Ansible 概述
Ansbile是一种IT自动化工具。它能够配置零碎,部署软件以及协调更高级的IT工作,列如继续部署,滚动更新。
Ansible 实用于治理企业IT基础设施,从具备多数主机的小规模到数千个实例的企业环境。Ansible 也是一种简略的自动化语言,能够完满地形容IT应用程序根底构造。
具备以下三个特点:
- 简略:缩小学习老本
- 弱小:协调应用程序生命周期
- 无代理:可预测,牢靠和平安
应用文档:https://releases.ansible.com/...
装置 Ansible:
[root@ops ~]# yum install epel-release[root@ops ~]# yum install ansible -y- Inventory:Ansible治理的主机信息,包含IP地址、SSH端口、账号、明码等
- Modules:工作均有模块实现,也能够自定义模块,例如常常用的脚本。
- Plugins:应用插件减少Ansible外围性能,本身提供了很多插件,也能够自定义插件。例如connection插件,用于连贯指标主机。
- Playbooks:“剧本”,模块化定义一系列工作,供内部对立调用。Ansible外围性能。
主机清单
[root@ops ~]# cat /etc/ansible/hosts [webservers]192.168.1.101192.168.1.102192.168.1.103命令行应用
连贯近程主机认证
SSH明码认证:
[root@ops ~]# cat /etc/ansible/hosts [webservers]192.168.1.101 ansible_ssh_user=root ansible_ssh_pass=’Admin@1234’192.168.1.102 ansible_ssh_user=root ansible_ssh_pass=’Admin@1234’192.168.1.103 ansible_ssh_user=root ansible_ssh_pass=’Admin@1234’SSH密钥对认证:
[root@ops ~]# cat /etc/ansible/hosts [webservers]192.168.1.101 ansible_ssh_user=root ansible_ssh_key=/root/.ssh/id_rsa 192.168.1.102 ansible_ssh_user=root ’192.168.1.103 ansible_ssh_user=root 也能够在配置文件中指定:[defaults]private_key_file = /root/.ssh/id_rsa # 默认门路罕用选项
| 选项 | 形容 |
|---|---|
| -C, --check | 运行查看,不执行任何操作 |
| -e EXTRA_VARS,--extra-vars=EXTRA_VARS | 设置附加变量 key=value |
| -u REMOTE_USER, --user=REMOTE_USER | SSH连贯用户,默认None |
| -k, --ask-pass | SSH连贯用户明码 |
| -b, --become | 提权,默认root |
| -K, --ask-become-pass | 提权明码 |
命令行应用
[root@ops ~]# ansible all -m ping192.168.1.102 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong"}192.168.1.103 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong"}192.168.1.101 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong"}[root@ops ~]# ansible all -m shell -a "ls /root" -u root -kSSH password: 192.168.1.102 | CHANGED | rc=0 >>etcd-v3.4.13-linux-amd64etcd-v3.4.13-linux-amd64.tar.gz192.168.1.101 | CHANGED | rc=0 >>ca.cercfssl-certinfo_linux-amd64cfssljson_linux-amd64cfssl_linux-amd64components.yamlconfig.yamlistio-1.11.4istio-1.11.4-linux-amd64.tar.gztransit.nolpay.ae.cer192.168.1.103 | CHANGED | rc=0 >>罕用模块
ansible-doc –l 查看所有模块
ansible-doc –s copy 查看模块文档
shell
在指标主机执行shell命令
[root@ops ~]# ansible all -m shell -a "chdir='/var/log/' ls -l | grep log" 192.168.1.102 | CHANGED | rc=0 >>-rw-------. 1 root root 0 Nov 4 03:17 boot.log-rw-------. 1 root root 9219 Nov 4 03:17 boot.log-20211104-rw-r--r--. 1 root root 292000 Nov 24 10:59 lastlog-rw-------. 1 root root 0 Nov 21 03:16 maillog-rw-------. 1 root root 198 Mar 31 2021 maillog-20211107-rw-------. 1 root root 0 Nov 7 03:43 maillog-20211114-rw-------. 1 root root 0 Nov 14 03:32 maillog-20211121-rw-------. 1 root root 0 Mar 31 2021 tallylog-rw-------. 1 root root 4480 Nov 4 14:21 yum.log192.168.1.103 | CHANGED | rc=0 >>-rw-------. 1 root root 0 Nov 5 03:45 boot.log-rw-------. 1 root root 9305 Nov 4 03:14 boot.log-20211104-rw------- 1 root root 8383 Nov 5 03:45 boot.log-20211105-rw-r--r--. 