roles,jinja2
2019-10-14 本文已影响0人
快去学习不然怎么去看aimer
playbook end
var变量查找:
a.facts,可直接调用,环境变量
b.使用vars定义的
c.在roles中定义的
d.host Inventory(主机清单)
e.命令行带入的参数,优先级也是最高的
when
tasks:
- name: install conf file to centos7
template: src=files/nginx.conf.c7.j2
when: ansible_distribution_major_version == "7"
- name: install conf file to centos6
template: src=files/nginx.conf.c6.j2
when: ansible_distribution_major_version == "6"
当版本为7时,就会执行install conf file to centos7,反之
迭代,字典
tasks:
- name: unstall web packages
yum: name={{ item }} state=absent
with_items:
- httpd
- php
- php-mysql
- name: add some users
user: name={{ item.name }} group={{ item.group }} state=present
with_items:
- { name: 'user11', group: 'group11' }
- { name: 'user12', group: 'group12' }
- { name: 'user13', group: 'group13' }
roles(角色定制)
角色集合:nginx/
files/:存储由copy或script等模块调用的文件;
tasks/:此目录中至少应该有一个名为main.yml的文件,用于定义各task;其它的文件需要由main.yml进行“包含”调用;
handlers/:此目录中至少应该有一个名为main.yml的文件,用于定义各handler;其它的文件需要由main.yml进行“包含”调用;
vars/:此目录中至少应该有一个名为main.yml的文件,用于定义各variable;其它的文件需要由main.yml进行“包含”调用;
templates/:存储由template模块调用的模板文本;
meta/:此目录中至少应该有一个名为main.yml的文件,定义当前角色的特殊设定及其依赖关系;其它的文件需要由main.yml进行“包含”调用;
default/:此目录中至少应该有一个名为main.yml的文件,用于设定默认变量;
|-- roles
| `-- nginx
| |-- default
| |-- files
| | |-- grabber.py
| | `-- nginx.repo
| |-- handlers
| | `-- main.yaml
| |-- meta
| |-- tasks
| | `-- main.yaml
| |-- templates
| | |-- nginx.conf.c6.j2
| | `-- nginx.conf.c7.j2
| `-- vars
| `-- main.yaml
|-- roles.retry
`-- roles.yaml
rolas即为paybook的拆分
tasks
---
- name: copy grabber.py
copy: src=grabber.py dest=/usr/lib/python2.7/site-packages/urlgrabber/grabber.py
- name: copy {{ rpmname }}.repo
copy: src={{ rpmname }}.repo dest=/etc/yum.repos.d/
- name: install {{ rpmname }}
yum: name={{ rpmname }} state=present
- name: install conf file to centos7
template: src={{ rpmname }}.conf.c7.j2 dest=/etc/{{ rpmname }}/conf.d/default.conf
when: ansible_distribution_major_version == "7"
notify: reload
tags: reload{{ rpmname }}
- name: install conf file to centos6
template: src={{ rpmname }}.conf.c6.j2 dest=/etc/{{ rpmname }}/conf.d/default.conf
when: ansible_distribution_major_version == "6"
notify: reload
tags: reload{{ rpmname }}
- name: start {{ rpmname }} service
shell: /usr/sbin/{{ rpmname }}
tags: start{{ rpmname }}
将playbook中的task部分写在main.yaml中
handlers
---
- name: reload
shell: /usr/sbin/{{ rpmname }} -s reload
将playbook中的handlers部分写在main.yaml中
vars
---
rpmname: nginx
将playbook中的vars部分写在main.yaml中
files
将需要copy的包放到该目录下,因此,在src中只需写包名即可
templates
将nginx需要的配置文件放到此目录
最后在roles目录同级的目录下建立文件roles.yaml
---
- hosts: 172.17.0.6
remote_user: root
roles:
- nginx
当然,hosts的ip必须为分组中的ip
ansible-playbook roles.yaml -C
ansible-playbook roles.yaml
在执行命令过后,会产生roles.retry的缓存文件
172.17.0.6
会记录执行过命令的主机ip
同样的,roles也支持tags。
jinja2
Jinja2是基于python的模板引擎,它能完全支持unicode,并具有集成的沙箱执行环境.
1、variables:可以输出数据
my_variables
2、statements: 可以用来创建条件和循环等
if语句:
{% if my_conditional %}
{% else %}
{% endif %}
for 语句:
{% for item in all_items %}
{% endfor %}
jinja2的默认参数
bind_address=10.0.90.27:{{ PORT | default(3306) }}
ansible使用jiaja2生成nginx一个模板多种不同配置
1.ansible目录结构
├── files
├── meta
│ └── main.yml
├── tasks
│ ├── file.yml
│ └── main.yml
├── templates
│ └── nginx.conf.j2
└── vars
└── main.yml
2.tasks目录下文件内容:
#cat tasks/file.yml
- name: nginx.j2 template transfer example
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf.template
#cat tasks/main.yml
- include: file.yml
3.nginx模板文件
#cat templates/nginx.conf.j2
{% if nginx_use_proxy %}
{% for proxy in nginx_proxies %}
upstream {{ proxy.name }}
#server 127.0.0.1:{{ proxy.port }};
server {{ ansible_eth0.ipv4.address }}:{{ proxy.port }};
}
{% endfor %}
{% endif%}
server {
listen 80;
servername {{ nginx_server_name }};
access_log off;
error_log /etc/nginx/nginx_error.log;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl;
server_name {{ nginx_server_name }};
ssl_certificate /etc/nginx/ssl/{{ nginx_ssl_cert_name }};
ssl_certificate_key /etc/nginx/ssl/{{ nginx_ssl_cert_key }};
root {{ nginx_web_root }};
index index.html index.html;
{% if nginx_use_auth %}
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/{{ project_name }}.htpasswd;
{% endif %}
{% if nginx_use_proxy %}
{% for proxy in nginx_proxies %}
location {{ proxy.location }} {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_pass http://{{ proxy.name }};
break;
}
{% endfor %}
{% endif %}
{% if nginx_server_static %}
location / {
try_files $url $url/ =404;
}
{% endif %}
}
4.ansible变量文件
#cat vars/main.yml
nginx_server_name: www.testnginx.com
nginx_web_root: /data/html/
nginx_proxies:
- name: suspicious
location: /
port: 1234
- name: suspicious-api
location: /api
port: 4567
5.ansible主playbook文件
#cat nginx_test.yml
##The first roles
- name: Nginx Proxy Server's Config Dynamic Create
hosts: "10.0.90.25:10.0.90.26"
remote_user: root
vars:
nginx_use_proxy: true
nginx_ssl_cert_name: ifa.crt
nginx_ssl_cert_key: ifa.key
nginx_use_auth: true
project_name: suspicious
nginx_server_static: true
gather_facts: true
roles:
- role: nginx_conf
##The second roles
- name: Nginx WebServer's Config Dynamic Create
hosts: 10.0.90.27
remote_user: root
vars:
nginx_use_proxy: false
nginx_ssl_cert_name: ifa.crt
nginx_ssl_cert_key: ifa.crt
nginx_use_auth: false
project_name: suspicious
nginx_server_static: false
gather_facts: false
roles:
- role: nginx_conf
