举例一个playbook的实际例子例子下载地址https://github.com/ansible/ansible-examples里面有很多的例子这里以lanmp_simple为例目录结构├── g
举例一个playbook的实际例子例子下载地址https://github.com/ansible/ansible-examples里面有很多的例子这里以lanmp_simple为例目录结构├── group_vars│ ├── all│ └── dbservers├── hosts├── roles│ ├── common│ │ ├── handlers│ │ │ └── main.yml│ │ ├── tasks│ │ │ └── main.yml│ │ └── templates│ │ └── ntp.conf.j2│ ├── db│ │ ├── handlers│ │ │ └── main.yml│ │ ├── tasks│ │ │ └── main.yml│ │ └── templates│ │ └── my.cnf.j2│ └── web│ ├── handlers│ │ └── main.yml│ ├── tasks│ │ ├── copy_code.yml│ │ ├── install_httpd.yml│ │ └── main.yml│ └── templates│ └── index.php.j2└── site.yml14 directories, 17 files文件分析1.site.yml---# This playbook deploys the whole application stack in this site.- name: apply common configuration to all nodes hosts: all remote_user: root roles: - common- name: configure and deploy the webservers and application code hosts: webservers remote_user: root roles: - web- name: deploy MySQL and configure the databases hosts: dbservers remote_user: root roles: - dbplaybook的主配置文件指定运行的用户和要执行playbook的主机组或主机范围指定了common,web,db角色并指定了每个角色的主机2.group_vars定义了组要使用的变量all文件---# Variables listed here are applicable to all host groupshttpd_port: 80ntpserver: 192.168.1.2repository: https://github.com/bennojoy/mywebapp.gitdbservers文件---# The variables file used by the playbooks in the dbservers group.# These don't have to be explicitly imported by vars_files: they are autopopulated.mysqlservice: mysqldmysql_port: 3306dbuser: foouserdbname: foodbupassword: abc3.hosts文件定义了组的名字和组成员[webservers]web3[dbservers]web24.下面来单独看一下roles目录下有什么东西roles/├── common│ ├── handlers│ │ └── main.yml│ ├── tasks│ │ └── main.yml│ └── templates│ └── ntp.conf.j2├── db│ ├── handlers│ │ └── main.yml│ ├── tasks│ │ └── main.yml│ └── templates│ └── my.cnf.j2└── web ├── handlers │ └── main.yml ├── tasks │ ├── copy_code.yml │ ├── install_httpd.yml │ └── main.yml └── templates └── index.php.j24.1 common目录4.1.1 handlers---main.yml---# Handler to handle common notifications. Handlers are called by other plays.# See http://docs.ansible.com/playbooks_intro.html for more information about handlers.- name: restart ntp service: name=ntpd state=restarted- name: restart iptables service: name=iptables state=restarted定义了要重启的两个服务ntp和iptables4.1.2 tasks---main.yml---# This playbook contains common plays that will be run on all nodes.- name: Install ntp yum: name=ntp state=present tags: ntp- name: Configure ntp file template: src=ntp.conf.j2 dest=/etc/ntp.conf tags: ntp notify: restart ntp- name: Start the ntp service service: name=ntpd state=started enabled=yes tags: ntp- name: test to see if selinux is running command: getenforce register: sestatus changed_when: false定义common roles的执行任务安装ntp定义ntp的配置文件并把定义好的配置文件同步目的主机上启动ntp服务查看selinux以上是common的role要执行的任务4.1.3 templates---ntp.conf.j2driftfile /var/lib/ntp/driftrestrict 127.0.0.1restrict -6 ::1server {{ ntpserver }}includefile /etc/ntp/crypto/pwkeys /etc/ntp/keys定义ntp配置文件的模版并使用变量{{ ntpserver }}以上就是同common roles的任务:安装,配置ntp,并且关闭selinux4.2 db目录4.2.1 handlers---main.yml---# Handler to handle DB tier notifications- name: restart mysql service: name=mysqld state=restarted- name: restart iptables service: name=iptables state=restarted定义重启的项目:mysql和iptables4.2.2 tasks---main.yml---# This playbook will install mysql and create db user and give permissions.- name: Install Mysql package yum: name={{ item }} state=installed with_items: - mysql-server - MySQL-python - libselinux-python - libsemanage-python- name: Configure SELinux to start mysql on any port seboolean: name=mysql_connect_any state=true persistent=yes when: sestatus.rc != 0- name: Create Mysql configuration file template: src=my.cnf.j2 dest=/etc/my.cnf notify: - restart mysql- name: Start Mysql Service service: name=mysqld state=started enabled=yes- name: insert iptables rule lineinfile: dest=/etc/sysconfig/iptables state=present regexp="{{ mysql_port }}" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport {{ mysql_port }} -j ACCEPT" notify: restart iptables- name: Create Application Database mysql_db: name={{ dbname }} state=present- name: Create Application DB User mysql_user: name={{ dbuser }} password={{ upassword }} priv=*.*:ALL host='%' state=present定义了db roles要执行的任务1.安装mysql服务2.配置selinux3.创建mysql的my.cnf文件4.开启mysql5.添加防火墙mysql规则6.创建mysql数据库7.授权用户以上是db组要完成的任务并且按照1-7的顺序进行执行4.2.3 templates---my.cnf.j2[mysqld]datadir=/var/lib/mysqlsocket=/var/lib/mysql/mysql.sockuser=mysql# Disabling symbolic-links is recommended to prevent assorted security riskssymbolic-links=0port={{ mysql_port }}[mysqld_safe]log-error=/var/log/mysqld.logpid-file=/var/run/mysqld/mysqld.pid定义my.cnf的配置文件模版4.3 web目录4.3.1 handlers---main.yml---# Handler for the webtier: handlers are called by other plays.