galaxy -- 角色 - Ansible jinja2 生成模板 - 《Dev Ops》

ansible可以使用 jinja2模板生成配置文件。并且可以使用if，for进行判断循环，进行逻辑处理。
[root@k8s-master ansible]# 
[root@k8s-master ansible]# tree conf_nginx
conf_nginx
├── defaults
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── README.md
├── tasks
│   ├── main.yml
│   └── template.yml
├── templates
│   ├── domain.conf
│   └── order.j2
├── tests
│   ├── inventory
│   └── test.yml
└── vars
    └── main.yml
8 directories, 11 files
[root@k8s-master ansible]# 
[root@k8s-master ansible]# cat conf_nginx.yml 
---
- hosts: 127.0.0.1
  user: root
  gather_facts: false
  roles:
  - role: conf_nginx
[root@k8s-master ansible]# cat conf_nginx/tasks/main.yml 
---
# tasks file for conf_nginx
- include: template.yml
[root@k8s-master ansible]# cat conf_nginx/tasks/template.yml 
- name: create {{ PROJECT }} directory
  file: dest=/data/{{ PROJECT }} state=directory
- name: template transfor java dir
  template: src=order.j2 dest=/data/{{ PROJECT }}/order.conf
- name: domain config 
  template: src=domain.conf dest=/data/{{ PROJECT }}/domain.conf 
[root@k8s-master ansible]# cat conf_nginx/templates/domain.conf 
server {
    listen 80;
    listen 443 ssl;
    server_name  www.domain.cn;
    ssl_certificate /etc/letsencrypt/live/www.domain.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.domain.cn/privkey.pem;
    access_log /data/nginx/access.log main;
    error_log /data/nginx/error.log;
    gzip  on;
    gzip_comp_level 2;
    gzip_vary on;
    gzip_proxied any;
    gzip_http_version 1.0;
    gzip_types application/javascript text/css application/json;
    client_header_buffer_size 128k;
    client_max_body_size 500M;
{% for url in nginx_location %}
    location ^~ /{{ url.name }}/ {
{% if url.rewrite is defined %}
        rewrite /{{ url.rewrite }}(.*) $1 break;
{% endif %}
        proxy_set_header   Host    $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Real-PORT $remote_port;
        client_max_body_size 1024m;
        proxy_buffer_size 64k;
        proxy_buffers   32 32k;
        proxy_busy_buffers_size 128k;
{% if url.timeout is defined %}
        proxy_connect_timeout       {{ url.timeout }};
        proxy_send_timeout      {{ url.timeout }};
        proxy_read_timeout      {{ url.timeout }};
{% else %}
        proxy_connect_timeout       600s;
        proxy_send_timeout      600s;
        proxy_read_timeout      600s;
{% endif%}
        proxy_pass   {{ url.proxy }};
    }
{% endfor %}
}
[root@k8s-master ansible]# cat conf_nginx/vars/main.yml 
---
# vars file for conf_nginx
PROJECT: "JAVA"
SWITCH: "NO"
DBPORT: "8080"
nginx_location:
- { name: "bi-api", proxy: "https://bi.domain.com/" }
- { name: "cc-api", proxy: "https://cc.domain.com/", timeout: "800s" }
- { name: "iam-api", proxy: "https://iam.domain.com/", rewrite: "iam-api" }
[root@k8s-master ansible]# 
[root@k8s-master JAVA]# cat domain.conf 
server {
    listen 80;
    listen 443 ssl;
    server_name  www.domain.cn;
    ssl_certificate /etc/letsencrypt/live/www.domain.cn/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.domain.cn/privkey.pem;
    access_log /data/nginx/access.log main;
    error_log /data/nginx/error.log;
    gzip  on;
    gzip_comp_level 2;
    gzip_vary on;
    gzip_proxied any;
    gzip_http_version 1.0;
    gzip_types application/javascript text/css application/json;
    client_header_buffer_size 128k;
    client_max_body_size 500M;
    location ^~ /bi-api/ {
        proxy_set_header   Host    $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Real-PORT $remote_port;
        client_max_body_size 1024m;
        proxy_buffer_size 64k;
        proxy_buffers   32 32k;
        proxy_busy_buffers_size 128k;
        proxy_connect_timeout       600s;
        proxy_send_timeout      600s;
        proxy_read_timeout      600s;
        proxy_pass   https://bi.domain.com/;
    }
    location ^~ /cc-api/ {
        proxy_set_header   Host    $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Real-PORT $remote_port;
        client_max_body_size 1024m;
        proxy_buffer_size 64k;
        proxy_buffers   32 32k;
        proxy_busy_buffers_size 128k;
        proxy_connect_timeout       800s;
        proxy_send_timeout      800s;
        proxy_read_timeout      800s;
        proxy_pass   https://cc.domain.com/;
    }
    location ^~ /iam-api/ {
        rewrite /iam-api(.*) $1 break;
        proxy_set_header   Host    $host;
        proxy_set_header   X-Real-IP   $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Real-PORT $remote_port;
        client_max_body_size 1024m;
        proxy_buffer_size 64k;
        proxy_buffers   32 32k;
        proxy_busy_buffers_size 128k;
        proxy_connect_timeout       600s;
        proxy_send_timeout      600s;
        proxy_read_timeout      600s;
        proxy_pass   https://iam.domain.com/;
    }
}
[root@k8s-master JAVA]#