Ansible
作用
ansible是新出現的自動化運維工具,基於Python開發,實現了批量系統配置、批量程序部署、批量運行命令等功能。
特性
1.no agent: 不需要在被管控主機上安裝任何軟件
2.no server: 無服務器端,使用時直接運行命令即可
3.modules in any languages:基於模塊工作,可使用任意語言開發模塊,
4.使用yaml語言定製劇本playbook
5.ssh by default:基於SSH工作
優點
(1)、輕量級,無需在客戶端安裝agent,更新時,只需在操作機上進行一次更新即可;
(2)、批量任務執行可以寫成腳本,而且不用分發到遠程就可以執行;
(3)、使用python編寫,維護更簡單,ruby語法過於複雜;
Ansible的安裝部署:
方法一:在線安裝(EPEL源)
方法二:自己製作本地yum源
[root@master ~]# yum install -y ansible
ansible的配置文件:
[root@master ~]# rpm -qc ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts #主機清單Inventory文件
寫法1:
node1.ansible.com
node2.ansible.com
192.168.1.1
寫法2:以組的方式
[webserver]
192.168.10.1
192.168.10.2
[dbserver]
192.168.20.1
192.168.20.2
ansible模塊
語法格式:
# ansible <PATTERN> -m <module_name> -a <arguments>
PATTERN的寫法:
某一個主機組的名稱 web
所有主機 all
寫IP地址或主機名
one.example.com
one.example.com:two.example.com >>>支持寫多個主機名,不同的主機名間使用冒號":"隔開
192.168.1.50
192.168.1.* >>>支持通配符
'webservers:!phoenix' >>>對屬於webservers組中的主機,但不屬於phoenix組的主機
"webservers:&phoenix" >>>對同時屬於webservers和phoenix組中的主機進行操作
正則表達式, 必須以~開頭
~(web|db).*\.example\.com
查看ansible支持的模塊
[root@master ~]# ansible-doc -l
查看模塊支持的參數
[root@master ~]# ansible-doc <模塊名稱>
[root@master ~]# ansible-doc ping
ansible模塊的說明:
[root@master ~]# ansible <pattern> -m <module_name> [-a <arguments>]
1、ping
檢測被管理端是否在線
[root@master ~]# ansible test -m ping
192.168.87.102 | SUCCESS => {
"changed": false,
"ping": "pong"
}
2、command
在被管理端執行命令不支持重定向,管道,默認模塊
[root@master ~]# ansible test -m command -a 'uptime'
192.168.87.102 | SUCCESS | rc=0 >>
19:02:25 up 1:02, 3 users, load average: 0.00, 0.00, 0.00
[root@master ~]# ansible test -m command -a 'date'
192.168.87.102 | SUCCESS | rc=0 >>
Fri Dec 2 19:02:43 CST 2016
[root@master ~]# ansible test -m command -a 'touch /tmp/aa.txt'
192.168.87.102 | SUCCESS | rc=0 >>
[root@master ~]# ansible test -m command -a 'ls /tmp'
192.168.87.102 | SUCCESS | rc=0 >>
aa.txt
ansible_Rp0Uws
yum.log
[root@master ~]# ansible test -a "ls /tmp"
192.168.87.102 | SUCCESS | rc=0 >>
aa.txt
ansible_SaISP7
yum.log
參數: chdir=<Directory>
[root@master ~]# ansible test -m command -a "chdir=/tmp ls ./"
192.168.87.102 | SUCCESS | rc=0 >>
aa.txt
ansible_zYCyTU
yum.log
3、shell
在被管理端執行命令 支持重定向,管道
[root@master ~]# ansible test -m shell -a 'echo "hello ansible" > /tmp/bb.txt'
192.168.87.102 | SUCCESS | rc=0 >>
[root@master ~]# ansible test -m shell -a "ls /tmp"
192.168.87.102 | SUCCESS | rc=0 >>
aa.txt
ansible_D4YLv4
bb.txt
yum.log
參數:
chdir=<Directory>
[root@master ~]# ansible test -m shell -a "chdir=/tmp ls ./"
192.168.87.102 | SUCCESS | rc=0 >>
aa.txt
ansible_0umV5w
bb.txt
yum.log
4.copy模塊
拷貝ansible管理端的文件到遠程主機的指定位置
常見參數有:
dest= 指明拷貝文件的目標目錄位置,使用絕對路徑,如果源是目錄,則目標也要是目錄,如果目標文件已存在,會覆蓋原有內容
src= 指明本地路徑下的某個文件,可以使用相對路徑和絕對路徑,支持直接指定目錄,如果源是目錄,則目標也要是目錄
mode= 指明覆制時,目標文件的權限
owner= 指明覆制時,目標文件的屬主
group= 指明覆制時,目標文件的屬組
content= 指明覆制到目標主機上的內容,不能與src一起使用,相當於複製content指明的數據,到目標文件中
[root@master ~]# ansible test -m copy -a "src=/etc/hosts dest=/tmp"
192.168.87.102 | SUCCESS => {
"changed": true,
"checksum": "7335999eb54c15c67566186bdfc46f64e0d5a1aa",
"dest": "/tmp/hosts",
"gid": 0,
"group": "root",
"md5sum": "54fb6627dbaa37721048e4549db3224d",
