首页 > 代码库 > Ansible configure management--翻译(三)
Ansible configure management--翻译(三)
Simple Playbooks Ansible is useful as a command-line tool for making small changes. However, its real power lies in its scripting abilities. While setting up machines, you almost always need to do more than one thing at a time. Ansible provides for this by using a tool called playbook. Using playbooks, you can perform many actions at once, and across multiple systems. They provide a way to orchestrate deployments, ensure a consistent configuration, or simply perform a common task. Playbooks are expressed in YAML, and for the most part, Ansible uses a standard YAML parser. This means that you have all the features of YAML available to you as you write them. For example, you can use the same commenting system as you would in YAML. Many lines of a playbook can also be written and represented in YAML data types. See http://www.yaml.org/ for more information. Playbooks also open up many opportunities. They allow you to carry the state from one command to the next. For example, you can grab the content of a file on one machine, register it as a variable, and then use that on another machine. This allows you to make complex deployment mechanisms that will be impossible with the Ansible command alone. Additionally, each module tries to be idempotent; you should be able to run a playbook several times and changes will only be made if they need to be. The command to execute a playbook is ansible-playbook . It accepts arguments similar to the Ansible command-line tool. For example, -k ( --ask-pass ) and -K ( --ask-sudo ) make it prompt for the SSH and sudo passwords, respectively; -u can be used to set the user to use SSH. However, these options can also be set inside the playbooks themselves in the target section. For example, to use the play named example-play.yml , you can use the following command: $ ansible-playbook example-play.ymlThe Ansible playbooks are made up of one or more plays. A play consists of threesections: the target section, the variable section, and finally the bit that does all thereal work, the task section. You can include as many plays as you like in a singleYAML file.? The target section defines hosts on which the play will be run, and how itwill be run. This is where you set the SSH username and other SSH-relatedsettings.? The variable section defines variables which will be made available to theplay while running.? The task section lists all the modules in the order that you want them to berun by Ansible.A full example of an Ansible play looks like the following code snippet:---- hosts: localhostuser: rootvars:motd_warning: 'WARNING: Use by ACME Employees ONLY'tasks:- name: setup a MOTDcopy: dest=/etc/motd content={{ motd_warning }}
第二章 简单的playbooks
使用命令行工具来标记一些改变,Ansible显示出了他的优势。但是,它真正强大的地方在于它的脚本能力。当我们配置机器的时候,通常需要在同一时间内做许多操作,Anisble提供了一个工具叫playbooks。使用playbooks,我们就可以一次性、对多台机器进行多个操作动作。这种部署方法,可以确保配置的一致性,或者用来执行一些常见的任务。
playbooks使用yaml文件,多数情况下,Ansible使用了标准的yaml解析,这意味这你可以使用所有yaml的特性,比如注解规则,更多信息可以查看http://www.yaml.org/
Playbooks also open up many opportunities.(这句不知道该如何翻译,不过从下面的语句应该可以反推它的意思)这可以让我们把一个状态信息从一个命令带到下一个命令。
比如:我们可以从一台机器上获取一个文件的内容,将其注册成一个变量,应用到另外一台机器上。与单命令行模式相比,这种特性可以让我们制作一个更加复杂的部署任务,我们可以运行一个playbook很多次,但是配置的改变只有在需要的时候才会生效。
运行playbook的命令是ansible-playbook,它接受的参数和命令行工具类似,比如-k ,--ask-sudo 是询问ssh和sudo密码,-u指定连接用户。更进一步的是,playbook可以把这些参数写进脚本的对应选项中去。
运行一个名叫example-play.yml:
$ ansible-playbook example-play.yml
一个playbook可以有一个或者多个操作,每一个操作有三个选项。
- 目标选项:定义哪些主机来执行任务,如何执行任务,这也是你制定SSH-related和ssh参数的地方
- 变量选项:定义在任务运行过程中需要启用那些变量
- 任务选项:需要被执行的Ansible模块列表
下面是一个完整的playbook例子:
---
- hosts: localhost
user: root
vars:
motd_warning: ‘WARNING: Use by ACME Employees ONLY‘
tasks:
- name: setup a MOTD
copy: dest=/etc/motd content={{ motd_warning }}
The target section The target section looks like the following code snippet: - hosts: webservers user: root This is an incredibly simple version, but likely to be all you need in most cases. Each play exists within a list. As per the YAML syntax, the line must start with a dash. The hosts that a play will be run on must be set in the value of hosts . This value uses the same syntax as the one used when selecting hosts using the Ansible command line, which we discussed in the previous chapter. The host-pattern-matching features of Ansible were also discussed in the previous chapter. In the next line, the user tells the Ansible playbook which user to connect to the machine as.
