2026年5月15日
`知识点回顾`
1.vars变量介绍
重复的值设置为变量,方便使用易于维护
2.变量定义
1)play中定义
vars:
- 变量1:
- 变量2:
变量:
- c参数
- a参数
2)文件中定义
play调用
vars_file:
- 变量file
3)主机清单中定义
[组:vars]
变量=值
4)命令行中定义
ansible-playbook xxx.yum -e 变量=值
5)官方推荐方式定义
创建两个文件
group_vars #存放组变量
host_vars #存放主机变量
3.内置变量
查看内置变量
ansible web01 -m setup
使用变量
- hosts
tasks
file
path: {{ 变量名 }}
4.变量注册
作用将执行结果存起来下次用
register
- hosts:
tasks:
- name:
command: nginx t
register: pk
- name:
debug:
msg: {{ pk }}
5.取消默认检查系统信息
No
6.when 判断
when 判断物 is macth ok
when 判断物 is search ok
when 判断物 == ok
when 判断物 is macth ok and when 判断物 ...
when 判断物 is macth ok or when ...
7.handlers触发器
noitry 判断
handlers 触发
8.loop循环
loop循环
loop:
- 值
- 值
- {字典}
01.流程控制了解项
1.任务标签
playbook任务标签
默认情况下,Ansible在执行一个playbook时,会执行playbook中定义的所有任务,Ansible的标签(tag)功能可以给单独任务甚至整个playbook打上标签,然后利用这些标签来指定要运行playbook中的个别任务,或不执行指定的任务。
案例:tags
tags: ng-test #给任务或play打上标签
[root@ansible ansible]# cat test.yml
- hosts: web02
tasks:
- name: configure nginx server
copy:
src: nginx.conf
dest: /etc/nginx/
notify: restart nginx server
- name: nginx check
command: nginx -t
register: ngx
ignore_errors: yes
tags: ng-test #打上标签
- name: start nginx server
systemd:
name: nginx
state: started
handlers:
- name: restart nginx server
systemd:
name: nginx
state: restarted
when: ngx.stderr_lines is search "ok"
[root@ansible ansible]# ansible-playbook test.yml -t ng-test #只执行这个任务
PLAY [web02] ******************************************************************************************
TASK [Gathering Facts] ********************************************************************************
ok: [web02]
TASK [nginx check] ************************************************************************************
changed: [web02]
PLAY RECAP ********************************************************************************************
web02 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2.同时执行多个tasks文件-文件复用
案例:文件复用
include_tasks: test1.yml #引入文件
1.准备两个yml文件
[root@ansible ansible]# cat test1.yml
- name: Install lrzsz
yum:
name: lrzsz
state: present
[root@ansible ansible]# cat test2.yml
- name: create a.txt
file:
path: /root/a.txt
state: touch
2.调用
[root@ansible ansible]# cat test3.yml
- hosts: all
tasks:
- include_tasks: test1.yml
when: ansible_hostname == "web01"
- include_tasks: test2.yml
when: ansible_hostname == "web02"
[root@ansible ansible]# ansible-playbook test3.yml
3.强制调用handlers
force_handlers: yes
作用:剧本中途有任务报错失败,依然强制执行已经被 notify 标记的 handlers。
1.故意失败
[root@ansible ansible]# cat test4.yml
- hosts: web02
tasks:
- name: 强制修改配置(一定触发)
command: echo "changed" >> /etc/nginx/nginx.conf
notify: 重启nginx # 一定触发
- name: 故意失败
command: /bin/false
handlers:
- name: 重启nginx
service: name=nginx state=restarted
[root@ansible ansible]# ansible-playbook test4.yml
结果没触发
RUNNING HANDLER [重启nginx] ***************************************************************************
2.加了 force_handlers: yes
[root@ansible ansible]# cat test4.yml
- hosts: web02
force_handlers: yes #只有这次会真正生效
tasks:
- name: 强制修改配置(一定触发)
