ansible playbook 配置详解

发表于 | 分类于

关于 ansible 的使用详解,主要涉及到的是 playbook.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
例子的tree
├── Makefile  # makefile 文件
├── ansible.cfg    # ansible 配置文件,存放的是一些基本的ssh等的配置
├── group_vars  # 
│   └── all
├── hosts  # inventory 设置,用于配置与主机和主机组相关的东西, 是 inventory 主文件
├── roles  # 存放的是playbook可以执行的role有关的所有的东西
│   ├── base-env
│   │   └── vars
│   │       └── main.yml
│   └── goldeneye
│       ├── files
│       │   ├── gitconfig
│       │   ├── logrotate.conf
│       │   └── supervisord.conf
│       ├── meta
│       │   └── main.yml
│       ├── tasks
│       │   └── main.yml
│       ├── templates
│       │   ├── aethas.supervisor.conf.j2
│       │   ├── aws.config.j2
│       │   ├── prod_config.json.j2
│       │   └── test_config.json.j2
│       └── vars
│           └── main.yml
└── site.yml  # 执行playbook命令时需要携带的配置文件,这里面定义了 playbook 应用的机器(inventory配置的,通过名字去选择)和 执行的role (roles里配置的,通过名字选择)

关于hosts文件(inventory 文件)

在 inventory 主文件中保存所有的变量并不是最佳的方式.还可以保存在独立的文件中,这些独立文件与 inventory 文件保持关联. 不同于 inventory 文件(INI 格式),这些独立文件的格式为 YAML

换句话说,如果hosts里的机器等配置特别多,特别杂,适合单开新的 host_vars 和 group_vars来定义配置,但是如果机器很少,甚至只有一台,那么完全可以直接用 hosts 就好了

比如可以转成如下的形式:

1
2
3
4
5
├── ansible.cfg
├── group_vars
│   └── goldeneye-test   # hosts里有一个goldeneye-test的机器,在这里可以对应放置这个机器的配置,比如ssh key 的地址等等~
├── hosts
├── roles

执行的一个playbook的命令:

ansible-playbook -i hosts --become --become-method sudo -f 2 -e "app_version=$(VERSION)" site.yml

简单配置解释

  • -i 后面跟的是inventory配置文件(机器与机器组)
  • –become 是一个bool值,因此后面不跟参数,这个参数的意思指的是ansible在目标机器上运行时需要进行提权运行(切换更高的user),true代表提权
  • –become-method 后面接的参数是提权后的用户,后面接的参数代表提权为 root 用户
  • -f 并行任务数 参数2 代表并行为2
  • -e 在Playbook中引入外部参数变量, 这里定义好的app_version变量,可以直接在 role 里使用
  • site.yml 配置文件,携带着需要在哪些机器上运行 playbook 和运行哪些role的配置信息,以及一些role里使用的变量文件

