Ansible Playbook 是用 YAML 格式编写的自动化脚本,用于定义配置、部署和编排任务。与临时命令相比,Playbook 更加结构化、可重复且功能强大。
一个基本的 Playbook 包含以下元素:
---
- name: 描述性名称
hosts: 目标主机或组
vars:
变量定义
tasks:
- 任务1
- 任务2
handlers:
- 处理器1
- 处理器2
--- 开始文档key: value 格式- 开头# 表示注释- hosts: webservers # 目标主机组
remote_user: root # 远程执行用户
become: yes # 是否提权
become_method: sudo # 提权方式
become_user: postgres # 提权为特定用户
vars:
http_port: 80
max_clients: 200
remote_install_path: "/opt/apps"
vars_files:
- vars/common.yml
- vars/secrets.yml
任务列表是 Playbook 的核心部分:
tasks:
- name: 确保Nginx已安装
apt:
name: nginx
state: present
when: ansible_os_family == "Debian"
- name: 复制配置文件
copy:
src: files/nginx.conf
dest: /etc/nginx/nginx.conf
notify: restart nginx
处理器用于响应任务的通知:
handlers:
- name: restart nginx
service:
name: nginx
state: restarted
---
- name: 安装并配置Nginx
hosts: webservers
become: yes
vars:
nginx_port: 8080
nginx_root: /var/www/html
tasks:
- name: 安装Nginx
apt:
name: nginx
state: latest
update_cache: yes
when: ansible_os_family == "Debian"
- name: 创建网站根目录
file:
path: "{{ nginx_root }}"
state: directory
mode: '0755'
- name: 配置Nginx
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: restart nginx
- name: 确保Nginx已启动
service:
name: nginx
state: started
enabled: yes
handlers:
- name: restart nginx
service:
name: nginx
state: restarted
---
- name: 部署Web应用
hosts: all
become: yes
vars:
db_user: app_user
db_password: "{{ vault_db_password }}"
tasks:
- name: 包含基础系统配置
include_role:
name: common
- name: 部署数据库
include_role:
name: database
when: "'db' in group_names"
- name: 部署Web服务器
include_role:
name: web
when: "'web' in group_names"
- name: 部署负载均衡器
include_role:
name: loadbalancer
when: "'lb' in group_names"
创建模板文件 templates/nginx.conf.j2:
server {
listen {{ nginx_port }};
server_name {{ server_name | default('localhost') }};
root {{ nginx_root }};
location / {
try_files $uri $uri/ =404;
}
{% if enable_php %}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
{% endif %}
}
tasks:
- name: 仅在主节点执行
command: /usr/bin/master_command
when: inventory_hostname == groups['master'][0]
- name: 检查文件是否存在
stat:
path: /etc/some_file
register: file_stat
- name: 文件存在时才执行
command: /bin/process_file
when: file_stat.stat.exists
tasks:
- name: 添加多个用户
user:
name: "{{ item }}"
state: present
groups: "wheel"
loop:
- alice
- bob
- charlie
tasks:
- name: 尝试危险操作
command: /bin/dangerous_command
ignore_errors: yes
register: cmd_result
- name: 检查是否成功
debug:
msg: "命令执行失败"
when: cmd_result is failed
目录结构组织:
playbooks/
├── site.yml
├── roles/
│ ├── common/
│ ├── web/
│ └── db/
├── group_vars/
├── host_vars/
├── files/
└── templates/
使用角色(Roles) 将相关任务、处理程序、文件和模板组织在一起
变量优先级:
-e)vars:)host_vars/)group_vars/)roles/x/defaults/main.yml)使用标签(Tags) 选择性执行任务:
tasks:
- name: 安装软件
yum:
name: "{{ item }}"
state: present
loop: "{{ packages }}"
tags:
- packages
使用Vault加密敏感数据:
ansible-vault create secrets.yml
ansible-playbook --ask-vault-pass site.yml
语法检查:
ansible-playbook --syntax-check playbook.yml
试运行:
ansible-playbook --check playbook.yml
详细输出:
ansible-playbook -v playbook.yml
逐步执行:
ansible-playbook --step playbook.yml
限制执行主机:
ansible-playbook --limit webserver1 playbook.yml
通过以上内容,您应该能够开始编写和使用 Ansible Playbook 来自动化您的 IT 基础设施管理任务。随着实践经验的积累,您可以探索更高级的功能,如动态 Inventory、自定义模块和插件等。