“Playbook”的版本间的差异
(→简单例子) |
|||
(未显示同一用户的1个中间版本) | |||
第1行: | 第1行: | ||
+ | 通过ansible命令执行操作的方式 call ad-hoc | ||
+ | |||
=简单例子= | =简单例子= | ||
第73行: | 第75行: | ||
</pre> | </pre> | ||
+ | |||
=galaxy.ansible= | =galaxy.ansible= | ||
第398行: | 第401行: | ||
https://www.redhat.com/en/topics/automation/what-is-an-ansible-role | https://www.redhat.com/en/topics/automation/what-is-an-ansible-role | ||
+ | ===Why use an Ansible Role instead of an Ansible Playbook?=== | ||
+ | |||
+ | Ansible Roles and Ansible Playbooks are both tools for organizing and executing automation tasks, but each serves a different purpose. Whether you choose to create Ansible Roles or write all of your tasks in an Ansible Playbook depends on your specific use case and your experience with Ansible. | ||
+ | |||
+ | Most automation developers and system administrators begin creating automation content with individual playbooks. A playbook is a list of automation tasks that execute for a defined inventory. Tasks can be organized into a play—a grouping of 1 or more tasks mapped to a specific host and executed in order. A playbook can contain 1 or more plays, offering a flexible mechanism for executing Ansible automation in a single file. | ||
+ | |||
+ | While playbooks are a powerful method for automating with Ansible, writing all of your tasks in a playbook isn’t always the best approach. In instances where scope and variables are complex and reusability is helpful, creating most of your automation content in Ansible Roles and calling them within a playbook may be the more appropriate choice. | ||
+ | |||
+ | The following example illustrates the use of a role, linux-systemr-roles.timesync, within a playbook. In this instance, over 4 tasks would be required to achieve what the single role accomplishes. | ||
===pre config=== | ===pre config=== | ||
<pre> | <pre> |
2024年10月19日 (六) 14:37的最新版本
通过ansible命令执行操作的方式 call ad-hoc
简单例子
在线playbook分享平台:https://galaxy.ansible.com
ansible tree ansible-nginx ansible-nginx ├── files │ └── nginx.conf.j2 └── playbook.yml 1 directory, 2 files ➜ ansible-nginx cat files/nginx.conf.j2 server { listen 80; root /tmp/; index index.html index.htm; server_name a.com; location / { default_type "text/html"; try_files $uri.html $uri $uri/ =404; } } ➜ ansible-nginx cat playbook.yml --- - hosts: d11 name: playbook demo become: yes gather_facts: false remote_user: root become_user: root tasks: - name: Update apt cache and install Nginx apt: name: nginx state: latest update_cache: yes - name: Apply Nginx template template: src: files/nginx.conf.j2 dest: /etc/nginx/sites-available/default notify: Restart Nginx - name: Enable new site file: src: /etc/nginx/sites-available/default dest: /etc/nginx/sites-enabled/default state: link notify: Restart Nginx - name: Allow all access to tcp port 80 ufw: rule: allow port: '80' proto: tcp handlers: - name: Restart Nginx service: name: nginx state: restarted ansible-playbook -C playbook.yml ansible-playbook playbook.yml
galaxy.ansible
找几个例子看看
https://galaxy.ansible.com/andrewrothstein/java-oracle-jdk
https://galaxy.ansible.com/sansible/golang
#快速创建role文件与目录 ansible ansible-galaxy init --init-path playbooks/roles web - Role web was created successfully ➜ ansible ansible tree playbooks/roles/web playbooks/roles/web ├── defaults │ └── main.yml ├── files ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── README.md ├── tasks │ └── main.yml ├── templates ├── tests │ ├── inventory │ └── test.yml └── vars └── main.yml 8 directories, 8 files
基本语法
3.4.4 条件语句
#如果是debian类,关机 playbooks cat when.yml --- - name: shtudown hosts: pi3 tasks: - name: shutdown if debian command: /sbin/shutdown -t now when: ansible_os_family =="Debian" #更加好的例子 --- - name: Install vim hosts: all tasks: - name:Install VIM via yum yum: name: vim-enhanced state: installed when: ansible_os_family =="RedHat" - name:Install VIM via apt apt: name: vim state: installed when: ansible_os_family =="Debian" - name: Unexpected OS family debug: msg="OS Family {{ ansible_os_family }} is not supported" fail=yes when: not ansible_os_family =="RedHat" or ansible_os_family =="Debian"
3.4.5循环控制