"mode": "0644",
"owner": "root",
"size": 158,
"src": "/root/.ansible/tmp/ansible-tmp-1480678980.74-146396715953485/source",
"state": "file",
"uid": 0
}
[root@master ~]# ansible test -m copy -a "src=/etc/passwd dest=/tmp mode=600 owner=nobody group=nobody"
192.168.87.102 | SUCCESS => {
"changed": true,
"checksum": "aa66816b64b79345d60de19b642cc7e62020038f",
"dest": "/tmp/passwd",
"gid": 99,
"group": "nobody",
"md5sum": "d97afe1f271c470a54f1f0763f97ba81",
"mode": "0600",
"owner": "nobody",
"size": 947,
"src": "/root/.ansible/tmp/ansible-tmp-1480679085.29-206165455771870/source",
"state": "file",
"uid": 99
}
[root@master ~]# ansible test -m copy -a 'content="hello linux" dest=/tmp/cc.txt mode=600'
192.168.87.102 | SUCCESS => {
"changed": true,
"checksum": "223ce1d650508823f9dd51d8cb4b527ad3d03ca7",
"dest": "/tmp/cc.txt",
"gid": 0,
"group": "root",
"md5sum": "c5fe55563f6ea61e2b28be7c8a5835c2",
"mode": "0600",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1480679297.69-177631978154126/source",
"state": "file",
"uid": 0
}
5.fetch模塊
從遠程主機拉取文件到本地,一般情況下,只會從一個遠程節點拉取數據
常見參數:
dest= 從遠程主機上拉取的文件存放在本地的位置,一般只能是目錄
src= 指明遠程主機上要拉取的文件,只能是文件,不能是目錄
[root@master ~]# ansible test -m fetch -a 'src=/etc/passwd dest=/tmp'
192.168.87.102 | SUCCESS => {
"changed": true,
"checksum": "974b44c114ecbd71bdee11e09a9bc14c9b0395bd",
"dest": "/tmp/192.168.87.102/etc/passwd",
"md5sum": "01d72332a8d9737631212995fe1494f4",
"remote_checksum": "974b44c114ecbd71bdee11e09a9bc14c9b0395bd",
"remote_md5sum": null
}
6.cron模塊
管理計劃任務的模塊
常見參數有:
minute= 指明計劃任務的分鐘,支持格式:0-59,,/2等,與正常cron任務定義的一樣的語法,省略時,默認爲,也就是每分鐘都執行
hour= 指明計劃任務的小時,支持的語法:0-23,,/2等,省略時,默認爲,也就是每小時都執行
day= 指明計劃任務的天,支持的語法:1-31,,/2等,省略時,默認爲,也就是每天都執行
month= 指明計劃任務的月,支持的語法爲:1-12,,/2等,省略時,默認爲,也就是每月都執行
weekday= 指明計劃任務的星期幾,支持的語法爲:0-6,等,省略時,默認爲,也就是每星期幾都執行
reboot 指明計劃任務執行的時間爲每次重啓之後
name= 給該計劃任務取個名稱,必須要給明。每個任務的名稱不能一樣。
job= 執行的任務是什麼,當state=present時纔有意義
state=present|absent 表示這個任務是創建還是刪除,present表示創建,absent表示刪除,默認是present
[root@master ~]# ansible test -m cron -a 'minute=*/5 name=Ajob job="/usr/sbin/ntpdate 172.16.8.100 &> /dev/null" state=present'
192.168.87.102 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"Ajob"
]
}
[root@master ~]# ansible test -m shell -a 'crontab -l'
192.168.87.102 | SUCCESS | rc=0 >>
#Ansible: Ajob
*/5 * * * * /usr/sbin/ntpdate 172.16.8.100 &> /dev/null
[root@master ~]# ansible test -m cron -a 'minute=*/5 name=Ajob job="/usr/sbin/ntpdate 172.16.8.100 &> /dev/null" state=absent'
192.168.87.102 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": []
}
7.file模塊
用於設定遠程主機上的文件屬性
常見參數有:
path= 指明對哪個文件修改其屬性
src= 指明path=指明的文件是軟鏈接文件,其對應的源文件是誰,必須要在state=link時纔有用
state=directory|link|absent 表示創建的文件是目錄還是軟鏈接
owner= 指明文件的屬主
group= 指明文件的屬組
mode= 指明文件的權限
創建軟鏈接的用法:
src= path= state=link
修改文件屬性的用法:
path= owner= mode= group=
創建目錄的用法:
path= state=directory
刪除文件:
path= state=absent
[root@ansible etc]# ansible testsrv -m file -a "path=/tmp/1.txt mode=600 owner=root group=nobody"
[root@ansible ~]# ansible testsrv -m file -a "path=/tmp/bb mode=777 recurse=yes"
創建軟連接
[root@master ~]# ansible test -m file -a 'src=/etc/passwd path=/tmp/passwd.link state=link'
