日常工作中引入ansible过程中学习到的最佳实践总结,包含部分实践建议。

The Ansible Way

  • Complexity kills productivity
  • Optimize your Ansible content for readability
  • Think declaratively(Ansible is a desired state engine by design.声明式的状态机)
  • Ansible is like the Swiss Army Knife of DevOps

内容组织:

目录结构
  • 推荐目录结构 - 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
production                # inventory file for production servers
staging                   # inventory file for staging environment
group_vars/
   group1                 # here we assign variables to particular groups
   group2                 # ""
host_vars/
   hostname1              # if systems need specific variables, put them here
   hostname2              # ""
library/                  # if any custom modules, put them here (optional)
filter_plugins/           # if any custom filter plugins, put them here (optional)
site.yml                  # master playbook
webservers.yml            # playbook for webserver tier
dbservers.yml             # playbook for dbserver tier
roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files if warranted
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- variables associated with this role
        defaults/         #
            main.yml      #  <-- default lower priority variables for this role
        meta/             #
            main.yml      #  <-- role dependencies
        library/          # roles can also include custom modules
        lookup_plugins/   # or other types of plugins, like lookup in this case
    webtier/              # same kind of structure as "common" was above, done for the webtier role
    monitoring/           # ""
    fooapp/               # ""
  • 推荐目录结构 - 2
    • 适合多环境,环境之间变量少公用,上面那个其实也适合多环境呀,下面这个实在太难维护了….新增环境的时候在目录间要跳来跳去有点麻烦…???但是用上面这种的话,多环境的情况下…hostname你都要加上环境进行区分…妈蛋…
    • 文件数较多,难维护
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
inventories/
   production/
      hosts               # inventory file for production servers
      group_vars/
         group1           # here we assign variables to particular groups
         group2           # ""
      host_vars/``
         hostname1        # if systems need specific variables, put them here
         hostname2        # ""
   staging/
      hosts               # inventory file for staging environment
      group_vars/
         group1           # here we assign variables to particular groups
         group2           # ""
      host_vars/
         stagehost1       # if systems need specific variables, put them here
         stagehost2       # ""
library/
filter_plugins/
site.yml
webservers.yml
dbservers.yml
roles/
    common/
    webtier/
    monitoring/
    fooapp/
Inventory相关
  • 使用动态的Inventory
  • 建议根据host的用途(角色),以及所在位置、机房来定义groups
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# file: production
[atlanta-webservers]
www-atl-1.example.com
www-atl-2.example.com
[boston-webservers]
www-bos-1.example.com
www-bos-2.example.com
[atlanta-dbservers]
db-atl-1.example.com
db-atl-2.example.com
[boston-dbservers]
db-bos-1.example.com
# webservers in all geos
[webservers:children]
atlanta-webservers
boston-webservers
# dbservers in all geos
[dbservers:children]
atlanta-dbservers
boston-dbservers
# everything in the atlanta geo
[atlanta:children]
atlanta-webservers
atlanta-dbservers
# everything in the boston geo
[boston:children]
boston-webservers
boston-dbservers
  • 多环境使用策略:不同环境(生产或测试)使用不同的inventory配置文件,使用 -i 来选择对应的配置
变量相关
  • 使用 group_vars / host_vars 来设定变量
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 使用上一条的示例
---
# file: group_vars/atlanta
ntp: ntp-atlanta.example.com
backup: backup-atlanta.example.com
---
# file: group_vars/webservers
apacheMaxRequestsPerChild: 3000
apacheMaxClients: 900
---
# file: group_vars/all
ntp: ntp-boston.example.com
backup: backup-boston.example.com
---
# file: host_vars/db-bos-1.example.com
foo_agent_port: 86
bar_agent_port: 99
  • 使用前缀和有含义的名字给变量命名(如 apache_port, tomcat_port)
roles相关

  • 使用“roles”组织特性

  • 顶层的playbook只包含Role,非常简短

    • site.yml 中定义基础结构,只包含别的playbooks

      1
      2
      3
      4
      ---
      # file: site.yml
      - include: webservers.yml
      - include: dbservers.yml

    • playbook中只包含Roles

      1
      2
      3
      4
      5
      6
      ---
      # file: webservers.yml
      - hosts: webservers
        roles:
          - common
          - webtier
  • 使用 Role 组织 Task 和 Handler
  • 使用 ansible-galaxy 管理外部的roles,而不是在自己的仓库中人工管理

其他

  • 标明 modules的状态,不管 state 是 present 或 absent
  • 鼓励使用空格来分隔内容,用 ‘#’ 来写注释
  • 给 Tasks 命名或者增加描述(name)
  • 不要试图一次性使用 Ansible 的所有的特性,仅仅使用对你有用的即可,保持简洁简单。
  • 使用版本控制系统来管理ansible脚本
  • 不要把密码或者认证明文放在目录中,使用ansible-vault进行编码
  • 在play中使用tags
  • 使用原生的 YAML语法
  • 清除 debug日志(使用verbosity,added in 2.1)

参考

官方文档Ansible Best Practices
enginyoyen/ansible-best-practises
ansible-best-practices-essentials