playbook 可携带的参数详解

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
Options:
  --ask-vault-pass      
             #ask for vault password
             #加密playbook文件时提示输入密码
  -C, --check           
             #don't make any changes; instead, try to predict some of the changes that may occur
             #模拟执行,不会真正在机器上执行(查看执行会产生什么变化)
  -D, --diff            
             #when changing (small) files and templates, show the differences in those files; works great with --check
             #当更新的文件数及内容较少时,该选项可显示这些文件不同的地方,该选项结合-C用会有较好的效果
  -e EXTRA_VARS, --extra-vars=EXTRA_VARS
             #set additional variables as key=value or YAML/JSON
             #在Playbook中引入外部参数变量
  --flush-cache         
             #clear the fact cache
             #将fact清除到的远程主机缓存
  --force-handlers      
             #run handlers even if a task fails
             #强制运行handlers的任务,即使在任务失败的情况下
  -f FORKS, --forks=FORKS
             #specify number of parallel processes to use(default=5)
             #并行任务数。FORKS被指定为一个整数,默认是5
  -h, --help            
             #show this help message and exit
             #打开帮助文档API
  -i INVENTORY, --inventory-file=INVENTORY
             #specify inventory host path (default=/etc/ansible/hosts) or comma separated host list.
             #指定要读取的Inventory文件
  -l SUBSET, --limit=SUBSET
             #further limit selected hosts to an additional pattern
             #限定执行的主机范围
  --list-hosts          
             #outputs a list of matching hosts; does not execute anything else
             #列出执行匹配到的主机,但并不会执行
  --list-tags           
             #list all available tags
             #列出所有可用的tags
  --list-tasks          
             #list all tasks that would be executed
             #列出所有即将被执行的任务
  -M MODULE_PATH, --module-path=MODULE_PATH
             #specify path(s) to module library (default=None)
             #要执行的模块的路径
  --new-vault-password-file=NEW_VAULT_PASSWORD_FILE
             #new vault password file for rekey
             #
  --output=OUTPUT_FILE  
             #output file name for encrypt or decrypt; use - for stdout
             #
  --skip-tags=SKIP_TAGS
             #only run plays and tasks whose tags do not match these values
             #跳过指定的tags任务
  --start-at-task=START_AT_TASK
             #start the playbook at the task matching this name
             #从第几条任务(START_AT_TASK)开始执行
  --step                
             #one-step-at-a-time: confirm each task before running
             #逐步执行Playbook定义的任务,并经人工确认后继续执行下一步任务
  --syntax-check        
             #perform a syntax check on the playbook, but do not execute it
             #检查Playbook中的语法书写,并不实际执行
  -t TAGS, --tags=TAGS  
             #only run plays and tasks tagged with these values
             #指定执行该tags的任务
  --vault-password-file=VAULT_PASSWORD_FILE
             #vault password file
             #
  -v, --verbose         
             #verbose mode (-vvv for more, -vvvv to enable connection debugging)
             #执行详细输出
  --version             
             #show program's version number and exit
             #显示版本
  Connection Options:
    control as whom and how to connect to hosts
    -k, --ask-pass      
             #ask for connection password
             #
    --private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE
             #use this file to authenticate the connection
             #
    -u REMOTE_USER, --user=REMOTE_USER
             #connect as this user (default=None)
             #指定远程主机以USERNAME运行命令
    -c CONNECTION, --connection=CONNECTION
             #connection type to use (default=smart)
             #指定连接方式,可用选项paramiko (SSH)、ssh、local,local方式常用于crontab和kickstarts
    -T TIMEOUT, --timeout=TIMEOUT
             #override the connection timeout in seconds(default=10)
             #SSH连接超时时间设定,默认10s
    --ssh-common-args=SSH_COMMON_ARGS
             #specify common arguments to pass to sftp/scp/ssh (e.g.ProxyCommand)
             #
    --sftp-extra-args=SFTP_EXTRA_ARGS
             #specify extra arguments to pass to sftp only (e.g. -f, -l)
             #
    --scp-extra-args=SCP_EXTRA_ARGS
             #specify extra arguments to pass to scp only (e.g. -l)
             #
    --ssh-extra-args=SSH_EXTRA_ARGS
             #specify extra arguments to pass to ssh only (e.g. -R)
             #
  Privilege Escalation Options:
    control how and which user you become as on target hosts
    -s, --sudo          
             #run operations with sudo (nopasswd) (deprecated, use become)
             #相当于Linux系统下的sudo命令
    -U SUDO_USER, --sudo-user=SUDO_USER
             #desired sudo user (default=root) (deprecated, use become)
             #使用sudo,相当于Linux下的sudo命令
    -S, --su            
             #run operations with su (deprecated, use become)
             #
    -R SU_USER, --su-user=SU_USER
             #run operations with su as this user (default=root)(deprecated, use become)
    -b, --become        
             #run operations with become (does not imply password prompting)
             #
    --become-method=BECOME_METHOD
             #privilege escalation method to use (default=sudo),valid choices: [ sudo | su | pbrun | pfexec | doas |dzdo | ksu | runas ]
             #
    --become-user=BECOME_USER
             #run operations as this user (default=root)
             #
    --ask-sudo-pass     
             #ask for sudo password (deprecated, use become)
             #传递sudo密码到远程主机,来保证sudo命令的正常运行
    --ask-su-pass       
             #ask for su password (deprecated, use become)
             #
    -K, --ask-become-pass
             #ask for privilege escalation password
             #

ansible配置文件,ansible.cfg
Ansible 的配置文件的查找顺序如下:

