day051-ansible循环、判断与jinja2模板
文章目录
- 0. 老男孩思想-男女性需求差异
- 1. 手动指定客户机密码
- 2. 批量更新主机名
- 2.1 hostname模块
- 2.2 添加主机清单变量
- 2.3 编写批量修改主机名剧本
- 2.4 修改hosts文件
- 2.5 分发hosts文件剧本
- 3. ansible的并行进程数
- 4. 分组设置主机密码-主机清单分组变量
- 5. 案例:ansible批量管理案例400台机器
- 6. ansible循环
- 6.1 标准循环 (with_items)
- 6.1.1 添加多个用户
- 6.2 字典列表循环
- 6.2.1 添加多个用户,并添加uid、group
- 7. ansible判断
- 7.1 根据系统类型安装软件
- 7.2 根据register变量判断系统类型
- 8. jinja2模板
- 8.1 分发keepalived配置文件
- 8.1.1 编写keepalived配置文件j2模板
- 8.1.2 编写分发文件剧本
- 8.2 分发NFS配置文件
- 8.2.1 为nfs主机组添加分组变量
- 8.2.2 编写nfs配置文件的j2模板
- 8.2.3 编写分发配置文件剧本
- 8.3 分发rsync服务的配置文件
- 8.3.1 编写rsync主机组分组变量
- 8.3.2 编写rsync服务配置文件的j2模板
- 8.3.3 编写分发剧本
- 8.4 分发多个nginx域名配置文件
- 8.4.1 编写web主机组分组变量
- 8.4.2 编写nginx域名配置文件的j2模板
- 8.4.3 编写分发配置文件剧本
- 9. 思维导图
0. 老男孩思想-男女性需求差异
女生对待性的方面往往不如男生强烈,特别是28岁以上的女生;只有满足女生其他生理和心理需求,对方才会把性交给你保管,所以说性是她喜欢你之后附属给你的东西。而男生恰恰相反,常常就是想到性然后就有了性的冲动,进而喜欢上一个女生。 —老男孩
1. 手动指定客户机密码
- 当服务机密码认证失败后,可以手动指定客户机的用户名和密码
[root@m02 /server/ans/playbooks]# cat hosts
……
[bak]
172.16.1.41 ansible_user=root ansible_port=22 ansible_password=SKX2554.……
- 测试
[root@m02 /server/ans/playbooks]# ansible -i hosts bak -m ping
……
172.16.1.41 | SUCCESS => {"changed": false,"ping": "pong"
}
2. 批量更新主机名
2.1 hostname模块
hostname模块 用于管理目标主机的系统主机名(hostname)。它可以修改 临时主机名和 永久主机名。
- 模块参数:
- name:新主机名
- use:生效范围
- runtime:临时生效
- persistent:永久生效
2.2 添加主机清单变量
[root@m02 /server/ans/playbooks]# cat hosts
[lb]
172.16.1.5 hostname=lb01.oldboy.cn
172.16.1.6 hostname=lb02.oldboy.cn
[web]
172.16.1.7 hostname=web01.oldboy.cn
172.16.1.8 hostname=web02.oldboy.cn
172.16.1.9 hostname=web03.oldboy.cn
[db]
172.16.1.51 hostname=db01.oldboy.cn
172.16.1.52 hostname=db02.oldboy.cn
[nfs]
172.16.1.31 hostname=nfs01.oldboy.cn
[bak]
172.16.1.41 ansible_user=root ansible_port=22 ansible_password=SKX2554. hostname=backup.oldboy.cn[data:children]
db
nfs
bak
2.3 编写批量修改主机名剧本
[root@m02 /server/ans/playbooks]# cat 07.hostname.yaml
- hosts: allgather_facts: falsetasks:- name: 1.修改主机名hostname: name: "{{ hostname }}"- name: 2.检查主机名shell: "hostname"register: host #注册变量,记录执行命令的结果- name: 3.输出主机名debug:msg: "{{ host.stdout }}"
- 测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 07.hostname.yaml
……TASK [1.修改主机名] *********************************************************************************************