1 root root 292000 Nov 24 10:59 lastlog-rw------- 1 root root 0 Nov 21 03:40 maillog-rw-------. 1 root root 424 Nov 4 14:27 maillog-20211107-rw------- 1 root root 0 Nov 7 03:21 maillog-20211114-rw------- 1 root root 0 Nov 14 03:49 maillog-20211121-rw-------. 1 root root 0 Mar 31 2021 tallylog-rw-------. 1 root root 4480 Nov 4 14:21 yum.log192.168.1.101 | CHANGED | rc=0 >>-rw-------. 1 root root 0 Nov 5 03:12 boot.log-rw-------. 1 root root 9241 Nov 4 03:08 boot.log-20211104-rw------- 1 root root 8294 Nov 5 03:12 boot.log-20211105-rw-r--r--. 1 root root 292000 Nov 24 10:59 lastlog-rw------- 1 root root 0 Nov 21 03:43 maillog-rw-------. 1 root root 424 Nov 4 15:41 maillog-20211107-rw------- 1 root root 0 Nov 7 03:31 maillog-20211114-rw------- 1 root root 0 Nov 14 03:25 maillog-20211121-rw-------. 1 root root 0 Mar 31 2021 tallylog-rw-------. 1 root root 7792 Nov 4 14:43 yum.log参数阐明:
- chdir参数 : 此参数的作用就是指定一个目录,在执行对应的命令之前,会先进入到 chdir 参数指定的目录中
- executable参数:默认状况下,shell 模块会调用近程主机中的 /bin/sh 去执行对应的命令,通常状况下,近程主机中的默认 shell 都是 bash。如果你想要应用其余类型的 shell 执行命令,则能够应用此参数指定某种类型的 shell 去执行对应的命令。指定 shell 文件时,须要应用绝对路径
- removes参数 :应用此参数指定一个文件,当指定的文件不存在时,就不执行对应命令
- creates参数 :应用此参数指定一个文件,当指定的文件存在时,就不执行对应命令
- free_form参数 :必须参数,指定须要近程执行的命令,然而并没有具体的一个参数名叫
free_form,
copy
将文件复制到近程主机
[root@ops ~]# ansible all -m copy -a "src=ArmsAgent.tar.gz dest=/tmp/"192.168.1.103 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "0b0fed4f40a4bf83fe174309e17273cdeedb9c2e", "dest": "/tmp/ArmsAgent.tar.gz", "gid": 0, "group": "root", "md5sum": "08dcb6dbe63eeeb42628dfe9cc14e4e9", "mode": "0644", "owner": "root", "size": 46325347, "src": "/root/.ansible/tmp/ansible-tmp-1637724228.32-26808-199044113552898/source", "state": "file", "uid": 0}192.168.1.102 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "0b0fed4f40a4bf83fe174309e17273cdeedb9c2e", "dest": "/tmp/ArmsAgent.tar.gz", "gid": 0, "group": "root", "md5sum": "08dcb6dbe63eeeb42628dfe9cc14e4e9", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 46325347, "src": "/root/.ansible/tmp/ansible-tmp-1637724228.61-26806-205389838720285/source", "state": "file", "uid": 0}192.168.1.101 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "0b0fed4f40a4bf83fe174309e17273cdeedb9c2e", "dest": "/tmp/ArmsAgent.tar.gz", "gid": 0, "group": "root", "md5sum": "08dcb6dbe63eeeb42628dfe9cc14e4e9", "mode": "0644", "owner": "root", "size": 46325347, "src": "/root/.ansible/tmp/ansible-tmp-1637724228.5-26804-266077367101765/source", "state": "file", "uid": 0}[root@ops ~]# ansible all -m copy -a "src=ArmsAgent.tar.gz dest=/tmp/ owner=root group=root mode=777"192.168.1.102 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "0b0fed4f40a4bf83fe174309e17273cdeedb9c2e", "dest": "/tmp/ArmsAgent.tar.gz", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/ArmsAgent.tar.gz", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 46325347, "state": "file", "uid": 0}192.168.1.103 