  • 环境变量 ANSIBLE_CONFIG
  • 当前目录下的 ansible.cfg (这个比较重要,一般用这个比较多)
  • home 目录下的 ~/.ansible.cfg
  • /etc/ansible/ansible.cfg

Ansible 使用找到的第一个文件,忽略其余的。

配置文件的几个组成部分:

  • [defaults] —>通用默认配置
  • [privilege_escalation] —> 提权配置
  • [paramiko_connection]
  • [ssh_connection]
  • [accelerate]

例子:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
[defaults]   --->通用默认配置
# some basic default values...
inventory      = /etc/ansible/hosts     这个是默认库文件位置,脚本,或者存放可通信主机的目录
#library        = /usr/share/my_modules/   Ansible默认搜寻模块的位置
remote_tmp     = $HOME/.ansible/tmp   Ansible 通过远程传输模块到远程主机,然后远程执行,执行后在清理现场.在有些场景下,你也许想使用默认路径希望像更换补丁一样使用
pattern        = *    如果没有提供“hosts”节点,这是playbook要通信的默认主机组.默认值是对所有主机通信
forks          = 5    在与主机通信时的默认并行进程数 ,默认是5d
poll_interval  = 15    当具体的poll interval 没有定义时,多少时间回查一下这些任务的状态, 默认值是5秒
sudo_user      = root   sudo使用的默认用户 ,默认是root
#ask_sudo_pass = True   用来控制Ansible playbook 在执行sudo之前是否询问sudo密码.默认为no
#ask_pass      = True    控制Ansible playbook 是否会自动默认弹出密码
transport      = smart   通信机制.默认 值为’smart’。如果本地系统支持 ControlPersist技术的话,将会使用(基于OpenSSH)‘ssh’,如果不支持讲使用‘paramiko’.其他传输选项包括‘local’, ‘chroot’,’jail’等等
#remote_port    = 22    远程SSH端口。 默认是22
module_lang    = C   模块和系统之间通信的计算机语言,默认是C语言
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
gathering = implicit   控制默认facts收集(远程系统变量). 默认值为’implicit’, 每一次play,facts都会被收集
# additional paths to search for roles in, colon separated
#roles_path    = /etc/ansible/roles   roles 路径指的是’roles/’下的额外目录,用于playbook搜索Ansible roles
# uncomment this to disable SSH key host checking
#host_key_checking = False    检查主机密钥
# change this for alternative sudo implementations
sudo_exe = sudo     如果在其他远程主机上使用另一种方式执sudu操作.可以使用该参数进行更换
# what flags to pass to sudo   传递sudo之外的参数
#sudo_flags = -H
# SSH timeout    SSH超时时间
timeout = 10# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root   使用/usr/bin/ansible-playbook链接的默认用户名,如果不指定,会使用当前登录的用户名
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log     日志文件存放路径
# default module name for /usr/bin/ansible
#module_name = command     ansible命令执行默认的模块
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh     在sudo环境下产生一个shell交互接口. 用户只在/bin/bash的或者sudo限制的一些场景中需要修改
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together?  The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace    特定的优先级覆盖变量
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n      允许开启Jinja2拓展模块
# if set, always use this private key file for authentication, same as # if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file         私钥文件存储位置
# format of string {{ ansible_managed }} available within Jinja2 
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}   这个设置可以告知用户,Ansible修改了一个文件,并且手动写入的内容可能已经被覆盖.
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host.  Set this to "False" if you don't want to see these "Skipping" # messages. NOTE: the task header will still be shown regardless of whether or not the 
# task is skipped.
#display_skipped_hosts = True     显示任何跳过任务的状态 ,默认是显示
# by default (as of 1.3), Ansible will raise errors when attempting to dereference 
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False      如果所引用的变量名称错误的话, 将会导致ansible在执行步骤上失败
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True    允许禁用系统运行ansible相关的潜在问题警告
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
#deprecation_warnings = True     允许在ansible-playbook输出结果中禁用“不建议使用”警告
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead.  These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line 
# parameter string.  This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False    当shell和命令行模块被默认模块简化的时,Ansible 将默认发出警告
# set plugin path directories here, separate with colons
action_plugins     = /usr/share/ansible_plugins/action_plugins  
callback_plugins   = /usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins     = /usr/share/ansible_plugins/lookup_plugins
vars_plugins       = /usr/share/ansible_plugins/vars_plugins
filter_plugins     = /usr/share/ansible_plugins/filter_plugins
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to 
# /bin/ansible runs
#bin_ansible_callbacks = False    用来控制callback插件是否在运行 /usr/bin/ansible 的时候被加载. 这个模块将用于命令行的日志系统,发出通知等特性
# don't like cows?  that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 #nocows = 1    默认ansible可以调用一些cowsay的特性   开启/禁用:0/1# don't like colors either?# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1#nocolor = 1  输出带上颜色区别, 开启/关闭:0/1# the CA certificate path used for validating SSL certs. This path 
# should exist on the controlling node, not the target nodes
# common locations:
# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
# Fedora     : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Ubuntu     : /usr/share/ca-certificates/cacert.org/cacert.org.crt
#ca_file_path =    # the http user-agent string to use when fetching urls. Some web server
# operators block the default urllib user agent as it is frequently used
# by malicious attacks/scripts, so we set it to something unique to 
# avoid issues.
#http_user_agent = ansible-agent
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored.  This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
fact_caching = memory
# retry files
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered.  Increases performance on new host additions.  Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this# line to disable this behaviour.
#pty=False
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use 
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
# The path to use for the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
# very long hostnames or very long path names (caused by long user names or 
# deeply nested home directories) this can exceed the character limit on
# file socket names (108 characters for most platforms). In that case, you 
# may wish to shorten the string below.
# 
# Example: 
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
# Enabling pipelining reduces the number of SSH operations required to 
# execute a module on the remote server. This can result in a significant 
# performance improvement when enabled, however when using "sudo:" you must 
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
# 
#pipelining = False
# if True, make ansible use scp if the connection type is ssh 
# (default is sftp)
#scp_if_ssh = True
[accelerate]
accelerate_port = 5099accelerate_timeout = 30accelerate_connect_timeout = 5.0# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30 # If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default# needs to be changed to use the file system dependant context.
#special_context_filesystems=nfs,vboxsf,fuse

