Ansible Tests 詳解與使用案例
主機規劃
主機名稱 | 操作系統版本 | 內網IP | 外網IP(模擬) | 安裝軟件 |
---|---|---|---|---|
ansi-manager | CentOS7.5 | 172.16.1.180 | 10.0.0.180 | ansible |
ansi-haproxy01 | CentOS7.5 | 172.16.1.181 | 10.0.0.181 | |
ansi-haproxy02 | CentOS7.5 | 172.16.1.182 | 10.0.0.182 | |
ansi-web01 | CentOS7.5 | 172.16.1.183 | 10.0.0.183 | |
ansi-web02 | CentOS7.5 | 172.16.1.184 | 10.0.0.184 | |
ansi-web03 | CentOS7.5 | 172.16.1.185 | 10.0.0.185 |
添加用戶賬號
說明:
1、 運維人員使用的登錄賬號;
2、 所有的業務都放在 /app/ 下「yun用戶的家目錄」,避免業務數據亂放;
3、 該用戶也被 ansible 使用,因爲幾乎所有的生產環境都是禁止 root 遠程登錄的(因此該 yun 用戶也進行了 sudo 提權)。
# 使用一個專門的用戶,避免直接使用root用戶
# 添加用戶、指定家目錄並指定用戶密碼
# sudo提權
# 讓其它普通用戶可以進入該目錄查看信息
useradd -u 1050 -d /app yun && echo '123456' | /usr/bin/passwd --stdin yun
echo "yun ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
chmod 755 /app/
Ansible 配置清單Inventory
之後文章都是如下主機配置清單
[yun@ansi-manager ansible_info]$ pwd
/app/ansible_info
[yun@ansi-manager ansible_info]$ cat hosts_key
# 方式1、主機 + 端口 + 密鑰
[manageservers]
172.16.1.180:22
[proxyservers]
172.16.1.18[1:2]:22
# 方式2:別名 + 主機 + 端口 + 密碼
[webservers]
web01 ansible_ssh_host=172.16.1.183 ansible_ssh_port=22
web02 ansible_ssh_host=172.16.1.184 ansible_ssh_port=22
web03 ansible_ssh_host=172.16.1.185 ansible_ssh_port=22
Tests 概述
Tests 在 Jinja 中是一種評估模板表達式,並最終返回 True 或 False。Jinja 中就有自帶的 Tests 清單,具體地址如下:
http://docs.jinkan.org/docs/jinja2/templates.html#builtin-tests
tests 和 filters 的主要區別在於Jinja tests 用於比較,而 filters 用於數據操作,兩者在Jinja中有不同的應用。
與所有模板一樣,tests 總是在 Ansible 控制機上執行,而不是在任務的目標機上,因爲它們測驗本地數據。
除了 Jinja2 tests 之外,Ansible還提供了一些 tests,用戶也可以輕鬆創建自己的 tests。
測驗字符串
若要將字符串與子字符串或正則表達式匹配,請使用「match」、「search」或「regex」過濾。
match:必須有開頭匹配
search:子串匹配
regex:正則匹配
示例:
[yun@ansi-manager ansi_tests]$ pwd
/app/ansible_info/ansi_tests
[yun@ansi-manager ansi_tests]$ cat tests_str.yml
---
- hosts: manageservers
vars:
url: "http://example.com/users/foo/resources/bar"
tasks:
- debug:
msg: "matched pattern 1-1"
when: url is match("http://example.com/users/.*/resources/.*") # True
- debug:
msg: "matched pattern 1-2"
when: url is match("http://example.com") # True
- debug:
msg: "matched pattern 1-3"
when: url is match(".*://example.com") # True
- debug:
msg: "matched pattern 1-4"
when: url is match("example.com/users/.*/resources/.*") # False
- debug:
msg: "matched pattern 2-1"
when: url is search("/users/.*/resources/.*") # True
- debug:
msg: "matched pattern 2-2"
when: url is search("/users/") # True
- debug:
msg: "matched pattern 2-3"
when: url is search("/user/") # False
- debug:
msg: "matched pattern 3"
when: url is regex("example.com/\w+/foo") # True
[yun@ansi-manager ansi_tests]$ ansible-playbook -b -i ../hosts_key tests_str.yml # 注意查看執行
測驗版本比較
使用「version」,用於版本號比較。
「version」接受的運算符如下:
<, lt, <=, le, >, gt, >=, ge, ==, =, eq, !=, <>, ne
「version」也可以接受「strict」參數,這個參數默認值爲「False」,如果設置爲「True」則ansible會進行更嚴格的版本檢查:
{{ sample_version_var is version('1.0', operator='lt', strict=True) }}
示例:
# 判斷 ansible_python_version 版本是否 大於等於 2.7.3
[yun@ansi-manager ansi_tests]$ pwd
/app/ansible_info/ansi_tests
[yun@ansi-manager ansi_tests]$ ll
total 8
drwxrwxr-x 2 yun yun 35 Sep 12 15:14 file
-rw-rw-r-- 1 yun yun 209 Sep 12 15:08 tests_version.yml
