Ansible的脚本----playbook剧本
- 1.playbook剧本组成
- 2.playbook剧本实战演练
- 2.1 实战演练一:给被管理主机安装Apache服务
- 2.2 实战演练二:使用sudo命令将远程主机的普通用户提权为root用户
- 2.3 实战演练三:when条件判断指定的IP地址
- 2.4 实战演练四:使用with_items迭代循环在远程主机创建文件和目录
- 2.5 实战演练五:使用with_items迭代循环并调用变量创建指定文件和目录
- 2.6 实战演练六:在playbook剧本中基于Templates模块安装Apache服务
- 2.7 实战演练七:在playbook剧本中基于Templates模块创建标签
- 3.playbook知识点总结
1.playbook剧本组成
(1)Tasks:任务,即通过task调用ansible的模板将多个操作组织在一个playbook中运行
(2)Variables:变量
(3)Templates:模板
(4)Handlers:处理器,当changed状态条件满足时,(notify)触发执行的操作
(5)Roles:角色
2.playbook剧本实战演练
2.1 实战演练一:给被管理主机安装Apache服务
在ansible服务器主机,给远程被管理主机制作安装Apache服务的剧本文件demo1.yaml
cd /etc/yum.repos.d/ #制作本地yum源
cd /etc/ansible/playbook/ #将修改后的httpd.conf文件复制到当前目录中
vim /etc/ansible/playbook/demo1.yaml
- name: the first play for install apache
gather_facts: false
hosts: dbservers
remote_user: root
tasks:
- name: disable firewalld
service: name=firewalld state=stopped enabled=no
- name: disable selinux
command: '/usr/sbin/setenforce 0'
ignore_errors: true
- name: disable selinux forever
replace: path=/etc/selinux/config regexp="enforcing" replace="disabled"
- name: mount cdrom
mount: src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted
- name: copy local yum configuration file
copy: src=/etc/yum.repos.d/repo.bak/local.repo dest=/etc/yum.repos.d/local.repo
- name: install apache
yum: name=httpd state=latest
- name: prepare httpd configuration file
copy: src=/etc/ansible/playbook/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: "reload httpd"
- name: start apache
service: name=httpd state=started enabled=yes
handlers:
- name: reload httpd
service: name=httpd state=reloaded
运行playbook
ansible-playbook test1.yaml
//补充参数:
-k(–ask-pass):用来交互输入ssh密码
-K(-ask-become-pass):用来交互输入sudo密码
-u:指定用户
ansible-playbook demo1.yaml --syntax-check #检查yaml文件的语法是否正确
ansible-playbook demo1.yaml --list-task #检查tasks任务
ansible-playbook demo1.yaml --list-hosts #检查生效的主机
ansible-playbook demo1.yaml --start-at-task='install httpd' #指定从某个task开始运行
2.2 实战演练二:使用sudo命令将远程主机的普通用户提权为root用户
准备工作:先在远程主机添加clr用户,然后在ansible服务主机使用clr用户远程主机,提权为root用户;
指定远程主机sudo切换用户
---
- hosts: dbservers
remote_user: clr
become: yes #2.6版本以后的参数,之前是sudo,意思为切换用户运行
become_user: root #指定sudo用户为root
在ansible服务器主机,给远程被管理主机制作使用clr用户登录,然后提权为root用户的剧本文件demo2.yaml
vim /etc/ansible/playbook/demo2.yaml
- name: second play
hosts: dbservers
remote_user: clr
become: yes
become_user: root
vars:
- username: gzy
- groupname: Ayu
- filename: /opt/123.txt
gather_facts: true
tasks:
- name: create group
group: name={{groupname}} gid=2800
- name: create user join group
user: name={{username}} uid={{uid}} groups={{groupname}}
- name: copy file
copy: content="{{ansible_default_ipv4.address}}" dest={{filename}}
- name: modify username and groupname of file
file: path={{filename}} owner={{username}} group={{groupname}}
ansible-playbook demo2.yaml -k -K -e "uid=8888"
2.3 实战演练三:when条件判断指定的IP地址
在Ansible中,提供的唯一一个通用的条件判断是when指令,当when指令的值为true时,则该任务执行,否则不执行该任务。
//when一个比较常见的应用场景是实现跳过某个主机不执行任务或者只有满足条件的主机执行任务
在ansible服务器主机,制作剧本文件demo2.yaml,设置使用when进行条件判断
vim /etc/ansible/playbook/demo3.yaml
- name: third play
hosts: Ayu
remote_user: root
tasks:
- name: touch file
file: path=/opt/Ayu.txt state=touch
#when: ansible_default_ipv4.address != "192.168.80.20"
when: inventory_hostname == "192.168.80.80"
ansible-playbook .yaml
2.4 实战演练四:使用with_items迭代循环在远程主机创建文件和目录
vim /etc/ansible/playbook/demo4.yaml
- name: fouth play
hosts: dbservers
remote_user: root
vars:
myfile:
- /opt/a
- /opt/b
- /opt/c
- /opt/d
tasks:
- name: touch directory
with_items: "{{myfile}}"
file: path={{item}} state=directory
- name: touch file
with_items:
- /root/a
- /root/b
- /root/c
- /root/d
file:
path: "{{item}}"
state: touch
ansible-playbook demo4.yaml
2.5 实战演练五:使用with_items迭代循环并调用变量创建指定文件和目录
vim /etc/ansible/playbook/demo5.yaml
- name: fifth play
hosts: dbservers
remote_user: root
tasks:
- name: touch file
