #6.启动服务 - name: start systemd: name: rsyncd state: started enabled: yes
ansible-playbook -C rsync_install.yaml
ansible-playbook rsync_install.yaml
https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html?highlight=loop
安装多个软件 创建多个目录 复制多个目录 复制多个文件到不同的目录 不同的文件权限不一样
- name: create_data file: path=/data state=directory owner=www group=www
需求: 创建2个目录/data和/backup
以前的写法:
- name: create_data file: path: /data state: directory owner: www group: www - name: create_data file: path: /backup state: directory owner: www group: www
循环实现:
- name: create_data file: path: "{{ item }}" state: directory owner: www group: www loop: - /data - /backup
- name: create_data file: path="{{ item }}" state=directory owner=www group=www loop: - /data - /backup
- hosts: backup tasks: - name: create_data file: path: "{{ item.path }}" state: directory owner: www group: www mode: "{{ item.mode }}" loop: - { path: ‘/data‘ , mode: ‘755‘ } - { path: ‘/backup‘, mode: ‘777‘ }
自定义某个变量,在任务中被多次引用 从主机收集到系统信息里提取某个变量,比如IP地址,主机名
- hosts: backup vars: user_id: ‘666‘ rsync_user: ‘www‘ tasks: #1.创建www组和www用户 - name: create_group group: name: "{{ rsync_user }}" gid: "{{ user_id }}" #2.创建www用户 - name: create_user user: name: "{{ rsync_user }}" uid: "{{ user_id }}" group: "{{ rsync_user }}" create_home: no shell: /sbin/nologin #3.创建数据目录并更改授权 - name: create_data file: path: "{{ item }}" state: directory owner: "{{ rsync_user }}" group: "{{ rsync_user }}" mode: ‘755‘ loop: - /data/ - /backup/ #4.安装rsync软件 - name: install_rsync yum: name: rsync state: latest #5.复制配置文件和密码文件 - name: copy pwd&conf copy: src: "{{ item.src }}" dest: /etc/ mode: "{{ item.mode }}" loop: - { src: /root/script/rsync/rsyncd.conf, mode: ‘644‘} - { src: /root/script/rsync/rsync.passwd, mode: ‘600‘} #6.启动服务 - name: start systemd: name: rsyncd state: started enabled: yes
- hosts: all tasks: - name: echo IP shell: "echo {{ ansible_default_ipv4.address }} >> /tmp/ip.txt" - name: echo hostname shell: "echo {{ ansible_hostname }} >> /tmp/hostname.txt"
主机清单
[ ~/ansible_script]# cat /etc/ansible/hosts [web] 172.16.1.7 [web:vars] service_name=web [nfs] 172.16.1.31 service_name=nfs [backup] 172.16.1.41 service_name=rsync [all:vars] job=it
引用变量
- hosts: all tasks: - name: echo IP shell: "echo {{ service_name }} >> /tmp/service.txt" - name: echo hostname shell: "echo {{ job }} >> /tmp/service.txt"
其他ansible内置变量 ansible_facts.eth0.ipv4.address ansible_facts.eth1.ipv4.address ansible_nodename 节点名字 ansible_form_factor 服务器类型 ansible_virtualization_role 虚拟机角色(宿主机或者虚拟机) ansible_virtualization_type 虚拟机类型(kvm) ansible_system_vendor 供应商(Dell) ansible_product_name 产品型号(PowerEdge R530) ansible_product_serial 序列号(sn) ansible_machine 计算机架构(x86_64) ansible_bios_version BIOS版本 ansible_system 操作系统类型(linux) ansible_os_family 操作系统家族(RedHat) ansible_distribution 操作系统发行版(CentOS) ansible_distribution_major_version 操作系统发行版主版本号(7) ansible_distribution_release 操作系统发行版代号(core) ansible_distribution_version 操作系统发行版本号(7.3.1611) ansible_architecture 体系(x86_64) ansible_kernel 操作系统内核版本号 ansible_userspace_architecture 用户模式体系(x86_64) ansible_userspace_bits 用户模式位数 ansible_pkg_mgr 软件包管理器 ansible_selinux.status selinux状态 #-------------------------------------------- ansible_processor CPU产品名称 ansible_processor_count CPU数量 ansible_processor_cores 单颗CPU核心数量 ansible_processor_threads_per_core 每个核心线程数量 ansible_processor_vcpus CPU核心总数 ansible_memtotal_mb 内存空间 ansible_swaptotal_mb 交换空间 ansible_fqdn 主机的域名 ansible_default_ipv4.interface 默认网卡 ansible_default_ipv4.address 默认IP地址 ansible_default_ipv4.gateway 默认网关 ********* json 格式 ******** ansible_devices 硬盘设备名 ansible_devices.vendor 硬盘供应商 ansible_devices.model 硬盘整列卡型号 ansible_devices.host 硬盘整列卡控制器 ansible_devices.size 设备存储空间 ********* json 格式 ******** ansible_interfaces 网卡 ansible_{interfaces}.ipv4.address 网卡IP地址 ansible_{interfaces}.ipv6.0.address 网卡IPv6地址 ansible_{interfaces}.macaddress 网卡mac地址
