@[TOC](第二十四章 ansible自动化运维工具 (2)Playbook基础使用)
Playbook中tags使用:标签、指定某个动作
tags 标签 指定某条任务执行,用于选择运行playbook中的部分代码。ansible具有幂等性,因此会自动跳过没有变化的部分,即便如此,有些代码为测试其 确实没有发生变化的时间依然会非常地长。此时,如果确信其没有变化,就可以通过tags跳过此些代码片断
- ansible-playbook –t tagsname useradd.yml
#在文件中添加两个标签
[root@ansible playbook]# vim httpd.yml
remote_user: root
tasks:
- name: install
yum: name=httpd
- name: config
copy: src=/data/playbook/httpd.conf dest=/etc/httpd/conf/
tags: conf <---
notify: restart httpd
- name: service
service: name=httpd state=started enabled=yes
tags: service <---
handlers:
[root@ansible playbook]# vim httpd.conf
...
Listen 95 #端口号改为95
...
#列出'httpd.yml'中playbook标签
[root@ansible playbook]# ansible-playbook --list-tags httpd.yml
playbook: httpd.yml
play #1 (appsrvs): appsrvs TAGS: []
TASK TAGS: [conf, service] <--可以看到'conf','service'两个标签
#只执行'conf'这个标签、不触发其他无关动作、有选择性的操作
[root@ansible playbook]# ansible-playbook -t conf httpd.yml
Playbook中变量使用
- 变量名:仅能由字母、数字和下划线组成,且只能以字母开头
- 变量来源:
:one: ansible setup facts远程主机的所有变量都可直接调用
:two: 在/etc/ansible/hosts中定义 普通变量:主机组中主机单独定义,优先级高于公共变量 公共(组)变量:针对主机组中所有主机定义统一变量
:three: 通过命令行指定变量,优先级最高 ansible-playbook –e varname=value
:four: 在playbook中定义 vars:
- var1: value1
- var2: value2
:five: 在独立的变量YAML文件中定义
:six: 在role中定义
- ansible setup facts远程主机的所有变量都可直接调用
#查看指定插件支持的参数、如'setup'
[root@ansible ~]# ansible-doc -s setup
#显示当前主机各种信息、也可用'all'表示所有
[root@ansible ~]# ansible 192.168.37.6 -m setup
#查看指定的ansible主机的名称
[root@ansible ~]# ansible 192.168.37.6 -m setup -a 'filter=ansible_nodename'
192.168.37.6 | SUCCESS => {
"ansible_facts": {
"ansible_nodename": "centos6", <---主机名
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
#查看指定的ansible主机的内存大小
[root@ansible ~]# ansible 192.168.37.6 -m setup -a 'filter=ansible_memtotal_mb'
192.168.37.6 | SUCCESS => {
"ansible_facts": {
"ansible_memtotal_mb": 3944, <---内存大小
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
##查看操作系统版本
[root@ansible ~]# ansible 192.168.37.6 -m setup -a 'filter=ansible_distribution_major_version'
192.168.37.6 | SUCCESS => {
"ansible_facts": {
"ansible_distribution_major_version": "6", <---系统版本
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false
}
[root@ansible ~]# cd /data/playbook/
[root@ansible playbook]# vim vars.yml #在/data/目录下创建ansible主机的名称开头、log结尾的文件
---
- hosts: websrvs
tasks:
- name: create file
file: name=/data/{{ansible_nodename}}.log state=touch
#检查语法
[root@ansible playbook]# ansible-playbook -C vars.yml
#执行
[root@ansible playbook]# ansible-playbook vars.yml
6\18主机
[root@centos6 ~]$ ls /data/
centos6.log lost+found mysql
[root@centos7-1 ~]# ls /data/
CentOS7-1.log mysql
- 在/etc/ansible/hosts中定义
- 2.1 普通变量:主机组中主机单独定义,优先级高于公共变量
[root@ansible playbook]# vim /etc/ansible/hosts
...
[websrvs]
192.168.37.6 hostname=node1 <---
192.168.37.18 hostname=node2 <---
...
