zoukankan      html  css  js  c++  java
  • Ansible之playbook&&roles

    运维:
    	手动 --> 标准化-->工具化-->自动化 --> 智能化
    	
    工具化:
    	OS Install:PXE,Cobbler;Virtualization & Cloud Computing
    	OS Config:ansible,fabric,puppet,saltstack,chef,cfengine,...
    	Deploy:fabric,ansible,...
    	Task Exec:fabric,ansible,func,...
    

    YAML语法格式

    
    

    ansible之Playbook

    Playbook的核心元素:
    	Hosts:关联到的主机
    	Tasks:任务列表,要做哪些事
    	Variables:变量
    	Templates:包含了模板语法的文本文件;
    	Handlers:由特定条件触发的任务;
    	Roles:
    	
    	playbook的基础组件:
    		Hosts:运行指定任务的目标主机;
    		remoute_user:在远程主机上执行任务的用户;
    			sudo_user:
    		tasks:任务列表
    			模块,模块参数;
    			格式:
    				(1)action:module arguments
    				(2)module:arguments
    				
    				注意:shell和command模块后面直接跟命令,而非key=value类的参数列表;
    		
    			(1)某任务的状态在运行后为changed时,可通过“notify”通知给相应的handlers;
    			(2)任务可以通过“tags”打标签,而后可在ansible-playbook命令上使用-t指定进行调用;
    			
    		运行playbook的方式:
    			(1)测试:
    				ansible-playbook --check
    					只检测可能会发生的改变,但不真正执行操作;
    				ansible-playbook --list-hosts
    					列出运行任务的主机;
    			(2)运行
    		
    		handlers:
    			任务,在特定条件下触发;
    			接收到其它任务的通知时被触发;
    				notify:HANDLER TASK NAME
    		
    		variables:
    			(1)facts:可直接调用;
    				注意:可使用setup模块直接获取目标主机的facters;
    				ansible 192.168.0.111 -m setup | less
    				
    			(2)用户自定义变量:变量引用: {{ variable }}
    				(a) ansible-playbook命令的命令行中的:
    					-e VARS,--extra-vars=VARS
    			
    				(b) 在playbook中定义变量的方法:
    					vars:
    						- var1: value1
    						- var2: value2 
    			
    			(3) 通过roles传递变量;
    			(4) Host Inventory;
    				(a) 向不同的主机传递不同的变量;
    					IP/HOSTNAME variable=value var2=value2
    				(b) 向组中的主机传递相同的变量;
                        [groupname:vars]
                        variable=value
    			
    				注意:invertory参数:
    					用于定义ansible远程连接目标主机时使用的参数,而非传递给playbook的变量;
    						ansible_ssh_host
    						ansible_ssh_port
    						ansible_ssh_user
    						ansible_ssh_pass
    						ansible_sudo_pass
    					...
    					
    			模块:
    				template模块:基于模板方式生成一个文件复制到远程主机
    	
    
    ansible-playbook --help
    	-C
        -D
        -e
        -f FORKS,--forks=FORKS
        -i INVENTORY
        -l SUBNET,--limit=SUBNET
        --list-hosts
        --list-tags
        --list-tasks
        -M MODULE_PATH
    	--step:单步执行
    
    	--syntax-check
    
    ansible-playbook --list-hosts --list-tasks first.yaml
    ansible-playbook -C first.yaml # 干跑
    

    案例

    vim first.yml
    - hosts: all
      remote_user: root
      tasks:
      - name: install redis
        yum: name=redis state=latest
      - name: start redis
        service: name=redis state=started
    
    ansible 192.168.0.111 -m fetch -a "src=/etc/redis.conf dest=./"
    
    vim ~/playbooks/redis.conf
    	# bind 127.0.0.1
    	bind 0.0.0.0
    	# requirepass foobared
    	requirepass admin123 
    
    vim first.yml
    - hosts: all
      remote_user: root
      tasks:
      - name: install redis
        yum: name=redis state=latest
      - name: copy config file
      	copy: "src=/root/playbooks/redis.conf dest=/etc/redis.conf"
      - name: start redis
        service: name=redis state=started
    
    ansible-playbook syntax-check first.yml
    ansible-playbook -C first.yml
    
    ansible-playbook  first.yml
    

    再次修改配置文件,如何热加载配置文件?可以通过handlers,在某个任务上添加属性notify,notify和handlers的name对应的名称要一致。如果配置文件没改变,handlers是不会触发的。

    vim second.yml
    - hosts: all
      remote_user: root
      tasks:
      - name: install redis
        yum: name=redis state=latest
      - name: copy config file
      	copy: "src=/root/playbooks/redis.conf dest=/etc/redis.conf"
        notify: restart redis
      - name: start redis
        service: name=redis state=started
      handlers:
        - name:restart redis  # notify通过其定义的名称,去找handlers的name触发,所以notify的名称要和这里的name一致
          service: name=redis state=restarted
    
