ansible最佳实践总结,参考官方文档Ansible Best Practices。主要介绍了目录结构和部分实践建议。
内容组织:
使用“roles”组织特性
推荐目录结构 - 1
production # inventory file for production servers
staging # inventory file for staging environment
group_vars/
group1 # here we assign variables to particular groups
group2 # ""
host_vars/
hostname1 # if systems need specific variables, put them here
hostname2 # ""
library/ # if any custom modules, put them here (optional)
filter_plugins/ # if any custom filter plugins, put them here (optional)
site.yml # master playbook
webservers.yml # playbook for webserver tier
dbservers.yml # playbook for dbserver tier
roles/
common/ # this hierarchy represents a "role"
tasks/ #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- variables associated with this role
defaults/ #
main.yml # <-- default lower priority variables for this role
meta/ #
main.yml # <-- role dependencies
library/ # roles can also include custom modules
lookup_plugins/ # or other types of plugins, like lookup in this case
webtier/ # same kind of structure as "common" was above, done for the webtier role
monitoring/ # ""
fooapp/ # ""
- 推荐目录结构 - 2
- 适合多环境,环境之间变量少公用
- 文件数较多,难维护
inventories/
production/
hosts # inventory file for production servers
group_vars/
group1 # here we assign variables to particular groups
group2 # ""
host_vars/
hostname1 # if systems need specific variables, put them here
hostname2 # ""
staging/
hosts # inventory file for staging environment
group_vars/
group1 # here we assign variables to particular groups
group2 # ""
host_vars/
stagehost1 # if systems need specific variables, put them here
stagehost2 # ""
library/
filter_plugins/
site.yml
webservers.yml
dbservers.yml
roles/
common/
webtier/
monitoring/
fooapp/
- 使用动态的Inventory
- 建议根据host的用途(角色),以及所在位置、机房来定义groups
# file: production
[atlanta-webservers]
www-atl-1.example.com
www-atl-2.example.com
[boston-webservers]
www-bos-1.example.com
www-bos-2.example.com
[atlanta-dbservers]
db-atl-1.example.com
db-atl-2.example.com
[boston-dbservers]
db-bos-1.example.com
# webservers in all geos
[webservers:children]
atlanta-webservers
boston-webservers
# dbservers in all geos
[dbservers:children]
atlanta-dbservers
boston-dbservers
# everything in the atlanta geo
[atlanta:children]
atlanta-webservers
atlanta-dbservers
# everything in the boston geo
[boston:children]
boston-webservers
boston-dbservers
- 使用 group_vars / host_vars 来设定变量
# 使用上一条的示例
---
# file: group_vars/atlanta
ntp: ntp-atlanta.example.com
backup: backup-atlanta.example.com
---
# file: group_vars/webservers
apacheMaxRequestsPerChild: 3000
apacheMaxClients: 900
---
# file: group_vars/all
ntp: ntp-boston.example.com
backup: backup-boston.example.com
---
# file: host_vars/db-bos-1.example.com
foo_agent_port: 86
bar_agent_port: 99
-
顶层的playbook只包含Role,非常简短
- site.yml 中定义基础结构,只包含别的playbooks
--- # file: site.yml - include: webservers.yml - include: dbservers.yml- playbook中只包含Roles
--- # file: webservers.yml - hosts: webservers roles: - common - webtier 使用 Role 组织 Task 和 Handler
其他
- 多环境使用策略:不同环境(生产或测试)使用不同的inventory配置文件,使用 -i 来选择对应的配置
- 标明 modules的状态,不管 state 是 present 或 absent
- 对不同角色的host进行分组(groups)
- 鼓励使用空格来分隔内容,用 ‘#’ 来写注释
- 给 Tasks 命名或者增加描述(name)
- 不要试图一次性使用 Ansible 的所有的特性,仅仅使用对你有用的即可,保持简洁简单。
- 使用版本控制系统来管理ansible脚本
