Ansible之playbook&&roles

运维:
	手动 --> 标准化-->工具化-->自动化 --> 智能化
	
工具化:
	OS Install:PXE,Cobbler;Virtualization & Cloud Computing
	OS Config:ansible,fabric,puppet,saltstack,chef,cfengine,...
	Deploy:fabric,ansible,...
	Task Exec:fabric,ansible,func,...

YAML语法格式


ansible之Playbook

Playbook的核心元素:
	Hosts:关联到的主机
	Tasks:任务列表,要做哪些事
	Variables:变量
	Templates:包含了模板语法的文本文件;
	Handlers:由特定条件触发的任务;
	Roles:
	
	playbook的基础组件:
		Hosts:运行指定任务的目标主机;
		remoute_user:在远程主机上执行任务的用户;
			sudo_user:
		tasks:任务列表
			模块,模块参数;
			格式:
				(1)action:module arguments
				(2)module:arguments
				
				注意:shell和command模块后面直接跟命令,而非key=value类的参数列表;
		
			(1)某任务的状态在运行后为changed时,可通过“notify”通知给相应的handlers;
			(2)任务可以通过“tags”打标签,而后可在ansible-playbook命令上使用-t指定进行调用;
			
		运行playbook的方式:
			(1)测试:
				ansible-playbook --check
					只检测可能会发生的改变,但不真正执行操作;
				ansible-playbook --list-hosts
					列出运行任务的主机;
			(2)运行
		
		handlers:
			任务,在特定条件下触发;
			接收到其它任务的通知时被触发;
				notify:HANDLER TASK NAME
		
		variables:
			(1)facts:可直接调用;
				注意:可使用setup模块直接获取目标主机的facters;
				ansible 192.168.0.111 -m setup | less
				
			(2)用户自定义变量:变量引用: {{ variable }}
				(a) ansible-playbook命令的命令行中的:
					-e VARS,--extra-vars=VARS
			
				(b) 在playbook中定义变量的方法:
					vars:
						- var1: value1
						- var2: value2 
			
			(3) 通过roles传递变量;
			(4) Host Inventory;
				(a) 向不同的主机传递不同的变量;
					IP/HOSTNAME variable=value var2=value2
				(b) 向组中的主机传递相同的变量;
                    [groupname:vars]
                    variable=value
			
				注意:invertory参数:
					用于定义ansible远程连接目标主机时使用的参数,而非传递给playbook的变量;
						ansible_ssh_host
						ansible_ssh_port
						ansible_ssh_user
						ansible_ssh_pass
						ansible_sudo_pass
					...
					
			模块:
				template模块:基于模板方式生成一个文件复制到远程主机
	
ansible-playbook --help
	-C
    -D
    -e
    -f FORKS,--forks=FORKS
    -i INVENTORY
    -l SUBNET,--limit=SUBNET
    --list-hosts
    --list-tags
    --list-tasks
    -M MODULE_PATH
	--step:单步执行

	--syntax-check

ansible-playbook --list-hosts --list-tasks first.yaml
ansible-playbook -C first.yaml # 干跑

案例

vim first.yml
- hosts: all
  remote_user: root
  tasks:
  - name: install redis
    yum: name=redis state=latest
  - name: start redis
    service: name=redis state=started
ansible 192.168.0.111 -m fetch -a "src=/etc/redis.conf dest=./"
vim ~/playbooks/redis.conf
	# bind 127.0.0.1
	bind 0.0.0.0
	# requirepass foobared
	requirepass admin123 
vim first.yml
- hosts: all
  remote_user: root
  tasks:
  - name: install redis
    yum: name=redis state=latest
  - name: copy config file
  	copy: "src=/root/playbooks/redis.conf dest=/etc/redis.conf"
  - name: start redis
    service: name=redis state=started
ansible-playbook syntax-check first.yml
ansible-playbook -C first.yml

ansible-playbook  first.yml

再次修改配置文件,如何热加载配置文件?可以通过handlers,在某个任务上添加属性notify,notify和handlers的name对应的名称要一致。如果配置文件没改变,handlers是不会触发的。