with_items:
- {filename: /opt/a, username: clr, groupname: video}
- {filename: /opt/b, username: gzy, groupname: Ayu}
file: path={{item.filename}} owner={{item.username}} group={{item.groupname}} state=touch
- name: create dir
with_items:
- filename: /opt/cd
username: clr
groupname: Ayu
- filename: /opt/ef
username: gzy
groupname: video
file:
path: "{{item.filename}}"
owner: "{{item.username}}"
group: "{{item.groupname}}"
state: directory
2.6 实战演练六:在playbook剧本中基于Templates模块安装Apache服务
(1)先准备一个以 .j2为后缀的template模板文件,设置引用的变量
cp /etc/httpd/conf/httpd.conf /etc/ansible/playbook/httpd.conf.j2
vim /etc/ansible/playbook/httpd.conf.j2
Listen {{http_port}} #42行,修改
ServerName {{server_name}} #95行,修改
DocumentRoot "{{root_dir}}" #119行,修改
(2)修改主机清单文件,使用主机变量定义一个变量名相同,而值不同的变量
vim /etc/ansible/hosts
[webservers]
192.168.80.50 ip_port=192.168.80.50:8050 host_name=www.accp.com:8050 root_dir=/var/www/html/accp
192.168.80.60 ip_port=192.168.80.60:8060 host_name=www.benet.com:8060 root_dir=/var/www/html/benet
(3)编写playbook
vim /etc/ansible/playbook/demo6.yaml
- name: sixth play
hosts: webservers
remote_user: root
vars:
- pkg: httpd
tasks:
- name: disable firewalld
service: name=firewalld state=stopped enabled=no
- name: disable selinux
command: '/usr/sbin/setenforce 0'
ignore_errors: true
- name: disable selinux forever
replace: path=/etc/selinux/config regexp="enforcing" replace="disabled"
ignore_errors: true
- name: mount cdrom
mount: src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted
ignore_errors: true
- name: install apache
yum: name=httpd state=latest
- name: create root dir
file: state=directory path={{item}}
with_items:
- /var/www/html/accp
- /var/www/html/benet
- name: create index.html in www.accp.com
copy: content="<h1>this is accp web</h1>" dest=/var/www/html/accp/index.html
when: ansible_default_ipv4.address == "192.168.80.50"
- name: create index.html in www.benet.com
copy: content="<h1>this is benet web</h1>" dest=/var/www/html/benet/index.html
when: inventory_hostname == "192.168.80.60"
- name: prepare configuration file
template: src=/etc/ansible/playbook/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: "reload apache"
- name: start apache
service: name={{pkg}} state=started enabled=yes
handlers:
- name: reload apache
service: name={{pkg}} state=reloaded
ansible-playbook demo6.yaml
2.7 实战演练七:在playbook剧本中基于Templates模块创建标签
可以在一个playbook中为某个或某些任务定义“标签”,在执行此playbook时通过ansible-playbook命令使用–tags选项能实现仅运行指定的tasks。
playbook还提供了一个特殊的tags为always。作用就是当使用always作为tags的task时,无论执行哪一个tags时,定义有always的tags都会执行。
vim /etc/ansible/playbook/demo7.yaml
- name: seventh play
hosts: dbservers
remote_user: root
tasks:
- name: create abc.txt
file: path=/opt/abc.txt state=touch
tags:
- clr
- gzy
- name: create 123.txt
file: path=/opt/123.txt state=touch
tags:
- always
- name: create gzy.txt
copy: content="gzy like mygirl" dest=/opt/wangdian.txt
tags:
- gzy
ansible-playbook demo7.yaml --tags="gzy"
3.playbook知识点总结
playbook剧本
vim XXX.yaml
- name: #指定play名称
hosts: #指定主机组
remote_user: #执行用户
gather_facts: true|false #是否收集远程主机facts信息
vars: #定义变量
tasks: #定义task任务列表
- name: #定义task任务名称
模块: #定义任务使用的模块和参数
with_items: #定义循环列表
when: #定义判断条件(== != >= > <= <),true则执行任务,否则不执行任务
ignore_errors: true #忽略任务失败
notify: #定义task任务changed状态时触发的任务名
tags: #指定标签,ansible-playbook --tags 仅执行拥有指定 tags 标签的任务(always标签总会执行)
handlers: #定义notify触发的任务列表
task任务模块语法格式
横向格式:
模块名: 参数选项1=值 参数选项2={{变量名}} ...
纵向格式:
模块名:
参数选项1: 值
参数选项2: "{{变量名}}"
...
with_items和变量的语法格式
横向格式:
with_items: ["值1", "值2", "值3"]
值为对象(键值对字段)时:
with_items:
- {key1: value1, key2: value2, ...}
- {key1: value3, key2: value4, ...}
纵向格式:
with_items:
- 值1
- 值2
- 值3
值为对象(键值对字段)时:
with_items:
- key1: value1
key2: value2
- key1: value3
key2: value4
template模板模块
(1)先要准备一个xxx.j2模板文件,在文件中使用 {{变量名}} 引用主机变量 或者 vars 自定义的变量 及 facts 字段的值
(2)在playbook中的tasks中定义template模板配置 template: src=xxx.j2 dest=xxx
