【原创】ansible-playbook 详解

阅读原文时间：2023年07月10日阅读：3

YAML的语法和其他高阶语言类似并且可以简单表达清单、散列表、标量等数据结构。（列表用横杆表示，键值对用冒号分割，键值对里又可以嵌套另外的键值对）
YAML文件扩展名通常为.yaml或者.yml。下面为示例
一定要对齐，只能使用空格

name: tom
age: 21
gender: male
spourse:
name: lily
gender: female
children:
- name: susan
age: 2
gender: feamle
- name: sunny
age: 10
gender: male

tasks：任务
variables：变量
templates：模板
handlers：处理器
roles：角色

3.1示例1

vim /root/first.yml

hosts: all
remote_user: root
vars: httpd_port=80

tasks:
- name: install httpd
  yum: name=httpd state=present
- name: install php
  yum: name=php state=present
- name: start httpd
  service: name=httpd state=started enabled=true

hosts 定义单个主机或组，vars定义变量，remote_user定义执行命令的远程用户，tasks定义执行哪些命令，handlers定义调用哪些处理器
vars(变量)：

变量命名：字母数字下划线组成，只能以字母开头

变量种类：

facts（内置变量）
由远程主机发回的主机属性信息，这些信息被保存在ansible变量当中
例如：ansible 192.168.238.170 -m setup 来获取远程主机上的属性信息，这些属性信息保存在facts中

通过命令行传递
通过命令行传递：ansible-playbook test.yml --extra-vars “host=www user=tom“（如果剧本中已有此处定义的变量则会被覆盖）

通过roles传递

主机变量
在/etc/ansible/hosts中定义
[web1]
192.168.1.1 name=haha

组变量
[group_name:vars]
foo=bar

hosts :
/etc/abible/hosts 中指定的远程主机，并用指定的属性进行连接
ansible_ssh_port 连接远程主机使用的端口

ansible_ssh_user 连接远程主机使用的用户

ansible_ssh_pass 连接远程主机使用的密码
cat /etc/ansible/hosts

[web1]
web1.hostname ansible_ssh_port=22 ansible_ssh_user=root ansible_ssh_pass=123
web2.hostname

3.2示例2

vim /root/second.yml

hosts: web1
remote_user: root
vars:
username: bob
password: 123

tasks:
- name: add user
  user: name={{ username }} state=present
  when: ansible_os_family == "Debian"
- name: set password
  shell: echo {{ password }} |passwd --stdin {{ username }}
- name: install httpd php yum: name={{ item }} state=present with_items:
  - httpd
  - php
- name: add two users
  user: name={{ item }} state=present groups={{ item.groups }}
  with_items:
- { name: 'user1', groups: 'group1'}
- { name: 'user2', groups: 'group2'}
在playbook中调用变量的方式为{{ variable }}
when语句用来条件测试
ansible_os_family 是facts中内置的属性信息 ansible_os_family的信息可以使用ansible all -m setup | grep ansible_os_family 查看
在task中调用内置的item变量；在某task后面使用with_items语句来定义元素列表

3.3示例三

vim /root/third.yml

hosts: web1
remote_user: root
vars:
httpd_port=80

tasks:
- name: install httpd
  yum: name=httpd state=present
- name: install php
  yum: name=php state=present
- name: copy config file
  copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf
  notify: restart httpd
- name: start httpd
  service: name=httpd state=started enabled=true
handlers:
- name: restart httpd
  service: name=httpd state=restarted

上面的意思是copy中复制过去的文件跟远程主机上的文件不同，就通过notify调用handlers，即重启httpd服务。

handler是重启服务是最通用的用法

3.4示例四

vim /etc/ansible/hosts
[web1]
192.168.1.1 http_port=80

vim /root/httpd.conf
……
Listen {{ http_port }}
……

vim /root/fourth.yml

hosts: web1
remote_user: root
vars:
httpd_port=80

tasks:
- name: install httpd
  yum: name=httpd state=present
- name: copy config file
  template: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf
  notify: restart httpd
- name: start httpd
  service: name=httpd state=started enabled=true
handlers:
- name: restart httpd
  service: name=httpd state=restarted