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "0b0fed4f40a4bf83fe174309e17273cdeedb9c2e", "dest": "/tmp/ArmsAgent.tar.gz", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/ArmsAgent.tar.gz", "size": 46325347, "state": "file", "uid": 0}192.168.1.101 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "checksum": "0b0fed4f40a4bf83fe174309e17273cdeedb9c2e", "dest": "/tmp/ArmsAgent.tar.gz", "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/ArmsAgent.tar.gz", "size": 46325347, "state": "file", "uid": 0}参数阐明:
- src参数 :用于指定须要copy的文件或目录
- dest参数 :用于指定文件将被拷贝到近程主机的哪个目录中,dest为必须参数
- content参数 :当不应用src指定拷贝的文件时,能够应用content间接指定文件内容,src与content两个参数必有其一,否则会报错
- force参数 : 当近程主机的指标门路中曾经存在同名文件,并且与ansible主机中的文件内容不同时,是否强制笼罩,可选值有yes和no,默认值为yes,示意笼罩,如果设置为no,则不会执行笼罩拷贝操作,近程主机中的文件放弃不变
- backup参数 : 当近程主机的指标门路中曾经存在同名文件,并且与ansible主机中的文件内容不同时,是否对近程主机的文件进行备份,可选值有yes和no,当设置为yes时,会先备份近程主机中的文件,而后再将ansible主机中的文件拷贝到近程主机
- owner参数 : 指定文件拷贝到近程主机后的属主,然而近程主机上必须有对应的用户,否则会报错
- group参数 : 指定文件拷贝到近程主机后的属组,然而近程主机上必须有对应的组,否则会报错
- mode参数 : 指定文件拷贝到近程主机后的权限,如果你想将权限设置为”
rw-r--r--“,则能够应用mode=0644示意,如果你想要在user对应的权限位上增加执行权限,则能够应用mode=u+x示意
file
管理文件和文件属性
# 创立文件[root@ops ~]# ansible all -m file -a "path=/tmp/kubesre state=touch"192.168.1.103 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp/kubesre", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0}192.168.1.102 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp/kubesre", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 0, "state": "file", "uid": 0}192.168.1.101 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp/kubesre", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "size": 0, "state": "file", "uid": 0}[root@ops ~]# ansible all -m shell -a "ls -l /tmp/kubesre"192.168.1.102 | CHANGED | rc=0 >>-rw-r--r--. 1 root root 0 Nov 24 11:37 /tmp/kubesre192.168.1.103 | CHANGED | rc=0 >>-rw-r--r-- 1 root root 0 Nov 24 11:37 /tmp/kubesre192.168.1.101 | CHANGED | rc=0 >>-rw-r--r-- 1 root root 0 Nov 24 11:37 /tmp/kubesre# 创立目录[root@ops ~]# ansible all -m file -a "path=/tmp/test state=directory"192.168.1.103 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test", "size": 6, "state": "directory", "uid": 0}192.168.1.102 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 6, "state": "directory", "uid": 0}192.168.1.101 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/test", "size": 6, "state": "directory", "uid": 0}[root@ops ~]# ansible all -m shell -a "ls -l /tmp" 192.168.1.102 | CHANGED | rc=0 >>total 45240drwx------. 2 root root 41 Nov 24 11:48 ansible_command_payload_ceyqUR-rwxrwxrwx. 1 root root 46325347 Nov 24 11:23 ArmsAgent.tar.gz-rw-r--r--. 