# See http://docs.ansible.com/playbooks_intro.html for more information about handlers.- name: restart iptables service: name=iptables state=restarted定义重启项目:iptables4.3.2 tasks---copy_code.yml---# These tasks are responsible for copying the latest dev/production code from# the version control system.- name: Copy the code from repository git: repo={{ repository }} dest=/var/www/html/- name: Creates the index.php file template: src=index.php.j2 dest=/var/www/html/index.php定义web role代码拉取任务和Index.php的模版4.3.2 tasks---install_httpd.yml---# These tasks install http and the php modules.- name: Install http and php etc yum: name={{ item }} state=present with_items: - httpd - php - php-mysql - git - libsemanage-python - libselinux-python- name: insert iptables rule for httpd lineinfile: dest=/etc/sysconfig/iptables create=yes state=present regexp="{{ httpd_port }}" insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport {{ httpd_port }} -j ACCEPT" notify: restart iptables- name: http service state service: name=httpd state=started enabled=yes- name: Configure SELinux to allow httpd to connect to remote database seboolean: name=httpd_can_network_connect_db state=true persistent=yes when: sestatus.rc != 0定义安装apache,php为web服务添加iptables规则并且在完成后重启iptables使apache服务启动并且设置为开机启动配置web selinux当selinux生效的时候4.3.3 tasks---main.yml---- include: install_httpd.yml- include: copy_code.ym包含进两个任务4.3.4. templates---index.php.j2<html> <head> <title>Ansible Application</title> </head> <body> </br> <a href=http://{{ ansible_default_ipv4.address }}/index.html>Homepage</a> </br><?php Print "Hello, World! I am a web server configured using Ansible and I am : "; echo exec('hostname'); Print "</BR>";echo "List of Databases: </BR>"; {% for host in groups['dbservers'] %} $link = mysqli_connect('{{ hostvars[host].ansible_default_ipv4.address }}', '{{ hostvars[host].dbuser }}', '{{ hostvars[host].upassword }}') or die(mysqli_connect_error($link)); {% endfor %} $res = mysqli_query($link, "SHOW DATABASES;"); while ($row = mysqli_fetch_assoc($res)) { echo $row['Database'] . "/n"; }?></body></html>定义index.php的模版文件至此所有的文件都以说明完毕这里我们来总结一下流程1.第一步执行playbookansible -i hosts site.yml-i 指定inventory文件site.yml就是主playbook配置文件2.在看一下site.yml文件---# This playbook deploys the whole application stack in this site.- name: apply common configuration to all nodes hosts: all remote_user: root roles: - common- name: configure and deploy the webservers and application code hosts: webservers remote_user: root roles: - web- name: deploy MySQL and configure the databases hosts: dbservers remote_user: root roles: - db定义用户和主机组/主机范围没有什么好说的关键看rolescommon,web,dbcommon----->handlers|tasks|templatesweb-------->handlers|tasks|templatesdb--------->handlers|tasks|templates这三个都从tasks和handlers的目录中读取main.yml文件然后根据main.yml中的配置项去执行任务,其中templates是存放模版文件的目录使用Jinja语法里面可以使用变量还有个目录group_vars是专门为组设置相关变量的目录所有在roles目录下使用的变量都能在group_vars目录中找到验证:[root@localhost lamp_simple]# rpm -qa|grep mysqld[root@localhost lamp_simple]# rpm -qa|grep php[root@localhost lamp_simple]# rpm -qa|grep httpd执行[root@localhost lamp_simple]# ansible-playbook -i hosts site.yml PLAY [apply common configuration to all nodes] *****************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************The authenticity of host 'web2 (192.168.222.139)' can't be established.RSA key fingerprint is ba:1e:5b:0c:15:3d:61:cd:37:98:19:18:19:af:ee:11.Are you sure you want to continue connecting (yes/no)? The authenticity of host 'web3 (192.168.222.139)' can't be established.RSA key fingerprint is ba:1e:5b:0c:15:3d:61:cd:37:98:19:18:19:af:ee:11.Are you sure you want to continue connecting (yes/no)? yesok: [web2]yesok: [web3]TASK [common : Install ntp] ************************************************************************************************************************************************changed: [web2]ok: [web3]TASK [common : Configure ntp file] *****************************************************************************************************************************************changed: [web3]ok: [web2]TASK [common : Start the ntp service] **************************************************************************************************************************************changed: [web2]changed: [web3]TASK [common : test to see if selinux is running] **************************************************************************************************************************ok: [web2]ok: [web3]RUNNING HANDLER [common : restart ntp] *************************************************************************************************************************************changed: [web3]PLAY [configure and deploy the webservers and application code] ************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************ok: [web3]TASK [web : Install http and php etc] **************************************************************************************************************************************changed: [web3] => (item=[u'httpd', u'php', u'php-mysql', u'git', u'libsemanage-python', u'libselinux-python'])TASK [web : insert iptables rule for httpd] ********************************************************************************************************************************changed: [web3]TASK [web : http service state] ********************************************************************************************************************************************changed: [web3]TASK [web : Configure SELinux to allow httpd to connect to remote database] ************************************************************************************************skipping: [web3]TASK [web : Copy the code from repository] *********************************************************************************************************************************changed: [web3]TASK [web : Creates the index.php file] ************************************************************************************************************************************changed: [web3]RUNNING HANDLER [web : restart iptables] ***********************************************************************************************************************************changed: [web3]PLAY [deploy MySQL and configure the databases] ****************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************ok: [web2]TASK [db : Install Mysql package] ******************************************************************************************************************************************changed: [web2] => (item=[u'mysql-server', u'MySQL-python', u'libselinux-python', u'libsemanage-python'])TASK [db : Configure SELinux to start mysql on any port] *******************************************************************************************************************skipping: [web2]TASK [db : Create Mysql configuration file] ********************************************************************************************************************************changed: [web2]TASK [db : Start Mysql Service] ********************************************************************************************************************************************changed: [web2]TASK [db : insert iptables rule] *******************************************************************************************************************************************changed: [web2]TASK [db : Create Application Database] ************************************************************************************************************************************changed: [web2]TASK [db : Create Application DB User] *************************************************************************************************************************************changed: [web2]RUNNING HANDLER [db : restart mysql] ***************************************************************************************************************************************changed: [web2]RUNNING HANDLER [db : restart iptables] ************************************************************************************************************************************changed: [web2]PLAY RECAP *****************************************************************************************************************************************************************web2 : ok=14 changed=10 unreachable=0 failed=0 web3 : ok=13 changed=9 unreachable=0 failed=0 [root@localhost lamp_simple]# rpm -qa|grep mysqlmysql-5.1.73-7.el6.x86_64mysql-libs-5.1.73-7.el6.x86_64php-mysql-5.3.3-47.el6.x86_64mysql-server-5.1.73-7.el6.x86_64[root@localhost lamp_simple]# rpm -qa|grep httpdhttpd-tools-2.2.15-53.el6.centos.x86_64httpd-2.2.15-53.el6.centos.x86_64[root@localhost lamp_simple]# ps -ef|grep mysqldroot 4643 1 0 17:15 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysqlmysql 4751 4643 0 17:15 ? 00:00:00 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock --port=3306root 4944 1905 0 17:16 pts/0 00:00:00 grep mysqld[root@localhost lamp_simple]# ps -ef|grep httpdroot 3584 1 0 17:14 ? 00:00:00 /usr/sbin/httpdapache 3587 3584 0 17:14 ? 00:00:00 /usr/sbin/httpdapache 3588 3584 0 17:14 ? 