192.168.87.102 | SUCCESS => {
"changed": true,
"dest": "/tmp/passwd.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 11,
"src": "/etc/passwd",
"state": "link",
"uid": 0
}
刪除文件
[root@master ~]# ansible test -m file -a 'path=/tmp/cc.txt state=absent'
192.168.87.102 | SUCCESS => {
"changed": true,
"path": "/tmp/cc.txt",
"state": "absent"
}
修改文件屬性
[root@master ~]# ansible test -m file -a 'path=/tmp/bb.txt mode=700 owner=root group=nobody'
192.168.87.102 | SUCCESS => {
"changed": true,
"gid": 99,
"group": "nobody",
"mode": "0700",
"owner": "root",
"path": "/tmp/bb.txt",
"size": 14,
"state": "file",
"uid": 0
}
[root@master ~]# ansible test -m shell -a 'ls -l /tmp/bb.txt'
192.168.87.102 | SUCCESS | rc=0 >>
-rwx------ 1 root nobody 14 Dec 2 2016 /tmp/bb.txt
創建目錄
[root@master ~]# ansible test -m file -a 'path=/tmp/bj state=directory'
192.168.87.102 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/bj",
"size": 4096,
"state": "directory",
"uid": 0
}
刪除目錄
[root@master ~]# ansible test -m file -a 'path=/tmp/bj state=absent'
192.168.87.102 | SUCCESS => {
"changed": true,
"path": "/tmp/bj",
"state": "absent"
}
[root@master ~]# ansible test -m shell -a 'ls -l /tmp'
192.168.87.102 | SUCCESS | rc=0 >>
total 16
-rw-r--r-- 1 root root 0 Dec 2 2016 aa.txt
drwx------ 2 root root 4096 Dec 2 13:41 ansible_twMJYb
-rwx------ 1 root nobody 14 Dec 2 2016 bb.txt
-rw-r--r-- 1 root root 158 Dec 2 2016 hosts
-rw------- 1 nobody nobody 947 Dec 2 2016 passwd
lrwxrwxrwx 1 root root 11 Dec 2 13:35 passwd.link -> /etc/passwd
-rw------- 1 root root 0 Dec 2 00:58 yum.log
8.hostname模塊
管理遠程主機上的主機名
常用參數有
name= 指明主機名
[root@master ~]# ansible test -m shell -a 'hostname'
192.168.87.102 | SUCCESS | rc=0 >>
node1.ansible.com
[root@master ~]# ansible test -m hostname -a 'name=node2.ansible.com'
192.168.87.102 | SUCCESS => {
"ansible_facts": {
"ansible_domain": "ansible.com",
"ansible_fqdn": "node2.ansible.com",
"ansible_hostname": "node2",
"ansible_nodename": "node2.ansible.com"
},
"changed": true,
"name": "node2.ansible.com"
}
9.yum模塊
基於yum機制,對遠程主機管理程序包
常用參數有:
name= 指明程序包的名稱,可以帶上版本號,不指明版本,就是默認最新版本
name=httpd
name=httpd-2.2.15
state=present|lastest|absent 指明對程序包執行的操作,present表示安裝程序包,latest表示安裝最新版本的程序包,absent表示卸載程序包
disablerepo= 在用yum安裝時,臨時禁用某個倉庫,倉庫的ID
enablerepo= 在用yum安裝時,臨時啓用某個倉庫,倉庫的ID
conf_file= 指明yum運行時採用哪個配置文件,而不是使用默認的配置文件
disable_gpg_check=yes|no 是否啓用gpg-check
卸載軟件包:
[root@master ~]# ansible test -m yum -a 'name=httpd state=absent'
[root@master ~]# ansible test -m shell -a 'rpm -q httpd'
安裝軟件包:
[root@master ~]# ansible test -m yum -a 'name=httpd state=present'
[root@ansible ~]# ansible 192.168.122.102 -m yum -a "name=ftp state=present disablerepo=zabbix"
10、service模塊
用來管理遠程主機上的服務的模塊
常見參數有:
name= 被管理的服務名稱(/etc/init.d)
state=started|stopped|restarted 表示啓動或關閉或重啓
enabled=yes|no 表示要不要設定該服務開機自啓動
runlevel= 如果設定了enabled開機自動啓動,則要定義在哪些運行級別下自動啓動
[root@master ~]# ansible test -m service -a 'name=nginx state=started'
192.168.87.102 | SUCCESS => {
"changed": true,
"name": "nginx",
"state": "started"
}
[root@master ~]# ansible test -m shell -a 'service nginx status'
192.168.87.102 | SUCCESS | rc=0 >>
nginx (pid 4054) is running...
