Loading... <p><span>Ansible</span></p> <h2><span style="font-family:宋体">简介</span></h2> <p style="line-height: 28px;background: white"><span>ansible</span><span>是个什么东西呢?官方的title是“Ansible is Simple IT Automation”——简单的自动化IT工具。这个工具的目标有这么几项:自动化部署APP;自动化管理配置项;自动化的持续交互;自动化的(AWS)云服务管理。所有的这几个目标从本质上来说都是在一个台或者几台服务器上,执行一系列的命令而已。通俗的说就是批量的在远程服务器上执行命令 。当然,最主要的是它是基于 paramiko 开发的。这个paramiko是什么呢?它是一个纯Python实现的ssh协议库。因此fabric和ansible还有一个共同点就是不需要在远程主机上安装client/agents,因为它们是基于ssh来和远程主机通讯的。简单归纳一下:</span></p> <p style="line-height: 28px;background: white"><span>Ansible</span></p> <p style="margin-left: 28px;text-indent: 28px;line-height: 28px;background: white"><span>—基于 Python paramiko 开发,分布式,无需客户端,轻量级,配置语法使用 YMAL 及 Jinja2模板语言,更强的远程命令执行操作</span></p> <p style="line-height: 28px;background: white"><span>类似的自动化运维工具有很多常用的还有:</span></p> <p style="line-height: 28px;background: white"><span>Puppet</span></p> <p style="margin-left: 28px;text-indent: 28px;line-height: 28px;background: white"><span>—基于 Ruby 开发,采用 C/S 架构,扩展性强,基于 SSL,远程命令执行相对较弱</span></p> <p style="line-height: 28px;background: white"><span>SaltStack</span></p> <p style="margin-left: 28px;text-indent: 28px;line-height: 28px;background: white"><span>—基于 Python 开发,采用 C/S 架构,相对 puppet 更轻量级,配置语法使用 YMAL,使得配置脚本更简单</span></p> <h2>Ansible<span style="font-family:宋体">工作机制</span></h2> <p style="line-height: 28px;background: white"><span>Ansible </span><span>在管理节点将 Ansible 模块通过 SSH 协议(或者 Kerberos、LDAP)推送到被管理端执行,执行完之后自动删除,可以使用 SVN 等来管理自定义模块及编排</span></p> <p><img src="//cto.wang/usr/uploads/2016/07/20160703165946-26.png" title="1435911911139657.png" alt="ansible.png" /></p> <p style="line-height: 28px;background: white"><span>由上面的图可以看到 Ansible 的组成由 5 个部分组成:</span></p> <p style="line-height: 28px;background: white"><span>Ansible</span><span>: 核心</span></p> <p style="line-height: 28px;background: white"><span>Modules</span><span>: 包括 Ansible 自带的核心模块及自定义模块</span></p> <p style="line-height: 28px;background: white"><span>Plugins</span><span>: 完成模块功能的补充,包括连接插件、邮件插件等</span></p> <p style="line-height: 28px;background: white"><span>Playbooks</span><span>: 网上很多翻译为剧本,个人觉得理解为编排更为合理;定义 Ansible 多任务配置文件,有 Ansible 自动执行</span></p> <p style="line-height: 28px;background: white"><span>Inventory</span><span>: 定义 Ansible 管理主机的清单</span></p> <h2>Ansible<span style="font-family:宋体">安装</span></h2> <h3><span style="font-family:宋体">使用软件仓库安装</span></h3> <p style="line-height: 28px;background: white"><span>主要的Linux发行版都有自己的软件包管理系统,能帮你自动解决软件包的依赖关系。比如:</span></p> <p><span>Fedora</span><span>、RHEL、CentOS以及兼容的发行版:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$ sudo yum -y install ansible</span></p> <p><span>Ubuntu</span><span>、Debian,以及兼容发行版:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$ apt-get install ansible</span></p> <p style="line-height: 28px;background: white"><span>注意:Fedora、RHEL、CentOS要配置epel源仓库</span></p> <h3><span style="font-family:宋体">使用源码安装</span></h3> <p style="line-height: 28px;background: white"><span>最时尚的玩法是使用源码安装了。你会拿到最新版,但并非稳定版。所以,使用源码安装时要留意Bug,积极关注社区和版本更新。请从Github上获取最新代码,安装过程如下:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$ git clone git://github.com/ansible/ansible.git</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$ cd ansible && sudo make&&make install</span></p> <h3><span style="font-family:宋体">使用</span>pip<span style="font-family:宋体">安装</span>Ansible</h3> <p style="line-height: 28px;background: white"><span>Pip</span><span>是专门用来管理Python模块的工具,Ansible会将每次正式发布都更新到pip仓库中。所以通过pip安装或更新Ansible,会比较稳妥的拿到最新稳定版。</span></p> <p style="line-height: 28px;background: white"><span>值得注意的是升级操作系统时,并不会同时升级Ansible。另外,升级操作系统有可能损坏Ansible环境,毕竟它依赖Python。还有如果你已经基于Ansible开发大量模块,你最好一直使用对应版本。此时不建议你升级到最新版本,以免由于不兼容等问题导致模块功能异常。Pip的安装指令为:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$ pip install ansible</span></p> <h2>Ansible<span style="font-family:宋体">的升级</span></h2> <p style="line-height: 28px;background: white"><span>利用pip升级ansible</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$pip install –upgrade ansible</span></p> <h2><span style="font-family:宋体">尝试</span>ansible</h2> <h3><span style="font-family:宋体">配置主机</span>Hosts</h3> <p style="line-height: 28px;background: white"><span>Ansible </span><span>通过读取默认的主机清单配置/etc/ansible/hosts,可以同时连接到多个远程主机上执行任务,默认路径可以通过修改 ansible.cfg 的 hostfile 参数指定路径。下面会有详细介绍</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">vi /etc/ansible/hosts</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">[web]</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.100</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.101</span></p> <h3><span style="font-family:宋体">配置免密钥登陆</span></h3> <p><span>为了避免Ansible下发指令时输入目标主机密码,通过证书签名达到SSH无密码是一个好的方案,推荐使用ssh-keygen与ssh-copy-id来实现快速证书的生成和公钥下发,其中ssh-keygen生成一对密钥,使用ssh-copy-id来下发生成的公钥。具体操作如下:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ssh-keygen -t rsa -P ''</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ssh-copy-id -i .ssh/id_rsa.pub deploy@192.168.1.100</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ssh-copy-id -i .ssh/id_rsa.pub deploy@192.168.1.101</span></p> <p style="line-height: 28px;background: white"><span>注意:在首次连接或者重装系统之后会出现检查 keys 的提示</span></p> <p><em><span style="font-family:Consolas;color:#FFC000;background: lightgrey;background:lightgrey">The authenticity of host '192.168.0.5 (192.168.0.5)' can't be established.</span></em></p> <p><em><span style="font-family:Consolas;color:#FFC000;background: lightgrey;background:lightgrey">ECDSA key fingerprint is 05:51:e5:c4:d4:66:9b:af:5b:c9:ba:e9:e6:a4:2b:fe.</span></em></p> <p><em><span style="font-family:Consolas;color:#FFC000;background: lightgrey;background:lightgrey">Are you sure you want to continue connecting (yes/no)?