网站域名和密码,flex网站模板,自己架设的传奇怎么做网站,wordpress标签美化代码大家好#xff0c;我是早九晚十二#xff0c;目前是做运维相关的工作。写博客是为了积累#xff0c;希望大家一起进步#xff01; 我的主页#xff1a;早九晚十二 专栏名称#xff1a;Ansible从入门到精通 立志成为ansible大佬 ansible templates 模板#xff08;templa… 大家好我是早九晚十二目前是做运维相关的工作。写博客是为了积累希望大家一起进步 我的主页早九晚十二 专栏名称Ansible从入门到精通 立志成为ansible大佬 ansible templates 模板templates的认识模板的使用方式模板的目录帮助文档使用模板管理nginx修改nginx的work数量ansible cpu变量查看编辑模板文件修改template剧本再次执行查看配置文件是否读取变量 when的使用查看版本号执行剧本嵌套变量传递FOR循环与条件判断FOR循环if判断 模板templates的认识
模板的使用方式
文本文件嵌套有脚本使用模板编程语言编写jinja2语言使用字面量有下面形式 字符串使用单引号或者双引号 数字整数浮点数 列表[item1,item2,…] 元组item1,item2,… 字典:{key1:value1,key2:value2,…} 布尔true/false算数运算-*///,%,**比较运算!,,,,逻辑运算and,or,not流表达式For If When
模板的目录
一般建议在ansible目录下创建templates目录与playbook剧本平行
帮助文档
[rootzhaoyj ansible]# ansible-doc -s template
- name: Template a file out to a remote servertemplate:attributes: # The attributes the resulting file or directory should have. To get supported flags look at the man page for chattr on the targetsystem. This string should contain the attributes in the same order as the one displayed by lsattr. The operator is assumed as default, otherwise or - operators need to be included in the string.backup: # Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.block_end_string: # The string marking the end of a block.block_start_string: # The string marking the beginning of a block.dest: # (required) Location to render the template to on the remote machine.follow: # Determine whether symbolic links should be followed. When set to yes symbolic links will be followed, if they exist. When set to nosymbolic links will not be followed. Previous to Ansible 2.4, this was hardcoded as yes.force: # Determine when the file is being transferred if the destination already exists. When set to yes, replace the remote file when contentsare different than the source. When set to no, the file will only be transferred if the destination doesnot exist.group: # Name of the group that should own the file/directory, as would be fed to chown.lstrip_blocks: # Determine when leading spaces and tabs should be stripped. When set to yes leading spaces and tabs are stripped from the start of aline to a block. This functionality requires Jinja 2.7 or newer.mode: # The permissions the resulting file or directory should have. For those used to /usr/bin/chmod remember that modes are actually octalnumbers. You must either add a leading zero so that Ansibles YAML parser knows it is an octal number(like 0644 or 01777) or quote it (like 644 or 1777) so Ansible receives a string and can doits own conversion from string into number. Giving Ansible a number without following one of these ruleswill end up with a decimal number which will have unexpected results. As of Ansible 1.8, the mode may bespecified as a symbolic mode (for example, urwx or urw,gr,or).newline_sequence: # Specify the newline sequence to use for templating files.output_encoding: # Overrides the encoding used to write the template file defined by dest. It defaults to utf-8, but any encoding supported by pythoncan be used. The source template file must always be encoded using utf-8, for homogeneity.owner: # Name of the user that should own the file/directory, as would be fed to chown.selevel: # The level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the range. When set to _default, itwill use the level portion of the policy if available.serole: # The role part of the SELinux file context. When set to _default, it will use the role portion of the policy if available.
