【运维知识进阶篇】Ansible流程控制详解

简介: 【运维知识进阶篇】Ansible流程控制详解

大家好,今天给大家讲解Ansible的流程控制,Ansible作为可以批量管理客户机的工具,自然是功能齐全,其条件语句、判断语句类似于shell脚本,所以我们要熟练掌握,在实际运用中灵活使用。

playbook条件语句

例如:我们在使用不同的系统的时候,可以通过判断系统来对软件包进行安装;在nfs和rsync安装过程中,客户端服务器不需要推送配置文件,用条件语句可以减少剧本的编写;在安装源码时,可以判断是否执行成功。执行成功就启动等等。

1、根据不同操作系统安装apache

1. [root@Ansible test]# vim test.yml 
2. - hosts: web01
3.   tasks:
4.  - name: install centos httpd
5.       yum:
6.         name: httpd
7.         state: present
8. when: ansible_facts['os_family'] == "CentOS"    #官方写法
9.       #when: ansible_distribution == "CentOS"    非官方写法
10. 
11.  - name: install ubuntu httpd
12.       yum:
13.         name: apache2
14.         state: present
15. when: ansible_facts['os_family'] == "Ubuntu"
16. 
17. #还可以使用括号对条件进行分组
18. tasks:
19.  - name: "shut down CentOS 6 and Debian 7 systems"
20.     command: /sbin/shutdown -t now
21. when: (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6") or (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "7")    #如果当前管理机为CentOS6或者是Debin7就关机
22. 
23. #也可以以列表形式指定多个条件
24. tasks:
25.  - name: "shut down CentOS 6 systems"
26.     command: /sbin/shutdown -t now
27. when:
28.  - ansible_facts['distribution'] == "CentOS"
29.  - ansible_facts['distribution_major_version'] == "6"
30. 
31. #也可以进行条件运算
32. tasks:
33.  - shell: echo "only on Red Hat 6, derivatives, and later"
34. when: ansible_facts['os_family'] == "RedHat" and ansible_facts['lsb']['major_release']|int >= 6    #当系统为RedHat并且版本大于等于6时进行输出
35. 
36. #过滤匹配返回值包含successful
37. tasks:
38.  - name: Check Nginx Configure
39.     command: /usr/sbin/nginx -t
40.     register: result
41.  - name: Restart web02
42.     command: /usr/sbin/reboot
43. when:  result.stderr_lines is match ".*successful.*"    精准匹配,通常配合正则使用
44.     或者    
45. when:  result.stderr_lines is search "successful"       模糊匹配

2、rsync服务端推送配置文件

1. [root@Ansible test]# cat /ansible/rsyncd/rsyncd.yml
2. - hosts: all
3.   tasks:
4.  - name: Install Rsyncd Server
5.       yum: 
6.         name: rsync
7.         state: present
8.  - name: Create www Group
9. group:
10.         name: www
11.         gid: 666
12.  - name: Create www User
13.       user:
14.         name: www
15.         uid: 666
16. group: www
17.         shell: /sbin/nologin
18.         create_home: false
19.  - name: Scp Rsync Config
20. copy: 
21.         src: /ansible/rsyncd/rsyncd.conf
22.         dest: /etc/rsyncd.conf
23.         owner: root
24. group: root
25. mode: 0644
26. when: ansible_hostname == "Backup"
27.  - name: create passwd file
28. copy:
29. content: 'rsync_backup:123'
30.         dest: /etc/rsync.passwd
31.         owner: root
32. group: root
33. mode: 0600
34. when: ansible_hostname == "Backup"
35.  - name: Create backup Directory
36. file:
37.         path: /backup
38.         state: directory
39. mode: 0755
40.         owner: www
41. group: www
42.         recurse: yes
43. when: ansible_hostname == "Backup"
44.  - name: Start Rsyncd Server
45.       systemd:
46.         name: rsyncd 
47.         state: started
48. when: ansible_hostname == "Backup"

