简单几句话了解Ansible-playbook 基础 (三)

| 运维自动化 | 热度:751°C |

简单几句话了解Ansible-playbook 基础 (三)

简单几句话了解Ansible-playbook

七、jinja2 简介

表达式
条件判断
{% if EXPR %}...{% elif EXPR %}...{% endif%}
demo
{% if ansible_fqdn == "web01" %}
    echo "123"
{% elif ansible_fqdn == "web02" %}
    echo "456"
{% else %}
    echo "789"
{% endif %}

循环语句
{% for i in EXPR %}...{% endfor%} 作为循环表达式
{% for i in range(1,10) %}
     server 10.8.3.{{i}};
{% endfor %}

{# COMMENT #} 表示注释
jinjia2渲染配置文件
]$ cat jinja.conf.j2 
upstream {{ server_name }} {
    {% for i in range(1,4) %}
    server 10.8.3.{{i}}:{{http_port}} weight=2;
    {% endfor %}
}

server {
    listen {{ http_port }};
    server_name {{ server_name }};
    location / {
        proxy_pass http://{{ server_name }};
        include proxy_params;
    }
}

]# cat jinja_2.yml 
- hosts: slbserver
  vars:
    - http_port: 80
    - server_name: www.yfzblog.cn
  tasks:
    - name: Installed Nginx Server 
      yum: 
        name: nginx 
        state: present 

    - name: Configure Nginx Virt
      template: 
        src: ./jinja.conf.j2 
        dest: /etc/nginx/conf.d/proxy_lingchen.com.conf
      notify: Restart Nginx Server

    - name: Started Nginx Server
      service: 
        name: nginx 
        state: started 
        enabled: yes

  handlers:
    - name: Restart Nginx Server
      service: 
        name: nginx 
        state: restarted
        
#循环inventory主机清单中的webserver组,将提取到的IP赋值给i变量.
upstream {{ server_name }} {
{% for i in groups['webserver'] %}
    server {{i}}:{{http_port}} weight=2;
{% endfor %}

官方
{% for host in groups['app_servers'] %}
   # something that applies to all app servers.
{% endfor %}
使用jinja渲染文件
]$ cat motd.j2 

Welcome to Alibaba Cloud Elastic Compute Service !

This System Hostname: {{ ansible_hostname }}
This System total Memory is: {{ ansible_memtotal_mb }} MB
This System free Memory is: {{ ansible_memfree_mb }} MB


]$ cat jinja.yml 
- hosts: lingchen
  tasks:
    - name: Copy Template File /etc/motd
      template: 
        src: ./motd.j2 
        dest: /etc/motd

八、Ansible roles 简介

Roles tips
  1. 创建roles目录结构,手动或使用ansible-galaxy init lingchen roles
  2. 编写roles的功能,也就是tasks
  3. 最后playbook引用roles编写好的tasks
roles demo
项目hosts文件
]$ cat hosts
[slbserver]
10.8.4.23
10.8.4.24

[webserver]
10.8.4.25
10.8.4.26

[nfsserver]
10.8.4.27

[dbserver]
10.8.6.23

项目变量group_vars/all
web_user: www
web_user_id: 789
nginx_conf: /etc/nginx/nginx.conf
nginx_virt: /etc/nginx/conf.d
nginx_code: /ansible_code
php_fpm_conf: /etc/php-fpm.d/www.conf
php_ini_conf: /etc/php.ini
php_ini_max_upload: 200M
…………


]$ mkdir base/{tasks,handlers,templates,vars,files} -p
]$ cat base/tasks/main.yaml
- name: Disabled Firewalld Server
  service: name=firewalld state=stopped enabled=no

- name: Disabled Selinux Server
  selinux: state=disabled

- name: Create Web {{ web_user }} {{ web_user_id }} Group 
  group: name={{ web_user }} gid={{ web_user_id|int }}

- name: Create Web  {{ web_user }} {{ web_user_id }} User
  user: name={{ web_user }} uid={{ web_user_id|int }} group={{ web_user }}

- name: Add Base Yum Repository
  yum_repository:
    name: base
    description: Base Aliyun Repository
    baseurl: http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
    gpgcheck: yes
    gpgkey: http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7

- name: Add Epel Yum Repository
  yum_repository:
    name: epel
    description: Epel Aliyun Repository
    baseurl: http://mirrors.aliyun.com/epel/7/$basearch
    gpgcheck: no

