Ansible的脚本----playbook剧本
- 1.playbook剧本组成
- 2.playbook剧本实战演练
- 2.1 实战演练一:给被管理主机安装Apache服务
- 2.2 实战演练二:使用sudo命令将远程主机的普通用户提权为root用户
- 2.3 实战演练三:when条件判断指定的IP地址
- 2.4 实战演练四:使用with_items迭代循环在远程主机创建文件和目录
- 2.5 实战演练五:使用with_items迭代循环并调用变量创建指定文件和目录
- 2.6 实战演练六:在playbook剧本中基于Templates模块安装Apache服务
- 2.7 实战演练七:在playbook剧本中基于Templates模块创建标签
- 3.playbook知识点总结
1.playbook剧本组成
(1)Tasks:任务,即通过task调用ansible的模板将多个操作组织在一个playbook中运行
(2)Variables:变量
(3)Templates:模板
(4)Handlers:处理器,当changed状态条件满足时,(notify)触发执行的操作
(5)Roles:角色
2.playbook剧本实战演练
2.1 实战演练一:给被管理主机安装Apache服务
在ansible服务器主机,给远程被管理主机制作安装Apache服务的剧本文件demo1.yaml
cd /etc/yum.repos.d/ #制作本地yum源
cd /etc/ansible/playbook/ #将修改后的httpd.conf文件复制到当前目录中vim /etc/ansible/playbook/demo1.yaml - name: the first play for install apachegather_facts: falsehosts: dbserversremote_user: roottasks:- name: disable firewalldservice: name=firewalld state=stopped enabled=no- name: disable selinuxcommand: '/usr/sbin/setenforce 0'ignore_errors: true- name: disable selinux foreverreplace: path=/etc/selinux/config regexp="enforcing" replace="disabled"- name: mount cdrommount: src=/dev/sr0 path=/mnt fstype=iso9660 state=mounted- name: copy local yum configuration filecopy: src=/etc/yum.repos.d/repo.bak/local.repo dest=/etc/yum.repos.d/local.repo- name: install apacheyum: name=httpd state=latest- name: prepare httpd configuration filecopy: src=/etc/ansible/playbook/httpd.conf dest=/etc/httpd/conf/httpd.confnotify: "reload httpd"- name: start apacheservice: name=httpd state=started enabled=yeshandlers:- name: reload httpdservice: name=httpd state=reloaded
运行playbook
ansible-playbook test1.yaml
//补充参数:
-k(–ask-pass):用来交互输入ssh密码
-K(-ask-become-pass):用来交互输入sudo密码
-u:指定用户
ansible-playbook demo1.yaml --syntax-check #检查yaml文件的语法是否正确
ansible-playbook demo1.yaml --list-task #检查tasks任务
ansible-playbook demo1.yaml --list-hosts #检查生效的主机
ansible-playbook demo1.yaml --start-at-task='install httpd' #指定从某个task开始运行
2.2 实战演练二:使用sudo命令将远程主机的普通用户提权为root用户
准备工作:先在远程主机添加clr用户,然后在ansible服务主机使用clr用户远程主机,提权为root用户;
指定远程主机sudo切换用户
---
- hosts: dbserversremote_user: clr become: yes #2.6版本以后的参数,之前是sudo,意思为切换用户运行become_user: root #指定sudo用户为root
在ansible服务器主机,给远程被管理主机制作使用clr用户登录,然后提权为root用户的剧本文件demo2.yaml
vim /etc/ansible/playbook/demo2.yaml - name: second playhosts: dbserversremote_user: clrbecome: yesbecome_user: rootvars:- username: gzy- groupname: Ayu- filename: /opt/123.txtgather_facts: truetasks:- name: create groupgroup: name={{groupname}} gid=2800- name: create user join groupuser: name={{username}} uid={{uid}} groups={{groupname}}- name: copy filecopy: content="{{ansible_default_ipv4.address}}" dest={{filename}}- name: modify username and groupname of filefile: path={{filename}} owner={{username}} group={{groupname}}
ansible-playbook demo2.yaml -k -K -e "uid=8888"
2.3 实战演练三:when条件判断指定的IP地址
在Ansible中,提供的唯一一个通用的条件判断是when指令,当when指令的值为true时,则该任务执行,否则不执行该任务。
//when一个比较常见的应用场景是实现跳过某个主机不执行任务或者只有满足条件的主机执行任务
在ansible服务器主机,制作剧本文件demo2.yaml,设置使用when进行条件判断
vim /etc/ansible/playbook/demo3.yaml - name: third playhosts: Ayuremote_user: roottasks:- name: touch filefile: path=/opt/Ayu.txt state=touch#when: ansible_default_ipv4.address != "192.168.80.20"when: inventory_hostname == "192.168.80.80"
ansible-playbook .yaml
2.4 实战演练四:使用with_items迭代循环在远程主机创建文件和目录
vim /etc/ansible/playbook/demo4.yaml - name: fouth playhosts: dbserversremote_user: rootvars:myfile:- /opt/a- /opt/b- /opt/c- /opt/dtasks:- name: touch directorywith_items: "{{myfile}}"file: path={{item}} state=directory- name: touch filewith_items:- /root/a- /root/b- /root/c- /root/dfile:path: "{{item}}"state: touch
ansible-playbook demo4.yaml
2.5 实战演练五:使用with_items迭代循环并调用变量创建指定文件和目录