ok: [172.16.1.9]
ok: [172.16.1.6]
fatal: [172.16.1.52]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.1.52 port 22: No route to host", "unreachable": true}
ok: [172.16.1.7]
ok: [172.16.1.8]
ok: [172.16.1.31]
ok: [172.16.1.5]
ok: [172.16.1.51]
ok: [172.16.1.41]TASK [2.检查主机名] *****************************************************************************************
changed: [172.16.1.9]
changed: [172.16.1.8]
changed: [172.16.1.7]
changed: [172.16.1.6]
changed: [172.16.1.5]
changed: [172.16.1.51]
changed: [172.16.1.31]
changed: [172.16.1.41]TASK [3.输出主机名] *********************************************************************************************
ok: [172.16.1.5] => {"msg": "lb01.oldboy.cn"
}
ok: [172.16.1.6] => {"msg": "lb02.oldboy.cn"
}
ok: [172.16.1.7] => {"msg": "web01.oldboy.cn"
}
ok: [172.16.1.8] => {"msg": "web02.oldboy.cn"
}
ok: [172.16.1.9] => {"msg": "web03.oldboy.cn"
}
ok: [172.16.1.51] => {"msg": "db01.oldboy.cn"
}
……
2.4 修改hosts文件
[root@m02 /server/ans/playbooks]# sed -rn -i '/^172/s# (.*)# \1 \1.oldboy.cn#gp' /etc/hosts
[root@m02 /server/ans/playbooks]# cat /etc/hosts
172.16.1.5 lb01 lb01.oldboy.cn
172.16.1.6 lb02 lb02.oldboy.cn
172.16.1.7 web01 web01.oldboy.cn
172.16.1.8 web02 web02.oldboy.cn
172.16.1.9 web03 web03.oldboy.cn
172.16.1.31 nfs01 nfs01.oldboy.cn
172.16.1.41 backup backup.oldboy.cn
172.16.1.51 db01 db01.oldboy.cn
172.16.1.61 m01 m01.oldboy.cn
2.5 分发hosts文件剧本
[root@m02 /server/ans/playbooks]# cat 07.hosts.yaml
- hosts: allgather_facts: falsetasks:- name: 1.分发hosts文件copy:src: /etc/hostsdest: /etc/hosts
- 测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 07.hosts.yaml
……
3. ansible的并行进程数
- ansible默认并发执行的主机数是5
- 选项:
- -f,表示ansible的并发进程数,默认是5
4. 分组设置主机密码-主机清单分组变量
- 编辑主机清单,添加分组变量
[root@m02 /server/ans/playbooks]# cat hosts
[lb]
172.16.1.5 hostname=lb01.oldboy.cn
172.16.1.6 hostname=lb02.oldboy.cn
[web]
172.16.1.7 hostname=web01.oldboy.cn
172.16.1.8 hostname=web02.oldboy.cn
172.16.1.9 hostname=web03.oldboy.cn
[db]
172.16.1.51 hostname=db01.oldboy.cn
172.16.1.52 hostname=db02.oldboy.cn
[nfs]
172.16.1.31 hostname=nfs01.oldboy.cn
[bak]
172.16.1.41 ansible_user=root ansible_port=22 ansible_password=SKX2554. hostname=backup.oldboy.cn[data:children]
db
nfs
bak[web:vars]
password=SKX2554.
[db:vars]
password=SKX2555.