    vim ~/playbooks/redis.conf
    	requirepass admin123123
    
    ansible-playbook second.yml
    
    在192.168.0.111机器上:
    	redis-cli
    	auth admin123123 # 认证成功
    

    如果我们只想跑某个任务,可以使用tags打标签,然后跑任务时加上 -t参数

    vim second.yml
    - hosts: all
      remote_user: root
      tasks:
      - name: install redis
        yum: name=redis state=latest
      - name: copy config file
      	copy: "src=/root/playbooks/redis.conf dest=/etc/redis.conf"
        notify: restart redis
        tags:configfile
      - name: start redis
        service: name=redis state=started
      handlers:
        - name:restart redis  # notify通过其定义的名称,去找handlers的name触发,所以notify的名称要和这里的name一致
          service: name=redis state=restarted
    
    
    
    ansible-playbook -t configfile second.yml
    

    # 再次修改本地redis.conf文件中的密码为admin123
    vim ~/playbooks/redis.conf
    	requirepass admin123
    
    ansible-playbook -t configfile second.yml # 如下图,通过tags标签copy这个任务,只跑了copy,而我们修改了redis.conf文件,又触发了handlers任务。
    

    yum install facter 
    facter -p  # 查看当前主机上的变量
    
    vim third.yml
    	- hosts: 192.168.0.111
    	  remote_user: root
    	  tasks:
    	  - name: copy file
            copy: content={{ ansible_env }} dest=/tmp/ansible.env
    	  
    

    variables的三种自定义方式

    vim var.yml
    
    - hosts: websrvs
      remote_user: root
      vars: # 直接在playbook中定义变量
      - pbvar: playbook variable testing  
      tasks:
      - name: command line variables # 使用ansible-playbook命令行传递变量值
        copy: content={{ cmdvar }} dest=/tmp/cmd.var
      - name: playbook variables
        copy: content={{ pbvar }} dest=/tmp/pb.var
      - name: host iventory variables  # 使用主机清单定义变量,如下图
        copy: content={{ http_port }} dest=/tmp/http_port.var
    

    编辑/etc/ansible/hosts文件传递变量:


    补充模块

    setup模块:
    
    template模块:基于模板方式生成一个文件复制到远程主机
    	
    	*src=
    	*dest=
    	owner=
    	group=
    	mode=
    	
    	模板:templates
    		ansible-doc -s template
    		文本文件,嵌套有脚本 (使用模板编程语言编写)
    			Jinja2:	
    				字面量:
    					字符串:使用单引号或双引号;
    					数字:证书,浮点数;
    					列表:[item1,item2,...]
    					元组:[item1,item2,...]
    					字典:{key1:value1,key2:value2,...}
    					布尔值:true/false
    				
    				算数运算:
    					+,-,*,/,//,%,**
    				比较操作:
    					==,!=,>,>=,<,<=
    				逻辑运算:
    					and,or,not
    
    			示例:
    				- hosts: websrvs
    				remote_user: root
    				tasks:
    				  - name: install nginx
    				  yum: name=nginx state=present
    				  - name: install conf file
    				  template: src=files/nginx.conf.j2 dest=/etc/nginx/nginx.conf
    				  notify: restart nginx
    				  tags: instconf
    				  - name: start nginx service
    				  service: name=nginx state=started
    				  handlers:
    				  - name: restart nginx
    				  service: name=nginx state=restarted
    				  
    				  模板配置文件: nginx.conf.j2
    				  worker_processes {{ ansible_processor_vcpus }};
    				  listen {{ http_port }};
    

    template模板使用案例

    ansible 192.168.0.111 -m setup | less  # 通过setup模块查看192.168.0.111虚拟机上的内置变量,得到ansible_default_ipv4有address属性
    cp /root/playbooks/redis.conf{,.j2}
    vim /root/playbooks/redis.conf.j2
    	bind {{ ansible_default_ipv4.address }}
    
    vim template.yml
    	- hosts: 192.168.0.111
      remote_user: root
      tasks:
      - name: install config file
        template: src=/root/playbooks/redis.conf.j2 dest=/tmp/redis.conf
    
    ansible-playbook template.yml
    
    在192.168.0.111虚拟机上,查看配置文件/tmp/redis.conf的bind后的变量是否被渲染出来:# 如下图
    
    

    将template.yml文件中的hosts改成all,再次执行 ansible-playbook template.yml,192.168.0.112的/tmp/redis.conf 中的bind后的变量也被渲染出来,如下图:
    
    

