目录

Ansible-Tasks

Ansible-with_items

  • 通过with_items进行循环

语法

  • {{ item }}: 为读取with_items的固定写法
  • with_items: 是一个列表,下面可以有多个不同的内容
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
- hosts: test
  remote_user: root
  gather_facts: false
  vars_files: ./public_vars.yaml
  tasks:
    - name: Services Http start
      service: name={{ item }} state=started
      with_items:
        - httpd
        - firewalld

普通写法

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
- hosts: test
  remote_user: root
  gather_facts: false
  vars_files: ./public_vars.yaml
  tasks:
    - name: Set authorized_key in dest hosts
      authorized_key:
        user: root
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
      register: result_auth_info
      tags: authorized_key_hosts
    - name: Install httpd
      yum: name="httpd" state=present
    - name: Services Http start
      service: name={{ item }} state=started
      with_items:
        - httpd
        - firewalld

使用变量的循环写法

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
- hosts: test
  remote_user: root
  gather_facts: true
  tasks:
    - name: Install httpd
      yum: name={{ packages }} state=present
      vars:
        packages:
          - httpd
          - pcre-devel

使用变量字典循环方式批量创建用户

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
- hosts: test
  remote_user: root
  gather_facts: false
  vars_files: ./public_vars.yaml
  tasks:
    - name: Add Users
      user: name={{ item.name }} groups={{ item.groups }} state=present
      with_items:
        - { name: "alex",groups: "test"}
        - { name: "alex1",groups: "test"}

使用变量字典循环拷贝文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
- hosts: test
  remote_user: root
  gather_facts: false
  tasks:
    - name: Add Users
      copy: 
        src: '{{ item.src }}'
        dest: '{{ item.dest }}' 
        mode:  '{{ item.mode }}'
      with_items:
        - { src: "./1.txt", dest: "/tmp", mode: 0644}
        - { src: "./2.txt", dest: "/tmp", mode: 0644}

Ansible-Handlers

  • 通过notify进行监控->通过handlers触发

关于Handler的一些小注意事项

  1. 无论你拥有多少个notify通知相同的handlers,handlers仅仅会在所有tasks正常执行完成后运行一次
  2. 只有tasks发生改变了才会通知handlers,没有改变则不会触发handlers
  3. 不能使用handlers替代tasks,因为handlers是一个特殊的tasks
  4. notify的名称要与handlers的名称一致
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
- hosts: test
  remote_user: root
  gather_facts: false
  tasks:
    - name: Set authorized_key in dest hosts
      authorized_key:
        user: root
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
      register: result_auth_info
      tags: authorized_key_hosts
    - name: Install httpd
      yum: name="httpd" state=present
      notify: Debug Message
      register: install_info
  handlers:
    - name: Debug Message
      debug: 
        msg: '{{install_info}}'

Ansible-Tags

根据playbook中的指定标签的内容进行执行、调试等操作.

  • 对一个tasks指定一个tags标签
  • 对一个tasks指定多个tags标签(真没啥意义,感觉不实用。)
  • 对多个tasks指定一个标签

执行指定Tags标签内容

  • tags: 指定标签名称
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
- hosts: test
  remote_user: root
  gather_facts: false
  tasks:
    - name: Set authorized_key in dest hosts
      authorized_key:
        user: root
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
      register: result_auth_info
      tags: 
        - authorized_key_hosts
  • -t: 通过-t选项参数进行选择指定标签进行运行
1
ansible-playbook 1.yaml -t authorized_key_hosts -i hosts

跳过指定标签执行其他内容

  • 跳过指定的标签内容,执行标签内容外的其他内容
1
ansible-playbook 1.yaml --skip-tags "authorized_key_hosts" -i hosts

Ansible-Include

一个可以将playbook简单的进行复用的一个功能!

