@mrz1
2018-01-20T14:05:25.000000Z
字数 14152
阅读 1446
2017-1-15(Playbook中变量 模板)
笔记
Playbook中变量使用
变量名:仅能由字母、数字和下划线组成,且只能以字母开头
变量来源:
1 ansible setup facts 远程主机的所有变量都可直接调用ansible web -m setup -a 'filter=ansible_hostname' 显示主机名不全ansible web -m setup -a 'filter=ansible_nodename' 显示主机名全ansible web -m setup -a 'filter=*all_ipv6*' 显示ipv6地址 支持过滤2 在/etc/ansible/hosts中定义普通变量:主机组中主机单独定义,优先级高于公共变量公共(组)变量:针对主机组中所有主机定义统一变量3 通过命令行指定变量,优先级最高ansible-playbook –e varname=value4 在playbook中定义变量vars:- var1: value1- var2: value25 在role中定义变量命名变量名仅能由字母、数字和下划线组成,且只能以字母开头变量定义:key=value示例:http_port=80变量调用方式:通过{{ variable_name}} 调用变量,且变量名前后必须有空格,有时用"{{ variable_name}}"才生效ansible-playbook –e 选项指定ansible-playbook test.yml -e "hosts=www user=mageedu"
示例:变量
示例1:var.yml- hosts: websrvsremote_user: roottasks:- name: install packageyum: name={{ pkname }} state=presentansible-playbook –e pkname=httpdvar.yml示例2:var2.yml- hosts: websrvsremote_user: rootvars:- username: user1- groupname: group1tasks:- name: create groupgroup: name={{ groupname }} state=present- name: create useruser: name={{ username }} state=presentansible-playbook var2.ymlansible-playbook -e "username=user2 groupname=group2" var2.yml如果剧本有了定义,外面-e在写的话优先级比较高 会执行-e
主机变量
主机变量可以在inventory中定义主机时为其添加主机变量以便于在playbook中使用
示例:
[websrvs]www1.magedu.com http_port=80 maxRequestsPerChild=808www2.magedu.com http_port=8080 maxRequestsPerChild=909
组变量
组变量是指赋予给指定组内所有主机上的在playbook中可用的变量
示例:
[websrvs]www1.magedu.comwww2.magedu.com[websrvs:vars]ntp_server=ntp.magedu.comnfs_server=nfs.magedu.com
示例:变量
普通变量[websrvs]192.168.99.101 http_port=8080 hname=www1192.168.99.102 http_port=80 hname=www2公共(组)变量[websvrs:vars]http_port=808mark="_"[websrvs]192.168.99.101 http_port=8080 hname=www1192.168.99.102 http_port=80 hname=www2ansible websvrs –m hostname –a 'name={{ hname }}{{ mark }}{{ http_port }}'命令行指定变量:ansible websvrs –e http_port=8000 –m hostname –a 'name={{ hname}}{{ mark }}{{ http_port}}'vars.yml (文件名定义变量var1: httpdvar2: nginx- hosts: websrvsremote_user: rootvars_files:- vars.yml (文件名)tasks:- name: create filefile: name=/app/{{var1}}-{{var2}}.log state=touch
模板templates
- 文本文件,嵌套有脚本(使用模板编程语言编写)
- Jinja2语言,使用字面量,有下面形式
- 字符串:使用单引号或双引号
- 数字:整数,浮点数
- 列表:[item1, item2, ...]
- 元组:(item1, item2, ...)
