ansible
的单条使命叫ad-hoc
,将多条命令写在一块进行执行叫playbook
。
playbook
,即剧本,现实中由演员按照剧本表演,在Ansible
中,这次由计算机进行表演,由计算机安装,部署应用,提供对外服务,以及组织计算机处理各种各样的事情。
那么为什么要使用 playbook 呢?
执行一些简单的任务,使用命令行模式可以方便的解决问题,但是有时一个设施过于复杂,需要大量的操作时候,执行命令行模式是不适合的,这时最好使用playbook
,就像执行shell
命令与写shell
脚本一样,也可以理解为批处理任务,不过playbook
有自己的语法格式。
playbook
文件由YAML
语言编写。
YAML
是一个类似XML
、JSON
的标记性语言,YAML
强调以数据为中心,并不是以标识语言为重点。
YAML
语言的特点:
大小写敏感
使用空格作为嵌套缩进工具,缩进时不允许使用 Tab 键
缩进的空格数目不重要,只要相同层级的元素左侧对齐即可
使用“-”(横线) + 单个空格:表示单个列表项
使用 “:”(冒号) + 空格:表示单个键值对
使用"{}"表示一个键值表
playbook
文件是通过ansible-playbook
命令进行解析的,ansbile-playbook
命令会根据自上而下的顺序依次执行playbook
文件中的内容。同时,playbook
开创了很多特性,它可以允许传输某个命令的状态到后面的指令,它也可以从一台机器的文件中抓取内容并附为变量,然后在另一台机器中使用,这使得playbook
可以实现一些复杂的部署机制,这是ansible
命令无法实现的。
playbook
是由一个或多个play
组成的列表。
play
的主要功能在于,将事先合并为一组的主机装扮成事先通过ansible
定义好的角色。将多个play
组织在一个playbook
中就可以让它们联同起来按事先编排的机制完成一系列复杂的任务。
其主要由以下四部分组成:
target 部分:定义将要执行 playbook
的远程主机组
variable 部分:定义playbook
运行时需要使用的变量
task 部分:定义将要在远程主机上执行的任务列表
handler 部分:定义task
执行完成以后需要调用的任务
hosts:192.168.250.50 remote_user: root tasks: - name: ansible shell shell: ps -ef|grep sshd&&mkdir /opt/hdp - name: ansible command command: touch /opt/hdp/hadoop.txt
- hosts:192.168.250.50 remote_user: root tasks: - name: ansible raw1 raw: ps -ef|grep sshd|awk '{print $2}'>/tmp/ssh.log - name: ansible raw2 raw: dnf -y install python36-devel
- hosts:192.168.250.50 remote_user: root tasks: - name: mkdir cdh directory file: path=/opt/cdh state=directory mode=0755 - name: chmod bin file: dest=/opt/bigdata/jdk/bin mode=0755 recurse=yes - name: link files file: src=/etc/ssh/sshd_config dest=/mnt/sshd_config owner=sshd state=link - name: delete files file: path=/tmp/hadoop.tar.gz state=absent - name: chown files file: path=/mnt/syncfile.txt owner=nobody group=nobody mode=0644
- hosts:192.168.250.50 remote_user: root gather_facts: false tasks: - name: copy and chown copy: src=/etc/sudoers dest=/mnt/sudoers owner=root group=root mode=440 backup=yes - name: checking files copy: src=/etc/sudoers dest=/mnt/sudoers validate='visudo -cf %s' - name: copy directory copy: src=/etc/yum/ dest=/mnt/bak owner=hadoop group=hadoop directory_mode=644
- hosts:192.168.250.50 remote_user: root gather_facts: false tasks: - name: synchronize rsync directory synchronize: src=/usr/share/nginx/modules dest=/mnt/bak1 delete=yes
- hosts:192.168.250.50 remote_user: root gather_facts: false tasks: - name: unarchive spark files unarchive: src=/src/spark.tar.gz dest=/opt
- hosts:192.168.250.50 remote_user: root gather_facts: false tasks: - name: service: name=nginx state=restarted enabled=yes
- hosts:192.168.250.50 remote_user: root gather_facts: false tasks: - name: cron examples cron: backup=true name=autobackup weekday=6 minute=30 hour=1 user=root job="/home/ixdba/backup.sh" - name: delete cron cron: name=autobackup state=absent
- hosts:192.168.250.50 remote_user: root gather_facts: false tasks: - name: dnf install redis dnf: name=redis state=latest enablerepo=epel - name: remove redis dnf: name=redis state=removed
- name: create user hosts:192.168.250.50 user: root gather_facts: false tasks: - name: start createuser user: name="{{item.value}}" groups=hadoop,wheel with_items: - {value: "hadoopuser001"} - {value: "hadoopuser002"}
- hosts:192.168.250.50 remote_user: root tasks: - lineinfile: dest=/etc/profile insertafter='ulimit(.*)' line="ulimit -c unlimited" - lineinfile: dest=/etc/profile line="export JAVA_HOME=/usr/jdk" - lineinfile: dest=/etc/selinux/config regexp='SELINUX=(.*)' line='SELINUX=disabled' - lineinfile: dest=/etc/resolv.conf regexp='search(.*)' state=absent