</span></em></p> <p style="line-height: 28px;background: white"><span>解决办法:</span></p> <p><em><span style="font-family:Consolas;color:red;background: lightgrey;background:lightgrey">vim /etc/ansible/ansible.cfg </span></em><em><span style="font-family:宋体;color:red;background:lightgrey;background:lightgrey">或者</span></em><em><span style="font-family:Consolas;color:red;background:lightgrey;background:lightgrey"> ~/.ansible.cfg</span></em></p> <p><em><span style="font-family:Consolas;color:red;background: lightgrey;background:lightgrey">[defaults]</span></em></p> <p><em><span style="font-family:Consolas;color:red;background: lightgrey;background:lightgrey">host_key_checking = False</span></em></p> <p style="line-height: 28px;background: white"><span>也可以通过设置系统环境变量来禁止这样的提示</span></p> <p><em><span style="font-family:Consolas;color:red;background: lightgrey;background:lightgrey">export ANSIBLE_HOST_KEY_CHECKING=False</span></em></p> <h3><span style="font-family:宋体">测试</span>ping</h3> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m ping</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.101 | success >> {</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> "changed": false, </span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> "ping": "pong"</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">}</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.100 | success >> {</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> "changed": false, </span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> "ping": "pong"</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">}</span></p> <h3>Ansible<span style="font-family:宋体">命令参数介绍</span></h3> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">-v,–verbose </span><span style="font-family:宋体;color:#C45911;background:white">详细模式,如果命令执行成功,输出详细的结果</span><span style="font-family:Consolas;color:#C45911;background:white">(-vv –vvv -vvvv)</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> -i PATH,–inventory=PATH </span><span style="font-family:宋体;color:#C45911;background:white">指定</span><span style="font-family:Consolas;color:#C45911;background:white">host</span><span style="font-family:宋体;color:#C45911;background:white">文件的路径,默认是在</span><span style="font-family:Consolas;color:#C45911;background:white">/etc/ansible/hosts </span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> -f NUM,–forks=NUM </span><span style="font-family:Consolas;color:#C45911;background:white">NUM</span><span style="font-family:宋体;color:#C45911;background:white">是指定一个整数,默认是</span><span style="font-family:Consolas;color:#C45911;background:white">5</span><span style="font-family:宋体;color:#C45911;background: white">,指定</span><span style="font-family: Consolas;color:#C45911;background: white">fork</span><span style="font-family:宋体;color:#C45911;background:white">开启同步进程的个数。</span> </p> <p><span style="font-family:Consolas;color:#008200;background:white"> -m NAME,–module-name=NAME </span><span style="font-family:宋体;color:#C45911;background:white">指定使用的</span><span style="font-family:Consolas;color:#C45911;background:white">module</span><span style="font-family:宋体;color:#C45911;background:white">名称,默认是</span><span style="font-family:Consolas;color:#C45911;background:white">command</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> -m DIRECTORY,–module-path=DIRECTORY </span><span style="font-family:宋体;color:#C45911;background:white">指定</span><span style="font-family:Consolas;color:#C45911;background:white">module</span><span style="font-family:宋体;color:#C45911;background: white">的目录来加载</span><span style="font-family:Consolas;color:#C45911;background:white">module</span><span style="font-family:宋体;color:#C45911;background: white">,默认是</span><span style="font-family: Consolas;color:#C45911;background: white">/usr/share/ansible, </span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> -a,MODULE_ARGS </span><span style="font-family:宋体;color:#C45911;background:white">指定</span><span style="font-family:Consolas;color:#C45911;background:white">module</span><span style="font-family:宋体;color:#C45911;background: white">模块的参数</span> </p> <p><span style="font-family:Consolas;color:#008200;background:white"> -k,–ask-pass </span><span style="font-family:宋体;color:#C45911;background:white">提示输入</span><span style="font-family:Consolas;color:#C45911;background:white">ssh</span><span style="font-family:宋体;color:#C45911;background:white">的密码,而不是使用基于</span><span style="font-family:Consolas;color:#C45911;background:white">ssh</span><span style="font-family:宋体;color:#C45911;background: white">的密钥认证</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> –sudo </span><span style="font-family:宋体;color:#C45911;background:white">指定使用</span><span style="font-family:Consolas;color:#C45911;background:white">sudo</span><span style="font-family:宋体;color:#C45911;background:white">获得</span><span style="font-family:Consolas;color:#C45911;background:white">root</span><span style="font-family: 宋体;color:#C45911;background:white">权限</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> -K,–ask-sudo-pass </span><span style="font-family:宋体;color:#C45911;background:white">提示输入</span><span style="font-family:Consolas;color:#C45911;background:white">sudo</span><span style="font-family:宋体;color:#C45911;background: white">密码,与</span><span style="font-family: Consolas;color:#C45911;background: white">–sudo</span><span style="font-family:宋体;color:#C45911;background:white">一起使用</span> </p> <p><span style="font-family:Consolas;color:#008200;background:white"> -u USERNAME,–user=USERNAME </span><span style="font-family:宋体;color:#C45911;background:white">指定移动端的执行用户</span> </p> <p><span style="font-family:Consolas;color:#008200;background:white"> -C,–check </span><span style="font-family:宋体;color:#C45911;background:white">测试此命令执行会改变什么内容,不会真正的去执行</span></p> <h2><span style="font-family:宋体">主机清单</span>Hosts<span style="font-family:宋体">介绍</span></h2> <p style="line-height: 28px;background: white"><span>Ansible </span><span>通过读取默认的主机清单配置/etc/ansible/hosts,可以同时连接到多个远程主机上执行任务,默认路径可以通过修改 ansible.cfg 的 hostfile 参数指定路径。