ansible使用jinja2管理配置文件以及jinja2语法简介
一、Jinja2介绍
Jinja2是基于python的模板引擎,功能比较类似于PHP的smarty,J2ee的Freemarker和velocity。它能完全支持unicode,并具有集成的沙箱执行环境,应用广泛。jinja2使用BSD授权
Jinja2的语法是由variables(变量)和statement(语句)组成,如下;
1、variables:可以输出数据
{{ my_variables }}
{{ some_dudes_name | capitalize }}
2、statements: 可以用来创建条件和循环等
|
1
2
3
4
5
6
7
8
9
|
if语句:{% if my_conditional %} ...{% endif %}for 语句:{% for item in all_items %}{{item}} ……{% endfor %} |
从上面第二个variables的例子中可以看出,jinja2支持使用带过滤器的Unix型管道操作符,有很多的内置过滤器可供使用。我们可以仅仅用一堆简单if和for就可以建立几乎任何的常规配置文件,不过如果你有意更进一步,jinja2 documentation (http://jinja.pocoo.org/docs/dev/)包含了很多有趣的东西可供了解。我们可以看到ansible允许在模板中使用诸如绘制时间此类的一些额外的模板变量
第一个例子:引用变量
|
1
2
3
4
5
6
7
8
9
10
11
|
#cd roles/template/.├── meta│ └── main.yml├── tasks│ ├── template.yml │ └── main.yml├── templates│ ├── order.j2└── vars └── main.yml |
总调度yml文件:
|
1
2
3
4
5
6
7
|
#cat templates.yml---- hosts: 10.0.90.27 user: root gather_facts: false roles: - role: template |
注意:这里 - role: template 和 - template 是一样的!
其他yml文件,如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
#cat tasks/main.yml- include: template.yml#cat tasks/template.yml- name: create {{ PROJECT }} directory file: dest=/data/{{ PROJECT }} state=directory- name: template transfor java dir template: src=order.j2 dest=/data/{{ PROJECT }}/order.conf#cat templates/order.j2project: {{ PROJECT }}switch: {{ SWITCH }}dbport: {{ DBPORT }}#cat vars/main.ymlPROJECT: "JAVA"SWITCH: "ON"DBPORT: "8080"测试:# ansible-playbook templates.yml --syntax-checkplaybook: templates.yml执行:# ansible-playbook templates.yml PLAY [10.0.90.27] **************************************************************TASK [template : include] ***************************************************included: /etc/ansible/roles/template/tasks/template.yml for 10.0.90.27TASK [template : create JAVA directory] *************************************changed: [10.0.90.27]TASK [template : template transfor java dir] ********************************changed: [10.0.90.27]PLAY RECAP *********************************************************************10.0.90.27 : ok=3 changed=2 unreachable=0 failed=0 到10.0.90.27查看结果#cat /data/JAVA/order.confproject: JAVAswitch: ONdbport: 8080 |
第二个例子:for 语句
为远程主机生成服务器列表,加入该列表从192.168.13.201 web01.test.com 到192.168.13.211 web11.test.com 结束,如果手动添加就很不科学了,这里需要使用jinja2语法的for循环通过模板批量生成对应的配置文件,如下:
ansible目录结构:
|
1
2
3
4
5
6
7
8
9
10
11
|
#cd /etc/ansible/roles/test_hosts.├── meta│ └── main.yml├── tasks│ ├── file1.yml│ └── main.yml├── templates│ └── test1.j2└── vars └── main.yml |
各个目录下yml文件内容:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# cat tasks/file1.yml - name: ansible jinja2 template for hosts config template: src=test1.j2 dest=/etc/httpd/conf/httpd.conf.test# cat tasks/main.yml - include: file1.yml# cat templates/test1.j2 {% for id in range(201,212) %}192.168.13.{{ id }} web{{ "%03d" |format(id-200) }}.test.com{% endfor %}解释:{{ id }} 提取for循环中对应的变量id值"%02d" 调用的是python内置的字符串格式化输出(%d格式化整数)因为是01,02这种格式,所以是保留2位,故用02然后将结果通过管道符 “|” 传递给format 函数做二次处理。 |
执行结果:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