templates：用于生成文本文件（配置文件）

模板文件中可使用jinja2表达式，表达式要定义在{{ }}，也可以简单地仅执行变量替换

3.5示例五

roles：roles用于实现“代码复用”，roles以特定的层次型格式组织起来的playbook元素（variables, tasks, templates,handlers）；可被playbook以role的名字直接进行调用

roles的文件结构：

files/：此角色中用到的所有文件均放置于此目录中
templates/： Jinja2模板文件存放位置
tasks/：任务列表文件；可以有多个，但至少有一个叫做main.yml的文件
handlers/：处理器列表文件；可以有多个，但至少有一个叫做main.yml的文件
vars/：变量字典文件；可以有多个，但至少有一个叫做main.yml的文件
meta/：此角色的特殊设定及依赖关系

mkdir /root/roles
cd /root/roles
mkdir -p web1/{files, templayes, tasks, handlers, vars, meta}

vim web1/vars/main.yml
user: tom
group: tom
http_port: 8080

vim web1/tasks/main.yml

name: install httpd
yum: name=httpd state=present
name: copy config file
template: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: restart httpd
tags: conf
name: start httpd
service: name=httpd state=started enabled=true

这里的template指的是相对路径-->web1/templates
tags可以在运行时指定标签任务

vim web1/handlers/main.yml

handlers:

name: restart httpd
service: name=httpd state=restarted

vim web1/templates/httpd.conf

……
Listen {{ http_port }}
……

运行

ansible-playbook web1.yml
指定运行任务：
ansible-playbook -t conf web1.yml

4.1定义hosts

vim /etc/ansible/hosts

[mini]

129.139.153.78:16283
155.139.190.94:12573

4.2定义入口文件install_zabbix_agent.yml

shell > vim /etc/ansible/install_zabbix_agent.yml

hosts: mini roles:
- install_zabbix_agent

可以看到将要安装的主机组为 mini 组，角色为 install_zabbix_agent

4.3定义角色 install_zabbix_agent

tree /etc/ansible/roles/install_zabbix_agent/

├── files
│ └── zabbix-2.4.5.tar.gz
├── tasks
│ └── main.yml
├── templates
│ ├── zabbix_agentd
│ └── zabbix_agentd.conf
└── vars
└── main.yml

建立 files 目录，存放编译安装过的 zabbix_agent 目录的压缩文件，用于拷贝到远程主机

建立 tasks 目录，用于编写将要执行的任务

建立 templates 目录，用于存放可变的模板文件

建立 vars 目录，用于存放变量信息

4.4建立tasks主文件

cat /etc/ansible/roles/install_zabbix_agent/tasks/main.yml

name: Install Software yum: name={{ item }} state=latest with_items:
- libcurl-devel
name: Create Zabbix User
user: name={{ zabbix_user }} state=present createhome=no shell=/sbin/nologin
name: Copy Zabbix.tar.gz
copy: src=zabbix-{{ zabbix_version }}.tar.gz dest={{ zabbix_dir }}/src/zabbix-{{ zabbix_version }}.tar.gz owner=root group=root
name: Uncompression Zabbix.tar.gz
shell: tar zxf {{ zabbix_dir }}/src/zabbix-{{ zabbix_version }}.tar.gz -C {{ zabbix_dir }}/
name: Copy Zabbix Start Script
template: src=zabbix_agentd dest=/etc/init.d/zabbix_agentd owner=root group=root mode=0755
name: Copy Zabbix Config File
template: src=zabbix_agentd.conf dest={{ zabbix_dir }}/zabbix/etc/zabbix_agentd.conf owner={{ zabbix_user }} group={{ zabbix_user }} mode=0644
name: Modify Zabbix Dir Permisson
file: path={{ zabbix_dir }}/zabbix owner={{ zabbix_user }} group={{ zabbix_user }} mode=0755 recurse=yes
name: Start Zabbix Service
shell: /etc/init.d/zabbix_agentd start
name: Add Boot Start Zabbix Service
shell: chkconfig --level 35 zabbix_agentd on