[root@ansible playbook]# cp vars.yml vars2.yml
[root@ansible playbook]# vim vars2.yml
---
- hosts: websrvs
tasks:
- name: create file
file: name=/data/{{hostname}}.log state=touch <---修改为{{hostname}}
[root@ansible playbook]# ansible-playbook vars2.yml #执行
6/18
[root@centos6 ~]$ ll /data/
total 20
-rw-r--r-- 1 root root 0 Jun 22 02:27 centos6.log
drwx------. 2 root root 16384 Apr 5 01:04 lost+found
drwxr-xr-x 5 mysql mysql 4096 Jun 22 00:41 mysql
-rw-r--r-- 1 root root 0 Jun 22 02:41 node1.log <---
[root@centos7-1 ~]# ll /data/
total 0
-rw-r--r-- 1 root root 0 Jun 23 02:26 centos7-1.log
drwxr-xr-x 5 mysql mysql 295 Jun 22 01:54 mysql
-rw-r--r-- 1 root root 0 Jun 23 02:41 node2.log <---
- 2.2 公共(组)变量:针对主机组中所有主机定义统一变量
[root@ansible playbook]# vim /etc/ansible/hosts
...
[websrvs]
192.168.37.6 hostname=node1
192.168.37.18 hostname=node2
[websrvs:vars] <---#websrvs 统一变量
suf=txt <---
[appsrvs]
192.168.37.[1:2]8
...
[root@ansible playbook]# cp vars2.yml vars3.yml
[root@ansible playbook]# vim vars3.yml
---
- hosts: websrvs
tasks:
- name: create file
file: name=/data/{{hostname}}.{{suf}} state=touch <---
[root@ansible playbook]# ansible-playbook vars3.yml #执行
6/18
[root@centos6 ~]$ ll /data/
total 20
-rw-r--r-- 1 root root 0 Jun 22 02:27 centos6.log
drwx------. 2 root root 16384 Apr 5 01:04 lost+found
drwxr-xr-x 5 mysql mysql 4096 Jun 22 00:41 mysql
-rw-r--r-- 1 root root 0 Jun 22 02:41 node1.log
-rw-r--r-- 1 root root 0 Jun 22 02:53 node1.txt
[root@centos7-1 ~]# ll /data/
total 0
-rw-r--r-- 1 root root 0 Jun 23 02:26 centos7-1.log
drwxr-xr-x 5 mysql mysql 295 Jun 22 01:54 mysql
-rw-r--r-- 1 root root 0 Jun 23 02:41 node2.log
-rw-r--r-- 1 root root 0 Jun 23 02:52 node2.txt
通过命令行指定变量、优先级最高
#'-e'优先级最高
[root@ansible playbook]# ansible-playbook -e hostname=test -e suf=log vars.yml
6/18
[root@centos6 ~]$ ll /data/
total 20
-rw-r--r-- 1 root root 0 Jun 22 03:00 centos6.log <---
drwx------. 2 root root 16384 Apr 5 01:04 lost+found
drwxr-xr-x 5 mysql mysql 4096 Jun 22 00:41 mysql
-rw-r--r-- 1 root root 0 Jun 22 02:41 node1.log
-rw-r--r-- 1 root root 0 Jun 22 02:53 node1.txt
[root@centos7-1 ~]# ll /data/
total 0
-rw-r--r-- 1 root root 0 Jun 23 02:59 centos7-1.log <---
drwxr-xr-x 5 mysql mysql 295 Jun 22 01:54 mysql
-rw-r--r-- 1 root root 0 Jun 23 02:41 node2.log
-rw-r--r-- 1 root root 0 Jun 23 02:52 node2.txt
- 在PLAYBOOK中定义
[root@ansible playbook]# cp vars3.yml vars4.yml
[root@ansible playbook]# vim vars4.yml
---
- hosts: websrvs
vars:
- hostname: testfile
- suf: html
tasks:
- name: create file
file: name=/data/{{hostname}}.{{suf}} state=touch
[root@ansible playbook]# ansible-playbook vars4.yml #执行
6/18
[root@centos6 ~]$ ll /data/
...
