一 haproxy角色
1 点睛
haproxy角色主要实现了haproxy平台的部署、配置功能。
2 roles/haproxy/tasks
---
# This role installs HAProxy and configures it.
- name: Download and install haproxy and socat
yum: name={{ item }} state=present
with_items:
- haproxy
- socat
- name: Configure the haproxy cnf file with hosts
template: src=haproxy.cfg.j2 dest=/etc/haproxy/haproxy.cfg
3 说明
任务(tasks)定义了两个功能,一为安装,二为同步配置文件, 安装使用了yum模块,循环安装haproxy、socat两个工具,同时根据配置参数渲染roles/haproxy/templates/haproxy.cfg.j2模板文件,完成后同步到目标
主机/etc/haproxy/haproxy.cfg位置,状态发生变化时重启haproxy 服务,使之生效。
4 roles/haproxy/templates/haproxy.cfg.j2
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user root
group root
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats level admin
defaults
mode {{ mode }}
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
backend app
{% for host in groups['lbservers'] %}
listen {{ daemonname }} {{ hostvars[host]['ansible_' + iface].ipv4.address }}:{{ listenport }}
{% endfor %}
balance {{ balance }}
{% for host in groups['webservers'] %}
server {{ hostvars[host].ansible_hostname }} {{ hostvars[host]['ansible_' + iface].ipv4.address }}:{{ httpd_port }}
{% endfor %}
{{hostvars[host]['ansible_'+iface].ipv4.address}}实现了获取网卡名变量iface(group_vars/lbservers中定义)的IPv4 IP地址。
二 web角色
1 点睛
web角色主要实现了php、php-mysql、git平台部署及SELinux的配 置功能。
2 roles/web/tasks/main.yml
---
# This will install nagios
- name: install nagios
yum: pkg={{ item }} state=present
with_items:
- nagios
- nagios-plugins
- nagios-plugins-nrpe
- nagios-plugins-ping
- nagios-plugins-ssh
- nagios-plugins-http
- nagios-plugins-mysql
- nagios-devel
notify: restart httpd
- name: create nagios config dir
file: path=/etc/nagios/ansible-managed state=directory
- name: configure nagios
copy: src=nagios.cfg dest=/etc/nagios/nagios.cfg
notify: restart nagios
- name: configure localhost monitoring
copy: src=localhost.cfg dest=/etc/nagios/objects/localhost.cfg
notify: restart nagios
- name: configure nagios services
copy: src=ansible-managed-services.cfg dest=/etc/nagios/
- name: create the nagios object files
template: src={{ item + ".j2" }}
dest=/etc/nagios/ansible-managed/{{ item }}
with_items:
- webservers.cfg
- dbservers.cfg
- lbservers.cfg
notify: restart nagios
- name: start nagios
service: name=nagios state=started enabled=yes
判断sestatus变量(roles/common/tasks/main.yml中定义)返回的 rc(运行代码)不等于0(失败),则配置selinux httpd访问远程数据库的权限,使用的是Ansible的seboolean模块,该条语句等价于命令 行“setsebool httpd_can_network_connect_db 1”,其中“persistent=yes”表 示开机自启动。
三 nagios角色
1 点睛
nagios角色主要实现了nagios监控平台的部署。
2 roles/nagios/tasks/main.yml
---
# This will install nagios
- name: install nagios
yum: pkg={{ item }} state=present
with_items:
- nagios
- nagios-plugins
- nagios-plugins-nrpe
- nagios-plugins-ping
- nagios-plugins-ssh
- nagios-plugins-http
- nagios-plugins-mysql
- nagios-devel
notify: restart httpd
- name: create nagios config dir
file: path=/etc/nagios/ansible-managed state=directory
- name: configure nagios
copy: src=nagios.cfg dest=/etc/nagios/nagios.cfg
notify: restart nagios
- name: configure localhost monitoring
copy: src=localhost.cfg dest=/etc/nagios/objects/localhost.cfg
notify: restart nagios
- name: configure nagios services
copy: src=ansible-managed-services.cfg dest=/etc/nagios/
- name: create the nagios object files
template: src={{ item + ".j2" }}
dest=/etc/nagios/ansible-managed/{{ item }}
with_items:
- webservers.cfg
- dbservers.cfg
- lbservers.cfg
notify: restart nagios
- name: start nagios
service: name=nagios state=started enabled=yes
template分发多个模板文件时可以使用with_items来循环同步,变量与字符使用“+”号连接。