</span></p> <p style="line-height: 28px;background: white"><span>/etc/ansible/hosts </span><span>主机清单配置格式如下</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">[dbservers] </span><span style="font-family:Consolas;color:#C45911;background:white">[]</span><span style="font-family:宋体;color:#C45911;background:white">表示主机的分组名</span><span style="font-family:Consolas;color:#C45911;background:white">,</span><span style="font-family:宋体;color:#C45911;background: white">可以按照功能、系统等进行分类,便于对某些主机或者某一组功能相同的主机进行操作</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.12</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">one.example.com</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">badwolf.example.com:5309 </span><span style="font-family:宋体;color:#C45911;background:white">支持指定</span><span style="font-family:Consolas;color:#C45911;background:white"> SSH </span><span style="font-family:宋体;color:#C45911;background:white">端口</span><span style="font-family:Consolas;color:#C45911;background:white"> 5309</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">jumper ansible_ssh_port=5555 ansible_ssh_host=192.168.1.50 </span><span style="font-family:宋体;color:#C45911;background:white">设置主机别名为</span><span style="font-family:Consolas;color:#C45911;background:white"> jumper</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">www[01:50].example.com </span><span style="font-family:宋体;color:#C45911;background:white">支持通配符匹配</span><span style="font-family:Consolas;color:#C45911;background:white"> www01 www02 …www50</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">[databases]</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">db-[a:f].example.com </span><span style="font-family:宋体;color:#C45911;background:white">支持字母匹配</span><span style="font-family:Consolas;color:#C45911;background:white"> a b c…f</span></p> <p style="line-height: 28px;background: white"><span>为某主机指定连接类型和连接用户</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">[zhao]</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">Localhost ansible_connection=local</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">other1.example.com ansible_connection=ssh ansible_ssh_user=deploy</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">other2.example.com ansible_connection=ssh ansible_ssh_user=deploy</span></p> <p><span>hosts </span><span>文件支持一些特定指令,上面已经使用了其中几个,所有支持的指令如下:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_ssh_host </span><span style="font-family:宋体;color:#C45911;background:white">指定主机别名对应的真实</span><span style="font-family:Consolas;color:#C45911;background:white"> IP</span><span style="font-family:宋体;color:#C45911;background:white">,如:</span><span style="font-family:Consolas;color:#C45911;background:white">100 ansible_ssh_host=192.168.1.100</span><span style="font-family:宋体;color:#C45911;background:white">,随后连接该主机无须指定完整</span><span style="font-family:Consolas;color:#C45911;background:white"> IP</span><span style="font-family:宋体;color:#C45911;background:white">,只需指定</span><span style="font-family:Consolas;color:#C45911;background:white"> 251 </span><span style="font-family:宋体;color:#C45911;background: white">就行</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_ssh_port </span><span style="font-family:宋体;color:#C45911;background:white">指定连接到这个主机的</span><span style="font-family:Consolas;color:#C45911;background:white"> ssh </span><span style="font-family:宋体;color:#C45911;background:white">端口,默认</span><span style="font-family:Consolas;color:#C45911;background:white"> 22</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_ssh_user </span><span style="font-family:宋体;color:#C45911;background:white">连接到该主机的</span><span style="font-family:Consolas;color:#C45911;background:white"> ssh </span><span style="font-family:宋体;color:#C45911;background:white">用户</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_ssh_pass </span><span style="font-family:宋体;color:#C45911;background:white">连接到该主机的</span><span style="font-family:Consolas;color:#C45911;background:white"> ssh </span><span style="font-family:宋体;color:#C45911;background:white">密码(连</span><span style="font-family:Consolas;color:#C45911;background:white">-k </span><span style="font-family:宋体;color:#C45911;background:white">选项都省了),安全考虑还是建议使用私钥或在命令行指定</span><span style="font-family:Consolas;color:#C45911;background:white">-k </span><span style="font-family:宋体;color:#C45911;background:white">选项输入</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_sudo_pass </span><span style="font-family:Consolas;color:#C45911;background:white">sudo </span><span style="font-family:宋体;color:#C45911;background:white">密码</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_sudo_exe </span><span style="font-family:Consolas;color:#C45911;background:white">sudo </span><span style="font-family:宋体;color:#C45911;background:white">命令路径</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_connection </span><span style="font-family:宋体;color:#C45911;background:white">连接类型,可以是</span><span style="font-family:Consolas;color:#C45911;background:white"> local</span><span style="font-family:宋体;color:#C45911;background:white">、</span><span style="font-family:Consolas;color:#C45911;background:white">ssh </span><span style="font-family:宋体;color:#C45911;background: white">或</span><span style="font-family: Consolas;color:#C45911;background: white"> paramiko</span><span style="font-family:宋体;color:#C45911;background:white">,</span><span style="font-family:Consolas;color:#C45911;background:white">ansible1.2 </span><span style="font-family:宋体;color:#C45911;background:white">之前默认为</span><span style="font-family:Consolas;color:#C45911;background:white"> paramiko</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_ssh_private_key_file </span><span style="font-family:宋体;color:#C45911;background:white">私钥文件路径</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_shell_type </span><span style="font-family:宋体;color:#C45911;background:white">目标系统的</span><span style="font-family:Consolas;color:#C45911;background:white"> shell </span><span style="font-family:宋体;color:#C45911;background:white">类型,默认为</span><span style="font-family:Consolas;color:#C45911;background:white"> sh,</span><span style="font-family:宋体;color:#C45911;background:white">如果设置</span><span style="font-family:Consolas;color:#C45911;background:white"> csh/fish</span><span style="font-family:宋体;color:#C45911;background: white">,那么命令需要遵循它们语法</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_python_interpreter </span><span style="font-family:Consolas;color:#C45911;background:white">python </span><span style="font-family:宋体;color:#C45911;background:white">解释器路径,默认是</span><span style="font-family:Consolas;color:#C45911;background:white">/usr/bin/python</span><span style="font-family:宋体;color:#C45911;background:white">,但是如要要连</span><span style="font-family:Consolas;color:#C45911;background:white">*BSD</span><span style="font-family:宋体;color:#C45911;background:white">系统的话,就需要该指令修改</span><span style="font-family:Consolas;color:#C45911;background:white"> python </span><span style="font-family:宋体;color:#C45911;background: white">路径</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible_*_interpreter </span><span style="font-family:宋体;color:#C45911;background:white">这里的</span><span style="font-family:Consolas;color:#C45911;background:white">"*"</span><span style="font-family:宋体;color:#C45911;background:white">可以是</span><span style="font-family:Consolas;color:#C45911;background:white"> ruby </span><span style="font-family:宋体;color:#C45911;background:white">或</span><span style="font-family:Consolas;color:#C45911;background:white"> perl </span><span style="font-family:宋体;color:#C45911;background: white">或其他语言的解释器,作用和</span><span style="font-family:Consolas;color:#C45911;background:white"> ansible_python_interpreter </span><span style="font-family:宋体;color:#C45911;background:white">类似</span></p> <h2><span style="font-family:宋体;background:white">清单通配模式介绍</span></h2> <p><span>在Ansible中,清单一位着要管理哪些机器,在playbook中,意味着哪些主机需要应用特定的配置或者过程。</span></p> <p><span>比如我们的主机列表配置为:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.10</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">[web]</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.100</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.101</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">[db]</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.102</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m yum -a "name=nginx state=present"</span></p> <p><span>模式通常用主机组来表示,上面的命令就代表web组的所有主机</span></p> <p><span>简单介绍一下其他的匹配方式:</span></p> <p><span>通配所有主机</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">all</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">*</span></p> <p><span>通配具有规则特征的主机或者主机名</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">one.example.com</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">*.example.com</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.100</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.*</span></p> <p><span>通配两个组的所有主机,组名之间通过冒号隔开,表示OR的意思</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">web</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">web:db</span></p> <p><span>非模式匹配:表示在 web组不在db组的主机</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">web:!db</span></p> <p><span>交集匹配:表示同时都在 web 和db组的主机</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">web:&db</span></p> <p><span>匹配一个组的特定编号的主机(先后顺序 0 到…)</span></p> <p><span>匹配 web组的第 1 个主机</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">web[0]</span></p> <p><span>匹配 web组的第 1 个到第 25 个主机</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">web [0-25] </span><span> </span><span style="font-family:宋体;color:#C45911;background:white">官网文档是”</span><span style="font-family:Consolas;color:#C45911;background:white">:</span><span style="font-family:宋体;color:#C45911;background:white">”表示范围,测试发现应该使用”</span><span style="font-family:Consolas;color:#C45911;background:white">–</span><span style="font-family:宋体;color:#C45911;background: white">”</span><span style="font-family: Consolas;color:#C45911;background: white">,</span><span style="font-family:宋体;color:#C45911;background:white">注意不要和匹配多个主机组混淆</span></p> <p><span>组合匹配:在 web或者 db组中,必须还存在于test1组中,但是不在test2组中</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">web:db:&test1:!test2</span></p> <h2>ansible<span style="font-family:宋体">几个常用模块介绍</span></h2> <h3>shell<span style="font-family:宋体">模块</span></h3> <p><span>默认情况下,ansible使用的module 是 command,这个模块并不支持 shell 变量和管道等,若想使用shell 来执行模块,请使用-m 参数指定 shell 模块,但是值得注意的是普通的命令执行模块是通过python的ssh执行。</span></p> <p><span>使用shell模块在远程主机上执行命令:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m shell -a ‘echo $TERM’</span></p> <h3>raw<span style="font-family:宋体">模块</span></h3> <p><span>Raw</span><span>也是命令执行模块,而raw模块则是直接用ssh模块进行执行,通常用在客户机还没有python的环境的时候。</span></p> <p><span>使用raw模块在远程主机上执行命令:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m raw -a ‘echo $TERM’</span></p> <h3>copy<span style="font-family:宋体">模块</span></h3> <p><span>实现主控端向目标主机拷贝文件,类似于scp的功能</span></p> <p><span>拷贝本地的/etc/hosts 文件到 web主机组所有主机的/tmp/hosts(空目录除外)</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m copy -a "src=/etc/hosts dest=/tmp/hosts"</span></p> <h3><span style="background:white">file</span><span style="font-family:宋体;background:white">模块</span></h3> <p><span>file</span><span>模块称之为文件属性模块,可以做的操作如下:</span></p> <p><span>使用 file 模块创建文件</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m file -a "dest=/tmp/zhao/a.txt state=touch"</span></p> <p><span>file </span><span>模块允许更改文件的用户及权限</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m file -a "dest=/tmp/zhao/a.txt mode=600"</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m file -a "dest=/tmp/zhao/b.txt mode=600 owner=deploy group=root"</span></p> <p><span>使用 file 模块创建目录,类似 mkdir -p</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m file -a "dest=/tmp/yong mode=755 owner=deploy group=sa state=directory"</span></p> <p><span>使用 file 模块删除文件或者目录</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m file -a "dest=/tmp/yong state=absent"</span></p> <p><span style="font-family:宋体;color:#C45911;background:white">注:</span><span style="font-family:Consolas;color:#C45911;background:white">state</span><span style="font-family:宋体;color:#C45911;background:white">的其他选项:</span><span style="font-family:Consolas;color:#C45911;background:white">link(</span><span style="font-family:宋体;color:#C45911;background:white">链接</span><span style="font-family:Consolas;color:#C45911;background:white">)</span><span style="font-family:宋体;color:#C45911;background:white">、</span><span style="font-family:Consolas;color:#C45911;background:white">hard(</span><span style="font-family:宋体;color:#C45911;background: white">硬链接</span><span style="font-family: Consolas;color:#C45911;background: white">)</span></p> <h3>template<span style="font-family:宋体">模块</span></h3> <p><span style="font-family:宋体">根据官方的翻译是:</span>template<span style="font-family:宋体">使用了</span>Jinjia2<span style="font-family:宋体">格式作为文件模板,进行文档内变量的替换的模块。他的每次使用都会被</span>ansible<span style="font-family:宋体">标记为</span>changed<span style="font-family:宋体">状态。</span></p> <h3>stat<span style="font-family:宋体">模块</span></h3> <p><span>获取远程文件状态信息,包含atime、ctime、mtime、md5、uid、gid等</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m stat -a "path=/tmp/zhao/a.txt"</span></p> <h3><span style="font-family:宋体">管理软件模块</span></h3> <p><span>apt</span><span>、yum模块分别用于管理ubuntu系列和redhat系列系统软件包</span></p> <p><span>安装nginx软件包</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m yum -a "name=nginx state=present"</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m apt -a "name=nginx state=present"</span></p> <p><span>安装包到一个特定的版本</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m yum -a "name=nginx-1.6.2 state=present"</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m apt -a "name=nginx-1.6.2 state=present"</span></p> <p><span>指定某个源仓库安装某软件包</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m yum -a "name=php55w enablerepo= remi state=present"</span></p> <p><span>更新一个软件包是最新版本</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m yum -a "name=nginx state=latest"</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m apt -a "name=nginx state=latest"</span></p> <p><span>卸载一个软件</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m yum -a "name=nginx state=absent"</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web –m apt -a "name=nginx state=absent"</span></p> <p><span>Ansible </span><span>支持很多操作系统的软件包管理,使用时 -m 指定相应的软件包管理工具模块,如果没有这样的模块,可以自己定义类似的模块或者使用 command 模块来安装软件包。</span></p> <h3><span style="background:white">User</span><span style="font-family:宋体;background:white">模块</span></h3> <p><span>使用 user 模块对于创建新用户和更改、删除已存在用户非常方便</span></p> <p><span>创建一个zhao用户并更新密码(密码必须为加密过的字符串)</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible all -m user -a "name=zhao password=</span> <span style="font-family:Consolas;color:#008200;background: white">$6$YyF5qLN8$edF1l.d/xcd9kv4ZQD/VVq5g2Uavlwoo/l.W4YVIQgsNghN4CbJKSEdZ5ihxztkYJ.bZV2PCP6MnGOioSLqUK."</span></p> <p><span>删除zhao用户</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible all -m user -a "name=zhao state=absent"</span></p> <h3>service<span style="font-family:宋体">模块</span></h3> <p><span>启动web 组所有主机的 httpd服务</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m service -a "name=httpd state=started"</span></p> <p><span>重启 web 组所有主机的 httpd服务</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m service -a "name=httpd state=restarted"</span></p> <p><span>关闭web组所有主机的 httpd服务</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ansible web -m service -a "name=httpd state=stopped"</span></p> <h2>playbook<span style="font-family:宋体">解析</span></h2> <p><span>Playbooks </span><span>是 一个不同于使用Ansible命令行执行方式的模式,其功能更强大灵活。简单来说,playbook是一个非常简单的配置管理和多主机部署系统,不同于任何已经存在的模式,可作为一个适合部署复杂应用程序的基础。Playbook可以定制配置,可以按照指定的操作步骤有序执行,支持同步和异步方式。值得注意的是playbook是通过YAML格式来进行描述定义的。基本的YMAL语法请参考</span><span style="font-family:Consolas;color:#008200;background:white">http://docs.ansible.com/YAMLSyntax.html</span></p> <h3><span style="background:white">Playbook</span><span style="font-family:宋体;background:white">组成</span></h3> <p><span style="font-family:Consolas;color:#008200;background:white">Target section </span><span style="font-family:宋体;color:#C45911;background:white">定义将要执行</span><span style="font-family:Consolas;color:#C45911;background:white"> playbook </span><span style="font-family:宋体;color:#C45911;background:white">的远程主机组</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">Variable section</span><span style="font-family:Consolas;color:#C45911;background:white"> </span><span style="font-family:宋体;color:#C45911;background:white">定义</span><span style="font-family:Consolas;color:#C45911;background:white"> playbook </span><span style="font-family:宋体;color:#C45911;background:white">运行时需要使用的变量</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">Task section </span><span style="font-family:宋体;color:#C45911;background:white">定义将要在远程主机上执行的任务列表</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">Handler section </span><span style="font-family:宋体;color:#C45911;background:white">定义</span><span style="font-family:Consolas;color:#C45911;background:white"> task </span><span style="font-family:宋体;color:#C45911;background: white">执行完成以后需要调用的任务</span></p> <p> </p> <p><span>通过下面这个例子我们来简单了解一下:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">—</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">– hosts: web</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">vars:</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">worker_processes: 4</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">max_open_file: 65535</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">remote_user: deploy</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">tasks:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">– name: ensure nginx is at the latest version</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">yum: pkg=nginx state=latest</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">– name: write the nginx config file</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">template: src=/data/ansible/template/nginx.j2 dest=/etc/nginx.conf</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">notify:</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">– restart nginx</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">– name: ensure nginx is running</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">service: name=nginx state=started</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">handlers:</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">– name: restart nginx</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">service: name=nginx state=restarted</span></p> <h4><span style="font-family:宋体">主机和用户</span></h4> <p><span>在playbook中的每一个play都可以选择在哪些机器和以什么用户完成,hosts一行可以是一个主机组或者主机或者主机也可以是多个,中间以冒号分隔,可以参考前面提到的清单通配模式:其中remote_user表示执行的用户账号</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">—</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">– hosts: web</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">remote_user: root</span></p> <p><span>每个任务都可以定义自己的用户</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">—</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">– hosts: web</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">remote_user: root</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">tasks:</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">– name: test connection</span></p> <p style="text-indent:77px"><span style="font-family:Consolas;color:#008200;background:white">ping:</span></p> <p style="text-indent:77px"><span style="font-family:Consolas;color:#008200;background:white">remote_user: yourname</span></p> <p><span>在 playbook中使用sudo</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">—</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">– hosts: web</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">remote_user: yourname</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">sudo: yes</span></p> <p><span>在一个任务中使用sudo</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">—</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">– hosts: web</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">remote_user: yourname</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">tasks:</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">– service: name=nginx state=started</span></p> <p style="text-indent:70px"><span style="font-family:Consolas;color:#008200;background:white">sudo: yes</span></p> <p><span>登陆后 sudo 到其他用户执行</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">—</span></p> <p style="text-indent:14px"><span style="font-family:Consolas;color:#008200;background:white">– hosts: web</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">remote_user: yourname</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">sudo: yes</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">sudo_user: postgres</span></p> <p><span>注释:在使用 sudo_user 切换到非 root 用户时,Ansible 会将模块参数(非密码选项参数)记录到/tmp 下的一个临时随机文件,命令执行完后会删除;当 sudo 到 root 或者普通用户登陆时并不记录</span></p> <h4><span style="font-family:宋体;background:white">任务列表</span></h4> <p><span>所有定义的任务列表(tasks list),playbook将按照定义的配置文件自上而下的顺序执行,定义的主机都将得到相同的任务,但是执行的返回结果不一定保存一致,取决于主机的环境及程序包状态。建议每个任务事件都要定义一个name标签,好处是增强可读性,也便于观察结果输出时了解运行的位置。下面就一service模块为例来定义一个任务,service: key=value参数,具体请参考模块的详细介绍</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">tasks:</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#008200;background:white">– name: ensure nginx is running</span></p> <p style="text-indent:42px"><span style="font-family:Consolas;color:#008200;background:white">service: name=nginx state=started</span></p> <p><span>command </span><span>和 shell 模块不需要增加 key</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">tasks:</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#008200;background:white">– name: disable selinux</span></p> <p style="text-indent:35px"><span style="font-family:Consolas;color:#008200;background:white">command: setenforce 0</span></p> <p><span>command</span><span>和shell模块关注命令或者脚本执行后返回值,如果命令成功执行返回结果不是0的情况下可以使用以下方法:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">tasks:</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#008200;background:white">– name: disable selinux</span></p> <p style="text-indent:35px"><span style="font-family:Consolas;color:#008200;background:white">command: setenforce 0</span></p> <p> <span style="font-family:Consolas;color:#008200;background:white">ignore_errors: True</span></p> <p><span>如果在任务中参数过长可以回车使用空格缩进</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">tasks:</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#008200;background:white">– name: Copy ansible inventory file to client</span></p> <p style="text-indent:42px"><span style="font-family:Consolas;color:#008200;background:white">copy: src=/etc/ansible/hosts dest=/tmp/hosts</span></p> <p style="text-indent:91px"><span style="font-family:Consolas;color:#008200;background:white">owner=root group=root mode=0644</span></p> <h4><span style="font-family:宋体">变量的使用</span></h4> <p><span>如何创建一个有效的变量名</span></p> <p style="text-indent:7px"><span>变量名应该由字母、数组和下划线组成,以字母开头。例如:foo_port、foo5 就是很好的变量名,而 foo-port、foo port、foo.port、12 都是无效的变量名</span></p> <p><span>在 在 playbook 中如何定义变量</span></p> <p style="text-indent:7px"><span style="font-family:Consolas;color:#008200;background:white">– hosts: webservers</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">vars:</span></p> <p style="text-indent:42px"><span style="font-family:Consolas;color:#008200;background:white">http_port: 80</span></p> <p><span>变量这一块就不多提了,针对这一块了解甚微,如有需要请自行查找,这里简单介绍一下jinja2过滤器中的register关键字,register关键字的作用是将命令执行的结果保存为变量,结果会因为模块不同而不同,在运行ansible-playbook时增加-v参数就可以看到results可能的值。