ansible 進階將 playbook 執行更多功能 此篇將融入 git 保留為各種應用的範例
目錄結構
第一層皆以 role 開頭 第二層為 role 名稱 第三層分 8 種分類 每個分類底下先讀取 main.yaml 做為執行的起點
roles/
common/
tasks/
handlers/
library/
files/
templates/
vars/
defaults/
meta/
webservers/
tasks/
defaults/
meta/
分類說明
tasks/main.yml- the main list of tasks that the role executes.handlers/main.yml- handlers, which may be used within or outside this role.library/my_module.py- modules, which may be used within this role (see Embedding modules and plugins in roles for more information).defaults/main.yml- default variables for the role (see Using Variables for more information). These variables have the lowest priority of any variables available, and can be easily overridden by any other variable, including inventory variables. ㄆvars/main.yml- other variables for the role (see Using Variables for more information).files/main.yml- files that the role deploys.templates/main.yml- templates that the role deploys.meta/main.yml- metadata for the role, including role dependencies.
保存 std_output (register)
在內部使用 https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#registering-variables
- name: echo
command:
cmd: "echo 'hello world'"
register: swarm_contents
- name: cat echo
debug:
msg: "{{ swarm_contents }}"
存成 file 能夠後續使用 https://docs.ansible.com/ansible/latest/collections/ansible/builtin/template_module.html https://stackoverflow.com/questions/26732241/ansible-save-registered-variable-to-file
delegate_to
可用在 role 中指定執行主機
- name: no fact
delegate_to: "{{ groups['MGservers'][0] }}"
command:
cmd: "echo NoFact"
register: delegateLab1
if else
利用 jinja2 完成 有多種寫法 https://gist.github.com/halberom/794c06598f40ccc31560
簡易用法
"{{ 'TRUE-VALUE' if (condition) else 'FALSE-VALUE' }}"
- name: set_fact
set_fact:
python_version: "{{ '3.8' if (ansible_distribution_version == '21.04') else '3.6' }}"
ansible.cfg
可在 playbook 目下建立 ansible.cfg 該 playbook 就會吃改 ansible.cfg
ansible.cfg
[defaults]
# 在 playbook 結束時 print 每個 task 執行多久
callback_whitelist = profile_tasks
# uncomment this to disable SSH key host checking
host_key_checking = False
# Human-readable stderr and stdout
stdout_callback = debug
[ssh_connection]
#retry times if fail
retries=3
# 優化 ssh 連線參數,關閉不須功能加速連線
GSSAPIAuthentication=no
# 加速 ssh
pipelining = True
目錄結構
第一層皆以 role 開頭 第二層為 role 名稱 第三層分 8 種分類 每個分類底下先讀取 main.yaml 做為執行的起點
roles/
common/
tasks/
handlers/
library/
files/
templates/
vars/
defaults/
meta/
webservers/
tasks/
defaults/
meta/
分類說明
tasks/main.yml- the main list of tasks that the role executes.handlers/main.yml- handlers, which may be used within or outside this role.library/my_module.py- modules, which may be used within this role (see Embedding modules and plugins in roles for more information).defaults/main.yml- default variables for the role (see Using Variables for more information). These variables have the lowest priority of any variables available, and can be easily overridden by any other variable, including inventory variables.vars/main.yml- other variables for the role (see Using Variables for more information).files/main.yml- files that the role deploys.templates/main.yml- templates that the role deploys.meta/main.yml- metadata for the role, including role dependencies.
include 與 import 差異
LAB 3.include_import
https://github.com/lovesharepc/vagrant_lab/tree/main/ansible_playbook/3.include_import
測試兩者差異 import 在一開始即載入 include 則是在執行到該孩時才載入
import 為 static 性質 include 為 dynamic 性質
ansible command 介紹
ansible 執行單次 task
ansible-config 產生或設定 ansible.cfg
ansible-console A REPL that allows for running ad-hoc tasks against a chosen inventory from a nice shell with built-in tab completion (based on dominis’ ansible-shell).
ansible-doc plugin documentation tool
ansible-galaxy 類似 docker-hub 大家可共享 playbook https://galaxy.ansible.com/
ansible-inventory used to display or dump the configured inventory as Ansible sees it
ansible-pull 類似被動部屬
製作 role
使用指令產生 role 資料夾
[root@mgmt 4.roleSSH_key]# ansible-galaxy role init ssh-copy-id
- Role ssh-copy-id was created successfully
[root@mgmt 4.roleSSH_key]# tree
.
├── group_vars
│ └── all
├── hosts.yaml
├── README.md
├── roles
│ └── ssh-copy-id
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
├── site.yaml
└── ssh-copy-id
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
when 判斷條件
https://docs.ansible.com/ansible/latest/user_guide/playbooks_conditionals.html
#可用判斷式
!=
==
# 非陣列
inventory_hostname == "{{ groups['MGservers'][0] }}"
#多重條件可用
() and ()
() or ()
#如果判斷來源為陣列 可用 in
'WKservers' in group_names
'WKservers' in group_names
loop
- name: show var structure as it is needed for example to make sense
hosts: localhost
vars:
users:
- name: alice
authorized:
- /tmp/alice/onekey.pub
- /tmp/alice/twokey.pub
mysql:
password: mysql-password
hosts:
- "%"
- "127.0.0.1"
- "::1"
- "localhost"
privs:
- "*.*:SELECT"
- "DB1.*:ALL"
groups:
- wheel
- name: bob
authorized:
- /tmp/bob/id_rsa.pub
mysql:
password: other-mysql-password
hosts:
- "db1"
privs:
- "*.*:SELECT"
- "DB2.*:ALL"
tasks:
- name: Set authorized ssh key, extracting just that data from 'users'
debug:
msg: "{{ item.0.name }} -- {{ item.1 }}"
loop: "{{ users|subelements('authorized')}}"
output
MSG:
alice -- /tmp/alice/onekey.pub
MSG:
alice -- /tmp/alice/twokey.pub
MSG:
bob -- /tmp/bob/id_rsa.pub
community.general.ini_file
tasks:
- name: 'oslo_conf-generic-config'
ini_file:
path: '/tmp/test.ini'
section: 'mdfk'
option: 'option'
value: 'value'
owan@deploy:/tmp$ cat test.ini
[mdfk]
option = value
loop control
other
debug 在 playbook 執行時加入 –step 參數可以逐 task 執行
以 jinja2 設定變數
如果變數不存在
設定 default 值
"{{ firewall_allowed_ports | default([]) }}"