vim second.yml
- hosts: all
  remote_user: root
  tasks:
  - name: install redis
    yum: name=redis state=latest
  - name: copy config file
  	copy: "src=/root/playbooks/redis.conf dest=/etc/redis.conf"
    notify: restart redis
  - name: start redis
    service: name=redis state=started
  handlers:
    - name:restart redis  # notify通过其定义的名称,去找handlers的name触发,所以notify的名称要和这里的name一致
      service: name=redis state=restarted
vim ~/playbooks/redis.conf
	requirepass admin123123

ansible-playbook second.yml

在192.168.0.111机器上:
	redis-cli
	auth admin123123 # 认证成功

如果我们只想跑某个任务,可以使用tags打标签,然后跑任务时加上 -t参数

vim second.yml
- hosts: all
  remote_user: root
  tasks:
  - name: install redis
    yum: name=redis state=latest
  - name: copy config file
  	copy: "src=/root/playbooks/redis.conf dest=/etc/redis.conf"
    notify: restart redis
    tags:configfile
  - name: start redis
    service: name=redis state=started
  handlers:
    - name:restart redis  # notify通过其定义的名称,去找handlers的name触发,所以notify的名称要和这里的name一致
      service: name=redis state=restarted



ansible-playbook -t configfile second.yml

# 再次修改本地redis.conf文件中的密码为admin123
vim ~/playbooks/redis.conf
	requirepass admin123

ansible-playbook -t configfile second.yml # 如下图,通过tags标签copy这个任务,只跑了copy,而我们修改了redis.conf文件,又触发了handlers任务。

yum install facter 
facter -p  # 查看当前主机上的变量
vim third.yml
	- hosts: 192.168.0.111
	  remote_user: root
	  tasks:
	  - name: copy file
        copy: content={{ ansible_env }} dest=/tmp/ansible.env
	  

variables的三种自定义方式

vim var.yml

- hosts: websrvs
  remote_user: root
  vars: # 直接在playbook中定义变量
  - pbvar: playbook variable testing  
  tasks:
  - name: command line variables # 使用ansible-playbook命令行传递变量值
    copy: content={{ cmdvar }} dest=/tmp/cmd.var
  - name: playbook variables
    copy: content={{ pbvar }} dest=/tmp/pb.var
  - name: host iventory variables  # 使用主机清单定义变量,如下图
    copy: content={{ http_port }} dest=/tmp/http_port.var

编辑/etc/ansible/hosts文件传递变量:


补充模块

setup模块:

template模块:基于模板方式生成一个文件复制到远程主机
	
	*src=
	*dest=
	owner=
	group=
	mode=
	
	模板:templates
		ansible-doc -s template
		文本文件,嵌套有脚本 (使用模板编程语言编写)
			Jinja2:	
				字面量:
					字符串:使用单引号或双引号;
					数字:证书,浮点数;
					列表:[item1,item2,...]
					元组:[item1,item2,...]
					字典:{key1:value1,key2:value2,...}
					布尔值:true/false
				
				算数运算:
					+,-,*,/,//,%,**
				比较操作:
					==,!=,>,>=,<,<=
				逻辑运算:
					and,or,not

			示例:
				- hosts: websrvs
				remote_user: root
				tasks:
				  - name: install nginx
				  yum: name=nginx state=present
				  - name: install conf file
				  template: src=files/nginx.conf.j2 dest=/etc/nginx/nginx.conf
				  notify: restart nginx
				  tags: instconf
				  - name: start nginx service
				  service: name=nginx state=started
				  handlers:
				  - name: restart nginx
				  service: name=nginx state=restarted
				  
				  模板配置文件: nginx.conf.j2
				  worker_processes {{ ansible_processor_vcpus }};
				  listen {{ http_port }};

template模板使用案例

ansible 192.168.0.111 -m setup | less  # 通过setup模块查看192.168.0.111虚拟机上的内置变量,得到ansible_default_ipv4有address属性
cp /root/playbooks/redis.conf{,.j2}
vim /root/playbooks/redis.conf.j2
	bind {{ ansible_default_ipv4.address }}

vim template.yml
	- hosts: 192.168.0.111
  remote_user: root
  tasks:
  - name: install config file
    template: src=/root/playbooks/redis.conf.j2 dest=/tmp/redis.conf

ansible-playbook template.yml

在192.168.0.111虚拟机上,查看配置文件/tmp/redis.conf的bind后的变量是否被渲染出来:# 如下图

将template.yml文件中的hosts改成all,再次执行 ansible-playbook template.yml,192.168.0.112的/tmp/redis.conf 中的bind后的变量也被渲染出来,如下图:

