playbook 相当于多个命令的编排组合然后一起运行,类似写脚本。在学习 playbook 之前需要了解 yaml 格式。
编写playbook的步骤:
- 定义主机与用户
- 编写任务列表
- 执行 playbook
当然 playbook 支持拆分多个文件,并且可以使用多种维度的封装,例如定义变量、任务、处理程序等,鼓励代码/文件复用。
下面是安装 nginx 和 ntp server 的示例。
1、文件目录结构
[root@localhost ansible_demo]# tree nginx_ntp/
nginx_ntp/
├── group_vars
│ ├── all
│ └── webserver
├── hosts
├── roles
│ ├── common
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── ntp.conf.j2
│ │ └── vars
│ │ └── main.yml
│ └── web
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── templates
│ └── nginx2.conf
└── site.yml
11 directories, 11 files
2、Inventory 文件
[root@localhost nginx_ntp]# cat hosts
[webserver]
192.168.34.129
192.168.34.130
3、playbook 入口文件
[root@localhost nginx_ntp]# cat site.yml
---
- name: apply common configuration to all nodes
hosts: all
roles:
- common
- name: configure and deploy the webserver and application code
hosts: webserver
roles:
- web
4、组变量文件
根据 inventory 来区分,all 表示所有,webserver 则指 hosts 中的 webserver section
[root@localhost nginx_ntp]# cd group_vars/
[root@localhost group_vars]# ll
total 8
-rw-r--r--. 1 root root 32 Mar 6 18:12 all
-rw-r--r--. 1 root root 72 Mar 6 18:24 webserver
[root@localhost group_vars]# cat all
---
ntpserver: ntp.sjtu.edu.cn
[root@localhost group_vars]# cat webserver
---
worker_processes: 4
root: /data1
worker_connections: 1024
user: www
5、roles 设置
5.1、角色 common 配置,
安装 ntp server,配置文件并同步时间启动 ntp server
- 任务入口 tasks
[root@localhost nginx_ntp]# cd roles/common/tasks/
[root@localhost tasks]# cat main.yml
---
- name: install ntp server
yum: name=ntp state=present
- name: set zone info
shell: cp -rf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
- name: update time
shell: ntpdate asia.pool.ntp.org
- name: configure ntp file
template: src=ntp.conf.j2 dest=/etc/ntp.conf
notify:
- restart ntp
- name: start ntp server
service: name=ntpd state=started enabled=true
- name: test to see if selinux is running
command: getenforce
register: sestatus
changed_when: false
- name 为 configure ntp file 的任务运行后的 callback handlers
[root@localhost common]# cat handlers/main.yml
---
- name: restart ntp
service: name=ntpd state=restarted
- template 源文件
[root@localhost common]# cat templates/ntp.conf.j2
driftfile /var/lib/ntp/drift
restrict 127.0.0.1
restrict -6 :: 1
server {{ ntpserver }}
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
- role common 内置变量
[root@localhost common]# cat vars/main.yml
---
ntpserver: 210.72.145.44
5.2 角色 web 配置
安装 nginx,配置文件并启动
- 任务入口 tasks
[root@localhost web]# cat tasks/main.yml
---
- name: install nginx
yum: name=nginx state=latest
- name: add user
shell: useradd {{ user }}
- name: write config
template: src=nginx2.conf dest=/etc/nginx/nginx.conf
notify:
- restart nginx
- name: ensure nginx is running
shell: /usr/sbin/nginx -c /etc/nginx/nginx.conf
- name 为 write config 的任务运行后的 callback handlers
[root@localhost web]# cat handlers/main.yml
---
- name: restart nginx
service: name=nginx state=restarted
- template 文件
[root@localhost web]# cat templates/nginx2.conf
user www;
worker_processes {{ worker_processes }};
events {
worker_connections {{ worker_connections }};
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root {{ root }};
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
6 检查语法和运行
[root@localhost nginx_ntp]# ansible-playbook -i hosts site.yml --syntax-check
ERROR! Problem parsing file '/data1/ansible_demo/nginx_ntp/group_vars/all': line 2, column 1
发现 all 文件出错,修改后继续
[root@localhost nginx_ntp]# ansible-playbook -i hosts site.yml --syntax-check
playbook: site.yml
[root@localhost nginx_ntp]# ansible-playbook -i hosts site.yml -f 10
PLAY [apply common configuration to all nodes] **********************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************
ok: [192.168.34.130]
ok: [192.168.34.129]
TASK [common : install ntp server] **********************************************************************************************************
ok: [192.168.34.129]
ok: [192.168.34.130]
TASK [common : set zone info] ***************************************************************************************************************
changed: [192.168.34.130]
changed: [192.168.34.129]
TASK [common : update time] *****************************************************************************************************************
changed: [192.168.34.130]
changed: [192.168.34.129]
TASK [common : configure ntp file] **********************************************************************************************************
changed: [192.168.34.129]
changed: [192.168.34.130]
TASK [common : start ntp server] ************************************************************************************************************
changed: [192.168.34.130]
changed: [192.168.34.129]
TASK [common : test to see if selinux is running] *******************************************************************************************
ok: [192.168.34.130]
ok: [192.168.34.129]
RUNNING HANDLER [common : restart ntp] ******************************************************************************************************
changed: [192.168.34.129]
changed: [192.168.34.130]
PLAY [configure and deploy the webserver and application code] ******************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************
ok: [192.168.34.130]
ok: [192.168.34.129]
TASK [web : install nginx] ******************************************************************************************************************
ok: [192.168.34.130]
ok: [192.168.34.129]
TASK [web : add user] ***********************************************************************************************************************
changed: [192.168.34.129]
changed: [192.168.34.130]
TASK [web : write config] *******************************************************************************************************************
changed: [192.168.34.129]
changed: [192.168.34.130]
TASK [web : ensure nginx is running] ********************************************************************************************************
changed: [192.168.34.129]
changed: [192.168.34.130]
RUNNING HANDLER [web : restart nginx] *******************************************************************************************************
changed: [192.168.34.129]
changed: [192.168.34.130]
PLAY RECAP **********************************************************************************************************************************
192.168.34.129 : ok=14 changed=9 unreachable=0 failed=0
192.168.34.130 : ok=14 changed=9 unreachable=0 failed=0
[root@localhost nginx_ntp]#
7、被控机验证
[root@localhost yum.repos.d]# ps -ef | grep ntp ntp 39081 1 0 18:26 ? 00:00:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g root 39384 2517 0 18:27 pts/0 00:00:00 grep ntp [root@localhost yum.repos.d]# ps -ef | grep nginx root 39370 1 0 18:26 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf www 39372 39370 0 18:26 ? 00:00:00 nginx: worker process www 39373 39370 0 18:26 ? 00:00:00 nginx: worker process www 39374 39370 0 18:26 ? 00:00:00 nginx: worker process www 39375 39370 0 18:26 ? 00:00:00 nginx: worker process root 39420 2517 0 19:03 pts/0 00:00:00 grep nginx