3、rsync客户端推送脚本

1. [root@Ansible rsyncd]# cat rsyncd_kehu.yml
2. - hosts: all
3.   tasks:
4.  - name: SCP Backup Shell
5. copy:
6.         src: backup.sh
7.         dest: /root/backup.sh
8. when: ansible_hostname is match "web*"
9. [root@Ansible rsyncd]# ansible-playbook rsyncd_kehu.yml
10. 
11. PLAY [all] *********************************************************************
12. 
13. TASK [Gathering Facts] *********************************************************
14. ok: [nfs]
15. ok: [mysql]
16. ok: [lb01]
17. ok: [rsync]
18. ok: [lb00]
19. ok: [web02]
20. ok: [web01]
21. ok: [lb02]
22. 
23. TASK [SCP Backup Shell] ********************************************************
24. skipping: [rsync]
25. skipping: [nfs]
26. skipping: [lb01]
27. skipping: [lb02]
28. skipping: [mysql]
29. skipping: [lb00]
30. skipping: [web01]
31. skipping: [web02]
32. 
33. PLAY RECAP *********************************************************************
34. lb00                       : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
35. lb01                       : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
36. lb02                       : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
37. mysql                      : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
38. nfs                        : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
39. rsync                      : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
40. web01                      : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
41. web02                      : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0
42. 
43. [root@Ansible rsyncd]#

4、变量注册后进行判断

1. [root@Ansible ~]# vim /ansible/test/test.yml 
2. - hosts: web_group
3.   tasks:
4.  - name: check httpd server
5.       command: systemctl is-active httpd
6.       ignore_errors: yes        #忽视报错继续执行
7.       register: check_httpd
8.     -name: print check_httpd    #调试完后可以取消debug
9.       debug:
10.         msg: "{{ check_httpd }}"
11.  - name: httpd restart
12.       service:
13.         name: httpd
14.         state: restated
15. when: check_httpd.rc == 0
16. 
17. [root@Ansible test]# ansible-playbook test.yml 
18. 
19. PLAY [web_group] ***************************************************************
20. 
21. TASK [Gathering Facts] *********************************************************
22. ok: [web02]
23. ok: [web01]
24. 
25. TASK [check httpd server] ******************************************************
26. fatal: [web01]: FAILED! => {"changed": true, "cmd": ["systemctl", "is-active", "httpd"], "delta": "0:00:00.072816", "end": "2023-04-19 21:10:07.733494", "msg": "non-zero return code", "rc": 3, "start": "2023-04-19 21:10:07.660678", "stderr": "", "stderr_lines": [], "stdout": "unknown", "stdout_lines": ["unknown"]}
27. ...ignoring
28. fatal: [web02]: FAILED! => {"changed": true, "cmd": ["systemctl", "is-active", "httpd"], "delta": "0:00:00.073889", "end": "2023-04-19 21:10:07.735992", "msg": "non-zero return code", "rc": 3, "start": "2023-04-19 21:10:07.662103", "stderr": "", "stderr_lines": [], "stdout": "unknown", "stdout_lines": ["unknown"]}
29. ...ignoring
30. 
31. TASK [print check_httpd] *******************************************************
32. ok: [web01] => {
33. "msg": {
34. "changed": true, 
35. "cmd": [
36. "systemctl", 
37. "is-active", 
38. "httpd"
39.         ], 
40. "delta": "0:00:00.072816", 
41. "end": "2023-04-19 21:10:07.733494", 
42. "failed": true, 
43. "msg": "non-zero return code", 
44. "rc": 3, 
45. "start": "2023-04-19 21:10:07.660678", 
46. "stderr": "", 
47. "stderr_lines": [], 
48. "stdout": "unknown", 
49. "stdout_lines": [
50. "unknown"
51.         ]
52.     }
53. }
54. ok: [web02] => {
55. "msg": {
56. "changed": true, 
57. "cmd": [
58. "systemctl", 
59. "is-active", 
60. "httpd"
61.         ], 
62. "delta": "0:00:00.073889", 
63. "end": "2023-04-19 21:10:07.735992", 
64. "failed": true, 
65. "msg": "non-zero return code", 
66. "rc": 3, 
67. "start": "2023-04-19 21:10:07.662103", 
68. "stderr": "", 
69. "stderr_lines": [], 
70. "stdout": "unknown", 
71. "stdout_lines": [
72. "unknown"
73.         ]
74.     }
75. }
76. 
77. TASK [httpd restart] ***********************************************************
78. skipping: [web01]
79. skipping: [web02]
80. 
81. PLAY RECAP *********************************************************************
82. web01                      : ok=3    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=1
83. web02                      : ok=3    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=1

playbook循环语句

写循环语句可以减少剧本的编写,提高工作效率

1、启动多个服务

1. [root@Ansible test]# cat test.yml
2. - hosts: web_group
3.   tasks:
4.  - name: start service
5.       systemd:
6.         name: "{{ item }}"
7.         state: started
8. with_items:                    #或者是用loop
9.  - httpd
10.  - php-fpm
11.  - mariadb

