Ansible委派任务给一个组

共计 17615 个字符，预计需要花费 45 分钟才能阅读完成。

之前用delegate_to将特殊任务委派给指定节点上运行，该方式只能将任务委派给一个节点。那如何委派给一个group组呢？

delegate_to

delegate_to默认读取的主机清单中的facts，而不是自身被委派的主机facts，所以我们的委派任务被运行多少次取决于主机清单中的主机数量，此时若要限制只执行一次，则需要用run_once: true配合。使用该方式最终委派给一台节点运行任务，如果我要委派给一组服务器，则需要设置delegate_facts: true

主机清单样例

[root@manager project-backup]# cat hosts
[web]
10.100.235.224
10.100.235.245
10.100.235.199
10.100.235.194

[lb]
10.100.235.195
10.100.235.202

第一种情况

剧本任务

[root@manager project-backup]# cat test-bk.yaml
---
- name: backup web project
  hosts: web
  tasks:
  - name: debug 1
    debug:
      msg: "{{ inventory_hostname }}"

  - name: debug 2
    debug:
      msg: "{{ inventory_hostname }}"
    delegate_facts: True
    delegate_to: "{{ item }}"
    with_items: "{{ groups['lb'] }}"

任务运行输出如下

[root@manager project-backup]# ansible-playbook -i hosts test-bk.yaml

PLAY [backup web project] ********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************
ok: [10.100.235.245]
ok: [10.100.235.224]
ok: [10.100.235.194]
ok: [10.100.235.199]

TASK [debug 1] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224] => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.245] => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.199] => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.194] => {
    "msg": "10.100.235.194"
}

TASK [debug 2] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.224 -> 10.100.235.202] => (item=10.100.235.202) => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.245 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.245 -> 10.100.235.202] => (item=10.100.235.202) => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.199 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.199 -> 10.100.235.202] => (item=10.100.235.202) => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.194 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.194"
}
ok: [10.100.235.194 -> 10.100.235.202] => (item=10.100.235.202) => {
    "msg": "10.100.235.194"
}

PLAY RECAP ***********************************************************************************************************************************************************************************************************
10.100.235.194             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.199             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.224             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.245             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

从上面输出可以看出每个web组内的任务都被委派给两台lb上处理，总共8次（web组节点数*lb组节点数）

第二种情况

如果给这个任务加上run_once: True呢，会是什么情况？

此时剧本

[root@manager project-backup]# cat test-bk.yaml
---
- name: backup web project
  hosts: web
  tasks:

  - name: debug 1
    debug:
      msg: "{{ inventory_hostname }}"

  - name: debug 2
    debug:
      msg: "{{ inventory_hostname }}"
    delegate_facts: True
    delegate_to: "{{ item }}"
    with_items: "{{ groups['lb'] }}"
    run_once: True

任务运行输出如下

[root@manager project-backup]# ansible-playbook -i hosts test-bk.yaml

PLAY [backup web project] ********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************
ok: [10.100.235.194]
ok: [10.100.235.245]
ok: [10.100.235.224]
ok: [10.100.235.199]

TASK [debug 1] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224] => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.245] => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.199] => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.194] => {
    "msg": "10.100.235.194"
}

TASK [debug 2] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.224 -> 10.100.235.202] => (item=10.100.235.202) => {
    "msg": "10.100.235.224"
}

PLAY RECAP ***********************************************************************************************************************************************************************************************************
10.100.235.194             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.199             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.224             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.245             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

从上面输出可以看到该任务有两次输出，该任务只被一个web组节点同时委派给lb组中的两个节点中运行

第三种情况

此时再试想一下，可不可以委派给一个组的同时，限制只需要委派组中的任意一个运行即可？其实这种方式直接委托给组中的一个主机即可，但是博主的这个委托组地址会变，不想写死也不想总是修改。。。。最后博主在官方文档上看到了一个with_random_choice功能，该功能返回列表中的随机一个

此时剧本任务

[root@manager project-backup]# cat test-bk.yaml
---
- name: backup web project
  hosts: web
  tasks:

