标签:tasks name 运维 ansible hosts playbook root user
1.playbook 简介
ansible的单条使命叫ad-hoc,将多条命令写在一块进行执行叫playbook。
playbook,即剧本,现实中由演员按照剧本表演,在Ansible中,这次由计算机进行表演,由计算机安装,部署应用,提供对外服务,以及组织计算机处理各种各样的事情。
那么为什么要使用 playbook 呢?
执行一些简单的任务,使用命令行模式可以方便的解决问题,但是有时一个设施过于复杂,需要大量的操作时候,执行命令行模式是不适合的,这时最好使用playbook,就像执行shell命令与写shell脚本一样,也可以理解为批处理任务,不过playbook有自己的语法格式。
2.playbook 文件的格式
playbook文件由YAML语言编写。
YAML是一个类似XML、JSON的标记性语言,YAML强调以数据为中心,并不是以标识语言为重点。
YAML语言的特点:
-
大小写敏感
-
使用空格作为嵌套缩进工具,缩进时不允许使用 Tab 键
-
缩进的空格数目不重要,只要相同层级的元素左侧对齐即可
-
使用“-”(横线) + 单个空格:表示单个列表项
-
使用 “:”(冒号) + 空格:表示单个键值对
-
使用"{}"表示一个键值表
playbook文件是通过ansible-playbook命令进行解析的,ansbile-playbook命令会根据自上而下的顺序依次执行playbook文件中的内容。同时,playbook开创了很多特性,它可以允许传输某个命令的状态到后面的指令,它也可以从一台机器的文件中抓取内容并附为变量,然后在另一台机器中使用,这使得playbook可以实现一些复杂的部署机制,这是ansible命令无法实现的。
3.playbook 的组成
playbook是由一个或多个play组成的列表。
play的主要功能在于,将事先合并为一组的主机装扮成事先通过ansible定义好的角色。将多个play组织在一个playbook中就可以让它们联同起来按事先编排的机制完成一系列复杂的任务。
其主要由以下四部分组成:
-
target 部分:定义将要执行
playbook的远程主机组 -
variable 部分:定义
playbook运行时需要使用的变量 -
task 部分:定义将要在远程主机上执行的任务列表
-
handler 部分:定义
task执行完成以后需要调用的任务
4.playbook 各模块示例
4.1.shell 模块
hosts:192.168.250.50
remote_user: root
tasks:
- name: ansible shell
shell: ps -ef|grep sshd&&mkdir /opt/hdp
- name: ansible command
command: touch /opt/hdp/hadoop.txt
4.2.raw 模块
- hosts:192.168.250.50
remote_user: root
tasks:
- name: ansible raw1
raw: ps -ef|grep sshd|awk '{print $2}'>/tmp/ssh.log
- name: ansible raw2
raw: dnf -y install python36-devel
4.3.file 模块
- hosts:192.168.250.50
remote_user: root
tasks:
- name: mkdir cdh directory
file: path=/opt/cdh state=directory mode=0755
- name: chmod bin
file: dest=/opt/bigdata/jdk/bin mode=0755 recurse=yes
- name: link files
file: src=/etc/ssh/sshd_config dest=/mnt/sshd_config owner=sshd state=link
- name: delete files
file: path=/tmp/hadoop.tar.gz state=absent
- name: chown files
file: path=/mnt/syncfile.txt owner=nobody group=nobody mode=0644
4.4.copy 模块
- hosts:192.168.250.50
remote_user: root
gather_facts: false
tasks:
- name: copy and chown
copy: src=/etc/sudoers dest=/mnt/sudoers owner=root group=root mode=440 backup=yes
- name: checking files
copy: src=/etc/sudoers dest=/mnt/sudoers validate='visudo -cf %s'
- name: copy directory
copy: src=/etc/yum/ dest=/mnt/bak owner=hadoop group=hadoop directory_mode=644
4.5.synchronize 模块
- hosts:192.168.250.50
remote_user: root
gather_facts: false
tasks:
- name: synchronize rsync directory
synchronize: src=/usr/share/nginx/modules dest=/mnt/bak1 delete=yes
4.6.unarchive 模块
- hosts:192.168.250.50
remote_user: root
gather_facts: false
tasks:
- name: unarchive spark files
unarchive: src=/src/spark.tar.gz dest=/opt
4.7.service 模块
- hosts:192.168.250.50
remote_user: root
gather_facts: false
tasks:
- name:
service: name=nginx state=restarted enabled=yes
4.8.cron 模块
- hosts:192.168.250.50
remote_user: root
gather_facts: false
tasks:
- name: cron examples
cron: backup=true name=autobackup weekday=6 minute=30 hour=1 user=root job="/home/ixdba/backup.sh"
- name: delete cron
cron: name=autobackup state=absent
4.9.yum 模块
- hosts:192.168.250.50
remote_user: root
gather_facts: false
tasks:
- name: dnf install redis
dnf: name=redis state=latest enablerepo=epel
- name: remove redis
dnf: name=redis state=removed
4.10.user 与 group 模块
- name: create user
hosts:192.168.250.50
user: root
gather_facts: false
tasks:
- name: start createuser
user: name="{{item.value}}" groups=hadoop,wheel
with_items:
- {value: "hadoopuser001"}
- {value: "hadoopuser002"}
4.11.lineinfile 模块
- hosts:192.168.250.50
remote_user: root
tasks:
- lineinfile: dest=/etc/profile insertafter='ulimit(.*)' line="ulimit -c unlimited"
- lineinfile: dest=/etc/profile line="export JAVA_HOME=/usr/jdk"
- lineinfile: dest=/etc/selinux/config regexp='SELINUX=(.*)' line='SELINUX=disabled'
- lineinfile: dest=/etc/resolv.conf regexp='search(.*)' state=absent
4.12.register、set_fact、debug 模块
- hosts:192.168.250.50