一般书上都是用with_item cat loop-user2.yml --- - name: create user hosts: pi3 tasks: - name: create user user: name: "{{ item }}" state: present with_items: - user04 - user05 - user06 - name: set password shell: echo 'e12345678' | passwd --stdin "{{ item }}" with_items: - user04 - user05 - user06 ➜ ansible cat loop-user.yml --- - name: create user hosts: pi3 tasks: - name: create user user: name: "{{ item }}" state: present loop: - user01 - user02 - user03 - name: set password shell: echo 'e12345678' | passwd --stdin "{{ item }}" loop: - user01 - user02 - user03 ansible-playbook -C loop-user.yml ansible-playbook loop-user.yml 执行后查看结果 root@mypi3b:~# cat /etc/passwd | grep user root@mypi3b:~# root@mypi3b:~# cat /etc/passwd | grep user user01:x:1003:1004::/home/user01:/bin/sh user02:x:1004:1005::/home/user02:/bin/sh user03:x:1005:1006::/home/user03:/bin/sh root@mypi3b:~# su - user01 $ hostname mypi3b $ id uid=1003(user01) gid=1004(user01) groups=1004(user01)
3.4.6 include语法
playbook中代码复用非常爽,eg task --- - tasks: - include: a.yml user=root - include: b.yml user=root - include: c.yml user=root 或者是下面的多个项目用一个脚本的例子 ➜ playbooks cat restart_ng.yml - name: Restart ng Server service: name: nginx state: restarted ➜ playbooks cat a.yml - hosts: pi3 tasks: - name: A Project command command: echo "A" - name: Restart ng include: restart_ng.yml ➜ playbooks cat b.yml - hosts: mytmp tasks: - name: A Project command command: echo "A" - name: Restart ng include: restart_ng.yml ansible-playbook a.yml ansible-playbook b.yml 成功执行后 查看结果 nsible pi3 -m shell -a "systemctl status nginx" 192.168.10.5 | CHANGED | rc=0 >> ● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2023-08-24 12:59:57 CST; 3min ago
Inlcude结合tags应用
”include”不仅能够引用任务列表,还能够引用playbook,比如,在一个playbook中引用另一个playbook。 示例:通过指定标签 tags ,来说明是安装 tomcat8 还是 tomcat9 1.准备入口 main.yml 文件,然后包含 install_tomcat8.yml 以及install_tomcat9.yml 2.在执行 main.yml 时,需要通过 --tags 指明要安装的版本 3.还可以在主playbook文件中向引用的playbook传递变量。 编写main.yml入口文件: # cat tomcat_main.yml - name: Install Tomcat8 import_playbook: install_tomcat8.yml tags: tomcat8 vars: tomcat_version: 8.5.69 tomcat_install_path: /usr/local - name: Install Tomcat9 import_playbook: install_tomcat9.yml tags: tomcat9 vars: tomcat_version: 9.0.50 tomcat_install_path: /usr/local 编写install_tomcat8.yml文件 cat install_tomcat8.yml --- - hosts: localhost tasks: - name: Install JDK yum: name: java-1.8.0-openjdk state: present - name: Download Tomacat get_url: url: https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gz dest: /root - name: Unarchive Tomcat unarchive: src: /root/apache-tomcat-{{ tomcat_version }}.tar.gz dest: "{{ tomcat_install_path }}" - name: Create Link File file: src: "{{ tomcat_install_path }}/apache-tomcat-{{ tomcat_version }}" dest: "{{ tomcat_install_path }}/tomcat8" state: link - name: Start Tomcat shell: cd "{{ tomcat_install_path }}"/tomcat8/bin && nohup ./startup.sh & 编写install_tomcat9.yml文件: cat install_tomcat9.yml --- - hosts: localhost tasks: - name: Install JDK yum: name: java-1.8.0-openjdk state: present - name: Download Tomacat get_url: url: https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gz dest: /root - name: Unarchive Tomcat unarchive: src: /root/apache-tomcat-{{ tomcat_version }}.tar.gz dest: "{{ tomcat_install_path }}" - name: Create Link File file: src: "{{ tomcat_install_path }}/apache-tomcat-{{ tomcat_version }}" dest: "{{ tomcat_install_path }}/tomcat9" state: link - name: Start Tomcat shell: cd "{{ tomcat_install_path }}"/tomcat9/bin && nohup ./startup.sh & #安装tomcat9 [root@xuzhichao playbook]# ansible-playbook -t tomcat9 tomcat_main.yml #安装tomcat8 [root@xuzhichao playbook]# ansible-playbook -t tomcat8 tomcat_main.yml
https://blog.51cto.com/u_15127516/3557509
[Ansible系列]ansible-playbook之include和import
pre-tasks and post-tasks
--- - hosts: www remote_user: vagrant sudo: yes pre_tasks: - name: update the apt cache apt: update_cache=yes - shell: echo 'I":" Beginning to configure web server..' roles: - nginx post_tasks: - shell: echo 'I":" Done configuring nginx web server...'
https://www.oreilly.com/library/view/ansible-playbook-essentials/9781784398293/ch02s09.html
常用 role 及playbook 例子
playbook role 安装golang
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.html
https://www.redhat.com/en/topics/automation/what-is-an-ansible-role
Why use an Ansible Role instead of an Ansible Playbook?
