“Playbook”的版本间的差异
跳到导航
跳到搜索
(→简单例子) |
|||
| (未显示同一用户的1个中间版本) | |||
| 第1行: | 第1行: | ||
| + | 通过ansible命令执行操作的方式 call ad-hoc | ||
| + | |||
=简单例子= | =简单例子= | ||
| 第73行: | 第75行: | ||
</pre> | </pre> | ||
| + | |||
=galaxy.ansible= | =galaxy.ansible= | ||
| 第398行: | 第401行: | ||
https://www.redhat.com/en/topics/automation/what-is-an-ansible-role | https://www.redhat.com/en/topics/automation/what-is-an-ansible-role | ||
| + | ===Why use an Ansible Role instead of an Ansible Playbook?=== | ||
| + | |||
| + | Ansible Roles and Ansible Playbooks are both tools for organizing and executing automation tasks, but each serves a different purpose. Whether you choose to create Ansible Roles or write all of your tasks in an Ansible Playbook depends on your specific use case and your experience with Ansible. | ||
| + | |||
| + | Most automation developers and system administrators begin creating automation content with individual playbooks. A playbook is a list of automation tasks that execute for a defined inventory. Tasks can be organized into a play—a grouping of 1 or more tasks mapped to a specific host and executed in order. A playbook can contain 1 or more plays, offering a flexible mechanism for executing Ansible automation in a single file. | ||
| + | |||
| + | While playbooks are a powerful method for automating with Ansible, writing all of your tasks in a playbook isn’t always the best approach. In instances where scope and variables are complex and reusability is helpful, creating most of your automation content in Ansible Roles and calling them within a playbook may be the more appropriate choice. | ||
| + | |||
| + | The following example illustrates the use of a role, linux-systemr-roles.timesync, within a playbook. In this instance, over 4 tasks would be required to achieve what the single role accomplishes. | ||
===pre config=== | ===pre config=== | ||
<pre> | <pre> | ||
2024年10月19日 (六) 14:37的最新版本
通过ansible命令执行操作的方式 call ad-hoc
简单例子
在线playbook分享平台:https://galaxy.ansible.com
ansible tree ansible-nginx
ansible-nginx
├── files
│ └── nginx.conf.j2
└── playbook.yml
1 directory, 2 files
➜ ansible-nginx cat files/nginx.conf.j2
server {
listen 80;
root /tmp/;
index index.html index.htm;
server_name a.com;
location / {
default_type "text/html";
try_files $uri.html $uri $uri/ =404;
}
}
➜ ansible-nginx cat playbook.yml
---
- hosts: d11
name: playbook demo
become: yes
gather_facts: false
remote_user: root
become_user: root
tasks:
- name: Update apt cache and install Nginx
apt:
name: nginx
state: latest
update_cache: yes
- name: Apply Nginx template
template:
src: files/nginx.conf.j2
dest: /etc/nginx/sites-available/default
notify: Restart Nginx
- name: Enable new site
file:
src: /etc/nginx/sites-available/default
dest: /etc/nginx/sites-enabled/default
state: link
notify: Restart Nginx
- name: Allow all access to tcp port 80
ufw:
rule: allow
port: '80'
proto: tcp
handlers:
- name: Restart Nginx
service:
name: nginx
state: restarted
ansible-playbook -C playbook.yml
ansible-playbook playbook.yml
galaxy.ansible
找几个例子看看
https://galaxy.ansible.com/andrewrothstein/java-oracle-jdk
https://galaxy.ansible.com/sansible/golang
#快速创建role文件与目录
ansible ansible-galaxy init --init-path playbooks/roles web
- Role web was created successfully
➜ ansible
ansible tree playbooks/roles/web
playbooks/roles/web
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
8 directories, 8 files
基本语法
3.4.4 条件语句
#如果是debian类,关机
playbooks cat when.yml
---
- name: shtudown
hosts: pi3
tasks:
- name: shutdown if debian
command: /sbin/shutdown -t now
when: ansible_os_family =="Debian"
#更加好的例子
---
- name: Install vim
hosts: all
tasks:
- name:Install VIM via yum
yum:
name: vim-enhanced
state: installed
when: ansible_os_family =="RedHat"
- name:Install VIM via apt
apt:
name: vim
state: installed
when: ansible_os_family =="Debian"
- name: Unexpected OS family
debug: msg="OS Family {{ ansible_os_family }} is not supported" fail=yes
when: not ansible_os_family =="RedHat" or ansible_os_family =="Debian"
3.4.5循环控制
一般书上都是用with_item
cat loop-user2.yml
---
- name: create user
hosts: pi3
tasks:
- name: create user
user:
name: "{{ item }}"
state: present
with_items:
- user04
- user05
