Ansible Playbook 使用

Ansible Playbook剧本使用，Playbook文件以.yaml或者.yaml作为文件名后缀

介绍

• hosts 文件：hosts.test

[testservers]
h-1 ansible_ssh_user="root"  ansible_ssh_host=172.17.0.3 ansible_ssh_port=22 ansible_ssh_pass="123456"
h-2 ansible_ssh_user="root"  ansible_ssh_host=172.17.0.4 ansible_ssh_port=22 ansible_ssh_pass="123456"
h-3 ansible_ssh_user="root"  ansible_ssh_host=172.17.0.5 ansible_ssh_port=22 ansible_ssh_pass="123456"
source repo / download raw

配置

并发连接数

默认情况下，ansible 的并发数是5，有两种修改方式：

• 环境变量

export ANSIBLE_FORKS=10

• 配置 /etc/ansible/ansible.cfg 或 ~/.ansible.cfg

[defaults]
forks = 10

library

• 配置 /etc/ansible/ansible.cfg 或 ~/.ansible.cfg

[defaults]
...
library = /foo/bar:/foo/baz

配置 inventory

• 配置 /etc/ansible/ansible.cfg 或 ~/.ansible.cfg

[defaults]
...
inventory = ../hosts

使用

ping demo

• ping.yaml

---
- hosts: testservers
  # hosts: test1,test2  # 多个使用英文逗号隔开
  # hosts:  # 或下多个行缩进
  #   test1
  #   test2
  remote_user: root  # 远程的用户名
  tasks:  # 任务列表
  - name: Ping test  # 当省略 name 时，默认以调用的模块的名称作为任务的名称，不建议
    ping:  # ping 测试
  - name: make test directory
    file:  # file 模块，创建目录
      path: /tmp/test
      state: directory

- hosts:  # 过个任务
    testservers
  remote_user: root
  tasks:
  - name: create user t1
    user:
      name: t1

- hosts:
    testservers
  remote_user: root
  tasks:
  - name: touch file
    # 0.8 版本之前，使用 action 关键字调用模块
    # action: file path=/mp/t1 state=touch mode=0644
    file:
      path: /tmp/t1
      state: touch
      mode: 0644
source repo / download raw

• 运行

apt install -y sshpass

# 检查 playbook 语法
ansible-playbook --syntax-check -i hosts.test ping.yaml

# 模拟执行 playbook
ansible-playbook --check -i hosts.test ping.yaml

# 运行 playbook
ansible-playbook -i hosts.test ping.yaml

• 日志

$ ansible-playbook -i hosts.test ping.yaml

PLAY [testservers] ***************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************
ok: [h-2]
ok: [h-3]
ok: [h-1]

TASK [Ping test] *****************************************************************************************************
ok: [h-3]
ok: [h-1]
ok: [h-2]

TASK [make test directory] *******************************************************************************************
changed: [h-1]
changed: [h-3]
changed: [h-2]

...

PLAY RECAP ***********************************************************************************************************
h-1                        : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
h-2                        : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
h-3                        : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

说明：

• PLAY [testservers] 当前 play 针对 testservers 主机组
• TASK [Gathering Facts] 收集当前 playbook 对应的目标主机的相关信息
• TASK [xxx] 运行的 task 信息
  • 绿色 成功
  • 黄色 有变更
• PLAY RECAP 对所有目标主机的执行情况进行 回顾

debug 模块

• debugs-test1.yaml

---
- hosts: testservers
  remote_user: root
  vars:
    testvar: value of test variable
  tasks:
  - name: debug info
    debug:
      msg: this is debug info, {{testvar}}
      # var: testvar
      # 获取 setup 获取的变量 {{ansible_memory_mb}}
source repo / download raw

• 执行

ansible-playbook -i hosts.test debugs-test1.yaml

• 结果

$ ansible-playbook -i hosts.test debugs-test1.yaml

PLAY [testservers] ***************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************
ok: [h-1]
ok: [h-3]
ok: [h-2]

TASK [debug info] ****************************************************************************************************
ok: [h-1] => {
    "msg": "this is debug info, value of test variable"
}
ok: [h-2] => {
    "msg": "this is debug info, value of test variable"
}
ok: [h-3] => {
    "msg": "this is debug info, value of test variable"
}

PLAY RECAP ***********************************************************************************************************
h-1                        : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
h-2                        : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
h-3                        : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

tags 模块

tags 用来对任务进行 打标签 操作，执行playbook时，通过标签指定执行哪些任务，或者指定不执行哪些任务

• tags-test1.yaml

---
- hosts: testservers
  remote_user: root
  tasks:
  - name: task1
    file:
      path: /tmp/t1
      state: touch
    tags: t1
    # tags: t1,t2
  - name: task2
    file: path=/tmp/t2
          state=touch
    tags:
    - t2
    # tags:
    # - t1
    # - t2
  - name: task3
    file: path=/tmp/t3
          state=touch
    tags: ['t3']
source repo / download raw

• 执行

# 查看有哪些 tags
ansible-playbook -i hosts.test --list-tags tags-test1.yaml

# 执行 tags: t2
ansible-playbook -i hosts.test --tags=t2 tags-test1.yaml
# 执行 tags: t1,t2
ansible-playbook -i hosts.test --tags=t1,t2 tags-test1.yaml

