ansible简单入门

ansible的安装

由于ansible所在的源为epel源,所以需要先配置epel

[root@localhost ~]# vi /etc/yum.repos.d/bp.repo
[epel]
name=epel
baseurl=https://mirrors.aliyun.com/epel/7/x86_64/
gpgcheck=0
~              

配置完毕后使用yum安装

[root@localhost ~]# yum install ansible -y

ansible的相关配置文件

配置文件

/etc/ansible/ansible.cfg        #主配置文件,配置ansible工作特性
/etc/ansible/hosts              #主机清单
/etc/ansible/roles              #存放角色的目录

程序

/usr/bin/ansible                #主程序,临时命令执行工具
/usr/bin/ansible-doc            #查看配置文档,模块功能查看工具
/usr/bin/ansible-galaxy         #下载/上传优秀代码或Roles模块的官网平台
/usr/bin/ansible-playbook       #定制自动化任务,编排剧本工具/usr/bin/ansiblepull 远程执行命令的工具
/usr/bin/ansible-vault          #文件加密工具
/usr/bin/ansible-console        #基于Console界面与用户交互的执行工具

配置文件ansible.cfg

[defaults]
#inventory      = /etc/ansible/hosts                        #主机列表配置文件
#library        = /usr/share/my_modules/                    #库文件存放目录
#remote_tmp     = ~/.ansible/tmp                            #临时py命令文件存放在远程主机目录
#local_tmp      = ~/.ansible/tmp                            #本机的临时命令执行目录
#forks          = 5                                         #默认的并发数
#sudo_user      = root                                      #默认sudo用户
#ask_sudo_pass = True                                       
#ask_pass      = True                                       #每次执行ansible命令是否询问ssh密码
#remote_port    = 22                                        #目标主机端口默认22
#host_key_checking = False                                  #检查对应服务器的host_key
#log_path = /var/log/ansible.log                            #日志文件
#module_name = command                                      #默认使用模块

以上为ansible的配置文件,一般保持默认无需改变
但建议将以下配置做修改(以下所有案例都基于这3项被修改的情况)

host_key_checking = False                           #此行注释去除,否则每次将检查主机的host_key
log_path = /var/log/ansible.log                     #将日志文件打开,方便查看操作日志
module_name = shell                                 #将默认的模块改为shell,command模块功能太弱

inventory主机清单

ansible的主要功能在于批量主机操作,为了便捷地使用其中的部分主机,可以在inventroy file中将棋分组命名
ansible中默认的inventory file为/etc/ansible/hosts
inventory file可以手动生成,也可以动态生成

主机清单的格式

inventry文件遵循INI文件风格
例:

[websever]                      #中括号中的字符为组名
192.168.73.134
192.168.73.135:9527             #如果目标主机使用了非标的ssh端口可以在主机名后跟上端口号
[appsever]                      #
192.168.73.134                  #同一主机可以归类至不同的组中。
192.168.73.[01:10]              #如果主机名遵循相似的命名模式,还可以使用列表的方式来标识各主机

ansible的基本使用

在ansible使用之前需要先配置好主机文件
配置主机文件

[root@ansible ~]# vim /etc/ansible/hosts 
[webserver]
192.168.73.134
192.168.73.135

[appserver]
192.168.73.135

主机配置完毕,开始执行管理命令

ansible的用法

ansible通过ssh实现配置管理、应用部署、任务执行等功能。
语法:

ansible  [-m module_name] [-a args]
选项 说明
--version 显示版本
-m module 指定模块,默认为command,可以通过修改配置文件进行修改
-v 显示详细过程 -vv -vvv可以显示更加详细的内容
--list-hosts 显示主机列表,可以缩写--list
-k 提示输入ssh连接密码,默认KEY验证
-C 检查不执行
-T,--timeout=TIMEOUT 执行命令的超时时长
-u,--user=REMOTE_USER 指定远程执行的用户
-b,--become 代替旧版的sudo其替换
--become-user=USERNAME 指定sudo的runas用户,默认为root
-K,--ask-become-pass 提示输入sudo时的口令

ansible模块

ping模块

ping 用来测试主机的连通性
使用ansible-doc命令可以查看模块用法,使用-s可以简单的查看简单相关用法

[root@ansible ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
  ping:
      data:                  # Data to return for the `ping' return value. If this
                               parameter is set to `crash',
                               the module will cause an
                               exception.

测试1:
使用ping模块进行测试时报错,提示错误,因为默认为key连接由于没有配置key所以报错

[root@ansible ~]# ansible 192.168.73.134 -m ping
192.168.73.134 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).", 
    "unreachable": true
}

测试2:
带上-k选项后

[root@ansible ~]# ansible 192.168.73.134 -m ping -k
SSH password: 
192.168.73.134 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

测试3:
使用组名,由于此处只给与一次输入密码,所以要确保被管理的两台主机必须要密码相同

[root@ansible ~]# ansible webserver -m ping -k
SSH password: 
192.168.73.134 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.73.135 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

测试4:
指定由哪个用户执行操作

[root@ansible ~]# ansible webserver -m ping -u masuri -k
SSH password: 
192.168.73.135 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.73.134 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

测试5:
使用-b让普通用户用sudo的方法进行操作,如果没有授予sudo的权限,会失败

[root@ansible ~]# ansible webserver -m ping -u masuri -k -b
SSH password: 
192.168.73.134 | FAILED! => {
    "changed": false, 
    "module_stderr": "Shared connection to 192.168.73.134 closed.\r\n", 
    "module_stdout": "sudo: a password is required\r\n", 
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", 
    "rc": 1
}
192.168.73.135 | FAILED! => {
    "changed": false, 
    "module_stderr": "Shared connection to 192.168.73.135 closed.\r\n", 
    "module_stdout": "sudo: a password is required\r\n", 
    "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", 
    "rc": 1
}

测试6:
分别授予sudo权限后再次测试,此次带上-K选项,表示输入sudo口令执行命令,若要不输入口令,可以在sudo的配置文件中使用NOPASSWD选项。(一般不常用)

[root@ansible ~]# ansible webserver -m ping -u masuri -k -b -K
SSH password: 
SUDO password[defaults to SSH password]: 
192.168.73.135 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.73.134 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

以上为基于密钥的验证方法,ansible真正在生产环境中使用时还是需要基于key的验证方法
基于key的验证方法
在ansible主机上创建私钥文件

[root@ansible ~]# ssh-keygen -t rsa -P "" -f .ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in .ssh/id_rsa.
Your public key has been saved in .ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UAFYDd5EBqFIyC81+UYk9DZ3lRDZ3XUkr4K/FetFu+c root@ansible
The key's randomart image is:
+---[RSA 2048]----+
|..ooo+*B*+=.o o.=|
|.o =++ =...o . +.|
|  + =+o...      .|
| . ..oo..  .   . |
|  . .   S . . o .|
|           . . +.|
|            . o..|
|             + .o|
|            . .oE|
+----[SHA256]-----+

将公钥复制到被管理的主机

[root@ansible ~]# ssh-copy-id 192.168.73.134
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.73.134'"
and check to make sure that only the key(s) you wanted were added.

[root@ansible ~]# ssh-copy-id 192.168.73.135
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.73.135'"
and check to make sure that only the key(s) you wanted were added.

测试7:
此时再使用ping模块时不再需要带任何参数

[root@ansible ~]# ansible webserver -m ping 
192.168.73.134 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.73.135 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

shell模块

shell模块用于执行shell命令
查看

[root@ansible ~]# ansible-doc -s shell
- name: Execute commands in nodes.
  shell:
      chdir:                 # cd into this directory before running the command
      creates:               # a filename, when it already exists, this step will *not* be
                               run.
      executable:            # change the shell used to execute the command. Should be an
                               absolute path to the
                               executable.
      free_form:             # (required) The shell module takes a free form command to
                               run, as a string.  There's
                               not an actual option named
                               "free form".  See the
                               examples!
      removes:               # a filename, when it does not exist, this step will *not* be
                               run.
      stdin:                 # Set the stdin of the command directly to the specified
                               value.
      warn:                  # if command warnings are on in ansible.cfg, do not warn about
                               this particular line if set
                               to no/false.

示例1:
使用shell来修改用户口令

[root@ansible ~]# ansible webserver -m shell -a 'echo 123456 | passwd --stdin masuri'
192.168.73.134 | CHANGED | rc=0 >>
Changing password for user masuri.
passwd: all authentication tokens updated successfully.

192.168.73.135 | CHANGED | rc=0 >>
Changing password for user masuri.
passwd: all authentication tokens updated successfully.

示例2:
在shell模块中使用变量时参数需要使用单引号,若使用双引号则变量指向的是本机的值

#单引号效果
[root@ansible ~]# ansible webserver -m shell -a 'echo $HOSTNAME'
192.168.73.134 | CHANGED | rc=0 >>
web1

192.168.73.135 | CHANGED | rc=0 >>
web2
#双引号的效果
[root@ansible ~]# ansible webserver -m shell -a "echo $HOSTNAME"
192.168.73.135 | CHANGED | rc=0 >>
ansible

192.168.73.134 | CHANGED | rc=0 >>
ansible

示例3:
使用shell重定向

[root@ansible ~]# ansible webserver -m shell -a 'chdir=/data echo welcome to magedu > test.log'
192.168.73.135 | CHANGED | rc=0 >>

192.168.73.134 | CHANGED | rc=0 >>

#查看重定向是否成功
[root@ansible ~]# ansible webserver -m shell -a 'chdir=/data cat test.log'
192.168.73.135 | CHANGED | rc=0 >>
welcome to magedu

192.168.73.134 | CHANGED | rc=0 >>
welcome to magedu

示例4:
使用sed对文件进行修改

[root@ansible ~]# ansible webserver -m shell -a 'sed -i "s/welcome to magedu/welcome to mylinuxops/" /data/test.log'
 [WARNING]: Consider using the replace, lineinfile or template module rather than running
'sed'.  If you need to use command because replace, lineinfile or template is insufficient
you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.