[yun@ansi-manager ansi_tests]$ cat file/tests_version.conf.j2 # 涉及文件
# Jinja2 版本測驗
{% if ansible_python_version is version('2.7.3', '>=') %}
result True. ansible_python_version = {{ ansible_python_version }}
{% else %}
result False
{% endif %}
[yun@ansi-manager ansi_tests]$ cat tests_version.yml # 涉及的playbook文件
---
# ansible tests Version Comparison
- hosts: proxyservers
tasks:
- name: "Tests Version Comparison"
template:
src: ./file/tests_version.conf.j2
dest: /tmp/tests_version.conf
[yun@ansi-manager ansi_tests]$ ansible-playbook -b -i ../hosts_key tests_version.yml # 執行
測驗子集和超集
關鍵字「superset」和「subset」,用於測驗一個列表是否包含或被包含於另一個列表
示例:
[yun@ansi-manager ansi_tests]$ pwd
/app/ansible_info/ansi_tests
[yun@ansi-manager ansi_tests]$ cat tests_set.yml
---
# tests 子集和超集
- hosts: manageservers
vars:
a: [1,2,3,4,5]
b: [2,3]
tasks:
- debug:
msg: "A includes B"
when: a is superset(b)
- debug:
msg: "B is included in A"
when: b is subset(a)
[yun@ansi-manager ansi_tests]$ ansible-playbook -b -i ../hosts_key tests_set.yml # 注意查看執行
測驗列表真假
關鍵字「all」和「any」,用於檢查列表裏元素的真假,列表中所有爲真或者任何一個爲真。
all:一假則假
any:一真則真
[yun@ansi-manager ansi_tests]$ pwd
/app/ansible_info/ansi_tests
[yun@ansi-manager ansi_tests]$ cat tests_list.yml
---
# tests 測驗 all any
- hosts: manageservers
vars:
mylist:
- 1
- "{{ 3 == 3 }}"
- True
myotherlist:
- False
- True
tasks:
- debug:
msg: "all are true!"
when: mylist is all
- debug:
msg: "at least one is true"
when: myotherlist is any
[yun@ansi-manager ansi_tests]$ ansible-playbook -b -i ../hosts_key tests_list.yml # 注意查看執行
測驗文件或目錄
用於測驗目錄、文件、軟連接、是否已存在、是相對路徑還是絕對路徑等等。
[yun@ansi-manager ansi_tests]$ pwd
/app/ansible_info/ansi_tests
[yun@ansi-manager ansi_tests]$ cat tests_path.yml
---
- hosts: manageservers
vars:
# - mypath: /tmp/
- mypath: /tmp/yum_hard.sh
- path2: /tmp/
# - path2: /tmp/yum_hard_2.sh
tasks:
- debug:
msg: "path is a directory"
when: mypath is directory
- debug:
msg: "path is a file"
when: mypath is file
- debug:
msg: "path is a symlink"
when: mypath is link
- debug:
msg: "path already exists"
when: mypath is exists
- debug:
msg: "path is {{ (mypath is abs)|ternary('absolute','relative')}}"
- debug:
msg: "path is the same file as path2"
when: mypath is same_file(path2)
- debug:
msg: "path is a mount"
when: mypath is mount
[yun@ansi-manager ansi_tests]$ ansible-playbook -b -i ../hosts_key tests_path.yml # 注意查看執行
測驗任務執行結果
對任務執行結果進行測驗。
[yun@ansi-manager ansi_tests]$ pwd
/app/ansible_info/ansi_tests
[yun@ansi-manager ansi_tests]$ cat tests_result.yml
---
- hosts: 172.16.1.180
## 對如下3種情況一次測驗
tasks:
- shell: /usr/bin/foo
#- shell: /usr/bin/true
#- shell: /usr/bin/false
register: result
ignore_errors: True
- debug:
msg: "{{ result }}"
- debug:
msg: "it failed"
when: result is failed
# in most cases you'll want a handler, but if you want to do something right now, this is nice
- debug:
msg: "it changed"
when: result is changed
- debug:
msg: "it succeeded in Ansible >= 2.1"
when: result is succeeded
- debug:
msg: "it succeeded"
when: result is success
- debug:
msg: "it was skipped"
when: result is skipped
[yun@ansi-manager ansi_tests]$ ansible-playbook -b -i ../hosts_key tests_result.yml # 注意查看執行