弄了近一个月的Ansible脚本部署工作,做了一些整理,列出了我常用的一些指令,与模块用法。Ansible 是个好东西,就是相关资料不多,列出这些基本模块用法可以覆盖大部分工作了。
安装
推荐包管理器(yum)
yum install -y ansible
# 在被控节点需要安装,(文件传输)
yum install -y libselinux-python
指令
Ad-Hoc
# 在所有主机上Do shell
ansible -i hosts all -m shell -a "systemctl restart docker"
# 信息采集+条件过滤
ansible nodes -m setup -a "filter=ansible_local"
# 限制主机执行+外部参数
ansible nodes -l 192.168.1.211 -m setup -a "filter=ansible_local" --extra-vars "ansible_sshpass=666"
常用模块
文件操作
# copy
- name: Write docker daemon.conf file
copy: src=daemon.json dest=/etc/docker/daemon.json mode=0440
# file
- name: Create config file directory
file: path={{ flannel_config_dir }} state=directory
- name: Verify docker config files exists
file: path={{ docker_config_dir }}/{{ item }} state=touch
- name: Clean up the flannel config file
file: path=/tmp/flannel-config.json state=absent
# 以下两个常组合使用
run_once: true
delegate_to: "{{ groups['etcd'][0] }}"
# template
- name: replace repo
template:
src: offline.repo.j2
dest: /etc/yum.repos.d/offline.repo
# lineinfile 用于配置文件修改
- name: Install http_proxy into docker(-network)
lineinfile: dest={{ docker_config_net }} regexp="^{{ docker_env_export }}http_proxy=" line="{{docker_env_export}}http_proxy={{ http_proxy }}"
when: http_proxy is defined
notify:
- restart docker
tags: configure
命令
# shell
- name: Create CA cert
shell: "cfssl gencert -initca ca-csr.json | cfssljson -bare ca -"
args:
chdir: "{{ etcd_cert_tempdir }}/"
# 当下面路径存在时不执行shell
creates: "{{ etcd_ca_file }}"
when: inventory_hostname == groups['masters'][0]
# command
- name: reload systemd
command: systemctl --system daemon-reload
# script
- name: Detect docker version
script: detect-docker-version.sh
register: docker_version
System
# debug
- name: Detected version
debug:
msg: "{{ docker_version.stdout | regex_replace('(\\r\\n)','') }}"
# service
- name: stop docker
service: name=docker state=stopped
# yum_repository
- name: Setup base repo
yum_repository:
name: offline
description: offline
baseurl: http://{{ offline_yum_repo }}/base
enabled: yes
gpgcheck: no
