ansible-console

etcd 动态Inventory
https://gist.github.com/justenwalker/09698cfd6c3a6a49075b

etcd + ansible = crazy delicious

ansible delegate_to 任务委派

任务委派就是 在playbook中指定 某任务只在指定的主机上执行

比如
我要在192.168.1.1 服务器添加一个hosts 记录 “1.1.1.1 www.abc.com” ,同时也要把这个hosts 记录写到192.168.1.2

ansible hosts 192.168.1.1 文件内容
[all]
192.168.1.1

ansible task 文件内容(192.168.1.1.yml)：

• name: add host record
  shell: “echo “1.1.1.1 www.abc.com” >> /etc/hosts”

• name: add host record
  shell: “echo “1.1.1.1 www.abc.com” >> /etc/hosts”
  delegate_to: 192.168.1.2

  添加上面这一行，就可以了

如果是委派给localhost 请使用local_action

如下结果一样

tasks:

• name: Get config
  get_url: dest=configs/ force=yes url=http:///diagnostic/config
  delegate_to: localhost
  当你委派给本机的时候，还可以使用更快捷的方法local_action，代码如下：

• name: Fetch configuration from all webservers
  hosts: webservers

tasks:

• name: Get config
  local_action: get_url dest=configs/.cfg url=http:///diagnostic/config

ansible group_by 对所有主机 分组

Example playbook to demonstrate the group_by action plugin.

#

as we know, the setup module will automatically run in each play, and sets up various

facts. We can then create temporary (in memory only) groups based on those facts, which

are useful ways of selecting similar sets of hosts.

#

Additionally, we can use the ‘register’ keyword in Ansible to set similar variables

and use those for grouping. This is not shown in this example.

• hosts: all

  tasks:

  • name: Create a group of all hosts by operating system
    action: group_by key=${ansible_distribution}-${ansible_distribution_version}

the following host group does not exist in inventory and was created by the group_by

module.

• hosts: CentOS-6.2

  tasks:

  • name: ping all CentOS 6.2 hosts
    action: ping

• hosts: CentOS-6.3

  tasks:

  • name: ping all CentOS 6.3 hosts
    action: ping

ansible lookup 模块可以直接调用自己写的模块

具体可参考这里：
https://github.com/ansible/lightbulb/tree/master/workshops/developer/lookup_plugins

这个方法 只在ansible2 中可用

自己可以写本地的模块，在ansible中调用自定义的本地模块，可以把本地的值传给远程

loop_plugins 可以实现 模糊 copy

这个模块 其实依赖于 lookup_plugins

in addition to loop_with_items, the loop that works over a variable, ansible can do more sophisticated looping.

developer types: these are powered by ‘lookup_plugins’ should you ever decide to write your own

see lib/ansible/runner/lookup_plugins/fileglob.py – they can do basically anything!

• hosts: all
  gather_facts: no

  tasks:

  this will copy a bunch of config files over – dir must be created first

  • file: dest=/etc/fooapp state=directory

  • copy: src=$item dest=/etc/fooapp/ owner=root mode=600
    with_fileglob: /playbooks/files/fooapp/*

ansible-playbook 动态添加主机

add_host模块 ansible 2.0

---
- name: launch instances
  os_server:
    name: "{{ prefix }}-{{ item.name }}"
    state: present
    key_name: "{{ item.key }}"
    availability_zone: "{{ item.availability_zone }}"
    nics: "{{ item.nics }}"
    image: "{{ item.image }}"
    flavor: "{{ item.flavor }}"
  with_items: "{{ servers }}"
  register: "os_hosts"

- name: add hosts to inventory
  add_host:
    name: "{{ item['openstack']['human_id'] }}"
    groups: "{{ item['item']['meta']['group'] }}"
    ansible_host: "{{ item.openstack.accessIPv4 }}"
  with_items: "{{ os_hosts.results }}"

参考:

#ansible-pull 模式

ansible-pull 是ansible提供的一个命令

是为了大规模 可持续部署而设置的简单方式

传统的我们使用ansible 是在push模式，就是 我们把我们的配置推送到远程主机

现在 ansible 支持 pull模式

$ ansible-pull -U https://github.com/training-devops/ansible-pull-example -i

可以设置定时任务，让ansible自动 去git仓库中下载内容，如果git仓库有改变，
自动执行 对应的 inventory 和对应的playbook

$cat inventory
[local]
127.0.0.1

$cat local.yml

• hosts: local

  tasks:

  • name: install vim
    dnf: pkg=vim state=installed

yh ➜ cc ansible-pull -U https://github.com/training-devops/ansible-pull-example -i /etc/ansible/hosts
Starting ansible-pull at 2016-12-11 18:02:42
localhost | success >> {
“after”: “70339e8d7f435272e99798de9b004b10ccd7cd10”,
“before”: “70339e8d7f435272e99798de9b004b10ccd7cd10”,
“changed”: false
}

PLAY [local] **

GATHERING FACTS *
ok: [127.0.0.1]

TASK: [install vim] *

ansible raw 模块

ansible 需要客户端 至少要有python-json 这个包依赖，但是如果你想批量安装这个包怎么办

可以使用raw 模块，raw模块和command模块基本一样，只是不需要python依赖，可以给一些交换机 等批量发命令

用法如下:

Bootstrap a legacy python 2.4 host

• raw: yum -y install python-simplejson

ansible-加密-ansible-vault的使用

用法：
加密:
ansible-vault encrypt group_vars/all

查看：
ansible-vault view site.yml

解密：
ansible-vault decrypt site.yml

交互输入：
ansible-playbook -i hosts site.yml –tags=jre_install –ask-vault-pass

从文件中读取
ansible-playbook -i hosts site.yml –tags=jre_install –vault-password-file ~/.vault_pass.txt

参考：
http://ansible-tran.readthedocs.io/en/latest/docs/playbooks_vault.html

In 2.x, we have made the order of precedence more specific (with the last listed variables winning prioritization):

role defaults [1]
inventory vars [2]
inventory group_vars
inventory host_vars
playbook group_vars
playbook host_vars
host facts
play vars
play vars_prompt
play vars_files
registered vars
set_facts
role and include vars
block vars (only for tasks in block)
task vars (only for the task)
extra vars (always win precedence)