[root@master ~]# ansible test -m service -a 'name=nginx state=stopped'
192.168.87.102 | SUCCESS => {
"changed": true,
"name": "nginx",
"state": "stopped"
}
[root@master ~]# ansible test -m shell -a 'service nginx status'
192.168.87.102 | FAILED | rc=3 >>
nginx is stopped
[root@master ~]# ansible test -m service -a 'name=nginx state=started enabled=yes runlevel=2345'
192.168.87.102 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "nginx",
"state": "started"
}
[root@master ~]# ansible test -m shell -a 'chkconfig --list nginx'
192.168.87.102 | SUCCESS | rc=0 >>
nginx 0:off 1:off 2:on 3:on 4:on 5:on 6:off
11.url模塊
如果遠端是web服務器,可以利用ansible直接請求某個網頁
常見參數有:
url= 指明請求的url的路徑,如:http://10.1.32.68/test.jpg
user= 如果請求的url需要認證,則認證的用戶名是什麼
password= 如果請求的url需要認證,則認證的密碼是什麼
method= 指明請求的方法,如GET、POST, PUT, DELETE, HEAD
[root@master ~]# ansible test -m uri -a 'url=http://192.168.87.102/index.html'
192.168.87.102 | SUCCESS => {
"accept_ranges": "bytes",
"changed": false,
"connection": "close",
"content_length": "612",
"content_type": "text/html",
"date": "Fri, 02 Dec 2016 06:31:58 GMT",
"etag": "\"571f8501-264\"",
"last_modified": "Tue, 26 Apr 2016 15:10:57 GMT",
"msg": "OK (612 bytes)",
"redirected": false,
"server": "nginx/1.10.0",
"status": 200,
"url": "http://192.168.87.102/index.html"
}
12.group模塊
用來添加或刪除遠端主機的用戶組
常見參數有:
name= 被管理的組名
state=present|absent 是添加還是刪除,不指名默認爲添加
gid= 指明GID
system=yes|no 是否爲系統組
[root@master ~]# ansible test -m group -a 'name=hr gid=2000 state=present'
192.168.87.102 | SUCCESS => {
"changed": true,
"gid": 2000,
"name": "hr",
"state": "present",
"system": false
}
[root@master ~]# ansible test -m shell -a 'tail -1 /etc/group'
192.168.87.102 | SUCCESS | rc=0 >>
hr:x:2000:
13.user模塊
管理遠程主機上的用戶的賬號
常見參數有:
name= 指明要管理的賬號名稱
state=present|absent 指明是創建賬號還是刪除賬號,present表示創建,absent表示刪除
system=yes|no 指明是否爲系統賬號
uid= 指明用戶UID
group= 指明用戶的基本組
groups= 指明用戶的附加組
shell= 指明默認的shell
home= 指明用戶的家目錄
move_home=yes|no 當home設定了家目錄,如果要創建的家目錄已存在,是否將已存在的家目錄進行移動
password= 指明用戶的密碼,最好使用加密好的字符串
comment= 指明用戶的註釋信息
remove=yes|no 當state=absent時,也就是刪除用戶時,是否要刪除用戶的而家目錄
[root@master ~]# ansible test -m user -a 'name=martin group=hr groups=shichang uid=500 shell=/bin/bash home=/home/martin comment="martin user"'
192.168.87.102 | SUCCESS => {
"changed": true,
"comment": "martin user",
"createhome": true,
"group": 2000,
"groups": "shichang",
"home": "/home/martin",
"name": "martin",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 500
}
[root@master ~]# ansible test -m shell -a 'grep "martin:" /etc/passwd'
192.168.87.102 | SUCCESS | rc=0 >>
martin:x:500:2000:martin user:/home/martin:/bin/bash
[root@master ~]# ansible test -m user -a 'name=martin state=absent remove=yes'
192.168.87.102 | SUCCESS => {
"changed": true,
"force": false,
"name": "martin",
"remove": true,
"state": "absent"
}
14.script模塊
將管理端的某個腳本,移動到遠端主機(不需要指明傳遞到遠端主機的哪個路徑下,系統會自動移動,然後執行),
一般是自動移動到遠端主機的/root/.ansible/tmp目錄下,然後自動給予其權限,然後再開個子shell然後運行腳本,運行完成後刪除腳本
測試腳本
[root@master ~]# ansible test -m script -a '/root/1.sh'
192.168.87.102 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "",
"stdout": "",
