L4 - ansible部分变量说明

小技巧:
如果key=values中的values的值长度太长了,只需要把后面的换行,并且缩进到第一行的里面就可以被ansible识别:
---
- hosts: web
vars:
- user: fonzie
worker_processes: 10
sendfile: "off"
include: /opt/nginx.conf.d/*.conf
filename: '{{ filename }}'
tasks:
- name: write the config file
copy: src=/opt/nginx.conf
dest=/opt/{{ filename }}.conf
owner=vperson group=root mode=0644


template:
模板替换,并且复制本地的文件到远程被控制主机
例:
---
- hosts: web
vars:
- user: fonzie
worker_processes: 10
sendfile: "off"
include: /opt/nginx.conf.d/*.conf
filename: '{{ filename }}'
tasks:
- name: write the config file
template: src=/opt/nginx.conf dest=/opt/{{ filename }}.conf

执行:
# ansible-playbook nginx-reload.yml -e 'filename=fonzie'

配置文件如下:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user {{ user }};
worker_processes {{ worker_processes }};
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}


http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile {{ sendfile }};
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include {{ include }};
}

执行后会在被控服务器的/opt下面生成一个fonzie.conf的文件,并且该文件的内容和服务器端的是一致的,只不过配置文件中的{{ .... }}内容会被替换成vars中的值。

最终生成文件:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user fonzie;
worker_processes 10;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}


http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile off;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /opt/nginx.conf.d/*.conf;
}

以上加粗的为替换后的值。
这里有一点要注意了在yml中我变量sendfile的值中添加了单引号,如果不添加单引号会被转义成False。


hosts:
被控主机或者组,必须存在/etc/ansible/hosts(默认)中


remote_user:
连接被控主机时使用的用户名,在ansible 1.4之后版本中添加


order:
连接被控主机时使用的顺序
参数:
inventory:默认这个,以ini文件中被提供的顺序
reverse_inventory:颠倒inventory中的顺序
sorted:按照主机字母排序
reverse_sorted:按照主机的方向排序
shuffle:随机执行(但是我测试过程中没有发生过变化,可能是我的机器太少的原因)



tasks:
任务,即本次连接被控主机后需要的操作,有些模块只能在tasks下使用
每一个tasks必须有一个名称,这样才能在多个tasks运行时知道那个是那个任务。
在之后,传统执行模块的方式是action: module options,但是这种方法已经开始慢慢被遗弃了,现在官方推荐的方法是 module: options.



name:
添加说明,可用于任何等级



become:
是否调用sudo权限,如果是老版本中使用的是sudo。



ping:
ping模块用于检测连通性
---
- hosts: web
order: shuffle
tasks:
- name: ping hosts
ping:
remote_user: vperson
become: yes



become_method:
选择提权的方式一般有sudo和su
---
- hosts: web
order: sorted
tasks:
- name: Restart nginx services
remote_user: vperson
ping:
become: yes
become_method: sudo
如果sudo设置了免密码就可以直接执行,如果没有设置免密码需要或者调用方式为su时,就需要在执行命令行时加上--ask-become-pass或者使用--ask-sudo-pass(-k),如果输入密码,我测试的时候是直接输入root用户的密码,而不是和我们以往的使用中输入的是当前用户的密码。




service:
服务模块一般用于控制服务的启动、停止、重启等,当然还有其他功能。从这里看出一般模块都是符合key=value格式的。
---
- hosts: web
order: sorted
tasks:
- name: Restart nginx services
remote_user: vperson
service: name=nginx state=restarted
become: yes



command 和 shell:
只能接受一个参数列表,而不能接受键值对(key=value)
在使用command和shell时注意ansible自带一个去重策略:
---
- hosts: web
tasks:
- name: command broadcast notice
remote_user: vperson
command: wall "hello command"
command: wall "hello command2"
become: yes