command: echo "changed" >> /etc/nginx/nginx.conf
notify: 重启nginx # 一定触发
- name: 故意失败
command: /bin/false
handlers:
- name: 重启nginx
service: name=nginx state=restarted
[root@ansible ansible]# ansible-playbook test4.yml
成功触发
RUNNING HANDLER [重启nginx] ***************************************************************************
changed: [web02]
4.抑制change
changed_when: false
作用:将执行某些命令黄色修改绿色
[root@ansible ansible]# cat test.yml
- hosts: web02
tasks:
- name: configure nginx server
copy:
src: nginx.conf
dest: /etc/nginx/
notify: restart nginx server
- name: nginx check
command: nginx -t
register: ngx
ignore_errors: yes
tags: ng-test
changed_when: false #抑制chengewhen
- name: start nginx server
systemd:
name: nginx
state: started
handlers:
- name: restart nginx server
systemd:
name: nginx
state: restarted
when: ngx.stderr_lines is search "ok"
02.roles
1.jinja2模版
默认ansible变量只在tasks任务生效、文件是不生效的
[root@ansible ansible]# cat test1.yml
- hosts: web02
vars:
- dir: /data
tasks:
- name: create file
file:
path: /root/{{ ansible_hostname }}
state: touch
- name: carete dir
file:
path: "{{ dir }}"
state: directory
`不生效案例`
1.准备文件
[root@ansible ansible]# cat a.txt
test......
{{ ansible_hostname }}
{{ ansible_default_ipv4.address }}
2.执行tasks
[root@ansible ansible]# cat test1.yml
- hosts: web02
tasks:
- name: create file
copy:
src: a.txt
dest: /root/
[root@ansible ansible]# ansible-playbook test1.yml
3.查看结果
[root@web02 ~]# cat a.txt
test......
{{ ansible_hostname }}
{{ ansible_default_ipv4.address }}
案例1:拷贝a.txt到web01和web02 使用template模块
a.txt拷贝到web01里面内容存放的是 web01 和10.0.0.7 内容
a.txt拷贝到web02里面内容存放的是 web02 和10.0.0.8 内容
template和copy是相同的都是拷贝文件的区别可以解析变量。
[root@ansible ansible]# cat test1.yml
- hosts: webs
vars:
ip: 10.0.0.10
host: webbbbbb
tasks:
- name: create file
template:
src: a.txt
dest: /root/
[root@ansible ansible]# cat a.txt
test......
{{ ansible_hostname }}
{{ ansible_default_ipv4.address }}
{{ ip }}
{{ host }}
[root@ansible ansible]# ansible-playbook test1.yml
#检查结果
[root@web02 ~]# cat a.txt
test......
web02
10.0.0.8
10.0.0.10
webbbbbb
[root@web01 ~]# cat a.txt
test......
web01
10.0.0.7
10.0.0.10
webbbbbb
案例2:通过变量重构backup
1.编写playbook
[root@ansible ansible]# cat b.yml
- hosts: backup
vars:
- r_us: www
- r_p: 873
- r_dir: /data
tasks:
- name: Install Rsync Server
yum:
name: rsync
state: present
- name: configure Rsync Server
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
notify: Restart Rsync Server
loop:
- { src: rsyncd.conf,dest: /etc/,mode: '0644'}
- { src: rsync.pwd,dest: /etc/,mode: '0600'}
- name: create group {{ r_us }}
group:
name: "{{ r_us }}"
gid: 666
- name: create user {{ user }}
user:
name: "{{ r_us }}"
uid: 666
group: "{{ r_us }}"
shell: /sbin/nologin
create_home: false
- name: create dir {{ r_dir }}
file:
path: "{{ r_dir }}"
state: directory
owner: "{{ r_us }}"
group: "{{ r_us }}"
- name: Start Rsyncd server
systemd:
name: rsyncd
state: started
enabled: yes
handlers:
- name: Restart Rsync Server
systemd:
name: rsyncd
state: restarted
2.配置文件使用变量
[root@ansible ansible]# vim rsync.pwd