- 编写批量更新主机密码剧本:
[root@m02 /server/ans/playbooks]# cat 08.passwd.yaml
- hosts: web,dbbecome: yes ## 需要 root 权限tasks:- name: 1.更新主机密码user:name: rootpassword: "{{ password | password_hash('sha512') }}"
5. 案例:ansible批量管理案例400台机器
- 这些机器密码不相同
[ansible批量管理案例400台机器项目](https://www.yuque.com/lidao996/sre/kva28zochq01n7l6)
6. ansible循环
6.1 标准循环 (with_items)
- 剧本选项:
- with_items
- loop
- 两个选项用法相同
6.1.1 添加多个用户
- 剧本:
[root@m02 /server/ans/playbooks]# cat 09.add_users.yaml
- hosts: alltasks:- name: 1.添加多个用户user:name: "{{ item }}" # 该变量名不能改变state: presentwith_items: #循环的变量值- oldboy01- oldboy02- oldboy03
- 测试并检查:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 09.add_users.yaml
……
[root@m02 /server/ans/playbooks]# ansible -i hosts all -m shell -a "tail -n 3 /etc/passwd"
……
172.16.1.7 | CHANGED | rc=0 >>
oldboy01:x:3001:3001::/home/oldboy01:/bin/bash
oldboy02:x:3002:3002::/home/oldboy02:/bin/bash
oldboy03:x:3003:3003::/home/oldboy03:/bin/bash
172.16.1.8 | CHANGED | rc=0 >>
oldboy01:x:3002:3002::/home/oldboy01:/bin/bash
oldboy02:x:3003:3003::/home/oldboy02:/bin/bash
oldboy03:x:3004:3004::/home/oldboy03:/bin/bash
……
6.2 字典列表循环
- 循环列表是字典结构
- 参数值是item的子标签
6.2.1 添加多个用户,并添加uid、group
- 剧本:
[root@m02 /server/ans/playbooks]# cat 10.add_users.yaml
- hosts: alltasks:- name: 1.添加用户组group:name: "{{ item.name }}"gid: "{{ item.gid }}"state: presentloop:- { name: oldboy01, gid: 2010 }- { name: oldboy02, gid: 2011 }- { name: oldboy03, gid: 2012 }- name: 2.添加多个用户,并指定uid,groupuser:name: "{{ item.name }}"uid: "{{ item.uid }}"group: "{{ item.name }}"state: presentloop:- { name: oldboy01, uid: 2010 }- { name: oldboy02, uid: 2011 }- { name: oldboy03, uid: 2012 }- 执行并测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 10.add_users.yaml
……
[root@m02 /server/ans/playbooks]# ansible -i hosts all -m shell -a 'tail -n 4 /etc/passwd'
……
172.16.1.6 | CHANGED | rc=0 >>
skx:x:3001:3001::/home/skx:/sbin/nologin
oldboy01:x:2010:2010::/home/oldboy01:/bin/bash
oldboy02:x:2011:2011::/home/oldboy02:/bin/bash
oldboy03:x:2012:2012::/home/oldboy03:/bin/bash
172.16.1.8 | CHANGED | rc=0 >>
skx:x:3001:3001::/home/skx:/sbin/nologin
oldboy01:x:2010:2010::/home/oldboy01:/bin/bash
oldboy02:x:2011:2011::/home/oldboy02:/bin/bash
oldboy03:x:2012:2012::/home/oldboy03:/bin/bash
……
7. ansible判断
在 Ansible 中,判断(条件控制)主要通过
when语句实现,它允许你根据变量、事实(facts)或任务执行结果来决定是否执行某个任务或模块。
变量值 is match("pattern"):使用 正则表达式 匹配字符串
7.1 根据系统类型安装软件
- 系统类型可由facts变量获取
[root@m02 /server/ans/playbooks]# cat 11.install_soft.yaml
- hosts: allgather_facts: truetasks:- name: 1.判断是否是红帽系统yum:name: cowsay,sl,nmap #可以安装多个软件state: latestwhen: ( ansible_distribution is match("Kylin|Rocky") )- name: 2.判断是否是Ubuntu系统apt:name: cmatrix,nyancatstate: latestupdate_cache: yeswhen: ( ansible_distribution is match("Ubuntu|Debian") )
- 执行并测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 11.install_soft.yaml
……
TASK [1.判断是否是红帽系统] *************************************************************************************
changed: [172.16.1.6]
changed: [172.16.1.5]
changed: [172.16.1.7]
changed: [172.16.1.9]
changed: [172.16.1.8]
changed: [172.16.1.51]
changed: [172.16.1.41]