案例:使用template在被ansible主机控制的主机上监听一个额外的端口

vim /root/playbooks/mylisten.conf
	Listen {{ http_port }}  # 这个变量在/etc/ansible/hosts文件中

vim /root/playbooks/httpd.yml

- hosts: websrvs
  remote_user: root
  tasks:
  - name: install httpd
    yum: name=httpd state=latest
  - name: install config file
    template: src=/root/playbooks/mylisten.conf dest=/etc/httpd/conf.d/mylisten.conf
    notify: restart httpd
  - name: start httpd
    service: name=httpd state=started
  handlers:
  - name: restart httpd
    service: name=httpd state=restarted

案例:nginx启动的进程数是cpu核心数和cpu个数的乘积减1

cp /etc/nginx/nginx.conf /root/playbooks/nginx.conf.j2

ansible 192.168.0.111 -m setup | less
	   ansible_processor_cores:"2"
       ansible_processor_vcpus:"2"

vim nginx.conf.j2
	worker_processes {{ ansible_processor_cores*ansible_processor_vcpus-1 }};

vim nginx.yml
    - hosts: websrvs
      remote_user: root
      tasks:
      - name: install nginx
        yum: name=nginx state=latest
      - name: change nginx.conf
        template: src=/root/playbooks/nginx.conf.j2 dest=/etc/nginx/nginx.conf
        notify: restart nginx
      - name: start nginx
        service: name=nginx state=started
      handlers:
      - name: restart nginx
        service: name=nginx state=restarted

ansible-playbook -C nginx.yml
ansible-plabook nginx.yml

当再次修改/root/playbooks/nginx.conf.j2,就会触发handlers,重新加载nginx配置文件(nginx.conf)

条件测试(when)和循环(迭代)

条件测试:
	when语句:在task中使用,jinja2的语法格式
		tasks:
		- name: install conf file to centos7
		  template: src=files/nginx.conf.c7.j2
		  when: ansible_distribution_major_version == "7"
		- name: install conf file to cnetos6
		  template: src=files/nginx.conf.c6.j2
		  when: ansible_distribution_major_version == "6"

循环:迭代,需要重复执行的任务;
	对迭代项的引用,固定变量名为“item”,而后,要在task中使用with_items给定要迭代的元素列表;
		列表方法:
			字符串
			字典
			
	- name: install some packages
	  yum: name={{ item }} state=pretent
	  with_items:
	  - nginx
	  - memcached
	  - php-fpm
	  
	- name: add some groups
	  group: name={{ item }} state=present
	  with_items:
	  - group1
	  - group2
	  - group3
	
	- name: add some users
	  user: name={{ item.name }} group={{ item.group }} state=present
	  with_items:
	  - { name: 'user11', group: 'group11' }
	  - { name: 'user12', group: 'group12' }
	  - { name: 'user13', group: 'group13' }
	

案例:根据不同的发行版安装不同的web服务

vim os.yml
    - hosts: websrvs
      remote_user: root
      tasks:
      - name: install httpd
        yum: name=httpd state=latest
        when: ansible_os_family == "Redhat"
      - name: install apache2
        apt: name=apache2 state=latest
        when: ansible_os_family == "Debian"

ansible-playbook -C os.yml

迭代

vim iter.yml
    - hosts: websrvs
      remote_user: root
      tasks:
      - name: install {{ item }} package
        yum: name={{ item }} state=latest
        with_items:
        - tomcat
        - tomcat-webapps
        - tomcat-admin-webapps

角色(roles)

在安装nginx之前,需要配置yum仓库:epel.repo:
	这个仓库是epel-release模块:
		yum info epel-release
		yum intall epel-release
		rpm -ql epel-release

角色(roles):
	角色集合:
		roles/
			mysql/
			httpd/
			nginx/
			memcached/
	每个角色,以特定的层级目录结构进行组织:
		mysql/
			files/:存放由copy或script模块等调用的文件;
			templates/:template模块查找所需要模板文件的目录;
			tasks/:至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含;
			handlers/:至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含;
			vars/:至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含;
			meta/:至少应该包含一个名为main.yml的文件,定义当前角色的特殊设定及其依赖关系;其它的文件需要在此文件中通过include进行包含;
			default/:设定默认变量时使用此目录中的main.yml文件;
	
