Playbook高级用法一、本地执行Local Action应用场景当控制节点非目标主机需要执行特定操作时使用如生成报告、处理临时文件等。OpenEuler实现方式- name: 在控制节点生成主机清单报告 hosts: all tasks: - name: 收集主机信息 setup: filter: ansible_* register: host_facts - name: 本地生成JSON报告 local_action: module: copy content: {{ host_facts | to_nice_json }} dest: /tmp/{{ inventory_hostname }}_report.json关键参数解析local_action声明本地执行模块delegate_to: localhost显式委托到控制节点可省略run_once: true防止在多个节点重复执行典型错误案例# 错误未使用local_action导致在远程节点执行 - name: 错误示例 copy: content: {{ host_facts }} dest: /tmp/report.json # 将在远程节点创建二、任务委托Delegate_to跨主机协作场景主备服务器切换时的VIP转移集中式日志服务器收集数据OpenEuler HA集群配置示例- name: 高可用集群维护 hosts: db_servers tasks: - name: 停止主数据库 systemd: name: mysqld state: stopped delegate_to: {{ primary_db }} run_once: true - name: 提升备节点为主 command: /usr/local/bin/promote_to_primary.sh delegate_to: {{ standby_db }}委托链进阶用法- name: 三级委托任务链 command: /opt/scripts/phase1.sh delegate_to: node1 - name: 第二阶段任务 command: /opt/scripts/phase2.sh delegate_to: node2 when: ansible_delegated_vars[ansible_host] node1三、任务暂停Pause人工干预场景滚动更新前的确认高危操作二次验证带超时的交互确认- name: 数据库迁移确认 pause: prompt: 确认迁移生产数据库(y/n) seconds: 300 # 5分钟超时 register: migration_confirm - name: 执行迁移 shell: /opt/db_migrate.sh when: migration_confirm.user_input|lower y自动化续接机制- name: 等待集群就绪 pause: minutes: 10 echo: false # 隐藏倒计时显示 - name: 验证集群状态 uri: url: http://{{ item }}:9200/_cluster/health return_content: yes loop: {{ es_servers }}四、滚动执行Rolling UpdateOpenEuler零宕期更新策略# inventory分组 [web_servers] web01 ansible_host192.168.1.101 web02 ansible_host192.168.1.102 web03 ansible_host192.168.1.103 # playbook配置 - name: 滚动更新Web服务 hosts: web_servers serial: 1 # 每次更新1台 order: sorted # 按主机名顺序执行 tasks: - name: 下线节点 haproxy: state: disabled host: {{ inventory_hostname }} backend: web_farm - name: 更新应用包 yum: name: webapp-* state: latest - name: 重启服务 systemd: name: webapp state: restarted - name: 上线节点 haproxy: state: enabled host: {{ inventory_hostname }} backend: web_farm动态批次控制serial: {{ batch_size }} # 通过--extra-vars传入批次数量五、只执行一次Run_once全局初始化场景- name: 创建集群共享目录 file: path: /mnt/cluster_shared state: directory mode: 0775 run_once: true - name: 分发集群配置文件 template: src: cluster.conf.j2 dest: /etc/cluster.conf run_once: true delegate_to: {{ primary_node }}与委托结合使用- name: 生成集群密钥 openssl_privatekey: path: /etc/cluster.key run_once: true delegate_to: localhost # 在控制端生成 - name: 分发密钥 copy: src: /etc/cluster.key dest: /etc/cluster.key mode: 0600六、设置环境变量OpenEuler系统级配置- name: 配置JAVA环境 block: - name: 设置全局环境变量 copy: content: | export JAVA_HOME/opt/jdk11 export PATH$JAVA_HOME/bin:$PATH dest: /etc/profile.d/java.sh - name: 应用配置 shell: source /etc/profile args: executable: /bin/bash进程级环境变量- name: 启动带环境变量的服务 systemd: name: app_service state: started environment: DB_HOST: {{ db_host }} APP_DEBUG: false临时环境设置- name: 编译安装软件 shell: make install environment: CC: /usr/bin/clang CXX: /usr/bin/clang CFLAGS: -O3 -marchnative七、交互式提示Vars_prompt密码安全处理vars_prompt: - name: db_password prompt: 请输入数据库密码 private: yes encrypt: sha512_crypt # OpenEuler支持的加密方式 confirm: yes # 二次确认输入 tasks: - name: 配置数据库密码 template: src: db_config.j2 dest: /etc/db.conf条件化交互vars_prompt: - name: backup_confirm prompt: 是否执行全量备份(y/n) private: no tasks: - name: 执行备份 command: /opt/full_backup.sh when: backup_confirm y综合实战案例OpenEuler集群升级--- - name: OpenEuler集群滚动升级 hosts: oel_cluster serial: {{ upgrade_batch | default(2) }} vars_prompt: - name: upgrade_confirm prompt: 确认开始集群升级(y/n) private: no tasks: - name: 中止任务未确认时 fail: msg: 用户取消升级操作 when: upgrade_confirm ! y - name: 委托到控制端生成升级计划 local_action: module: template src: upgrade_plan.j2 dest: /tmp/{{ inventory_hostname }}_plan.yaml run_once: true - name: 暂停确认每批次 pause: prompt: 确认升级批次 {{ ansible_batch_index }} seconds: 60 - name: 执行升级 yum: name: * state: latest environment: http_proxy: http://proxy:3128 - name: 委托到监控节点记录状态 command: /opt/log_upgrade.sh {{ inventory_hostname }} delegate_to: monitoring_server - name: 滚动重启 systemd: name: {{ item }} state: restarted loop: - docker - kubelet - sshd注意事项OpenEuler专属SELinux影响- name: 临时禁用SELinux selinux: state: permissive when: ansible_distribution openEulerA-Tune优化- name: 应用性能优化配置 copy: src: atune_profiles/webapp_profile.json dest: /etc/atuned/profiles/iSula容器支持- name: 重启iSula容器 isula: name: {{ container_name }} state: restarted