remote_user: root
tasks:
- name: hostname command
shell: hostname
register: host_result
- debug: var=host_result.stdout
- debug: 'msg="output: {{host_result.stdout}}"'
- hosts:192.168.250.50
remote_user: root
tasks:
- name: hostname command
shell: hostname
register: host_result
- set_fact: var1="{{host_result.stdout}}"
- set_fact: var2="This is a string"
- debug: var=var1
- debug: var=var2
4.13.delegate_to、connection、和 local_action 模块
- hosts:192.168.250.50
remote_user: root
gather_facts: true
tasks:
- name: connection
shell: echo "connection . {{inventory_hostname}} $(hostname) ." >> /tmp/local.log
connection: local
- name: delegate_to
shell: echo "delegate_to . {{inventory_hostname}} $(hostname) ." >> /tmp/local.log
delegate_to: localhost
- name: local_action
local_action: shell echo "local_action. {{inventory_hostname}} $(hostname)" >> /tmp/local.log
5.playbook 管理主机综合实例
5.1 自动配置 SSH 密钥实例
- hosts: myweb
gather_facts: no
roles:
- roles
tasks:
- name: close ssh yes/no check
lineinfile: path=/etc/ssh/ssh_config regexp='(.*)StrictHostKeyChecking(.*)' line="StrictHostKeyCheck
ing no"
- name: delete /root/.ssh/
file: path=/root/.ssh/ state=absent
- name: create .ssh directory
file: dest=/root/.ssh mode=0600 state=directory
- name: generating local public/private rsa key pair
local_action: shell ssh-keygen -t rsa -b 2048 -N '' -y -f /root/.ssh/id_rsa
- name: view id_rsa.pub
local_action: shell cat /root/.ssh/id_rsa.pub
register: sshinfo
- set_fact: sshpub={{sshinfo.stdout}}
- name: add ssh record
local_action: shell echo {{sshpub}} > {{AnsibleDir}}/roles/templates/authorized_keys.j2
- name: copy authorized_keys.j2 to all
template: src={{AnsibleDir}}/roles/templates/authorized_keys.j2 dest=/root/.ssh/authorized_keys mode=0600
tags:
- install ssh
5.2 自动修改主机名实例
- hosts: myweb
remote_user: root
tasks:
- name: change name
shell: "echo {{hostname}} > /etc/hostname"
- name:
shell: hostname {{hostname|quote}}
5.3 自动优化系统配置实例
- hosts: myweb
remote_user: root
gather_facts: false
tasks:
- name: selinux disabled
lineinfile: dest=/etc/selinux/config regexp='SELINUX=(.*)' line='SELINUX=disabled'
- name:
lineinfile: dest=/etc/security/limits.conf line="{{item.value}}"
with_items:
- {value: "* soft nofile 655360"}
- {value: "* hard nofile 655360"}
- name: disabled iptables and firewalld
shell: systemctl stop firewalld&&systemctl disable firewalld&&iptables -F
- name: cron ntpdate
cron: name=ntpdate minute=*/5 user=root job="source /etc/profile;/usr/sbin/ntpdate -u 172.16.21.1
;/sbin/hwclock -w"
5.4 自动配置主机 hosts 文件实例
- hosts: myweb
remote_user: root
roles:
- roles
tasks:
- name: add localhost
local_action: shell echo "127.0.0.1 localhost" > {{AnsibleDir}}/roles/templates/hosts.j2
run_once: true
- set_fact: ipaddress={{inventory_hostname}}
- set_fact: hostname={{hostname}}
- name: add host record
local_action: shell echo {{ipaddress}} {{hostname}} >> {{AnsibleDir}}/roles/templates/hosts.j2
- name: copy hosts.j2 to all host
template: src={{AnsibleDir}}/roles/templates/hosts.j2 dest=/etc/hosts
5.5 自动安装 JDK 并设置环境变量实例
- hosts: myweb
remote_user: root
roles:
- roles
tasks:
- name: mkdir jdk directory
file: path=/usr/java state=directory mode=0755
- name: copy and unzip jdk
unarchive: src={{AnsibleDir}}/roles/files/jdk1.8.tar.gz dest=/usr/java
- name: delete line
lineinfile: dest=/etc/profile regexp='(.*)JAVA_HOME(.*)' state=absent
- name: set jdk env
lineinfile: dest=/etc/profile line="{{item.value}}" state=present
with_items:
- {value: "export JAVA_HOME=/usr/java/jdk1.8.0_162"}
- {value: "export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar"}
- {value: "export PATH=$JAVA_HOME/bin:$PATH"}
- name: source profile
shell: source /etc/profile
原文地址:https://mp.weixin.qq.com/s/zo9jEuAF8WHm-BUvN635JQ
标签:tasks,name,运维,ansible,hosts,playbook,root,user 来源: https://www.cnblogs.com/hailun1987/p/16586476.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。