playbook管理配置文件

playbook管理配置文件

 生产环境中大多时候是需要管理配置文件的，安装软件包只是在初始化环境的时候用一下。下面我们来写个管理nginx配置文件的playbook
 mkdir  -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks}
 其中new为更新时用到的，old为回滚时用到的，files下面为nginx.conf和vhosts目录，handlers为重启nginx服务的命令
 关于回滚，需要在执行playbook之前先备份一下旧的配置，所以对于老配置文件的管理一定要严格，千万不能随便去修改线上机器的配置，并且要保证new/files下面的配置和线上的配置一致
 先把nginx.conf和vhosts目录放到files目录下面
 cd /usr/local/nginx/conf/
 cp -r nginx.conf vhost  /etc/ansible/nginx_config/roles/new/files/

[root@Dasoncheng conf]# cd /etc/ansible/
[root@Dasoncheng ansible]# mkdir -p nginx_config/roles/{new,old}/{files,handlers,vars,tasks}
[root@Dasoncheng conf]# cp -r nginx.conf vhost/ /etc/ansible/nginx_config/roles/new/files/
[root@Dasoncheng conf]# ls !$
ls /etc/ansible/nginx_config/roles/new/files/
nginx.conf  vhost

管理配置文件2

 vim /etc/ansible/nginx_config/roles/new/vars/main.yml //定义变量
 nginx_basedir: /usr/local/nginx
 vim /etc/ansible/nginx_config/roles/new/handlers/main.yml  //定义重新加载nginx服务
- name: restart nginx
  shell: /etc/init.d/nginx reload
 vim /etc/ansible/nginx_config/roles/new/tasks/main.yml //这是核心的任务
- name: copy conf file
  copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644
  with_items:
    - { src: nginx.conf, dest: conf/nginx.conf }
    - { src: vhosts, dest: conf/ }
  notify: restart nginx

[root@Dasoncheng conf]# cd /etc/ansible/
[root@Dasoncheng ansible]# vim nginx_config/roles/new/vars/mail.yml
[root@Dasoncheng ansible]# cat !$
cat nginx_config/roles/new/vars/mail.yml
nginx_basedir: /usr/local/nginx

[root@Dasoncheng ansible]# vim nginx_config/roles/new/handlers/main.yml
[root@Dasoncheng ansible]# cat !$
cat nginx_config/roles/new/handlers/main.yml
- name: restart nginx
  shell: /etc/init.d/nginx reload

[root@Dasoncheng ansible]# vim nginx_config/roles/new/tasks/main.yml
[root@Dasoncheng ansible]# cat !$
cat nginx_config/roles/new/tasks/main.yml
- name: copy config file
  copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644
  with_items:
    - { src: nginx.conf, dest: conf/nginx.conf }
    - { src: vhost, dest: conf/ }
  notify: restart nginx

管理配置文件3

 vim /etc/ansible/nginx_config/update.yml // 最后是定义总入口配置
---
- hosts: testhost
  user: root
  roles:
  - new
 执行： ansible-playbook /etc/ansible/nginx_config/update.yml

[root@Dasoncheng ansible]# vim nginx_config/update.yml
[root@Dasoncheng ansible]# cat !$
cat nginx_config/update.yml
---
- hosts: rs
  user: root
  roles:
  - new
[root@Dasoncheng ansible]# ansible-playbook nginx_config/update.yml
##不知道为什么 执行的时候总是说变量有问题，修改了变量几次 还是不行。我就直接修改了tasks/main.yml文件
[root@Dasoncheng ansible]# cat nginx_config/roles/new/tasks/main.yml 
- name: copy conf file
  copy: src={{ item.src }} dest=/usr/local/nginx/{{ item.dest }} backup=yes owner=root group=root mode=0644   ##这里将{{nginx_basedir}}直接修改为路径了；
  with_items:
    - { src: nginx.conf, dest: conf/nginx.conf }
    - { src: vhost, dest: conf/ }
  notify: restart nginx
[root@Dasoncheng ansible]# ansible-playbook nginx_config/update.yml

PLAY [rs] ********************************************************************************************

TASK [Gathering Facts] *******************************************************************************
ok: [cdn003]
ok: [cdn002]