rsync_backup:123
----------------
[root@ansible ansible]# cat rsyncd.conf
uid = {{ r_us }}
gid = {{ r_us }}
port = {{ r_p }}
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.pwd
log file = /var/log/rsyncd.log
#####################################
[backup]
path = {{ r_dir }}
3.执行
[root@ansible ansible]# ansible-playbook b.yml
4.测试
[root@web02 ~]# rsync -avz /etc/hosts rsync_backup@10.0.0.41::backup
[root@backup ~]# ll /data/
总用量 4
-rw-r--r-- 1 www www 158 6月 23 2020 hosts
2.roles角色
对playbook的重新编排
playbook像杂七杂八的水果放在一起
roles像将水果进行了分类
ansible-galaxy init backup #通过Ansible命令生成roles目录
backup/ # 角色名称(这里是 backup)
├── defaults # 默认变量(优先级最低)
│ └── main.yml
├── files # 静态文件(直接复制) 必用
├── handlers # 触发器(服务重启等) 必用
│ └── main.yml
├── meta # 角色元信息、依赖
│ └── main.yml
├── README.md # 角色说明文档
├── tasks # 核心执行任务(必选) 必选
│ └── main.yml
├── templates # 模板文件(带变量渲染) 必选
├── tests # 角色测试用例
│ ├── inventory
│ └── test.yml
└── vars # 自定义变量(优先级高) 必选
└── main.yml
案例1:使用roles重构backup
#1.恢复快照41
#2.免秘钥
#3.生成roles角色目录
#4.配置tasks 变量 handlers jinja2模版 文件等等
1.生成roles角色目录
[root@ansible ansible]# mkdir roles
[root@ansible ansible]# cd roles/
[root@ansible roles]# ansible-galaxy init backup
- Role backup was created successfully
[root@ansible roles]# tree backup/
[root@ansible backup]# tree ../backup/
[root@ansible backup]# tree ../backup/
../backup/
├── files
│ └── rsync.pwd
├── handlers
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
│ └── rsyncd.conf.j2
└── vars
└── main.yml
2.配置tasks
[root@ansible backup]# cat tasks/main.yml
- name: Install Rsyncd Server
yum:
name: rsync
state: present
- name: Configure Rsync Server
template:
src: rsyncd.conf.j2
dest: /etc/rsyncd.conf
notify: Restart Rsync Server
- name: copy pass to backup
copy:
src: rsync.pwd
dest: /etc/
mode: 0600
- name: Create Group {{ r_us }}
group:
name: "{{ r_us }}"
gid: 666
- name: Create User {{ r_us }}
user:
name: "{{ r_us }}"
uid: 666
group: "{{ r_us }}"
shell: /sbin/nologin
create_home: false
- name: Create {{ r_dir }}
file:
path: "{{ r_dir }}"
owner: "{{ r_us }}"
group: "{{ r_us }}"
state: directory
- name: Start Rsync Server
systemd:
name: rsyncd
state: started
enabled: yes
3.配置jinja2
[root@ansible backup]# cat templates/rsyncd.conf.j2
uid = {{ r_us }}
gid = {{ r_us }}
port = {{ r_p }}
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.pwd
log file = /var/log/rsyncd.log
#####################################
[backup]
path = {{ r_dir }}
4.配置变量vars
[root@ansible backup]# cat vars/main.yml
r_us: www
r_p: 873
r_dir: /backup
5.配置handlers触发器
[root@ansible backup]# cat handlers/main.yml
- name: Restart Rsync Server
systemd:
name: rsyncd
state: restarted
6.配置files
[root@ansible backup]# cat files/rsync.pwd
rsync_backup:123
7.最终使用yml文件来调用角色
[root@ansible roles]# cat site.yml
- hosts: all
roles:
- role: backup
when: ansible_hostname == "backup"
#语法检查-检查整个项目(包括所有 role)
[root@ansible roles]# ansible-playbook --syntax-check site.yml
8.执行测试
[root@ansible roles]# ansible-playbook site.yml
[root@backup ~]# ll /backup/
总用量 4
-rw-r--r-- 1 www www 158 6月 23 2020 hosts