- 字典:{key1:value1, key2:value2, ...}
- 布尔型:true/false
- 算术运算:+, -, , /, //, %, *
- 比较操作:==, !=, >, >=, <, <=
- 逻辑运算:and, or, not
- 流表达式:For If When
templates
templates功能:根据模块文件动态生成对应的配置文件templates文件必须存放于templates目录下,且命名为.j2 结尾yaml/yml文件需和templates目录平级,目录结构如下:./├── temnginx.yml└── templates└── nginx.conf.j2示例:利用templates 同步nginx配置文件准备templates/nginx.conf.j2文件vim temnginx.yml---- hosts: webremote_user: roottasks:- name: install nginxyum: name=nginx- name: template configto remote hoststemplate: src=/root/ansible/templates/nginx.conf.j2 dest=/etc/nginx/nginx.confnotify: restart_nginxtags: instconf- name: start serviceservice: name=nginx state=startedhandlers:- name: restart_nginxservice: name=nginx state=restarted执行:ansible-playbook temnginx.ymllaybook中template变更替换修改文件nginx.conf.j2 下面行为worker_processes{{ ansible_processor_vcpus }};cat temnginx2.yml---- hosts: websrvsremote_user: roottasks:- name:template configto remote hoststemplate: src=nginx.conf.j2 dest=/etc/nginx/nginx.confansible-playbook temnginx2.yml
Playbook中template算术运算
算法运算:示例:vim nginx.conf.j2worker_processes{{ ansible_processor_vcpus*2 }}; worker_processes{{ ansible_processor_vcpus+2 }};
when
条件测试:如果需要根据变量、facts或此前任务的执行结果来做为某task执行与否的前提时要用到条件测试,通过when语句实现,在task中使用,jinja2的语法格式when语句在task后添加when子句即可使用条件测试;when语句支持Jinja2表达式语法示例:tasks:- name: "shutdown RedHatflavored systems"command: /sbin/shutdown -h nowwhen: ansible_os_family== "RedHat"
示例:when条件判断
---- hosts: websrvsremote_user: roottasks:- name: add group nginxtags: useruser: name=nginx state=present- name: add user nginxuser: name=nginx state=present group=nginx- name: Install Nginxyum: name=nginx state=present- name: restart Nginxservice: name=nginx state=restartedwhen: ansible_distribution_major_version == "6"示例:tasks:- name: install conffile to centos7template: src=nginx.conf.c7.j2when: ansible_distribution_major_version== "7"- name: install conffile to centos6template: src=nginx.conf.c6.j2when: ansible_distribution_major_version== "6"
迭代:with_items
- 迭代:当有需要重复性执行的任务时,可以使用迭代机制
- 对迭代项的引用,固定变量名为”item“
- 要在task中使用with_items给定要迭代的元素列表
- 列表格式:字符串 字典
示例
示例:- name: add several usersuser: name={{ item }} state=present groups=wheelwith_items:- testuser1- testuser2上面语句的功能等同于下面的语句:- name: add user testuser1user: name=testuser1 state=present groups=wheel- name: add user testuser2user: name=testuser2 state=present groups=wheel
迭代示例:
示例1将多个文件进行copy到被控端---- hosts: testsrvremote_user: roottasks- name: Create rsyncd configcopy: src={{ item }} dest=/etc/{{ item }}with_items:- rsyncd.secrets- rsyncd.conf示例2[root@ansible ansible]#cat item1.yml- hosts: websrvsremote_user: roottasks:- name: create servel usersuser: name={{item}} group=root groups=wang,binwith_items:- itemuser1- itemuser2示例3- hosts: websrvsremote_user: roottasks:- name: copy filecopy: src={{ item }} dest=/tmp/{{ item }}with_items:- file1- file2- file3- name: yum install httpdyum: name={{ item }} state=presentwith_items:- apr- apr-util- httpd示例4- hosts:websrvsremote_user: roottasks:- name: install some packagesyum: name={{ item }} state=presentwith_items:- nginx- memcached- php- fpm示例5:迭代嵌套子变量- hosts:websrvsremote_user: roottasks:- name: add some groupsgroup: name={{ item }} state=presentwith_items:- group1- group2- group3- name: add some usersuser: name={{ item.name }} group={{ item.group}} state=presentwith_items:- { name: 'user1', group: 'group1' }- { name: 'user2', group: 'group2' }- { name: 'user3', group: 'group3' }