-rw-r--r-- 1 root root 0 Jun 22 03:09 testfile.html
[root@centos7-1 ~]# ll /data/
...
-rw-r--r-- 1 root root 0 Jun 23 03:09 testfile.html
优先级排序:-e > yml文件 > hosts
#-e比'vars4.yml'中变量优先级高
[root@ansible playbook]# ansible-playbook -e hostname=file -e suf=pdf vars4.yml
6/18
[root@centos6 ~]$ ll /data/
...
-rw-r--r-- 1 root root 0 Jun 22 03:14 file.pdf
[root@centos7-1 ~]# ll /data/
...
-rw-r--r-- 1 root root 0 6月 23 03:14 file.pdf
- 在独立的变量yaml文件中定义
[root@ansible playbook]# mv vars.yml vars1.yml
[root@ansible playbook]# vim vars.yml #创建文件、专门方变量
hostname: testnode
suf: yml
[root@ansible playbook]# cp vars4.yml vars5.yml
[root@ansible playbook]# vim vars5.yml
---
- hosts: websrvs
vars_files: vars.yml <--把刚刚定义文件名写入
tasks:
- name: create file
file: name=/data/{{hostname}}.{{suf}} state=touch
[root@ansible playbook]# ansible-playbook vars5.yml #执行
6/18
[root@centos6 ~]$ ll /data/
...
-rw-r--r-- 1 root root 0 Jun 22 03:38 testnode.yml
[root@centos7-1 ~]# ll /data/
...
-rw-r--r-- 1 root root 0 Jun 23 03:38 testnode.yml
模板template
:one:文本文件,嵌套有脚本(使用模板编程语言编写) :two:Jinja2语言,使用字面量,有下面形式
- 字符串:使用单引号或双引号
- 数字:整数,浮点数
- 列表:[item1, item2, ...]
- 元组:(item1, item2, ...)
- 字典:{key1:value1,key2:value2, ...}
- 布尔型:true/false
:three:算术运算:+, -, *, /, //, %, ** :four:比较操作:==,!=, >, >=, <, <= :five:逻辑运算:and,or,not
:six:流表达式:For,If,When
#查看指定插件支持的参数、如'template'
[root@ansible playbook]# ansible-doc -s template
#创建一个模板文件夹、放模板文件
[root@ansible playbook]# mkdir /data/playbook/templates
[root@ansible playbook]# cp httpd.conf templates/httpd.conf.j2
[root@ansible playbook]# vim templates/httpd.conf.j2
...
Listen {{ httpd_port }} <---端口号写成变量
...
#修改appsrvs组内容为下
[root@ansible playbook]# vim /etc/ansible/hosts
...
[appsrvs]
192.168.37.18 httpd_port=8018 <---端口号
192.168.37.28 httpd_port=8028 <---端口号
[root@ansible playbook]# cp httpd.yml httpd_template.yml
[root@ansible playbook]# vim httpd_template.yml
---
- hosts: appsrvs
remote_user: root
tasks:
- name: install
yum: name=httpd
- name: config
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf <---
tags: conf
notify: restart httpd
- name: service
18/28 端口号都为'95'
[root@centos7-1 ~]# ss -ntlp |grep httpd
LISTEN 0 128 :::95 :::* users:(("httpd",pid=11378,fd=4),("httpd",pid=11377,fd=4),("httpd",pid=11376,fd=4),("httpd",pid=11375,fd=4),("httpd",pid=11374,fd=4),("httpd",pid=9252,fd=4))
[root@centos7-2 ~]# ss -ntlp|grep httpd
LISTEN 0 128 :::95 :::* users:(("httpd",pid=14689,fd=4),("httpd",pid=14688,fd=4),("httpd",pid=14687,fd=4),("httpd",pid=14686,fd=4),("httpd",pid=14685,fd=4),("httpd",pid=8957,fd=4))
ansible主机
[root@ansible playbook]# ansible-playbook httpd_template.yml
18/28 端口号发生变化、分别为'8018'、’8028‘,同时配置文件也发生不同变化
[root@centos7-1 ~]# ss -ntlp |grep httpd
LISTEN 0 128 :::8018 :::* users:(("httpd",pid=19553,fd=4),("httpd",pid=19552,fd=4),("httpd",pid=19551,fd=4),("httpd",pid=19550,fd=4),("httpd",pid=19549,fd=4),("httpd",pid=19540,fd=4))
[root@centos7-1 ~]# vim /etc/httpd/conf/httpd.conf
...
