1、 编写yaml格式inventory文件
1.1 ansible支持的inventory文件格式
从ansible2.4版本以后,ansible开始支持YAML格式的inventory文件,只需要在配置文件中打开inventory插件,就能支持YAML格式inventory,ansible配置文件默认支持一些其他格式的inventory文件。
可以通过ansible.cfg中在inventory选项加入enable_plugins支持一些格式的inventory文件,默认支持host_list, script, auto, yaml, ini, toml
[student@workstation ~]$ vim /etc/ansible/ansible.cfg
[inventory]
# enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml'
# enable_plugins = host_list, virtualbox, yaml, constructed
# ignore these extensions when parsing a directory as inventory source
#ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry
# ignore files matching these patterns when parsing a directory as inventory source
#ignore_patterns=
# If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise.
#unparsed_is_failed=False
1.2 列出主机清单
ansible-inventory --graph #图标方式列出来
[student@workstation development-practices]$ ansible-inventory --graph
@all:
|--@lb_servers:
| |--servera.lab.example.com
|--@region_eu:
| |--serverc.lab.example.com
|--@ungrouped:
|--@web_servers:
| |--serverb.lab.example.com
| |--serverc.lab.example.com
1.3 INI格式inventory文件
[lb_servers]
servera.lab.example.com
[web_servers]
serverb.lab.example.com
serverc.lab.example.com
[web_servers:vars]
alternate_server=serverd.lab.example.com
[backend_server_pool]
server[b:f].lab.example.com
[student@workstation development-practices]$ ansible-inventory -i origin_inventory --graph
@all:
|--@backend_server_pool:
| |--serverb.lab.example.com
| |--serverc.lab.example.com
| |--serverd.lab.example.com
| |--servere.lab.example.com
| |--serverf.lab.example.com
|--@lb_servers:
| |--servera.lab.example.com
|--@ungrouped:
|--@web_servers:
| |--serverb.lab.example.com
| |--serverc.lab.example.com
1.4 YAML格式inventory文件
YAML格式的inventory文件符合ansible最佳实践的原则,同时yaml格式文件的可读性和效率也比ini格式的inventory文件好一些
lb_servers:
hosts:
servera.lab.example.com:
web_servers:
hosts:
serverb.lab.example.com:
serverc.lab.example.com:
backend_server_pool:
hosts:
server[b:f].lab.example.com:
# 使用-i参数列出yaml格式的inventory文件
[student@workstation development-practices]$ ansible-inventory -i yaml_inventory.yml --graph
@all:
|--@backend_server_pool:
| |--serverb.lab.example.com
| |--serverc.lab.example.com
| |--serverd.lab.example.com
| |--servere.lab.example.com
| |--serverf.lab.example.com
|--@lb_servers:
| |--servera.lab.example.com
|--@ungrouped:
|--@web_servers:
| |--serverb.lab.example.com
| |--serverc.lab.example.com
1.5 YAML格式inventory文件说明
-
每一行以冒号(:)结尾
-
拥有层级关系(组名--hosts--主机)
-
也可以使用关键字children表示子组
-
默认情况all参数包含所有主机,但是all关键字要和children关键字一起使用
all:
children:
lb_servers:
hosts:
servera.lab.example.com:
web_servers:
hosts:
serverb.lab.example.com:
[student@workstation development-practices]$ ansible-inventory -i yaml_children.yml --graph
@all:
|--@lb_servers:
| |--servera.lab.example.com
|--@ungrouped:
|--@web_servers:
| |--serverb.lab.example.com
1.6 设置inventory变量
可以在YAML中设置inventory变量,就像你在INI格式文件中那样配置变量。
大多数情况下,最佳实践要求尽可能避免将变量信息存放在inventory静态文件中。变量信息可以存放在inventory中,inventory文件目录下hosts_vars或则group_vars文件中。也可以使用ansible_port或ansible_connection这类ansible变量中,尽量不要要将变量文件放在多个位置,后期维护的时候将很难找到它们的存放位置,不利于维护。
在group block中,可以使用vars关键字在YAML文件中设置变量
# ini格式
[monitoring]
watcher.lab.example.com
[monitoring:vars]
smtp_relay: smtp.lab.example.com
# YAML格式
monitoring:
hosts:
watcher.lab.example.com
vars:
smtp_relay: smtp.lab.example.com
在变量文件中设置变量
[workstations]
workstation.lab.example.com
localhost ansible_connection=local
host.lab.example.com
workstations:
hosts:
worktstation.lab.example.com:
localhost:
ansible_connection: local
host.lab.exampel.com:
1.7 INI格式转为YAML格式
可以通过命令快速将INI格式的inventory文件转为YAML格式的inventory文件,虽然转换的时候可能有一些问题,不过不影响使用,可以很大程度节省手动将大量INI转成YAML的时间。
ansible-inventory --yaml -i INI格式 --list --output YAML格式
[student@workstation development-practices]$ cat inventory
[lb_servers]
servera.lab.example.com
[web_servers]
server[b:c].lab.example.com
[region_eu]