Playbook中template for if
{% for vhost in nginx_vhosts %}server {listen {{ vhost.listen | default('80 default_server') }};{% if vhost.server_name is defined %}server_name {{ vhost.server_name }};{% endif %}{% if vhost.root is defined %}root {{ vhost.root }};{% endif %}
示例0
[root@ansible ansible]#cat templates/for4.conf.j2{%for vhost in vhosts %}server {listen {{vhost.port}};{%if vhost.name is defined %}servername {{vhost.name}};{%endif%}rootdir {{vhost.root}};}
示例1
// for1.yml---- hosts: webremote_user: rootvars:ports:- 80- 81- 82tasks:- name: tast for1template: src=for1.conf.j2 dest=/app/for1.conf// vim templates/for1.conf.j2{% for port in ports %}server {listen {{ port }}}{% endfor %}生成的结果:server {listen 80}server {listen 81}server {listen 82}
示例2
// temnginx.yml---- hosts: testwebremote_user: rootvars:nginx_vhosts:- listen: 8080-----------------------------------------------------//templates/nginx.conf.j2{% for vhost in nginx_vhosts %}server {listen {{ vhost.listen }}}{% endfor %}生成的结果server {listen 8080}
示例3
// temnginx.yml---- hosts: mageduwebremote_user: rootvars:nginx_vhosts:- web1- web2- web3tasks:- name: template configtemplate: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf-----------------------------------------------------// templates/nginx.conf.j2{% for vhost in nginx_vhosts %}server {listen {{ vhost }}}{% endfor %}生成的结果:server {listen web1}server {listen web2}server {listen web3}
示例4
// temnginx.yml- hosts: mageduwebremote_user: rootvars:nginx_vhosts:- web1:listen: 8080server_name: "web1.magedu.com"root: "/var/www/nginx/web1/"- web2:listen: 8080server_name: "web2.magedu.com"root: "/var/www/nginx/web2/"- web3:listen: 8080server_name: "web3.magedu.com"root: "/var/www/nginx/web3/"tasks:- name: template configtemplate: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf-----------------------------------------------------// templates/nginx.conf.j2{% for vhost in nginx_vhosts %}server {listen {{ vhost.listen }}server_name {{ vhost.server_name }}root {{ vhost.root }}}{% endfor %}生成结果:server {listen 8080server_name web1.magedu.comroot /var/www/nginx/web1/}server {listen 8080server_name web2.magedu.comroot /var/www/nginx/web2/}server {listen 8080server_name web3.magedu.comroot /var/www/nginx/web3/}
示例5
// temnginx.yml- hosts: mageduwebremote_user: rootvars:nginx_vhosts:- web1:listen: 8080root: "/var/www/nginx/web1/"- web2:listen: 8080server_name: "web2.magedu.com"root: "/var/www/nginx/web2/"- web3:listen: 8080server_name: "web3.magedu.com"root: "/var/www/nginx/web3/"tasks:- name: template config totemplate: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf// templates/nginx.conf.j2{% for vhost in nginx_vhosts %}server {listen {{ vhost.listen }}{% if vhost.server_name is defined %}server_name {{ vhost.server_name }}{% endif %}root {{ vhost.root }}}{% endfor %}生成的结果server {listen 8080root /var/www/nginx/web1/}server {listen 8080server_name web2.magedu.comroot /var/www/nginx/web2/}server {listen 8080server_name web3.magedu.comroot /var/www/nginx/web3/}
roles