- name: Add Nginx Yum Repository
  yum_repository:
    name: nginx
    description: Nginx Repository
    baseurl: http://nginx.org/packages/centos/7/$basearch/
    gpgcheck: no
  when: ( ansible_hostname is match('web*')) or
        ( ansible_hostname is match ('slb*'))

- name: Add PHP Yum Repository
  yum_repository:
    name: php71w
    description: php Repository
    baseurl: http://us-east.repo.webtatic.com/yum/el7/x86_64/
    gpgcheck: no
  when: ( ansible_hostname is match('web*'))

- name: Installed Packages All
  yum:  name={{ packages }} state=present
  vars:
    packages:
      - rsync
      - nfs-utils
      - net-tools
      - wget
      - tree
      - lrzsz
      - vim
      - unzip
      - httpd-tools
      - bash-completion
      - iftop
      - iotop
      - glances

- name: Change Limit /etc/security/limit.conf
  pam_limits:
    domain: "*"
    limit_type: "{{ item.limit_type }}"
    limit_item: "{{ item.limit_item }}"
    value: "{{ item.value  }}"
  with_items:
    - { limit_type: 'soft', limit_item: 'nofile',value: '100000' }
    - { limit_type: 'hard', limit_item: 'nofile',value: '100000' }
Nginx roles demo
]$ mkdir nginx/{tasks,handlers,templates} -p
]$ cat roles/nginx/tasks/main.yml 
- name: Installed Nginx Server
  yum: name=nginx state=present

- name: Configure Nginx Server
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
  notify: Restart Nginx Server

- name: Started Nginx Server
  service: name=nginx state=started
  
#触发器
]$ cat roles/nginx/handlers/main.yml 
- name: Restart Nginx Server
  service: name=nginx state=restarted
  
#nginx的模板配置文件
]$ cat roles/nginx/templates/nginx.conf.j2 
user  {{ web_user }};
error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

worker_processes  {{ ansible_processor_cores }};

events {
    worker_connections  {{ ansible_processor_cores * 2048 }};
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    client_max_body_size 64m;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log main;
    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;

    keepalive_timeout  65;
    keepalive_requests 200;

    server_tokens on;
    gzip on;
    include /etc/nginx/conf.d/*.conf;
}
Nfs roles demo
]$ mkdir nfs/{tasks,handlers,templates} -p

#基础任务
]$ cat roles/nfs/tasks/main.yml 
- name: Install NFS Server
  yum: name=nfs-utils state=present

- name: Configure NFS Server
  template: src=exports.j2 dest=/etc/exports
  notify: Restart NFS Server

- name: Create NFS Server Share Directory
  file: path={{ nfs_dir }} state=directory owner={{ web_user }} group={{ web_user }}

- name: Started NFS Server
  service: name=nfs state=started enabled=yes
  
#触发器
]$ cat roles/nfs/handlers/main.yml 
- name: Restart NFS Server
  service: name=nfs state=restarted 
 
#模板配置文件
]$ cat roles/nfs/templates/exports.j2 
{{ nfs_dir }} {{ nfs_share_ip }}(rw,sync,all_squash,anonuid={{ web_user_id }},anongid={{ web_user_id }})
# 可以把变量放置在hosts组里面
# grep '{{' conf/httpd.conf 
MaxClients       {{ maxClients }}
Listen {{ httpd_port }}

# cat /etc/ansible/hosts
[webserver]
127.0.0.1 httpd_port=80 maxClients=100
192.168.10.149 httpd_port=8080 maxClients=200

# cat apache.yml 
- hosts: webserver
 remote_user: root
 vars:
 - package: httpd
 - service: httpd
 tasks:
 - name: install httpd package
   yum: name={{ package }} state=latest
 - name: install configuration file for httpd
   template: src=/root/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
   notify: 
   - restart httpd
 - name: start httpd service
   service: enabled=true name={{ service }} state=started
 
 handlers:
 - name: restart httpd
   service: name=httpd state=restarted


标签:暂无标签
版权属于:lingchen 所有,采用《知识署名-非商业性使用许可协议》进行许可,转载请注明文章来源。

本文链接: https://www.yfzblog.cn/devops/51.html

上一篇
简单几句话了解Ansible-playbook 基础 (二)
下一篇
Ansible-playbook roles 实战
赞 (0)

评论区

评论一下~


21+10=?

已有 1 条评论

lingchen
作者
2021-12-14 17:39

Ansible-playbook 变量官方文档
https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html

回复
回到顶部
微信分享二维码

微信里点“发现”,扫一下
二维码便可将本文分享至朋友圈。