serverc.lab.example.com
[student@workstation development-practices]$ ansible-inventory --yaml -i inventory --list --output inventory_new.yml
[student@workstation development-practices]$ cat inventory_new.yml
all:
children:
lb_servers:
hosts:
servera.lab.example.com:
haproxy_appservers:
- ip: 172.25.250.11
name: serverb.lab.example.com
- ip: 172.25.250.12
name: serverc.lab.example.com
region_eu:
hosts:
serverc.lab.example.com:
webapp_message: Hello from Europe. This is
ungrouped: {}
web_servers:
hosts:
serverb.lab.example.com: {}
serverc.lab.example.com: {}
该YAML格式inventory文件手写如下
all:
children:
lb_servers:
hosts:
servera.lab.example.com:
haproxy_appservers:`
- ip: 172.25.250.11
name: serverb.lab.example.com
- ip: 172.25.250.12
name: serverc.lab.example.com
region_eu:
hosts:
serverc.lab.example.com:
webapp_message: Hello from Europe. This is
ungrouped: {}
web_servers:
hosts:
server[b:c ].lab.example.com: {}
使用yaml格式inventory文件查看主机
[student@workstation development-practices]$ ansible-inventory -i inventory_new.yml --graph
@all:
|--@lb_servers:
| |--servera.lab.example.com
|--@region_eu:
| |--serverc.lab.example.com
|--@ungrouped:
|--@web_servers:
| |--serverb.lab.example.com
| |--serverc.lab.example.com
1.8 YAML格式排障
冒号后跟了空格
(x) 一行多个冒号 title: hello: xiaoming
(√) 冒号后没有空格 title: hello:xiaoming
(√) 使用引号括起来 simple: 'hello xiaoming : good'
(√) 使用双引号括起来 simple: "hello xiaoming : good"
使用{{ 变量 }},表示变量
(x) 单引号会被解释成字典 { good }
(√)双引号会被解释称变量 {{ good }}
(√)一段话使用变量用双引号括起来 "hello {{ xiaoming }}"
了解ansible识别字符串、布尔值、浮点数
default_answer: yes # 布尔值
default_float: 1.5 # 浮点数
default_name: "xiaoming" #字符串
1.9 编写YAML格式inventory文件练习
1.9.1 实验要求
- 开启实验
- 将inventory文件复制inventory.yml
- 编辑inventory.yml文件,转化成YAML格式
- 通过ad hoc命令,ping测试all servers组
- 实验结束
1.9.2 实验
[student@workstation ~]$ lab inventory-yaml start
Setting up workstation for the Guided Exercise: Writing inventory files in YAML
· Downloading starter project................................. SUCCESS
· Downloading solution project................................ SUCCESS
Setup successful. Please proceed with the exercise.
[student@workstation inventory-yaml]$ cat inventory
[active_web_servers]
server[b:c].lab.example.com
[inactive_web_servers]
server[d:f].lab.example.com
[region_eu]
serverc.lab.example.com
serverf.lab.example.com
[web_servers:children]
active_web_servers
inactive_web_servers
[all_servers]
servera.lab.example.com
[all_servers:children]
web_servers
[student@workstation inventory-yaml]$ cat inventory.yml
all_servers:
hosts:
servera.lab.example.com:
children:
web_servers:
children:
active_web_servers:
hosts:
server[b:c].lab.example.com:
inactive_web_servers:
hosts:
server[d:f].lab.example.com:
region_eu:
hosts:
serverc.lab.example.com:
serverf.lab.example.com:
[student@workstation inventory-yaml]$ ansible-inventory -i inventory.yml --graph
@all:
|--@all_servers:
| |--@web_servers:
| | |--@active_web_servers:
| | | |--serverb.lab.example.com
| | | |--serverc.lab.example.com
| | |--@inactive_web_servers:
| | | |--serverd.lab.example.com
| | | |--servere.lab.example.com
| | | |--serverf.lab.example.com
| |--servera.lab.example.com
|--@region_eu:
| |--serverc.lab.example.com
| |--serverf.lab.example.com
|--@ungrouped:
[student@workstation inventory-yaml]$ ansible -i inventory.yml all_servers -m ping
servera.lab.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
serverb.lab.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
serverc.lab.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
servere.lab.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
serverd.lab.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
serverf.lab.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[student@workstation inventory-yaml]$ lab inventory-yaml finish
Cleaning up the lab for Guided Exercise: Writing inventory files in YAML
· Cleaning lab files.......................................... SUCCESS
