L4,
L4,
小技巧: 如果key=values中的values的值长度太长了,只需要把后面的换行,并且缩进到第一行的里面就可以被ansible识别: --- - hosts: web vars: - user: fonzie worker_processes: 10 sendfile: "off" include: /opt/nginx.conf.d/*.conf filename: '{{ filename }}' tasks: - name: write the config file copy: src=/opt/nginx.conf dest=/opt/{{ filename }}.conf owner=vperson group=root mode=0644template: 模板替换,并且复制本地的文件到远程被控制主机 例: --- - hosts: web vars: - user: fonzie worker_processes: 10 sendfile: "off" include: /opt/nginx.conf.d/*.conf filename: '{{ filename }}' tasks: - name: write the config file template: src=/opt/nginx.conf dest=/opt/{{ filename }}.conf
执行: # ansible-playbook nginx-reload.yml -e 'filename=fonzie'
配置文件如下: # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
user {{ user }}; worker_processes {{ worker_processes }}; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf;
events { worker_connections 1024; }
http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile {{ sendfile }}; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048;
include /etc/nginx/mime.types; default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include {{ include }}; }
执行后会在被控服务器的/opt下面生成一个fonzie.conf的文件,并且该文件的内容和服务器端的是一致的,只不过配置文件中的{{ .... }}内容会被替换成vars中的值。
最终生成文件: # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/
user fonzie; worker_processes 10; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf;
events { worker_connections 1024; }
http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile off; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048;
include /etc/nginx/mime.types; default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /opt/nginx.conf.d/*.conf; }
以上加粗的为替换后的值。 这里有一点要注意了在yml中我变量sendfile的值中添加了单引号,如果不添加单引号会被转义成False。
hosts: 被控主机或者组,必须存在/etc/ansible/hosts(默认)中
remote_user: 连接被控主机时使用的用户名,在ansible 1.4之后版本中添加
order: 连接被控主机时使用的顺序 参数: inventory:默认这个,以ini文件中被提供的顺序 reverse_inventory:颠倒inventory中的顺序 sorted:按照主机字母排序 reverse_sorted:按照主机的方向排序 shuffle:随机执行(但是我测试过程中没有发生过变化,可能是我的机器太少的原因)
tasks: 任务,即本次连接被控主机后需要的操作,有些模块只能在tasks下使用 每一个tasks必须有一个名称,这样才能在多个tasks运行时知道那个是那个任务。 在之后,传统执行模块的方式是action: module options,但是这种方法已经开始慢慢被遗弃了,现在官方推荐的方法是module: options.
name: 添加说明,可用于任何等级
become: 是否调用sudo权限,如果是老版本中使用的是sudo。
ping: ping模块用于检测连通性 --- - hosts: web order: shuffle tasks: - name: ping hosts ping: remote_user: vperson become: yes
become_method: 选择提权的方式一般有sudo和su --- - hosts: web order: sorted tasks: - name: Restart nginx services remote_user: vperson ping: become: yes become_method: sudo 如果sudo设置了免密码就可以直接执行,如果没有设置免密码需要或者调用方式为su时,就需要在执行命令行时加上--ask-become-pass或者使用--ask-sudo-pass(-k),如果输入密码,我测试的时候是直接输入root用户的密码,而不是和我们以往的使用中输入的是当前用户的密码。
service: 服务模块一般用于控制服务的启动、停止、重启等,当然还有其他功能。从这里看出一般模块都是符合key=value格式的。 --- - hosts: web order: sorted tasks: - name: Restart nginx services remote_user: vperson service: name=nginx state=restarted become: yes
command 和 shell: 只能接受一个参数列表,而不能接受键值对(key=value) 在使用command和shell时注意ansible自带一个去重策略: --- - hosts: web tasks: - name: command broadcast notice remote_user: vperson command: wall "hello command" command: wall "hello command2" become: yes
出现了两个command,第一个会被忽略,只执行第二个。