192.168.73.134 | CHANGED | rc=0 >>

192.168.73.135 | CHANGED | rc=0 >>

#验证是否修改
[root@ansible ~]# ansible webserver -m shell -a 'cat /data/test.log'
192.168.73.134 | CHANGED | rc=0 >>
welcome to mylinuxops

192.168.73.135 | CHANGED | rc=0 >>
welcome to mylinuxops

script模块

script 模块是在远程主机上运行ansible服务器上的脚本
示例1:

[root@ansible ~]# vim hello.sh      #构建出一个简单的脚本
#!/bin/bash
echo "hello world"
[root@ansible ~]# chmod +x hello.sh
[root@ansible ~]# ansible webserver -m script -a '/root/hello.sh'
192.168.73.134 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.73.134 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 192.168.73.134 closed."
    ], 
    "stdout": "hello world\r\n", 
    "stdout_lines": [
        "hello world"
    ]
}
192.168.73.135 | CHANGED => {
    "changed": true, 
    "rc": 0, 
    "stderr": "Shared connection to 192.168.73.135 closed.\r\n", 
    "stderr_lines": [
        "Shared connection to 192.168.73.135 closed."
    ], 
    "stdout": "hello world\r\n", 
    "stdout_lines": [
        "hello world"
    ]
}

copy模块

copy 从主控端复制文件到远程主机

参数 说明
src 本机的源文件位置
dest 目标主机存放文件位置
owner 修改属主
group 修改属组
mode 修改权限
backup 备份,copy时文件若是存在会直接覆盖
content 指定生成文件的内容

示例1:
复制本机文件到远程主机,并修改属主,修改权限,

[root@ansible ~]# ansible webserver -m copy -a 'src=/etc/fstab dest=/data/fstab2 owner=masuri mode=666 backup=yes'
192.168.73.134 | CHANGED => {
    "changed": true, 
    "checksum": "e18dfdc22b5e67945358018dfcca8f1c8b25722c", 
    "dest": "/data/fstab2", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "4c98128827229df5554dee614d84d607", 
    "mode": "0666", 
    "owner": "masuri", 
    "size": 595, 
    "src": "/root/.ansible/tmp/ansible-tmp-1556157419.7-268980429666588/source", 
    "state": "file", 
    "uid": 1000
}
192.168.73.135 | CHANGED => {
    "changed": true, 
    "checksum": "e18dfdc22b5e67945358018dfcca8f1c8b25722c", 
    "dest": "/data/fstab2", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "4c98128827229df5554dee614d84d607", 
    "mode": "0666", 
    "owner": "masuri", 
    "size": 595, 
    "src": "/root/.ansible/tmp/ansible-tmp-1556157419.7-28176178316202/source", 
    "state": "file", 
    "uid": 1000
}

示例2:
使用content直接生成文件

[root@ansible ~]# ansible webserver -m copy -a 'content="hello word\nwelcome to mylinuxops\n" dest=/data/test1'
192.168.73.134 | CHANGED => {
    "changed": true, 
    "checksum": "89b51930dc2793a1ea796637d25b982d1c93aa90", 
    "dest": "/data/test1", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "b16c04a75e320a9862568401301b6b02", 
    "mode": "0644", 
    "owner": "root", 
    "size": 33, 
    "src": "/root/.ansible/tmp/ansible-tmp-1556158261.88-98867568897388/source", 
    "state": "file", 
    "uid": 0
}
192.168.73.135 | CHANGED => {
    "changed": true, 
    "checksum": "89b51930dc2793a1ea796637d25b982d1c93aa90", 
    "dest": "/data/test1", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "b16c04a75e320a9862568401301b6b02", 
    "mode": "0644", 
    "owner": "root", 
    "size": 33, 
    "src": "/root/.ansible/tmp/ansible-tmp-1556158261.89-218330298518724/source", 
    "state": "file", 
    "uid": 0
}

#验证
[root@ansible ~]# ansible webserver -a 'cat /data/test1'
192.168.73.135 | CHANGED | rc=0 >>
hello word
welcome to mylinuxops

192.168.73.134 | CHANGED | rc=0 >>
hello word
welcome to mylinuxops

fetch模块

fetch 从远程主机提取文件至主控端,只能提取文件,若要提取目录可以将目录先打包

参数 说明
dest 在主控端存放文件的位置
src 远程主机所要提取的文件

示例1:
将远程主机的/etc/fstab,抓取至本地的/data

[root@ansible ~]# ansible webserver -m fetch -a 'dest=/data src=/etc/fstab'
192.168.73.135 | CHANGED => {
    "changed": true, 
    "checksum": "e18dfdc22b5e67945358018dfcca8f1c8b25722c", 
    "dest": "/data/192.168.73.135/etc/fstab", 
    "md5sum": "4c98128827229df5554dee614d84d607", 
    "remote_checksum": "e18dfdc22b5e67945358018dfcca8f1c8b25722c", 
    "remote_md5sum": null
}
192.168.73.134 | CHANGED => {
    "changed": true, 
    "checksum": "e18dfdc22b5e67945358018dfcca8f1c8b25722c", 
    "dest": "/data/192.168.73.134/etc/fstab", 
    "md5sum": "4c98128827229df5554dee614d84d607", 
    "remote_checksum": "e18dfdc22b5e67945358018dfcca8f1c8b25722c", 
    "remote_md5sum": null
}

示例2:
将远程/etc/目录抓取至本地的/data

#抓取目录分两步走,先打包
[root@ansible ~]# ansible webserver -a 'tar Jcf /data/etc.tar.xz /etc'
 [WARNING]: Consider using the unarchive module rather than running 'tar'.  If you need to
use command because unarchive is insufficient you can add 'warn: false' to this command
task or set 'command_warnings=False' in ansible.cfg to get rid of this message.

192.168.73.135 | CHANGED | rc=0 >>
tar: Removing leading `/' from member names

192.168.73.134 | CHANGED | rc=0 >>
tar: Removing leading `/' from member names

#提取打包文件
[root@ansible ~]# ansible webserver -m fetch -a 'dest=/data  src=/data/etc.tar.xz'
192.168.73.135 | CHANGED => {
    "changed": true, 
    "checksum": "2c7d756eff60249623f58d2ebec290848c4dea89", 
    "dest": "/data/192.168.73.135/data/etc.tar.xz", 
    "md5sum": "b20b3a78bcfd25d09d9ce2c9b7beeba3", 
    "remote_checksum": "2c7d756eff60249623f58d2ebec290848c4dea89", 
    "remote_md5sum": null
}
192.168.73.134 | CHANGED => {
    "changed": true, 
    "checksum": "c95913f7a079f6c1fb31016105b524685a21cb2d", 
    "dest": "/data/192.168.73.134/data/etc.tar.xz", 
    "md5sum": "e075e6d2681d7dbedaf070ad81ebd3e3", 
    "remote_checksum": "c95913f7a079f6c1fb31016105b524685a21cb2d", 
    "remote_md5sum": null
}

File模块

File模块可以设置文件的属性

参数 说明
access_time 访问时间
access_time_format 时间格式
attributes attr格式
force 当软连接的源文件不存在时使用
group 设置文件的属组
mode 设置文件的权限
modification_time 文件修改时间
modification_time_format 文件修改时间格式
owner 设置文件的属主
path 被管理的文件路径
src 指定软硬链接的源文件位置
state 设置文件的类型,file:文件不存在时不会被创建,link:创建软连接,hard:创建硬连接,absent:删除文件,touch:创建空文件

示例1:
修改文件的属主,权限

[root@ansible data]# ansible webserver -m file -a 'path=/data/test1 owner=masuri mode=777'
192.168.73.134 | CHANGED => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "masuri", 
    "path": "/data/test1", 
    "size": 33, 
    "state": "file", 
    "uid": 1000
}
192.168.73.135 | CHANGED => {
    "changed": true, 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "masuri", 
    "path": "/data/test1", 
    "size": 33, 
    "state": "file", 
    "uid": 1000
}

#查看属性
[root@ansible data]# ansible webserver -a 'ls -l /data/test1'
192.168.73.135 | CHANGED | rc=0 >>
-rwxrwxrwx 1 masuri root 33 Apr 25 10:11 /data/test1

192.168.73.134 | CHANGED | rc=0 >>
-rwxrwxrwx 1 masuri root 33 Apr 25 10:11 /data/test1

示例2:
创建硬连接,state=hard

[root@ansible data]# ansible webserver -m file -a 'src=/data/test1 name=/data/test1.log state=hard'
192.168.73.134 | CHANGED => {
    "changed": true, 
    "dest": "/data/test1.log", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "masuri", 
    "size": 33, 
    "src": "/data/test1", 
    "state": "hard", 
    "uid": 1000
}
192.168.73.135 | CHANGED => {
    "changed": true, 
    "dest": "/data/test1.log", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "masuri", 
    "size": 33, 
    "src": "/data/test1", 
    "state": "hard", 
    "uid": 1000
}
#查看文件
[root@ansible data]# ansible webserver -a 'ls -l /data/test1.log'
192.168.73.134 | CHANGED | rc=0 >>
-rwxrwxrwx 2 masuri root 33 Apr 25 10:11 /data/test1.log

192.168.73.135 | CHANGED | rc=0 >>
-rwxrwxrwx 2 masuri root 33 Apr 25 10:11 /data/test1.log