hosts 文件 就是我们说的inventory文件,用来定义主机和主机组
小例子:

1
2
3
4
5
6
7
8
10.0.0.4  ansible_ssh_pass='password'
10.0.0.7  ansible_ssh_pass='password'
[docker]
10.0.0.10[1:3]
[docker:vars]
ansible_ssh_pass='password'
[ansible:children]
docker

  • 第一行与第二行,定义了主机 IP ,然后使用 Inventory 内置变量定义了 SSH 登入密码。
  • 第三行定义了一个组叫 docker。
  • 第四行定义了 docker 组下面 3 台主机从 10.0.0.101 ~ 10.0.0.103 。
  • 第五行与第六行针对 docker 组使用 Inventory 内置变量定义 SSH 登入密码。
  • 第七行与第八行定义了一个组 ansible,这个组下面包含 docker 组。

inventory 的内置参数如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
ansible_ssh_host
      将要连接的远程主机名.与你想要设定的主机的别名不同的话,可通过此变量设置.
 
ansible_ssh_port
      ssh端口号.如果不是默认的端口号,通过此变量设置.
 
ansible_ssh_user
      默认的 ssh 用户名
 
ansible_ssh_pass
      ssh 密码(这种方式并不安全,我们强烈建议使用 --ask-pass 或 SSH 密钥)
 
ansible_sudo_pass
      sudo 密码(这种方式并不安全,我们强烈建议使用 --ask-sudo-pass)
 
ansible_sudo_exe (new in version 1.8)
      sudo 命令路径(适用于1.8及以上版本)
 
ansible_connection
      与主机的连接类型.比如:local, ssh 或者 paramiko. Ansible 1.2 以前默认使用 paramiko.1.2 以后默认使用 'smart','smart' 方式会根据是否支持 ControlPersist, 来判断'ssh' 方式是否可行.
 