使用模板管理nginx
模拟一个nginx的模板文件
cp /etc/nginx/nginx.conf /root/ansible/templates/nginx.conf.j2编写yml剧本
[rootzhaoyj ansible]# cat templates.yml
---
- hosts: testremote_user: roottasks:- name: install pkgyum: namenginx- name: copy templatetemplate: srcnginx.conf.j2 dest/etc/nginx/nginx.conf- name: start serviceservice: namenginx statestarted enabledyes
...测试yml
[rootzhaoyj ansible]# ansible-playbook -C templates.yml 执行这里报错了是因为主控机有证书
[rootzhaoyj ansible]# ansible-playbook templates.yml PLAY [test] ***********************************************************************************************************************************************************************************************************TASK [Gathering Facts] ************************************************************************************************************************************************************************************************
ok: [192.168.6.249]TASK [install pkg] ****************************************************************************************************************************************************************************************************
changed: [192.168.6.249]TASK [copy template] **************************************************************************************************************************************************************************************************
changed: [192.168.6.249]TASK [start service] **************************************************************************************************************************************************************************************************
fatal: [192.168.6.249]: FAILED! {changed: false, msg: Unable to start service nginx: Job for nginx.service failed because the control process exited with error code. See \systemctl status nginx.service\ and \journalctl -xe\ for details.\n}PLAY RECAP ************************************************************************************************************************************************************************************************************
192.168.6.249 : ok3 changed2 unreachable0 failed1 skipped0 rescued0 ignored0 修改nginx的work数量
修改nginx的work数量根据实际的cpu生成
ansible cpu变量查看
[rootzhaoyj ansible]# ansible test -m setup |grep cpuansible_processor_vcpus: 8, 编辑模板文件
[rootzhaoyj templates]# vim nginx.conf.j2 user nginx;
worker_processes {{ ansible_processor_vcpus*2 }};error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;events {worker_connections 1024;
}http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format main $remote_addr - $remote_user [$time_local] $request $status $body_bytes_sent $http_referer $http_user_agent $http_x_forwarded_for;access_log /var/log/nginx/access.log main;sendfile on;#tcp_nopush on;keepalive_timeout 65;#gzip on;include /etc/nginx/conf.d/*.conf;
}
修改template剧本
[rootzhaoyj ansible]# cat templates.yml
---
- hosts: testremote_user: roottasks:- name: install pkgyum: namenginx- name: copy templatetemplate: srcnginx.conf.j2 dest/etc/nginx/nginx.confnotify: restart service- name: start serviceservice: namenginx statestarted enabledyeshandlers:- name: restart serviceservice: namenginx staterestarted
...再次执行
[rootzhaoyj ansible]# ansible-playbook templates.yml PLAY [test] ***********************************************************************************************************************************************************************************************************TASK [Gathering Facts] ************************************************************************************************************************************************************************************************
ok: [192.168.6.249]TASK [install pkg] ****************************************************************************************************************************************************************************************************
ok: [192.168.6.249]TASK [copy template] **************************************************************************************************************************************************************************************************
changed: [192.168.6.249]TASK [start service] **************************************************************************************************************************************************************************************************
changed: [192.168.6.249]RUNNING HANDLER [restart service] *************************************************************************************************************************************************************************************
changed: [192.168.6.249]PLAY RECAP ************************************************************************************************************************************************************************************************************
192.168.6.249 : ok5 changed3 unreachable0 failed0 skipped0 rescued0 ignored0查看配置文件是否读取变量
192.168.6.249 | CHANGED | rc0
worker_processes 16;
[rootzhaoyj ansible]# ansible test -m shell -a ps aux|grep nginx
192.168.6.249 | CHANGED | rc0
