Devops ansible基础及常见知识点

1、 ansible普通用户执行sudo命令

# ansible -i hosts test01 -a 'ls /root' -u 'yukw' -b

test01 | FAILED! => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"module_stderr": "Shared connection to 10.0.8.80 closed.\r\n",

"module_stdout": "sudo: 需要密码\r\n",

"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",

"rc": 1

}

[ root @ cs-ansible 10.0.8.252 ] /data/services/ansible-test

# ansible -i hosts test01 -a 'ls /root' -u 'yukw' -b -K

BECOME password:

test01 | FAILED! => {

"ansible_facts": {

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false,

"module_stderr": "Shared connection to 10.0.8.80 closed.\r\n",

"module_stdout": "\r\nyukw 不在 sudoers 文件中。此事将被报告。\r\n",

"msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",

"rc": 1

}

[ root @ cs-ansible 10.0.8.252 ] /data/services/ansible-test

# ansible -i hosts test01 -a 'ls /root' -u 'yukw' -b -K

BECOME password:

test01 | CHANGED | rc=0 >>

aa.txt

[ root @ cs-ansible 10.0.8.252 ] /data/services/ansible-test

# ansible -i hosts test01 -a 'ls /root' -u 'yukw' -b -K

BECOME password:

test01 | CHANGED | rc=0 >>

nohup.out

set.sh

# ansible -i hosts test01 -a 'ls /tmp' -u 'yukw' -k

SSH password:

test01 | CHANGED | rc=0 >>

ansible_command_payload_sTef9T

hsperfdata_yfbkf

positions.yaml

systemd-private-8646b95de5734ab59354856a7f4b51e4-ntpd.service-TZubA0

ww.txt

1、普通用户必须加入到sudoers文件中

参数详解：

-u：指定用户

-b：sudo到特定用户执行，默认是root，在ansible.cfg配置文件中 #sudo_user      = root 决定

-K：用户密码，如果已经在sudoers文件中设置了免密(NOPASSWD)，则可以去掉

-k：通过账号密码的方式认证

2、ansible开启tomcat服务

## 注意事项

1、在远端机器上添加环境变量（强烈要求以后都将java/nginx/mvn等环境变量写入~/.bashrc ，然后source一下~/.bash_profile）

$ vim ~/.bashrc

export JAVA_HOME=/usr/java/jdk1.8.0_101

export PATH=/usr/java/jdk1.8.0_101/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/.local/bin:/root/bin

export CLASSPATH=.:/usr/java/jdk1.8.0_101/lib/dt.jar:/usr/java/jdk1.8.0_101/lib/tools.jar

$ source ~/.bash_profile

通过ansible批量添加命令

$ ansible -i hosts Zhanjian_Cms_Publish -m blockinfile -a 'path=~/.bashrc block="export JAVA_HOME=/usr/java/jdk1.8.0_101\nexport PATH=/usr/java/jdk1.8.0_101/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/.local/bin:/root/bin\nexport CLASSPATH=.:/usr/java/jdk1.8.0_101/lib/dt.jar:/usr/java/jdk1.8.0_101/lib/tools.jar" create=yes'

$ ansible -i hosts Zhanjian_Cms_Publish -m shell -a 'source ~/.bash_profile'

2、ansible远程调用startup.sh启动tomcat，启动不生效。

解决方法：

ansible调用shell脚本启动tomcat需要加上nohup…&

- name: start the tomcat

shell:

cmd: "nohup {{ tomcat_publish_dir}}/bin/startup.sh &"

register: start_tomcat_ret

3、ansible的Host-pattern 

4、ansible的yml文件加解密

[root@cs-ansible ansible-test]# cat mail.yml

---

- hosts: docker

gather_facts: no

roles:

- role: test

[root@cs-ansible ansible-test]# ansible-vault encrypt mail.yml

New Vault password:

Confirm New Vault password:

Encryption successful

[root@cs-ansible ansible-test]# cat mail.yml

$ANSIBLE_VAULT;1.1;AES256

33303637653132333762393935303863326266323665373233316434613162653535633230346266

6338393266333131373738333566326133623731373939300a376361316165323630636634663935

61383661363739323838363433303639613932333739653963363266383862336561373962353862

6436306535663864610a353535633765383534643237643834323737346435373330346433646332

62303161396535333030363662663866643066373039343866343731373638643162366433356634

38653437623363333737643063616564313665656437663866396634386135626666343430356335

63363335366134313837663336613536376663393333663733373663366238326139643564353330

32363635626162343464

[root@cs-ansible ansible-test]# ansible-vault decrypt mail.yml

Vault password:

Decryption successful

[root@cs-ansible ansible-test]# cat mail.yml

---

- hosts: docker

gather_facts: no

roles:

- role: test

5、一个task触发过个handler

6、过滤变量

[root@cs-ansible ansible-test]# ansible -i hosts docker -m setup -a 'filter=ansible_fqdn'

cs-docker01 | SUCCESS => {

"ansible_facts": {

"ansible_fqdn": "docker-work01",

"discovered_interpreter_python": "/usr/bin/python"

},

"changed": false

}

[root@cs-ansible ansible-test]# ansible -i hosts docker -m setup -a 'filter=*address*'