1 root root 0 Nov 24 11:37 kubesredrwxr-xr-x. 2 root root 6 Nov 24 11:48 test192.168.1.103 | CHANGED | rc=0 >>total 45240drwx------ 2 root root 41 Nov 24 11:48 ansible_command_payload_IyoZG8-rwxrwxrwx 1 root root 46325347 Nov 24 11:23 ArmsAgent.tar.gz-rw-r--r-- 1 root root 0 Nov 24 11:37 kubesredrwxr-xr-x 2 root root 6 Nov 24 11:48 test192.168.1.101 | CHANGED | rc=0 >>total 45240drwx------ 2 root root 41 Nov 24 11:48 ansible_command_payload_guMhZe-rwxrwxrwx 1 root root 46325347 Nov 24 11:23 ArmsAgent.tar.gz-rw-r--r-- 1 root root 0 Nov 24 11:37 kubesredrwxr-xr-x 2 root root 6 Nov 24 11:48 test# 删除目录[root@ops ~]# ansible all -m file -a "path=/tmp/test state=absent"192.168.1.103 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "path": "/tmp/test", "state": "absent"}192.168.1.102 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "path": "/tmp/test", "state": "absent"}192.168.1.101 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "path": "/tmp/test", "state": "absent"}# 批改属性[root@ops ~]# ansible all -m file -a "path=/tmp/kubesre mode=777"192.168.1.103 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/kubesre", "size": 0, "state": "file", "uid": 0}192.168.1.102 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/kubesre", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 0, "state": "file", "uid": 0}192.168.1.101 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/kubesre", "size": 0, "state": "file", "uid": 0}参数阐明:
- path:要操作的文件或目录
- state:此参数非常灵活,此参数对应的值须要依据状况设定,比方,当咱们须要在近程主机中创立一个目录的时候,咱们须要应用path参数指定对应的目录门路,假如,我想要在近程主机上创立/testdir/a/b目录,那么我则须要设置path=/testdir/a/b,然而,咱们无奈从"/testdir/a/b"这个门路看出b是一个文件还是一个目录,ansible也同样无奈单单从一个字符串就晓得你要创立文件还是目录,所以,咱们须要通过state参数进行阐明,当咱们想要创立的/testdir/a/b是一个目录时,须要将state的值设置为directory,"directory"为目录之意,当它与path联合,ansible就能晓得咱们要操作的指标是一个目录,同理,当咱们想要操作的/testdir/a/b是一个文件时,则须要将state的值设置为touch,当咱们想要创立软链接文件时,需将state设置为link,想要创立硬链接文件时,须要将state设置为hard,当咱们想要删除一个文件时(删除时不必辨别指标是文件、目录、还是链接),则须要将state的值设置为absent,"absent"为缺席之意,当咱们想让操作的指标"缺席"时,就示意咱们想要删除指标
- src:当state设置为link或者hard时,示意咱们想要创立一个软链或者硬链,所以,咱们必须指明软链或硬链链接的哪个文件,通过src参数即可指定链接源。
- force : 当state=link的时候,可配合此参数强制创立链接文件,当force=yes时,示意强制创立链接文件,不过强制创立链接文件分为两种状况,状况一:当你要创立的链接文件指向的源文件并不存在时,应用此参数,能够先强制创立出链接文件。状况二:当你要创立链接文件的目录中曾经存在与链接文件同名的文件时,将force设置为yes,回将同名文件笼罩为链接文件,相当于删除同名文件,创立链接文件。状况三:当你要创立链接文件的目录中曾经存在与链接文件同名的文件,并且链接文件指向的源文件也不存在,这时会强制替换同名文件为链接文件。
- owner :用于指定被操作文件的属主,属主对应的用户必须在近程主机中存在,否则会报错。
- group :用于指定被操作文件的属组,属组对应的组必须在近程主机中存在,否则会报错。
- mode:用于指定被操作文件的权限,比方,如果想要将文件权限设置为"rw-r-x---",则能够应用mode=650进行设置,或者应用mode=0650,成果也是雷同的,如果你想要设置非凡权限,比方为二进制文件设置suid,则能够应用mode=4700,很不便吧。
- recurse:当要操作的文件为目录,将recurse设置为yes,能够递归的批改目录中文件的属性。
- absent:示意卸载
yum
软件包治理
# 装置Nginx[root@ops ~]# ansible all -m yum -a "name=http://nginx.org/packages/rhel/7/x86_64/RPMS/nginx-1.16.1-1.el7.ngx.x86_64.rpm state=present"# 卸载Nginx[root@ops ~]# ansible all -m yum -a "name=nginx state=absent"# 更新所有包[root@ops ~]# ansible all -m yum -a "name='*' state=latest" service/systemd
治理服务
[root@ops ~]# ansible all -m systemd -a "name=nginx state=restarted enabled=yes"unarchive
解压到近程机器指定目录