- user06
- name: set password
shell: echo 'e12345678' | passwd --stdin "{{ item }}"
with_items:
- user04
- user05
- user06
➜ ansible cat loop-user.yml
---
- name: create user
hosts: pi3
tasks:
- name: create user
user:
name: "{{ item }}"
state: present
loop:
- user01
- user02
- user03
- name: set password
shell: echo 'e12345678' | passwd --stdin "{{ item }}"
loop:
- user01
- user02
- user03
ansible-playbook -C loop-user.yml
ansible-playbook loop-user.yml
执行后查看结果
root@mypi3b:~# cat /etc/passwd | grep user
root@mypi3b:~#
root@mypi3b:~# cat /etc/passwd | grep user
user01:x:1003:1004::/home/user01:/bin/sh
user02:x:1004:1005::/home/user02:/bin/sh
user03:x:1005:1006::/home/user03:/bin/sh
root@mypi3b:~# su - user01
$ hostname
mypi3b
$ id
uid=1003(user01) gid=1004(user01) groups=1004(user01)
3.4.6 include语法
playbook中代码复用非常爽,eg task
---
- tasks:
- include: a.yml user=root
- include: b.yml user=root
- include: c.yml user=root
或者是下面的多个项目用一个脚本的例子
➜ playbooks cat restart_ng.yml
- name: Restart ng Server
service:
name: nginx
state: restarted
➜ playbooks cat a.yml
- hosts: pi3
tasks:
- name: A Project command
command: echo "A"
- name: Restart ng
include: restart_ng.yml
➜ playbooks cat b.yml
- hosts: mytmp
tasks:
- name: A Project command
command: echo "A"
- name: Restart ng
include: restart_ng.yml
ansible-playbook a.yml
ansible-playbook b.yml
成功执行后 查看结果
nsible pi3 -m shell -a "systemctl status nginx"
192.168.10.5 | CHANGED | rc=0 >>
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-08-24 12:59:57 CST; 3min ago
Inlcude结合tags应用
”include”不仅能够引用任务列表,还能够引用playbook,比如,在一个playbook中引用另一个playbook。
示例:通过指定标签 tags ,来说明是安装 tomcat8 还是 tomcat9
1.准备入口 main.yml 文件,然后包含 install_tomcat8.yml 以及install_tomcat9.yml
2.在执行 main.yml 时,需要通过 --tags 指明要安装的版本
3.还可以在主playbook文件中向引用的playbook传递变量。
编写main.yml入口文件:
# cat tomcat_main.yml
- name: Install Tomcat8
import_playbook: install_tomcat8.yml
tags: tomcat8
vars:
tomcat_version: 8.5.69
tomcat_install_path: /usr/local
- name: Install Tomcat9
import_playbook: install_tomcat9.yml
tags: tomcat9
vars:
tomcat_version: 9.0.50
tomcat_install_path: /usr/local
编写install_tomcat8.yml文件
cat install_tomcat8.yml
---
- hosts: localhost
tasks:
- name: Install JDK
yum:
name: java-1.8.0-openjdk
state: present
- name: Download Tomacat
get_url:
url: https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gz
dest: /root
- name: Unarchive Tomcat
unarchive:
src: /root/apache-tomcat-{{ tomcat_version }}.tar.gz
dest: "{{ tomcat_install_path }}"
- name: Create Link File
file:
src: "{{ tomcat_install_path }}/apache-tomcat-{{ tomcat_version }}"
dest: "{{ tomcat_install_path }}/tomcat8"
state: link
- name: Start Tomcat
shell: cd "{{ tomcat_install_path }}"/tomcat8/bin && nohup ./startup.sh &
编写install_tomcat9.yml文件:
cat install_tomcat9.yml
---
- hosts: localhost
tasks:
- name: Install JDK
yum:
name: java-1.8.0-openjdk
state: present
- name: Download Tomacat
get_url:
url: https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gz
dest: /root
- name: Unarchive Tomcat
unarchive:
src: /root/apache-tomcat-{{ tomcat_version }}.tar.gz
dest: "{{ tomcat_install_path }}"
- name: Create Link File
file:
src: "{{ tomcat_install_path }}/apache-tomcat-{{ tomcat_version }}"
dest: "{{ tomcat_install_path }}/tomcat9"
state: link
- name: Start Tomcat
shell: cd "{{ tomcat_install_path }}"/tomcat9/bin && nohup ./startup.sh &
#安装tomcat9
[root@xuzhichao playbook]# ansible-playbook -t tomcat9 tomcat_main.yml
#安装tomcat8
[root@xuzhichao playbook]# ansible-playbook -t tomcat8 tomcat_main.yml
https://blog.51cto.com/u_15127516/3557509
[Ansible系列]ansible-playbook之include和import
pre-tasks and post-tasks
---
- hosts: www
remote_user: vagrant
sudo: yes
pre_tasks:
- name: update the apt cache
apt: update_cache=yes
- shell: echo 'I":" Beginning to configure web server..'
roles:
- nginx
post_tasks:
- shell: echo 'I":" Done configuring nginx web server...'
https://www.oreilly.com/library/view/ansible-playbook-essentials/9781784398293/ch02s09.html
常用 role 及playbook 例子
playbook role 安装golang
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html
https://www.redhat.com/en/topics/automation/what-is-an-ansible-role
Why use an Ansible Role instead of an Ansible Playbook?