示例3:
创建软连接,state=link

[root@ansible data]# ansible webserver -m file -a 'src=/data/test1 name=/data/123 state=link'
192.168.73.135 | CHANGED => {
    "changed": true, 
    "dest": "/data/123", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 11, 
    "src": "/data/test1", 
    "state": "link", 
    "uid": 0
}
192.168.73.134 | CHANGED => {
    "changed": true, 
    "dest": "/data/123", 
    "gid": 0, 
    "group": "root", 
    "mode": "0777", 
    "owner": "root", 
    "size": 11, 
    "src": "/data/test1", 
    "state": "link", 
    "uid": 0
}
#验证
[root@ansible data]# ansible webserver -a 'ls -l /data/123'
192.168.73.135 | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 11 Apr 25 10:56 /data/123 -> /data/test1

192.168.73.134 | CHANGED | rc=0 >>
lrwxrwxrwx 1 root root 11 Apr 25 10:56 /data/123 -> /data/test1

示例4:
创建空文件,state=touch

[root@ansible data]# ansible webserver -m file -a 'path=/data/test2 state=touch'
192.168.73.134 | CHANGED => {
    "changed": true, 
    "dest": "/data/test2", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}
192.168.73.135 | CHANGED => {
    "changed": true, 
    "dest": "/data/test2", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "size": 0, 
    "state": "file", 
    "uid": 0
}
#验证
[root@ansible data]# ansible webserver -a 'ls -l /data/test2'
192.168.73.135 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Apr 25 10:59 /data/test2

192.168.73.134 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 0 Apr 25 10:59 /data/test2

示例5:
删除文件,state=absent

[root@ansible data]# ansible webserver -m file -a 'path=/data/test2 state=absent'
192.168.73.134 | CHANGED => {
    "changed": true, 
    "path": "/data/test2", 
    "state": "absent"
}
192.168.73.135 | CHANGED => {
    "changed": true, 
    "path": "/data/test2", 
    "state": "absent"
}
#验证
[root@ansible data]# ansible webserver -a 'ls -l /data/test2'
192.168.73.135 | FAILED | rc=2 >>
ls: cannot access /data/test2: No such file or directorynon-zero return code

192.168.73.134 | FAILED | rc=2 >>
ls: cannot access /data/test2: No such file or directorynon-zero return code

hostname 模块

hostname 管理主机名

参数 说明
name 设置主机名

示例:

[root@ansible data]# ansible 192.168.73.134 -m hostname -a 'name=mylinuxops.com'
192.168.73.134 | CHANGED => {
    "ansible_facts": {
        "ansible_domain": "com", 
        "ansible_fqdn": "mylinuxops.com", 
        "ansible_hostname": "mylinuxops", 
        "ansible_nodename": "mylinuxops.com"
    }, 
    "changed": true, 
    "name": "mylinuxops.com"
}

cron 模块

corn 计划任务模块

参数 说明
backup 在计划任务创建前先备份
day
hour 小时
minute 分钟
month
weekday 星期
name 计划任务的名称
reboot 重启后执行
state absent:删除
job 计划任务的内容
disabled 启用和禁用

示例1:
创建计划任务,每天1点备份/etc/目录

[root@ansible data]# ansible webserver -m cron -a 'name=backupetc hour=1 job="/usr/bin/cp -a /etc /data/`date +%F`"'
192.168.73.135 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "backupetc"
    ]
}
192.168.73.134 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "backupetc"
    ]
}
#验证
[root@ansible data]# ansible webserver -a 'crontab -l'
192.168.73.134 | CHANGED | rc=0 >>
#Ansible: backupetc
* 1 * * * /usr/bin/cp -a /etc /data/`date +%F`

192.168.73.135 | CHANGED | rc=0 >>
#Ansible: backupetc
* 1 * * * /usr/bin/cp -a /etc /data/`date +%F`

示例2:
计划任务的禁用,disabled=true

[root@ansible data]# ansible webserver -m cron -a 'name=backupetc day=* hour=1 job="/usr/bin/cp -a /etc /data/`date +%F`" disabled=true'
192.168.73.135 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "backupetc"
    ]
}
192.168.73.134 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "backupetc"
    ]
}
#验证
[root@ansible data]# ansible webserver -a 'crontab -l'
192.168.73.135 | CHANGED | rc=0 >>
#Ansible: backupetc
#* 1 * * * /usr/bin/cp -a /etc /data/`date +%F`

192.168.73.134 | CHANGED | rc=0 >>
#Ansible: backupetc
#* 1 * * * /usr/bin/cp -a /etc /data/`date +%F`

示例3:
计划任务的启用,disabled=false

[root@ansible data]# ansible webserver -m cron -a 'name=backupetc day=* hour=1 job="/usr/bin/cp -a /etc /data/`date +%F`" disabled=false'
192.168.73.135 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "backupetc"
    ]
}
192.168.73.134 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": [
        "backupetc"
    ]
}
#验证:
[root@ansible data]# ansible webserver -a 'crontab -l'
192.168.73.135 | CHANGED | rc=0 >>
#Ansible: backupetc
* 1 * * * /usr/bin/cp -a /etc /data/`date +%F`

192.168.73.134 | CHANGED | rc=0 >>
#Ansible: backupetc
* 1 * * * /usr/bin/cp -a /etc /data/`date +%F

示例4:
删除计划任务,state=absent

[root@ansible data]# ansible webserver -m cron -a 'name=backupetc day=* hour=1 job="/usr/bin/cp -a /etc /data/`date +%F`" state=absent'
192.168.73.134 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
192.168.73.135 | CHANGED => {
    "changed": true, 
    "envs": [], 
    "jobs": []
}
[root@ansible data]# ansible webserver -a 'crontab -l'
192.168.73.135 | CHANGED | rc=0 >>

192.168.73.134 | CHANGED | rc=0 >>

yum 模块

yum 包管理

参数 说明
name 包的名字
state present:安装(可缺省),absent:卸载

示例:
按装httpd

[root@ansible data]# ansible webserver -m yum -a 'name=httpd'
192.168.73.135 | CHANGED => {
    "ansible_facts": {
...省略...
}

#验证
[root@ansible data]# ansible webserver -a 'rpm -q httpd'
 [WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.  If you need to use command
because yum, dnf or zypper is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.

192.168.73.134 | CHANGED | rc=0 >>
httpd-2.4.6-88.el7.centos.x86_64

192.168.73.135 | CHANGED | rc=0 >>
httpd-2.4.6-88.el7.centos.x86_64

示例2:
卸载httpd

[root@ansible data]# ansible webserver -m yum -a 'name=httpd state=absent'
192.168.73.134 | CHANGED => {
    "ansible_facts": {
        "pkg_mgr": "yum"
    }, 
    "changed": true, 
    "msg": "", 
....省略

#验证
[root@ansible data]# ansible webserver -a 'rpm -q httpd'
 [WARNING]: Consider using the yum, dnf or zypper module rather than running 'rpm'.  If you need to use command
because yum, dnf or zypper is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.

192.168.73.134 | FAILED | rc=1 >>
package httpd is not installednon-zero return code

192.168.73.135 | FAILED | rc=1 >>
package httpd is not installednon-zero return code

service 模块

service 用来管理服务

参数 说明
enabled 是否开机启动
name 服务名称
runlevel 运行在哪个级别上
state started:启动,stopped:停止,reloaded:重读配置文件,restarted:重启服务

示例1:
启动httpd服务

[root@ansible ~]# ansible webserver -m service -a 'name=httpd state=started'
;^H192.168.73.135 | CHANGED => {
    "changed": true, 
    "name": "httpd", 
    "state": "started", 
    "status": {
        "ActiveEnterTimestampMonotonic": "0", 
        "ActiveExitTimestampMonotonic": "0", 
...省略
#验证
[root@ansible ~]# ansible webserver  -a 'ss -tnl | grep 80 '
192.168.73.134 | CHANGED | rc=0 >>
LISTEN     0      128         :::80                      :::*                  

192.168.73.135 | CHANGED | rc=0 >>
LISTEN     0      128         :::80                      :::*                  

user 模块

user 用户管理模块

参数 说明
name 指定用户名
system 系统用户
create_home 创建家目录
shell 指定shell类型
group 指定主组
groups 指定附加组
remove 删除用户是删除家目录
state absent:删除用户
uid 指定Uid号

示例:
创建mysql用户,为系统用户,shell类型为/sbin/nologin

[root@ansible ~]# ansible webserver -m user -a 'name=mysql system=yes shell=/sbin/nologin'
192.168.73.135 | CHANGED => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 996, 
    "home": "/home/mysql", 
    "name": "mysql", 
    "shell": "/sbin/nologin", 
    "state": "present", 
    "system": true, 
    "uid": 998
}
192.168.73.134 | CHANGED => {
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 996, 
    "home": "/home/mysql", 
    "name": "mysql", 
    "shell": "/sbin/nologin", 
    "state": "present", 
    "system": true, 
    "uid": 998
#验证
[root@ansible ~]# ansible webserver -a 'getent passwd mysql'
192.168.73.135 | CHANGED | rc=0 >>
mysql:x:998:996::/home/mysql:/sbin/nologin

192.168.73.134 | CHANGED | rc=0 >>
mysql:x:998:996::/home/mysql:/sbin/nologin

示例2
删除账号,删除账号时需要带上remove参数,默认不会删除用户的家目录

[root@ansible ~]# ansible webserver -m user -a 'name=mysql remove=yes state=absent'
192.168.73.135 | CHANGED => {
    "changed": true, 
    "force": false, 
    "name": "mysql", 
    "remove": true, 
    "state": "absent", 
    "stderr": "userdel: mysql mail spool (/var/spool/mail/mysql) not found\n", 
    "stderr_lines": [
        "userdel: mysql mail spool (/var/spool/mail/mysql) not found"
    ]
}
192.168.73.134 | CHANGED => {
    "changed": true, 
    "force": false, 
    "name": "mysql", 
    "remove": true, 
    "state": "absent", 
    "stderr": "userdel: mysql mail spool (/var/spool/mail/mysql) not found\n", 
    "stderr_lines": [
        "userdel: mysql mail spool (/var/spool/mail/mysql) not found"
    ]
}

ansible-console

ansible-console为可交互的ansible工具

[root@ansible ~]# ansible-console
Welcome to the ansible console.
Type help or ? to list commands.

