简介
ansible是基于 paramiko 开发的,并且基于模块化工作,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。ansible不需要在远程主机上安装client/agents,因为它们是基于ssh来和远程主机通讯的。同时此文章记录在项目使用playbook编写中用到的模块,以便后续作为知识库,也为正在接触ansible的同学们提供一个入学指南,此文章定时更新。
ansible 帮助使用
bash
# 查找相应的模块
$ ansible-doc -l module
# 查看ping模块使用方式
$ ansible-doc pingansible如何执行一个模块?
使用ansible的-vvv或-vvvv分析执行过程。以下是一个启动远程10.20.43.25上ping模块的执行过程分析。
# 读取相应的配置文件和主机清单,然后开始执行对应的处理程序。
Using /etc/ansible/ansible.cfg as config file
META: ran handlers
# 建立连接,获取被控节点当前用户的家目录,用于存放稍后的临时任务文件,此处返回值为/root。
<10.20.43.25> ESTABLISH SSH CONNECTION FOR USER: None
<10.20.43.25> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e558b2d4c4 10.20.43.25 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<10.20.43.25> (0, '/root\n', '')
# 再次建立连接,在远端创建临时任务文件的目录,临时目录由配置文件中的remote_tmp指令控制。
<10.20.43.25> ESTABLISH SSH CONNECTION FOR USER: None
<10.20.43.25> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e558b2d4c4 10.20.43.25 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1659340813.87-20445-27992807493154 `" && echo ansible-tmp-1659340813.87-20445-27992807493154="` echo /root/.ansible/tmp/ansible-tmp-1659340813.87-20445-27992807493154 `" ) && sleep 0'"'"''
<10.20.43.25> (0, 'ansible-tmp-1659340813.87-20445-27992807493154=/root/.ansible/tmp/ansible-tmp-1659340813.87-20445-27992807493154\n', '')
# 尝试去发现被控端的python 解释器。
<10.20.43.25> Attempting python interpreter discovery
<10.20.43.25> ESTABLISH SSH CONNECTION FOR USER: None
<10.20.43.25> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e558b2d4c4 10.20.43.25 '/bin/sh -c '"'"'echo PLATFORM; uname; echo FOUND; command -v '"'"'"'"'"'"'"'"'/usr/bin/python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python3.5'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.7'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python2.6'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/libexec/platform-python'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'/usr/bin/python3'"'"'"'"'"'"'"'"'; command -v '"'"'"'"'"'"'"'"'python'"'"'"'"'"'"'"'"'; echo ENDFOUND && sleep 0'"'"''
<10.20.43.25> (0, 'PLATFORM\nLinux\nFOUND\n/usr/bin/python\n/usr/bin/python2.7\n/usr/libexec/platform-python\n/usr/bin/python\nENDFOUND\n', '')
# 将执行的模块的py文件拷贝到被控端的临时文件中,并使用sftp将任务文件传输到被控端节点上。
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/ping.py
<10.20.43.25> PUT /root/.ansible/tmp/ansible-local-204372QA8oB/tmpgYdA9A TO /root/.ansible/tmp/ansible-tmp-1659340813.87-20445-27992807493154/AnsiballZ_ping.py
<10.20.43.25> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e558b2d4c4 '[10.20.43.25]'
[WARNING]: sftp transfer mechanism failed on [10.20.43.25]. Use ANSIBLE_DEBUG=1 to see detailed information
<10.20.43.25> SSH: EXEC scp -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e558b2d4c4 /root/.ansible/tmp/ansible-local-204372QA8oB/tmpgYdA9A '[10.20.43.25]:/root/.ansible/tmp/ansible-tmp-1659340813.87-20445-27992807493154/AnsiballZ_ping.py'
# 建立连接,设置远程任务文件其所有者有可执行权限。
<10.20.43.25> ESTABLISH SSH CONNECTION FOR USER: None
<10.20.43.25> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e558b2d4c4 10.20.43.25 '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1659340813.87-20445-27992807493154/ /root/.ansible/tmp/ansible-tmp-1659340813.87-20445-27992807493154/AnsiballZ_ping.py && sleep 0'"'"''
<10.20.43.25> (0, '', '')
# 建立连接,执行任务,执行完任务立即删除临时任务文件,并返回收集到的信息或者结果给到控制端。至此ping模块任务结束,关闭共享连接。
<10.20.43.25> ESTABLISH SSH CONNECTION FOR USER: None
<10.20.43.25> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e558b2d4c4 -tt 10.20.43.25 '/bin/sh -c '"'"'/usr/bin/python /root/.ansible/tmp/ansible-tmp-1659340813.87-20445-27992807493154/AnsiballZ_ping.py && sleep 0'"'"''
<10.20.43.25> (0, '\r\n{"invocation": {"module_args": {"data": "pong"}}, "ping": "pong"}\r\n', 'Shared connection to 10.20.43.25 closed.\r\n')