changed: [172.16.1.31]
changed: [172.16.1.52]TASK [2.判断是否是Ubuntu系统] ***********************************************************************************
skipping: [172.16.1.5] # 根据when选项判断,不符合会直接跳过
skipping: [172.16.1.6]
skipping: [172.16.1.7]
skipping: [172.16.1.8]
skipping: [172.16.1.9]
skipping: [172.16.1.51]
skipping: [172.16.1.52]
skipping: [172.16.1.31]
skipping: [172.16.1.41]
……
[root@m02 /server/ans/playbooks]# ssh web01 animalsay 孙克旭很强Authorized users only. All activities may be monitored and reported._______
< 孙克旭很强 >-------\ _\ (_)\ ^__^ / \\ (oo)\_____/_\ \(__)\ ) /||----w ((|| ||>>
7.2 根据register变量判断系统类型
[root@m02 /server/ans/playbooks]# cat 11.install_soft_register.yaml
- hosts: allgather_facts: falsetasks:- name: 1.获取主机版本shell: "hostnamectl |grep 'Operating System' |awk -F ':' '{print $2}'|xargs"register: os_name- name: 2.输出变量信息debug:msg: "{{ os_name.stdout }}"- name: 3.判断是否是红帽系统yum:name: cowsay,sl,nmapstate: latestwhen: ( os_name.stdout is match ("Kylin|Rocky") )- name: 4.判断是否是Ubuntu系统apt:name: cmatrix,nyancatstate: latestwhen: ( os_name.stdout is match ("Ubuntu|Debian") )8. jinja2模板
Jinja2 是 Ansible 使用的强大模板引擎,它允许你在配置文件中动态插入变量、使用控制结构和过滤器。
8.1 分发keepalived配置文件
8.1.1 编写keepalived配置文件j2模板
[root@m02 /server/ans/playbooks/files]# cat keepalived.conf.j2
global_defs {router_id {{ansible_hostname}} # ansible变量
}{% if ansible_hostname in ["lb01","lb01.oldboy.cn"] %} #j2的判断语句
vrrp_script check_lb.sh { script /server/scripts/check_lb.shinterval 2weight 1user root
}
{% endif %}vrrp_instance lb_vip_3 {{% if ansible_hostname in ["lb01","lb01.oldboy.cn"] %}state MASTERpriority 100#lidao master{% elif ansible_hostname in ["lb02","lb02.oldboy.cn"] %}state BACKUPpriority 50#lidao backup{% endif %}interface ens33virtual_router_id 51advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.3/24 dev ens33 label ens33:1}{% if ansible_hostname in ["lb01","lb01.oldboy.cn"] %}track_script {check_lb.sh}{% endif %}
}
8.1.2 编写分发文件剧本
- 使用template模板
[root@m02 /server/ans/playbooks]# cat 12.keepalived.yaml
- hosts: lbgather_facts: true #j2模板需要facts变量tasks:- name: 1.install #下载keepalivedyum:name: keepalivedstate: present- name: 2.conf #分发keepalived配置文件template:src: ./files/keepalived.conf.j2dest: /etc/keepalived/keepalived.confbackup: true- name: 3.start #启动keepalivedsystemd:name: keepalivedenabled: truestate: restarted
8.2 分发NFS配置文件
8.2.1 为nfs主机组添加分组变量
# 注意路径
[root@m02 /server/ans/playbooks/group_vars]# cat nfs.yaml
# nfs共享目录
nfs_dirs:- /nfsdata/- /nfs/pics- /nfs/blog- /nfs/zrlog
8.2.2 编写nfs配置文件的j2模板
[root@m02 /server/ans/playbooks/files]# cat exports.j2
{% for dir in nfs_dirs %} #变量名是分组变量
#nfs服务端目录 {{ dir }}
{{dir}} 172.16.1.0/24(rw,all_squash)
{% endfor %}
8.2.3 编写分发配置文件剧本
[root@m02 /server/ans/playbooks]# cat 13.nfs_exports.yml
- hosts: nfs tasks: - name: template exports file #分发nfs配置文件template:src: ./files/exports.j2dest: /etc/exportsbackup: true
- 执行并检查:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 13.nfs_exports.yml
……
[root@m02 /server/ans/playbooks]# ssh nfs01 cat /etc/exportsAuthorized users only. All activities may be monitored and reported.
