ansbile-playbook is a collection of system ansible commands, which is written in the yaml language and runs the process. The ansbile-playbook commands are executed in top-down order. At the same time, playbook has created many features. It allows you to transfer the status of a certain command to a subsequent command. For example, you can grab content from a file on one machine and attach it as a variable, and then use it on another machine. This allows you to implement some complex deployment mechanisms that are not possible with ansible commands.
Playbook is used through the ansible-playbook command. Its parameters are similar to the ansible command, such as the parameters -k (–ask-pass) and -K (–ask-sudo) to ask for the ssh password and sudo password, and -u to specify the user. ,These instructions can also be written in the playbook through ,prescribed units. Simple usage of ansible-playbook: ansible-playbook example-play.yml.
A simple ansible-playbook example is given below to understand its composition.
# cat user.yml
- name: create user
hosts: all
user: root
gather_facts: false
vars:
- user: "test"
tasks:
- name: create user
user: name="{{ user }}"
The function implemented by the playbook above is to add a new user:
The name parameter provides an overview of the functions implemented by the playbook. During subsequent execution, the value of the name variable will be printed;
The hosts parameter specifies which hosts to participate in;
The user parameter specifies the user to use to log in to the remote host;
The gather_facts parameter specifies whether to execute the setup module to obtain host-related information before the following tasks are executed. This will be used when subsequent tasks will use the information obtained by the setup;
The vars parameter specifies a variable. Here it refers to a user variable whose value is test. It should be noted that the variable value must be enclosed in quotation marks;
task specifies a task, and the name parameter below it is also a description of the task, which will be printed out during execution. User specifies calling the user module, name is a parameter in the user module, and the added user name calls the value of the user variable above. The specific execution results are as follows:
[root@361way playbooks]# ansible-playbook user.yml PLAY [create user] ************************************************************ TASK: [create user ] ********************************************** changed: [10.212.52.252] changed: [10.212.52.14] changed: [10.212.52.16] PLAY RECAP ******************************************************************** 10.212.52.14 : ok=1 changed=1 unreachable=0 failed=0 10.212.52.16 : ok=1 changed=1 unreachable=0 failed=0 10.212.52.252 : ok=1 changed=1 unreachable=0 failed=0
Similarly, if you want to delete this newly added user, you only need to replace the last line of the playbook file with the following line and then execute the corresponding playbook:
user: name="{{ user }}" state=absent remove=yes
Give us a slightly more complicated example, using ansible-playbook to simultaneously patch bash shellcode vulnerabilities on N hosts. It should be noted that there may be different system versions distributed among the hosts on the existing network. It is assumed here that both centos5 and 6 versions exist on the existing network. The specific playbook content is as follows:
# cat update_bash.yml - hosts: all remote_user: root gather_facts: True tasks: - name: update bash in redhat 6 version yum: name=http://mirrors.aliyun.com/centos/6.6/os/x86_64/Packages/bash-4.1.2-29.el6.x86_64.rpm.rpm state=present when: ansible_os_family == "RedHat" and ansible_distribution_version|int >=6 - name: update bash in redhat 5 version yum: name=http://mirrors.hustunique.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5.1.x86_64.rpm state=present when: ansible_os_family == "RedHat" and ansible_distribution_version|int <p>The when statement is used above, and the gather_facts setup module is also enabled. The ansible_os_family variable and ansible_distribution_version variable here are the information obtained directly from the setup module. </p> <p>If there are a large number of hosts, just add -f when running and select an appropriate number of concurrent hosts. I used this here and the bash upgrade was completed quickly. </p> <div style="font-size: 14pt; color: white; background-color: black; border-left: red 10px solid; padding-left: 14px; margin-bottom: 20px; margin-top: 20px;"><strong>3. The composition of playbook</strong></div> <p>playbook是由一个或多个“play”组成的列表。