4.5建立主变量文件

cat /etc/ansible/roles/install_zabbix_agent/vars/main.yml

zabbix_dir: /usr/local
zabbix_version: 2.4.5
zabbix_user: zabbix
zabbix_port: 10050
zabbix_server_ip: 131.142.101.120

4.6建立模板文件

cat /etc/ansible/roles/install_zabbix_agent/templates/zabbix_agentd

#!/bin/bash

chkconfig: - 90 10

description: Starts and stops Zabbix Agent using chkconfig

Tested on Fedora Core 2 - 5

Should work on all Fedora Core versions

@name: zabbix_agentd

@author: Alexander Hagenah hagenah@topconcepts.com

@created: 18.04.2006

Modified for Zabbix 2.0.0

May 2012, Zabbix SIA

Source function library.

. /etc/init.d/functions

Variables

Edit these to match your system settings

    # Zabbix-Directory  
    BASEDIR={{ zabbix\_dir }}/zabbix

    # Binary File  
    BINARY\_NAME=zabbix\_agentd

    # Full Binary File Call  
    FULLPATH=$BASEDIR/sbin/$BINARY\_NAME

    # PID file  
    PIDFILE=/tmp/$BINARY\_NAME.pid

    # Establish args  
    ERROR=0  
    STOPPING=0

No need to edit the things below

application checking status

if [ -f $PIDFILE ] && [ -s $PIDFILE ]
then
PID=`cat $PIDFILE`

    if \[ "x$PID" != "x" \] && kill -0 $PID 2>/dev/null && \[ $BINARY\_NAME == \`ps -e | grep $PID | awk '{print $4}'\` \]  
    then  
            STATUS="$BINARY\_NAME (pid \`pidof $APP\`) running.."  
            RUNNING=1  
    else  
            rm -f $PIDFILE  
            STATUS="$BINARY\_NAME (pid file existed ($PID) and now removed) not running.."  
            RUNNING=0  
    fi

else
if [ `ps -e | grep $BINARY_NAME | head -1 | awk '{ print $1 }'` ]
then
STATUS="$BINARY_NAME (pid `pidof $APP`, but no pid file) running.."
else
STATUS="$BINARY_NAME (no pid file) not running"
fi
RUNNING=0
fi

functions

start() {
if [ $RUNNING -eq 1 ]
then
echo "$0 $ARG: $BINARY_NAME (pid $PID) already running"
else
action $"Starting $BINARY_NAME: " $FULLPATH
touch /var/lock/subsys/$BINARY_NAME
fi
}

stop() {
echo -n $"Shutting down $BINARY_NAME: "
killproc $BINARY_NAME
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$BINARY_NAME
RUNNING=0
}

logic

case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $BINARY_NAME
;;
restart)
stop
sleep 10
start
;;
help|*)
echo $"Usage: $0 {start|stop|status|restart|help}"
cat <<EOF

                    start           - start $BINARY\_NAME  
                    stop            - stop $BINARY\_NAME  
                    status          - show current status of $BINARY\_NAME  
                    restart         - restart $BINARY\_NAME if running by sending a SIGHUP or start if not running  
                    help            - this screen

EOF
exit 1
;;
esac

exit 0

shell > cat /etc/ansible/roles/install_zabbix_agent/templates/zabbix_agentd.conf

This is a config file for the Zabbix agent daemon (Unix)

To get more information about Zabbix, visit http://www.zabbix.com

############ GENERAL PARAMETERS #################

Option: PidFile

Name of PID file.

Mandatory: no

Default:

PidFile=/tmp/zabbix_agentd.pid

Option: LogFile

Name of log file.

If not set, syslog is used.

Mandatory: no

Default:

LogFile=

LogFile=/tmp/zabbix_agentd.log

Option: LogFileSize

Maximum size of log file in MB.

0 - disable automatic log rotation.

Mandatory: no

Range: 0-1024

Default:

LogFileSize=1

Option: DebugLevel

Specifies debug level

0 - basic information about starting and stopping of Zabbix processes

1 - critical information

2 - error information

3 - warnings

4 - for debugging (produces lots of information)

Mandatory: no

Range: 0-4

Default:

DebugLevel=3

Option: SourceIP

Source IP address for outgoing connections.