· Cleaning solutions files.................................... SUCCESS
2、 管理INVENTORY变量
2.1 变量最佳实践
变量可以在tasks、roles和playbook中,它允许你在不同的操作系统下进行不同的配置,变量可以设置在如下几个位置:
- roles下default和vars目录
- 在inventory文件编辑host和group变量
- 在group_vars和host_vars目录下
- 在play、role、task中
| 变量定义最佳实践 | 说明 |
|---|---|
| keep it simple | 保持简单 |
| don't repeat yourself | 不要做重复的事情 |
| organize variables in small, readable file | 打散保证易读性 |
2.2 变量合并和优先级
尽管变量可以放置在多个位置,不过还是建议将变量放置在一处,如果变量放在多个位置,它们的优先级将会不同。
一般情况下,限定范围越小,变量的优先级越高
优先级从低到高:
- 命令行参数(除了-e以外,优先级是最低的)
- Role中的default目录
- host和group变量
- inventory文件中
- inventory中group_vars/all下
- playbook中group_vars/all下
- inventory中group_vars下
- playbook中group_vars下
- 动态inventory文件
- inventory中host_vars下
- playbook中host_vars下
- fact变量
- playbook文件中定义变量
- 设置var选项
- 设置vars_prompt选项
- 设置role下/vars/
- block块下
- task下的vars选项
- include_var模块加载变量
- set_fact模块 或 register关键字
- include_role模块加载role
- include_tasks加载tasks
- 命令行参数-e,指定变量
2.3 从inventory分离变量
静态inventory中定义变量如果把变量集中一处,后期难以维护,如果在inventory目录下定义一个个装有变量的文件,并且根据使用环境给出名字,将可以很好的解决后期维护的问题。
变量的最佳实践:将一个大的变量文件,分成若干个小的文件。
- 项目较小可以分离成如下形式
[student@workstation ~]$ tree group_vars/
group_vars/
├── db_servers.yml
├── lb_servers.yml
└── web_servers.yml
0 directories, 3 files
- 项目较大可以写成如下形式
[student@workstation ~]$ tree group_vars/
group_vars/
├── all
│ └── common.yml
├── db_servers
│ ├── firewall.yml
│ └── mysql.yml
├── lb_servers
│ ├── firewall.yml
│ ├── haproxy.yml
│ └── ssl.yml
└── web_servers
├── apache.yml
├── firewall.yml
└── webapp.yml
4 directories, 9 files
2.4 特殊的inventory变量
| 变量名 | 说明 |
|---|---|
| ansible_connection | 连接方式(使用ssh、local或其他方式) |
| ansible_host | 使用指定IP或域名连接 |
| ansible_port | 使用指定端口连接 |
| ansible_user | 连接到XX用户 |
| ansible_become_user | 提权到XX用户 |
| ansible_python_interpreter | 指定python版本 |
2.5 指定易读的inventory名称
主机名如果是server100、server200、server300这样定义的,阅读起来非常不便,可以通过指定主机名,提高可读性,利于后期维护。
# 不清楚主机是干啥的
web_servers:
hosts:
server100.example.com
server101.example.com
server102.example.com
lb_servers:
hosts:
server103.example.com
# 指定主机名称
web_servers:
hosts:
web_server1:
ansible_host: server100.example.com:
web_server2:
ansible_host: server101.example.com:
web_server3:
ansible_host: server102.example.com:
lb_servers:
hosts:
loadbalancer:
ansible_hosts: server103.example.com:
2.6 使用变量识别主机
运行play的时候,可以使用一些变量识别托管的主机
| 变量名 | 说明 |
|---|---|
| inventory_hostname | inventory清单中主机名 |
| ansible_host | 主机IP地址或主机名 |
| ansible_facts['hostname'] | 主机名 |
| ansible_facts['fqdn'] | 完全限定域名 |
2.7 管理inventory变量练习
2.7.1 实验要求
- 开启实验
- 创建git-repo目录
- 克隆http://git.lab.example.com:8081/git/inventory-variables.git
- 进入inventory-variables目录
- 创建group_vars目录,进入目录创建lb_servers和web_servers目录
- 阅读deploy_haproxy.yml文件
- 将firewall规则加入gruop_vars/lb_servers/firewall.yml
- 将haproxy_appservers变量加入gruop_vars/lb_servers/deploy_haproxy.yml
- 编辑deploy_haproxy.yml移除变量
- 阅读deploy_apache.yml文件
- 将firewall变量放入gruop_vars/web_servers/firewall.yml
- 移除deploy_apache.yml中firewall变量
- 编辑inventory.yml文件
- 给主机servera起名:load_balancer
- 使用ansible-playbook运行site.yml
- 使用git追踪+提交+上传
- 结束实验
2.7.2 实验
# 开启实验环境
[student@workstation ~]$ lab inventory-variables start
Setting up the lab for the Guided Exercise: Managing Inventory Variables
· Checking python on remote hosts............................. SUCCESS
· Installing git.............................................. SUCCESS
· Installing tree............................................. SUCCESS
· Configuring Git............................................. SUCCESS
· Configuring Git credentials................................. SUCCESS
· Adding content to git repo.................................. SUCCESS
# 创建目录,克隆git
[student@workstation ~]# mkdir -p git-repos
[student@workstation ~]# ls
gitrc git-repos
[student@workstation ~]# cd git-repos/
[student@workstation git-repos]# git clone http://git.lab.example.com:8081/git/inventory-variables.git
Cloning into 'inventory-variables'...
