11、自定義模塊
默認(rèn)的模塊放到/usr/share/ansible
在這個目錄創(chuàng)建一個目錄hostname,然后把下面文件放到此目錄
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
15:03:26 # cat /usr/share/ansible/hostname/hostname #!/bin/bash#This script is modify system hostnameset -e# This is potentially dangeroussource ${1}OLDHOSTNAME="$(hostname)"CHANGED="False"if [ ! -z "$hostname" -a "${hostname}x" != "${OLDHOSTNAME}x" ];thenhostname $hostnameOLDHOSTNAME="$hostname"CHANGED="True"fiecho "hostname=${OLDHOSTNAME} changed=${CHANGED}"exit 0 |
查看一下vpn的當(dāng)前hostname
|
1
2
3
4
|
15:03:29 # ansible vpn -m shell -a "hostname" -u test --private-key=denglei -kSSH password: 172.17.0.10 | success | rc=0 >>ip-10-10-32-34 |
然后編寫playbook
|
1
2
3
4
5
6
|
15:04:14 # cat /etc/ansible/hostname.yml - name: Test the hostname file hosts: vpn tasks: - name: Set the hostname hostname: hostname=ip-10-10-32-34 |
運(yùn)行這個模塊
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
15:04:37 # ansible-playbook hostname.yml -u test --private-key=denglei -M /usr/share/ansible/hostname -kSSH password: PLAY [Test the hostname file] ************************************************* GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [Set the hostname] ****************************************************** ok: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=0 unreachable=0 failed=0 |
然后修改一下hostname.yml的主機(jī)名
|
1
2
3
4
5
6
|
16:20:00 # cat hostname.yml - name: Test the hostname file hosts: vpn tasks: - name: Set the hostname hostname: hostname=ip-10-10-32-34-test |
在playbook運(yùn)行
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
16:26:46 # ansible-playbook hostname.yml -u test --private-key=denglei -M /usr/share/ansible/hostname -k -K -sSSH password: sudo password [defaults to SSH password]: PLAY [Test the hostname file] ************************************************* GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [Set the hostname] ****************************************************** changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 root@ip-10-10-10-10:/etc/ansible16:26:55 # ansible vpn -m shell -a "hostname" -u test --private-key=denglei -kSSH password: 172.17.0.10 | success | rc=0 >>ip-10-10-32-34-test |
12、playbook擴(kuò)展var
擴(kuò)展var就是在playbook的yml里寫入變量,在執(zhí)行的時候制定變量從而執(zhí)行,大大的提供了重復(fù)使用率
下面做個測試
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 96-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 01:44 test-server-1-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid |
可以看到有test-server-1文件
在看看playbook文件內(nèi)容
|
1
2
3
4
5
6
7
8
9
|
[root@puppet ansible]# cat delete_vars.yml ---- hosts: {{host}} remote_user: {{user}} gather_facts: {{gather}} tasks: - name: if system is centos,then rm /tmp/test-server-1 shell: rm -rf /tmp/test-server-1 when: ansible_os_family == "RedHat" |
執(zhí)行前先檢測一下語法是否有問題,使用--synctax-check
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k --syntax-check [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). ERROR: Syntax Error while loading YAML script, delete_vars.ymlNote: The error may actually appear before this position: line 2, column 11 ---- hosts: {{host}} ^This one looks easy to fix. YAML thought it was looking for the start of a hash/dictionary and was confused to see a second "{". Most likely this wasmeant to be an ansible template evaluation instead, so we have to give the parser a small hint that we wanted a string instead. The solution here is to just quote the entire value. For instance, if the original line was: app_path: {{ base_path }}/foo It should be written as: app_path: "{{ base_path }}/foo" We could be wrong, but this one looks like it might be an issue withmissing quotes. Always quote template expression brackets when they start a value. For instance: with_items: - {{ foo }} Should be written as: with_items: - "{{ foo }}" This one looks easy to fix. YAML thought it was looking for the start of a hash/dictionary and was confused to see a second "{". Most likely this wasmeant to be an ansible template evaluation instead, so we have to give the parser a small hint that we wanted a string instead. The solution here is to just quote the entire value. For instance, if the original line was: app_path: {{ base_path }}/foo It should be written as: app_path: "{{ base_path }}/foo" |
可以看到有問題
解決方法是把var的變量前后添加""或者''
|
1
2
3
4
5
6
7
8
9
|
[root@puppet ansible]# cat delete_vars.yml ---- hosts: "{{host}}" remote_user: "{{user}}" gather_facts: "{{gather}}" tasks: - name: if system is centos,then rm /tmp/test-server-1 shell: rm -rf /tmp/test-server-1 when: ansible_os_family == "RedHat" |
然后再檢測一下
|
1
2
3
4
5
6
|
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k --syntax-check [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). playbook: delete_vars.yml |
沒有問題了,在運(yùn)行一下
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=False" -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** TASK: [if system is centos,then rm /tmp/test-server-1] ************************ fatal: [172.17.0.10] => error while evaluating conditional: ansible_os_family == "RedHat" FATAL: all hosts have already failed -- aborting PLAY RECAP ******************************************************************** to retry, use: --limit @/root/delete_vars.retry 172.17.0.10 : ok=0 changed=0 unreachable=1 failed=0 |
無法運(yùn)行,原因是我yml里制定了獲取fact信息后,判斷如果是redhat系列系統(tǒng)才刪除,而我在運(yùn)行的指定不收集fact,下面在指定收集fact
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@puppet ansible]# ansible-playbook delete_vars.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-1] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 |