# 不执行 tags: t2
ansible-playbook -i hosts.test --skip-tags=t2 tags-test1.yaml

• 说明：
  • 5个特殊tag
    • always 总是执行，除非你使用 --skip-tags
    • never 总不执行，除非指定，2.5版本中新加入
    • tagged 执行有标签的任务
      • ansible-playbook --tags tagged tags-test1.yaml
    • untagged 执行没有标签的任务
      • ansible-playbook --tags untagged tags-test1.yaml
    • all

handlers 模块

handlers 中定义的任务可以在 tasks 中的进行 调用，即 tasks 执行后才会调用，否则不执行

• handlers 与 tasks 是同级别的
• 默认情况下，所有 tasks 执行完毕后，才会执行各个 handler，使用 - meta: flush_handlers 执行
  • meta任务是一种特殊的任务，可以影响ansible的内部运行方式
  • meta: flush_handlers 表示立即执行之前的 tasks 所对应 handler

---
- hosts: testservers
  remote_user: root
  tasks:
  - name: Modify the configuration
    lineinfile:
      path=/etc/nginx/conf.d/test.conf
      regexp="Listen 80"
      line="Listen 8088"
      backrefs=yes
      backup=yes
    notify:  # 使用 notify关键字调用 handlers 中的任务
      restart nginx

  # - meta: flush_handlers  # 执行 handlers
  # ... 其他任务

  handlers:
  - name: restart nginx
    service:
      name=nginx
      state=restarted

  handlers:
  - name: handler1
    listen: handler group1  # 定义 handlers 组，notify: handler group1 即可调用该组
    file: path=/testdir/ht1
          state=touch
  - name: handler2
    listen: handler group1
    file: path=/testdir/ht2
          state=touch
source repo / download raw

示例

push ssh key

• ssh key

ssh-keygen -t rsa

• hosts

• push-ssh.yaml

# Using alternate directory locations:
- hosts: testservers
  user: root
  tasks:
    - name: ssh-copy
      authorized_key: user=root key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
      tags:
        - sshkey
source repo / download raw

• run

ansible-playbook -i hosts push-ssh.yaml -v

Demo1

• 配置host

$ cat hosts.nginx
10.0.0.2
10.0.0.3

• 执行命令

$ ansible -i hosts.nginx all -m shell -a "nginx -s reload"
10.0.0.3 | CHANGED | rc=0 >>

10.0.0.2 | CHANGED | rc=0 >>
$ ansible -i hosts.nginx all -u root -m ping
$ ansible -i hosts.nginx all -a "systemctl status nginx.service"
$ ansible -i hosts.nginx all -m copy -a "src=resolv.conf backup=yes dest=/etc/resovl.conf"
$ ansible -i hosts.nginx all -m copy -a "src=hosts dest=/etc/hosts"

Demo2

• hosts

[server]
192.168.179.20

[client]
192.168.179.21
192.168.179.22

# [client:vars]  # 与配置 vars_prompt 功能相同，一个是从配置文件读取，一个是从 console 获取
# cpus=12
source repo / download raw

• demo2.yaml

---
# ansible-playbook -i hosts test.yaml -vv

- hosts: server
  gather_facts: false
  vars_prompt:
    - name: "cpus"
      prompt: "please input cpus"
      default: '1'
      private: no
  tasks:
    - name: Install NTP server
      yum:
        name: chronyd
        state: present
    - name: Start NTP server
      service:
        name: chronyd
        state: started
        enabled: yes
    - name: start-test-server
      shell: |
        for ((i=0; i<{{ cpus }}; i++ )); do
          echo $i
          date
        done
      args:
        executable: /bin/bash

- hosts: client
  gather_facts: false
  vars_prompt:
    - name: "cpus"
      prompt: "please input cpus"
      default: '1'
      private: yes
  tasks:
    - name: start-test-client
      shell: |
        echo {{ item }}
        date
        index="{{groups['client'].index(inventory_hostname)}}"
        port=$(expr $index + 1200)
        echo ${port}
        echo $(expr $port \* 2)
        echo ${key}
      with_items: "{{ groups['server'] }}"
source repo / download raw

删除文件

• 删除指定目录下，对应规则的文件

- hosts: all
  tasks:

  - name: find to delete logs
    find:
      paths: /var/log/
      patterns: *.log
      # age: 3d 查找3天前的文件
    register: files_to_absent

  - name: absent logs
    file:
      path: "{{ item.path }}"
      state: absent
    with_items: "{{ files_to_absent.files }}"
source repo / download raw

• 删除已知的文件

  - name: absent logs
    file:
      path: "{{ item }}"
      state: absent
    with_items:
      - /tmp/log1.log
      - /tmp/log1.log
source repo / download raw

删除进程

- hosts: all
  tasks:
    - name: find running processes
      ignore_errors: yes
      shell: "ps -ef | grep -v grep | grep sshd | awk '{print $2}'"
      register: running_processes

    - name: Kill running processes
      ignore_errors: yes
      shell: "kill {{ item }}"
      with_items: "{{ running_processes.stdout_lines }}"
source repo / download raw