remote: Enumerating objects: 53, done.
remote: Counting objects: 100% (53/53), done.
remote: Compressing objects: 100% (37/37), done.
remote: Total 53 (delta 6), reused 0 (delta 0)
Unpacking objects: 100% (53/53), done.
[student@workstation git-repos]# ls
inventory-variables
[student@workstation git-repos]# cd inventory-variables/
[student@workstation inventory-variables (master)]# ls
ansible.cfg deploy_apache.yml deploy_haproxy.yml deploy_webapp.yml inventory.yml roles site.yml
[student@workstation inventory-variables (master)]# mkdir group_vars
[student@workstation inventory-variables (master)]# cd group_vars/
[student@workstation group_vars (master)]# ls
[student@workstation group_vars (master)]# mkdir {lb,web}_server
[student@workstation group_vars (master)]# ls
lb_server web_server
# 查看文件内容
[student@workstation inventory-variables (master)]# cat deploy_haproxy.yml
- name: Ensure HAProxy is deployed
hosts: lb_servers
force_handlers: True
roles:
# The "haproxy" role has a dependency on the "firewall" role.
# The "firewall" role requires a "firewall_rules" variable be defined.
- role: haproxy
firewall_rules:
# Allow 80/tcp connections
- port: 80/tcp
haproxy_appservers:
- name: serverb.lab.example.com
ip: 172.25.250.11
backend_port: 80
- name: serverc.lab.example.com
ip: 172.25.250.12
backend_port: 80
# 将变量信息移动到firewall.yml中
[student@workstation inventory-variables (master)]# cat group_vars/lb_server/firewall.yml
firewall_rules:
# Allow 80/tcp connections
- port: 80/tcp
# 将变量信息移动到deploy_haproxy.yml中
[student@workstation inventory-variables (master)]# cat group_vars/lb_server/deploy_haproxy.yml
haproxy_appservers:
- name: serverb.lab.example.com
ip: 172.25.250.11
backend_port: 80
- name: serverc.lab.example.com
ip: 172.25.250.12
backend_port: 80
# 删除变量信息,留下role信息
[student@workstation inventory-variables (master *)]# cat deploy_haproxy.yml
- name: Ensure HAProxy is deployed
hosts: lb_servers
force_handlers: True
roles:
# The "haproxy" role has a dependency on the "firewall" role.
# The "firewall" role requires a "firewall_rules" variable be defined.
- role: haproxy
# 将变量信息写入firewall.yml文件
[student@workstation inventory-variables (master *)]# touch group_vars/web_server/firewall.yml
[student@workstation inventory-variables (master *)]# cat > group_vars/web_server/firewall.yml <<END
> firewall_rules:
> # Allow http requests from the load_balancer.