    案例:使用template在被ansible主机控制的主机上监听一个额外的端口

    vim /root/playbooks/mylisten.conf
    	Listen {{ http_port }}  # 这个变量在/etc/ansible/hosts文件中
    
    vim /root/playbooks/httpd.yml
    
    - hosts: websrvs
      remote_user: root
      tasks:
      - name: install httpd
        yum: name=httpd state=latest
      - name: install config file
        template: src=/root/playbooks/mylisten.conf dest=/etc/httpd/conf.d/mylisten.conf
        notify: restart httpd
      - name: start httpd
        service: name=httpd state=started
      handlers:
      - name: restart httpd
        service: name=httpd state=restarted
    

    案例:nginx启动的进程数是cpu核心数和cpu个数的乘积减1

    cp /etc/nginx/nginx.conf /root/playbooks/nginx.conf.j2
    
    ansible 192.168.0.111 -m setup | less
    	   ansible_processor_cores:"2"
           ansible_processor_vcpus:"2"
    
    vim nginx.conf.j2
    	worker_processes {{ ansible_processor_cores*ansible_processor_vcpus-1 }};
    
    vim nginx.yml
        - hosts: websrvs
          remote_user: root
          tasks:
          - name: install nginx
            yum: name=nginx state=latest
          - name: change nginx.conf
            template: src=/root/playbooks/nginx.conf.j2 dest=/etc/nginx/nginx.conf
            notify: restart nginx
          - name: start nginx
            service: name=nginx state=started
          handlers:
          - name: restart nginx
            service: name=nginx state=restarted
    
    ansible-playbook -C nginx.yml
    ansible-plabook nginx.yml
    
    当再次修改/root/playbooks/nginx.conf.j2,就会触发handlers,重新加载nginx配置文件(nginx.conf)
    

    条件测试(when)和循环(迭代)

    条件测试:
    	when语句:在task中使用,jinja2的语法格式
    		tasks:
    		- name: install conf file to centos7
    		  template: src=files/nginx.conf.c7.j2
    		  when: ansible_distribution_major_version == "7"
    		- name: install conf file to cnetos6
    		  template: src=files/nginx.conf.c6.j2
    		  when: ansible_distribution_major_version == "6"
    
    循环:迭代,需要重复执行的任务;
    	对迭代项的引用,固定变量名为“item”,而后,要在task中使用with_items给定要迭代的元素列表;
    		列表方法:
    			字符串
    			字典
    			
    	- name: install some packages
    	  yum: name={{ item }} state=pretent
    	  with_items:
    	  - nginx
    	  - memcached
    	  - php-fpm
    	  
    	- name: add some groups
    	  group: name={{ item }} state=present
    	  with_items:
    	  - group1
    	  - group2
    	  - group3
    	
    	- name: add some users
    	  user: name={{ item.name }} group={{ item.group }} state=present
    	  with_items:
    	  - { name: 'user11', group: 'group11' }
    	  - { name: 'user12', group: 'group12' }
    	  - { name: 'user13', group: 'group13' }
    	
    

    案例:根据不同的发行版安装不同的web服务

    vim os.yml
        - hosts: websrvs
          remote_user: root
          tasks:
          - name: install httpd
            yum: name=httpd state=latest
            when: ansible_os_family == "Redhat"
          - name: install apache2
            apt: name=apache2 state=latest
            when: ansible_os_family == "Debian"
    
    ansible-playbook -C os.yml
    

    迭代

    vim iter.yml
        - hosts: websrvs
          remote_user: root
          tasks:
          - name: install {{ item }} package
            yum: name={{ item }} state=latest
            with_items:
            - tomcat
            - tomcat-webapps
            - tomcat-admin-webapps
    
    

    角色(roles)

    在安装nginx之前,需要配置yum仓库:epel.repo:
    	这个仓库是epel-release模块:
    		yum info epel-release
    		yum intall epel-release
    		rpm -ql epel-release
    
    角色(roles):
    	角色集合:
    		roles/
    			mysql/
    			httpd/
    			nginx/
    			memcached/
    	每个角色,以特定的层级目录结构进行组织:
    		mysql/
    			files/:存放由copy或script模块等调用的文件;
    			templates/:template模块查找所需要模板文件的目录;
    			tasks/:至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含;
    			handlers/:至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含;
    			vars/:至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含;
    			meta/:至少应该包含一个名为main.yml的文件,定义当前角色的特殊设定及其依赖关系;其它的文件需要在此文件中通过include进行包含;
    			default/:设定默认变量时使用此目录中的main.yml文件;
    	
    	在playbook调用角色方法1:
    		- hosts: websrvs
    		  remote_user: root
    		  roles:
    		  - mysql
    		  - memcached
    		