root@all (2)[f:5]$ 
#all:为当前的所有主机,切换组可以使用cd + 组名 的方式
#2:主机数
#f:5 并行执行数,设置并发数 fork + NUM

ansible的playbook

ansible playbook 为ansible的脚本,其是由yaml语言构成,这种语言对格式的要求非常高。

yaml语言格式要求

1.在单一档案中,可以用连续三个连字号(---)区分多个档案,另外,还有选择性的连续三个点号_(...)来表示档案的结尾
2.此行开始正常写playbook的内容,一般建议写明该playbook的功能
3.使用#注释代码
4.缩进必须统一的,不能空格和tab混用
5.缩进的级别也必须是一致的,同样的缩进代表同样的级别,程序判别配置的级别是通过缩进结合换行来实现的
6.YAML文件内容是区分大小写的,k/v的值均需大小写敏感
7.多个k/v可以同行写也可以换行写,同行使用,分割
8.v可以是个字符串,也可以是另一个列表
9.一个完整的代码块功能需最少元素包括name和task
10.一个name只能包括一个task
11.YAML文件扩展名通常为yaml或yml

示例1:

[root@ansible data]# vim hello.yaml
---
#hello world
  - host: webserver
    remote_user: root

    task:
      - name: hello world
        shell: /usr/bin/wall hello world
~                                   

示例2:
安装httpd
1.准备好httpd配置文件

[root@ansible data]# vim httpd.conf 
Listen 8080

2.编写yaml文件

---
#install httpd
  - hosts: webserver
    remote_user: root

    tasks:
      - name: install
        yum: name=httpd
      - name: config
        copy: src=/data/httpd.conf dest=/etc/httpd/httpd.conf
      - name: service
        service: name=httpd state=started
      - name: check
        shell: ss -tnl | grep 8080

3.检查是否有语法错误

[root@ansible data]# ansible-playbook -C httpd.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [install] **************************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [config] ***************************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [service] **************************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=4    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=4    changed=1    unreachable=0    failed=0   

4.执行yaml脚本

[root@ansible data]# ansible-playbook httpd.yaml

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [install] **************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [config] ***************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [service] **************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=4    changed=3    unreachable=0    failed=0   
192.168.73.135             : ok=4    changed=3    unreachable=0    failed=0   

5.校验

[root@ansible data]# ansible webserver -a 'ss -tnl | grep 8080'
192.168.73.134 | CHANGED | rc=0 >>
LISTEN     0      128         :::8080                    :::*                  

192.168.73.135 | CHANGED | rc=0 >>
LISTEN     0      128         :::8080                    :::*      

示例3:
创建mysql用户。
1.编写yaml文件

 [root@ansible data]# vim user.yml
---
#useradd
  - hosts: webserver
    remote_user: root

    tasks:
      - name: create group
        group: name=mysql gid=3306
      - name: create user
        user: name=mysql uid=3306 shell=/sbin/nologlin system=yes group=mysql create_home=no

2.检查语法

[root@ansible data]# ansible-playbook -C user.yml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [create group] *********************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [create user] **********************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=3    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=3    changed=2    unreachable=0    failed=0   

3.执行

[root@ansible data]# ansible-playbook  user.yml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [create group] *********************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [create user] **********************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=3    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=3    changed=2    unreachable=0    failed=0   

4.验证

[root@ansible data]# ansible webserver -a 'getent passwd mysql'
192.168.73.134 | CHANGED | rc=0 >>
mysql:x:3306:3306::/home/mysql:/sbin/nologlin

192.168.73.135 | CHANGED | rc=0 >>
mysql:x:3306:3306::/home/mysql:/sbin/nologlin

playbook中的notify和handler
当执行一个playbook时,第一次执行和第二次执行效果相同,当服务的配置文件发生变化时再次安装时已经启动的服务不会重启,此时就需要使用到notify。
notify的action可用于在每个play的最后被触发,这样可以避免多次有改变发生时每次都执行指定的操作,仅在所有的变化发生完成后一次性地执行指定操作。
notify是触发条件,headlers是执行的任务

示例1:
1.以httpd为例,刚才已经启动了HTTP服务,此时再次修改httpd.conf,将端口改为80

[root@ansible data]# vim /data/httpd.conf
Listen 80

2.对yaml文件进行修改,增加notify及handlers

[root@ansible data]# vim httpd.yaml 

---
#install httpd
  - hosts: webserver
    remote_user: root

    tasks:
      - name: install
        yum: name=httpd
      - name: config
        copy: src=/data/httpd.conf dest=/etc/httpd/conf/httpd.conf
        notify: restart service
      - name: service
        service: name=httpd state=started

    handlers:
      - name: restart service
        service: name=httpd state=restarted

3.检查语法

[root@ansible data]# ansible-playbook -C httpd.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [install] **************************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [config] ***************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [service] **************************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

RUNNING HANDLER [restart service] *******************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=5    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=2    unreachable=0    failed=0 

4.执行

[root@ansible data]# ansible-playbook  httpd.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [install] **************************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [config] ***************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [service] **************************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

RUNNING HANDLER [restart service] *******************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=5    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=2    unreachable=0    failed=0   

5.验证:

[root@ansible data]# ansible webserver -a 'ss -tnl |grep 80'
192.168.73.135 | CHANGED | rc=0 >>
LISTEN     0      128         :::80                      :::*                  

192.168.73.134 | CHANGED | rc=0 >>
LISTEN     0      128         :::80                      :::*  

ansible-playbook中标签的使用 tags

在playbook中添加标签可以让playbook在运行时,选择性的执行被标签的内容
示例:
再次将httpd.conf文件进行修改,将端口改为8080

[root@ansible data]# vim httpd.conf 
Listen 8080

对yaml文件进行贴标签

[root@ansible data]# vim httpd.yaml 
---
#install httpd
  - hosts: webserver
    remote_user: root

    tasks:
      - name: install
        yum: name=httpd
      - name: config
        copy: src=/data/httpd.conf dest=/etc/httpd/conf/httpd.conf
        notify: restart service
        tags: config
      - name: service
        service: name=httpd state=started

    handlers:
      - name: restart service
        service: name=httpd state=restarted

由于此时http服务已经安装,不需要再次安装此服务,我们只需要执行被标签的config部分就行,标签的config执行时,触发了handler的重启服务。

[root@ansible data]# ansible-playbook -t config httpd.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [config] ***************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

RUNNING HANDLER [restart service] *******************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=3    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=3    changed=2    unreachable=0    failed=0 

验证

[root@ansible data]# ansible webserver -a 'ss -tnl |grep 8080'
192.168.73.135 | CHANGED | rc=0 >>
LISTEN     0      128         :::8080                    :::*                  

192.168.73.134 | CHANGED | rc=0 >>
LISTEN     0      128         :::8080                    :::*  

我们也可以用贴多个相同的标签,让playbook执行标签时一次执行多个不同的操作
示例:
1.再次修改http端口将其改为80端口

[root@ansible data]# vim httpd.conf 
Listen 80

2.创建yaml文件

---
#install httpd
  - hosts: webserver
    remote_user: root

    tasks:
      - name: install
        yum: name=httpd
      - name: config
        copy: src=/data/httpd.conf dest=/etc/httpd/conf/httpd.conf
        tags: config
      - name: service       #service和restart service的标签相同
        service: name=httpd state=started
        tags: service
      - name: restart service
        service: name=httpd state=restarted
        tags: service

3.执行playbook

[root@ansible data]# ansible-playbook -t config -t service httpd.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [config] ***************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [service] **************************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [restart service] ******************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=4    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=4    changed=2    unreachable=0    failed=0 

4.验证

[root@ansible data]# ansible webserver -a 'ss -tnl |grep 80'
192.168.73.135 | CHANGED | rc=0 >>
LISTEN     0      128         :::80                      :::*                  

192.168.73.134 | CHANGED | rc=0 >>
LISTEN     0      128         :::80                      :::*   

playbook中的变量

变量命名规则:仅能由字母、数字和下划线组成,且只能以字母开头
变量来源:
1.ansible setup facts 远程主机的所有变量都可直接调用
示例:
此命令可以查看远程主机上所有已存在的各种变量,此处查看hostname的变量名

[root@ansible data]# ansible webserver -m setup -a 'filter=*hostname'
192.168.73.134 | SUCCESS => {
    "ansible_facts": {
        "ansible_hostname": "mylinuxops"
    }, 
    "changed": false
}
192.168.73.135 | SUCCESS => {
    "ansible_facts": {
        "ansible_hostname": "web2"
    }, 
    "changed": false
}

创建yaml文件,调用变量

[root@ansible data]# vim var.yaml

---
#test var
    - hosts: webserver
      remote_user: root

      tasks:
        - name: file
          file: name={{ansible_hostname}}.log state=touch

执行yaml

[root@ansible data]# ansible-playbook var.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [file] *****************************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0 

验证

[root@ansible data]# ansible webserver -a 'ls  /root'
192.168.73.134 | CHANGED | rc=0 >>
anaconda-ks.cfg
mylinuxops.log

192.168.73.135 | CHANGED | rc=0 >>
anaconda-ks.cfg
web2.log

2.变量可以定义在主机清单中
主机清单中的变量分为两种,普通变量和公共变量
普通变量:主机组中主机单独定义,优先级高于公共变量
公共变量:针对主机组中所有主机定义的统一变量
示例:
修改主机清单