[root@ops ~]# ansible all -m unarchive -a "src=ArmsAgent.tar.gz dest=/tmp"192.168.1.103 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp", "extract_results": { "cmd": [ "/usr/bin/gtar", "--extract", "-C", "/tmp", "-z", "-f", "/root/.ansible/tmp/ansible-tmp-1637734297.88-28601-94567791333261/source" ], "err": "", "out": "", "rc": 0 }, "gid": 0, "group": "root", "handler": "TgzArchive", "mode": "01777", "owner": "root", "size": 240, "src": "/root/.ansible/tmp/ansible-tmp-1637734297.88-28601-94567791333261/source", "state": "directory", "uid": 0}192.168.1.102 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp", "extract_results": { "cmd": [ "/usr/bin/gtar", "--extract", "-C", "/tmp", "-z", "-f", "/root/.ansible/tmp/ansible-tmp-1637734298.15-28599-160150628668658/source" ], "err": "", "out": "", "rc": 0 }, "gid": 0, "group": "root", "handler": "TgzArchive", "mode": "01777", "owner": "root", "secontext": "system_u:object_r:tmp_t:s0", "size": 240, "src": "/root/.ansible/tmp/ansible-tmp-1637734298.15-28599-160150628668658/source", "state": "directory", "uid": 0}192.168.1.101 | CHANGED => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": true, "dest": "/tmp", "extract_results": { "cmd": [ "/usr/bin/gtar", "--extract", "-C", "/tmp", "-z", "-f", "/root/.ansible/tmp/ansible-tmp-1637734298.01-28597-226262773743899/source" ], "err": "", "out": "", "rc": 0 }, "gid": 0, "group": "root", "handler": "TgzArchive", "mode": "01777", "owner": "root", "size": 240, "src": "/root/.ansible/tmp/ansible-tmp-1637734298.01-28597-226262773743899/source", "state": "directory", "uid": 0}debug
执行过程中打印语句
- debug: msg: System {{ inventory_hostname }} has uuid {{ ansible_product_uuid }}- name: 显示主机已知的所有变量 debug: var: hostvars[inventory_hostname] verbosity: 4变量
变量是利用于多个主机的便捷形式,际在主机执行之前,变量会对每个主机增加,而后在执行中援用。
主机变量与组变量
[webservers] # 主机变量192.168.1.101 hostname=web1192.168.1.102 hostname=web2192.168.1.103 hostname=web3[webservers:vars] # 组变量group=webserversRegister变量
- shell: /usr/bin/uptime register: result- debug: var: result verbosity: 2Playbook
Playbooks是Ansible的配置,部署和编排语言。他们能够形容您心愿在近程机器做哪些事或者形容IT流程中一系列步骤。应用易读的YAML格局组织Playbook文件。
如果Ansible模块是您工作中的工具,那么Playbook就是您的应用说明书,而您的主机资产文件就是您的原材料。
与adhoc工作执行模式相比,Playbooks应用ansible是一种齐全不同的形式,并且性能特地弱小。
https://docs.ansible.com/ansi...
---- hosts: webservers vars: http_port: 80 server_name: www.kubesre.com remote_user: root gather_facts: false tasks: - name: 装置nginx最新版 yum: pkg=nginx state=latest - name: 写入nginx配置文件 template: src=/srv/httpd.j2 dest=/etc/nginx/nginx.conf notify: - restart nginx - name: 确保nginx正在运行 service: name=httpd state=started handlers: - name: restart nginx service: name=nginx state=reloaded主机和用户
- hosts: webservers remote_user: root become: yes become_user: nginx解释阐明:
- become: 是否进行提权操作。如果须要,设置为
yes - become_user:设置为具备所需特权的用户-您想要成为的用户,而不是您登录时应用的用户
- become_method : 权限工具,如
sudo,su,pfexec,doas,pbrun,dzdo,ksu,runas,machinectl - become_flags :
play或task级别上,容许为工作或角色应用特定的标记。一种常见的用法是,当shell设置为no login时,将用户更改为nobody。此指令是在Ansible 2.2中增加。
定义变量
Ansible中的首选做法是不将变量存储在Inventory中。
除了将变量间接存储在Inventory文件之外,主机和组变量还能够存储在绝对于Inventory文件的单个文件中。