#cat httpd.conf.test192.168.13.201 web01.test.com192.168.13.202 web02.test.com192.168.13.203 web03.test.com192.168.13.204 web04.test.com192.168.13.205 web05.test.com192.168.13.206 web06.test.com192.168.13.207 web07.test.com192.168.13.208 web08.test.com192.168.13.209 web09.test.com192.168.13.210 web10.test.com192.168.13.211 web11.test.com |
第三个例子:if语句
说明:如果定义端口号,就绑定定义的端口号,如果不定义端口号,就绑定默认端口号
|
1
2
3
4
5
6
7
8
9
10
11
|
ansible目录结果#cd /etc/ansible/roles/mysql_cnf#tree.├── meta│ └── main.yml├── tasks│ └── main.yml├── templates│ └── test3.j2└── vars |
主要的yml文件是templates目录下面的test3.j2
|
1
2
3
4
5
6
|
# cat templates/test3.j2 {% if PORT %}bind_address=10.0.90.27:{{ PORT }}{% else %}bind_address=10.0.90.27:3306{% endif %} |
playbook主文件
|
1
2
3
4
5
6
7
8
9
10
|
# cat jinj2_test.yml ---- hosts: 10.0.90.27 user: root gather_facts: false vars: PORT: 3136 tasks: - name: copy file to client template: src=/etc/ansible/roles/mysql_cnf/templates/test3.j2 dest=/root/my.cnf |
执行:
|
1
2
3
4
5
6
|
# ansible-playbook jinj2_test.ymlPLAY [10.0.90.27] **************************************************************TASK [copy file to client] *****************************************************changed: [10.0.90.27]PLAY RECAP *********************************************************************10.0.90.27 : ok=1 changed=1 unreachable=0 failed=0 |
查看
|
1
2
|
# cat my.cnf bind_address=10.0.90.27:3136 |
如果将vars变量去掉,执行结果:
|
1
2
3
4
5
6
7
8
9
10
|
# cat jinj2_test.yml ---- hosts: 10.0.90.27 user: root gather_facts: false vars: PORT: false tasks: - name: copy file to client template: src=/etc/ansible/roles/mysql_cnf/templates/test3.j2 dest=/root/my.cnf |
查看:
|
1
2
|
# cat my.cnf bind_address=10.0.90.27:3306 |
3、Jinja default()设定
精通程序编码的朋友皆知,default()默认值的设定有助于程序的健壮性和简洁性。所幸Jinja也支持该功能,上面的例子中生成Mysql配置文件中的端口定义,如果指定则PORT=3136,否则PORT=3306,我们将该案例改造为使用default()试试
编辑/etc/ansible/roles/mysql_cnf/templates/test3.j2内容如下,这种方法更简介。
bind_address=10.0.90.27:{{ PORT | default(3306) }}
二、ansible使用jiaja2生成apache多主机配置
1、创建目录,创建好之后如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
#cd /etc/ansible/roles/apache_conf# tree ././├── meta│ └── main.yml├── tasks│ ├── file.yml│ └── main.yml├── templates│ └── apache.config.j2└── vars └── main.yml4 directories, 5 files |
2、创建tasks调度文件,如下:
|
1
2
3
4
5
|
#cat file.yml - name: ansible jinja2 template for apache config template: src=apache.config.j2 dest=/etc/httpd/conf/httpd.conf.template#cat main.yml - include: file.yml |
3、创建apache的jinja2模板文件,如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
#cat apache.config.j2 NameVirtualHost *:80{% for vhost in apache_vhost %}<VirtualHost *:80>ServerName {{ vhost.servername }}DocumentRoot {{ vhost.documentroot }}{% if vhost.serveradmin is defined %}ServerAdmin {{ vhost.serveradmin }}{% endif %}<Directory "{{ vhost.documentroot }}">AllowOverride AllOptions -Indexes FollowSymLinksOrder allow,denyAllow from all</Directory></VirtualHost>{% endfor %} |
4、创建变量,如下:
|
1
2
3
4
|
#cat vars/main.ymlapache_vhost:- {servername: "apache.test1.com", documentroot: "/data/test1/"}- {servername: "apache.test2.com", documentroot: "/data/test2/"} |
5、创建总调度yml文件,如下:
|
1
2
3
4
5
6
7
|
#cat /etc/ansible/apache_test.yml ---- hosts: 10.0.90.27 user: root gather_facts: no roles: - { role: apache_conf } |
6、测试:
|
1
2
3
|
#ansible-playbook apache_test.yml --syntax-checkplaybook: apache_test.yml |
7、执行测试
|
1
2
3
