ansible playbook 工作机制如下图所示:
playbook.png
部署操作命令
ansible-playbook -i 主机.host 剧本文件.yml
例如: 部署一个nginx服务
ansible-playbook -i master.host nginx.yml
元素介绍
Tasks:任务,由模板定义的操作列表
Variables:变量
Templates:模板,即使用模板语法的文件
Handlers:处理器 ,当某条件满足时,触发执行的操作
Roles:角色
playbook 目录树结构
下面所示为一个nginx 部署的playbook 目录结构。
$ tree
.
├── README.md
├── group_vars # 组变量文件
│ └── dev
├── master.host
├── nginx.yml # 剧本文件
└── roles # 角色目录
└── nginx # 角色定义
├── Nginx.key
├── Nginx.pdf
├── README.md
├── defaults # 默认配置文件
│ └── main.yml
├── handlers # 触发器定义执行动作,当满足条件时执行
│ └── main.yml
├── tasks # 任务,定义执行的操作。
│ └── main.yml
└── templates # 模版,提供给任务的操作使用。
├── dhparam.pem
├── nginx.j2
├── virtualhost.j2
└── virtualhost_ssl.j2
文件内容
- group_vars/dev
组变量文件,在这里会给变量赋值,在执行task的时候会根据变量赋值的优先级取值替换,并在模版文件复制的过程中替换变量。
group_vars/dev
nginx_deployment_info_dir : /usr/share/nginx/deployment_info
nginx_logs_dir : /mnt1/logs/nginx
nginx_error_pages_dir : /usr/share/nginx/error_pages
nginx_ssl_dir : /etc/nginx/ssl
nginx_doc_root : /usr/share/nginx/html
- master.host
[dev] #组名称
132.232.137.137 ref_name=master # 主机信息,这里也可以给变量赋值。一个组内可以有多个主机。
- nginx.yml
剧本文件,这一次剧本会执行那些角色,并且定义执行过程中的用户,密码和主机等信息。
---
# This playbook deploys a simple standalone Tomcat 7 server.
- hosts: dev # 这里填主机组的信息
remote_user: root # 远程执行的用户,可以填其他用户,还有其他的一些参数可以加。
roles:
- nginx # 角色名为nginx,在部署的时候可以填多个角色的。
- nginx/defaults/main.yml
默认的变量定义,如果优先级高的没有赋值,则用这个默认定义的。
---
nginx_deployment_info_dir : /usr/share/nginx/deployment_info
nginx_logs_dir : /mnt1/logs/nginx
nginx_error_pages_dir : /usr/share/nginx/error_pages
nginx_ssl_dir : /etc/nginx/ssl
nginx_doc_root : /usr/share/nginx/html
- nginx/handlers/main.yml
定义触发器
- Nginx/tasks/main.yml
任务,定义执行的动作。
---
- name: Add the Nginx source to the APT source list
apt_repository: repo="ppa:nginx/stable" state=present
tags:
- nginx-installation
- name: Install Nginx
apt: name={{item}} state=latest
with_items:
- nginx
- nginx-extras
- openssl
tags:
- nginx-installation
- name: Create directories for ssl, error_pages & deployment_info
file: path={{item}} state=directory
with_items:
- '{{nginx_deployment_info_dir}}'
- '{{nginx_logs_dir}}'
- '{{nginx_error_pages_dir}}'
- '{{nginx_ssl_dir}}'
- '{{nginx_doc_root}}'
tags:
- nginx-configuration
- name: Copy default index, error_pages & ssl certificates
copy: src={{item.src}} dest={{item.dest}}
with_items:
- { src: '{{default_index}}', dest: '{{nginx_doc_root}}' }
- { src: '{{error_page_404}}', dest: '{{nginx_error_pages_dir}}' }
- { src: '{{error_page_50x}}', dest: '{{nginx_error_pages_dir}}' }
- { src: '{{error_page_403}}', dest: '{{nginx_error_pages_dir}}' }
- { src: '{{ssl_crt_file}}', dest: '{{nginx_ssl_dir}}/ssl_crt.pem' }
- { src: '{{ssl_key_file}}', dest: '{{nginx_ssl_dir}}/ssl_key.pem' }
tags:
- nginx-configuration
- name: Stop Nginx
service: name=nginx state=stopped
tags:
- nginx-configuration
- name: Configure Nginx
template: src=nginx.j2 dest=/etc/nginx/nginx.conf
tags:
- nginx-configuration
- name: Configure Nginx virtualhost
template: src={{item.src}} dest={{item.dest}}
with_items:
- { src: virtualhost.j2, dest: /etc/nginx/sites-available/default }
- { src: virtualhost.j2, dest: /etc/nginx/sites-enabled/default }
- { src: virtualhost_ssl.j2, dest: /etc/nginx/sites-available/default-ssl }
- { src: virtualhost_ssl.j2, dest: /etc/nginx/sites-enabled/default-ssl }
- { src: dhparam.pem, dest: /etc/nginx/ssl/dhparam.pem}
tags:
- nginx-virtualhost-configuration
- name: Start Nginx
service: name=nginx state=started
tags:
- nginx-configuration
- Nginx/templates/nginx.j2
模版文件
user www-data;
worker_processes 1;
pid /run/nginx.pid;
events {
worker_connections 1024;
# multi_accept on;
}
http {
##
# Basic Settings
##
log_format main '$remote_addr $upstream_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" "$request_length" "$request_body" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
#Hides the web server information
server_tokens off;
#more_clear_headers 'Server';
#more_clear_headers 'X-Powered-By';
##
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 32m;
large_client_header_buffers 4 16k;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
##
client_body_timeout 3000;
client_header_timeout 3000;
fastcgi_read_timeout 3000;
#keepalive_timeout 15;
send_timeout 10;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log {{nginx_logs_dir}}/access.log;
error_log {{nginx_logs_dir}}/error.log;
##
client_header_buffer_size 1k;
client_max_body_size 32m;
large_client_header_buffers 4 16k;
fastcgi_buffers 8 128k;
fastcgi_buffer_size 128k;
##
client_body_timeout 3000;
client_header_timeout 3000;
fastcgi_read_timeout 3000;
#keepalive_timeout 15;
send_timeout 10;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log {{nginx_logs_dir}}/access.log;
error_log {{nginx_logs_dir}}/error.log;
gzip on;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
proxy_cache_path /tmp/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
proxy_cache_key "$scheme$request_method$host$request_uri";
}
执行过程
nginx.png