Mandatory: no

Default:

SourceIP=

Option: EnableRemoteCommands

Whether remote commands from Zabbix server are allowed.

0 - not allowed

1 - allowed

Mandatory: no

Default:

EnableRemoteCommands=0

Option: LogRemoteCommands

Enable logging of executed shell commands as warnings.

0 - disabled

1 - enabled

Mandatory: no

Default:

LogRemoteCommands=0

Option: Server

List of comma delimited IP addresses (or hostnames) of Zabbix servers.

Incoming connections will be accepted only from the hosts listed here.

If IPv6 support is enabled then '127.0.0.1', '::127.0.0.1', '::ffff:127.0.0.1' are treated equally.

Mandatory: no

Default:

Server=

Server={{ zabbix_server_ip }}

Option: ListenPort

Agent will listen on this port for connections from the server.

Mandatory: no

Range: 1024-32767

Default:

ListenPort=10050

ListenPort={{ zabbix_port }}

Option: ListenIP

List of comma delimited IP addresses that the agent should listen on.

First IP address is sent to Zabbix server if connecting to it to retrieve list of active checks.

Mandatory: no

Default:

ListenIP=0.0.0.0

Option: StartAgents

Number of pre-forked instances of zabbix_agentd that process passive checks.

If set to 0, disables passive checks and the agent will not listen on any TCP port.

Mandatory: no

Range: 0-100

Default:

StartAgents=3

Option: ServerActive

List of comma delimited IP:port (or hostname:port) pairs of Zabbix servers for active checks.

If port is not specified, default port is used.

IPv6 addresses must be enclosed in square brackets if port for that host is specified.

If port is not specified, square brackets for IPv6 addresses are optional.

If this parameter is not specified, active checks are disabled.

Example: ServerActive=127.0.0.1:20051,zabbix.domain,[::1]:30051,::1,[12fc::1]

Mandatory: no

Default:

ServerActive=

#ServerActive=127.0.0.1:10051

Option: Hostname

Unique, case sensitive hostname.

Required for active checks and must match hostname as configured on the server.

Value is acquired from HostnameItem if undefined.

Mandatory: no

Default:

Hostname=

Hostname={{ ansible_all_ipv4_addresses[1] }}

Option: HostnameItem

Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.

Does not support UserParameters or aliases.

Mandatory: no

Default:

HostnameItem=system.hostname

Option: HostMetadata

Optional parameter that defines host metadata.

Host metadata is used at host auto-registration process.

An agent will issue an error and not start if the value is over limit of 255 characters.

If not defined, value will be acquired from HostMetadataItem.

Mandatory: no

Range: 0-255 characters

Default:

HostMetadata=

Option: HostMetadataItem

Optional parameter that defines an item used for getting host metadata.

Host metadata is used at host auto-registration process.

During an auto-registration request an agent will log a warning message if

the value returned by specified item is over limit of 255 characters.

This option is only used when HostMetadata is not defined.

Mandatory: no

Default:

HostMetadataItem=

Option: RefreshActiveChecks

How often list of active checks is refreshed, in seconds.

Mandatory: no

Range: 60-3600

Default:

RefreshActiveChecks=120

Option: BufferSend

Do not keep data longer than N seconds in buffer.

Mandatory: no

Range: 1-3600

Default:

BufferSend=5

Option: BufferSize

Maximum number of values in a memory buffer. The agent will send

all collected data to Zabbix Server or Proxy if the buffer is full.

Mandatory: no

Range: 2-65535

Default:

BufferSize=100

Option: MaxLinesPerSecond

Maximum number of new lines the agent will send per second to Zabbix Server

or Proxy processing 'log' and 'logrt' active checks.

The provided value will be overridden by the parameter 'maxlines',

provided in 'log' or 'logrt' item keys.

Mandatory: no

Range: 1-1000

Default:

MaxLinesPerSecond=100

############ ADVANCED PARAMETERS #################

Option: Alias

Sets an alias for an item key. It can be used to substitute long and complex item key with a smaller and simpler one.

Multiple Alias parameters may be present. Multiple parameters with the same Alias key are not allowed.