比如:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">—</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">– hosts: local</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> remote_user: root</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> tasks:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> – name: Get server Time</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> shell: date +%Y-%m-%d_%H_%M</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> </span><span style="font-family:Consolas;color:red;background:white">register</span><span style="font-family:Consolas;color:#008200;background:white">: </span><span style="font-family:Consolas;color:red;background:white">Time</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> ignore_errors: True</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> – name: Create a file</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> shell: touch /tmp/zhao{{Time.stdout}}.txt</span></p> <p><span>执行结果如下:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$ ansible-playbook 2.yml -v</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">PLAY [local] ****************************************************************** </span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">GATHERING FACTS *************************************************************** </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">ok: [192.168.1.52]</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">TASK: [Get server Time] ******************************************************* </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">changed: [192.168.1.52] => {"changed": true, </span><span style="font-family:Consolas;color:red;background:white">"cmd": "date +%Y-%m-%d_%H_%M"</span><span style="font-family:Consolas;color:#008200;background:white">, "delta": "0:00:00.002363", "end": "2015-06-19 11:06:12.359652", "rc": 0, "start": "2015-06-19 11:06:12.357289", "stderr": "", "</span><span style="font-family: Consolas;color:red;background:white">stdout": "2015-06-19_11_06</span><span style="font-family:Consolas;color:#008200;background:white">", "warnings": []}</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">TASK: [Create a file] ********************************************************* </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">changed: [192.168.1.52] => {"changed": true, </span><span style="font-family:Consolas;color:red;background:white">"cmd": "touch /tmp/zhao2015-06-19_11_06.txt"</span><span style="font-family:Consolas;color:#008200;background: white">, "delta": "0:00:00.002386", "end": "2015-06-19 11:06:12.631204", "rc": 0, "start": "2015-06-19 11:06:12.628818", "stderr": "", "stdout": "", "warnings": ["Consider using file module with state=touch rather than running touch"]}</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">PLAY RECAP ******************************************************************** </span></p> <p><span style="font-family:Consolas;color:#008200;background:white">192.168.1.52 : ok=3 changed=2 unreachable=0 failed=0 </span></p> <p><span>通过上面这个例子我们可以看到task的执行输出和facts一样的,我们可以通过jinja2模板获取变量值:</span><span style="font-family:Consolas;color:red;background:white">{{Time.stdout}}</span><span style="font-family:宋体;color:red;background:white">、</span><span style="font-family:Consolas;color:red;background:white">{{Time.cmd}}</span><span>等等</span></p> <h4><span style="background:white">Notify</span><span style="font-family:宋体;background:white">和</span><span style="background:white">Handles</span></h4> <p style="line-height: 28px;background: white"><span>用于当关注的资源发生变化时采取一定的操作。</span></p> <p style="line-height: 28px;background: white"><span>“notify”这个action可用于在每个play的最后被触发,这样可以避免多次有改变发生时每次都执行指定的操作,取而代之,仅在所有的变化发生完成后一次性地执行指定操作。在notify中列出的操作称为handler,也即notify中调用handler中定义的操作。</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">– name: template configuration file</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> template: src=template.j2 dest=/etc/foo.conf</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> notify:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> – restart memcached</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> – restart apache</span></p> <p style="line-height: 28px;background: white"><span>handler</span><span>是task列表,这些task与前述的task并没有本质上的不同。</span></p> <p><span style="font-family: 宋体"> </span><span style="font-family:Consolas;color:#008200;background:white">handlers:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> – name: restart memcached</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> service: name=memcached state=restarted</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> – name: restart apache</span></p> <p><span style="font-family:Consolas;color:#008200;background:white"> service: name=apache state=restarted</span></p> <h4><span style="font-family:宋体;background:white">角色定义使用</span></h4> <p><span>Roles</span><span>在Ansible1.2+版本中所被支持,主要是为了更好的组织playbooks。