root 16342 0.0 0.0 49072 1168 ? Ss 17:16 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx 16343 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16344 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16345 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16346 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16347 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16348 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16349 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16350 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16351 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16352 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16353 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16354 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16355 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16356 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16357 0.0 0.0 49460 1900 ? S 17:16 0:00 nginx: worker process
nginx 16358 0.0 0.0 49460 1636 ? S 17:16 0:00 nginx: worker process
root 17699 0.0 0.0 113284 1204 pts/1 S 17:20 0:00 /bin/sh -c ps aux|grep nginx
root 17701 0.0 0.0 112816 960 pts/1 S 17:20 0:00 grep nginxwhen的使用
条件测试 如果需要根据变量facts或此前任务的执行结果来做为某task执行与否的前提是要用到条件测试通过when语句实现在task中使用jinja2的语法格式 when语句: 在task后添加when子句即可使用条件测试when语句支持jinja2语法 比如
查看版本号
[rootzhaoyj ansible]# ansible test -m setup -a filter*distribution*
192.168.6.249 | SUCCESS {ansible_facts: {ansible_distribution: CentOS, ansible_distribution_file_parsed: true, ansible_distribution_file_path: /etc/redhat-release, ansible_distribution_file_variety: RedHat, ansible_distribution_major_version: 7, ansible_distribution_release: Core, ansible_distribution_version: 7.9, discovered_interpreter_python: /usr/bin/python}, changed: false
}记录 “ansible_distribution_major_version”: “7”, 设置当系统等于7时复制配置文件 修改模板文件
[rootzhaoyj ansible]# cat templates.yml
---
- hosts: testremote_user: roottasks:- name: install pkgyum: namenginx- name: copy templatetemplate: srcnginx.conf.j2 dest/etc/nginx/nginx.confwhen: ansible_distribution_major_version 7notify: restart service- name: start serviceservice: namenginx statestarted enabledyeshandlers:- name: restart serviceservice: namenginx staterestarted
...执行剧本
[rootzhaoyj ansible]# ansible-playbook templates.yml PLAY [test] ***********************************************************************************************************************************************************************************************************TASK [Gathering Facts] ************************************************************************************************************************************************************************************************
ok: [192.168.6.249]TASK [install pkg] ****************************************************************************************************************************************************************************************************
ok: [192.168.6.249]TASK [copy template] **************************************************************************************************************************************************************************************************
changed: [192.168.6.249]TASK [start service] **************************************************************************************************************************************************************************************************
changed: [192.168.6.249]RUNNING HANDLER [restart service] *************************************************************************************************************************************************************************************
changed: [192.168.6.249]PLAY RECAP ************************************************************************************************************************************************************************************************************
192.168.6.249 : ok5 changed3 unreachable0 failed0 skipped0 rescued0 ignored0 [rootzhaoyj ansible]# ansible test -m shell -a cat /etc/nginx/nginx.conf|grep centos
192.168.6.249 | CHANGED | rc0
#centos 7嵌套变量传递
我们在制作模板是支持传递变量可传递单一变量或者是以列表方式传递例如
---
- hosts: testremote_user: roottasks:- name: create some groupsgroup: name{{ item }}with_items:- group1- group2- group3- name: create some useruser: name{{ item.name }} group{{ item.group }}with_items:- { name: name1, group: group1 }- { name: name2, group: group2 }- { name: name3, group: group3 }
...执行 bash
[root192-168-6-228 ansible]# ansible-playbook test.yml PLAY [test] ****************************************************************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************************
ok: [192.168.6.223]TASK [create some groups] **************************************************************************************************************************************************************
changed: [192.168.6.223] (itemgroup1)
changed: [192.168.6.223] (itemgroup2)
changed: [192.168.6.223] (itemgroup3)TASK [create some user] ****************************************************************************************************************************************************************