ansilbe自1.2版本引入的新特性,用于层次性、结构化地组织playbook。roles能够根据层次型结构自动装载变量文件、tasks以及handlers等。要使用roles只需要在playbook中使用include指令即可。简单来讲,roles就是通过分别将变量、文件、任务、模板及处理器放置于单独的目录中,并可以便捷地include它们的一种机制。角色一般用于基于主机构建服务的场景中,但也可以是用于构建守护进程等场景中
复杂场景:
- 建议使用roles,代码复用度高
- 变更指定主机或主机组
- 如命名不规范维护和传承成本大
- 某些功能需多个Playbook,通过Includes即可实现
角色(roles):角色集合roles/mysql/httpd/nginx/memcached/
Ansible Roles目录编排
每个角色,以特定的层级目录结构进行组织roles目录结构及各目录作用/roles/project/ :项目名称,有以下子目录files/ :存放由copy或script模块等调用的文件templates/:template模块查找所需要模板文件的目录tasks/:定义task,role的基本元素,至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含handlers/:至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含vars/:定义变量,至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含meta/:定义当前角色的特殊设定及其依赖关系,至少应该包含一个名为main.yml的文件,其它文件需在此文件中通过include进行包含default/:设定默认变量时使用此目录中的main.yml文件
创建role
创建role的步骤
1. 创建以roles命名的目录
2. 在roles目录中分别创建以各角色名称命名的目录,如webservers等
3. 在每个角色命名的目录中分别创建files、handlers、meta、tasks、templates和vars目录;用不到的目录可以创建为空目录,也可以不创建
4. 在playbook文件中,调用各角色
针对大型项目使用Roles进行编排
roles目录结构:
playbook.yml
roles/
project/
tasks/
files/
vars/ # 不经常用
default/ # 不经常用
templates/
handlers/
meta/ # 不经常用
示例:
roles/└── nginx/├── files│ ├── main.yml├── tasks│ ├── groupadd.yml│ ├── install.yml│ ├── main.yml│ └── restart.yml│ └── useradd.yml├── vars└── main.yml
roles的示例如下所示:
site.ymlwebservers.ymldbservers.ymlroles/common/files/templates/tasks/handlers/vars/meta/webservers/files/templates/tasks/handlers/vars/meta/
playbook调用角色
调用角色方法1:- hosts: websrvsremote_user: rootroles:- mysql- memcached- nginx调用角色方法2:传递变量给角色- hosts:remote_user:roles:- mysql- { role: nginx, username: nginx}键role用于指定角色名称 后续的k/v用于传递变量给角色调用角色方法3:还可基于条件测试实现角色调用roles:- { role: nginx, username: nginx, when: ansible_distribution_major_version== '7' }
完整的roles架构
// nginx-role.yml 顶层任务调用yml文件---- hosts: testwebremote_user: rootroles:- role: nginx- role: httpd 可执行多个rolecat roles/nginx/tasks/main.yml---- include: groupadd.yml- include: useradd.yml- include: install.yml- include: restart.yml- include: filecp.yml这里把include改为import_tasks(include目前已经弃用)---------------------------------------------Cat roles/nginx/tasks/groupadd.yml---- name: add group nginxuser: name=nginx state=presentcat roles/nginx/tasks/filecp.yml---- name: file copycopy: src=tom.conf dest=/tmp/tom.conf以下文件格式类似:useradd.yml,install.yml,restart.ymlls roles/nginx/files/tom.conf
roles playbook tags使用
roles playbook tags使用ansible-playbook --tags="nginx,httpd,mysql" nginx-role.yml// nginx-role.yml---- hosts: testwebremote_user: rootroles:- { role: nginx,tags: [ 'nginx', 'web' ] ,when: ansible_distribution_major_version== "6" }- { role: httpd,tags: [ 'httpd', 'web' ] }- { role: mysql,tags: [ 'mysql', 'db' ] }- { role: marridb,tags: [ 'mysql', 'db' ] }- { role: php}
roles示例 安装nginx
[root@centos7 ansible]#tree.├── nginx.yml├── roles│ ├── memcached│ └── nginx│ ├── tasks│ │ ├── install.yml│ │ ├── main.yml│ │ ├── start.yml└── templates[root@centos7 tasks]#cat main.yml (入口文件 也可全部都写在这里)- import_tasks: install.yml(也可以调用别的角色的*.yml路径)- import_tasks: start.yml[root@centos7 tasks]#cat install.yml (安装nginx)- name: install packageyum: name=nginx[root@centos7 tasks]#cat start.yml (启动nginx)- name: start serviceservice: name=nginx state=started enabled=yes[root@centos7 ansible]#cat nginx.yml (执行这个文件)- hosts: webremote_user: rootroles:- role: nginx[root@centos7 ansible]#ansible-playbook nginx.yml