Different Alias keys may reference the same item key.

For example, to retrieve the ID of user 'zabbix':

Alias=zabbix.userid:vfs.file.regexp[/etc/passwd,^zabbix:.:([0-9]+),,,,\1]

Now shorthand key zabbix.userid may be used to retrieve data.

Aliases can be used in HostMetadataItem but not in HostnameItem parameters.

Mandatory: no

Range:

Default:

Option: Timeout

Spend no more than Timeout seconds on processing

Mandatory: no

Range: 1-30

Default:

Timeout=20

Option: AllowRoot

Allow the agent to run as 'root'. If disabled and the agent is started by 'root', the agent

will try to switch to the user specified by the User configuration option instead.

Has no effect if started under a regular user.

0 - do not allow

1 - allow

Mandatory: no

Default:

AllowRoot=0

Option: User

Drop privileges to a specific, existing user on the system.

Only has effect if run as 'root' and AllowRoot is disabled.

Mandatory: no

Default:

User=zabbix

Option: Include

You may include individual files or all files in a directory in the configuration file.

Installing Zabbix will create include directory in /usr/local/etc, unless modified during the compile time.

Mandatory: no

Default:

Include=

Include=/usr/local/etc/zabbix_agentd.userparams.conf

Include=/usr/local/etc/zabbix_agentd.conf.d/

Include=/usr/local/etc/zabbix_agentd.conf.d/*.conf

####### USER-DEFINED MONITORED PARAMETERS #######

Option: UnsafeUserParameters

Allow all characters to be passed in arguments to user-defined parameters.

0 - do not allow

1 - allow

Mandatory: no

Range: 0-1

Default:

UnsafeUserParameters=1

Option: UserParameter

User-defined parameter to monitor. There can be several user-defined parameters.

Format: UserParameter=,

See 'zabbix_agentd' directory for examples.

Mandatory: no

Default:

UserParameter=

####### LOADABLE MODULES #######

Option: LoadModulePath

Full path to location of agent modules.

Default depends on compilation options.

Mandatory: no

Default:

LoadModulePath=${libdir}/modules

Option: LoadModule

Module to load at agent startup. Modules are used to extend functionality of the agent.

Format: LoadModule=

The modules must be located in directory specified by LoadModulePath.

It is allowed to include multiple LoadModule parameters.

Mandatory: no

Default:

LoadModule=

4.7安装

ansible-playbook /etc/ansible/install_zabbix_agent.yml

PLAY [mini] *******************************************************************

GATHERING FACTS ***************************************************************
ok: [129.139.153.78]
ok: [155.139.190.94]

TASK: [install_zabbix_agent | Install Software] *******************************
changed: [155.139.190.94] => (item=libcurl-devel)
changed: [129.139.153.78] => (item=libcurl-devel)

TASK: [install_zabbix_agent | Create Zabbix User] *****************************
changed: [129.139.153.78]
changed: [155.139.190.94]

TASK: [install_zabbix_agent | Copy Zabbix.tar.gz] *****************************
changed: [129.139.153.78]
changed: [155.139.190.94]

TASK: [install_zabbix_agent | Uncompression Zabbix.tar.gz] ********************
changed: [129.139.153.78]
changed: [155.139.190.94]

TASK: [install_zabbix_agent | Copy Zabbix Start Script] ***********************
changed: [155.139.190.94]
changed: [129.139.153.78]

TASK: [install_zabbix_agent | Copy Zabbix Config File] ************************
changed: [129.139.153.78]
changed: [155.139.190.94]

TASK: [install_zabbix_agent | Modify Zabbix Dir Permisson] ********************
changed: [155.139.190.94]
changed: [129.139.153.78]

TASK: [install_zabbix_agent | Start Zabbix Service] ***************************
changed: [129.139.153.78]
changed: [155.139.190.94]

TASK: [install_zabbix_agent | Add Boot Start Zabbix Service] ******************
changed: [129.139.153.78]
changed: [155.139.190.94]

PLAY RECAP ********************************************************************
155.139.190.94 : ok=10 changed=9 unreachable=0 failed=0
129.139.153.78 : ok=10 changed=9 unreachable=0 failed=0