出现了两个command,第一个会被忽略,只执行第二个。


---
- hosts: web
tasks:
- name: command broadcast notice
remote_user: vperson
command: wall "hello command"
command: wall "hello command2"
become: yes
tasks:
- name: shell broadcast notice
remote_user: vperson
shell: wall "hello shell"
shell: wall "hello shell2"
become: yes

像上面这种情况我们需要吧shell理解为command,也就是说出现了4个command,而真真会被执行的只有wall "hello shell2"。

如果执行command或者shell时,正确的结果返回的为非零,一共有两种解决方法:
---
- hosts: web
tasks:
- name: command broadcast notice
remote_user: vperson
command: /usr/bin/asdfas || /bin/true

这种方法是可行的,只不过在执行ansible后echo $?返回的可能还是非零的不是很容易排错,建议使用ansible只带的错误忽略,执行后哪怕报错,echo $?还是0
---
- hosts: web
tasks:
- name: command broadcast notice
remote_user: vperson
command: /usr/bin/asdfas
ignore_errors: True


# ansible-playbook nginx-reload.yml

PLAY [web] **********************************************************************************

TASK [Gathering Facts] **********************************************************************
ok: [192.168.1.109]
ok: [192.168.1.111]

TASK [command broadcast notice] *************************************************************
fatal: [192.168.1.109]: FAILED! => {"changed": false, "cmd": "/usr/bin/asdfas", "msg": "[Errno 2] 没有那个文件或目录", "rc": 2}
...ignoring
fatal: [192.168.1.111]: FAILED! => {"changed": false, "cmd": "/usr/bin/asdfas", "msg": "[Errno 2] 没有那个文件或目录", "rc": 2}
...ignoring

PLAY RECAP **********************************************************************************
192.168.1.109 : ok=2 changed=0 unreachable=0 failed=0
192.168.1.111 : ok=2 changed=0 unreachable=0 failed=0

[root@vp-proxy playbooks]# echo $?
0




copy:
将本地的文件复制到远程。
---
- hosts: web
vars:
- user: fonzie
worker_processes: 10
sendfile: "off"
include: /opt/nginx.conf.d/*.conf
filename: '{{ filename }}'
tasks:
- name: write the config file
copy: src=/opt/nginx.conf dest=/opt/{{ filename }}.conf

执行:
# ansible-playbook nginx-reload.yml -e 'filename=wyy'

我们会发现他和template不一样,他只是单纯复制文件,并不会替换文件的内容。

notify:
通知,notify可以通知指定的handlers来完成指定操作,比如一个playbooks中修改了好多次nginx配置,但是只需要在最后一次修改完后重启nginx就可以了就可以用这个方法

而且ansible 2.2 以后的handlers有listen:
配置如下:
---
- hosts: web
vars:
- user: fonzie
worker_processes: 10
sendfile: "off"
include: /opt/nginx.conf.d/*.conf
filename: '{{ filename }}'
handlers:
- name: wall
service: name=nginx state=restarted
listen: "copy file"
tasks:
- name: write the config file
copy: src=/opt/nginx.conf dest=/opt/{{ filename }}.conf owner=vperson group=root mode=0644 force=yes
notify: "copy file"

执行:
# ansible-playbook nginx-reload.yml -e 'filename=z'

PLAY [web] **********************************************************************************

TASK [Gathering Facts] **********************************************************************
ok: [192.168.1.109]
ok: [192.168.1.111]

TASK [write the config file] ****************************************************************
changed: [192.168.1.111]
changed: [192.168.1.109]

RUNNING HANDLER [wall] **********************************************************************
changed: [192.168.1.109]
changed: [192.168.1.111]

PLAY RECAP **********************************************************************************
192.168.1.109 : ok=3 changed=2 unreachable=0 failed=0
192.168.1.111 : ok=3 changed=2 unreachable=0 failed=0

红色部分为触发的效果,这里有一个注意点,就是比如我们上面的操作,如果复制的配置文件名和被控端相同,并且配置文件内容和被控端相同,是不会触发handlers的,触发文件名或者文件内容不相同才会触发。






你可能感兴趣的:(Ansible学习)