changed: [192.168.6.223] (item{ugroup: ugroup1, uname: uname1})
changed: [192.168.6.223] (item{ugroup: ugroup2, uname: uname2})
changed: [192.168.6.223] (item{ugroup: ugroup3, uname: uname3})PLAY RECAP *****************************************************************************************************************************************************************************
192.168.6.223 : ok3 changed2 unreachable0 failed0 skipped0 rescued0 ignored0 验证结果
[root192-168-6-228 ansible]# ansible test -m shell -a getent passwd|grep name
name1:x:1003:1003::/home/name1:/bin/bash
name2:x:1004:1004::/home/name2:/bin/bash
name3:x:1005:1005::/home/name3:/bin/bash[root192-168-6-228 ansible]# ansible test -m shell -a getent group|grep 100[3-5]
192.168.6.223 | CHANGED | rc0
group1:x:1003:
group2:x:1004:
group3:x:1005:FOR循环与条件判断
FOR循环
格式**(% for vhost in nginx_vhosts %)** 示例
[root192-168-6-228 ansible]# cat test1.yml
---
- hosts: testremote_user: rootvars: ports:- 81 - 82- 83tasks:- name: copy filetemplate: srcport.j2 dest/tmp/port
...编写一个模板文件
[root192-168-6-228 ansible]# cat templates/port.j2
{% for port in ports %}
server{listen {{ port }}
}
{% endfor %}注意for循环里的in ports这个ports需要和剧本里定义的一样 执行
[root192-168-6-228 ansible]# ansible-playbook test1.yml PLAY [test] ****************************************************************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************************
ok: [192.168.6.223]TASK [copy file] ***********************************************************************************************************************************************************************
changed: [192.168.6.223]PLAY RECAP *****************************************************************************************************************************************************************************
192.168.6.223 : ok2 changed1 unreachable0 failed0 skipped0 rescued0 ignored0
结果查看
[root192-168-6-228 ansible]# ansible test -m shell -a cat /tmp/port
192.168.6.223 | CHANGED | rc0
server{listen 81
}
server{listen 82
}
server{listen 83
}也可以改成字典方式去循环例如
[root192-168-6-228 ansible]# cat test1.yml
---
- hosts: testremote_user: rootvars: ports:- listen_port: 81 - listen_port: 82- listen_port: 83tasks:- name: copy filetemplate: srcport.j2 dest/tmp/port
...模板修改
[root192-168-6-228 ansible]# cat templates/port.j2
{% for port in ports %}
server{listen {{ port.listen_port }}
}
{% endfor %}
先删除之前的文件在看效果
[root192-168-6-228 ansible]# ansible test -m shell -a rm -f /tmp/port
[WARNING]: Consider using the file module with stateabsent rather than running rm. If you need to use command because file is insufficient you can add warn: false to this
command task or set command_warningsFalse in ansible.cfg to get rid of this message.
192.168.6.223 | CHANGED | rc0 [root192-168-6-228 ansible]# ansible test -m shell -a cat /tmp/port
192.168.6.223 | FAILED | rc1
cat: /tmp/port: No such file or directorynon-zero return code[root192-168-6-228 ansible]# ansible-playbook test1.yml PLAY [test] ****************************************************************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************************
ok: [192.168.6.223]TASK [copy file] ***********************************************************************************************************************************************************************
changed: [192.168.6.223]PLAY RECAP *****************************************************************************************************************************************************************************
192.168.6.223 : ok2 changed1 unreachable0 failed0 skipped0 rescued0 ignored0 [root192-168-6-228 ansible]# ansible test -m shell -a cat /tmp/port
192.168.6.223 | CHANGED | rc0
server{listen 81
}
server{listen 82
}
server{listen 83
}与第一种方法是一致的
if判断
模板里也支持if判断。例如修改上面的模板当listen_port变量为空就不执行
---
- hosts: testremote_user: rootvars: ports:- listen_port: 81 - listen_port: 82- listen_port:tasks:- name: copy filetemplate: srcport.j2 dest/tmp/port
...
模板修改
[root192-168-6-228 ansible]# cat templates/port.j2
{% for port in ports %}
server{
{% if port.listen_port is none %}listen {{ port.listen_port }}
{% endif %}
}
{% endfor %}if是none情况下代表参数定义但是值为空是真 if是defined情况下代表参数定义了为真 if是undefined情况下代表参数未定义为真 结果查看
[root192-168-6-228 ansible]# ansible-playbook test3.yml PLAY [test] ****************************************************************************************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************************************************************************
ok: [192.168.6.223]TASK [copy file] ***********************************************************************************************************************************************************************
changed: [192.168.6.223]PLAY RECAP *****************************************************************************************************************************************************************************
192.168.6.223 : ok2 changed1 unreachable0 failed0 skipped0 rescued0 ignored0 [root192-168-6-228 ansible]# ansible test -m shell -a cat /tmp/port
192.168.6.223 | CHANGED | rc0
server{listen
}