Ansible Roles and Ansible Playbooks are both tools for organizing and executing automation tasks, but each serves a different purpose. Whether you choose to create Ansible Roles or write all of your tasks in an Ansible Playbook depends on your specific use case and your experience with Ansible.
Most automation developers and system administrators begin creating automation content with individual playbooks. A playbook is a list of automation tasks that execute for a defined inventory. Tasks can be organized into a play—a grouping of 1 or more tasks mapped to a specific host and executed in order. A playbook can contain 1 or more plays, offering a flexible mechanism for executing Ansible automation in a single file.
While playbooks are a powerful method for automating with Ansible, writing all of your tasks in a playbook isn’t always the best approach. In instances where scope and variables are complex and reusability is helpful, creating most of your automation content in Ansible Roles and calling them within a playbook may be the more appropriate choice.
The following example illustrates the use of a role, linux-systemr-roles.timesync, within a playbook. In this instance, over 4 tasks would be required to achieve what the single role accomplishes.
pre config
#pre config cat /etc/ansible/ansible.cfg [defaults] inventory = /home/evan/ansible/inventory/hosts roles_path = /home/evan/ansible/playbooks/roles cat ~/ansible/inventory/hosts [mytmp] 192.168.10.7 ansible_user=root
目录
├── go.yml ├── roles │ └── go_install │ ├── files │ │ └── go1.17.1.linux-amd64.tar.gz │ ├── tasks │ │ ├── copy.yml │ │ ├── install.yml │ │ └── main.yml │ └── templates │ └── go_install.sh
文件详情
cat go.yml --- - name: Installing Go from source hosts: mytmp remote_user: root roles: - go_install ********** cat copy.yml - name: copy go_tgz to client copy: src=/home/evan/ansible/playbooks/roles/go_install/files/go1.17.1.linux-amd64.tar.gz dest=/usr/local/src/ - name: copy install_go_script to client copy: src=/home/evan/ansible/playbooks/roles/go_install/templates/go_install.sh dest=/tmp/go_install.sh owner=root group=root mode=755 cat install.yml - name: install go shell: /bin/bash /tmp/go_install.sh cat main.yml - include_tasks: copy.yml - include_tasks: install.yml cat templates/go_install.sh #!/bin/bash # install golang # yum tools yum -y groupinstall "Development tools" yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel cd /usr/local/src tar -C /usr/local -xzf go1.17.1.linux-amd64.tar.gz echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile source /etc/profile # end
install zabbix-agent2
ansible-playbook -C zabbix-agent2.yml ansible-playbook zabbix-agent2.yml cat /etc/ansible/zabbix-agent2.yml --- - hosts: mytmp become: yes become_method: sudo remote_user: evan #remote_user: ops roles: - ag2_conf cat /etc/ansible/roles/ag2_conf/tasks/copy.yml - name: copy install__script to client copy: src=/etc/ansible/roles/ag2_conf/templates/age2_install.sh dest=/tmp/age2_install.sh owner=root group=root mode=755 cat /etc/ansible/roles/ag2_conf/tasks/install.yml - name: install conig zbx agent2 shell: /bin/bash /tmp/age2_install.sh cat /etc/ansible/roles/ag2_conf/tasks/main.yml - include_tasks: copy.yml - include_tasks: install.yml cat /etc/ansible/roles/ag2_conf/templates/age2_install.sh #!/bin/bash sudo yum remove zabbix-agent -y sudo /usr/bin/rpm -ivh https://mirrors.aliyun.com/zabbix/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm sudo sleep 5 sudo /usr/bin/yum install zabbix-agent2 -y sudo sleep 5 #bak cong sudo sed -i 's/127.0.0.1/172.16.0.42/g' /etc/zabbix/zabbix_agent2.conf #/etc/zabbix/zabbix_agent2.conf sudo cp /etc/zabbix/zabbix_agent2.conf /etc/zabbix/zabbix_agent2.confbakevan sudo sed -i "s/Hostname=Zabbix server/Hostname=${HOSTNAME}/g" /etc/zabbix/zabbix_agent2.conf #grep "^\s*[^# \t].*$" /etc/zabbix/zabbix_agent2.conf sudo systemctl enable zabbix-agent2.service sudo systemctl restart zabbix-agent2
refer
通过ansible安装中间件(jdk,nginx,mysql,etcd集群)
(playbook ins zbx还不错) ansible自动化运维详细教程及playbook详解
How to Install Nginx using Ansible Playbook
官网参考文档:
loops: https://docs.ansible.com/ansible/latest/user_guide/playbooks_loops.html
filters: https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html