[root@ansible data]# vim /etc/ansible/hosts 
[webserver]
192.168.73.134 port=80
192.168.73.135 port=8080

[webserver:vars]    #通用变量
mark="-"

创建playbook

[root@ansible data]# vim var.yaml 
---
#test var
- hosts: webserver
  remote_user: root

  tasks:
    - name: file
      file: name={{ansible_hostname}}{{mask}}{{port}}.log state=touch

执行剧本

[root@ansible data]# ansible-playbook var.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [file] *****************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0  

验证:

[root@ansible data]# ansible webserver -a 'ls /root'
192.168.73.135 | CHANGED | rc=0 >>
anaconda-ks.cfg
web2-8080.log
web2.log

192.168.73.134 | CHANGED | rc=0 >>
anaconda-ks.cfg
mylinuxops-80.log
mylinuxops.log

3.变量可以通过-e来定义
示例:
依旧使用刚才的剧本,直接在命令行添加-e选项

[root@ansible data]# ansible-playbook -e port=1234 var.yaml 
 [WARNING]: Found variable using reserved name: port

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [file] *****************************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0 

验证:

[root@ansible data]# ansible webserver -a 'ls /root'
192.168.73.135 | CHANGED | rc=0 >>
anaconda-ks.cfg
web2-1234.log
web2-8080.log
web2.log

192.168.73.134 | CHANGED | rc=0 >>
anaconda-ks.cfg
mylinuxops-1234.log
mylinuxops-80.log
mylinuxops.log

由此可以发现,通过命令行指定的变量优先级高于主机文件中定义的变量

4.在剧本中定义变量
vars:
-var1:value1
-var2:value2
示例:
在playbook中添加变量

[root@ansible data]# vim var.yaml 
---
#test var
- hosts: webserver
  remote_user: root
  var:
    - port: 4321

  tasks:
    - name: file
      file: name={{ansible_hostname}}{{mark}}{{port}}.log state=touch

执行playbook

[root@ansible data]# ansible-playbook  var.yaml 
 [WARNING]: Found variable using reserved name: port

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [file] *****************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0   

验证:

[root@ansible data]# ansible webserver -a 'ls /root'
192.168.73.134 | CHANGED | rc=0 >>
anaconda-ks.cfg
mylinuxops-1234.log
mylinuxops-4321.log
mylinuxops-80.log
mylinuxops.log

192.168.73.135 | CHANGED | rc=0 >>
anaconda-ks.cfg
web2-1234.log
web2-4321.log
web2-8080.log
web2.log

由此可以得出剧本中的变量优先级高于主机清单中的变量

5.变量定义在一个专用的变量文件中
示例:
创建一个存放变量的文件

[root@ansible data]# vim vars.yml
port: 9527

在playbook中调用变量

[root@ansible data]# vim var.yaml 
---
#test var
- hosts: webserver
  remote_user: root
  vars_files:
    - vars.yml
  vars:
    - port: 4321

  tasks:
    - name: file
      file: name={{ansible_hostname}}{{mark}}{{port}}.log state=touch

执行playbook

[root@ansible data]# ansible-playbook  var.yaml 
 [WARNING]: Found variable using reserved name: port

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [file] *****************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0 

检查

[root@ansible data]# ansible webserver -a 'ls /root'
192.168.73.135 | CHANGED | rc=0 >>
anaconda-ks.cfg
web2-1234.log
web2-4321.log
web2-8080.log
web2-9527.log
web2.log

192.168.73.134 | CHANGED | rc=0 >>
anaconda-ks.cfg
mylinuxops-1234.log
mylinuxops-4321.log
mylinuxops-80.log
mylinuxops-9527.log
mylinuxops.log

由此可见使用变量文件定义的变量优先级高于playbook中定义的变量

变量优先级的总结:
命令-e指定 > 变量文件 > playbook指定 > hosts文件

ansible的模板template

template可以根据模块文件动态生成相对应的配置文件。
template对文件的存放和命名有要求,template文件必须存放在templates目录下,并且以.j2后缀命名。
yaml文件需要和templates目录平级,目录结构如下。

[root@ansible data]# tree yaml/
yaml/
├── hello.yaml
├── httpd.yaml
└── templates
    └── test.conf.j2

示例1:
为主机列表中的主机安装nginx
编写yaml文件

[root@ansible ~]# vim nginx.yml

---
#install nginx
- hosts: webserver
  remote_user: root

  tasks:
    - name: package
      yum: name=nginx
    - name: service
      service: name=nginx state=started enabled=yes

执行

[root@ansible ~]# ansible-playbook nginx.yml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [package] **************************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [service] **************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=3    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=3    changed=1    unreachable=0    failed=0 

示例1:
用模板文件实现cpu个数+2的进程数
1.获取nginx的配置文件,并改名为.j2后缀的文件存放在templates目录下

[root@ansible data]# mv nginx.conf /data/yaml/templates/nginx.conf.j2 

2.获取cpu个数的变量

[root@ansible data]# ansible 192.168.73.134 -m setup | grep cpu
        "ansible_processor_vcpus": 1,  #此为定义cpu的变量

3.修改模板文件

[root@ansible data]# vim yaml/templates/nginx.conf.j2 
worker_processes {{ansible_processor_vcpus+2}};  #此行定义了线程数,改为变量代替

4.在playbook中引用模板

[root@ansible yaml]# vim nginx.yml 

---
#install nginx
- hosts: webserver
  remote_user: root

  tasks:
    - name: package
      yum: name=nginx
    - name: config
      template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
      notify: restart service
    - name: service
      service: name=nginx state=started enabled=yes

  handlers:
    - name: restart service
      service: name=nginx state=restarted

5.执行playbook

[root@ansible yaml]# ansible-playbook nginx.yml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [package] **************************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [config] ***************************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [service] **************************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

RUNNING HANDLER [restart service] *******************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=5    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=2    unreachable=0    failed=0   

验证:

[root@ansible yaml]# ansible webserver -a 'cat /etc/nginx/nginx.conf | grep work'
192.168.73.135 | CHANGED | rc=0 >>
worker_processes 3;
    worker_connections 1024;

192.168.73.134 | CHANGED | rc=0 >>
worker_processes 3;
    worker_connections 1024;

示例2:
修改模板中的端口

    server {
        listen       {{port}} default_server; 将此处的端口改为变量
        listen       [::]:80 default_server;

修改主机文件定义port

[webserver]
192.168.73.134 port=80
192.168.73.135 port=8080

重新执行yaml

[root@ansible yaml]# ansible-playbook nginx.yml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [package] **************************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [config] ***************************************************************************************************
ok: [192.168.73.134]
changed: [192.168.73.135]

TASK [service] **************************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

RUNNING HANDLER [restart service] *******************************************************************************
changed: [192.168.73.135]

PLAY RECAP ******************************************************************************************************
192.168.73.134             : ok=4    changed=0    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=2    unreachable=0    failed=0

校验

[root@ansible yaml]# ansible webserver -a 'ss -tnl |grep 80'
192.168.73.134 | CHANGED | rc=0 >>
LISTEN     0      128          *:80                       *:*                  
LISTEN     0      128         :::80                      :::*                  

192.168.73.135 | CHANGED | rc=0 >>
LISTEN     0      128          *:8080                     *:*                  
LISTEN     0      128         :::80                      :::*  

playbook中的流控制

when

when测试条件:如果需要根据变量、facts或此前任务的执行结果来作为某task执行与否的前提条件时,需要用到条件测试,通过when语句实现,在task中使用,jinja2语法。
示例:
当系统不同时,httpd的配置文件也不同
1.先查找系统中版本变量

[root@ansible yaml]# ansible webserver -m setup | grep distribution_major_version
        "ansible_distribution_major_version": "6", 
        "ansible_distribution_major_version": "7", 
        "ansible_distribution_major_version": "7", 

2.编写yaml文件

[root@ansible yaml]# vim httpd.yaml
---
#install httpd
  - hosts: webserver
    remote_user: root

    tasks:
      - name: install
        yum: name=httpd
      - name: config
        template: src=httpd6.conf.j2 dest=/etc/httpd/conf/httpd.conf
        when: ansible_distribution_major_version == "6"
        notify: restart service
      - name: config
        template: src=httpd7.conf.j2 dest=/etc/httpd/conf/httpd.conf
        when: ansible_distribution_major_version == "7"
        notify: restart service
      - name: service
        service: name=httpd state=started

    handlers:
      - name: restart service
        service: name=httpd state=restarted

3.修改模板文件

[root@ansible templates]# vi httpd6.conf.j2 
#Listen 12.34.56.78:80
Listen {{port}}

[root@ansible templates]# vi httpd7.conf.j2 
#Listen 12.34.56.78:80
Listen {{port}}

4.执行脚本

[root@ansible yaml]# ansible-playbook  httpd.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [install] **************************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]
changed: [192.168.73.132]

TASK [config] ***************************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [config] ***************************************************************************************************
skipping: [192.168.73.132]
ok: [192.168.73.134]
changed: [192.168.73.135]

TASK [service] **************************************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

RUNNING HANDLER [restart service] *******************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.135]

PLAY RECAP ******************************************************************************************************
192.168.73.132             : ok=5    changed=4    unreachable=0    failed=0   
192.168.73.134             : ok=4    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=4    unreachable=0    failed=0 

with_items

迭代:当有需要重负行执行的任务时,可以使用迭代机制
对迭代项的引用,固定变量名为"item"
要在task中使用with_items给定要迭代的元素列表
列表格式:字符串、字典

