2023年7月10日发(作者：)

ansibleplaybook中when的多种⽤法和playbookhandler回顾剧本中可以使⽤判断的⽅式，减少hosts（play）的个数template jinjia2剧本中不能使⽤if判断，使⽤when判断shutdown -a　取消关机shutdown -s 关机shutdown -f　强⾏关闭应⽤程序shutdown -m 计算机名　控制远程计算机shutdown -i　显⽰“远程关机”图形⽤户界⾯，但必须是Shutdown的第⼀个参数 　shutdown -l　注销当前⽤户shutdown -r　关机并重启shutdown -s -t 时间　设置关机倒计时shutdown -h 休眠centos6启动httpd /etc/init.d/httpd start变量的使⽤并不能减少代码量,使⽤循环就可以减少代码量了还原快照要重新推送m01上的公钥，才能使⽤ansiblebool值纯数字要加引号，字符串不⽤加yum localinstall 在剧本中不会报错⽂件类型：str

int 字符串类型python中⽂件类型的区分是很严格的，剧本中变量加双引号循环⼀般在启动服务或者copy的时候使⽤yum⽀持列表，⼀般不⽤循环命令⾏不⽀持字典的形式调⽤变量，playbook⽀持根据不同的操作系统安装apache官⽅⽰例：- hosts: all tasks: - name: "shut down Debian flavored systems" command: /sbin/shutdown -t now when: ansible_facts['os_family'] == "Debian" #不等于表⽰：!= 0 # 注意，'所有变量'都可以直接在条件语句中使⽤，⽽⽆需使⽤双⼤括号 - hosts: web_group tasks: - name: Install CentOS Httpd yum: name: httpd state: present #官⽅ when: ansible_['os_family'] == "CentOS" #判断系统 when: _family == "CentOS" #⾮官⽅（） when: ansible_distribution == "CentOS"

- name: Install Ubuntu Httpd yum: name: apache2 state: present when: ansible_facts['os_family'] == "Ubuntu"

when后⾯既可以是变量，⼜可以是指定值，⼀般后⾯跟变量，与hosts⼀起使⽤

[root@www ~]# ansible web01 -m setup |grep os_family "ansible_os_family": "RedHat",when的缩进和name注释⼀样

#facts 指的是 ansible_facts 变量，ansible 中使⽤ setup 模块来获取，包含系统的⼤部分基础硬件信息还可以使⽤括号，and , or对条件进⾏分组tasks: - name: "shut down CentOS 6 and Debian 7 systems" command: /sbin/shutdown -t now when: (ansible_facts['distribution'] == "CentOS" and ansible_facts['distribution_major_version'] == "6") or (ansible_facts['distribution'] == "Debian" and ansible_facts['distribution_major_version'] == "7")

#使⽤ansible_facts['distribution'] 判断系统 注意⼤⼩写也可以指定多条件为列表（and 并且）tasks: - name: "shut down CentOS 6 systems" command: /sbin/shutdown -t now when: - ansible_facts['distribution'] == "CentOS" - ansible_facts['distribution_major_version'] == "6"

#列表形式等效于and条件运算tasks: - shell: echo "only on Red Hat 6, derivatives, and later" when: ansible_facts['os_family'] == "RedHat" and ansible_facts['lsb']['major_release']|int >= 6 #rsync服务端推送配置⽂件[root@m01 ~]# cat rsyncd/- hosts: all ###### tasks: - name: Install Rsyncd Server yum: name: rsync state: present #可在这⾥使⽤ls -l 判断rsync是否安装 - name: Create www Group group: name: www gid: 666 - name: Create www User user: name: www group: www uid: 666 create_home: false shell: /sbin/nologin - name: Scp Rsync Config copy: src: ./rsyncd.j2 dest: /etc/ owner: root group: root mode: 0644 when: ansible_hostname == "backup" #判断主机名 - name: Create Passwd File copy: content: 'rsync_backup:123' dest: /etc/ owner: root group: root mode: 0600 when: ansible_hostname == "backup" - name: Create backup Directory file: path: /backup state: directory mode: 0755 owner: www group: www recurse: yes when: ansible_hostname == "backup" - name: Start Rsyncd Server systemd: name: rsyncd state: started when: ansible_hostname == "backup"

rsync客户端推送脚本[root@m01 ~]# vim - hosts: rsync_server tasks: - name: SCP Backup Shell copy: src: ./ dest: /root/ when: ansible_hostname is match "web*" #when⽀持通配符 when: ansible_hostname ~= "web*"