7、hosts中定义变量 一个是针对组里面的单个主机，一个是针对组里面的所有主机

8、jinja2模板语法for循环

第一种

[root@cs-ansible ansible-test]# cat 2.yml

---

- hosts: docker

remote_user: root

vars:

ports:

- 81

- 82

- 83

tasks:

- name: template config

template:

src: nginx.conf.j2

dest: /tmp/nginx.conf

[root@cs-ansible ansible-test]# cat nginx.conf.j2

{% for port in ports %}

listen: {{ port }}

{% endfor %}

[root@cs-ansible ansible-test]# ansible-playbook -i hosts 2.yml

PLAY [docker] *******************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************

ok: [cs-docker01]

TASK [template config] **********************************************************************************************************

changed: [cs-docker01]

PLAY RECAP **********************************************************************************************************************

cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'ls /tmp'

cs-docker01 | CHANGED | rc=0 >>

aa.txt

ansible_command_payload_BO8SKv

hsperfdata_root

nginx.conf

plugin860345368

rsync_fail_log.sh

systemd-private-ef8225ccd8de408ebfab34e1da5e0451-ntpd.service-fS8U7Z

test.conf

yukw

[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'cat /tmp/nginx.conf'

cs-docker01 | CHANGED | rc=0 >>

listen: 81

listen: 82

listen: 83

 第二种

[root@cs-ansible ansible-test]# cat 3.yml

---

- hosts: docker

remote_user: root

vars:

ports:

- web1:

port: 81

name: web1.kk.com

rootdir: /data/website1

- web2:

port: 82

name: web2.kk.com

rootdir: /data/website2

- web3:

port: 83

name: web3.kk.com

rootdir: /data/website3

tasks:

- name: template config

template:

src: for3.conf.j2

dest: /tmp/for3.conf

[root@cs-ansible ansible-test]# cat for3.conf.j2

{% for p in ports %}

listen: {{ p.port }}

servername: {{ p.name }}

documentroot: {{ p.rootdir }}

{% endfor %}

[root@cs-ansible ansible-test]# ansible-playbook -i hosts -C 3.yml

PLAY [docker] *******************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************

ok: [cs-docker01]

TASK [template config] **********************************************************************************************************

changed: [cs-docker01]

PLAY RECAP **********************************************************************************************************************

cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

[root@cs-ansible ansible-test]# ansible-playbook -i hosts 3.yml

PLAY [docker] *******************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************

ok: [cs-docker01]

TASK [template config] **********************************************************************************************************

changed: [cs-docker01]

PLAY RECAP **********************************************************************************************************************

cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'ls /tmp'

cs-docker01 | CHANGED | rc=0 >>

aa.txt

ansible_command_payload_21sDcT

for3.conf

hsperfdata_root

nginx.conf

plugin860345368

rsync_fail_log.sh

systemd-private-ef8225ccd8de408ebfab34e1da5e0451-ntpd.service-fS8U7Z

test.conf

yukw

[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'cat /tmp/for3.conf'

cs-docker01 | CHANGED | rc=0 >>

listen: 81

servername: web1.kk.com

documentroot: /data/website1

listen: 82

servername: web2.kk.com

documentroot: /data/website2

listen: 83

servername: web3.kk.com

documentroot: /data/website3

第三种（for+if）

[root@cs-ansible ansible-test]# cat 4.yml

---

- hosts: docker

remote_user: root

vars:

ports:

- web1:

port: 81

#name: web1.kk.com

rootdir: /data/website1

- web2:

port: 82

name: web2.kk.com

rootdir: /data/website2

- web3:

port: 83

#name: web3.kk.com

rootdir: /data/website3

tasks:

- name: template config

template:

src: for4.conf.j2

dest: /tmp/for4.conf

[root@cs-ansible ansible-test]# cat for4.conf.j2

{% for p in ports %}

listen: {{ p.port }}

{% if p.name is defined %}

servername: {{ p.name }}

{% endif %}

documentroot: {{ p.rootdir }}

{% endfor %}

[root@cs-ansible ansible-test]# ansible-playbook -i hosts -C 4.yml

PLAY [docker] *******************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************

ok: [cs-docker01]

TASK [template config] **********************************************************************************************************

changed: [cs-docker01]

PLAY RECAP **********************************************************************************************************************

cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

[root@cs-ansible ansible-test]# ansible-playbook -i hosts 4.yml

PLAY [docker] *******************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************

ok: [cs-docker01]

TASK [template config] **********************************************************************************************************

changed: [cs-docker01]

PLAY RECAP **********************************************************************************************************************

cs-docker01 : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'ls /tmp'

cs-docker01 | CHANGED | rc=0 >>

aa.txt

ansible_command_payload_iYjF7U

for3.conf

for4.conf

hsperfdata_root

nginx.conf

plugin860345368

rsync_fail_log.sh

systemd-private-ef8225ccd8de408ebfab34e1da5e0451-ntpd.service-fS8U7Z

test.conf

yukw

[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'ls /tmp/for4.conf'

cs-docker01 | CHANGED | rc=0 >>

/tmp/for4.conf

[root@cs-ansible ansible-test]# ansible -i hosts docker -a 'cat /tmp/for4.conf'

cs-docker01 | CHANGED | rc=0 >>

listen: 81

documentroot: /data/website1

listen: 82

servername: web2.kk.com

documentroot: /data/website2

listen: 83

documentroot: /data/website3

参考链接

 您阅读本篇文章共花了：