Listen 8018
...
[root@centos7-2 ~]# ss -ntlp|grep httpd
LISTEN 0 128 :::8028 :::* users:(("httpd",pid=21760,fd=4),("httpd",pid=21759,fd=4),("httpd",pid=21758,fd=4),("httpd",pid=21757,fd=4),("httpd",pid=21756,fd=4),("httpd",pid=21741,fd=4))
[root@centos7-2 ~]# vim /etc/httpd/conf/httpd.conf
...
Listen 8028
...
ansible主机
[root@ansible playbook]# vim template/httpd.conf.j2
...
Listen {{ httpd_port+100 }} <--端口号+100
...
[root@ansible playbook]# ansible-playbook httpd_template.yml #执行
18/28 看看端口号是否+100
#看看端口号是否+100
[root@centos7-1 ~]# ss -ntlp |grep httpd
LISTEN 0 128 :::8118 :::* users:(("httpd",pid=20192,fd=4),("httpd",pid=20191,fd=4),("httpd",pid=20190,fd=4),("httpd",pid=20189,fd=4),("httpd",pid=20188,fd=4),("httpd",pid=20187,fd=4))
[root@centos7-2 ~]# ss -ntlp|grep httpd
LISTEN 0 128 :::8128 :::* users:(("httpd",pid=22428,fd=4),("httpd",pid=22427,fd=4),("httpd",pid=22426,fd=4),("httpd",pid=22425,fd=4),("httpd",pid=22424,fd=4),("httpd",pid=22414,fd=4))
ansible主机
#查看cpu个数、显示当前有几颗cpu
[root@ansible playbook]# ansible all -m setup |grep cpu
"ansible_processor_vcpus": 2,
"ansible_processor_vcpus": 2,
"ansible_processor_vcpus": 2,
#可以加cpu
#cpu个数发生变化
[root@ansible playbook]# ansible all -m setup |grep cpu
"ansible_processor_vcpus": 2,
"ansible_processor_vcpus": 2,
"ansible_processor_vcpus": 4, <--
18/28
[root@centos7-1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.37.18
GATEWAY=192.168.37.2 <---
DNS1=192.168.37.2 <---
PREFIX=24
[root@centos7-2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
DEFROUTE="yes"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
IPADDR=192.168.37.28
GATEWAY=192.168.37.2 <---
DNS1=192.168.37.2 <---
PREFIX=24
ansible主机
[root@ansible playbook]# yum install nginx -y
18/28 下载epel源并启动
[root@centos7-1 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@centos7-1 ~]# yum install -y epel-release
ansible主机
[root@ansible playbook]# cp /etc/nginx/nginx.conf /data/playbook/templates/nginx.conf.j2
[root@ansible playbook]# pwd
/data/playbook
[root@ansible playbook]# vim nginx.yml
---
- hosts: appsrvs
remote_user: root
tasks:
- name: install
yum: name=nginx
- name: service
service: name=nginx state=started enabled=yes
[root@ansible playbook]# ansible-playbook -C nginx.yml #检查语法
[root@ansible playbook]# ansible-playbook nginx.yml #执行
18/28
#看看端口谁在监听、可以看到是nginx
[root@centos7-1 ~]# ss -ntlp |grep nginx
LISTEN 0 128 *:80 *:* users:(("nginx",pid=20894,fd=6),("nginx",pid=20893,fd=6),("nginx",pid=20892,fd=6))
LISTEN 0 128 :::80 :::* users:(("nginx",pid=20894,fd=7),("nginx",pid=20893,fd=7),("nginx",pid=20892,fd=7))
使用浏览器 192.168.37.18 会显示nginx的界面
#看看端口谁在监听httpd、发现是8118
[root@centos7-1 ~]# ss -ntlp |grep httpd
LISTEN 0 128 :::8118 :::* users:(("httpd",pid=20948,fd=4),("httpd",pid=20947,fd=4),("httpd",pid=20946,fd=4),("httpd",pid=11156,fd=4),("httpd",pid=11155,fd=4),("httpd",pid=11154,fd=4),("httpd",pid=11153,fd=4),("httpd",pid=11152,fd=4),("httpd",pid=8948,fd=4))
而192.168.37.18:8118、是httpd界面
ansible主机
#修改此项、使cpu进程*2
[root@ansible playbook]# vim templates/nginx.conf.j2
...