- hosts: webservers vars: http_port: 80 server_name: www.kubesre.com工作列表
每个play蕴含一系列工作。这些工作依照程序执行,在play中,所有主机都会执行雷同的工作指令。play目标是将抉择的主机映射到工作。
tasks: - name: 装置nginx最新版 yum: pkg=nginx state=latest语法查看与调试
语法查看:ansible-playbook --check /path/to/playbook.yaml
测试运行,不实际操作:ansible-playbook -C /path/to/playbook.yaml
debug模块在执行期间打印语句,对于调试变量或表达式,而不用进行play。与'when:'指令一起调试更佳。
- hosts: webservertasks:- debug:msg: {{group_names}}- debug:msg: {{inventory_hostname}}- debug:msg: {{ansible_hostname}}工作管制
如果你有一个大的剧本,那么可能在不运行整个剧本的状况下运行特定局部可能会很有用。
tasks: - name: 装置nginx最新版 yum: pkg=nginx state=latest tags: install - name: 写入nginx配置文件 template: src=/srv/httpd.j2 dest=/etc/nginx/nginx.conf tags: config应用:
ansible-playbook example.yml --tags "install"ansible-playbook example.yml --tags "install,config"ansible-playbook example.yml --skip-tags "install"流程管制
条件:
tasks:- name: 只在192.168.1.100运行工作 debug: msg="{{ansible_default_ipv4.address}}" when: ansible_default_ipv4.address == '192.168.1.100'循环:
tasks:- name: 批量创立用户 user: name={{ item }} state=present groups=wheel with_items: - testuser1 - testuser2- name: 解压 copy: src={{ item }} dest=/tmp with_fileglob: - "*.txt"罕用循环语句:
| 语句 | 形容 |
|---|---|
| with_items | 规范循环 |
| with_fileglob | 遍历目录文件 |
| with_dict | 遍历字典 |
模板
tasks: - name: 写入nginx配置文件 template: src=/srv/httpd.j2 dest=/etc/nginx/nginx.conf定义变量
{% set local_ip = inventory_hostname %}条件和循环:
{% set list=['one', 'two', 'three'] %}{% for i in list %} {% if i == 'two' %} -> two {% elif loop.index == 3 %} -> 3 {% else %} {{i}} {% endif %}{% endfor %}例如:生成连贯etcd字符串
{% for host in groups['etcd'] %} https://{{ hostvars[host].inventory_hostname }}:2379 {% if not loop.last %},{% endif %}{% endfor %} 外面也能够用ansible的变量。
Roles
Roles是基于已知文件构造主动加载某些变量文件,工作和处理程序的办法。按角色对内容进行分组,适宜构建简单的部署环境。
定义Roles
Roles目录构造:
site.ymlwebservers.ymlfooservers.ymlroles/ common/ tasks/ handlers/ files/ templates/ vars/ defaults/ meta/ webservers/ tasks/ defaults/ meta/tasks-蕴含角色要执行的工作的次要列表。handlers-蕴含处理程序,此角色甚至在此角色之外的任何中央都能够应用这些处理程序。defaults-角色的默认变量vars-角色的其余变量files-蕴含能够通过此角色部署的文件。templates-蕴含能够通过此角色部署的模板。meta-为此角色定义一些元数据。请参阅上面的更多细节。
通常的做法是从tasks/main.yml文件中蕴含特定于平台的工作:
# roles/webservers/tasks/main.yml- name: added in 2.4, previously you used 'include' import_tasks: redhat.yml when: ansible_facts['os_family']|lower == 'redhat'- import_tasks: debian.yml when: ansible_facts['os_family']|lower == 'debian'# roles/webservers/tasks/redhat.yml- yum: name: "httpd" state: present# roles/webservers/tasks/debian.yml- apt: name: "apache2" state: present应用角色
# site.yml- hosts: webservers roles: - common - webservers定义多个:- name: 0 gather_facts: false hosts: all roles: - common- name: 1 gather_facts: false hosts: all roles: - webservers角色管制
- name: 0.零碎初始化 gather_facts: false hosts: all roles: - common tags: common 定义变量
组变量:group_vars 寄存的是组变量group_vars/all.yml 示意所有主机无效,等同于[all:vars]grous_vars/etcd.yml 示意etcd组主机无效,等同于[etcd:vars]点击 "浏览原文" 获取更好的浏览体验!