    	在playbook调用角色方法2:传递变量给角色
    		- hosts:
    		  remote_user:
    		  roles:
    		  - { role: nginx,username: nginx }
    		    键role用于指定角色名称;后续的k/v用于传递变量给角色;
    		 
    		还可以基于条件测试实现角色调用;
    		roles:
    		- { role: nginx, when: "ansible_distribution_major_version == '7'" }
    ansible-vcs:可实现ansible-pull机制
    	https://github.com/andrewrothstein/ansible-vcs
    
    实战项目:
    	主/备模式高可用keepalived+nginx(proxy)
    	两台主机:httpd+php
    	一台主机:mysql-server或mariadb-server;
    
    http://www.ansible.com.cn
    
    
    ansible在配置文件(/etc/ansible/ansible.cfg)中已经说明,它的角色应该放在 /etc/ansible/roles或/usr/share/ansible/roles目录下,才能默认被找到,不然自己修改配置文件的role_path定义路径。。。。。。# 如下图1
    			
    

    图1:

    mkdir -pv /etc/ansible/roles/nginx/{files,templates,tasks,vars,handlers,meta,default}
    vim /etc/ansible/roles/nginx/tasks/main.yml
        - name: install nginx
          yum: name=nginx state=latest
          when: ansible_os_family == "RedHat"
          
    vim ~/playbooks/nginx_roles.yml
    	- hosts: websrvs
      	remote_user: root
      	roles:
     	- nginx
    
    
    ansible-playbook --syntax-check nginx_roles.yml 
    ansible-playbook -C nginx_roles.yml # 如图2
    

    图2:

    (1)
    cd /etc/ansible
    vim roles/nginx/templates/vhost1.conf.j2
    	server {
    		listen 80;
    		server_name {{ ansible_fqdn }};
    		location / {
    				root "/ngxdata/vhost1";
    		}
    	}
    	
    (2)
    vim roles/nginx/tasks/main.yml
        - name: install nginx
          yum: name=nginx state=latest
          when: ansible_os_family == "RedHat"
    	- name: install config file
      	  template: src=vhost1.conf.j2 dest=/etc/nginx/conf.d/vhost1.conf  # 自动去../templates中找vhost1.conf.j2文件
    
    ansible-playbook -C nginx_roles.yml # 如下图3 
    
    ======================================================================================================
    
    vim roles/nginx/tasks/main.yml
    单独执行某个任务,添加如下两行:
    	tags: conf
    	notify: restart nginx
    	
    vim roles/nginx/handlers/main.yml
    	- name: restart nginx
    	  service: name=nginx state=restarted
    
    vim roles/nginx/tasks/main.yml
    	nginx没有start,也就没有restart,所以添加第三个任务:
    		- name: start nginx
    		  service: name=nginx state=started
    
    vim roles/nginx/tasks/main.yml
    	还需要给nginx提供一个测试页和家目录,因此还需要添加一个创建家目录的任务:
    		- name: install site home directory
    		  file: path={{ ngxroot }} state=directory
    		- name: install index page
    		  copy: src=index.html dest={{ ngxroot }}/ 
    
    vim roles/nginx/vars/main.yml
    	ngxroot: /ngxdata/vhost1 # 这是定义成的字典格式,前面不需要加'-'
    
    vim roles/nginx/files/index.html
    	<h1>Vhost1<h1>
    
    ansible-playbook -C nginx_roles.yml # 如下图4
    
    # 停掉192.168.0.111和192.168.0.112虚拟机上监听在80端口的服务:
    ansible websrvs -m service -a "name=nginx state=stopped"
    
    ansible-playbook  nginx_roles.yml
    

    图3:

    图4:

    被管控的两台虚拟机nginx已经启动,在浏览器中能正常访问。。。

    但这不是我们设定的测试页,因为我们templates中定义的变量访问的是主机名,可以更改监听端口为8080;修改roles/nginx/templates/vhost1.conf.j2 中的 listen:8080;

    ansible-playbook -t conf /root/playbooks/nginx_roles.yml # 按照我们定义的tags,只跑修改nginx配置文件的这个任务,又触发handlers重载nginx。
    
    在浏览器中访问8080端口,可以看到我们的测试页了。。。。。如下图
    

  • 相关阅读:
    Linux查看文件被哪个进程占用
    命令行启动rstudio server
    Spring Boot配置文件及多环境配置
    Spring Boot yml配置文件
    js实现自定义概率抽奖算法
    Flutter之adb: failed to install apk的解决方法
    Flutter之不简单的搜索条
    git操作之commit规范
    Flutter之毛玻璃效果的实现
    固定定位下div水平居中
  • 原文地址:https://www.cnblogs.com/zhangchaocoming/p/15224756.html
Copyright © 2011-2022 走看看