一.循环
循环迭代任务
(一).简单循环
loop: 赋值列表
- value1
- value2
- ...
{{item}} 迭代变量名称
vim test1.yml
---
- name: useradd
hosts: list1
tasks:
- name: command
user:
name: "{{item}}"
state: present
loop:
- user1
- user2
(二).循环散列或字典列表
vim test2.yml
---
- name: create file
hosts: list1
tasks:
- name: file module
file:
path: "{{item.name}}"
state: "{{item.type}}"
loop:
- name: /mnt/file1
type: touch
- name: /mnt/dir
type: directory
练习:在系统中完成以下用户操作
1.建立用户组shengchan,caiwu,jishu并满足以下要
shengchan组id为8000
caiwu组id为8001
jishu组id为8002
2.建立westosuser,linux,lee,westosadmin等用户完成以下要求
westosuser用户的附加组为shengchan和jishu
lee的主组为caiwu附加组为技术,lee的uid和gid必须一致
linux为系统账号不能直接被操作者使用
westosamdin用户不属于以上三个部门,但是可以在系统中*的管理用户
3. 以上用户密码均为westos,并要求用户首次登陆时强制修改密码
设定以上用户密码必须在30天内进行休改,并在过期前2天发出警告求
使用playbook完成
---
- name: create user
hosts: list1
tasks:
- name: create groups
group:
name: "{{item.group}}"
gid: "{{item.gid}}"
loop:
- group: shengchan
gid: 8000
- group: caiwu
gid: 8001
- group: jishu
gid: 8002
- group: westosadmin
gid: 8003
- group: westosuser
gid: 8004
- group: linux
gid: 8005
- name: create users
user:
name: "{{item.username}}"
uid: "{{item.uid}}"
group: "{{item.group}}"
groups: "{{item.groups}}"
shell: "{{item.shell}}"
password: $6$h8M9MoZhKnkxkHem$4i7pKt7RuXKtcGix1vTdgyl2W.k2Wz1U06mIiN4GJxej2i7B70AvbbUZgeaPPSxWpD4b92f89DNkUaLpkSlpg.
loop:
- username: westosuser
uid: 8004
group: westosuser
groups: "shengchan, jishu"
shell: /bin/bash
- username: lee
uid: 8001
group: caiwu
groups: jishu
shell: /bin/bash
- username: linux
uid: 8005
group: linux
groups: linux
shell: /sbin/nologin
- username: westosadmin
uid: 8003
group: westosadmin
groups: westosadmin
shell: /bin/bash
- name: config westosadmin
lineinfile:
path: /etc/sudoers
insertafter: "^root"
line: "westosadmin {{ansible_facts['fqdn']}}=(root) NOPASSWD: /sbin/useradd, /sbin/del, /sbin/usermod"
- name: config password messages
shell:
chage -d 0 -M 30 -W 2 "{{item}}"
loop:
- westosuser
- lee
- westosadmin
二.条件
when:
- 条件1
- 条件2
(一)条件判断
| 参数 | 例子 |
|---|---|
| = | value == “字符串”,value == 数字 |
| < | value < 数字 |
| > | value > 数字 |
| <= | value <= 数字 |
| >= | value >= 数字 |
| != | value != 数字 |
| is defined value | value is defined,变量存在 |
| is not defined | value is not defined,变量不存在 |
| bool变量为true | value,value的值为true |
| bool变量false | not value,value的值为false |
| value in value2,value的值在value2列表中 |
vim test1.yml
---
- name: test when
hosts: all
tasks:
- name: test
debug:
msg: "hello world"
when: inventory_hostname == "172.25.254.10"
#也可以
when: ansible_facts['fqdn'] in "node1.westos.org"
练习
建立playbook,~/ansible/lvm.yml,要求:
如果westos不存在,请输出"vg westos is not exist"
存在,并建立800M的lvm
vim ~/ansible/lvm.yml
---
- name: create lvm
hosts: all
tasks:
- name: create
lvol:
vg: westos
lv: test
size: 800m
when: ansible_lvm['vgs']['westos'] is defined
- name: not exist
debug:
msg: "vg westos is not exist!"