- hosts:192.168.250.50 remote_user: root tasks: - name: hostname command shell: hostname register: host_result - debug: var=host_result.stdout - debug: 'msg="output: {{host_result.stdout}}"'
- hosts:192.168.250.50 remote_user: root tasks: - name: hostname command shell: hostname register: host_result - set_fact: var1="{{host_result.stdout}}" - set_fact: var2="This is a string" - debug: var=var1 - debug: var=var2
- hosts:192.168.250.50 remote_user: root gather_facts: true tasks: - name: connection shell: echo "connection . {{inventory_hostname}} $(hostname) ." >> /tmp/local.log connection: local - name: delegate_to shell: echo "delegate_to . {{inventory_hostname}} $(hostname) ." >> /tmp/local.log delegate_to: localhost - name: local_action local_action: shell echo "local_action. {{inventory_hostname}} $(hostname)" >> /tmp/local.log
- hosts: myweb gather_facts: no roles: - roles tasks: - name: close ssh yes/no check lineinfile: path=/etc/ssh/ssh_config regexp='(.*)StrictHostKeyChecking(.*)' line="StrictHostKeyCheck ing no" - name: delete /root/.ssh/ file: path=/root/.ssh/ state=absent - name: create .ssh directory file: dest=/root/.ssh mode=0600 state=directory - name: generating local public/private rsa key pair local_action: shell ssh-keygen -t rsa -b 2048 -N '' -y -f /root/.ssh/id_rsa - name: view id_rsa.pub local_action: shell cat /root/.ssh/id_rsa.pub register: sshinfo - set_fact: sshpub={{sshinfo.stdout}} - name: add ssh record local_action: shell echo {{sshpub}} > {{AnsibleDir}}/roles/templates/authorized_keys.j2 - name: copy authorized_keys.j2 to all template: src={{AnsibleDir}}/roles/templates/authorized_keys.j2 dest=/root/.ssh/authorized_keys mode=0600 tags: - install ssh
- hosts: myweb remote_user: root tasks: - name: change name shell: "echo {{hostname}} > /etc/hostname" - name: shell: hostname {{hostname|quote}}
- hosts: myweb remote_user: root gather_facts: false tasks: - name: selinux disabled lineinfile: dest=/etc/selinux/config regexp='SELINUX=(.*)' line='SELINUX=disabled' - name: lineinfile: dest=/etc/security/limits.conf line="{{item.value}}" with_items: - {value: "* soft nofile 655360"} - {value: "* hard nofile 655360"} - name: disabled iptables and firewalld shell: systemctl stop firewalld&&systemctl disable firewalld&&iptables -F - name: cron ntpdate cron: name=ntpdate minute=*/5 user=root job="source /etc/profile;/usr/sbin/ntpdate -u 172.16.21.1 ;/sbin/hwclock -w"
- hosts: myweb remote_user: root roles: - roles tasks: - name: add localhost local_action: shell echo "127.0.0.1 localhost" > {{AnsibleDir}}/roles/templates/hosts.j2 run_once: true - set_fact: ipaddress={{inventory_hostname}} - set_fact: hostname={{hostname}} - name: add host record local_action: shell echo {{ipaddress}} {{hostname}} >> {{AnsibleDir}}/roles/templates/hosts.j2 - name: copy hosts.j2 to all host template: src={{AnsibleDir}}/roles/templates/hosts.j2 dest=/etc/hosts
- hosts: myweb remote_user: root roles: - roles tasks: - name: mkdir jdk directory file: path=/usr/java state=directory mode=0755 - name: copy and unzip jdk unarchive: src={{AnsibleDir}}/roles/files/jdk1.8.tar.gz dest=/usr/java - name: delete line lineinfile: dest=/etc/profile regexp='(.*)JAVA_HOME(.*)' state=absent - name: set jdk env lineinfile: dest=/etc/profile line="{{item.value}}" state=present with_items: - {value: "export JAVA_HOME=/usr/java/jdk1.8.0_162"} - {value: "export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar"} - {value: "export PATH=$JAVA_HOME/bin:$PATH"} - name: source profile shell: source /etc/profile
原文地址:https://mp.weixin.qq.com/s/zo9jEuAF8WHm-BUvN635JQ