2、循环定义变量(以列表形式)

1. [root@Ansible test]# cat test.yml
2. - hosts: web_group
3.   tasks:
4.  - name: ensure a list of packages instaled
5.       yum: 
6.         name: "{{ packages }}"
7.       vars:
8.         packages:
9.  - httpd
10.  - httpd-tools
11. 
12. [root@Ansible test]# cat test.yml
13. - hosts: web_group
14.   tasks:
15.  - name: ensure a list of packages instaled
16.       yum: name = "{{ item }}" state=present
17. with_items:
18.  - httpd
19.  - httpd-tools

3、字典循环

1. #创建用户
2. [root@Ansible test]# cat test.yml 
3. - hosts: web_group
4.   tasks:
5.  - name: Add Users    #记得提前创建组
6.       user:
7.         name: "{{ item.name }}"
8.         groups: "{{ item.groups }}"
9.         state: present
10. with_items:
11.  - { name: 'www',groups: 'www'}
12.  - { name: 'koten',groups: 'koten'}
13. 
14. #拷贝文件
15. [root@Ansible test]# cat test.yml 
16. - hosts: web_group
17.   tasks:
18.  - name: copy conf and code
19. copy:
20.         src: "{{ item.src }}"
21.         dest: "{{ item.dest }}"
22. mode: "{{ item.mode }}"
23. with_items:
24.  - { src: "./httpd.conf", dest: "/etc/httpd/conf/", mode: "0644" }
25.  - { src: "./upload_file.php", dest: "/var/www/html/", mode: "0600" }

playbookhandlers

handler是用来执行某些条件下的任务,比如配置文件发生变化时,通过notify触发handler去重启服务。(在saltstack中也有类似的触发器,写法相对Ansible简单,只需要watch,配置文件即可)

handlers案例

1. [root@Ansible test]# cat test.yml
2. - hosts: web_group
3.   vars:
4.  - http_port: 8080                #定义http端口变量
5.   tasks:    
6.  - name: Install Http Server      #安装http服务
7.       yum:
8.         name: httpd
9.         state: present
10. 
11.  - name: config httpd server      #配置http服务
12.       template:                      #将管理机变量内容导入至客户机的这个文件
13.         src: ./httpd.conf
14.         dest: /etc/httpd/conf
15.       notify:                        #检测到配置文件发生变化后,执行handler中的变量
16.  - Restart Httpd Server       #名字要与handlers中-name保持一致
17.  - Restart PHP Server
18. 
19.  - name: start httpd server       
20.       service:
21.         name: httpd
22.         state: started    
23.         enabled: yes
24. 
25.   handlers:                          #handler中内置的变量
26.  - name: Restart Httpd Server
27.       systemd:
28.         name: httpd
29.         state: restarted 
30. 
31.  - name: Restart PHP Server
32.       systemd:
33.         name: php-fpm
34.         state: restarted

注意:

1、无论多少个task通知了相同的handlers,handlers仅会在所有tasks结束后运行一次。

2、Handlers只有在其所在的任务被执行时,才会被运行;如果一个任务中定义了notify调用Handlers,但是由于条件判断等原因,该任务未被执行,那么Handlers同样不会被执行。

3、Handlers只会在每一个play的末尾运行一次;如果想在一个playbook中间运行Handlers,则需要使用meta模块来实现。例如: -meta: flush_handlers。

4、如果一个play在运行到调用Handlers的语句之前失败了,那么这个Handlers将不会被执行。我们可以使用meta模块的–force-handlers选项来强制执行Handlers,即使Handlers所在的play中途运行失败也能执行。

5、不能使用handlers替代tasks

 

playbook任务标签

默认情况下,Ansible在执行一个剧本时,会执行剧本里的所有任务,Ansible的tag功能,可以实现给剧本中的一个或多个任务(整个剧本也可以)打上标签,利用标签来指定这些要运行剧本中的个别任务,或不执行个别任务。