<10.20.43.25> ESTABLISH SSH CONNECTION FOR USER: None
<10.20.43.25> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/e558b2d4c4 10.20.43.25 '/bin/sh -c '"'"'rm -f -r /root/.ansible/tmp/ansible-tmp-1659340813.87-20445-27992807493154/ > /dev/null 2>&1 && sleep 0'"'"''
<10.20.43.25> (0, '', '')include_vars模块
当从其它项目的变量文件引入当前项目时,我们可以采用include_vars加载。
yaml
- hosts: all
gather_facts: false
vars:
iaas_globals_yml: /etc/iaas/globals.yml
tasks:
- name: "include {{ iaas_globals_yml }} file"
include_vars:
file: "{{ iaas_globals_yml }}"
tags:
- alwaysgroup_by模块
创建一个临时的主机组,以便后续执行playbook按照这个组执行所有的主机。
yaml
---
- hosts: all
gather_facts: false
tasks:
- name: 定义一个名为new_hosts_group的主机组
group_by:
key: new_hosts_group
- name: 输出执行节点主机组变量信息,发现动态加的new_hosts_group组生效
debug: msg=new_hosts_group组{{ hostvars[inventory_hostname]['groups']['new_hosts_group'] }}
connection: local
run_once: true
- name: 查看新定义的主机组
debug: msg="{{ inventory_hostname }} 属于主机组new_hosts_group"
when:
- inventory_hostname in groups['new_hosts_group']add_host模块
在playbook中,需要动态把主机加到主机组,可以通过在playbook的执行器内存中添加一个主机(如果组不存在则自动创建)。
yaml
---
- hosts: all
gather_facts: false
tasks:
- name: 在playbook的内存中创建一个主机(如果组不存在则自动创建)
add_host:
name: "{{ item }}"
groups: new_hosts_group
changed_when: false
with_items: "{{ groups['nfs'] }}"
- name: 从新建立的new_hosts_group组的主机执行ping
ping:
when: inventory_hostname in groups['new_hosts_group']block 和 delegate_to
在playbook中,需要把多个play进行执行一次,才能进行执行下一个play,可以采用block。如另有只需要在本地主机执行的话,可以采用delegate_to。
yaml
- hosts: all
gather_facts: no
tasks:
- block:
- name: 从ansible变量中定义一个文本数据,拷贝到result文件
copy:
content: |
hostip={{ inventory_hostname }}
dest: "{{ playbook_dir }}/result"
- name: 从远端服务器拷贝文件到执行端
fetch:
src: /root/install
dest: /tmp
delegate_to: localhostgit模块
在playbook中,很多时候需要对git repo项目进行拉取操作,而进行项目的变更。
yaml
---
- hosts: localhost
vars:
base_dir: /root/system_env
gitlab_url: http://172.17.2.183:11080/edge
system_name: guangzhou_edge
system_tag_name: guangzhou_edgeV1
system_dir: "{{ base_dir }}/{{ system_name }}"
ssh_key: /root/.ssh/id_rsa
gather_facts: false
tasks:
- name: 尝试在/root/system_env/guangzhou_edge目录下克隆或者更新http://172.17.2.183:11080/edge/guangzhou_edge.git项目。
git:
repo: "{{ gitlab_url }}/{{ system_name }}.git"
dest: "{{ system_dir }}"
key_file: "{{ ssh_key }}"
update: true
- name: 尝试在/root/system_env/guangzhou_edgeV1目录下检出guangzhou_edgeV1项目,但不更新。
git:
repo: "{{ gitlab_url }}/{{ system_name }}.git"
dest: "{{ base_dir }}/{{ system_tag_name}}"
version: "{{ system_tag_name }}"
clone: false
update: false
register: checkout_res
- name: 当不能检出项目时,/root/system_env/guangzhou_edge/ 复制为 /root/system_env/guangzhou_edgeV1
copy:
src: "{{ system_dir }}/"
dest: "{{ base_dir }}/{{ system_tag_name}}"
when: not checkout_res.before == checkout_res.after
- name: 再次尝试检出/root/system_env/guangzhou_edgeV1项目,项目guangzhou_edgeV1 并更新
git:
repo: "{{ gitlab_url }}/{{ system_name }}.git"
dest: "{{ base_dir }}/{{ system_tag_name}}"
version: "{{ system_tag_name }}"
force: truelineinfile模块
在playbook中,很多时候需要对项目的文件内容进行修改操作,但要确保每次修改具有幂等性,我们可以采用lineinfile。
yaml
---
- hosts: all
gather_facts: false
vars:
system_name: edge
tasks:
- block:
- name: 添加hostvars变量的内容到lineinfile.txt1文件,文件不存在则创建(幂等)
lineinfile:
path: "{{ playbook_dir }}/lineinfile.txt"
line: "{{ hostvars }}"
create: yes
- name: 修改lineinfile.txt文件的内容,在文件的头部增加一行(不具有幂等性)。
lineinfile:
path: "{{ playbook_dir }}/lineinfile.txt"
line: "{{ item }}"
insertbefore: "BOF"
when: system_name == "edge" or system_name == "iaas"
with_items:
- "localhost ansible_python_interpreter=/usr/bin/python\n"
- name: 正则匹配Listen开头的内容,如果有或者没有Listen开头的内容,都在#Listen后面增加或者修改为Listen 8080(幂等)
lineinfile:
path: "{{ playbook_dir }}/lineinfile.txt"
regexp: '^Listen '
insertafter: '^#Listen '
line: Listen 8080
run_once: true
delegate_to: localhost