  - name: debug 1
    debug:
      msg: "{{ inventory_hostname }}"

  - name: debug 2
    debug:
      msg: "{{ inventory_hostname }}"
    delegate_facts: True
    delegate_to: "{{ item }}"
    with_random_choice: "{{ groups['lb'] }}"

任务运行输出如下

[root@manager project-backup]# ansible-playbook -i hosts test-bk.yaml

PLAY [backup web project] ********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************
ok: [10.100.235.245]
ok: [10.100.235.194]
ok: [10.100.235.199]
ok: [10.100.235.224]

TASK [debug 1] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224] => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.199] => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.245] => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.194] => {
    "msg": "10.100.235.194"
}

TASK [debug 2] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.245 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.199 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.194 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.194"
}

PLAY RECAP ***********************************************************************************************************************************************************************************************************
10.100.235.194             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.199             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.224             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.245             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[root@k8s-master project-backup]# ansible-playbook -i hosts test-bk.yaml

PLAY [backup web project] ********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************
ok: [10.100.235.194]
ok: [10.100.235.199]
ok: [10.100.235.224]
ok: [10.100.235.245]

TASK [debug 1] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224] => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.245] => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.199] => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.194] => {
    "msg": "10.100.235.194"
}

TASK [debug 2] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224 -> 10.100.235.202] => (item=10.100.235.202) => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.245 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.199 -> 10.100.235.202] => (item=10.100.235.202) => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.194 -> 10.100.235.202] => (item=10.100.235.202) => {
    "msg": "10.100.235.194"
}

PLAY RECAP ***********************************************************************************************************************************************************************************************************
10.100.235.194             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.199             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.224             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.245             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

从上面输出可以看到web组中的4个节点任务被委派给lb组任意一个处理，总共就4次

第四种情况

此时加上run_once: True呢？结论就是只有一个web组节点任务执行，且被委派给任意一个lb组节点，最终输出一条执行记录

[root@manager project-backup]# cat test-bk.yaml
---
- name: backup web project
  hosts: web
  tasks:

  - name: debug 1
    debug:
      msg: "{{ inventory_hostname }}"

  - name: debug 2
    debug:
      msg: "{{ inventory_hostname }}"
    delegate_facts: True
    delegate_to: "{{ item }}"
    with_random_choice: "{{ groups['lb'] }}"
    run_once: True
[root@manager project-backup]# ansible-playbook -i hosts test-bk.yaml

PLAY [backup web project] ********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************
ok: [10.100.235.224]
ok: [10.100.235.245]
ok: [10.100.235.199]
ok: [10.100.235.194]

TASK [debug 1] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224] => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.245] => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.199] => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.194] => {
    "msg": "10.100.235.194"
}

TASK [debug 2] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224 -> 10.100.235.202] => (item=10.100.235.202) => {
    "msg": "10.100.235.224"
}

PLAY RECAP ***********************************************************************************************************************************************************************************************************
10.100.235.194             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.199             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.224             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.245             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

[root@k8s-master project-backup]#
[root@k8s-master project-backup]# ansible-playbook -i hosts test-bk.yaml

PLAY [backup web project] ********************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************
ok: [10.100.235.199]
ok: [10.100.235.194]
ok: [10.100.235.224]
ok: [10.100.235.245]

TASK [debug 1] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224] => {
    "msg": "10.100.235.224"
}
ok: [10.100.235.245] => {
    "msg": "10.100.235.245"
}
ok: [10.100.235.199] => {
    "msg": "10.100.235.199"
}
ok: [10.100.235.194] => {
    "msg": "10.100.235.194"
}

TASK [debug 2] *******************************************************************************************************************************************************************************************************
ok: [10.100.235.224 -> 10.100.235.195] => (item=10.100.235.195) => {
    "msg": "10.100.235.224"
}

