目录
[一、基础通用模板(所有 Playbook 的骨架)](#一、基础通用模板(所有 Playbook 的骨架))
[1. 安装 / 卸载软件包](#1. 安装 / 卸载软件包)
[2.配置服务(启动 / 重启 / 设置开机自启)](#2.配置服务(启动 / 重启 / 设置开机自启))
[3.复制 / 替换配置文件](#3.复制 / 替换配置文件)
[4.执行远程命令 / 脚本](#4.执行远程命令 / 脚本)
[5.批量创建用户 / 授权](#5.批量创建用户 / 授权)
一、基础通用模板(所有 Playbook 的骨架)
bash
---
# 基础Playbook模板
- name: 【模板名称】描述这个Playbook的用途,例如"配置Nginx服务"
# 目标主机/组,来自inventory文件
hosts: all
# 远程执行用户
remote_user: root
# 是否提升权限(如果remote_user不是root,需要设为yes)
become: yes
become_method: sudo
# 任务执行失败时是否继续(生产环境建议设为no)
any_errors_fatal: no
# 并发执行数
serial: 10
# 变量定义(可根据需要添加)
vars:
# 示例变量
package_name: nginx
service_name: nginx
# 任务列表
tasks:
- name: 【任务名称】描述具体要执行的操作,例如"安装Nginx包"
# 具体模块(这里用debug做示例)
debug:
msg: "这是基础Playbook模板,可根据需求替换模块和参数"
# 句柄(可选,用于执行异常/成功后的操作)
handlers:
- name: 【句柄名称】重启服务
service:
name: "{{ service_name }}"
state: restarted
# 前置条件(可选,执行Playbook前的检查)
pre_tasks:
- name: 检查目标主机是否可达
ping:
# 后置任务(可选,执行完所有tasks后执行)
post_tasks:
- name: 输出执行完成提示
debug:
msg: "Playbook执行完成,目标主机: {{ ansible_hostname }}"二、常用场景模板(直接复用)
1. 安装 / 卸载软件包
bash
---
- name: 安装/卸载系统软件包
hosts: web_servers
remote_user: root
become: yes
vars:
# 要安装的包列表
packages_to_install:
- nginx
- vim
- net-tools
# 要卸载的包列表(为空则不卸载)
packages_to_remove:
- httpd
tasks:
- name: 安装指定软件包(CentOS/RHEL)
yum:
name: "{{ packages_to_install }}"
state: present
when: ansible_os_family == "RedHat"
- name: 安装指定软件包(Debian/Ubuntu)
apt:
name: "{{ packages_to_install }}"
state: present
update_cache: yes
when: ansible_os_family == "Debian"
- name: 卸载指定软件包(CentOS/RHEL)
yum:
name: "{{ packages_to_remove }}"
state: absent
when: ansible_os_family == "RedHat" and packages_to_remove | length > 0
- name: 卸载指定软件包(Debian/Ubuntu)
apt:
name: "{{ packages_to_remove }}"
state: absent
when: ansible_os_family == "Debian" and packages_to_remove | length > 02.配置服务(启动 / 重启 / 设置开机自启)
bash
---
- name: 管理系统服务
hosts: app_servers
remote_user: root
become: yes
vars:
# 要管理的服务列表
services:
- name: nginx
state: started # started/running/stopped/restarted/reloaded
enabled: yes # yes/no(是否开机自启)
- name: mysql
state: running
enabled: yes
tasks:
- name: 配置服务状态和开机自启
service:
name: "{{ item.name }}"
state: "{{ item.state }}"
enabled: "{{ item.enabled }}"
loop: "{{ services }}"
# 仅当服务状态不符合时触发
changed_when: false3.复制 / 替换配置文件
bash
---
- name: 分发配置文件
hosts: db_servers
remote_user: root
become: yes
vars:
# 配置文件源路径(本地)和目标路径(远程)
config_files:
- src: ./conf/my.cnf
dest: /etc/my.cnf
owner: mysql
group: mysql
mode: '0644'
- src: ./conf/redis.conf
dest: /etc/redis.conf
owner: redis
group: redis
mode: '0600'
tasks:
- name: 复制配置文件到目标主机
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
loop: "{{ config_files }}"
# 配置文件变更时触发重启服务
notify:
- 重启mysql
- 重启redis
handlers:
- name: 重启mysql
service:
name: mysqld
state: restarted
- name: 重启redis
service:
name: redis
state: restarted4.执行远程命令 / 脚本
bash
---
- name: 执行远程命令或脚本
hosts: all
remote_user: root
become: yes
vars:
# 要执行的命令列表
commands:
- "df -h /"
- "free -m"
# 本地脚本路径(要上传并执行)
local_script_path: ./scripts/clean_logs.sh
remote_script_path: /tmp/clean_logs.sh
tasks:
- name: 执行单条命令
command: "{{ item }}"
register: cmd_result
loop: "{{ commands }}"
# 命令执行结果不改变系统状态,仅输出
changed_when: false
- name: 输出命令执行结果
debug:
msg: "{{ item.stdout_lines }}"
loop: "{{ cmd_result.results }}"
- name: 上传本地脚本到远程主机
copy:
src: "{{ local_script_path }}"
dest: "{{ remote_script_path }}"
mode: '0755'
- name: 执行远程脚本
script: "{{ remote_script_path }}"
register: script_result
- name: 输出脚本执行结果
debug:
msg: "{{ script_result.stdout_lines }}"5.批量创建用户 / 授权
bash
---
- name: 批量创建系统用户
hosts: all
remote_user: root
become: yes
vars:
# 要创建的用户列表
users:
- name: devuser
uid: 1001
group: dev
shell: /bin/bash
home: /home/devuser
ssh_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ... devuser@example.com"
tasks:
- name: 创建用户组
group:
name: "{{ item.group }}"
state: present
loop: "{{ users }}"
loop_control:
label: "{{ item.group }}"
- name: 创建用户
user:
name: "{{ item.name }}"
uid: "{{ item.uid }}"
group: "{{ item.group }}"
shell: "{{ item.shell }}"
home: "{{ item.home }}"
create_home: yes
state: present
loop: "{{ users }}"
loop_control:
label: "{{ item.name }}"
- name: 添加SSH公钥授权
authorized_key:
user: "{{ item.name }}"
key: "{{ item.ssh_key }}"
state: present
loop: "{{ users }}"
loop_control:
label: "{{ item.name }}"