> - zone: internal
> service: http
> source: "172.25.250.10"
> END
[student@workstation inventory-variables (master *)]# cat group_vars/web_server/firewall.yml
firewall_rules:
# Allow http requests from the load_balancer.
- zone: internal
service: http
source: "172.25.250.10"
# 删除变量信息,留下role
[student@workstation inventory-variables (master *)]# cat deploy_apache.yml
- name: Ensure Apache is deployed
hosts: web_servers
force_handlers: True
roles:
# The "apache" role has a dependency on the "firewall" role.
# The "firewall" role requires a "firewall_rules" variable be defined.
- role: apache
# 给inventory文件中主机添加名称
[student@workstation inventory-variables (master *)]# cat inventory.yml
lb_servers:
hosts:
load_balancer:
ansible_host: servera.lab.example.com
web_servers:
hosts:
web_server1:
ansible_host: serverb.lab.example.com
web_server2:
ansible_host: serverc.lab.example.com
# 测试连通性
[student@workstation inventory-variables (master *)]# ansible all -i inventory.yml -m ping
web_server2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
load_balancer | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
web_server1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[student@workstation inventory-variables (master *)]# ansible-inventory --graph
@all:
|--@lb_servers:
| |--load_balancer
|--@ungrouped:
|--@web_servers:
| |--web_server1
| |--web_server2
# 查看并运行site.yml
[student@workstation inventory-variables (master)]# cat site.yml
- name: Deploy HAProxy
import_playbook: deploy_haproxy.yml
- name: Deploy Web Server
import_playbook: deploy_apache.yml
- name: Deploy Web App
import_playbook: deploy_webapp.yml
[student@workstation inventory-variables (master *)]# ansible-playbook site.yml
PLAY [Ensure HAProxy is deployed] ****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [load_balancer]
TASK [firewall : Ensure Firewall Sources Configuration] ******************************************************************************
TASK [haproxy : Ensure haproxy packages are present] *********************************************************************************
changed: [load_balancer]
TASK [haproxy : Ensure haproxy is started and enabled] *******************************************************************************
changed: [load_balancer]
TASK [haproxy : Ensure haproxy configuration is set] *********************************************************************************
changed: [load_balancer]
RUNNING HANDLER [haproxy : reload haproxy] *******************************************************************************************
changed: [load_balancer]
PLAY [Ensure Apache is deployed] *****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [web_server1]
ok: [web_server2]
TASK [firewall : Ensure Firewall Sources Configuration] ******************************************************************************
TASK [apache : Install http] *********************************************************************************************************
changed: [web_server1]
changed: [web_server2]
TASK [apache : Configure SELinux to allow httpd to connect to remote database] *******************************************************
changed: [web_server2]
changed: [web_server1]
TASK [apache : http service state] ***************************************************************************************************
changed: [web_server1]
changed: [web_server2]
PLAY [Ensure Web App is deployed] ****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [web_server1]
ok: [web_server2]
TASK [webapp : Copy a stub file.] ****************************************************************************************************
changed: [web_server1]
changed: [web_server2]
PLAY RECAP ***************************************************************************************************************************
load_balancer : ok=5 changed=4 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
web_server1 : ok=6 changed=4 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
web_server2 : ok=6 changed=4 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
# git上传
[student@workstation inventory-variables (master *)]# git status
On branch master
Your branch is up to date with 'origin/master'.
Changes not staged for commit:
(use "git add <file>..." to update what will be committed)
(use "git checkout -- <file>..." to discard changes in working directory)
modified: deploy_apache.yml
modified: deploy_haproxy.yml
modified: inventory.yml
Untracked files:
(use "git add <file>..." to include in what will be committed)
group_vars/
no changes added to commit (use "git add" and/or "git commit -a")
[student@workstation inventory-variables (master *)]# git add -A
[student@workstation inventory-variables (master +)]# git commit -m "Use group vars for author mmx"
[master 1203eb6] Use group vars for author mmx
6 files changed, 21 insertions(+), 22 deletions(-)
create mode 100644 group_vars/lb_server/deploy_haproxy.yml
create mode 100644 group_vars/lb_server/firewall.yml
create mode 100644 group_vars/web_server/firewall.yml
[student@workstation inventory-variables (master)]# git push
Enumerating objects: 15, done.
Counting objects: 100% (15/15), done.
Delta compression using up to 4 threads.
Compressing objects: 100% (10/10), done.
Writing objects: 100% (11/11), 1.10 KiB | 564.00 KiB/s, done.