安装nginx
[root@centos7 ansible]#tree roles/nginx/roles/nginx/├── handlers│ └── main.yml├── tasks│ └── main.yml├── templates│ └── nginx.conf.j2└── vars└── main.yml[root@centos7 ansible]#cat roles/nginx/handlers/main.yml- name: restart serviceservice: name=nginx state=restarted[root@centos7 ansible]#cat roles/nginx/tasks/main.yml- name: install packageyum: name=nginx- name: templatetemplate: src=nginx.conf.j2 dest=/etc/nginx/nginx.confnotify: restart servicetags: tmplfile- name: start serviceservice: name=nginx state=started[root@centos7 ansible]#cat roles/nginx/templates/nginx.conf.j2# For more information on configuration, see:# * Official English Documentation: http://nginx.org/en/docs/# * Official Russian Documentation: http://nginx.org/ru/docs/# test nginxuser nginx;worker_processes {{ ansible_processor_vcpus }};error_log /var/log/nginx/error.log;pid /run/nginx.pid;# Load dynamic modules. See /usr/share/nginx/README.dynamic.include /usr/share/nginx/modules/*.conf;events {worker_connections 1024;}http {log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;include /etc/nginx/mime.types;default_type application/octet-stream;# Load modular configuration files from the /etc/nginx/conf.d directory.# See http://nginx.org/en/docs/ngx_core_module.html#include# for more information.include /etc/nginx/conf.d/*.conf;server {listen {{nginx_port}} default_server;listen [::]:{{nginx_port}} default_server;server_name _;root /usr/share/nginx/html;# Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;location / {}error_page 404 /404.html;location = /40x.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}}# Settings for a TLS enabled server.## server {# listen 443 ssl http2 default_server;# listen [::]:443 ssl http2 default_server;# server_name _;# root /usr/share/nginx/html;## ssl_certificate "/etc/pki/nginx/server.crt";# ssl_certificate_key "/etc/pki/nginx/private/server.key";# ssl_session_cache shared:SSL:1m;# ssl_session_timeout 10m;# ssl_ciphers HIGH:!aNULL:!MD5;# ssl_prefer_server_ciphers on;## # Load configuration files for the default server block.# include /etc/nginx/default.d/*.conf;## location / {# }## error_page 404 /404.html;# location = /40x.html {# }## error_page 500 502 503 504 /50x.html;# location = /50x.html {# }# }}[root@centos7 ansible]#cat roles/nginx/vars/main.ymlnginx_port: 8080[root@centos7 ansible]#cat nginx.yml- hosts: webremote_user: rootroles:- role: nginxwhen: ansible_distribution_major_version== "7"[root@centos7 ansible]#ansible-playbook nginx.yml
安装memcached
[root@centos7 memcached]#tree.├── tasks│ └── main.yml└── templates└── memcached.j2[root@centos7 memcached]#cat tasks/main.yml- name: install packageyum: name=memcached- name: templatetemplate: src=memcached.j2 dest=/etc/sysconfig/memcached- name: start serviceservice: name=memcached state=started enabled=yes[root@centos7 memcached]#cat templates/memcached.j2PORT="11211"USER="memcached"MAXCONN="1024"CACHESIZE="{{ansible_memtotal_mb//4}}" //这里的意思占用总内存的四分之一OPTIONS=""[root@centos7 ansible]#cat memcached.yml- hosts: webremote_user: rootroles:- role: memcachedwhen: ansible_distribution_major_version== "7"
