黑客利用數百萬路由器的新身份驗證繞過漏洞
阿新 • • 發佈:2021-08-11
Ansible流程控制
目錄playbook的條件語句
不管是shell還是各大程式語言中,流程控制,條件判斷這些都是必不可少的,在我們使用Ansible的過程中,條件判
斷的使用頻率極其高。 例如: 1.我們使用不同的系統的時候,可以通過判斷系統來對軟體包進行安裝。 2.在nfs和
rsync安裝過程中,客戶端伺服器不需要推送配置檔案,之前我們都是寫多個play,會影響效率。 3.我們在原始碼安裝
nginx的時候,執行第二遍就無法執行了,此時我們就可以進行判斷是否安裝過。
官方寫法
- hosts: web_group
tasks:
- name: remove wget
yum:
name: wget
state: present
#when: ansible_hostname == 'web01'
when: ansible_facts['hostname'] == 'web01'
判斷分組
tasks: - name: "shut down CentOS 6 and Debian 7 systems" command: /sbin/shutdown -t now when: (ansible_distribution == "CentOS" and ansible_distribution_major_version == "6") or (ansible_distribution == "Debian" and ansible_distribution_major_version == "7")
判斷多條件用列表
tasks:
- name: "shut down CentOS 6 systems"
command: /sbin/shutdown -t now
when:
- ansible_distribution == "CentOS"
- ansible_distribution_major_version == "6"
判斷條件運算
ansible_python['version']['major']|int >=1 tasks: - shell: echo "only on Red Hat 6, derivatives, and later" when: ansible_facts['os_family'] == "RedHat" and ansible_facts['lsb']['major_release']|int >= 6
模糊匹配
- hosts: all
tasks:
- name: Install Nginx
yum:
name: nginx
state: present
when: ansible_hostname is match 'web*'
條件語句判斷實戰:rsync
# 1.傳送公鑰
vim ssh_key.sh
#!/bin/bash
. /etc/init.d/functions
ip='5 6 7 8 9 31 41 51 61'
passwd=1
for n in $ip;do
ping -c 1 172.16.1.$n &>/dev/null
if [ $? -eq 0 ];then
sshpass -p $passwd ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.$n &>/dev/null
if [ $? -eq 0 ];then
action "172.16.1.$n ssh-key" /bin/true
else
action "172.16.1.$n ssh-key" /bin/false
fi
fi
done
# 2.先決條件
rsync配置檔案
vim /etc/rsync.passwd
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
# 3.編輯rsync playbook
[root@m01 rsync]# cat rsync.yml
- hosts: all
tasks:
- name: Install Rsync Server
yum:
name: rsync
when: ansible_hostname == 'nfs' or ansible_hostname == 'backup'
- name: Configure Rsync Conf
copy:
src: /root/rsync/rsyncd.conf
dest: /etc/rsyncd.conf
when: ansible_hostname == 'backup'
- name: Create Rsync Passwd File
copy:
content: rsync_backup:123
dest: /etc/rsync.passwd
mode: 0600
when: ansible_hostname == 'backup'
- name: Create backup dir
file:
path: /backup
state: directory
when: ansible_hostname == 'backup'
- name: Start Rsync Server
service:
name: rsyncd
state: started
enabled: yes
when: ansible_hostname == 'backup'
- name: Create nfs Passwd File
copy:
content: '123'
dest: /etc/rsync.passwd
mode: 0600
when: ansible_hostname == 'nfs'
playbook迴圈語句
在之前的學習過程中,我們經常會有傳送檔案,建立目錄之類的操作,建立2個目錄就要寫兩個file模組來建立,如果
要建立100個目錄,我們需要寫100個file模組???媽耶~~ 當然不是,只要有迴圈即可,減少重複性程式碼。
迴圈語法
[root@m01 ~]# cat test_items.yml
- hosts: all
tasks:
- name: Start ge zhong fuwu
service:
name: "{{ item }}"
state: stopped
when: ansible_hostname is match 'web*'
with_items:
- nginx
- php-fpm
- name: Start nfs
service:
name: "{{ item }}"
state: stopped
when: ansible_hostname == 'nfs'
with_items:
- rsyncd
- nfs-server
字典迴圈
pkg:httpd
key:value
{key:value,key:value}
1.建立使用者
[root@m01 ~]# cat test_items.yml
- hosts: all
tasks:
- name: Create Group
group:
name: "{{ item }}"
with_items:
- linux
- av
- name: Create User
user:
name: "{{ item.name }}"
group: "{{ item.group }}"
with_items:
- {name: "zls",group: "linux"}
- {name: "cls",group: "av"}
2.推送配置檔案
- name: Push All Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- {src: "/root/ansible/nginx.conf",dest: "/etc/nginx/nginx.conf"}
- {src: "/root/ansible/blog.drz.com.conf",dest: "/etc/nginx/conf.d/blog.drz.com.conf"}
- {src: "/root/ansible/www.conf",dest: "/etc/php-fpm.d/www.conf"}
playbook handlers(觸發器)
handler用來執行某些條件下的任務,比如當配置檔案發生變化的時候,通過notify觸發handler去重啟服務。
在saltstack中也有類似的觸發器,寫法相對Ansible簡單,只需要watch,配置檔案即可。