可以看到運(yùn)行成功了
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid |
文件刪除了
13、tags
使用tag可以讓playbook選擇性的運(yùn)行程序
查看一下客戶端情況
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 92-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid |
帶有tag的yml文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@puppet ansible]# cat delete_vars_tags.yml ---- hosts: "{{host}}" remote_user: "{{user}}" gather_facts: "{{gather}}" tasks: - name: if system is centos,then rm /tmp/test-server-1 shell: rm -rf /tmp/test-server-1 when: ansible_os_family == "RedHat" tags: server-1 - name: if system is centos,then rm /tmp/test-server-2 shell: rm -rf /tmp/test-server-2 when: ansible_os_family == "RedHat" tags: server-2 |
做一下錯誤檢測
|
1
2
3
4
5
6
|
[root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" --tags server-2 -k --syntax-check [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). playbook: delete_vars_tags.yml |
沒問題在運(yùn)行
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" --tags server-2 -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-2] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 |
查看一下客戶端的文件情況
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 88-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid |
從上面測試可以看到,如果playbook使用了tag,并且在運(yùn)行中指定tag,那么運(yùn)行的時候僅允許此tag的信息
下面是測試運(yùn)行時候不帶tag的情況
先創(chuàng)建文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
[root@puppet ansible]# cat copy.yml ---- hosts: vpn remote_user: test tasks: - name: copy local server to client /tmp/server-test template: src=/tmp/server dest=/tmp/test-{{item}} with_items: - server-1 - server-2 - server-3[root@puppet ansible]# ansible-playbook copy.yml --private-key=/root/denglei -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [copy local server to client /tmp/server-test] ************************** changed: [172.17.0.10] => (item=server-1)changed: [172.17.0.10] => (item=server-2)ok: [172.17.0.10] => (item=server-3) PLAY RECAP ******************************************************************** 172.17.0.10 : ok=2 changed=1 unreachable=0 failed=0 [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 96-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 19 19:02 test-server-1-rw-rw-r-- 1 test test 7 Jun 19 19:02 test-server-2-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid |
然后再不指定tag運(yùn)行
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
[root@puppet ansible]# ansible-playbook delete_vars_tags.yml --private-key=/root/denglei --extra-vars "host=vpn user=test gather=True" -k [WARNING]: The version of gmp you have installed has a known issue regardingtiming vulnerabilities when used with pycrypto. If possible, you should updateit (ie. yum update gmp). SSH password: PLAY [vpn] ******************************************************************** GATHERING FACTS *************************************************************** ok: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-1] ************************ changed: [172.17.0.10] TASK: [if system is centos,then rm /tmp/test-server-2] ************************ changed: [172.17.0.10] PLAY RECAP ******************************************************************** 172.17.0.10 : ok=3 changed=2 unreachable=0 failed=0 [root@puppet ansible]# ansible vpn -m shell -a "ls -l /tmp/" -u test --private-key=/root/denglei -kSSH password: 172.17.0.10 | success | rc=0 >>total 88-rw-r--r-- 1 root root 41692 May 21 13:02 config-rw-r--r-- 1 root root 1228 Jun 12 18:24 install_pptpd_vpn.sh-rwxr-xr-x 1 root root 7 Jun 13 19:33 server-rw-rw-r-- 1 test test 7 Jun 14 17:07 server-test-rw-rw-r-- 1 test test 7 Jun 18 00:50 test-server-3-rw-r--r-- 1 root root 82 Jun 12 18:21 test.log-rw-r--r-- 1 root root 290 Jun 12 18:21 test.sh-rw-r--r-- 1 root root 2444 Apr 28 2012 vpn_centos6.sh-rw------- 1 root root 727 Jun 10 18:21 yum_save_tx-2014-06-10-18-21UrqDAp.yumtx-rw-rw-r-- 1 zabbix zabbix 4664 Jun 14 00:30 zabbix_agentd.log-rw-rw-r-- 1 zabbix zabbix 5 Jun 14 00:30 zabbix_agentd.pid |
可以看到如果不知道tag,那么運(yùn)行的時候,會全部運(yùn)行。
FAQ:
1、出現(xiàn)Error: ansible requires a json module, none found!
|
1
2
3
4
5
6
|
SSH password: 172.17.0.4 | FAILED >> { "failed": true, "msg": "Error: ansible requires a json module, none found!", "parsed": false} |
原因是python版本過低,要不升級python要不就安裝python-simplejson,下面是官方的話
|
1
|
On the managed nodes, you only need Python 2.4 or later, but if you are running less than Python 2.5 on the remotes, you will also need: |
安裝完成后,在查看
|
1
2
3
4
5
|
SSH password: 172.17.0.4 | success >> { "changed": false, "ping": "pong"} |
2、默認(rèn)ansible是使用key驗證的,如果使用密碼登陸的服務(wù)器,使用ansible的話,要不修改ansible.cfg配置文件的ask_pass = True給取消注釋,要不就在運(yùn)行命令時候加上-k,這個意思是-k, --ask-pass ask for SSH password
3、如果客戶端不在know_hosts里將會報錯
|
1
2
3
|
paramiko: The authenticity of host '172.17.0.5' can't be established. The ssh-rsa key fingerprint is 397c139fd4b0d763fcffaee346a4bf6b. Are you sure you want to continue connecting (yes/no)? |
如果想解決此問題,需要修改ansible.cfg的#host_key_checking = False取消注釋
4、如果出現(xiàn)
|
1
2
3
|
[root@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei172.17.0.2 | FAILED => FAILED: not a valid DSA private key file172.17.0.4 | FAILED => FAILED: not a valid DSA private key file |
需要你在最后添加參數(shù)-k
|
1
2
3
4
5
6
7
|
[root@puppet ansible]# ansible zabbix -m shell -a "echo $TERM" -u denglei --private-key=/root/denglei -kSSH password: 172.17.0.2 | success | rc=0 >>xterm 172.17.0.4 | success | rc=0 >>xterm |
