Ansible playbook 使用

Posted 悟-空

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Ansible playbook 使用相关的知识,希望对你有一定的参考价值。

playbooks 是一种简单的配置管理系统与多机器部署系统的基础。与现有的其他系统有不同之处,且非常适合于复杂应用部署

playbook 可以定制配置,可以按指定的步骤有序执行,支持同步以及异步方式。

官网例子:https://github.com/ansible/ansible-examples

playbooks 可以用于声明配置,更强大的地方在于,在playbooks中可以编排有序的执行过程,甚至于做到多组机器间,来回有序的执行特别指定的步骤,并且可以同步或异步发起任务。
ansible-playbook命令参数:
    -u REMOTE_USER : 手工指定远程执行playbook的系统用户;
    --syntax-check: 检查playbook的语法;
    --list-hosts playbooks: 匹配到的主机列表;
    -T TIMEOUT : 定义playbook执行的超时时间;
    --step: 以单任务分步骤运行,方便做每一步的确认工作。
 
实例:
[[email protected] ~]# tree /etc/ansible/
/etc/ansible/
├── ansible.cfg
├── group_vars
│   ├── all
│   └── t3
├── hosts
├── roles
│   └── nginx
│       ├── handlers
│       │   └── main.yml
│       ├── tasks
│       │   └── main.yml
│       └── templates
│           ├── default_proxy_params.conf
│           ├── new.conf
│           ├── nginx.conf
│           ├── static_proxy_params.conf
│           ├── upstream.conf
│           ├── vhost.conf
│           ├── vhost_ssl.conf
│           └── websocket_proxy_params.conf
├── site.retry
└── site.yml
[[email protected] ~]# cat /etc/ansible/hosts
[all:vars]
ansible_ssh_private_key_file=/root/.ssh/id_rsa
ansible_ssh_port=22
ansible_ssh_user=root

[t3:vars]
ansible_python_interpreter=/usr/bin/python2

[t3]
192.168.11.162
[[email protected] ~]# cat /etc/ansible/site.yml   
- hosts: t3   # 组名
  user: root
  roles:
    - nginx   # 角色

[[email protected] ~]# cat /etc/ansible/group_vars/t3   # t3为组名
worker_processes: 4
num_cpus: 4
max_open_file: 65506
worker_connections: 10240
log_format_format: ‘json‘   #日志类型,默认为main
log_format_main: ‘$remote_addr - $remote_user [$time_local] $request "$status" $body_bytes_sent 
"$http_referer" "$request_body" "$http_user_agent" "$http_x_forwarded_for" 
cache_status:$upstream_cache_status upstream:$upstream_addr response_time: $request_time 
response_time: $request_time host: $host‘

log_format_json: ‘{"client_ip":"$remote_addr","ident":"-","auth":"$remote_user",
"timestamp":"$time_local","request":"$request","response":"$status",
"bytes":"$body_bytes_sent","referer":"$http_referer","request_body":"$request_body",
"user_agent":"$http_user_agent","forwarded":"$http_x_forwarded_for",
"cache_status":"$upstream_cache_status","upstream":"$upstream_addr",
"upstream_status":"$upstream_status","http_host":"$host","ssl_protocol":"$ssl_protocol",
"ssl_cipher":"$ssl_cipher","request_time":"$request_time",
"upstream_response_time":"$upstream_response_time"}‘

vhost_domain: ["t1.bet","t2.com","t3.tv"]   # 域名列表


upstream_list: [   # upstream 列表
    {
        "name" : "mobile",   # 名称
        "server_list": [	 # 服务列表
            {"ip":"10.0.0.1","port" : 3000,"max_fails":2,"fail_timeout":"30s","weight":5},
            {"ip":"10.0.0.2","port" : 3000,"max_fails":2,"fail_timeout":"30s","weight":15},
            {"ip":"10.0.0.3","port" : 3000,"max_fails":2,"fail_timeout":"30s","weight":10},
            {"ip":"10.0.0.4","port" : 3000,"max_fails":2,"fail_timeout":"30s","weight":5}
        ]
    },
    {
        "name":"desktop",
        "server_list":[
            {"ip":"10.0.0.4","port" : 3001,"max_fails":2,"fail_timeout":"30s","weight":1},
            {"ip":"10.0.0.3","port" : 3001,"max_fails":2,"fail_timeout":"30s","weight":1},
        ]
    }
]

[[email protected] ~]# cat /etc/ansible/roles/nginx/tasks/main.yml  
- name: nginx is at then latest version   # 安装nginx
  yum: pkg=nginx state=latest

- name: write the nginx.conf config file  # nginx.conf 模板文件
  template: src=nginx.conf dest=/etc/nginx/nginx.conf 
  notify:
  - restart nginx   
- name: write the default_proxy_params.conf config file
  template: src=default_proxy_params.conf dest=/etc/nginx/conf.d/default_proxy_params.conf 
  notify:
  - restart nginx 
 
