有时,我们写了一个长长,功能很强悍的yaml文件,但是,我们有可能会担心,写的yaml文件是否正确,是否有漏洞危机,毕竟是要修改线上的机器,那么,有可能我们可以从以下几个检查维度来进行,确保在大规模应用之前已经被充分检查。
检查三步骤:
第一步:
加上--syntax-check来检查你的playbook语法是否正确:
[root@localhost playbook]# ansible-playbook -v --syntax-check template.yml
Using /etc/ansible/ansible.cfg as config file
playbook: template.yml
第二步:加上--check,--diff和-i "xx.xx.xx.xx,"在单台机器跑一遍看看预期输出
[root@localhost playbook]# ansible-playbook -v --diff --check template.yml
第三步:加上去掉--check,只跑测试机(或一台不重要的机器)上试一下,看下结果是否符合预期。
另外,有时我们写的yaml文件中包含了一此变量,我们担心变量替换后是否会有一些值不适合,该如何看变量替换成真实值后yaml文件的真实情况呢?我们可以借助template模块来进行:
[root@localhost playbook]# cat template.yml
---
- hosts: all
remote_user: root
gather_facts: no
vars:
cmd: echo 'hello world'
tasks:
- name: final yaml
template: src=/etc/ansible/playbook/template.yml dest=/tmp/template.yml backup=yes
run_once: true
delegate_to: 127.0.0.1
tags:
- g_yaml
- name: exec shell
shell: "{{ cmd }}"
run_once表示此模块只跑一次,delegate_to表示转到在本机运行,然后给这个任务打个tag,叫g_yaml,运行时命令如下:
[root@localhost playbook]# ansible-playbook -v -i "127.0.0.1," --tag g_yaml template.yml
Using /etc/ansible/ansible.cfg as config file
PLAY [all] ********************************************************************************
TASK [final yaml] *************************************************************************
ok: [127.0.0.1 -> 127.0.0.1] => {"changed": false, "checksum": "db12f54ebb55be35a1731ff9a5a20233afb3b84f", "gid": 0, "group": "root", "mode": "0644", "owner": "root", "path": "/tmp/template.yml", "size": 352, "state": "file", "uid": 0}
PLAY RECAP ********************************************************************************
127.0.0.1 : ok=1 changed=0 unreachable=0 failed=0
注意加上只运行某个tag,这样就能确保只有这个任务被执行,而其它任务不会被执行。由于这里已经有run_once: true,所以加不加上-i "127.0.0.1," 关系不大。
再在本机查看煊染后的输出:
[root@localhost playbook]# cat /tmp/template.yml
---
- hosts: all
remote_user: root
gather_facts: no
vars:
cmd: echo 'hello world'
tasks:
- name: final yaml
template: src=/etc/ansible/playbook/template.yml dest=/tmp/template.yml backup=yes
run_once: true
delegate_to: 127.0.0.1
tags:
- g_yaml
- name: exec shell
shell: "echo 'hello world'"
这就是我们真正执行时的内容。当然,如果有些变量是引用远程主机的值,如ip等,那就把这个delegate_to去掉,把-i里面的ip替换成远程主机ip,就可以了,如下:
ansible-playbook -v -i "xx.xx.xx.xx," --tag g_yaml template.yml
ansible中还有一个debugger,当出错时用来详细观察输出调试信息,使用方法为,加上strategy: debug:
[root@localhost playbook]# cat debugger.yml
---
- hosts: all
strategy: debug
gather_facts: no
vars:
var1: value1
tasks:
- name: ping
ping: data={{ wrong_var }}
执行如下:
[root@localhost playbook]# ansible-playbook -i "192.168.40.72," debugger.yml PLAY [all] ******************************************************************************** TASK [ping] ******************************************************************************* fatal: [192.168.40.72]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'wrong_var' is undefined The error appears to have been in '/etc/ansible/playbook/debugger.yml': line 8, column 7, but may be elsewhere in the file depending on the exact syntax problem. The offending line appears to be: tasks: - name: ping ^ here exception type: <class 'ansible.errors.AnsibleUndefinedVariable'> exception: 'wrong_var' is undefined"} Debugger invoked (debug) p result {'failed': True, 'msg': u"The task includes an option with an undefined variable. The error was: 'wrong_var' is undefined The error appears to have been in '/etc/ansible/playbook/debugger.yml': line 8, column 7, but may be elsewhere in the file depending on the exact syntax problem. The offending line appears to be: tasks: - name: ping ^ here exception type: <class 'ansible.errors.AnsibleUndefinedVariable'> exception: 'wrong_var' is undefined"} (debug) p task.args {u'data': u'{{ wrong_var }}'} (debug) task.args['data'] = '{{ var1 }}' (debug) p task.args {u'data': '{{ var1 }}'} (debug) redo ok: [192.168.40.72] PLAY RECAP ******************************************************************************** 192.168.40.72 : ok=1 changed=0 unreachable=0 failed=0
调试模式下支持如下的命令:
1. p task/vars/host/result 打印值
2. task.args[key] = value 修改task中的参数值
3. vars[key] = value 修改变量值
4. r(edo) 重跑这个失败的任务
5. c(ontinue) 继续任务
6. q(uit) 退出调试,整个执行过程也会终止
关于第二和第三点,一个是修改参数值,一个是修改变量值,这里补充再做个说明:
- hosts: test strategy: debug gather_facts: yes vars: pkg_name: not_exist tasks: - name: install package apt: name={{ pkg_name }} 执行后的输出 (debug) p task.args {u'name': u'{{ pkg_name }}'} (debug) task.args['name'] = 'bash' (debug) p task.args {u'name': 'bash'} (debug) redo 这里面name为任务中的参数值 或者: (debug) p vars['pkg_name'] u'not_exist' (debug) vars['pkg_name'] = 'bash' (debug) p vars['pkg_name'] 'bash' (debug) redo 这里面pkg_name为playbook中的变量值
如上信息应该可以帮你写出一个更好的playbook。