	在playbook调用角色方法1:
		- hosts: websrvs
		  remote_user: root
		  roles:
		  - mysql
		  - memcached
		
	在playbook调用角色方法2:传递变量给角色
		- hosts:
		  remote_user:
		  roles:
		  - { role: nginx,username: nginx }
		    键role用于指定角色名称;后续的k/v用于传递变量给角色;
		 
		还可以基于条件测试实现角色调用;
		roles:
		- { role: nginx, when: "ansible_distribution_major_version == '7'" }
ansible-vcs:可实现ansible-pull机制
	https://github.com/andrewrothstein/ansible-vcs

实战项目:
	主/备模式高可用keepalived+nginx(proxy)
	两台主机:httpd+php
	一台主机:mysql-server或mariadb-server;

http://www.ansible.com.cn


ansible在配置文件(/etc/ansible/ansible.cfg)中已经说明,它的角色应该放在 /etc/ansible/roles或/usr/share/ansible/roles目录下,才能默认被找到,不然自己修改配置文件的role_path定义路径。。。。。。# 如下图1
			

图1:

mkdir -pv /etc/ansible/roles/nginx/{files,templates,tasks,vars,handlers,meta,default}
vim /etc/ansible/roles/nginx/tasks/main.yml
    - name: install nginx
      yum: name=nginx state=latest
      when: ansible_os_family == "RedHat"
      
vim ~/playbooks/nginx_roles.yml
	- hosts: websrvs
  	remote_user: root
  	roles:
 	- nginx


ansible-playbook --syntax-check nginx_roles.yml 
ansible-playbook -C nginx_roles.yml # 如图2

图2:

(1)
cd /etc/ansible
vim roles/nginx/templates/vhost1.conf.j2
	server {
		listen 80;
		server_name {{ ansible_fqdn }};
		location / {
				root "/ngxdata/vhost1";
		}
	}
	
(2)
vim roles/nginx/tasks/main.yml
    - name: install nginx
      yum: name=nginx state=latest
      when: ansible_os_family == "RedHat"
	- name: install config file
  	  template: src=vhost1.conf.j2 dest=/etc/nginx/conf.d/vhost1.conf  # 自动去../templates中找vhost1.conf.j2文件

ansible-playbook -C nginx_roles.yml # 如下图3 

======================================================================================================

vim roles/nginx/tasks/main.yml
单独执行某个任务,添加如下两行:
	tags: conf
	notify: restart nginx
	
vim roles/nginx/handlers/main.yml
	- name: restart nginx
	  service: name=nginx state=restarted

vim roles/nginx/tasks/main.yml
	nginx没有start,也就没有restart,所以添加第三个任务:
		- name: start nginx
		  service: name=nginx state=started

vim roles/nginx/tasks/main.yml
	还需要给nginx提供一个测试页和家目录,因此还需要添加一个创建家目录的任务:
		- name: install site home directory
		  file: path={{ ngxroot }} state=directory
		- name: install index page
		  copy: src=index.html dest={{ ngxroot }}/ 

vim roles/nginx/vars/main.yml
	ngxroot: /ngxdata/vhost1 # 这是定义成的字典格式,前面不需要加'-'

vim roles/nginx/files/index.html
	<h1>Vhost1<h1>

ansible-playbook -C nginx_roles.yml # 如下图4

# 停掉192.168.0.111和192.168.0.112虚拟机上监听在80端口的服务:
ansible websrvs -m service -a "name=nginx state=stopped"

ansible-playbook  nginx_roles.yml

图3:

图4:

被管控的两台虚拟机nginx已经启动,在浏览器中能正常访问。。。

但这不是我们设定的测试页,因为我们templates中定义的变量访问的是主机名,可以更改监听端口为8080;修改roles/nginx/templates/vhost1.conf.j2 中的 listen:8080;

ansible-playbook -t conf /root/playbooks/nginx_roles.yml # 按照我们定义的tags,只跑修改nginx配置文件的这个任务,又触发handlers重载nginx。

在浏览器中访问8080端口,可以看到我们的测试页了。。。。。如下图

posted on 2021-09-03 20:05  jueyuanfengsheng  阅读(378)  评论(0编辑  收藏  举报