TASK [new : copy conf file] **************************************************************************
changed: [cdn002] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
changed: [cdn003] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
changed: [cdn003] => (item={u'dest': u'conf/', u'src': u'vhost'})
changed: [cdn002] => (item={u'dest': u'conf/', u'src': u'vhost'})

RUNNING HANDLER [new : restart nginx] ****************************************************************
changed: [cdn003]
changed: [cdn002]

PLAY RECAP *******************************************************************************************
cdn002                     : ok=3    changed=2    unreachable=0    failed=0   
cdn003                     : ok=3    changed=2    unreachable=0    failed=0 

做一下配置文件部分修改（并未修改中控机的配置）

[root@Dasoncheng ansible]# vim nginx_config/roles/new/files/nginx.conf
……
#    include vhost/*.conf;
}
[root@Dasoncheng ansible]# ansible-playbook nginx_config/update.yml

PLAY [rs] ********************************************************************************************

TASK [Gathering Facts] *******************************************************************************
ok: [cdn003]
ok: [cdn002]

TASK [new : copy conf file] **************************************************************************
changed: [cdn003] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})    ##这里可以看出来 只有配置文件修改了，下面的vhost是绿色显示的哦！
changed: [cdn002] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
ok: [cdn003] => (item={u'dest': u'conf/', u'src': u'vhost'})
ok: [cdn002] => (item={u'dest': u'conf/', u'src': u'vhost'})

RUNNING HANDLER [new : restart nginx] ****************************************************************
changed: [cdn002]
changed: [cdn003]

PLAY RECAP *******************************************************************************************
cdn002                     : ok=3    changed=2    unreachable=0    failed=0   
cdn003                     : ok=3    changed=2    unreachable=0    failed=0  

回滚

 而回滚的backup.yml对应的roles为old
 rsync -av  /etc/ansible/nginx_config/roles/new/ /etc/ansible/nginx_config/roles/old/
 回滚操作就是把旧的配置覆盖，然后重新加载nginx服务, 每次改动nginx配置文件之前先备份到old里，对应目录为/etc/ansible/nginx_config/roles/old/files 
 vim /etc/ansible/nginx_config/rollback.yml // 最后是定义总入口配置
---
- hosts: testhost
  user: root
  roles:
  - old 

[root@Dasoncheng ~]# cd /etc/ansible/
[root@Dasoncheng ansible]# rsync -av nginx_config/roles/new/ nginx_config/roles/old/
sending incremental file list
files/
files/nginx.conf
files/vhost/
files/vhost/abc.conf
handlers/
handlers/main.yml
tasks/
tasks/main.yml
tasks/main.yml.bak
vars/
vars/mail.yml

sent 2627 bytes  received 146 bytes  5546.00 bytes/sec
total size is 2089  speedup is 0.75
[root@Dasoncheng ansible]# vim nginx_config/roles/old/files/nginx.conf
[root@Dasoncheng ansible]# tail /usr/local/nginx/conf/nginx.conf  ##把之前加的#号删掉（即发布之前备份的文件）
……
    include vhost/*.conf;
}
[root@Dasoncheng ansible]# vim nginx_config/rollback.yml
[root@Dasoncheng ansible]# cat !$
cat nginx_config/rollback.yml
---
- hosts: rs
  user: root
  roles: 
    - old
[root@Dasoncheng ansible]# ansible-playbook nginx_config/rollback.yml 

PLAY [rs] ********************************************************************************************

TASK [Gathering Facts] *******************************************************************************
ok: [cdn002]
ok: [cdn003]

TASK [old : copy conf file] **************************************************************************
changed: [cdn002] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
changed: [cdn003] => (item={u'dest': u'conf/nginx.conf', u'src': u'nginx.conf'})
ok: [cdn003] => (item={u'dest': u'conf/', u'src': u'vhost'})
ok: [cdn002] => (item={u'dest': u'conf/', u'src': u'vhost'})

RUNNING HANDLER [old : restart nginx] ****************************************************************
changed: [cdn002]
changed: [cdn003]

PLAY RECAP *******************************************************************************************
cdn002                     : ok=3    changed=2    unreachable=0    failed=0   
cdn003                     : ok=3    changed=2    unreachable=0    failed=0