1、打标签方式

对一个task打一个标签;对一个task打多个标签;对多个task打一个标签

2、标签的使用

-t                      执行指定搞定tag标签任务

-skip-tags        执行-skip-tags之外的标签任务

1. [root@Ansible test]# cat test.yml 
2. - hosts: web_group
3.   vars:
4.  - http_port: 8080
5.   tasks:
6.  - name: Install Http Server
7.       yum:
8.         name: httpd
9.         state: present
10.       tags: 
11.  - install_httpd
12.  - httpd_server
13. 
14.  - name: configure httpd server
15.       template:
16.         src: ./httpd.conf
17.         dest: /etc/httpd/conf/httpd.conf
18.       notify: Restart Httpd Server
19.       tags: 
20.  - config_httpd
21.  - httpd_server
22. 
23.  - name: start httpd server
24.       service:
25.         name: httpd
26.         state: started
27.         enabled: yes
28.       tags: service_httpd
29. 
30.   handlers:
31.  - name: Restart Httpd Server
32.       systemd:
33.         name: httpd
34.         state: restarted 
35. 
36. [root@Ansible test]# ansible-playbook test.yml --list-tags    #显示当前剧本的所有标签
37. 
38. playbook: test.yml
39. 
40.   play #1 (web_group): web_group  TAGS: []
41.       TASK TAGS: [config_httpd, httpd_server, install_httpd, service_httpd]
42. 
43. [root@Ansible test]# ansible-playbook test.yml -t httpd_server    #执行httpd_server标签的命令
44. [root@Ansible test]# ansible-playbook test.yml -t install_httpd,confiure_httpd    #执行install_httpd,confiure_httpd的命令
45. [root@Ansible test]# ansible-playbook test.yml --skip-tags httpd_server    #执行除了带httpd_server的命令

playbook文件复用

先前我们写的剧本都是一个一个去执行,我们能否通过写剧本的方法让剧本一键执行,ansible中准备了include的命令,用来动态调用task任务列表

1、只调用task:include_tasks,小剧本中只留tasks,变量需要写在单独的剧本中

1. [root@Ansible test]# cat task.yml
2. - hosts: web_group
3. vars:
4. - http_port: 8080
5. 
6. tasks:
7. - include_tasks: task_install.yml            #下面可以加when判断
8.     - include_tasks: task_configure.yml
9.     - include_tasks: task_start.yml
10. 
11. handlers:
12.     - name: Restart Httpd Server
13. systemd:
14. name: httpd
15. state: restarted
16. 
17. [root@Ansible test]# cat task_install.yml 
18. - name: Install Http Server
19. yum:
20. name: httpd
21. state: present
22. 
23. [root@Ansible test]# cat task_configure.yml 
24. - name: configure httpd server
25. template:
26. src: ./httpd.conf
27. dest: /etc/httpd/conf/httpd.conf
28. notify: Restart Httpd Server
29. 
30. [root@Ansible test]# cat task_start.yml 
31. - name: start httpd server
32. service:
33. name: httpd
34. state: started
35. enabled: yes

2、调用整个task文件:include(新版本:import_playbook)

1. - include: httpd.yml
2. - include: nfs.yml
3. - include: rsync.yml
4. 
5. - import_playbook: httpd.yml
6. - import_playbook: nfs.yml
7. - import_playbook: rsync.yml

3、在saltstack中,叫做top file入口文件

 

playbook忽略错误

剧本在执行中会检测任务执行的返回状态,遇到错误就会终止剧本,但是有些时候,即使执行错误,我们也需要它继续执行。

需要加入参数:ignore_errors: yes 忽略错误

1. [root@Ansible test]# 
2. - hosts: web_group
3.   tasks:
4.  - name: Ignore False
5.       command: /bin/false
6.       ignore_errors: yes
7. 
8.  - name: touch new file
9. file:
10.         path: /tmp/oldboy.txt
11.         state: touch

playbook错误处理

当剧本执行失败时,如果在task中设置了handler也不会被执行。但是我们可以通过参数强制调用handler

1、强制调用handler

1. [root@Ansible test]# cat test.yml
2. - hosts: web_group
3.   vars:
4.  - http_port: 8080
5.   force_handlers: yes                    #错误后强制也会调用handler
6.   tasks:
7.  - name: Install Http Server
8.       yum:
9.         name: htttpd
10.         state: present
11. 
12.  - name: config httpd server
13.       template:
14.         src: ./httpd.conf
15.         dest: /etc/httpd/conf
16.       notify:                            #检测当配置文件变化时,执行变量里的内容
17.  - Restart Httpd Server
18.  - Restart PHP Server
19. 
20.  - name: start httpd server
21.       service:
22.         name: httpd
23.         state: started
24.         enabled: yes
25. 
26.   handlers:
27.  - name: Restart Httpd Server
28.       systemd:
29.         name: httpd
30.         state: restarted 
31. 
32.  - name: Restart PHP Server
33.       systemd:
34.         name: php-fpm
35.         state: restarted

