linux系统ansible的jiaja2的语法和简单剧本编写
jianja2语法和简单剧本
-
- jinja2语法
-
- Jinja default()设定
- if语句
- for语句
- ansiblejiaja2的使用
-
- ansible目录结构:
- tasks目录下文件内容:
- nginx模板文件
- ansible变量文件
- ansible主playbook文件
- 测试并执行:
- 查看检测执行结果
- 剧本编写
-
- 安装apache
- 安装mysql
jinja2语法
Jinja default()设定
default()默认值的设定有助于程序的健壮性和简洁性。Jinja也支持该功能,生成Mysql配置文件中的端口定义,如果指定则PORT=3136,否则PORT=3306,改造为使用default()
bind_address=ip:{{ PORT | default(3306) }}
if语句
if判断语句的语法结构,如下:
{% if条件一 %}
{% elif 条件二%}
{% elif 条件N %}
{% endif %}
{% if age > 30 %}
1
{% elif age < 18 %}
2
{% else %}
3
{% endif %}
for语句
for循环的基本语法如下:
{%for 迭代变量in 可迭代对象%}
{{迭代变量}}
{%endfor%}
{% for i in range(10) %}
{{ i }}
{% endfor %}
ansiblejiaja2的使用
说明:ansible使用jiaja2生成nginx一个模板多种不同配置
ansible目录结构:
# cd roles/nginx_conf/
#tree
.
├── files
├── meta
│ └── main.yml
├── tasks
│ ├── file.yml
│ └── main.yml
├── templates
│ └── nginx.conf.j2
└── vars
└── main.yml
tasks目录下文件内容:
#cat tasks/file.yml
- name: nginx.j2 template transfer example
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf.template
#cat tasks/main.yml
- include: file.yml
nginx模板文件
#cat templates/nginx.conf.j2
{% if nginx_use_proxy %}
{% for proxy in nginx_proxies %}
upstream {{ proxy.name }}
#server 127.0.0.1:{{ proxy.port }};
server {{ ansible_eth0.ipv4.address }}:{{ proxy.port }};
}
{% endfor %}
{% endif%}
server {
listen 80;
servername {{ nginx_server_name }};
access_log off;
error_log /etc/nginx/nginx_error.log;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl;
server_name {{ nginx_server_name }};
ssl_certificate /etc/nginx/ssl/{{ nginx_ssl_cert_name }};
ssl_certificate_key /etc/nginx/ssl/{{ nginx_ssl_cert_key }};
root {{ nginx_web_root }};
index index.html index.html;
{% if nginx_use_auth %}
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/{{ project_name }}.htpasswd;
{% endif %}
{% if nginx_use_proxy %}
{% for proxy in nginx_proxies %}
location {{ proxy.location }} {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_pass http://{{ proxy.name }};
break;
}
{% endfor %}
{% endif %}
{% if nginx_server_static %}
location / {
try_files $url $url/ =404;
}
{% endif %}
}
ansible变量文件
cat vars/main.yml
nginx_server_name: www.testnginx.com
nginx_web_root: /data/html/
nginx_proxies:
- name: suspicious
location: /
port: 1234
- name: suspicious-api
location: /api
port: 4567
ansible主playbook文件
#cat nginx_test.yml
##The first roles
- name: Nginx Proxy Server's Config Dynamic Create
hosts: "10.0.90.25:10.0.90.26"
remote_user: root
vars:
nginx_use_proxy: true
nginx_ssl_cert_name: ifa.crt
nginx_ssl_cert_key: ifa.key
nginx_use_auth: true
project_name: suspicious
nginx_server_static: true
gather_facts: true
roles:
- role: nginx_conf
##The second roles
- name: Nginx WebServer's Config Dynamic Create
hosts: 10.0.90.27
remote_user: root
vars:
nginx_use_proxy: false
nginx_ssl_cert_name: ifa.crt
nginx_ssl_cert_key: ifa.crt
nginx_use_auth: false
project_name: suspicious
nginx_server_static: false
gather_facts: false
roles:
- role: nginx_conf
测试并执行:
#ansible-playbook nginx_test.yml --syntax-check
playbook: nginx_test.yml
执行:
# ansible-playbook nginx_test.yml
查看检测执行结果
到Nginx Proxy 服务器查看配置文件
#cat nginx.conf.template
upstream suspicious
#server 127.0.0.1:1234;
server 10.0.90.26:1234;
}
upstream suspicious-api
#server 127.0.0.1:4567;
server 10.0.90.26:4567;
}
server {
listen 80;
servername www.testnginx.com;
access_log off;
error_log /etc/nginx/nginx_error.log;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl;
server_name www.testnginx.com;
ssl_certificate /etc/nginx/ssl/ifa.crt;
ssl_certificate_key /etc/nginx/ssl/ifa.key;
root /data/html/;
index index.html index.html;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/suspicious.htpasswd;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_pass http://suspicious;
break;
}
location /api {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Url-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_pass http://suspicious-api;
break;
}
location / {
try_files $url $url/ =404;
}
}
到Nginx Web 服务器上查看配置文件
#cat nginx.conf.template
server {
listen 80;
servername www.testnginx.com;
access_log off;
error_log /etc/nginx/nginx_error.log;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443 ssl;
server_name www.testnginx.com;
ssl_certificate /etc/nginx/ssl/ifa.crt;
ssl_certificate_key /etc/nginx/ssl/ifa.crt;
root /data/html/;
index index.html index.html;
}
剧本编写
安装apache
---
- hosts: web
tasks:
- name: 清理环境
yum: name=httpd state=absent
- name: 安装apache
yum: name=httpd state=present
- name: cpoy apache.conf
copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf backup=yes
tags: apache.conf #标签
notify: restart apache #httpd.conf发生改变时,通知给相应的handlers
- name: 启动httpd
service: name=httpd state=started enabled=yes
handlers: #触发器
- name: restart apache #与notify值相同
service: name=httpd state=restarted #发生更改执行的语句
安装mysql
---
- hosts: ip
remote_user: root
tasks:
- name: 安装mysql源
shell: rpm -Uvh https://dev.mysql.com/get/mysql80-community-release-el7-11.noarch.rpm
- name: 安装mysql
yum: name=mysql-server disablerepo=mysql80-community enablerepo=mysql57-community state=present