Total 11 (delta 3), reused 0 (delta 0)
To http://git.lab.example.com:8081/git/inventory-variables.git
b1d72e9..1203eb6 master -> master
[student@workstation inventory-variables (master)]# git log
commit 1203eb6bc3a8570209b2a56d6550a0febe858079 (HEAD -> master, origin/master, origin/HEAD)
Author: Git Lab <git@lab.example.com>
Date: Mon Oct 3 23:22:24 2022 +0800
Use group vars for author mmx
commit b1d72e956e9802737f6490a3ce3ca3c7a1a30813
Author: Root User <root@localhost>
Date: Mon Oct 3 17:50:18 2022 +0800
Adding files
# 实验结束
[student@workstation inventory-variables (master)]# lab inventory-variables finish
Cleaning up the lab for the Guided Exercise: Managing Inventory Variables
· Cleaning lab files.......................................... SUCCESS
· Cleaning solutions files.................................... SUCCESS
· Cloning the inventory-variables repository.................. SUCCESS
· Retrieving cleanup playbook................................. SUCCESS
· Executing cleanup playbook.................................. SUCCESS
· Removing temporary repository clone......................... SUCCESS
3、 综合实验
3.1 实验要求
- 开启实验环境
- 进入git-repos目录,使用git克隆实验环境
- 阅读inventory文件,和site.yml文件,执行site.yml文件
- 在group_vars目录下创建a_web_servers目录和b_web_servers目录
- 在a_web_servers目录创建文件webapp.yml变量文件包含变量webapp_version:v1.1a
- 在b_web_servers目录创建文件webapp.yml变量文件包含变量webapp_version:v1.1b
- 运行deploy_webapp.yml文件,使用curl servera查看负载均衡服务器时候能正常使用
- git追踪+提交新版本
- 创建一个新的inventory.yml文件
- 参照inventory文件作出修改
- 运行site.yml文件
- 修改inventory.yml文件,给主机命名
- 运行site.yml文件,发现名称已制定
- 确认无误后,git追踪+提交+上传
- 判断成绩,实验结束
3.2 实验
[student@workstation ~]# lab inventory-review start
Setting up workstation for the Lab: Managing Inventories
· Checking python on remote hosts............................. SUCCESS
· Installing git.............................................. SUCCESS
· Installing tree............................................. SUCCESS
· Configuring Git............................................. SUCCESS
· Configuring Git credentials................................. SUCCESS
· Adding content to Git repo.................................. SUCCESS
[student@workstation ~]# ls
gitrc git-repos
[student@workstation ~]# cd git-repos/
[student@workstation git-repos]# git clone http://git.lab.example.com:8081/git/inventory-review.git
Cloning into 'inventory-review'...
remote: Enumerating objects: 56, done.
remote: Counting objects: 100% (56/56), done.
remote: Compressing objects: 100% (42/42), done.
remote: Total 56 (delta 5), reused 0 (delta 0)
Unpacking objects: 100% (56/56), done.
[student@workstation git-repos]# ls
inventory-review inventory-variables
[student@workstation git-repos]# cd inventory-review/
[student@workstation inventory-review (master)]# ls
ansible.cfg appservers.yml deploy_apache.yml deploy_haproxy.yml deploy_webapp.yml group_vars inventory roles site.yml
[student@workstation inventory-review (master)]# cat inventory
[lb_servers]
servera.lab.example.com
[web_servers]
[web_servers:children]
a_web_servers
b_web_servers
# Group "A" of Web Servers
[a_web_servers]
serverb.lab.example.com
# Group "B" of Web Servers
[b_web_servers]
serverc.lab.example.com
[student@workstation inventory-review (master)]# cat site.yml
- name: Deploy HAProxy
import_playbook: deploy_haproxy.yml
- name: Deploy Web Server
import_playbook: deploy_apache.yml
- name: Deploy Web App
import_playbook: deploy_webapp.yml
[student@workstation inventory-review (master)]# ansible-playbook site.yml
PLAY [Ensure HAProxy is deployed] ****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [servera.lab.example.com]
TASK [firewall : Ensure Firewall Sources Configuration] ******************************************************************************
changed: [servera.lab.example.com] => (item={'port': '80/tcp'})
TASK [haproxy : Ensure haproxy packages are present] *********************************************************************************
changed: [servera.lab.example.com]
TASK [haproxy : Ensure haproxy is started and enabled] *******************************************************************************
changed: [servera.lab.example.com]
TASK [haproxy : Ensure haproxy configuration is set] *********************************************************************************
changed: [servera.lab.example.com]
RUNNING HANDLER [firewall : reload firewalld] ****************************************************************************************
changed: [servera.lab.example.com]
RUNNING HANDLER [haproxy : reload haproxy] *******************************************************************************************