调试,回显命令执行的内容 把状态保存成变量,其他任务可以进行判断或引用
- hosts: all tasks: - name: echo IP shell: "echo {{ ansible_default_ipv4.address }} >> /tmp/ip.txt" - name: cat IP shell: "cat /tmp/ip.txt" register: ip_txt - debug: msg: "{{ ip_txt.stdout_lines }}"
- hosts: backup tasks: - name: copy_conf copy: src: /root/script/rsync/rsyncd.conf dest: /etc/ register: rsync_status - name: start systemd: name: rsyncd state: started enabled: yes - name: restart systemd: name: rsyncd state: restarted when: rsync_status.changed
https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html
场景: 判断所有机器/tmp/下有没有ip.txt的文件 如果有,打印出来内容并且格式为: 例如: web01 has ip.txt 内容为: 如果不存在: 输出内容:nfs is nofile
- hosts: all vars: path1: /tmp/ip tasks: - name: test1 shell: ‘cat {{path1}}‘ register: retval ignore_errors: true - name: test2 debug: msg: ‘{{ansible_hostname}} has {{path1}} , content is: {{retval.stdout}}‘ when: retval is success - name: test3 debug: msg: ‘{{path1}} is nofile‘ when: retval is failed
https://docs.ansible.com/ansible/latest/user_guide/playbooks_intro.html#handlers-running-operations-on-change
如果配置文件发生了变化,就重启服务 如果配置文件没发生变化,不重启
- hosts: backup tasks: - name: copy_conf copy: src: /root/script/rsync/rsyncd.conf dest: /etc/ notify: - restart rsyncd - name: start systemd: name: rsyncd state: started enabled: yes handlers: - name: restart rsyncd systemd: name: rsyncd state: restarted
handlers必须放在最后执行 notify里的服务名称必须和handlers里定义的一样
调试,选择性的执行任务
- hosts: nfs tasks: - name: 01-add group group: name=www gid=666 tags: 01-add-group - name: 02-add user user: name=www create_home=no shell=/sbin/nologin group=www uid=666 tags: 02-add-user - name: 03-install nfs service yum: name=nfs-utils state=latest tags: 03-install nfs service - name: 04-copy nfs exports copy: src=/service/scripts/exports dest=/etc/ tags: 04-copy-nfs-exports - name: 05-create data dir file: path=/data state=directory owner=www group=www tags: 05-create-data-dir - name: 06-create passwd conf copy: content=‘123‘ dest=/etc/rsync.passwd mode=600 tags: 06-create-passwd - name: 07-start rpcbind service: name=rpcbind state=started tags: 07-start-rpcbind - name: 08-start nfs service: name=nfs state=started tags: 08-start-nfs - name: 09-enable rpcbind systemd: name=rpcbind enabled=yes tags: 09-enable-rpcbind - name: 10-enable nfs systemd: name=nfs enabled=yes tags: 10-enable-nfs
ansible-playbook --list-tags rsync_install.yaml
ansible-playbook -t ‘03-install nfs service‘ rsync_install_tag.yaml
ansible-playbook -t 01-add-group,02-add-user,05-create-data-dir rsync_install_tag.yaml
ansible-playbook --skip-tags 01-add-group rsync_install_tag.yaml
ansible-playbook --skip-tags 01-add-group,02-add-user,04-copy-nfs-exports rsync_install_tag.yaml
从某个任务开始往下依次执行
ansible-playbook --list-tasks rsync_install_tag.yaml
ansible-playbook --start-at-task ‘05-create data dir‘ rsync_install_tag.yaml
ansible-playbook --syntax-check rsync_install_tag.yaml
ansible-playbook --list-hosts rsync_install_tag.yaml
ansible-playbook --list-tasks rsync_install_tag.yaml
ansible-playbook -C rsync_install_tag.yaml
ansible-playbook rsync_install_tag.yaml