--- - hosts: web tasks: - name: command broadcast notice remote_user: vperson command: wall "hello command" command: wall "hello command2" become: yes tasks: - name: shell broadcast notice remote_user: vperson shell: wall "hello shell" shell: wall "hello shell2" become: yes
像上面这种情况我们需要吧shell理解为command,也就是说出现了4个command,而真真会被执行的只有wall "hello shell2"。
如果执行command或者shell时,正确的结果返回的为非零,一共有两种解决方法: --- - hosts: web tasks: - name: command broadcast notice remote_user: vperson command: /usr/bin/asdfas || /bin/true
这种方法是可行的,只不过在执行ansible后echo $?返回的可能还是非零的不是很容易排错,建议使用ansible只带的错误忽略,执行后哪怕报错,echo $?还是0 --- - hosts: web tasks: - name: command broadcast notice remote_user: vperson command: /usr/bin/asdfas ignore_errors: True
# ansible-playbook nginx-reload.yml
PLAY [web] **********************************************************************************
TASK [Gathering Facts] ********************************************************************** ok: [192.168.1.109] ok: [192.168.1.111]
TASK [command broadcast notice] ************************************************************* fatal: [192.168.1.109]: FAILED! => {"changed": false, "cmd": "/usr/bin/asdfas", "msg": "[Errno 2] 没有那个文件或目录", "rc": 2} ...ignoring fatal: [192.168.1.111]: FAILED! => {"changed": false, "cmd": "/usr/bin/asdfas", "msg": "[Errno 2] 没有那个文件或目录", "rc": 2} ...ignoring
PLAY RECAP ********************************************************************************** 192.168.1.109 : ok=2 changed=0 unreachable=0 failed=0 192.168.1.111 : ok=2 changed=0 unreachable=0 failed=0
[root@vp-proxy playbooks]# echo $? 0
copy: 将本地的文件复制到远程。 --- - hosts: web vars: - user: fonzie worker_processes: 10 sendfile: "off" include: /opt/nginx.conf.d/*.conf filename: '{{ filename }}' tasks: - name: write the config file copy: src=/opt/nginx.conf dest=/opt/{{ filename }}.conf
执行: # ansible-playbook nginx-reload.yml -e 'filename=wyy'
我们会发现他和template不一样,他只是单纯复制文件,并不会替换文件的内容。
notify: 通知,notify可以通知指定的handlers来完成指定操作,比如一个playbooks中修改了好多次nginx配置,但是只需要在最后一次修改完后重启nginx就可以了就可以用这个方法
而且ansible 2.2 以后的handlers有listen: 配置如下: --- - hosts: web vars: - user: fonzie worker_processes: 10 sendfile: "off" include: /opt/nginx.conf.d/*.conf filename: '{{ filename }}' handlers: - name: wall service: name=nginx state=restarted listen: "copy file" tasks: - name: write the config file copy: src=/opt/nginx.conf dest=/opt/{{ filename }}.conf owner=vperson group=root mode=0644 force=yes notify: "copy file"
执行: # ansible-playbook nginx-reload.yml -e 'filename=z'
PLAY [web] **********************************************************************************
TASK [Gathering Facts] ********************************************************************** ok: [192.168.1.109] ok: [192.168.1.111]
TASK [write the config file] **************************************************************** changed: [192.168.1.111] changed: [192.168.1.109]
RUNNING HANDLER [wall] ********************************************************************** changed: [192.168.1.109] changed: [192.168.1.111]
PLAY RECAP ********************************************************************************** 192.168.1.109 : ok=3 changed=2 unreachable=0 failed=0 192.168.1.111 : ok=3 changed=2 unreachable=0 failed=0
红色部分为触发的效果,这里有一个注意点,就是比如我们上面的操作,如果复制的配置文件名和被控端相同,并且配置文件内容和被控端相同,是不会触发handlers的,触发文件名或者文件内容不相同才会触发。
评论暂时关闭