changed: [servera.lab.example.com]
PLAY [Ensure Apache is deployed] *****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [serverc.lab.example.com]
ok: [serverb.lab.example.com]
TASK [firewall : Ensure Firewall Sources Configuration] ******************************************************************************
changed: [serverb.lab.example.com] => (item={'zone': 'internal', 'service': 'http', 'source': '172.25.250.10'})
changed: [serverc.lab.example.com] => (item={'zone': 'internal', 'service': 'http', 'source': '172.25.250.10'})
TASK [apache : Ensure httpd packages are installed] **********************************************************************************
changed: [serverc.lab.example.com]
changed: [serverb.lab.example.com]
TASK [apache : Ensure SELinux allows httpd connections to a remote database] *********************************************************
ok: [serverc.lab.example.com]
ok: [serverb.lab.example.com]
TASK [apache : Ensure httpd service is started and enabled] **************************************************************************
changed: [serverc.lab.example.com]
changed: [serverb.lab.example.com]
RUNNING HANDLER [firewall : reload firewalld] ****************************************************************************************
changed: [serverb.lab.example.com]
changed: [serverc.lab.example.com]
PLAY [Ensure Web App is deployed] ****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [serverb.lab.example.com]
ok: [serverc.lab.example.com]
TASK [webapp : Ensure stub web content is deployed] **********************************************************************************
changed: [serverc.lab.example.com]
changed: [serverb.lab.example.com]
PLAY RECAP ***************************************************************************************************************************
servera.lab.example.com : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverb.lab.example.com : ok=8 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverc.lab.example.com : ok=8 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[student@workstation inventory-review (master)]# curl servera
Hello from serverb.lab.example.com. (version v1.1)
[student@workstation inventory-review (master)]# curl servera
Hello from serverc.lab.example.com. (version v1.1
[student@workstation inventory-review (master)]# mkdir group_vars/{a,b}_web_servers
[student@workstation inventory-review (master)]# ls group_vars/
a_web_servers b_web_servers lb_servers web_servers
[student@workstation inventory-review (master)]# cat group_vars/a_web_servers/webapp.yml
webapp_version: v1.1a
[student@workstation inventory-review (master)]# cat group_vars/b_web_servers/webapp.yml
webapp_version: v1.1b
# 重新运行deploy_webapp.yml
[student@workstation inventory-review (master)]# ansible-playbook deploy_webapp.yml
PLAY [Ensure Web App is deployed] ****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [serverc.lab.example.com]
ok: [serverb.lab.example.com]
TASK [webapp : Ensure stub web content is deployed] **********************************************************************************
changed: [serverc.lab.example.com]
changed: [serverb.lab.example.com]
PLAY RECAP ***************************************************************************************************************************
serverb.lab.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverc.lab.example.com : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
# 测试负载均衡服务器是否回显不同
[student@workstation inventory-review (master)]# curl servera
Hello from serverb.lab.example.com. (version v1.1a)
[student@workstation inventory-review (master)]# curl servera
Hello from serverc.lab.example.com. (version v1.1b)
# git追踪+提交
[student@workstation inventory-review (master)]# git status
On branch master
Your branch is up to date with 'origin/master'.
Untracked files:
(use "git add <file>..." to include in what will be committed)
group_vars/a_web_servers/
group_vars/b_web_servers/
nothing added to commit but untracked files present (use "git add" to track)
[student@workstation inventory-review (master)]# git add -A
[student@workstation inventory-review (master +)]# git status
On branch master
Your branch is up to date with 'origin/master'.
Changes to be committed:
(use "git reset HEAD <file>..." to unstage)
new file: group_vars/a_web_servers/webapp.yml
new file: group_vars/b_web_servers/webapp.yml
[student@workstation inventory-review (master +)]# git commit -m "Create variable file for the A and B groups."
[master 1f5b780] Create variable file for the A and B groups.