worker_processes {{ ansible_processor_vcpus*2 }}; <---CPU个数*2
...
[root@ansible playbook]# vim nginx.yml
---
- hosts: appsrvs
remote_user: root
tasks:
- name: install
yum: name=nginx
- name: config <---
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf <---
notify: restart nginx <---
- name: service
service: name=nginx state=started enabled=yes
handlers: <---
- name: restart nginx <---
service: name=nginx state=restarted <---
18/28 查看cpu个数
[root@centos7-1 ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 2 <---
[root@centos7-1 ~]# pstree -p #nginx进程数2个、因为有2颗cpu
...
├─nginx(19791)─┬─nginx(19792)
│ └─nginx(19793)
...
[root@centos7-2 ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4 <---
[root@centos7-2 ~]# pstree -p #nginx进程数4个、因为有4颗cpu
...
├─nginx(11185)─┬─nginx(11186)
│ ├─nginx(11187)
│ ├─nginx(11188)
│ └─nginx(11189)
...
ansible主机
[root@ansible playbook]# ansible-playbook -C nginx.yml
[root@ansible playbook]# ansible-playbook nginx.yml
18/28 进程数发生变化、变成'*2'
[root@centos7-1 ~]# pstree -p #进程数从之前的2个*2、变成四个
...
├─nginx(19791)─┬─nginx(19792)
│ ├─nginx(19793)
│ ├─nginx(19794)
│ └─nginx(19795)
...
[root@centos7-2 ~]# pstree -p #进程数从之前的4个*2、变成八个
...
├─nginx(11185)─┬─nginx(11186)
│ ├─nginx(11187)
│ ├─nginx(11188)
│ ├─nginx(11189)
│ ├─nginx(11190)
│ ├─nginx(11191)
│ ├─nginx(11192)
│ └─nginx(11193)
...
when条件判断
6主机
#安装httpd服务
[root@centos6 ~]$ yum install httpd -y
#将CentOS6版本的'http.conf'文件传过去
[root@centos6 ~]$ scp /etc/httpd/conf/httpd.conf 192.168.37.7:/data/playbook/httpd6.conf
ansible主机
#将CentOS7版本的'http.conf'改名为'http7.conf'
[root@ansible playbook]# mv httpd.conf httpd7.conf
[root@ansible playbook]# ll #可以看到CentOS6和CentOS7版本的httpd配置文件
...
-rw-r--r-- 1 root root 34419 Jun 23 23:40 httpd6.conf
-rw-r--r-- 1 root root 11753 Jun 22 01:22 httpd7.conf
...
[root@ansible playbook]# cp httpd{6,7}.conf templates/
[root@ansible playbook]# mv templates/httpd6.conf templates/httpd6.conf.j2
[root@ansible playbook]# mv templates/httpd7.conf templates/httpd7.conf.j2
#修改CentOS6版本的'httpd.conf'文件
[root@ansible playbook]# vim templates/httpd6.conf.j2
...
Listen {{ httpd_port }} <---
...
#修改CentOS7版本的'httpd.conf'文件
[root@ansible playbook]# vim templates/httpd7.conf.j2
...
Listen {{ httpd_port }} <---
...