handlers:
- name: Restart Rsync
service:
name: rsyncd
state: restarted
[root@m01 rsync]# cat rsync.yml
- hosts: all
tasks:
- name: Install Rsync Server
yum:
name: rsync
when: ansible_hostname == 'nfs' or ansible_hostname == 'backup'
- name: Configure Rsync Conf
copy:
src: /root/rsync/rsyncd.conf
dest: /etc/rsyncd.conf
when: ansible_hostname == 'backup'
notify:
- Restart PHP
- Restart Nginx
- name: Create Rsync Passwd File
copy:
content: rsync_backup:123
dest: /etc/rsync.passwd
mode: 0600
when: ansible_hostname == 'backup'
- name: Create backup dir
file:
path: /backup
state: directory
when: ansible_hostname == 'backup'
- name: Start Rsync Server
service:
name: rsyncd
state: started
enabled: yes
when: ansible_hostname == 'backup'
- name: Create nfs Passwd File
copy:
content: '123'
dest: /etc/rsync.passwd
mode: 0600
when: ansible_hostname == 'nfs'
handlers:
- name: Restart Rsync
service:
name: rsyncd
state: restarted
- name: Rstart NFS
service:
name: nfs-server
state: restarted
- name: Rstart Nginx
service:
name: nginx
state: restarted
- name: Rstart PHP
service:
name: php-fpm
state: restarted
注意:
1.無論多少個task通知了相同的handlers,handlers僅會在所有tasks結束後執行一次。
2.Handlers只有在其所在的任務被執行時,才會被執行;如果一個任務中定義了notify呼叫Handlers,但是由於條件判斷等原因,該任務未被執行,那麼Handlers同樣不會被執行。
3.Handlers只會在每一個play的末尾執行一次;如果想在一個playbook中間執行Handlers,則需要使用meta模組來實現。例如: -meta: flush_handlers。
4.如果一個play在執行到呼叫Handlers的語句之前失敗了,那麼這個Handlers將不會被執行。我們可以使用meta模組的--force-handlers選項來強制執行Handlers,即使Handlers所在的play中途執行失敗也能執行。
5.不能使用handlers替代tasks
playbook tags (任務標籤)
打標籤的方式
1.對一個task打一個標籤
2.對一個task打多個標籤
3.對多個task打一個標籤
打標籤語法
- name: Push All Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- {src: "/root/ansible/nginx.conf",dest: "/etc/nginx/nginx.conf"}
- {src: "/root/ansible/blog.drz.com.conf",dest: "/etc/nginx/conf.d/blog.drz.com.conf"}
tags:
- manager_nginx_server
notify: Restart nginx
when: ansible_hostname is match 'web*'
handlers:
- name: Restart nginx
service:
name: nginx
state: reloaded
執行
-t:執行指定的標籤
--skip-tags:跳過指定標籤
playbook include(劇本複用)
[root@m01 ansible_project]# cat task.yml
- hosts: all
tasks:
- include_tasks: rsync/install_rsync.yml
- include_tasks: rsync/config_rsync.yml
- include_tasks: rsync/start_rsync.yml
handlers:
- name: Restart Rsync
service:
name: rsyncd
state: restarted
[root@m01 ansible_project]# tree /ansible_project/
/ansible_project/
├── group_vars
├── host_vars
│ ├── backup
│ └── nfs
├── mariadb
├── nfs
├── nginx
├── php
├── rsync
│ ├── config_rsync.yml
│ ├── install_rsync.yml
│ ├── rsyncd.conf
│ └── start_rsync.yml
├── sersync
└── task.yml
[root@m01 ansible_project]# cat rsync/install_rsync.yml
- name: Install rsync
yum:
name: "{{ pkg }}"
state: absent
when: ansible_hostname == 'nfs' or ansible_hostname == 'backup'
[root@m01 ansible_project]# cat rsync/config_rsync.yml
- name: Configure Rsync Server
copy:
src: ./rsyncd.conf
dest: /etc/rsyncd.conf
notify: Restart Rsync
when: ansible_hostname == 'backup'
[root@m01 ansible_project]# cat rsync/start_rsync.yml
- name: Start Rsync
service:
name: rsyncd
state: started
enabled: yes
when: ansible_hostname == 'backup'
忽略錯誤(ignore_errors)
- hosts: web_group
gather_facts: no
tasks:
- name: panduan php
shell: 'rpm -qa|grep php'
register: panduan_php
ignore_errors: yes
- name: Install php
shell: 'rpm -Uvh /tmp/*.rpm'
when: panduan_php.rc != 0
抑制changed
將劇本執行過程中未改變但是還會執行的task結果由黃色強行改為綠色
vim nginx.yml
- hosts: web_group
gather_facts: no
tasks:
- name: check nginx
shell: '/sbin/nginx -t'
register: check_nginx
changed_when:
- check_nginx.stderr_lines.0.find('ok')
- false
本文來自部落格園,作者:遠方還很遠,轉載請註明原文連結:https://www.cnblogs.com/moqiqingyu/p/15149523.html