play的主要功能在于将事先归并为一组的主机装扮成事先通过ansible中的task定义好的角色。从根本上来讲所谓task无非是调用ansible的一个module。将多个play组织在一个playbook中即可以让它们联同起来按事先编排的机制同唱一台大戏。其主要有以下四部分构成</p> <ol class="linenums"> <li class="L0"><span class="pln">playbooks组成:</span></li> <li class="L1"><span class="pln"> Target section: 定义将要执行 playbook 的远程主机组</span></li> <li class="L2"><span class="pln"> Variable section: 定义 playbook 运行时需要使用的变量</span></li> <li class="L3"><span class="pln"> Task section: 定义将要在远程主机上执行的任务列表</span></li> <li class="L4"><span class="pln"> Handler section: 定义 task 执行完成以后需要调用的任务</span></li> </ol> <p>而其对应的目录层为五个,如下:</p> <ol class="linenums"> <li class="L0"><span class="pln">一般所需的目录层有:(视情况可变化)</span></li> <li class="L1"><span class="pln"> vars 变量层</span></li> <li class="L2"><span class="pln"> tasks 任务层</span></li> <li class="L3"><span class="pln"> handlers 触发条件</span></li> <li class="L4"><span class="pln"> files 文件</span></li> <li class="L5"><span class="pln"> template 模板</span></li> </ol> <p>下面介绍下构成playbook 的四层结构。</p> <div style="margin-top: 2em; margin-bottom: 1em;"><span style="color: #1e1e1e; letter-spacing: 2px; border-left: #FF3030 3px solid; border-right: #FF3030 3px solid; padding-left: 8px; padding-right: 8px; font-size: 12pt;"><strong>1、Hosts和Users</strong></span></div> <p>playbook中的每一个play的目的都是为了让某个或某些主机以某个指定的用户身份执行任务。</p> <p>hosts 用于指定要执行指定任务的主机其可以是一个或多个由冒号分隔主机组。</p> <p>remote_user 则用于指定远程主机上的执行任务的用户。<br> 不过remote_user也可用于各task中。也可以通过指定其通过sudo的方式在远程主机上执行任务其可用于play全局或某任务。<br> 此外甚至可以在sudo时使用sudo_user指定sudo时切换的用户。</p> <p>示例:</p> <pre class="brush:php;toolbar:false">- hosts: webnodes tasks: - name: test ping connection: remote_user: test sudo: yes
play的主体部分是task list。
task list中的各任务按次序逐个在hosts中指定的所有主机上执行即在所有主机上完成第一个任务后再开始第二个。在运行自下而下某playbook时如果中途发生错误所有已执行任务都将回滚因此在更正playbook后重新执行一次即可。
task的目的是使用指定的参数执行模块而在模块参数中可以使用变量。模块执行是幂等的这意味着多次执行是安全的因为其结果均一致。每个task都应该有其name用于playbook的执行结果输出建议其内容尽可能清晰地描述任务执行步骤。如果未提供name则action的结果将用于输出。
定义task的可以使用“action: module options”或“module: options”的格式推荐使用后者以实现向后兼容。如果action一行的内容过多也中使用在行首使用几个空白字符进行换行。
tasks: - name: make sure apache is running service: name=httpd state=running 在众多模块中只有command和shell模块仅需要给定一个列表而无需使用“key=value”格式例如 tasks: - name: disable selinux command: /sbin/setenforce 0 如果命令或脚本的退出码不为零可以使用如下方式替代 tasks: - name: run this command and ignore the result shell: /usr/bin/somecommand || /bin/true 或者使用ignore_errors来忽略错误信息 tasks: - name: run this command and ignore the result shell: /usr/bin/somecommand ignore_errors: True
用于当关注的资源发生变化时采取一定的操作。
“notify”这个action可用于在每个play的最后被触发这样可以避免多次有改变发生时每次都执行指定的操作取而代之仅在所有的变化发生完成后一次性地执行指定操作。
在notify中列出的操作称为handler也即notify中调用 handler中定义的操作。
注意:在 notify 中定义内容一定要和tasks中定义的 - name 内容一样,这样才能达到触发的效果,否则会不生效。
- name: template configuration file template: src=template.j2 dest=/etc/foo.conf notify: - restart memcached - restart apache handler是task列表这些task与前述的task并没有本质上的不同。 handlers: - name: restart memcached service: name=memcached state=restarted - name: restart apache service: name=apache state=restarted
tags用于让用户选择运行或略过playbook中的部分代码。ansible具有幂等性因此会自动跳过没有变化的部分即便如此有些代码为测试其确实没有发生变化的时间依然会非常地长。
此时如果确信其没有变化就可以通过tags跳过此些代码片断。
下面再给出一个安装httpd web服务的示例:
# cat /etc/ansible/playbook/install_web.yml
- hosts: webservers
remote_user: root
gather_fasks: False
vars:
packages: httpd
tasks:
- name: Install httpd
yum: name={{ packages }} state=present
- name: Cofiguration httpd
copy: src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf
tags: httpd_conf
notify:
- restart httpd
- name: Start httpd
service: name=httpd state=started enabled=no
tags: start
- name:Add centos user
user: name={{ item }} state=absent
tags: adduser
with_items:
- centos
- admin
handlers:
- name: restart httpd
service: name=httpd state=restart
注:上面的代码没有考虑ubuntu平台,仅仅考虑centos/redhat平台。
The above is the detailed content of Ansible usage: simple use of ansible-playbook. For more information, please follow other related articles on the PHP Chinese website!