when: ansible_lvm['vgs']['westos'] is not defined
(二)多个条件组合
when:##1
条件1 and 条件2
- 条件1
- 条件2
when: ##2
条件1 or 条件2
when: > ##3
条件1
or
条件2
三.触发器
notify: 触发器当遇到更改是触发handlers
handlers: 触发器触发后执行的动作
vim test5.yml
---
- name: set port of apache
hosts: list1
tasks:
- name: install httpd
dnf:
name: httpd
state: latest
- name: config httpd.conf
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^Listen'
line: "Listen {{port}}"
notify: restart apache ##触发器,遇到更改,才能触发handlers
handlers: ##名字必须和notify保持一致
- name: restart apache
service:
name: httpd
state: restarted
练习
搭建vsftpd服务,实现匿名用户上传.下载功能
安装包的解开
dnf install yum-utils.noarch -y ##下载工具的安装
yumdownloader vsftpd ##下载安装包
rpm2cpio vsftpd-3.0.3-31.el8.x86_64.rpm | cpio -id ##解开安装包
vim vsftpd.yml
---
- name: anon login vsftp
hosts: list1
tasks:
- name: install vsftpd
dnf:
name: vsftpd
state: present
- name: config vsftpd.conf
template: ##使用j2模板
src: ~/ansible/vsftpd.conf.j2
dest: /etc/vsftpd/vsftpd.conf
notify: restart vsftpd ##触发器
- name: config ftpdir ##默认发布目录权限和安全上下文的更改
file:
path: /var/ftp/pub
group: ftp
mode: 0775
setype: "public_content_rw_t"
- name: set sebool
seboolean:
name: ftpd_anon_write
state: yes
persistent: yes
handlers: ##触发后执行的动作
- name: restart vsftpd
service:
name: vsftpd
state: restarted
enabled: yes
通过解开的安装包找到vsftpd.conf,制作j2模板
vim vsftpd.conf.j2
四.处理失败任务
(一).ignore_errors
作用:
当play遇到任务失败是会终止
ignore_errors: yes 将会忽略任务失败使下面的任务继续运行
vim test3.yml
---
- name: checkfile
hosts: list1
tasks:
- name: check
shell: test -e /mnt/file
ignore_errors: yes
- debug:
msg: "file is not exist"
练习
划分磁盘/dev/vdb1 100M 并开机自动挂载到/mnt
vim check.yml
---
- name: checkfile
hosts: all
tasks:
- name: check /dev/vdb1 ##检测/dev/vdb1是否存在
shell: test -e /dev/vdb1
register: check_out_vdb1 ##注册变量
ignore_errors: yes ##任务失败,继续执行下一个
- name: create /dev/vdb1 ##当/dev/vdb存在,/dev/vdb1不存在时,创建
parted:
device: /dev/vdb
number: 1
state: present
part_end: 100MiB
when: check_out_vdb1.rc != 0 and ansible_facts['devices']['vdb'] is defined
- name: Create a xfs filesystem on /dev/vdb1 ##格式化磁盘
filesystem:
fstype: xfs
dev: /dev/vdb1
ignore_errors: yes ##任务失败,继续执行下一个
- name: Mount DVD read-only ##挂载
mount:
path: /mnt
src: /dev/vdb1
fstype: xfs
state: mounted
fstab: /etc/fstab
ignore_errors: yes ##任务失败,继续执行下一个
- debug: ##输出/dev/vdb1存在
msg: "/dev/vdb1 is exist"
when: check_out_vdb1.rc == 0
- debug: ##输出/dev/vdb不存在
msg: "/dev/vdb is not exist"
when: ansible_facts['devices']['vdb'] is not defined
(二).force_handlers
作用:
当任务失败后play被终止也会调用触发器进程
(三).changed_when
作用:
控制任务在何时报告它已进行更改
(四).failed_when
当符合条件时强制任务失败
vim test6.yml
---
- name:
hosts: list1
tasks:
- name: check vsftpd
shell: rpm -q vsftpd
register: vsftpd_status ##将结果注册变量
failed_when: "'0' in vsftpd_status.rc" ##已安装时强制任务失败
- name: install vsftpd
dnf:
name: vsftpd
state: present
(五).block
block: 定义要运行的任务
rescue: 定义当block句子中出现失败任务后运行的任务
always: 定义最终独立运行的任务
---
- name: test block
hosts: list1
tasks:
- block: ##定义要运行的任务
- name: check file
shell: test -e /mnt/test1
rescue: ##定义当block句子中出现失败任务后运行的任务
- name: touch test1
file:
path: /mnt/test1
state: touch
always: ##定义最终独立运行的任务
- name: show messages
debug:
msg: "test test test"
测试练习
建立playbook ~/westos.yml要求如下:
建立大小为1500M名为/dev/vdb1的设备
如果/dev/vdb不存在请输出:
/dev/vdb is not exist
如果/dev/vdb大小不足2G请输出:
/dev/vdb is less then 2G
并建立800M大小的/dev/vdb1
此设备挂载到/westos
vim westos.yml
---
- name: create
hosts: all
tasks:
- block:
- parted:
device: /dev/vdb
number: 1
state: present
part_end: 2GiB
register: check_vdb ##建立2G大小是否成功,成功继续执行;失败则执行rescue
- parted:
device: /dev/vdb
number: 1
state: absent
- parted:
device: /dev/vdb
number: 1
state: present
part_end: 1500MiB
when: ansible_devices['vdb'] is defined
rescue:
- debug:
msg: "/dev/vdb is less then 2G"
when: check_vdb.rc != 0
- parted:
device: /dev/vdb
number: 1
state: present
part_end: 800MiB
always:
- name: Create a xfs filesystem on /dev/vdb1
filesystem:
fstype: xfs
dev: /dev/vdb1
- file:
path: /westos
state: directory
- name: Mount /dev/vdb1
mount:
path: /westos
src: /dev/vdb1
fstype: xfs
state: mounted
- name:
debug:
msg: "/dev/vdb is not exist!!"
when: ansible_devices['vdb'] is not defined