roles
ansilbe自1.2版本引入的新特性,用于层次性、结构化地组织playbook。roles 能够根据层次型结构自动装载变量文件、tasks以及handlers等。要使用roles只需 要在playbook中使用include指令即可。简单来讲,roles就是通过分别将变量、 文件、任务、模板及处理器放置于单独的目录中,并可以便捷地include它们的一 种机制。角色一般用于基于主机构建服务的场景中,但也可以是用于构建守护进程 等场景中
复杂场景:建议使用roles,代码复用度高
变更指定主机或主机组
如命名不规范维护和传承成本大
某些功能需多个Playbook,通过Includes即可实现
Roles目录规则
角色(roles):角色集合
roles/ #可以随便放,但子目录必须遵循规则
mysql/
httpd/
nginx/
memcached/
roles目录结构
每个角色,以特定的层级目录结构进行组织
roles目录结构:
playbook.yml
roles/
project/
tasks/
files/
vars/ 不常用
default/ 不常用
templates/
handlers/
meta/ 不常用
Roles各目录作用
/roles/project/ :项目名称,有以下子目录
files/ :存放由copy或script模块等调用的文件
templates/:template模块查找所需要模板文件的目录
tasks/:定义task,role的基本元素,至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含
handlers/:至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含
vars/:定义变量,至少应该包含一个名为main.yml的文件;其它的文件需要在此文件 中通过include进行包含
meta/:定义当前角色的特殊设定及其依赖关系,至少应该包含一个名为main.yml的文件,其它文件需在此文件中通过include进行包含
default/:设定默认变量时使用此目录中的main.yml文件
创建role
创建role的步骤
(1) 创建以roles命名的目录
(2) 在roles目录中分别创建以各角色名称命名的目录,如webservers等
(3) 在每个角色命名的目录中分别创建files、handlers、meta、tasks、 templates和vars目录;用不到的目录可以创建为空目录,也可以不创建
(4) 在playbook文件中,调用各角色
一种角色代表一些资源的集合
nginx
template,vars,files
tomcat
files ,yml,vars
nginx为例
group:nginx 建组
user:nginx-g niginx 建用户
rpm:nginx 装包
conf: 拷贝文件
start 启动服务
实验环境
3个centos7和一个centos6
cos7-1 ,cos7-2 ,centos6 ,ansible
hostnamectl set-hostname cos7-1 ==/etc/hosts
hostname ansible 临时生效
[root@ansible:ansible]# pwd
/root/ansible
[root@ansible:ansible]# mkdir roles/nginx/{tasks,files} -pv
[root@ansible:ansible]# tree roles
roles
└── nginx
├── files
└── tasks
3 directories, 0 files
[root@ansible:~]# getent group |grep 80
[root@ansible:tasks]# vim group.yml
- name: create group
group: name=nginx gid=80 system=yes
[root@ansible:tasks]# vim user.yml
- name:
user: name=nginx group=nginx uid=80 system=yes shell=/sbin/nologin
[root@ansible:tasks]# vim yum.yml
- name: install package
yum: name=nginx
[root@ansible:tasks]# vim copyfile.yml
- name: conf file
copy: src=nginx.conf dest=/etc/nginx/
[root@ansible:tasks]# cp /etc/nginx/nginx.conf /root/ansible/roles/nginx/files/
listen 9527 default_server; #改为9527
[root@ansible:tasks]# vim services.ym
- name: start service
service: name=nginx state=started enabled=yes
[root@ansible:tasks]# vim main.yml
- include: group.yml
- include: user.yml
- include: yum.yml
- include: copyfile.yml
- include: services.yml
[root@ansible:tasks]# tree
.
├── copyfile.yml
├── group.yml
├── main.yml
├── services.yml
├── user.yml
└── yum.yml
0 directories, 6 files
[root@ansible:roles]# tree
.
└── nginx
├── files
│ └── nginx.conf
└── tasks
├── copyfile.yml #4、拷贝nginx的配置文件
├── group.yml #1、创建组
├── main.yml #主文件入口,按照1,2,3,4,5的顺序写入main.yml
├── services.yml #5、启动服务
├── user.yml #2、创建用户
└── yum.yml #3、安装nginx的rpm包
3 directories, 7 files
[root@ansible:ansible]# vim nginx-role.yml #和roles目录平级
- hosts: appsrvs
remote_user: root
roles:
- role: nginx #roles/nginx
[root@ansible:ansible]# ansible-playbook -C nginx-role.yml
[root@ansible:ansible]# ansible-playbook nginx-role.yml
———————————————————————————————————————————————
再创建一个角色httpd
[root@ansible:roles]# pwd
/root/ansible/roles
[root@ansible:roles]# cp -r nginx/ httpd
[root@ansible:roles]# tree
.