简单应用

编写一个重启http服务的配置

1
2
- name: Start HTTP
  service: name=httpd state=restarted

PlayBook中的应用

  • include: 查找的文件目录为你当前所在的目录,可以通过pwd命令进行查看。
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
- hosts: test
  remote_user: root
  gather_facts: true
  tasks:
    - name: Set authorized_key in dest hosts
      authorized_key:
        user: root
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
      register: result_auth_info
      tags: authorized_key_hosts
    - name: Install HTTP
      yum: name="httpd" state=present
    - name: Restart HTTP
      include: starthttp.yaml  # 包含你刚刚写的配置
      #  include_tasks: starthttpd.yaml  # 两种写法都可以

多个playbook合成

如果你写的playbook存在多个文件,你只想执行一个playbook,那么可以使用import_playbook

  • import_playbook: 引入你需要的playbook文件,必须是一个完整的playbook文件
1
2
- import_playbook: ./tasks1.yaml
- import_playbook: ./tasks2.yaml

Ansible-ignore_errors

在Ansible中进行错误的忽略

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
- hosts: test
  remote_user: root
  gather_facts: true
  tasks:
    - name: Set authorized_key in dest hosts
      authorized_key:
        user: root
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
      register: result_auth_info
      tags: authorized_key_hosts
    - name: Ingoring
      command: /bin/false
      ignore_errors: yes

输出结果大概是这样的

1
2
3
4
5
PLAY [test] 
TASK [Ingoring] ***************************************************************************************************************************************************************************************************************************fatal: [10.1.6.5]: FAILED! => {"changed": true, "cmd": ["/bin/false"], "delta": "0:00:00.026834", "end": "2022-08-29 02:17:00.089749", "msg": "non-zero return code", "rc": 1, "start": "2022-08-29 02:17:00.062915", "stderr": "", "stderr_lines": [], "stdout": "", "stdout_lines": []}
...ignoring

PLAY RECAP ********************************************************************************************************************************************************************************************************************************10.1.6.5                  : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=1   

Ansible-changed_when

通常用于失败后所执行一些操作: 例如失败后强制调用handlers、失败后强制删除等.

通常而言,如果任务失败并且play在该主机上中止,则收到play中早前任务通知的处理程序将不会运行。如果在play中设置force_handlers: yes关键字,则即使play因为后续任务失败而中止也会调用被通知的处理程序。

force_handlers

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
- hosts: test
  remote_user: root
  gather_facts: true
  force_handlers: yes # 强制调用handlers
  tasks:
    - name: Set authorized_key in dest hosts
      authorized_key:
        user: root
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
      register: result_auth_info
      tags: authorized_key_hosts
    - name: Test False
      command: echo "This is Force "
      notify: Restart HTTP service
    - name: Install available
      yum: name=dbdbdb state=present
  handlers:
    - name: Restart HTTP service
      service: name=httpd state=restarted

虽然任务是失败的,但是依旧调用了最后执行的handlers

1
2
3
4
[root@localhost ansible_linux]# ansible-playbook 1.yaml -i hosts 
TASK [Install available] ******************************************************************************************************************************************************************************************************************fatal: [10.1.6.57]: FAILED! => {"changed": false, "failures": ["No package dbdbdb available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []}

RUNNING HANDLER [Restart HTTP service] ****************************************************************************************************************************************************************************************************changed: [10.1.6.57]

changed_when

当前命令确保不会对被控端主机进行变更的时候,可以使用changer_when来进行忽略提示中的changed

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
- hosts: test
  remote_user: root
  gather_facts: true
  force_handlers: yes # 强制调用handlers
  tasks:
    - name: Set authorized_key in dest hosts
      authorized_key:
        user: root
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
      register: result_auth_info
      tags: authorized_key_hosts
    - name: Check HTTP
      shell: ps -aux | grep httpd
      changed_when: false  # 这样ps -aux | grep httpd 再也不会提示changed
    - name: Message
      debug:
        msg: "{{ ansible_distribution }}"

changed_when还可以检查tasks任务返回的结果

  • 查找输出当中是否存在successfuly如果没有则不执行
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
- hosts: test
  remote_user: root
  gather_facts: true
  tasks:
    - name: Set authorized_key in dest hosts
      authorized_key:
        user: root
        key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
      register: result_auth_info
      tags: authorized_key_hosts
    - name: Install Nginx
      yum: name=nginx  state=present
      notify: Start Nginx
    - name: Check Nginx Configure 
      command: /usr/sbin/nginx -t 
      register: check_nginx
      changed_when: (check_nginx.stdout.find('successful'))
  handlers:
    - name: Start Nginx
      service:  name=nginx state=restarted