ansible_ssh_private_key_file
      ssh 使用的私钥文件.适用于有多个密钥,而你不想使用 SSH 代理的情况.
 
ansible_shell_type
      目标系统的shell类型.默认情况下,命令的执行使用 'sh' 语法,可设置为 'csh' 或 'fish'.
 
ansible_python_interpreter
      目标主机的 python 路径.适用于的情况: 系统中有多个 Python, 或者命令路径不是"/usr/bin/python",比如  \*BSD, 或者 /usr/bin/python
      不是 2.X 版本的 Python.我们不使用 "/usr/bin/env" 机制,因为这要求远程用户的路径设置正确,且要求 "python" 可执行程序名不可为 python以外的名字(实际有可能名为python26).
 
      与 ansible_python_interpreter 的工作方式相同,可设定如 ruby 或 perl 的路径....

需要执行的playbook配置

例子:

1
2
3
4
5
6
- hosts: goldeneye-test
  vars:
    ENV: "test"
    s3_path: "log"
  roles:
    - goldeneye

这里附一个对应的inventory文件的例子:

1
2
3
4
5
6
7
[goldeneye-test] # 主机组名字
52.204.76.3 
[goldeneye-test:vars] # 主机组对应的配置
ansible_ssh_private_key_file=~/.ssh/websocketserver_goldeneye.pem
ansible_ssh_user=ubuntu
region=us

最开始有这个项目的tree,下面的解释可以对照着看。

解释:

  • hosts就是我们hosts文件里定义的主机和主机组名字,比如这里就是 inventory里的 goldeneye-test
  • roles:后面会讲到,会有一个roles的文件夹,放置的是对应的playbook的role,这个就是这个playbook需要执行的role的列表
  • vars: 会在运行的role中用到的变量值

git克隆问题

1
2
3
4
5
6
7
8
9
https://codeday.me/bug/20181107/358872.html
- name: be sure prom-king has an up-to-date clone of its own repository
  git:
    repo: "ssh://[email protected]/prom-king.git"
    dest: /home/promking/prom-king
    accept_hostkey: yes
    clone: yes
    key_file: /home/promking/.ssh/id_rsa.pub
    update: yes

使用用户名和密码

1
2
git clone https://fupeng.li.dev%40gmail.com:这里放我的密码@github.com/immotal/my_test.git
注意,为了识别出来,邮箱的中间需要把@换成 %40 来处理

使用 person access token

1
2
git clone https://oauth2:这里放我的[email protected]/immotal/my_test.git
access token 需要在github或者gitlab的个人头像处设置。

简单例子:

一个本地运行的playbook(如果是在本地机器运行的命令,需要添加local参数)
这个小例子完成了一个Python程序打包之后,上传到需要部署的机器上去的步骤

1
2
3
# hosts (inventry)
[local]
127.0.0.1 ansible_connection=local
1
2
3
4
5
6
# build.yml
- hosts: local
  vars:
    ENV: "test"
  roles:
    - local
1
2
3
# 执行的命令 , hosts 是上面那个 hosts 文件,build.yml 是上线那个文件
VERSION = master
ansible-playbook -i hosts -f 5 -e "console_version=$(VERSION)" build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# local/task
# 其中{{}}中的变量存放在 local/vars中
- name: Build Strategy Code
  connection: local
  command: chdir={{ STRATEGY_DIR }}  {{ PYTHON_ENV }} setup.py sdist
- name: SCP Strategy To Remote Machine
  connection: local
  command: chdir={{ DIST_DIR }} scp rock_strategy-{{ STRATEGY_VERSION }}.tar.gz {{ TEST_MACHINE }}
- name: Build Rock Code
  connection: local
  command: chdir={{ ROCK_DIR }}  {{ PYTHON_ENV }} setup.py sdist
- name: SCP Rock To Remote Machine
  connection: local
  command: chdir={{ ROCK_DIST_DIR }} scp Rock-{{ ROCK_VERSION }}.tar.gz {{ TEST_MACHINE }}
分享到: 收藏夹 复制网址 邮件 微信 QQ空间 腾讯微博 豆瓣 一键分享 更多