示例:
创建多个文件
aaa.log
bbb.log
ccc.log

1.创建剧本

[root@ansible yaml]# vim file.yaml
---
#touch file
- hosts: webserver
  remote_user: root

  tasks:
    - name: touch file
      file: name=/data/{{item}}.log state=touch
      with_items:
        - aaa
        - bbb
        - ccc              

2.执行

[root@ansible yaml]# ansible-playbook  file.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [touch file] ***********************************************************************************************
changed: [192.168.73.132] => (item=aaa)
changed: [192.168.73.134] => (item=aaa)
changed: [192.168.73.135] => (item=aaa)
changed: [192.168.73.132] => (item=bbb)
changed: [192.168.73.134] => (item=bbb)
changed: [192.168.73.135] => (item=bbb)
changed: [192.168.73.132] => (item=ccc)
changed: [192.168.73.135] => (item=ccc)
changed: [192.168.73.134] => (item=ccc)

PLAY RECAP ******************************************************************************************************
192.168.73.132             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0   

校验:

[root@ansible yaml]# ansible webserver -a 'ls /data' 
192.168.73.132 | CHANGED | rc=0 >>
aaa.log
bbb.log
ccc.log
lost+found

示例:
创建不同的用户:
1.创建yaml文件

[root@ansible yaml]# vim createuser.yml
---
#createuser
- hosts: webserver
  remote_user: root

  tasks:
    - name: create user
      user: name={{item}}
      with_items:
        - alice
        - bob
        - clack            

2.执行

[root@ansible yaml]# ansible-playbook createuser.yml

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [create user] **********************************************************************************************
changed: [192.168.73.135] => (item=alice)
changed: [192.168.73.134] => (item=alice)
changed: [192.168.73.132] => (item=alice)
changed: [192.168.73.132] => (item=bob)
changed: [192.168.73.135] => (item=bob)
changed: [192.168.73.134] => (item=bob)
changed: [192.168.73.132] => (item=clack)
changed: [192.168.73.134] => (item=clack)
changed: [192.168.73.135] => (item=clack)

PLAY RECAP ******************************************************************************************************
192.168.73.132             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0 

3.校验

[root@ansible yaml]# ansible webserver -a 'getent passwd | tail -3'
192.168.73.132 | CHANGED | rc=0 >>
alice:x:500:500::/home/alice:/bin/bash
bob:x:501:501::/home/bob:/bin/bash
clack:x:502:502::/home/clack:/bin/bash

192.168.73.135 | CHANGED | rc=0 >>
alice:x:3307:3307::/home/alice:/bin/bash
bob:x:3308:3308::/home/bob:/bin/bash
clack:x:3309:3309::/home/clack:/bin/bash

192.168.73.134 | CHANGED | rc=0 >>
alice:x:3307:3307::/home/alice:/bin/bash
bob:x:3308:3308::/home/bob:/bin/bash
clack:x:3309:3309::/home/clack:/bin/bash

创建组和用户的对应关系
将用户名和组名做字典对应

[root@ansible yaml]# vim usergroup.yaml
---
- hosts: webserver
  remote_user: root

  tasks:
    - name: create group
      group: name={{item}}
      with_items:
        - agroup
        - bgroup
        - cgroup
    - name: create user
      user: name={{item.name}} group={{item.group}}
      with_item:
        - { name: "aaa",group: "agroup"}
        - { name: "bbb",group: "bgroup"}
        - { name: "ccc",group: "cgroup"}

执行脚本:

[root@ansible yaml]# ansible-playbook usergroup.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [create group] *********************************************************************************************
changed: [192.168.73.132] => (item=agroup)
changed: [192.168.73.134] => (item=agroup)
changed: [192.168.73.135] => (item=agroup)
changed: [192.168.73.132] => (item=bgroup)
changed: [192.168.73.135] => (item=bgroup)
changed: [192.168.73.134] => (item=bgroup)
changed: [192.168.73.132] => (item=cgroup)
changed: [192.168.73.135] => (item=cgroup)
changed: [192.168.73.134] => (item=cgroup)

TASK [create user] **********************************************************************************************
changed: [192.168.73.134] => (item={u'group': u'agroup', u'name': u'aaa'})
changed: [192.168.73.132] => (item={u'group': u'agroup', u'name': u'aaa'})
changed: [192.168.73.135] => (item={u'group': u'agroup', u'name': u'aaa'})
changed: [192.168.73.132] => (item={u'group': u'bgroup', u'name': u'bbb'})
changed: [192.168.73.135] => (item={u'group': u'bgroup', u'name': u'bbb'})
changed: [192.168.73.134] => (item={u'group': u'bgroup', u'name': u'bbb'})
changed: [192.168.73.132] => (item={u'group': u'cgroup', u'name': u'ccc'})
changed: [192.168.73.134] => (item={u'group': u'cgroup', u'name': u'ccc'})
changed: [192.168.73.135] => (item={u'group': u'cgroup', u'name': u'ccc'})

PLAY RECAP ******************************************************************************************************
192.168.73.132             : ok=3    changed=2    unreachable=0    failed=0   
192.168.73.134             : ok=3    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=3    changed=2    unreachable=0    failed=0 

校验:

[root@ansible yaml]# ansible webserver -a 'id aaa'
192.168.73.132 | CHANGED | rc=0 >>
uid=503(aaa) gid=503(agroup) groups=503(agroup)

192.168.73.134 | CHANGED | rc=0 >>
uid=3310(aaa) gid=3310(agroup) groups=3310(agroup)

192.168.73.135 | CHANGED | rc=0 >>
uid=3310(aaa) gid=3310(agroup) groups=3310(agroup)

template中的for

生成以下文件内容:

server{
        listen 81
        server_name www.a.com
        root /app/websitea/    
}
server{
        listen 82
        server_name www.a.com
        root /app/websitea/    
}
server{
        listen 83
        server_name www.a.com
        root /app/websitea/    
}

1.创建模板文件

[root@ansible yaml]# vim templates/test1.j2
{%for i in test_ports %}
server {
        listen {{i}}
        server_name www.a.com
        root /app/websitea
}

{%endfor%}

2.创建yaml文件

[root@ansible yaml]# vim test1.yaml

---
- hosts: webserver
  remote_user: root
  vars:
    test_ports:
      - 81
      - 82
      - 83

  tasks:
    - name: tempate
      template: src=test1.j2 dest=/data/test.conf
~                                                      

3.执行脚本

[root@ansible yaml]# ansible-playbook test1.yaml

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [tempate] **************************************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.132             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0 

校验:

[root@mylinuxops ~]# cat /data/test.conf 
server {
    listen 81
    server_name www.a.com
    root /app/websitea
}

server {
    listen 82
    server_name www.a.com
    root /app/websitea
}

server {
    listen 83
    server_name www.a.com
    root /app/websitea
}

示例2:
生成以下文件:

server{
        listen 81
        server_name www.a.com
        root /app/websitea    
}
server{
        listen 82
        server_name www.b.com
        root /app/websiteb    
}
server{
        listen 83
        server_name www.a.com
        root /app/websitec    
}

使用字典绑定
1.修改模板:

[root@ansible yaml]# vim templates/test1.j2 

{%for i in vhosts %}
server {
        listen {{i.port}}
        server_name {{i.name}}
        root {{i.dir}}
}

{%endfor%}

2.修改剧本

[root@ansible yaml]# vim test1.yaml 

---
- hosts: webserver
  remote_user: root
  vars:
    vhosts:
      - web1:
        port: 81
        name: www.a.com
        dir: /data/websitea
      - web2:
        port: 82
        name: www.b.com
        dir: /data/websiteb
      - web3:
        port: 83
        name: www.c.com
        dir: /data/websitec

  tasks:
    - name: tempate
      template: src=test1.j2 dest=/data/test2.conf

3.执行脚本

[root@ansible yaml]# ansible-playbook test1.yaml

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [tempate] **************************************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.132             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0 

4.校验

[root@web2 data]# vi test2.conf 

server {
        listen 81
        server_name www.a.com
        root /data/websitea
}

server {
        listen 82
        server_name www.b.com
        root /data/websiteb
}

server {
        listen 83
        server_name www.c.com
        root /data/websitec
}

template中的if

if可以判断变量是否定义,定了就引用,若是没有定义则不引用

示例:
1.修改模板

[root@ansible yaml]# vim templates/test1.j2 

{%for i in vhosts %}
server {
        listen {{i.port}}
{%if i.name is defined %}
        server_name {{i.name}}
{%endif%}
        root {{i.dir}}
}

{%endfor%}

2.修改yaml

[root@ansible yaml]# vim test1.yaml 

---
- hosts: webserver
  remote_user: root
  vars:
    vhosts:
      - web1:
        port: 81
        #name: www.a.com        #将name注释,此时变相没有设定,将不引用
        dir: /data/websitea
      - web2:
        port: 82
        #name: www.b.com
        dir: /data/websiteb
      - web3:
        port: 83
        name: www.c.com
        dir: /data/websitec

  tasks:
    - name: tempate
      template: src=test1.j2 dest=/data/test2.conf

执行剧本

[root@ansible yaml]# ansible-playbook test1.yaml 

PLAY [webserver] ************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [tempate] **************************************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP ******************************************************************************************************
192.168.73.132             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.134             : ok=2    changed=1    unreachable=0    failed=0   
192.168.73.135             : ok=2    changed=1    unreachable=0    failed=0 