├── httpd
│ ├── files
│ │ └── nginx.conf
│ └── tasks
│ ├── copyfile.yml
│ ├── group.yml
│ ├── main.yml
│ ├── services.yml
│ ├── user.yml
│ └── yum.yml
└── nginx
├── files
│ └── nginx.conf
└── tasks
├── copyfile.yml
├── group.yml
├── main.yml
├── services.yml
├── user.yml
└── yum.yml
6 directories, 14 files
[root@ansible:roles]# cd nginx/tasks/
[root@ansible:tasks]# cat *
- name: conf file
copy: src=nginx.conf dest=/etc/nginx/
- name: create group
group: name=nginx gid=80 system=yes
- include: group.yml
- include: user.yml
- include: yum.yml
- include: copyfile.yml
- include: services.yml
- name: start service
service: name=nginx state=started enabled=yes
- name:
user: name=nginx group=nginx uid=80 system=yes shell=/sbin/nologin
- name: install package
yum: name=nginx
[root@ansible:tasks]# ls
copyfile.yml group.yml main.yml services.yml user.yml yum.yml
[root@ansible:tasks]# pwd
/root/ansible/roles/httpd/tasks
[root@ansible:tasks]# sed -i.bak 's/nginx/httpd/g' *
[root@ansible:tasks]# ls
copyfile.yml group.yml main.yml services.yml user.yml yum.yml
copyfile.yml.bak group.yml.bak main.yml.bak services.yml.bak user.yml.bak yum.yml.bak
[root@ansible:tasks]# vim group.yml
- name: create group
group: name=apache gid=808 system=yes
[root@ansible:tasks]# vim user.yml
- name:
user: name=apache group=apache uid=808 system=yes shell=/sbin/nologin
[root@ansible:tasks]# cat copyfile.yml
- name: conf file
copy: src=httpd.conf dest=/etc/httpd/conf/
[root@ansible:httpd]# tree
.
├── files
│ └── nginx.conf
└── tasks
├── copyfile.yml
├── copyfile.yml.bak
├── group.yml
├── group.yml.bak
├── main.yml
├── main.yml.bak
├── services.yml
├── services.yml.bak
├── user.yml
├── user.yml.bak
├── yum.yml
└── yum.yml.bak
2 directories, 13 files
[root@ansible:httpd]# cp /etc/httpd/conf/httpd.conf files/
[root@ansible:httpd]# cd files/
[root@ansible:files]# ls
httpd.conf nginx.conf
[root@ansible:files]# rm -f nginx.conf
[root@ansible:files]# vim httpd.conf
Listen 808
[root@ansible:roles]# rm -rf httpd/tasks/*.yml.bak
[root@ansible:roles]# tree
.
├── httpd
│ ├── files
│ │ └── httpd.conf
│ └── tasks
│ ├── copyfile.yml
│ ├── group.yml
│ ├── main.yml
│ ├── services.yml
│ ├── user.yml
│ └── yum.yml
└── nginx
├── files
│ └── nginx.conf
└── tasks
├── copyfile.yml
├── group.yml
├── main.yml
├── services.yml
├── user.yml
└── yum.yml
6 directories, 14 files
[root@ansible:ansible]# vim httpd-role.yml
- hosts: appsrvs
remote_user: root
roles:
- role: httpd
- role: nginx
[root@ansible:ansible]# ansible-playbook -C httpd-role.yml
[root@ansible:ansible]# ansible-playbook httpd-role.yml
[root@cos7-2:~ ]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:9527 *:*
LISTEN 0 128 :::808 :::*
--------------------------------------------------------
角色相互调用
#httpd的files中的文件
[root@ansible:roles]# vim httpd/files/index.html
in /root/ansible/roles/httpd/files/index.html ; then to /root/ansible/roles/nginx/
#nginx中
[root@ansible:tasks]# pwd
/root/ansible/roles/nginx/tasks
[root@ansible:tasks]# vim html.yml
- name: html file
copy: src=roles/httpd/files/index.html dest=/usr/share/nginx/html/
[root@ansible:tasks]# vim main.yml
- include: group.yml
- include: user.yml
- include: yum.yml
- include: copyfile.yml
- include: services.yml
- include: html.yml 或者 roles/httpd/tasks/**.yml
--------------------------------
tags
[root@ansible:ansible]# vim httpd-role.yml
- hosts: appsrvs
remote_user: root
roles:
- {role: httpd,tags: ['httpd','web']}
- {role: nginx,tags: ['web'] }
[root@ansible:ansible]# ansible appsrvs -m yum -a 'name=nginx,httpd state=absent'
[root@ansible:ansible]# ansible-playbook -t nginx httpd-role.yml
hander和notify
when