#when: ansible_hostname == "backup" or ansible_hostname == "nfs" #这三种⽅式类似模糊匹配，都可以匹配多台web #模糊匹配和and or不能⼀起使⽤通过register将命令执⾏结果保存⾄变量，然后通过when语句进⾏判断- hosts: web_group tasks: - name: Check Httpd Server command: systemctl is-active httpd #查看服务状态 ignore_errors: yes #忽略报错，继续执⾏ register: check_httpd #将命令的执⾏结果注册变量 - name: debug outprint debug: var=check_httpd #偶尔调试 - name: Httpd Restart service: name: httpd state: restarted when: check_ == 0#通过变量注册的⽅式可以进⾏⾮系统变量的调⽤,与'register: check_httpd'对应#htpd[root@lb01 ~]# systemctl is-active httpdactive[root@lb01 ~]# systemctl stop httpd[root@lb01 ~]# systemctl is-active httpdunknown#nginx[root@lb01 ~]# systemctl is-active nginxactive[root@lb01 ~]# systemctl stop nginx[root@lb01 ~]# systemctl is-active nginxfailedplaybook循环语句在之前的学习过程中，我们经常会有传送⽂件，创建⽬录之类的操作，创建2个⽬录就要写两个file模块来创建，如果要创建100个⽬录，我们需要写100个file模块妈耶~~~~当然不是，只要有循环即可，减少重复性代码。启动多个服务- hosts: web_group tasks: - name: start service systemd: name: "{{ item }}" state: started with_items: - httpd - php-fpm - mariadb定义变量循环- name: ensure a list of packages installed yum: name: "{{ packages }}" vars: #模块内定义变量 packages: - httpd - httpd-tools- hosts: web_group tasks: - name: ensure a list of packages installed yum: name= "{{ item }}" state=present #可以使⽤多个'=' with_items: - httpd - httpd-tools

#with_items⼀般放到模块的末尾，与模块同⼀缩进级别

字典循环1.创建⽤户[root@m01 ~]# cat - hosts: web_group tasks: - name: Add Users user: name: "{{ }}" groups: "{{ }}" state: present with_items: - { name: 'zls', groups: 'linux' } - { name: 'egon', groups: 'python' }2.拷贝⽂件- hosts: web_group tasks: - name: copy conf and code copy: src: "{{ }}" dest: "{{ }}" mode: "{{ }}" with_items: - { src: "./", dest: "/etc/httpd/conf/", mode: "0644" } - { src: "./upload_", dest: "/var/www/html/", mode: "0600" }

#同⼀模块在⼀个剧本中多次出现，即可考虑使⽤循环 #同⼀模块在⼀个剧本中多次出现，对同⼀主机多次操作，即可考虑字典循环 #同⼀模块在⼀个剧本中多次出现，对同⼀主机多次操作，即可考虑字典循环playbook handlerhandler⽤来执⾏某些条件下的任务，⽐如当配置⽂件发⽣变化的时候，通过notify触发handler去重启服务。实践案例[root@m01 ~]# cat

- hosts: web_group vars: - http_port: 8080 tasks: - name: Install Http Server yum: name: httpd state: present - name: config httpd server template: src: ./httpd.j2 dest: /etc/httpd/conf notify: # - Restart Httpd Server - Restart PHP Server - name: start httpd server service: name:httpd state: started enabled: yes handlers: # - name: Restart Httpd Server

systemd: name: httpd state: restarted

- name: Restart PHP Server systemd: name: php-fpm state: restarted练习：多个nginx配置⽂件的推送及触发器注意：1.⽆论多少个task通知了相同的handlers，handlers仅会在所有tasks结束后运⾏⼀次。rs只有在其所在的任务被执⾏时，才会被运⾏；如果⼀个任务中定义了notify调⽤Handlers，但是由于条件判断等原因，该任务未被执⾏，那么Handlers同样不会被执⾏。rs只会在每⼀个play的末尾运⾏⼀次；如果想在⼀个playbook中间运⾏Handlers，则需要使⽤meta模块来实现。例如： -meta: flush_handlers。4.如果⼀个play在运⾏到调⽤Handlers的语句之前失败了，那么这个Handlers将不会被执⾏。我们可以使⽤meta模块的--force-handlers选项来强制执⾏Handlers，即使Handlers所在的play中途运⾏失败也能执⾏。5.不能使⽤handlers替代tasksplaybook任务标签默认情况下，Ansible在执⾏⼀个playbook时，会执⾏playbook中定义的所有任务，Ansible的标签(tag)功能可以给单独任务甚⾄整个playbook打上标签，然后利⽤这些标签来指定要运⾏playbook中的个别任务，或不执⾏指定的任务。打标签的⽅式1.对⼀个task打⼀个标签2.对⼀个task打多个标签3.对多个task打⼀个标签打完标签如何使⽤-t:执⾏指定的tag标签任务--skip-tags:执⾏--skip-tags之外的标签任务使⽤-t指定tag[root@m01 m01]# cat