目标选项
目标选项的配置看起来就像下面这样:
- hosts: webservers
user: root
这是一个超级简单的版本,但是在大多数情况下你都会需要它。每个操作都有一个列表。就像每个YAML语法都是以破折号开始。每一个受管远程主机需要进行操作的话都需要指定一个host值,这个值跟我们在第一章讨论的在命令行工具中使用时候用到host是一样的;下一行指定了连接远程受管主机使用的用户名。下面是一些可以在目标选项中可以指定的其他值。
上面几个解释过了。
connection:允许你指定ssh parmiko或者local这三种传输方式
gather_facts:默认每次连接都会执行setup,如果不需要用到变量可以制定这个字段为now
The variable section Here you can define variables that apply to the entire play on all machines. You can also make Ansible prompt for variables if they weren't supplied in the command line. This allows you to make easily maintainable plays, and prevents you from changing the same thing in several parts of the play. This also allows you to have all the configuration for the play stored at the top, where you can easily read and modify it without worrying about what the rest of the play does. Variables in this section of a play can be overridden by machine facts (those that are set by modules), but they themselves override the facts you set in your inventory. So they are useful to define defaults that you may collect in a module later, but they can't be used to keep defaults for inventory variables as they will override those defaults.Variable declarations, called vars , look like the values in the target section andcontain a YAML dictionary or a list. An example looks like the following codesnippet:vars:apache_version: 2.6motd_warning: 'WARNING: Use by ACME Employees ONLY'testserver: yesVariables can also be loaded from external YAML files by giving Ansible a list ofvariable files to load. This is done in a similar way using the vars_files directive.Then simply provide the name of another YAML file that contains its own dictionary.This means that instead of storing the variables in the same file, they can be storedand distributed separately, allowing you to share your playbook with others.Using vars , the files look like the following code snippet in your playbook:vars_files:/conf/country-AU.yml/conf/datacenter-SYD.yml/conf/cluster-mysql.ymlIn the previous example, Ansible looks for country-AU.yml , datacenter-SYD.yml ,and cluster-mysql.yml in the conf folder. Each YAML file looks similar to thefollowing code snippet:---ntp: 'ntp1.au.example.com'TZ: 'Australia/Sydney'Finally you can make Ansible ask the user for each variable interactively. Thisis useful when you have variables that you don't want to make available forautomation, and instead require human input. One example where this is useful isprompting for the passphrases used to decrypt secret keys for the HTTPS servers.You can instruct Ansible to prompt for variables with the following code snippet:vars_prompt:- name: 'https_passphrase'prompt: 'Key Pas
变量选项
你可以在playbook里面定义适用于所有机器的全局变量。如果在命令行中没有提供的话,你还可以让Anisble提示变量。这种特性使得维护“操作”变得很简单,避免在一个“操作”中不停的修改同一个事物,把他放在配置的最上面,在阅读和修改的时候也不会影响到“操作”的其他设置。在变量选项中的变量会被清单中的变量(就是模块中设置的变量)覆盖。但它同时又会被库存清单中的fact覆盖。所以最好在收集一个模块后定义这些默认值,但是这些默认值不能用来作为库存变量的默认值保存,因为他们还是会覆盖它。
和目标选项一样,变量选项的配置也像一个列表或者字典
vars:
apache_version: 2.6
motd_warning: ‘WARNING: Use by ACME Employees ONLY‘
testserver: yes
给出一个变量的文件列表,变量还可以通过他们导入外部定义好的变量;也可以提供一个目录,然后指出里面的文件。这意味这我们不需要把变量都放在一个文件里面,他们可以分开存储,然后共享给所有playbooks。
从其他文件导入变量
vars_files:
/conf/country-AU.yml
/conf/datacenter-SYD.yml
/conf/cluster-mysql.yml
这些文件中的设置如下:
---
ntp: ‘ntp1.au.example.com‘
TZ: ‘Australia/Sydney‘
最后,你还看让Anisble来询问变量,当你不想自动提供这些变量的时候,让用户手工输入。比如:比如一个https应用相关的脚本,你可以让用户手工指定解密密钥。
vars_prompt: #手工确认的变量
- name: ‘https_passphrase‘ #输入数据存储的地方
prompt: ‘Key Passphrase‘ #手工确认的数据
private: yes #当这个参数设置为yes的时候,用户的输入不会显示到屏幕上
在使用variables, facts, inventory variables的时候,用{{variablename }} , ${variablename} , 或者$variablename .来表示。这个变量的语法跟字典一样,可以通过‘.’来访问属性。比如https变量有一个叫做maxclients的属性,我们可以使用{{ httpd.maxclients }}来访问。这是通过setup模块来实现的,通过{{ansible_eth0.ipv4.address }} 来访问。变量在同一个playbooks中的不同‘操作’中不会被保持。待续。。。。。。。。