自动化运维利器Ansible-jinja2模板
JnJa2模板
要学会Ansible 中的模板(template)使用,前提我们必须要学会JinJa2模板。学会了它,就相当于我们学会了Ansible 模板。
JinJa2 是什么
Jinja2是基于Python书写的模板引擎。功能比较类似于PHP的smarty模板。
JinJa2 必知必会
- jinja2 文件以
.j2
为后缀, 也可以不写后缀。 - jinja2 中存在 三种定界符
- 注释: {# 注释内容 #}
- 变量引用: { { var }}
- 逻辑表达: {% %}
JinJa2 逻辑控制
条件表达
{% if 条件表达式 %}
条件表达式为真,显示的内容
{% elif 条件表达式 %}
条件表达式为真,显示的内容
{% else %}
...
{% endif %}
Example
{# 如果定义了 idc 变量, 则输出 #}
{% if idc is defined %}
{
{ idc }}
{% else %}
没有定义
{% endif %}
循环控制
{% for %}
...
...
{% endfor %}
Example
{# 列举出 dbservers 这个 group 中的所有主机 #}
{% for host in groups['dbservers'] %}
{
{ host }}
{% endfor %}
{#与Python 语法不通,模板中的循环内不能break或continue。但你可以在迭代中过滤序列来跳过某些项#}
{#打印dbservers 组中的所有主机,但是不打印1.1.1.1 这台主机#}
{% for host in groups['dbservers'] if host != "1.1.1.1" %}
{
{host}}
{% endfor %}
如何使用模板
一个基于Facts的Jinja2 实例
# cat config.j2
{# use variable example #}
wlecome host {
{ ansible_hostname }}, os is {
{ ansible_os_family }}
today is {
{ ansible_date_time.date }}
cpucore numbers {
{ ansible_processor_vcpus }}
{# use condition example #}
{% if ansible_processor_vcpus > 1 %}
OS CPU more than one core
{% endif %}
{% for m in ansible_mounts if m['mount'] != "/" %}
mount {
{ m['mount'] }}, total size is {
{m['size_total']}}, free size is {
{m['size_available']}}
{% endfor %}
在Ansible 中使用模板
---
- name: a template example
hosts: all
remote_user: root
tasks:
- name: update jinja2 config
template: src=config.j2 dest=/tmp/config.conf
实例演示
Jinja2 模板以及如何在Ansible中使用模板,已经介绍完了。那么如何去实现我们的需求呢?
# cat nginx.conf.j2
user nginx;
{# start process equal cpu cores #}
worker_processes {
{ ansible_processor_vcpus }};
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
keepalive_timeout 0;
gzip on;
gzip_min_length 1k;
gzip_buffers 8 64k;
gzip_http_version 1.0;
gzip_comp_level 5;
gzip_types text/plain application/x-javascript text/css application/json application/xml application/x-shockwave-flash application/javascript image/svg+xml image/x-icon;
gzip_vary on;
{# add_header {
{ ansible_hostname }}; #}
add_header x-hostname {
{ ansible_hostname }};
include /etc/nginx/conf.d/*.conf;
}
继续优化我们的PlayBook, 让它支持模板
- name: template playbook example
hosts: webservers
vars:
createuser:
- tomcat
- www
- mysql
tasks:
- name: create user
user: name={
{
item }} state=present
with_items: "{
{ createuser }}"
- name: yum nginx webserver
yum: name=nginx state=present
# use ansible template
- name: update nginx main config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
tags: updateconfig
notify: reload nginx server
- name: add virtualhost config
copy:
src: www.qfedu.com.conf
dest: /etc/nginx/conf.d/
tags: updateconfig
notify: reload nginx server
- name: check nginx syntax
shell: /usr/sbin/nginx -t
register: nginxsyntax
tags: updateconfig
- name: check nginx running
stat: path=/var/run/nginx.pid
register: nginxrunning
tags: updateconfig
- name: print nginx syntax
debug: var=nginxsyntax
- name: start nginx server
service: name=nginx state=started
when:
- nginxsyntax.rc == 0
- nginxrunning.stat.exists == false
handlers:
- name: reload nginx server
service: name=nginx state=started
when:
- nginxsyntax.rc == 0
- nginxrunning.stat.exists == true
执行还是按照原来的方式执行即可
ansible-playbook -i hosts site.yml
批量免密
[root@localhost ~]# rm -rf ~/.ssh/
[root@localhost ~]# rm -rf ~/.ssh/authorized_keys
[root@localhost ~]# ansible dbservers -i hosts -m ping
[root@localhost ~]# ssh-keygen
[root@localhost ~]# ls .ssh/
id_rsa id_rsa.pub
[root@localhost ~]# vim /etc/ansible/ansible.cfg
host_key_checking = False // 去掉#号
[root@localhost ~]# cat hosts
[dbservers]
192.168.116.130 ansible_ssh_pass=1 // 输入密码
192.168.116.148 ansible_ssh_pass=1
[webservers]
192.168.116.148
[root@localhost ~]# ansible dbservers -i hosts -m authorized_key -a "user=root state=present key={
{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
- hosts: dbservers
remote_user: root
tasks:
- name: Set authorized key taken from file
authorized_key: # 发送公钥的模块
user: test # 给这个用户发送公钥
state: present
key: "{
{ lookup('file', '/root/.ssh/id_rsa.pub') }}"