#nfs服务端目录 /nfsdata/
/nfsdata/ 172.16.1.0/24(rw,all_squash)
#nfs服务端目录 /nfs/pics
/nfs/pics 172.16.1.0/24(rw,all_squash)
#nfs服务端目录 /nfs/blog
/nfs/blog 172.16.1.0/24(rw,all_squash)
#nfs服务端目录 /nfs/zrlog
/nfs/zrlog 172.16.1.0/24(rw,all_squash)
8.3 分发rsync服务的配置文件
8.3.1 编写rsync主机组分组变量
[root@m02 /server/ans/playbooks/group_vars]# cat bak.yaml
# rsync配置文件中的模块名称和路径
rsync_module:- { name: "data", dir: "/data" }- { name: "backup", dir: "/backup" }- { name: "blog", dir: "/nfs/backup/blog" }
8.3.2 编写rsync服务配置文件的j2模板
[root@m02 /server/ans/playbooks/files]# cat rsyncd.conf.j2
fake super = yes
uid = rsync
gid = rsync
use chroot = no
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
#hosts allow = 10.0.0.0/24
#hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
#####################################
{% for dir in rsync_module %}
[{{dir.name}}]
comment = by skx
path = {{ dir.dir }}
{% endfor %}
8.3.3 编写分发剧本
[root@m02 /server/ans/playbooks]# cat 14.rsync.yaml
- hosts: bakgather_facts: falsetasks:- name: 1.分发rsync配置文件template:src: ./files/rsyncd.conf.j2dest: /etc/rsyncd.confbackup: true
- 测试:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 14.rsync.yaml
……
[root@m02 /server/ans/playbooks]# ssh backup cat /etc/rsyncd.confAuthorized users only. All activities may be monitored and reported.
fake super = yes
uid = rsync
gid = rsync
use chroot = no
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
#hosts allow = 10.0.0.0/24
#hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
#####################################
[data]
comment = by skx
path = /data
[backup]
comment = by skx
path = /backup
[blog]
comment = by skx
path = /nfs/backup/blog
8.4 分发多个nginx域名配置文件
8.4.1 编写web主机组分组变量
[root@m02 /server/ans/playbooks/group_vars]# cat web.yaml
# nginx域名
domain:- bird- game- blog
8.4.2 编写nginx域名配置文件的j2模板
[root@m02 /server/ans/playbooks/files]# cat oldboy.conf.j2
server {listen 80;server_name {{ item }}.oldboy.cn;root /app/code/{{ item }};# 设置错误日志error_log /var/log/nginx/{{ item }}.oldboy.cn-error.log notice;# 设置访问日志access_log /var/log/nginx/{{ item }}.oldboy.cn-access.log main;location / {index index.html;}
}
8.4.3 编写分发配置文件剧本
[root@m02 /server/ans/playbooks]# cat 15.nginx_conf.yaml
- hosts: webgather_facts: falsetasks:- name: 1.分发配置文件template:src: ./files/oldboy.cn.conf.j2dest: /tmp/{{ item }}.oldboy.cn.confloop: "{{ domain }}"
- 执行:
[root@m02 /server/ans/playbooks]# ansible-playbook -i hosts 15.nginx_conf.yaml
……PLAY [web] ******************************************************************************************************TASK [1.分发配置文件] *******************************************************************************************
changed: [172.16.1.9] => (item=bird)
changed: [172.16.1.7] => (item=bird)
changed: [172.16.1.8] => (item=bird)
changed: [172.16.1.9] => (item=game)
changed: [172.16.1.8] => (item=game)
changed: [172.16.1.7] => (item=game)
changed: [172.16.1.9] => (item=blog)
……
9. 思维导图
https://kdocs.cn/join/gpuxq6r?f=101\r\n邀请你加入共享群「老男孩教育Linux运维99期-孙克旭」一起进行文档协作