[root@ansible playbook]# vim /etc/ansible/hosts
# leading 0s:
## db-[99:101]-node.example.com
[websrvs]
192.168.37.6 hostname=node1 httpd_port=6666 <---
192.168.37.18 hostname=node2 httpd_port=7777 <---
[websrvs:vars]
suf=txt
[appsrvs]
192.168.37.18 <---如果有变量、需要删除掉、负责后面的变量会覆盖上面的变量
192.168.37.28 <---
[root@ansible playbook]# cp httpd.yml httpd_when.yml
#通过when来条件判断、版本不同拷贝的模板是不一样的
[root@ansible playbook]# vim httpd_when.yml
- name: config
template: src=httpd6.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags: conf
notify: restart httpd
when: ansible_distribution_major_version=="6"
---
- hosts: websrvs
remote_user: root
tasks:
- name: install
yum: name=httpd
- name: config
template: src=httpd6.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags: conf
notify: restart httpd
when: ansible_distribution_major_version=="6" <---
- name: config
template: src=httpd7.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags: conf
notify: restart httpd
when: ansible_distribution_major_version=="7" <---
- name: service
service: name=httpd state=started enabled=yes
tags: service
handlers:
- name: restart httpd
service: name=httpd state=restarted
[root@ansible playbook]# ansible-playbook -C httpd_when.yml
[root@ansible playbook]# ansible-playbook httpd_when.yml
6/18 可以看到CentOS6的httpd端口6666、CentOS7的httpd端口7777
[root@centos6 ~]$ ss -ntlp| grep 6666
LISTEN 0 128 :::6666 :::* users:(("httpd",36139,6),("httpd",36142,6),("httpd",36143,6),("httpd",36144,6),("httpd",36145,6),("httpd",36147,6),("httpd",36148,6),("httpd",36149,6),("httpd",36150,6))
[root@centos7-1 ~]# ss -ntlp|grep httpd
LISTEN 0 128 *:7777 *:* users:(("httpd",pid=25805,=3),("httpd",pid=25801,fd=3),("httpd",pid=25800,fd=3))
迭代 with_ietms
迭代:当有需要重复性执行的任务时,可以使用迭代机制
- 对迭代项的引用,固定变量名为"item"
- 要在task中使用with_items给定要迭代的元素列表
- 列表格式: -- 字符串 -- 字典
ansible主机、创建用户
#创建用户
[root@ansible playbook]# vim items.yml
---
- hosts: websrvs
tasks:
- name: create user
user: name={{ item }}
with_items:
- tom
- alice
- jack
- rose
[root@ansible playbook]# ansible-playbook -C items.yml
[root@ansible playbook]# ansible-playbook items.yml
6/18 创建了四个用户、分别是tom、alice、jack、rose
[root@centos6 ~]$ getent passwd
...
tom:x:501:501::/home/tom:/bin/bash
alice:x:502:502::/home/alice:/bin/bash
jack:x:503:503::/home/jack:/bin/bash
rose:x:504:504::/home/rose:/bin/bash
[root@centos7-1 ~]# getent passwd
...
tom:x:1001:1001::/home/tom:/bin/bash
alice:x:1002:1002::/home/alice:/bin/bash
jack:x:1003:1003::/home/jack:/bin/bash
rose:x:1004:1004::/home/rose:/bin/bash
ansible主机、删除用户及家目录
#删除用户及家目录: 删除用户'state=absent', 删除家目录'remove=yes'
[root@ansible playbook]# vim items.yml
---
- hosts: websrvs
tasks:
- name: delete user
user: name={{ item }} state=absent remove=yes
with_items:
- tom
- alice
- jack
- rose
[root@ansible playbook]# ansible-playbook items.yml
6/18 4个用户已经删除、家目录也被删除
[root@centos6 ~]$ getent passwd
[root@centos6 ~]$ ll /home/
total 4
drwx------. 4 wang wang 4096 Apr 5 01:14 wang
[root@centos7-1 ~]# getent passwd
[root@centos7-1 ~]# ll /home/
total 0
drwx------. 3 wang wang 78 Apr 11 2018 wang