2 files changed, 2 insertions(+)
create mode 100644 group_vars/a_web_servers/webapp.yml
create mode 100644 group_vars/b_web_servers/webapp.yml
[student@workstation inventory-review (master)]# cat inventory
[lb_servers]
servera.lab.example.com
[web_servers]
[web_servers:children]
a_web_servers
b_web_servers
# Group "A" of Web Servers
[a_web_servers]
serverb.lab.example.com
# Group "B" of Web Servers
[b_web_servers]
serverc.lab.example.com
# 编辑invenory文件,改为yaml格式
[student@workstation inventory-review (master)]# cat inventory.yml
web_servers:
children:
a_web_servers:
hosts:
serverb.lab.example.com:
b_web_servers:
hosts:
serverc.lab.example.com:
lb_servers:
hosts:
serverc.lab.example.com:
# 检查时候和INI格式一致
[student@workstation inventory-review (master)]# ansible-inventory -i inventory.yml --graph
@all:
|--@lb_servers:
| |--serverc.lab.example.com
|--@ungrouped:
|--@web_servers:
| |--@a_web_servers:
| | |--serverb.lab.example.com
| |--@b_web_servers:
| | |--serverc.lab.example.com
# 给主机命名,后期方便维护
[student@workstation inventory-review (master)]# cat inventory.yml
web_servers:
children:
a_web_servers:
hosts:
backend_a1:
ansible_host: serverb.lab.example.com
b_web_servers:
hosts:
backend_b1:
ansible_host: serverc.lab.example.com
lb_servers:
hosts:
loadbalancer_1:
ansible_host: servera.lab.example.com
[student@workstation inventory-review (master)]# ansible-inventory -i inventory.yml --graph
@all:
|--@lb_servers:
| |--loadbalancer_1
|--@ungrouped:
|--@web_servers:
| |--@a_web_servers:
| | |--backend_a1
| |--@b_web_servers:
| | |--backend_b1
# 重新执行site.yml,发现名字已更改
[student@workstation inventory-review (master +)]# ansible-playbook site.yml -i inventory.yml
PLAY [Ensure HAProxy is deployed] ****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [loadbalancer_1]
TASK [firewall : Ensure Firewall Sources Configuration] ******************************************************************************
ok: [loadbalancer_1] => (item={'port': '80/tcp'})
TASK [haproxy : Ensure haproxy packages are present] *********************************************************************************
ok: [loadbalancer_1]
TASK [haproxy : Ensure haproxy is started and enabled] *******************************************************************************
ok: [loadbalancer_1]
TASK [haproxy : Ensure haproxy configuration is set] *********************************************************************************
ok: [loadbalancer_1]
PLAY [Ensure Apache is deployed] *****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [backend_b1]
ok: [backend_a1]
TASK [firewall : Ensure Firewall Sources Configuration] ******************************************************************************
ok: [backend_a1] => (item={'zone': 'internal', 'service': 'http', 'source': '172.25.250.10'})
ok: [backend_b1] => (item={'zone': 'internal', 'service': 'http', 'source': '172.25.250.10'})
TASK [apache : Ensure httpd packages are installed] **********************************************************************************
ok: [backend_b1]
ok: [backend_a1]
TASK [apache : Ensure SELinux allows httpd connections to a remote database] *********************************************************
ok: [backend_b1]
ok: [backend_a1]
TASK [apache : Ensure httpd service is started and enabled] **************************************************************************
ok: [backend_a1]
ok: [backend_b1]
PLAY [Ensure Web App is deployed] ****************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [backend_a1]
ok: [backend_b1]
TASK [webapp : Ensure stub web content is deployed] **********************************************************************************
changed: [backend_b1]
changed: [backend_a1]
PLAY RECAP ***************************************************************************************************************************
backend_a1 : ok=7 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
backend_b1 : ok=7 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
loadbalancer_1 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
# git追踪inventory.yml文件,提交。上传
[student@workstation inventory-review (master)]# git status
On branch master
Your branch is ahead of 'origin/master' by 1 commit.
(use "git push" to publish your local commits)
Untracked files:
(use "git add <file>..." to include in what will be committed)
inventory.yml
nothing added to commit but untracked files present (use "git add" to track)
[student@workstation inventory-review (master)]# git add inventory.yml
[student@workstation inventory-review (master +)]# git commit -m "Added YAML inventory"
[master 2d7222d] Added YAML inventory
1 file changed, 14 insertions(+)
create mode 100644 inventory.yml
[student@workstation inventory-review (master)]# git push
Enumerating objects: 12, done.
Counting objects: 100% (12/12), done.
Delta compression using up to 4 threads.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (10/10), 920 bytes | 460.00 KiB/s, done.
Total 10 (delta 2), reused 0 (delta 0)
To http://git.lab.example.com:8081/git/inventory-review.git
64c8d7d..2d7222d master -> master
# 判断成绩
[student@workstation inventory-review (master)]# lab inventory-review grade
Grading the student's work for the Lab: Managing Inventories
Setting up to Grade
· Cloning the inventory-review repository..................... SUCCESS
· Retrieving grading playbook................................. SUCCESS
Grading Criteria
· Variable file webapp.yml exists for A/B groups.............. PASS
· Correct value for 'webapp_version' in A/B variable files.... PASS
· Backend server names match 'backend_{a,b}N'................. PASS
· site.yml executes using inventory.yml....................... PASS
· Backend server response is the correct version.............. PASS
Cleaning Up from Grading
· Removing temporary repository clone......................... SUCCESS
# 结束实验
[student@workstation inventory-review (master)]# lab inventory-review finish
Cleaning up the lab on workstation:
· Cloning the inventory-review repository..................... SUCCESS
· Retrieving cleanup playbook................................. SUCCESS
· Executing cleanup playbook.................................. SUCCESS
· Removing temporary repository clone......................... SUCCESS
