ansible的playbook 常用的模块例子

1 copy 复制文件到远端并且备份

1
2
3
4
5
6
7
8
9
10
11
12
13
---
- name: a copy test
hosts: servera
become: yes
tasks:
- name: task 1
copy:
src: /tmp/testa
dest: /tmp/testa
owner: apache
group: apache
mode: 0755
backup: yes

2 file 建立文件或者文件夹

1
2
3
4
5
6
7
8
9
10
11
12
---
- name: this is file module
hosts: servera
become: yes
tasks:
- name: file module, create a file name testdir
file:
path: /tmp/testdira
state: directory
owner: ansible
group: ansible
mode: 700

3 lineinfile 替换文件内容

3.1 如果文件存在

1
2
3
4
5
6
7
8
9
10
11
12
13
---
- name: lineinfile test
hosts: servera
become: yes
tasks:
- name: task 3 lineinfile
lineinfile:
dest: /tmp/sam
regexp: 'this'
line: 'hello world'
owner: root
group: root
mode: 0644

3.2 文件不存在 (使用present和create, 变量用引号和大括号 ““)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
---
- name: variables test
hosts: servera
become: yes
vars:
word: sam
tasks:
- name : this is a test
lineinfile:
path: /tmp/testaa
line: 'hello "{{ word }}"'
state: present
create: yes
register: result
- name: debug
debug:
var: result

4 shell 命令使用

1
2
3
4
5
6
7
8
9
10
11
---
- name: Shell command
hosts: servera
become: yes
tasks:
- name: shell test
shell: 'cat /tmp/sam'
register: result
- name: debug
debug:
var: result

5 stat 检查文件是否存在

1
2
3
4
5
6
7
8
9
10
11
12
---
- name: stat to check if file there
hosts: servera
become: yes
tasks:
- name: stat command
stat:
path: /tmp/lee
register: result
- name: debug
debug:
var: result

6 setup 获取系统信息

1
2
3
4
5
6
7
8
9
10
11
---
- name: setup module
hosts: servera
become: yes
tasks:
- name: task setup
setup:
register: result
- name: debug
debug:
var: result

7 setup 配合filter获取主机信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@workstation ansible]# ansible servera -m setup -a "filter=ansible_default_ipv4"
servera | SUCCESS => {
"ansible_facts": {
"ansible_default_ipv4": {
"address": "172.25.250.10",
"alias": "eth0",
"broadcast": "172.25.250.255",
"gateway": "172.25.250.254",
"interface": "eth0",
"macaddress": "52:54:00:00:fa:0a",
"mtu": 1500,
"netmask": "255.255.255.0",
"network": "172.25.250.0",
"type": "ether"
}
},
"changed": false
}

8 Template使用 (建立.j2的template, )

8.1 建立 template 档案

1
2
# vim playbooks/template_hello.j2
Hello "{{ sam_veriable }}"

8.2 导入template并使用

1
2
3
4
5
6
7
8
9
10
11
---
- name: template test
hosts: servera
become: yes
vars:
sam_veriable: "Sam"
tasks:
- name: start
template:
src: template_hello.j2
dest: /tmp/template_hello

8.3 直接更改参数

1
# ansible-playbook playbooks/template_hello.yml -e "sam_veriable=good"

9 loop的使用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
---
- name: myloop
hosts: servera
become: true
tasks:
- name: install files
yum:
name: "{{ item }}"
state: present
register: result
loop:
- httpd
- ipmitool
#with_items:
# - httpd
# - ipmitool
- name: debug
debug:
var: result

10 vault的使用

10.1 建立加密文件. 这要求输入密码

1
# ansible-vault create playbooks/crypttests.yml

10.2 编辑加密文件. 要求输入密码

1
2
# ansible-vault edit playbooks/crypttests.yml
Vault password:

10.3 更改密码.