vim /etc/ansible/playbook/demo5.yaml - name: fifth playhosts: dbserversremote_user: roottasks:- name: touch filewith_items:- {filename: /opt/a, username: clr, groupname: video}- {filename: /opt/b, username: gzy, groupname: Ayu}file: path={{item.filename}} owner={{item.username}} group={{item.groupname}} state=touch- name: create dirwith_items:- filename: /opt/cdusername: clrgroupname: Ayu- filename: /opt/efusername: gzygroupname: videofile:path: "{{item.filename}}"owner: "{{item.username}}"group: "{{item.groupname}}"state: directory
2.6 实战演练六:在playbook剧本中基于Templates模块安装Apache服务
(1)先准备一个以 .j2为后缀的template模板文件,设置引用的变量
cp /etc/httpd/conf/httpd.conf /etc/ansible/playbook/httpd.conf.j2vim /etc/ansible/playbook/httpd.conf.j2
Listen {{http_port}} #42行,修改
ServerName {{server_name}} #95行,修改
DocumentRoot "{{root_dir}}" #119行,修改
(2)修改主机清单文件,使用主机变量定义一个变量名相同,而值不同的变量
vim /etc/ansible/hosts
[webservers]
192.168.80.50 ip_port=192.168.80.50:8050 host_name=www.accp.com:8050 root_dir=/var/www/html/accp
192.168.80.60 ip_port=192.168.80.60:8060 host_name=www.benet.com:8060 root_dir=/var/www/html/benet
(3)编写playbook
vim /etc/ansible/playbook/demo6.yaml - name: sixth playhosts: webserversremote_user: rootvars:- pkg: httpdtasks:- name: disable firewalldservice: name=firewalld state=stopped enabled=no- name: disable selinuxcommand: '/usr/sbin/setenforce 0'ignore_errors: true- name: disable selinux foreverreplace: path=/etc/selinux/config regexp="enforcing" replace="disabled"ignore_errors: true- name: mount cdrommount: src=/dev/sr0 path=/mnt fstype=iso9660 state=mountedignore_errors: true- name: install apacheyum: name=httpd state=latest- name: create root dirfile: state=directory path={{item}}with_items:- /var/www/html/accp- /var/www/html/benet- name: create index.html in www.accp.comcopy: content="<h1>this is accp web</h1>" dest=/var/www/html/accp/index.htmlwhen: ansible_default_ipv4.address == "192.168.80.50"- name: create index.html in www.benet.comcopy: content="<h1>this is benet web</h1>" dest=/var/www/html/benet/index.htmlwhen: inventory_hostname == "192.168.80.60"- name: prepare configuration filetemplate: src=/etc/ansible/playbook/httpd.conf.j2 dest=/etc/httpd/conf/httpd.confnotify: "reload apache"- name: start apacheservice: name={{pkg}} state=started enabled=yeshandlers:- name: reload apacheservice: name={{pkg}} state=reloaded
ansible-playbook demo6.yaml
2.7 实战演练七:在playbook剧本中基于Templates模块创建标签
可以在一个playbook中为某个或某些任务定义“标签”,在执行此playbook时通过ansible-playbook命令使用–tags选项能实现仅运行指定的tasks。
playbook还提供了一个特殊的tags为always。作用就是当使用always作为tags的task时,无论执行哪一个tags时,定义有always的tags都会执行。
vim /etc/ansible/playbook/demo7.yaml - name: seventh playhosts: dbserversremote_user: roottasks:- name: create abc.txtfile: path=/opt/abc.txt state=touchtags:- clr- gzy- name: create 123.txtfile: path=/opt/123.txt state=touchtags:- always- name: create gzy.txtcopy: content="gzy like mygirl" dest=/opt/wangdian.txttags:- gzy
ansible-playbook demo7.yaml --tags="gzy"
3.playbook知识点总结
playbook剧本
vim XXX.yaml
- name: #指定play名称hosts: #指定主机组remote_user: #执行用户 gather_facts: true|false #是否收集远程主机facts信息vars: #定义变量tasks: #定义task任务列表- name: #定义task任务名称模块: #定义任务使用的模块和参数with_items: #定义循环列表when: #定义判断条件(== != >= > <= <),true则执行任务,否则不执行任务ignore_errors: true #忽略任务失败notify: #定义task任务changed状态时触发的任务名tags: #指定标签,ansible-playbook --tags 仅执行拥有指定 tags 标签的任务(always标签总会执行)handlers: #定义notify触发的任务列表
task任务模块语法格式
横向格式:
模块名: 参数选项1=值 参数选项2={{变量名}} ...纵向格式:
模块名:参数选项1: 值参数选项2: "{{变量名}}"...
with_items和变量的语法格式
横向格式:
with_items: ["值1", "值2", "值3"]值为对象(键值对字段)时:
with_items:
- {key1: value1, key2: value2, ...}
- {key1: value3, key2: value4, ...}纵向格式:
with_items:
- 值1
- 值2
- 值3值为对象(键值对字段)时:
with_items:
- key1: value1key2: value2
- key1: value3key2: value4
template模板模块
(1)先要准备一个xxx.j2模板文件,在文件中使用 {{变量名}} 引用主机变量 或者 vars 自定义的变量 及 facts 字段的值
(2)在playbook中的tasks中定义template模板配置 template: src=xxx.j2 dest=xxx