案例2:roles重构NFS服务
步骤:
1.恢复快照31
2.免秘钥
3.roles重构
1.创建roles角色目录
[root@ansible roles]# mkdir nfs
[root@ansible roles]# cd nfs/
[root@ansible nfs]# ls ../backup/|xargs mkdir
[root@ansible nfs]# tree ../nfs/
../nfs/
├── files
├── handlers
├── tasks
├── templates
└── vars
2.编写tasks
[root@ansible nfs]# cat tasks/main.yml
- name: Install NFS Server
yum:
name: nfs-utils
state: present
- name: Configure NFS Server
template:
src: exports.j2
dest: /etc/exports
notify: Restart nfs Server
- name: Group
group:
name: www
gid: 666
- name: user
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
- name: Creage {{ nfs_dir }}
file:
path: "{{ nfs_dir }}"
owner: www
group: www
state: directory
- name: Start NFS Server
systemd:
name: nfs
state: started
enabled: yes
3.配置template
[root@ansible nfs]# cat templates/exports.j2
{{ nfs_dir }} {{ nfs_ip }}(rw,sync,all_squash,anonuid=666,anongid=666)
4.配置vars
[root@ansible nfs]# cat vars/main.yml
nfs_dir: /data
nfs_ip: 172.16.1.0/24
5.配置handlers
[root@ansible nfs]# cat handlers/main.yml
- name: Restart nfs Server
systemd:
name: nfs
state: restarted
6.调用角色
[root@ansible roles]# cat site.yml
- hosts: all
roles:
- role: backup
when: ansible_hostname == "backup"
- role: nfs
when: ansible_hostname == "nfs"
7.语法检查-执行测试
[root@ansible roles]# ansible-playbook --syntax-check site.yml
playbook: site.yml
[root@ansible roles]# ansible-playbook site.yml
案例3:使用roles角色重构WordPress业务
准备文件(已经部署过的wp相关的文件)
[root@ansible roles]# ll nginx.conf a.sql www.conf wp.conf wp.tar.gz
-rw-r--r-- 1 root root 3153476 5月 15 22:07 a.sql
-rw-r--r-- 1 root root 646 5月 15 22:08 nginx.conf
-rw-r--r-- 1 root root 293 5月 15 22:08 wp.conf
-rw-r--r-- 1 root root 24145629 5月 15 22:07 wp.tar.gz
-rw-r--r-- 1 root root 19404 5月 15 22:09 www.conf
1.恢复web02 mysqldb01
2.免密钥
3.重构
[root@ansible web02]# tree ../web02/
../web02/
├── files
├── handlers
├── tasks
├── templates
└── vars
#nginx php 部署
1.写任务,配置nginx仓库安装nginx和php
[root@ansible web02]# cat tasks/main.yml
- name: Configure REPO
yum_repository:
baseurl: https://nginx.org/packages/centos/7/$basearch/
name: nginx
description: EPEL YUM repo
gpgcheck: no
enabled: yes
- name: ntpdate
command: ntpdate ntp1.aliyun.com
- name: Install Nginx PHP Server
yum:
name:
- nginx
- php
- php-bcmath
- php-cli
- php-common
- php-devel
- php-embedded
- php-fpm
- php-gd
- php-intl
- php-mbstring
- php-mysqlnd
- php-opcache
- php-pdo
- php-process
- php-xml
- php-json
state: present
- name: Configure Nginx PHP Server
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: nginx.conf,dest: /etc/nginx/ }
- { src: www.conf,dest: /etc/php-fpm.d/ }
notify: Restart Nginx PHP Server
- name: Create Group www
group:
name: www
gid: 666
- name: Create User www
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
- name: Start Nginx PHP Server
systemd:
name: "{{ item }}"
state: started
enabled: yes
loop:
- nginx
- php-fpm
2.files
[root@ansible roles]# ll web02/files/
总用量 24
-rw-r--r-- 1 root root 646 5月 15 22:27 nginx.conf
-rw-r--r-- 1 root root 19404 5月 15 22:27 www.conf