2、抑制changed

被管理主机没有发生变化,可以使用参数将change状态改为ok

1. [root@Ansible test]# cat handler.yml
2. - hosts: web_group
3.   vars:
4.  - http_port: 8080
5.   force_handlers: yes
6.   tasks:
7.  - name: shell
8.       shell: netstat -lntup|grep httpd
9.       register: check_httpd
10.       changed_when: false                        #将客户机状态设置为false,这样当管理机执行剧本时候,就不会因为这条命令执行handler中的内容,不必再去重启服务
11. 
12.  - name: debug
13.       debug: msg={{ check_httpd.stdout.lines }}
14. 
15. [root@Ansible test]# cat test.yml
16. - hosts: webservers
17.   vars:
18.  - http_port: 8080
19.   tasks:
20.  - name: configure httpd server
21.       template:
22.         src: ./httpd.conf
23.         dest: /etc/httpd/conf/httpd.conf
24.       notify: Restart Httpd Server    
25. 
26.  - name: Check HTTPD
27.       shell: /usr/sbin/httpd -t
28.       register: httpd_check
29.       changed_when: 
30.  - httpd_check.stdout.find('OK')
31.  - false
32. 
33.  - name: start httpd server
34.       service:
35.         name: httpd
36.         state: started
37.         enabled: yes
38. 
39.   handlers:
40.  - name: Restart Httpd Server
41.       systemd:
42.         name: httpd
43.         state: restarted

我是koten,10年运维经验,持续分享运维干货,感谢大家的阅读和关注!

目录
相关文章
|
4月前
|
运维 Shell Linux
Ansible自动化运维工具之常用模块使用实战(5)
Ansible自动化运维工具之常用模块使用实战(5)
|
4月前
|
运维 搜索推荐 Shell
Ansible自动化运维工具之个性化定制SSH连接登录端口(3)
Ansible自动化运维工具之个性化定制SSH连接登录端口(3)
132 0
|
4月前
|
运维 Kubernetes 网络安全
Ansible自动化运维工具之主机管理与自定义配置文件(2)
Ansible自动化运维工具之主机管理与自定义配置文件(2)
|
4月前
|
存储 运维 Linux
Ansible自动化运维工具安装入门,看这一篇就够了(1)
Ansible自动化运维工具安装入门,看这一篇就够了(1)
|
4月前
|
运维 Cloud Native Go
Ansible自动化:简化你的运维任务
Ansible自动化:简化你的运维任务
53 0
|
4月前
|
运维 应用服务中间件 网络安全
Ansible自动化运维工具之解决SSH连接使用明文密码问题(4)
Ansible自动化运维工具之解决SSH连接使用明文密码问题(4)
|
4月前
|
运维 Linux
Ansible自动化运维工具之常用模块使用实战(6)
Ansible自动化运维工具之常用模块使用实战(6)
|
1月前
|
运维 监控 测试技术
ansible 自动化运维监控方案
本文介绍如何利用ansible实时或自动采集受控主机的信息
|
5月前
|
运维 固态存储 定位技术
Ansible_自动化运维实战(一)
Ansible_自动化运维实战(一)
|
6月前
|
运维 监控 小程序
【运维知识进阶篇】一篇文章带你搞懂Jumperserver(保姆级教程:安装+用户与用户组+创建资产+授权资产+创建数据库+sudo提权+命令过滤+多因子认证+网域功能+审计台)(四)
【运维知识进阶篇】一篇文章带你搞懂Jumperserver(保姆级教程:安装+用户与用户组+创建资产+授权资产+创建数据库+sudo提权+命令过滤+多因子认证+网域功能+审计台)(四)
348 0

相关产品

  • 云迁移中心