</span></p> <p><span>举例说明:</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">site.yml</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">webservers.yml</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">fooservers.yml</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">roles/</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background: white">common/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">files/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">templates/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">tasks/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">handlers/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">vars/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">defaults/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">meta/</span></p> <p style="text-indent:28px"><span style="font-family:Consolas;color:#008200;background:white">webservers/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">files/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">templates/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">tasks/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">handlers/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">vars/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">defaults/</span></p> <p style="text-indent:49px"><span style="font-family:Consolas;color:#008200;background:white">meta/</span></p> <p><span>在 playbook 中可以这样使用 roles</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">—</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">– hosts: webservers</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#008200;background:white">roles:</span></p> <p style="text-indent:35px"><span style="font-family:Consolas;color:#008200;background:white">– common</span></p> <p style="text-indent:35px"><span style="font-family:Consolas;color:#008200;background:white">– webservers</span></p> <p><span style="font-family:Consolas;color:#C45911;background:white">roles </span><span style="font-family:宋体;color:#C45911;background: white">目录结构说明:</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#C45911;background:white">tasks</span><span style="font-family:宋体;color:#C45911;background:white">、</span><span style="font-family:Consolas;color:#C45911;background:white">handlers</span><span style="font-family:宋体;color:#C45911;background: white">、</span><span style="font-family: Consolas;color:#C45911;background: white">vars</span><span style="font-family:宋体;color:#C45911;background:white">(只对当前</span><span style="font-family:Consolas;color:#C45911;background:white"> role </span><span style="font-family:宋体;color:#C45911;background:white">有效)、</span><span style="font-family:Consolas;color:#C45911;background:white">meta</span><span style="font-family:宋体;color:#C45911;background:white">(定义</span><span style="font-family:Consolas;color:#C45911;background:white"> role </span><span style="font-family:宋体;color:#C45911;background: white">间的直接依赖关系)目录内存在</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#C45911;background:white">main.yml </span><span style="font-family:宋体;color:#C45911;background:white">文件时会将对应的任务、处理、变量和</span><span style="font-family:Consolas;color:#C45911;background:white"> meta </span><span style="font-family:宋体;color:#C45911;background:white">添加到</span><span style="font-family:Consolas;color:#C45911;background:white"> play</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#C45911;background:white">files </span><span style="font-family:宋体;color:#C45911;background:white">存放文件,</span><span style="font-family:Consolas;color:#C45911;background:white">ansible </span><span style="font-family:宋体;color:#C45911;background:white">默认会从这里找文件,对应</span><span style="font-family:Consolas;color:#C45911;background:white"> task </span><span style="font-family:宋体;color:#C45911;background:white">里面的</span><span style="font-family:Consolas;color:#C45911;background:white"> copy</span><span style="font-family:宋体;color:#C45911;background:white">、</span><span style="font-family:Consolas;color:#C45911;background:white">script </span><span style="font-family:宋体;color:#C45911;background: white">模块</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#C45911;background:white">template </span><span style="font-family:宋体;color:#C45911;background:white">存放模板,对应</span><span style="font-family:Consolas;color:#C45911;background:white"> task </span><span style="font-family:宋体;color:#C45911;background:white">里面的</span><span style="font-family:Consolas;color:#C45911;background:white"> template </span><span style="font-family:宋体;color:#C45911;background:white">模块</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#C45911;background:white">tasks </span><span style="font-family:宋体;color:#C45911;background:white">存放任务,</span><span style="font-family:Consolas;color:#C45911;background:white">include </span><span style="font-family:宋体;color:#C45911;background:white">默认读取这里的任务</span></p> <p style="text-indent:21px"><span style="font-family:Consolas;color:#C45911;background:white">defaults </span><span style="font-family:宋体;color:#C45911;background:white">默认的变量存放位置,使用</span><span style="font-family:Consolas;color:#C45911;background:white">/devaults/main.yml,</span><span style="font-family:宋体;color:#C45911;background:white">相对其他参数变量设置的优先级最低</span></p> <p><span style="font-family:宋体;color:#C45911;background:white">注释:</span><span style="font-family:Consolas;color:#C45911;background:white">Ansible1.4+</span><span style="font-family:宋体;color:#C45911;background:white">以后的版本,可以通过</span><span style="font-family:Consolas;color:#C45911;background:white"> roles_path </span><span style="font-family:宋体;color:#C45911;background:white">参数配置</span><span style="font-family:Consolas;color:#C45911;background:white"> roles </span><span style="font-family:宋体;color:#C45911;background:white">路径,多路径使用冒号分隔,可以将常见角色集中存放,指定</span><span style="font-family:Consolas;color:#C45911;background:white"> roles </span><span style="font-family:宋体;color:#C45911;background:white">路径,这样多个</span><span style="font-family:Consolas;color:#C45911;background:white"> playbook </span><span style="font-family:宋体;color:#C45911;background:white">可以共用</span></p> <h4><span style="font-family:宋体">运行</span>Playbook</h4> <p><span>查看模块执行成功与否的详细信息</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$ansible-playbook playbook.yml –v</span></p> <p><span>查看一个 playbook 中都会对哪些主机产生影响</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$ansible-playbook playbook.yml –list-hosts</span></p> <p><span>查看都有哪些任务要执行</span></p> <p><span style="font-family:Consolas;color:#008200;background:white">$ansible-playbook playbook.yml –list-tasks</span></p> <p></p> <p></p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信