什么是linux设备节点Apr 18, 2022 pm 08:10 PMlinux设备节点是应用程序和设备驱动程序沟通的一个桥梁;设备节点被创建在“/dev”,是连接内核与用户层的枢纽,相当于硬盘的inode一样的东西,记录了硬件设备的位置和信息。设备节点使用户可以与内核进行硬件的沟通,读写设备以及其他的操作。
Linux中open和fopen的区别有哪些Apr 29, 2022 pm 06:57 PM区别:1、open是UNIX系统调用函数,而fopen是ANSIC标准中的C语言库函数;2、open的移植性没fopen好;3、fopen只能操纵普通正规文件,而open可以操作普通文件、网络套接字等;4、open无缓冲,fopen有缓冲。
linux中什么叫端口映射May 09, 2022 pm 01:49 PM端口映射又称端口转发,是指将外部主机的IP地址的端口映射到Intranet中的一台计算机,当用户访问外网IP的这个端口时,服务器自动将请求映射到对应局域网内部的机器上;可以通过使用动态或固定的公共网络IP路由ADSL宽带路由器来实现。
linux中eof是什么May 07, 2022 pm 04:26 PM在linux中,eof是自定义终止符,是“END Of File”的缩写;因为是自定义的终止符,所以eof就不是固定的,可以随意的设置别名,linux中按“ctrl+d”就代表eof,eof一般会配合cat命令用于多行文本输出,指文件末尾。
linux怎么判断pcre是否安装May 09, 2022 pm 04:14 PM在linux中,可以利用“rpm -qa pcre”命令判断pcre是否安装;rpm命令专门用于管理各项套件,使用该命令后,若结果中出现pcre的版本信息,则表示pcre已经安装,若没有出现版本信息,则表示没有安装pcre。
linux怎么查询mac地址Apr 24, 2022 pm 08:01 PMlinux查询mac地址的方法:1、打开系统,在桌面中点击鼠标右键,选择“打开终端”;2、在终端中,执行“ifconfig”命令,查看输出结果,在输出信息第四行中紧跟“ether”单词后的字符串就是mac地址。
linux中rpc是什么意思May 07, 2022 pm 04:48 PM在linux中,rpc是远程过程调用的意思,是Reomote Procedure Call的缩写,特指一种隐藏了过程调用时实际通信细节的IPC方法;linux中通过RPC可以充分利用非共享内存的多处理器环境,提高系统资源的利用率。
什么是linux交叉编译Apr 29, 2022 pm 06:47 PM在linux中,交叉编译是指在一个平台上生成另一个平台上的可执行代码,即编译源代码的平台和执行源代码编译后程序的平台是两个不同的平台。使用交叉编译的原因:1、目标系统没有能力在其上进行本地编译;2、有能力进行源代码编译的平台与目标平台不同。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
WebStorm Mac version
Useful JavaScript development tools
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