4
5
6
7
8
|
#ansible-playbook apache_test.yml PLAY [10.0.90.27] **************************************************************TASK [apache_conf : include] ***************************************************included: /etc/ansible/roles/apache_conf/tasks/file.yml for 10.0.90.27TASK [apache_conf : ansible jinja2 template for apache config] *****************changed: [10.0.90.27]PLAY RECAP *********************************************************************10.0.90.27 : ok=2 changed=1 unreachable=0 failed=0 |
8、到客户端查看
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
#cat httpd.conf.template NameVirtualHost *:80<VirtualHost *:80>ServerName apache.test1.comDocumentRoot /data/test1/<Directory "/data/test1/">AllowOverride AllOptions -Indexes FollowSymLinksOrder allow,denyAllow from all</Directory></VirtualHost><VirtualHost *:80>ServerName apache.test2.comDocumentRoot /data/test2/<Directory "/data/test2/">AllowOverride AllOptions -Indexes FollowSymLinksOrder allow,denyAllow from all</Directory></VirtualHost> |
三、ansible使用jiaja2生成nginx一个模板多种不同配置
说明:为2台Nginx Proxy,1台Nginx Web通过一套模板生成对应的配置
1、ansible目录结构:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# cd roles/nginx_conf/#tree.├── files├── meta│ └── main.yml├── tasks│ ├── file.yml│ └── main.yml├── templates│ └── nginx.conf.j2└── vars └── main.yml |
2、tasks目录下文件内容:
|
1
2
3
4
5
|
#cat tasks/file.yml - name: nginx.j2 template transfer example template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf.template#cat tasks/main.yml - include: file.yml |
3、nginx模板文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
#cat templates/nginx.conf.j2 {% if nginx_use_proxy %}{% for proxy in nginx_proxies %}upstream {{ proxy.name }} #server 127.0.0.1:{{ proxy.port }}; server {{ ansible_eth0.ipv4.address }}:{{ proxy.port }};}{% endfor %}{% endif%}server { listen 80; servername {{ nginx_server_name }}; access_log off; error_log /etc/nginx/nginx_error.log; rewrite ^ https://$server_name$request_uri? permanent;}server { listen 443 ssl; server_name {{ nginx_server_name }}; ssl_certificate /etc/nginx/ssl/{{ nginx_ssl_cert_name }}; ssl_certificate_key /etc/nginx/ssl/{{ nginx_ssl_cert_key }}; root {{ nginx_web_root }}; index index.html index.html;{% if nginx_use_auth %} auth_basic "Restricted"; auth_basic_user_file /etc/nginx/{{ project_name }}.htpasswd;{% endif %}{% if nginx_use_proxy %}{% for proxy in nginx_proxies %} location {{ proxy.location }} { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Url-Scheme $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; proxy_pass http://{{ proxy.name }}; break;}{% endfor %}{% endif %}{% if nginx_server_static %} location / { try_files $url $url/ =404;}{% endif %}} |
4、ansible变量文件
|
1
2
3
4
5
6
7
8
9
10
|
cat vars/main.yml nginx_server_name: www.testnginx.comnginx_web_root: /data/html/nginx_proxies:- name: suspicious location: / port: 1234- name: suspicious-api location: /api port: 4567 |
ansible主playbook文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