验证

[root@ansible yaml]# ansible webserver -a "cat /data/test2.conf"
192.168.73.132 | CHANGED | rc=0 >>
server {
    listen 81
    root /data/websitea
}

server {
    listen 82
    root /data/websiteb
}

server {
    listen 83
    server_name www.c.com
    root /data/websitec
}

ansible的roles
roles用于层次性、结构化地组织playbook。roles能够更具层次结构自动装载变量文件,task以及handlers等。要使用roles只需要在playbook中使用include指令即可,简单来讲,roles就是通过分别将变量、文件、任务、模板以及处理器放置于单独的目录中,并可以便捷地include他们的一种机制。角色一般用于基于主机构建服务的场景中,但也可以时用于构建守护进程等守护场景中。
roles就是按照不同的分类和功能进行目录化,模块化,能够实现代码的符合使用。

roles的目录结构
每个角色都有特定的层级目录结构进行组织
roles目录结构及作用

playbook.yml
roles/            
└──project/           #项目名称
   ├──tasks/          #定义task,role的基本元素,至少包含一个名为main.yml的文件
   ├──files/          #存放由copy或script模块等需要模板文件的目录
   ├──vars/           #定义变量,至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含
   ├──templates/      #template模块查找所需要模板文件的目录
   ├──handlers/       #至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含
   ├──default/        #设定默认变量时使用此目录中的main.yml文件(不常用)
   └──meta/           #定义当前角色的特殊设定及其依赖关系,至少应该包含一个名为main.yml的文件,其它文件需在此文件中通过include进行包含(不常用)

role的创建步骤:
1.创建以roles命名的目录
2.在roles目录中分别创建以各角色命名的目录
3.在每个角色命名的目录中分别创建files、handlers、meta、tasks、templates和vars目录;用不到的目录可以创建为空目录,也可以不创建
4.在playbook文件中,调用各角色

示例:
创建httpd的角色
1.创建相应的目录结构

[root@ansible data]# mkdir -pv roles/httpd/{templates,tasks,files,vars,handlers}
mkdir: created directory ‘roles’
mkdir: created directory ‘roles/httpd’
mkdir: created directory ‘roles/httpd/templates’
mkdir: created directory ‘roles/httpd/tasks’
mkdir: created directory ‘roles/httpd/files’
mkdir: created directory ‘roles/httpd/vars’
mkdir: created directory ‘roles/httpd/handlers’

2.创建所需的task

[root@ansible data]# vim roles/httpd/tasks/install.yaml
- name: install httpd
  yum: name=httpd

[root@ansible data]# vim roles/httpd/tasks/config.yaml
- name: config
  copy: src=httpd.conf dest=/etc/httpd.conf

[root@ansible data]# vim roles/httpd/tasks/html.yaml
- name: index.html
  copy: src=index.html dest=/var/www/html

[root@ansible data]# vim roles/httpd/tasks/service.yaml
- name: service start
  service: name=httpd state=started

3.创建task的执行顺序文件

[root@ansible data]# vim roles/httpd/tasks/main.yaml
- include: install.yaml
- include: config.yaml
- include: html.yaml
- include: service.yaml
~                         

4.将所需要用到的配置文件放至file目录下,对配置文件稍做修改

[root@ansible data]# cp /etc/httpd/conf/httpd.conf /data/roles/httpd/files/
[root@ansible data]# vim roles/httpd/files/httpd.conf
Listen 8080

5.在file目录下创建,index.html文件

[root@ansible data]# echo "

welcome to mylinuxops.com

" > roles/httpd/files/index.html

6.创建playbook调用文件。

[root@ansible data]# vim httpd.yaml
---
#install httpd
- hosts: webserver

  roles:
    - role: httpd

7.测试检查

[root@ansible data]# ansible-playbook -C httpd.yaml 

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [httpd : install httpd] ***********************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [httpd : config] ******************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [httpd : index.html] **************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [httpd : service start] ***********************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=5    changed=4    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=4    unreachable=0    failed=0  

8.执行playbook

[root@ansible data]# ansible-playbook  httpd.yaml 

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [httpd : install httpd] ***********************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [httpd : config] ******************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [httpd : index.html] **************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [httpd : service start] ***********************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=5    changed=4    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=4    unreachable=0    failed=0   

9.验证

[root@ansible data]# curl 192.168.73.134:8080

welcome to mylinuxops.com

[root@ansible data]# curl 192.168.73.135:8080

welcome to mylinuxops.com

roles中使用template模板
创建Nginx角色
1.创建相应的角色目录

[root@ansible data]# mkdir -pv roles/nginx/{tasks,templates,files,vars,handlers}
mkdir: created directory ‘roles/nginx’
mkdir: created directory ‘roles/nginx/tasks’
mkdir: created directory ‘roles/nginx/templates’
mkdir: created directory ‘roles/nginx/files’
mkdir: created directory ‘roles/nginx/vars’
mkdir: created directory ‘roles/nginx/handlers’

2.将模板文件放入templates目录中,并对模板进行修改

[root@ansible data]# cp /etc/nginx/nginx.conf /data/roles/nginx/templates/nginx.conf.j2
[root@ansible data]# vim /data/roles/nginx/templates/nginx.conf.j2
    server {
        listen       {{port}} default_server;             #此处使用变量代替端口号
        listen       [::]:{{port}} default_server;        #此处使用变量代替端口号

3.在vars目录中创建变量的定义文件

[root@ansible data]# vim /data/roles/nginx/vars/main.yaml
port: 9527

4.在tasks目录下创建各task

[root@ansible data]# vim roles/nginx/tasks/install.yaml
- name: install
  yum: name=nginx

[root@ansible data]# vim roles/nginx/tasks/config.yaml
- name: config
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf

[root@ansible data]# vim roles/nginx/tasks/html.yaml
- name: html
  copy: src=roles/httpd/files/index.html dest=/usr/share/nginx/html/index.html

[root@ansible data]# vim roles/nginx/tasks/service.yaml
- name: service
  service: name=nginx state=started

5.在tasks目录下创建执行顺序文件main.yaml

[root@ansible data]# vim roles/nginx/tasks/main.yaml
- include: install.yaml
- include: config.yaml
- include: html.yaml
- include: service.yaml

6.创建roles调用目录

[root@ansible data]# vim nginx.yaml
---
#install nginx
  - hosts: webserver

    roles:
      - role: nginx

7.测试检查

[root@ansible data]# ansible-playbook -C  nginx.yaml
 [WARNING]: Found variable using reserved name: port

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [nginx : install] *****************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : config] ******************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : html] ********************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : service] *****************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=5    changed=4    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=4    unreachable=0    failed=0   

8.执行playbook

[root@ansible data]# ansible-playbook   nginx.yaml
 [WARNING]: Found variable using reserved name: port

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : config] ******************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : html] ********************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : service] *****************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=5    changed=4    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=4    unreachable=0    failed=0   

9.验证

[root@ansible data]# curl 192.168.73.134:9527

welcome to mylinuxops.com

[root@ansible data]# curl 192.168.73.135:9527

welcome to mylinuxops.com

在roles中触发hander的使用方法
1.创建在handlers目录下创建handler

[root@ansible data]# vim roles/nginx/handlers/main.yaml
- name: restart service
  service: name=nginx state=restarted

2.在tasks中添加触发条件

[root@ansible data]# vim roles/nginx/tasks/config.yaml 
- name: config
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
  notify: restart service

3.对变量稍作修改

[root@ansible data]# vim roles/nginx/vars/main.yaml 
port: 1234

4.检查测试

[root@ansible data]# ansible-playbook -C  nginx.yaml
 [WARNING]: Found variable using reserved name: port

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [nginx : config] ******************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : html] ********************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : service] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

RUNNING HANDLER [nginx : restart service] **********************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=6    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=6    changed=2    unreachable=0    failed=0   

5.执行playbook

[root@ansible data]# ansible-playbook  nginx.yaml
 [WARNING]: Found variable using reserved name: port

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : config] ******************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : html] ********************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : service] *****************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

RUNNING HANDLER [nginx : restart service] **********************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=6    changed=2    unreachable=0    failed=0   
192.168.73.135             : ok=6    changed=2    unreachable=0    failed=0   

6.验证

[root@ansible data]# curl 192.168.73.134:1234

welcome to mylinuxops.com

[root@ansible data]# curl 192.168.73.135:1234

welcome to mylinuxops.com

在role中使用条件判断when
此处以httpd的角色加以修改,将其实现在centos6和centos7上使用不同的配置文件
192.168.73.132为1台centos6主机
1.将httpd2.2的配置文件存放至file目录下

[root@ansible data]# cp ~/httpd6.conf roles/httpd/files/httpd6.conf 

2.在tasks目录下添加centos6的task

[root@ansible data]# vim roles/httpd/tasks/config6.yaml

- name: config6
  copy: src=httpd6.conf dest=/etc/httpd/conf/httpd.conf

3.修改tasks目录下main.yaml的执行次序,加入条件判断

[root@ansible data]# vim roles/httpd/tasks/main.yaml 
- include: install.yaml
- include: config.yaml
  when: ansible_distribution_major_version == "7"
  notify: restart service
- include: config6.yaml
  when: ansible_distribution_major_version == "6"
  notfiy: restart service
- include: html.yaml
- include: service.yaml
~                       

4.在handlers目录下加入handler

[root@ansible data]# vim roles/httpd/handlers/main.yaml
- name: restart service
  service: name=httpd state=restarted

5.检查测试

[root@ansible data]# ansible-playbook -C httpd.yaml 
[DEPRECATION WARNING]: Specifying include variables at the top-level of the task is deprecated. Please see: 
https://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse   for currently 
supported syntax regarding included files and variables. This feature will be removed in version 2.12. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [httpd : install httpd] ***********************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [httpd : config] ******************************************************************************************
skipping: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [httpd : config6] *****************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [httpd : index.html] **************************************************************************************
changed: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [httpd : service start] ***********************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=5    changed=1    unreachable=0    failed=0   
192.168.73.134             : ok=5    changed=0    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=0    unreachable=0    failed=0   