3.handlers
[root@ansible roles]# cat web02/handlers/main.yml
- name: Restart Nginx PHP Server
systemd:
name: "{{ item }}"
state: restarted
loop:
- nginx
- php-fpm
4.调用
[root@ansible roles]# cat site.yml
- hosts: all
roles:
- role: backup
when: ansible_hostname == "backup"
- role: nfs
when: ansible_hostname == "nfs"
- role: web02
when: ansible_hostname == "web02"
语法检查
[root@ansible roles]# ansible-playbook --syntax-check site.yml
playbook: site.yml
5.执行测试
[root@ansible roles]# ansible-playbook site.yml
#数据库部署
1.恢复快照
2.免密钥
3.重构
[root@ansible ~]# cd ansible/roles/
[root@ansible roles]# mkdir mysql
[root@ansible roles]# cd mysql/
[root@ansible mysql]# ls ../nfs/|xargs mkdir
[root@ansible mysql]# tree ../mysql/
../mysql/
├── files
├── handlers
├── tasks
├── templates
└── vars
1.写tasks
[root@ansible roles]# cat mysql/tasks/main.yml
- name: Install mariadb Server
yum:
name:
- python3-mysqlclient
- mariadb-server
state: present
- name: Start mariadb Server
systemd:
name: mariadb
state: started
enabled: yes
- name: Copy a.sql to 51
copy:
src: a.sql
dest: /root/
- name: import mysql
mysql_db:
name: all
state: import
target: /root/a.sql
login_user: root
- name: Restart mariadb Server
systemd:
name: mariadb
state: restarted
2.files
[root@ansible roles]# ll mysql/files/
总用量 3080
-rw-r--r-- 1 root root 3153476 5月 15 22:43 a.sql
3.调用
[root@ansible roles]# cat site.yml
- hosts: all
roles:
- role: backup
when: ansible_hostname == "backup"
- role: nfs
when: ansible_hostname == "nfs"
- role: web02
when: ansible_hostname == "web02"
- role: mysql
when: asnible_hostnaem == "DB01"
[root@ansible roles]# ansible-playbook --syntax-check site.yml
playbook: site.yml
4.执行测试
[root@ansible roles]# ansible-playbook site.yml
#业务部署
WordPress
1.免秘钥
2.重构
[root@ansible roles]# mkdir wordpress
[root@ansible roles]# cd wordpress/
[root@ansible wordpress]# ls ../nfs/|xargs mkdir
[root@ansible wordpress]# tree ../wordpress/
../wordpress/
├── files
├── handlers
├── tasks
├── templates
└── vars
1.写tasks
[root@ansible roles]# cat wordpress/tasks/main.yml
- name: copy wp.tar.gz
unarchive:
src: wp.tar.gz
dest: /
owner: www
group: www
creates: /code
- name: dele def
file:
path: /etc/nginx/conf.d/default.conf
state: absent
- name: copy server
copy:
src: wp.conf
dest: /etc/nginx/conf.d/
notify: Server nginx
2.files
[root@ansible roles]# ll wordpress/files/
总用量 23580
-rw-r--r-- 1 root root 24145629 5月 15 22:56 wp.tar.gz
3.handlersc
[root@ansible roles]# cat wordpress/handlers/main.yml
- name: Server nginx
systemd:
name: nginx
state: restarted
4.调用
[root@ansible roles]# cat site.yml
- hosts: all
roles:
- role: backup
when: ansible_hostname == "backup"
- role: nfs
when: ansible_hostname == "nfs"
- role: web02
when: ansible_hostname == "web02"
- role: mysql
when: ansible_hostname == "DB01"
- role: wordpress
when: ansible_hostname == "web02"
5.测试
[root@ansible roles]# ansible-playbook site.yml
hosts解析
10.0.0.8 www.wp.com
浏览器访问
www.wp.com
搭建架构时间:
5天时间通过Ansible将二阶段所有服务进行重构
要求: 优秀称为习惯
1.文档(技术文档) 细心、用心做每一件事
正文完