#cat nginx_test.yml ##The first roles- name: Nginx Proxy Server's Config Dynamic Create hosts: "10.0.90.25:10.0.90.26" remote_user: root vars: nginx_use_proxy: true nginx_ssl_cert_name: ifa.crt nginx_ssl_cert_key: ifa.key nginx_use_auth: true project_name: suspicious nginx_server_static: true gather_facts: true roles: - role: nginx_conf##The second roles- name: Nginx WebServer's Config Dynamic Create hosts: 10.0.90.27 remote_user: root vars: nginx_use_proxy: false nginx_ssl_cert_name: ifa.crt nginx_ssl_cert_key: ifa.crt nginx_use_auth: false project_name: suspicious nginx_server_static: false gather_facts: false roles: - role: nginx_conf |
5、测试并执行:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
#ansible-playbook nginx_test.yml --syntax-checkplaybook: nginx_test.yml执行:# ansible-playbook nginx_test.ymlPLAY [Nginx Proxy Server's Config Dynamic Create] ******************************TASK [setup] *******************************************************************ok: [10.0.90.25]ok: [10.0.90.26]TASK [nginx_conf : include] ****************************************************included: /etc/ansible/roles/nginx_conf/tasks/file.yml for 10.0.90.25, 10.0.90.26TASK [nginx_conf : nginx.j2 template transfer example] *************************changed: [10.0.90.26]changed: [10.0.90.25]PLAY [Nginx WebServer's Config Dynamic Create] *********************************TASK [nginx_conf : include] ****************************************************included: /etc/ansible/roles/nginx_conf/tasks/file.yml for 10.0.90.27TASK [nginx_conf : nginx.j2 template transfer example] *************************changed: [10.0.90.27]PLAY RECAP *********************************************************************10.0.90.25 : ok=3 changed=1 unreachable=0 failed=0 10.0.90.26 : ok=3 changed=1 unreachable=0 failed=0 10.0.90.27 : ok=2 changed=1 unreachable=0 failed=0 |
6、查看检测执行结果
到Nginx Proxy 服务器查看配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#cat nginx.conf.template upstream suspicious #server 127.0.0.1:1234; server 10.0.90.26:1234;}upstream suspicious-api #server 127.0.0.1:4567; server 10.0.90.26:4567;}server { listen 80; servername www.testnginx.com; access_log off; error_log /etc/nginx/nginx_error.log; rewrite ^ https://$server_name$request_uri? permanent;}server { listen 443 ssl; server_name www.testnginx.com; ssl_certificate /etc/nginx/ssl/ifa.crt; ssl_certificate_key /etc/nginx/ssl/ifa.key; root /data/html/; index index.html index.html; auth_basic "Restricted"; auth_basic_user_file /etc/nginx/suspicious.htpasswd; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Url-Scheme $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; proxy_pass http://suspicious; break;} location /api { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Url-Scheme $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; proxy_pass http://suspicious-api; break;} location / { try_files $url $url/ =404;}} |
到Nginx Web 服务器上查看配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
#cat nginx.conf.template server { listen 80; servername www.testnginx.com; access_log off; error_log /etc/nginx/nginx_error.log; rewrite ^ https://$server_name$request_uri? permanent;}server { listen 443 ssl; server_name www.testnginx.com; ssl_certificate /etc/nginx/ssl/ifa.crt; ssl_certificate_key /etc/nginx/ssl/ifa.crt; root /data/html/; index index.html index.html;} |
到这里,就结束了。用同样的模板通过简单的if和变量设置就可以完成不同类型主机的Nginx conf配置,所以一方面在了解Ansible强大的模板功能的同时,也需要看到模板质量的重要性。