00:00:00 /usr/sbin/httpdapache 3590 3584 0 17:14 ? 00:00:00 /usr/sbin/httpdapache 3591 3584 0 17:14 ? 00:00:00 /usr/sbin/httpdapache 3592 3584 0 17:14 ? 00:00:00 /usr/sbin/httpdapache 3594 3584 0 17:14 ? 00:00:00 /usr/sbin/httpdapache 3595 3584 0 17:14 ? 00:00:00 /usr/sbin/httpdapache 3596 3584 0 17:14 ? 00:00:00 /usr/sbin/httpdroot 4946 1905 0 17:16 pts/0 00:00:00 grep httpd[root@localhost lamp_simple]# curl web2<html> <head> <title>Ansible Application</title> </head> <body> </br> <a href=http://192.168.222.139/index.html>Homepage</a> </br>Hello, World! I am a web server configured using Ansible and I am : localhost.localdomain</BR>List of Databases: </BR>information_schemafoodbmysqltest</body></html>可以看到数据库 web服务和首页都已经成功的设置完毕了在执行一次[root@localhost lamp_simple]# ansible-playbook -i hosts site.yml PLAY [apply common configuration to all nodes] *****************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************ok: [web2]ok: [web3]TASK [common : Install ntp] ************************************************************************************************************************************************ok: [web2]ok: [web3]TASK [common : Configure ntp file] *****************************************************************************************************************************************ok: [web3]ok: [web2]TASK [common : Start the ntp service] **************************************************************************************************************************************ok: [web2]ok: [web3]TASK [common : test to see if selinux is running] **************************************************************************************************************************ok: [web2]ok: [web3]PLAY [configure and deploy the webservers and application code] ************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************ok: [web3]TASK [web : Install http and php etc] **************************************************************************************************************************************ok: [web3] => (item=[u'httpd', u'php', u'php-mysql', u'git', u'libsemanage-python', u'libselinux-python'])TASK [web : insert iptables rule for httpd] ********************************************************************************************************************************ok: [web3]TASK [web : http service state] ********************************************************************************************************************************************ok: [web3]TASK [web : Configure SELinux to allow httpd to connect to remote database] ************************************************************************************************skipping: [web3]TASK [web : Copy the code from repository] *********************************************************************************************************************************ok: [web3]TASK [web : Creates the index.php file] ************************************************************************************************************************************ok: [web3]PLAY [deploy MySQL and configure the databases] ****************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************ok: [web2]TASK [db : Install Mysql package] ******************************************************************************************************************************************ok: [web2] => (item=[u'mysql-server', u'MySQL-python', u'libselinux-python', u'libsemanage-python'])TASK [db : Configure SELinux to start mysql on any port] *******************************************************************************************************************skipping: [web2]TASK [db : Create Mysql configuration file] ********************************************************************************************************************************ok: [web2]TASK [db : Start Mysql Service] ********************************************************************************************************************************************ok: [web2]TASK [db : insert iptables rule] *******************************************************************************************************************************************ok: [web2]TASK [db : Create Application Database] ************************************************************************************************************************************ok: [web2]TASK [db : Create Application DB User] *************************************************************************************************************************************ok: [web2]PLAY RECAP *****************************************************************************************************************************************************************web2 : ok=12 changed=0 unreachable=0 failed=0 web3 : ok=11 changed=0 unreachable=0 failed=0 多次执行只要目标机没有任何修改将不会做任何修改这一次我把目标机的mysql和httpd进行关掉在来执行[root@localhost lamp_simple]# ansible-playbook -i hosts site.yml PLAY [apply common configuration to all nodes] *****************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************ok: [web3]ok: [web2]TASK [common : Install ntp] ************************************************************************************************************************************************ok: [web2]ok: [web3]TASK [common : Configure ntp file] *****************************************************************************************************************************************ok: [web2]ok: [web3]TASK [common : Start the ntp service] **************************************************************************************************************************************ok: [web2]ok: [web3]TASK [common : test to see if selinux is running] **************************************************************************************************************************ok: [web2]ok: [web3]PLAY [configure and deploy the webservers and application code] ************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************ok: [web3]TASK [web : Install http and php etc] **************************************************************************************************************************************ok: [web3] => (item=[u'httpd', u'php', u'php-mysql', u'git', u'libsemanage-python', u'libselinux-python'])TASK [web : insert iptables rule for httpd] ********************************************************************************************************************************ok: [web3]TASK [web : http service state] ********************************************************************************************************************************************changed: [web3]TASK [web : Configure SELinux to allow httpd to connect to remote database] ************************************************************************************************skipping: [web3]TASK [web : Copy the code from repository] *********************************************************************************************************************************ok: [web3]TASK [web : Creates the index.php file] ************************************************************************************************************************************ok: [web3]PLAY [deploy MySQL and configure the databases] ****************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************ok: [web2]TASK [db : Install Mysql package] ******************************************************************************************************************************************ok: [web2] => (item=[u'mysql-server', u'MySQL-python', u'libselinux-python', u'libsemanage-python'])TASK [db : Configure SELinux to start mysql on any port] *******************************************************************************************************************skipping: [web2]TASK [db : Create Mysql configuration file] ********************************************************************************************************************************ok: [web2]TASK [db : Start Mysql Service] ********************************************************************************************************************************************changed: [web2]TASK [db : insert iptables rule] *******************************************************************************************************************************************ok: [web2]TASK [db : Create Application Database] ************************************************************************************************************************************ok: [web2]TASK [db : Create Application DB User] *************************************************************************************************************************************ok: [web2]PLAY RECAP *****************************************************************************************************************************************************************web2 : ok=12 changed=1 unreachable=0 failed=0 web3 : ok=11 changed=1 unreachable=0 failed=0 可以看到mysql和httpd的启动是改变了所以只执行了这两个改变其他未变的不会进行操作所以可以放心的多次执行playbook来保障目标机的环境和设置的一致性单个任务或者一组任务的playbook就不在举例了比较简单。掌握住playbook的role机制单个就不在话下。playbook的role的好处就不言而喻了可以把common的作为通用这样就不必每个组新来的时候在编写一次通用的模块了,直接使用roles机制引入进行即可,这对于大型编写任务来说是很友好的