6.执行playbook

[root@ansible data]# ansible-playbook  httpd.yaml 
[DEPRECATION WARNING]: Specifying include variables at the top-level of the task is deprecated. Please see: 
https://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse   for currently 
supported syntax regarding included files and variables. This feature will be removed in version 2.12. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [httpd : install httpd] ***********************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [httpd : config] ******************************************************************************************
skipping: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [httpd : config6] *****************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [httpd : index.html] **************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : service start] ***********************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=5    changed=1    unreachable=0    failed=0   
192.168.73.134             : ok=5    changed=0    unreachable=0    failed=0   
192.168.73.135             : ok=5    changed=0    unreachable=0    failed=0   

7.校验

[root@ansible data]# curl 192.168.73.132:9527

welcome to mylinuxops.com

也可以将条件判断放在role调用中,实现根据条件来执行不同的role
实现centos7安装nginx,centos6安装http

[root@ansible data]# vim web.yaml
---
#intsall web
- hosts: webserver

  roles:
    - role: nginx
      when: ansible_distribution_major_version == "7"
    - role: httpd
      when: ansible_distribution_major_version == "6"

检查测试

[root@ansible data]# ansible-playbook -C  web.yaml
[DEPRECATION WARNING]: Specifying include variables at the top-level of the task is deprecated. Please see: 
https://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse   for currently 
supported syntax regarding included files and variables. This feature will be removed in version 2.12. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
 [WARNING]: Found variable using reserved name: port

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : config] ******************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : html] ********************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : service] *****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [httpd : install httpd] ***********************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : config] ******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
skipping: [192.168.73.132]

TASK [httpd : config6] *****************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : index.html] **************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [httpd : service start] ***********************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

RUNNING HANDLER [nginx : restart service] **********************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=5    changed=3    unreachable=0    failed=0   
192.168.73.134             : ok=6    changed=5    unreachable=0    failed=0   
192.168.73.135             : ok=6    changed=5    unreachable=0    failed=0   

执行playbook

[root@ansible data]# ansible-playbook  web.yaml
[DEPRECATION WARNING]: Specifying include variables at the top-level of the task is deprecated. Please see: 
https://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse   for currently 
supported syntax regarding included files and variables. This feature will be removed in version 2.12. 
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
 [WARNING]: Found variable using reserved name: port

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : config] ******************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : html] ********************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : service] *****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [httpd : install httpd] ***********************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : config] ******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
skipping: [192.168.73.132]

TASK [httpd : config6] *****************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : index.html] **************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [httpd : service start] ***********************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

RUNNING HANDLER [nginx : restart service] **********************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=5    changed=3    unreachable=0    failed=0   
192.168.73.134             : ok=6    changed=5    unreachable=0    failed=0   
192.168.73.135             : ok=6    changed=5    unreachable=0    failed=0   

在roles的调用中也可以使用tags标签来实现按需调用

[root@ansible data]# vim web.yaml
---
#intsall web
- hosts: webserver

  roles:
    - role: nginx
      when: ansible_distribution_major_version == "7"
      tags: web1
    - role: httpd
      when: ansible_distribution_major_version == "6"
      tags: web2

练习:
建立memcache角色,将内存的1/4当缓存使用
1.创建角色目录

[root@ansible data]# mkdir -pv roles/memcadhed/{templates,tasks,vars}
mkdir: created directory ‘roles/memcadhed’
mkdir: created directory ‘roles/memcadhed/templates’
mkdir: created directory ‘roles/memcadhed/tasks’
mkdir: created directory ‘roles/memcadhed/vars’

2.安装memeche获取配置文件

[root@ansible data]# yum install memcached -y
[root@ansible data]# cp /etc/sysconfig/memcached roles/memcadhed/templates/memcached.j2

3.修改模板文件

[root@ansible data]# vim roles/memcadhed/templates/memcached.j2
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="{{ansible_memtotal_mb//4}}"  #缓存大小使用系统内置变量
OPTIONS=""

4.在tasks目录下创建各task

[root@ansible data]# vim roles/memcadhed/tasks/install.yaml
- name: install
  yum: name=memcached

[root@ansible data]# vim roles/memcadhed/tasks/config.yaml
- name: config
  template: src=memcached.j2 dest=/etc/sysconfig/memcached

[root@ansible data]# vim roles/memcadhed/tasks/service.yaml
- name: service
  service: name=memcached state=started

5.在tasks目录下创建执行顺序文件

[root@ansible data]# vim roles/memcadhed/tasks/main.yaml

- include: install.yaml
- include: config.yaml
- include: service.yaml

6.创建调用role文件

[root@ansible data]# vim memcached.yaml
---
# install memcached
- hosts: webserver

  roles:
    - role: memcached

7.测试

[root@ansible data]# ansible-playbook -C memcached.yaml 

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [memcached : install] *************************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [memcached : config] **************************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [memcached : service] *************************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=4    changed=3    unreachable=0    failed=0   
192.168.73.134             : ok=4    changed=3    unreachable=0    failed=0   
192.168.73.135             : ok=4    changed=3    unreachable=0    failed=0   

执行roles

[root@ansible data]# ansible-playbook memcached.yaml 

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [memcached : install] *************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]
changed: [192.168.73.132]

TASK [memcached : config] **************************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [memcached : service] *************************************************************************************
changed: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=4    changed=3    unreachable=0    failed=0   
192.168.73.134             : ok=4    changed=3    unreachable=0    failed=0   
192.168.73.135             : ok=4    changed=3    unreachable=0    failed=0   

练习:
使用ansible在centos6主机上部署ntp服务,centos7上部署chrony
1.分别创建ntp和chrony角色目录

[root@ansible data]# mkdir -pv roles/{ntpd,chrony}/{templates,tasks,vars,files,handlers}
mkdir: created directory ‘roles/ntpd’
mkdir: created directory ‘roles/ntpd/templates’
mkdir: created directory ‘roles/ntpd/tasks’
mkdir: created directory ‘roles/ntpd/vars’
mkdir: created directory ‘roles/ntpd/files’
mkdir: created directory ‘roles/ntpd/handlers’
mkdir: created directory ‘roles/chrony’
mkdir: created directory ‘roles/chrony/templates’
mkdir: created directory ‘roles/chrony/tasks’
mkdir: created directory ‘roles/chrony/vars’
mkdir: created directory ‘roles/chrony/files’
mkdir: created directory ‘roles/chrony/handlers’

2.准备ntpd配置文件
2.1对ntp配置文件修改

[root@CentOS6 ~]# vim /etc/ntp.conf 
restrict default kod nomodify
restrict 192.168.73.0 mask 255.255.255.0 nomodify notrap
server 172.22.0.1 iburst

2.2将ntp配置文件存放至role相关目录下

[root@ansible data]# mv ntp.conf roles/ntpd/files/

3.准备chrony配置文件
3.1修改配置文件

[root@ansible data]# vim /etc/chrony.conf 
server 192.168.73.132 iburst

3.2将chrony配置文件存放至role相关目录下

[root@ansible data]# cp /etc/chrony.conf roles/chrony/files/

4.创建ntpd的tasks

[root@ansible data]# vim roles/ntpd/tasks/install.yaml
- name: install
  yum: name=ntp

[root@ansible data]# vim roles/ntpd/tasks/config.yaml
- name: config
  copy: src=ntp.conf dest=/etc/ntp.conf
  notify: restart service

[root@ansible data]# vim roles/ntpd/tasks/service.yaml
- name: service
  service: name=ntpd state=started

[root@ansible data]# vim roles/ntpd/tasks/main.yaml
- include: install.yaml
- include: config.yaml
- include: service.yaml

5.创建ntpd的handler

[root@ansible data]# vim roles/ntpd/handlers/main.yaml
- name: restart service
  service: name=ntpd state=restarted

6.创建chrony的tasks

[root@ansible data]# vim roles/chrony/tasks/install.yaml
- name: install
  yum: name=chrony

  [root@ansible data]# vim roles/chrony/tasks/config.yaml
- name: config
  copy: src=chrony.conf dest=/etc/chrony.conf
  notify: restart service

[root@ansible data]# vim roles/chrony/tasks/service.yaml
- name: service
  service: name=chronyd state=started

[root@ansible data]# vim roles/chrony/tasks/main.yaml
- include: install.yaml
- include: config.yaml
- include: service.yaml

7.创建chrony的handler

[root@ansible data]# vim roles/chrony/handlers/main.yaml
- name: restart service
  service: name=chronyd state=restarted

8.创建带条件判断的role调用剧本

[root@ansible data]# vim roles_time.yaml

---
#install ntp chorny
- hosts: webserver
  roles:
    - role: ntpd
      when: ansible_distribution_major_version == "6"
    - role: chrony
      when: ansible_distribution_major_version == "7"

9.测试

[root@ansible data]# ansible-playbook -C roles_time.yaml 

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [ntpd : install] ******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [ntpd : config] *******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [ntpd : service] ******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [chrony : install] ****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [chrony : config] *****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [chrony : service] ****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

RUNNING HANDLER [ntpd : restart service] ***********************************************************************
skipping: [192.168.73.135]
skipping: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=4    changed=1    unreachable=0    failed=0   
192.168.73.134             : ok=4    changed=3    unreachable=0    failed=0   
192.168.73.135             : ok=4    changed=3    unreachable=0    failed=0   

10.执行

[root@ansible data]# ansible-playbook  roles_time.yaml 

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [ntpd : install] ******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [ntpd : config] *******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [ntpd : service] ******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [chrony : install] ****************************************************************************************
skipping: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [chrony : config] *****************************************************************************************
skipping: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [chrony : service] ****************************************************************************************
skipping: [192.168.73.132]
ok: [192.168.73.134]
changed: [192.168.73.135]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=4    changed=0    unreachable=0    failed=0   
192.168.73.134             : ok=4    changed=0    unreachable=0    failed=0   
192.168.73.135             : ok=4    changed=1    unreachable=0    failed=0