ansible常用操作参考

字符串变量拼接操作

- hosts: all
  gather_facts: yes
  vars:
    - node_peer_port: 8128
  tasks:
    - name: storage
      set_fact: host_list="{{ groups['node'] }}"
    - name: combine
      set_fact: host_list="{% for item in host_list %} node{{ item.split(".")[2] }}_{{ item.split(".")[3]}}=http://{{item}}:{{ node_peer_port }} {% endfor %}"
    - name: display
      set_fact: cluster_hosts={{ host_list.split() | join(",") }}
    - name: debug
      debug: var=cluster_hosts
    - name: init
      set_fact: temp_list="{% for i in range(4) %} {{ ansible_default_ipv4.address.split(".")[i] }} {% endfor %}"
    - debug: "var=temp_list"
    - name: set value
      set_fact: node_name=node_{{ temp_list.split() | join("_") }}
    - name: debug
      debug: var=node_name

ansible 常用命令

# 时区配置
ansible all -m shell -a "timedatectl set-timezone Asia/Shanghai"
# ntp时间同步
ansible all -m yum -a "name=chrony state=present"
ansible all -m copy -a "src=/etc/chrony.conf dest=/etc/chrony.conf"
ansible all -m service -a "name=chronyd state=restarted enabled=yes"
# 关闭 selinux
ansible all -m selinux -a 'state=permissive policy=targeted'
# 关闭防火墙
ansible all -m service  -a "name=firewalld state=stopped enabled=no"
# 关闭邮件服务
ansible all -m systemd -a "name=postfix state=stopped enabled=no"

ansible playbook 变量优先级(ansible [core 2.11.3])：

1. 命令行 -e 指定
2. roles/test/vars/name 角色里面定义
3. playbook/vars_files/name playbook文件里vars_files指定的文件
4. playbook/vars/name playbook文件里vars指定的变量
5. group_vars/local/name group_vars/local 文件中定义的变量
6. group_vars/all/name group_vars/all 文件中定义的变量
7. inventory/name -i 所指定的 inventory定义的变量

修改用户密码

- hosts: all
  tasks:
  - name: change user passwd
    user: name={{ item.name }} password={{ item.chpass | password_hash('sha512') }} update_password=always
    with_items:
    - { name: 'root', chpass: 'rootpassword' }

安装chrony

- hosts: all
  become: yes
  tasks:
  - name: 安装 chrony
    package: name=chrony state=present
  - name: 启动chronyd服务，并设置开机启动
    service: name=chronyd state=started enabled=yes

定时任务

- name: set crontab
  hosts: all
  tasks:
    - name: 定时任务
      cron:
        name: 定时任务
        minute: "*"
        user: root
        job: "要定时执行的命令"
        state: "present"

命令行

ansible all -i hosts -m cron -a "name='定时任务' minute='*' job='要定时执行的命令'"

iptables

- hosts: all
  tasks:
  - name:
    ansible.builtin.iptables:
      chain: INPUT
      source: 10.1.1.14,10.1.1.1
      jump: ACCEPT
    become: yes
  - name: DROP 10.1.1.0/24
    ansible.builtin.iptables:
      chain: INPUT
      source: 10.1.1.0/24
      jump: DROP
    become: yes

lineinfile

- hosts: all
  tasks:
  - name: modify selinux
    lineinfile:
      dest: /etc/selinux/config
      regexp: '^SELINUX='
      line: 'SELINUX=disabled'

lvm

- hosts: all
  vars:
  - DEVICE: /dev/vdb
  - VGNAME: vg_data
  - LVNAME: lv_data
  - LVSIZE: 100%FREE
  - FSTYPE: xfs
  - MOUNT_PATH: /data
  tasks:
  - name: 安装依赖
    package: name=lvm2 state=present
  - name: Create a volume group "{{ VGNAME }}" on "{{ DEVICE }}"
    lvg:
      vg: "{{ VGNAME }}"
      pvs: "{{ DEVICE }}"

  - name: Create a logical volume
    lvol:
      vg: "{{ VGNAME }}"
      lv: "{{ LVNAME }}"
      size: "{{ LVSIZE }}"
  - name: Create a xfs filesystem on logical volume "{{ LVNAME }}"
    filesystem:
      fstype: "{{ FSTYPE }}"
      dev: /dev/{{ VGNAME }}/{{ LVNAME }}

  - name: Create "{{ MOUNT_PATH }}"
    file:
      path: "{{ MOUNT_PATH }}"
      state: directory

  - name: Mount up logical volume "{{ LVNAME }}"
    mount:
      path: "{{ MOUNT_PATH }}"
      src: /dev/{{ VGNAME }}/{{ LVNAME }}
      fstype: "{{ FSTYPE }}"
      state: present

  - name: enable mount
    shell: mount -a

nginx

- hosts: nginx
  remote_user: root
  tasks:
    - name: install nginx
      yum: name=nginx state=present
    - name: copy nginx.conf
      copy: src=/app/ansible/nginx.conf dest=/etc/nginx/nginx.conf backup=yes
      notify: reload
      tags: reloadnginx
    - name: start nginx service
      service: name=nginx state=started
      tags: startnginx
  handlers:
    - name: reload
      service: name=nginx state=restarted

设置hostname，需要提前配置好hosts中的name字段

- name: modify hostname
  hosts: all
  tasks:
    - name: modify /etc/hosts
      lineinfile:
        dest: /etc/hosts
        line: "{{ ansible_default_ipv4['address'] }} {{ inventory_hostname }}"
    - name: set hostname
      hostname: 'name={{ inventory_hostname }}'

更新内核

- hosts: all
  tasks:
    - name: Add ELRepo
      yum:
        name: rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
        state: latest
    - name: Install latest longterm kernel
      yum:
        name: kernel-lt
        state: latest
        enablerepo: elrepo-kernel
    - name: Remake grub config to pick up new kernel
      command: grub2-mkconfig -o /boot/grub2/grub.cfg
    - name: Restart server to ensure configuration changes take hold
      shell: 'sleep 2 && shutdown -r now "Reboot triggered by Ansible" && sleep 5'
      async: 1
      poll: 0
      become: true
    - name: Wait for the server to restart
      local_action:
        module: wait_for
          host={{ inventory_hostname }}
          port=22
          delay=10
      become: false