1
# ansible-vault rekey playbooks/crypttests.yml

10.4 对文件加密

1
# ansible-vault encrypt playbooks/crypttests.yml

10.5 对文件解密

1
# ansible-vault decrypt playbooks/crypttests.yml

10.6 查看文件

1
# ansible-vault view playbooks/crypt.yml

11 非0状态继续执行, 使用ignore_errors

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
---
- name: ignore copy error
hosts: servera
become: yes
tasks:
- name: copy file to dest
copy:
src: /tmp/notify-null
dest: /tmp/nofity
owner: ansible
group: ansible
mode: 0644
ignore_errors: true
register: result
- name: ping node
ping:
- name: debug
debug:
var: result

12 notify使用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
---
- name: notify test
hosts: servera
become: yes
tasks:
- name: copy a file
copy:
src: /tmp/notify
dest: /tmp/notify
owner: ansible
group: ansible
mode: 0755
notify:
- echo ok
handlers:
- name: echo ok
shell: 'echo ok >/tmp/ok'

13 tag 使用

13.1 编辑

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
---
- name: production
hosts: production
become: yes
tasks:
- name: ping production
ping:
tags: production

- name: backup
hosts: backup
become: yes
tasks:
- name: ping backup
ping:
tags: backup

13.2 执行

1
# ansible-playbook playbooks/mytags.yml -t production

14 block 和rescue (block里面不能使用ignore_errors)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
---
- name: inaccess
hosts: all
become: yes
tasks:
- name: block strcuture
block:
- name: block copy
get_url:
url: http://materials/inaccess.html
dest: /var/www/html/inaccess.html
rescue:
- lineinfile:
path: /var/www/html/inaccess.html
line: 'I did not have access to the url'
create: yes

15 when, register 条件运行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
---
- name: selectively update files
hosts: all
become: yes
tasks:
- name: check if there file there
shell: 'ls /etc/ansible_abort.txt'
ignore_errors: yes
register: result
- name: create a file
lineinfile:
path: /etc/ansible_abort.txt
line: 'my node is also {{ ansible_hostname }}'
create: yes
when:
result.rc != 0

16 安装role (role 是在galaxy里面使用)

16.1 编写galaxy_install.yml文件

1
2
3
---
- src: http://materials/do407fun.tar.gz
name: examfun

16.2 安装role (安装的路径需要ansible.cfg写明 roles_path = /home/ansible/playbooks/roles)

1
ansible-galaxy install -r playbooks/galaxy_install.yml

17 配置log路径

1
log_path= /home/ansible/logs-ansible.log

18 when 和debug使用(加速可以停用 gather_facts: no)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
---
- name: test debug info
hosts: servera
become: yes
gather_facts: no
tasks:
- name: retrive host name
shell: hostname
register: result
- name: for debug stdout 3
debug:
msg: 'result.stdout "{{ result.stdout }}"'
- name: when test
file:
path: /tmp/nogood
state: touch
when: result.stdout == "servera.lab.example.com"

19 如何使用ignore_errors 和register (这两个是针对模块或者命令的,所以应该与之平齐)

1
2
3
4
5
6
7
8
9
10
11
12
---
- name: check error
hosts: servera
become: yes
tasks:
- name: ignore error
lineinfile:
path: '/tmp/this'
state: present
line: "good day"
ignore_errors: yes
register: result

20 gather_facts 注意事项(不要设置为no 如果需要setup模块的变量如 ansible_hostname)

1
gather_facts: yes

21 创建LVM

1
2
3
4
5
# pvcreate /dev/vda2
# vgcreate new_vol_group /dev/vda1
# lvcreate -L2G -n new_logical_volume new_vol_group
# gfs_mkfs -plock_nolock -j 1 /dev/new_vol_group/new_logical_volume
# mkfs.xfs /dev/new_vol_group/new_logical_volume

22 改password

1
2
3
4
5
[root@workstation ansible]# ansible-vault rekey --ask-vault-pass playbook/crypt.yml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful

23 修改command shell 返回值

1
2
3
4
5
6
7
8
tasks:
- name: run this command and ignore the result
shell: /usr/bin/somecommand || /bin/true

tasks:
- name: run this command and ignore the result
shell: /usr/bin/somecommand
ignore_errors: True

24 ansible 安装galaxy role

24.1 从galaxy直接安装

1
- src: yatesr.timezone

24.2 从指定路径上面获取

1
- src: https://github.com/bennojoy/nginx

24.3 从指定路径安装并安装为指定名字

1
2
- src: https://github.com/bennojoy/nginx
name: vagrant

25 使用 rhsm_repository 模块

1
2
3
4
5
6
7
8
- name: Enable a RHSM repository
rhsm_repository:
name: rhel-7-server-rpms

- name: Disable all RHSM repositories
rhsm_repository:
name: '*'
state: disabled

26 使用 redhat_subscription 模块注册系统,并加入对应的pool

1
2
3
4
5
6
7
- name: register RHEL
redhat_subscription:
state: present
username: rhn-support-xili
password: changeme
pool_ids: 8a85f99c6c8b9588016c8be0f1b50ec1
force_register: yes