"stdout_lines": []
}
15.setup模塊
可收集遠程主機的facts變量的信息,相當於收集了目標主機的相關信息(如內核版本、操作系統信息、cpu、…),保存在ansible的內置變量中,之後我們有需要用到時,直接調用變量即可
[root@master ~]# ansible test -m setup
192.168.87.102 | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.87.102"
],
"ansible_all_ipv6_addresses": [
"fe80::20c:29ff:fe0c:5ab9"
],
"ansible_architecture": "x86_64",
"ansible_bios_date": "05/20/2014",
"ansible_bios_version": "6.00",
unarchive 解壓模塊
- name: Extract foo.tgz into /var/lib/foo
unarchive:
src: foo.tgz
dest: /var/lib/foo
- name: Unarchive a file that is already on the remote machine
unarchive:
src: /tmp/foo.zip
dest: /usr/local/bin
remote_src: yes
- name: Unarchive a file that needs to be downloaded (added in 2.0)
unarchive:
src: https://example.com/example.zip
dest: /usr/local/bin
remote_src: yes
- name: Unarchive a file with extra options
unarchive:
src: /tmp/foo.zip
dest: /usr/local/bin
extra_opts:
- --transform
- s/^xxx/yyy/
劇本 playbook
以.yml結尾的文件,遵循yaml語法
示例01:
[root@ansible ~]# cat /etc/ansible/test.yml
- hosts: testsrv
user: root
tasks:
- name: touch a new file
shell: touch /tmp/1.mp3
執行劇本
[root@ansible ~]# ansible-playbook /etc/ansible/test.yml
[root@ansible ~]# cat /etc/ansible/user.yml
- hosts: testsrv
user: root
gather_facts: false
tasks:
- name: create nginx user
user: name=nginx shell=/sbin/nologin state=present
示例02:
# playbook在執行時,默認會獲取被管理端的fact變量,可以通過在playbook文件中使用"gather_facts: false"禁止該行爲
[root@ansible ~]# cat /etc/ansible/user.yml
- hosts: testsrv
user: root
gather_facts: false
tasks:
- name: create nginx user
user: name=nginx shell=/sbin/nologin state=present
示例03:部署mariadb-server數據庫
[root@ansible ~]# cat /etc/ansible/mysql.yml
- hosts: testsrv
user: root
tasks:
- name: install mariadb
yum: name=mariadb-server state=present
- name: copy config file
copy: src=/tmp/my.cnf dest=/etc/my.cnf
- name: start mysql daemon
service: name=mariadb state=started enabled=yes
在playbook使用變量
示例01:在Playbook中定義變量
[root@ansible ansible]# cat user02.yml
- hosts: testsrv
user: root
vars:
- username: "mike"
tasks:
- name: create mike
user: name={{ username }}
示例02:在/etc/ansible/hosts文件中定義
[root@ansible ansible]# cat /etc/ansible/hosts
[testsrv]
192.168.122.102 username="tom"
192.168.122.103 username="jerry"
[root@ansible ansible]# cat user03.yml
- hosts: testsrv
user: root
tasks:
- name: create user
user: name={{ username }} state=present
示例03:爲主機組定義變量
[testsrv:vars]
software="bind"
[root@ansible ansible]# cat a.yml
- hosts: testsrv
user: root
gather_facts: false
tasks:
- name: install software
yum: name={{ software }} state=present
在playbook使用條件判斷 : when
[root@ansible ansible]# cat b.yml
- hosts: testsrv
user: root
vars:
- name01: "user01"
- name02: "user02"
tasks:
- name: create user01
user: name={{ name01 }} state=present
when: ansible_hostname == "agent01"
- name: create user02
user: name={{ name02 }} state=present
when: ansible_hostname == "node02"
with_items實現循環
示例01:通過列表的方式爲item賦值
[root@ansible ansible]# cat c.yml
- hosts: testsrv
user: root
tasks:
- name: change file permission
file: path=/tmp/{{ item }} owner=nobody group=nobody mode=777