- name: write the default_proxy_params.conf config file
  template: src=new.conf dest=/etc/nginx/conf.d/new.conf
  notify:
  - restart nginx 

- name: write the static_proxy_params.conf config file
  template: src=static_proxy_params.conf dest=/etc/nginx/conf.d/static_proxy_params.conf
  notify:
  - restart nginx 

- name: write the websocket_proxy_params.conf config file
  template: src=websocket_proxy_params.conf dest=/etc/nginx/conf.d/websocket_proxy_params.conf
  notify:
  - restart nginx 

- name: write the upstream.conf config file
  template: src=upstream.conf dest=/etc/nginx/conf.d/upstream.conf
  notify:
  - restart nginx 

- name: write the vhost.conf config file
  template: src=vhost.conf dest=/etc/nginx/conf.d/vhost.conf
  notify:
  - restart nginx   

- name: write the vhost_ssl.conf config file
  template: src=vhost_ssl.conf dest=/etc/nginx/conf.d/vhost_ssl.conf
  notify:
  - restart nginx 
  
- name: ensure nginx is running 
  service: name=nginx state=started

[[email protected] ~]# cat /etc/ansible/roles/nginx/handlers/main.yml  
- name: restart nginx
  service: name=nginx state=started

[[email protected] ~]# cat /etc/ansible/roles/nginx/templates/nginx.conf  
worker_processes  {{ worker_processes }};
pid        /var/run/nginx.pid;
{% if num_cpus == 2 %}
worker_cpu_affinity 01 10;
{% elif num_cpus == 4 %}
worker_cpu_affinity 1000 0100 0010 0001;
{% elif num_cpus >=8 %}
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
{% else %}
worker_cpu_affinity 1000 0100 0010 0001;
{% endif %}

worker_rlimit_nofile {{ max_open_file }}

events {
    use epoll;
    worker_connections  {{ worker_connections }};
    multi_accept on;
}
...
# 日志格式配置
{% if log_format_format == ‘json‘ %}
  log_format  json  {{ log_format_json }};
  {% else %}
  log_format  main  {{ log_format_main }};
{% endif %}

[[email protected] ~]# cat /etc/ansible/roles/nginx/templates/vhost.conf
{% for domain in vhost_domain %}
server {
	listen       80 ;
	server_name  {{ domain }};
	rewrite     ^(.*)   https://www{{ domain }} permanent;
	{% if log_format_format == ‘json‘ %}
		access_log  logs/{{ domain }}.access.log json;
	{% else %}
		access_log  logs/{{ domain }}.access.log main;
	{% endif %}
}
{% endfor %}

[[email protected] ~]# cat /etc/ansible/roles/nginx/templates/vhost_ssl.conf
{% for domain in vhost_domain %}
server {
	listen       443;#HTTP Port
	server_name www.{{ domain }} {{ domain }};
	include /usr/local/nginx/conf.d/new.conf;
	index   index.jsp index.html index.htm;
	{% if log_format_format == ‘json‘ %}
		access_log  logs/{{ domain }}.access.log json;
	{% else %}
		access_log  logs/{{ domain }}.access.log main;
	{% endif %}
		
	if ($http_host = {{ domain }} ) {
	rewrite  ^(.*)$ https://www.{{ domain }}$1      permanent; }
	ssl on;
	ssl_certificate /usr/local/nginx/conf.d/ssl/www.{{ domain }}/www.{{ domain }}.crt;
	ssl_certificate_key /usr/local/nginx/conf.d/ssl/www.{{ domain }}/www.{{ domain }}.key;
}
{% endfor %}

[[email protected] ~]# cat /etc/ansible/roles/nginx/templates/upstream.conf
{% for upstream_name in upstream_list %}
upstream {{ upstream_name.name }} {
  {% for server_name in upstream_name.server_list%}
   server {{ server_name.ip }}:{{ server_name.port }} max_fails={{ server_name.max_fails }}  fail_timeout={{ server_name.fail_timeout }} weight={{ server_name.weight}};
  {% endfor %}
}
{% endfor %}
...
[[email protected] ~]# ansible-playbook /etc/ansible/site.yml
PLAY [t3] ***********************************************************

TASK [Gathering Facts] **********************************************
ok: [192.168.11.162]

TASK [nginx : nginx is at then latest version] **********************
ok: [192.168.11.162]
...

以上是关于Ansible playbook 使用的主要内容,如果未能解决你的问题,请参考以下文章

Ansible 笔记 - 编写 playbook

d8,ansible

ansible playbook

Jenkins+GitLab+Ansible playbook安装与基本使用

ansible playbook用法

conda 没有使用 ansible playbook 进行初始化