Ansible Roles and Ansible Playbooks are both tools for organizing and executing automation tasks, but each serves a different purpose. Whether you choose to create Ansible Roles or write all of your tasks in an Ansible Playbook depends on your specific use case and your experience with Ansible.
Most automation developers and system administrators begin creating automation content with individual playbooks. A playbook is a list of automation tasks that execute for a defined inventory. Tasks can be organized into a play—a grouping of 1 or more tasks mapped to a specific host and executed in order. A playbook can contain 1 or more plays, offering a flexible mechanism for executing Ansible automation in a single file.
While playbooks are a powerful method for automating with Ansible, writing all of your tasks in a playbook isn’t always the best approach. In instances where scope and variables are complex and reusability is helpful, creating most of your automation content in Ansible Roles and calling them within a playbook may be the more appropriate choice.
The following example illustrates the use of a role, linux-systemr-roles.timesync, within a playbook. In this instance, over 4 tasks would be required to achieve what the single role accomplishes.
pre config
#pre config cat /etc/ansible/ansible.cfg [defaults] inventory = /home/evan/ansible/inventory/hosts roles_path = /home/evan/ansible/playbooks/roles cat ~/ansible/inventory/hosts [mytmp] 192.168.10.7 ansible_user=root
目录
├── go.yml ├── roles │ └── go_install │ ├── files │ │ └── go1.17.1.linux-amd64.tar.gz │ ├── tasks │ │ ├── copy.yml │ │ ├── install.yml │ │ └── main.yml │ └── templates │ └── go_install.sh
文件详情
cat go.yml
---
- name: Installing Go from source
hosts: mytmp
remote_user: root
roles:
- go_install
**********
cat copy.yml
- name: copy go_tgz to client
copy: src=/home/evan/ansible/playbooks/roles/go_install/files/go1.17.1.linux-amd64.tar.gz dest=/usr/local/src/
- name: copy install_go_script to client
copy: src=/home/evan/ansible/playbooks/roles/go_install/templates/go_install.sh dest=/tmp/go_install.sh owner=root group=root mode=755
cat install.yml
- name: install go
shell: /bin/bash /tmp/go_install.sh
cat main.yml
- include_tasks: copy.yml
- include_tasks: install.yml
cat templates/go_install.sh
#!/bin/bash
# install golang
# yum tools
yum -y groupinstall "Development tools"
yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel
cd /usr/local/src
tar -C /usr/local -xzf go1.17.1.linux-amd64.tar.gz
echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile
source /etc/profile
# end
install zabbix-agent2
ansible-playbook -C zabbix-agent2.yml
ansible-playbook zabbix-agent2.yml
cat /etc/ansible/zabbix-agent2.yml
---
- hosts: mytmp
become: yes
become_method: sudo
remote_user: evan
#remote_user: ops
roles:
- ag2_conf
cat /etc/ansible/roles/ag2_conf/tasks/copy.yml
- name: copy install__script to client
copy: src=/etc/ansible/roles/ag2_conf/templates/age2_install.sh dest=/tmp/age2_install.sh owner=root group=root mode=755
cat /etc/ansible/roles/ag2_conf/tasks/install.yml
- name: install conig zbx agent2
shell: /bin/bash /tmp/age2_install.sh
cat /etc/ansible/roles/ag2_conf/tasks/main.yml
- include_tasks: copy.yml
- include_tasks: install.yml
cat /etc/ansible/roles/ag2_conf/templates/age2_install.sh
#!/bin/bash
sudo yum remove zabbix-agent -y
sudo /usr/bin/rpm -ivh https://mirrors.aliyun.com/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm
sudo sleep 5
sudo /usr/bin/yum install zabbix-agent2 -y
sudo sleep 5
#bak cong
sudo sed -i 's/127.0.0.1/172.16.0.42/g' /etc/zabbix/zabbix_agent2.conf #/etc/zabbix/zabbix_agent2.conf
sudo cp /etc/zabbix/zabbix_agent2.conf /etc/zabbix/zabbix_agent2.confbakevan
sudo sed -i "s/Hostname=Zabbix server/Hostname=${HOSTNAME}/g" /etc/zabbix/zabbix_agent2.conf
#grep "^\s*[^# \t].*$" /etc/zabbix/zabbix_agent2.conf
sudo systemctl enable zabbix-agent2.service
sudo systemctl restart zabbix-agent2
refer
通过ansible安装中间件(jdk,nginx,mysql,etcd集群)
(playbook ins zbx还不错) ansible自动化运维详细教程及playbook详解
How to Install Nginx using Ansible Playbook
官网参考文档:
loops: https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
filters: https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html