with_items:
- 1.txt
- 2.txt
示例02:通過字典的方式爲item賦值
[root@ansible ansible]# cat d.yml
- hosts: testsrv
user: root
tasks:
- name: create user
user: name={{ item["username"] }} uid={{ item["userid"] }} shell=/sbin/nologin
with_items:
- {"username":"user03","userid":3000}
- {"username":"user04","userid":4000}
handlers組件
用於定義當某個條件觸發時,執行的操作
應用場景用於當配置文件改動時,服務自動重啓
示例01:
[root@ansible ~]# cat /etc/ansible/http.yml
- hosts: testsrv
user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: copy httpd config file
copy: src=/tmp/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started enabled=yes
handlers:
- name: restart httpd
service: name=httpd state=reloaded
template模塊
只能應用於Playbook中
應用場景用於配置文件Jinja模板,實現變量替換
建議準備Jinja配置文件時,文件名稱以.j2結尾,以區分普通文件
[root@ansible ~]# cat /etc/ansible/http.yml
- hosts: testsrv
user: root
tasks:
- name: install httpd
yum: name=httpd state=present
- name: copy httpd config file
template: src=/tmp/httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started enabled=yes
handlers:
- name: restart httpd
service: name=httpd state=reloaded
# httpd.conf.j2部分內容如下:
[root@ansible ~]# grep "Listen" /tmp/httpd.conf.j2
Listen {{ ansible_all_ipv4_addresses[1] }}:9999
角色 role
創建角色目錄:
/etc/ansible/roles/角色目錄
default 保存角色默認變量
files 保存普通文件
handlers 保存handlers
tasks 保存任務,必須要有一個名稱爲main.yml
templates 保存Jinja模塊
meta 保存資源間的依賴關係
vars 保存變量
子目錄間的文件,可以不加目錄名稱任意調用
示例01:
1、創建角色
[root@ansible ansible]# mkdir /etc/ansible/roles/http
[root@ansible ansible]# mkdir /etc/ansible/roles/http/{tasks,templates,handlers}
[root@ansible ansible]# cat /etc/ansible/roles/http/tasks/main.yml
- name: install httpd
yum: name=httpd state=present
- name: copy httpd config file
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start httpd
service: name=httpd state=started enabled=yes
[root@ansible ansible]# cat /etc/ansible/roles/http/handlers/main.yml
- name: restart httpd
service: name=httpd state=reloaded
[root@ansible ansible]# ls /etc/ansible/roles/http/templates/
httpd.conf.j2
[root@ansible ansible]# tree /etc/ansible/roles/http/
/etc/ansible/roles/http/
├── handlers
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
└── httpd.conf.j2
3 directories, 3 files
2、使用角色
[root@ansible ansible]# cat /etc/ansible/http.yml
- hosts: testsrv
user: root
roles:
- http
[root@ansible tasks]# ansible-playbook /etc/ansible/http.yml
# 第二種寫法
[root@ansible tasks]# tree /etc/ansible/roles/http/
/etc/ansible/roles/http/
├── handlers
│ └── main.yml
├── tasks
│ ├── config.yml
│ ├── install.yml
│ ├── main.yml
│ └── start.yml
└── templates
└── httpd.conf.j2
[root@ansible tasks]# cat /etc/ansible/roles/http/tasks/install.yml
- name: install httpd
yum: name=httpd state=present
[root@ansible tasks]# cat /etc/ansible/roles/http/tasks/config.yml
- name: copy httpd config file
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
[root@ansible tasks]# cat /etc/ansible/roles/http/tasks/start.yml
- name: start httpd
service: name=httpd state=started enabled=yes
[root@ansible tasks]# cat /etc/ansible/roles/http/tasks/main.yml
- include: install.yml
- include: config.yml
- include: start.yml