Ansible 自动化运维进阶实践
Ansile 是一个强大的自动化工具,广泛应用于配置管理、应用部署和任务自动化等领域。本文档将介绍一些 Ansible 的进阶实践,帮助用户更高效地使用 Ansible。
1. Requirements
Ansible control node: - Debian 12 - Static IP address - Python3 - SSH access to target hosts - sshpass
Ansible managed nodes(target hosts): - Debian 12 - Static IP address - SSH access enabled
2. Running Ansible Playbooks without Python3 installed
在某些情况下,目标主机可能没有安装 Python3,这会导致 Ansible 无法正常工作。为了解决这个问题,可以使用 Ansible 的 raw 模块来执行命令,而不依赖 Python3。
- name: Install Python3 on target hosts
hosts: all
gather_facts: false
remote_user: demo
become: true
become_method: su
become_user: root
tasks:
- name: Install Python3 using raw module
ansible.builtin.raw: apt install -y python3 python3-apt
register: install_python3
# chaged_when: False
changed_when: "'will be installed' in install_python3.stdout"
2.1. Running the Playbook
在控制节点上运行以下命令来执行 Playbook:
3. Using vscode to edit Ansible Playbooks
在使用 Ansible 进行自动化运维时,使用 Visual Studio Code (VSCode) 编辑 Playbooks 可以提高工作效率。VSCode 提供了丰富的插件支持,可以帮助用户更好地编写和调试 Ansible Playbooks。
3.1. Installing vscode ssh remote extension
- 打开 VSCode,点击左侧的扩展图标。
- 搜索并安装 "Remote - SSH" 扩展。
- 配置 SSH 连接到目标主机,确保可以通过 SSH 访问。在这个过程中,需要在目标主机上安装vscode-server, 要求Windows主机或Linux 能够访问互联网。
- 在 VSCode 中打开远程主机的文件夹。
- 安装 Ansible 扩展插件,提供语法高亮、代码补全等功能。
- 在 VSCode 中创建或编辑 Ansible Playbooks 文件,使用
.yml或.yaml扩展名。
4. A complete Ansible Playbook Example for Debian 12 initial setup
4.1. Ansible configuration file
Ansible configuration file: /etc/ansible/ansible.cfg
4.2. Inventory File
Inventory file: /etc/ansible/inventory.yml
4.3. Group Variables file
Group variables file: /etc/ansible/playbooks/group_vars/webservers.yml
ansible_port: 22
ansible_user: demo
ansible_password: "hdjkk123"
ansible_become: true
ansible_become_method: su
ansible_become_user: root
ansible_become_pass: "hdjkk123"
packages:
- bash-completion
- vim
- sudo
- systemd-timesyncd
timezone: Asia/Shanghai
ntp_servers:
- ntp.aliyun.com
- cn.pool.ntp.org
注意:实际使用中请不要将密码明文存储在配置文件中,建议使用 Ansible Vault 加密敏感信息。 或者使用 SSH 密钥认证及
sudo NOPASSWD配置来避免密码明文。
4.4. Ansible Playbook
Ansible Playbook file: /etc/ansible/playbooks/debian12-setup.yml
- name: Initial setup for Debian 12 servers
hosts: all
tasks:
- name: Install required packages
ansible.builtin.apt:
pkg: "{{ packages }}"
state: present
- name: Set hostname and update /etc/hosts
block:
- name: Set hostname
ansible.builtin.hostname:
name: "{{ inventory_hostname }}"
use: systemd
- name: Update /etc/hosts
ansible.builtin.replace:
path: /etc/hosts
regexp: '^127\.0\.1\.1\s+.*$'
replace: "127.0.1.1 {{ inventory_hostname }}"
- name: Set timezone
community.general.timezone:
name: "{{ timezone }}"
- name: Set NTP server
ansible.builtin.lineinfile:
path: /etc/systemd/timesyncd.conf
regexp: '^#?NTP='
line: "NTP={{ ntp_servers | join(' ') }}"
state: present
4.5. Running the Playbook
在目标主机上运行以下命令来执行 Playbook:
5. A Ansible Playbook Example for setting up a web server with Nginx
Ansible configuration file , inventory file and group variables file remain the same as above.
5.1. Ansible Playbook for Nginx Web Server Setup
Ansible Playbook file: /etc/ansible/playbooks/nginx-setup.yml
- name: Setup Nginx web server
hosts: webservers
vars:
site_domain_name: example.com
document_root: /srv/www/{{ site_domain_name }}
tasks:
- name: Install Nginx
ansible.builtin.apt:
name: nginx
state: present
- name: Set nginx site configuration
ansible.builtin.template:
src: templates/nginx-site.conf.j2
dest: /etc/nginx/sites-available/{{ site_domain_name }}
owner: root
group: root
mode: '0644'
notify: Restart Nginx
- name: Enable nginx site
ansible.builtin.file:
src: /etc/nginx/sites-available/{{ site_domain_name }}
dest: /etc/nginx/sites-enabled/{{ site_domain_name }}
state: link
notify: Restart Nginx
- name: Disable default nginx site
ansible.builtin.file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: Restart Nginx
- name: Create document root directory
ansible.builtin.file:
path: "{{ document_root }}"
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Copy index.html to document root
ansible.builtin.copy:
src: files/index.html
dest: "{{ document_root }}/index.html"
owner: www-data
group: www-data
mode: '0644'
handlers:
- name: Restart Nginx
ansible.builtin.systemd:
name: nginx
state: restarted
enabled: true
5.2. Nginx Site Configuration Template
Nginx site configuration template file: /etc/ansible/playbooks/templates/nginx-site.conf.j2
server {
listen 80 default_server;
server_name {{ site_domain_name }};
root {{ document_root }};
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
5.3. Sample index.html file
Sample index.html file: /etc/ansible/playbooks/files/index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Welcome to example.com</title>
<style>
body {
font-family: Arial, sans-serif;
text-align: center;
margin-top: 50px;
}
h1 {
color: #333;
}
p {
color: #666;
}
a {
color: #007BFF;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
</style>
</head>
<body>
<h1>Welcome to example.com </h1>
<p>This is a sample web page served by Nginx.</p>
<p>Visit us at <a href="http://example.com">example.com</a></p>
</body>
</html>
6. 总结
Ansible 是一个强大的自动化运维工具,通过编写 Playbook 可以实现对服务器的批量配置和管理。本文介绍了如何在没有 Python3 的情况下运行 Ansible Playbook,以及一个完整的 Debian 12 初始设置和 Nginx Web 服务器配置的示例。通过这些实践,用户可以学习并掌握 Ansible 的raw, changed_when, template, file, copy, handlers, vars 等的使用方法,从而更高效地进行自动化运维。