- hosts: web_group vars: - http_port: 8080 tasks: - name: Install Http Server yum: name: httpd state: present tags:

- install_httpd - httpd_server - name: configure httpd server template: src: ./httpd.j2 src: ./httpd.j2 dest: /etc/httpd/conf/ notify: Restart Httpd Server tags:

- config_httpd - httpd_server - name: start httpd server service: name: httpd state: started enabled: yes tags: service_httpd handlers: - name: Restart Httpd Server systemd: name: httpd state: restarted

[root@m01 m01]# ansible-playbook --list-tags[root@m01 m01]# ansible-playbook -t httpd_server[root@m01 m01]# ansible-playbook -t install_httpd,confiure_httpd[root@m01 m01]# ansible-playbook --skip-tags httpd_serverplaybook⽂件复⽤在之前写playbook的过程中，我们发现，写多个playbook没有办法，⼀键执⾏，这样我们还要单个playbook挨个去执⾏，很鸡肋。所以在playbook中有⼀个功能，叫做include⽤来动态调⽤task任务列表。只调⽤task：include_tasks调⽤整个task⽂件：include （新版本：import_playbook）在saltstack中，叫做top file⼊⼝⽂件。⽰例⼀：[root@m01 m01]# cat

- hosts: web_group vars: - http_port: 8080 tasks: - include_tasks: task_ - include_tasks: task_ - include_tasks: task_ handlers: - name: Restart Httpd Server systemd: name: httpd state: restarted[root@m01 m01]# cat task_

- name: Install Http Server yum: name: httpd state: present[root@m01 m01]# cat task_

- name: configure httpd server template: src: ./httpd.j2 dest: /etc/httpd/conf/ notify: Restart Httpd Server[root@m01 m01]# cat task_

- name: start httpd server service: name: httpd state: started enabled: yes⽰例⼆- include: - include: - include: ⽰例三- import_playbook: - import_playbook: - import_playbook: ybook忽略错误默认playbook会检测task执⾏的返回状态，如果遇到错误则会⽴即终⽌playbook的后续task执⾏，然鹅有些时候playbook即使执⾏错误了也要让其继续执⾏。加⼊参数：ignore_errors:yes 忽略错误[root@m01 ~]# cat [root@m01 ~]# cat ---- hosts: web_group tasks: - name: Ignore False command: /bin/false ignore_errors: yes

- name: touch new file file: path: /tmp/ state: touchplaybook错误处理如上所述，当task执⾏失败时，playbook将不再继续执⾏，包括如果在task中设置了handler也不会被执⾏。但是我们可以采取强制措施...强制调⽤handler[root@m01 ~]# cat

- hosts: web_group vars: - http_port: 8080 force_handlers: yes tasks: - name: config httpd server template: src: ./httpd.j2 dest: /etc/httpd/conf notify:

- Restart Httpd Server - Restart PHP Server - name: Install Http Server yum: name: htttpd state: present - name: start httpd server service: name:httpd state: started enabled: yes handlers: - name: Restart Httpd Server systemd: name: httpd state: restarted

- name: Restart PHP Server systemd: name: php-fpm state: restarted抑制changed被管理主机没有发⽣变化，可以使⽤参数将change状态改为ok[root@m01 ~]# cat

- hosts: web_group vars: - http_port: 8080 force_handlers: yes tasks: - name: shell shell: netstat -lntup|grep httpd register: check_httpd changed_when: false - name: debug debug: msg={{ check_ }}[root@m01 project2]# cat changed_

- hosts: webservers vars: - http_port: 8080 tasks: - name: configure httpd server template: src: ./httpd.j2 dest: /etc/httpd/conf/ notify: Restart Httpd Server - name: Check HTTPD shell: /usr/sbin/httpd -t register: httpd_check changed_when: changed_when:

- httpd_('OK') - false - name: start httpd server service: name: httpd state: started enabled: yes handlers: - name: Restart Httpd Server systemd: name: httpd state: restarted