PLAY RECAP ***********************************************************************************************************************************************************************************************************
10.100.235.194             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.199             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.224             : ok=3    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
10.100.235.245             : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

k8s批量扩容节点数量

目前k8s集群的部署有很多工具，此处博主曾尝试使用ansible和kubeadm写了一个集群增加node的操作

在master组任意一个节点获取node join命令
在node中执行上面获取的命令

# 主机清单
[root@manager k8s-ms]# cat hosts
[master]
192.168.44.151
192.168.44.161

192.168.44.162

[node]
192.168.44.152
192.168.44.153

# playbook
[root@manager k8s-ms]# cat test-node-join.yaml
---
- name: test join node for k8s
  hosts: node
  tasks:
  - name: get join command
    shell: kubeadm token create --print-join-command
    register: join_command
    delegate_to: "{{ item }}"
    run_once: true
    with_random_choice: "{{ groups['master'] }}"

  - name: out put join_command
    debug:
      msg: "{{ join_command.results.0.stdout }}"
    run_once: true

  - name: node output join_command
    debug:
      msg: "{{ join_command.results.0.stdout }}"

  - name: node exec join_command
    shell: "{{ join_command.results.0.stdout }}"

任务运行输出

[root@manager k8s-ms]# ansible-playbook -i hosts test-node-join.yaml

PLAY [test join node for k8s] ****************************************************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************************************************************
ok: [192.168.44.153]
ok: [192.168.44.152]

TASK [get join command] **********************************************************************************************************************************************************************************************
changed: [192.168.44.152 -> 192.168.44.151] => (item=192.168.44.151)

TASK [out put join_command] ******************************************************************************************************************************************************************************************
ok: [192.168.44.152] => {
    "msg": "kubeadm join apiserver.demo:6443 --token q6m90h.bciz8cfqpp6ppzu2     --discovery-token-ca-cert-hash sha256:94d16a5811ec81c8bf3c74d1afabfac2400d6b9ea653f9e5aad7a451a0de675c "
}

TASK [node output join_command] **************************************************************************************************************************************************************************************
ok: [192.168.44.152] => {
    "msg": "kubeadm join apiserver.demo:6443 --token q6m90h.bciz8cfqpp6ppzu2     --discovery-token-ca-cert-hash sha256:94d16a5811ec81c8bf3c74d1afabfac2400d6b9ea653f9e5aad7a451a0de675c "
}
ok: [192.168.44.153] => {
    "msg": "kubeadm join apiserver.demo:6443 --token q6m90h.bciz8cfqpp6ppzu2     --discovery-token-ca-cert-hash sha256:94d16a5811ec81c8bf3c74d1afabfac2400d6b9ea653f9e5aad7a451a0de675c "
}

TASK [node exec join_command] ****************************************************************************************************************************************************************************************

changed: [192.168.44.152]
changed: [192.168.44.153]

PLAY RECAP ***********************************************************************************************************************************************************************************************************
192.168.44.152             : ok=5    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
192.168.44.153             : ok=3    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

此时查看集群节点

[root@k8s-master ~]# kubectl get nodes
NAME          STATUS   ROLES            AGE    VERSION
k8s-master    Ready    compute,master   50d    v1.16.0
k8s-node-01   Ready    <none>           32s    v1.16.0
k8s-node-02   Ready    <none>           31s    v1.16.0

最后优化下shell任务的幂等性

[root@manager k8s-ms]# cat test-node-join.yaml
---
- name: test join node for k8s
  hosts: node
  tasks:
  - name: get join command
    shell: kubeadm token create --print-join-command
    register: join_command
    delegate_to: "{{ item }}"
    run_once: true
    with_random_choice: "{{ groups['master'] }}"

  - name: out put join_command
    debug:
      msg: "{{ join_command.results.0.stdout }}"
    run_once: true

  - name: node output join_command
    debug:
      msg: "{{ join_command.results.0.stdout }}"

  - name: node exec join_command
    shell: |
      "{{ join_command.results.0.stdout }}" && touch /tmp/node-joinlog.txt
    args:
      creates: /tmp/node-joinlog.txt

参考文档：https://docs.ansible.com/ansible/latest/collections/ansible/builtin/random_choice_lookup.html#ansible-collections-ansible-builtin-random-choice-lookup

delegate_to

第一种情况

第二种情况

第三种情况

第四种情况

k8s批量扩容节点数量

什么是VLAN?