目录
Roles概述
Roles简介
- Roles又称为角色,playbook被称为剧本。Roles角色是自1.2版本之后引入的新特性,用于层次性、结构化的组织剧本
- roles能够根据层次型结构自动装载变量文件、任务集、以及触发的动作等,要使用roles只需要在剧本中使用include命令引入即可
- 简单的来说,roles就是分别将变量、文件、任务、模板以及处理器放置于不同的单独的目录,并且可以便捷的通过include引入
- 角色一般用于基于主机构建的服务的场景中,但是也可以是用于构建守护进程等场景中,主要是使用在代码复用度较高的场景下
roles目录结构
roles文件作用
defaults目录 | 作用 |
---|---|
roles | 所有的角色必须放到roles目录下,这个目录可以自定义,默认的位置就在/etc/ansible/roles,并且和剧本是同级目录 |
files目录 | 用来存放配置文件或者源代码包的 |
tasks目录 | 此目录应当包含一个main.yml文件,用于定义此角色的任务列表,此文件可以使用include引入其他的位于此目录的task文件 |
vars目录 | 此目录应当包含一个main.yml文件,用于定义此角色用到的变量 |
meta目录 | 此目录应当包含一个main.yml文件,存放角色的说明信息、说明角色依赖等信息,可以不用写 |
templates目录 | 用来存放配置文件,跟files目录不同的是,这里的配置文件可以调用变量 |
handlers目录 | 此目录应当包含一个main.yml文件,用于定义此角色中触发条件时执行的动作,可以不用写 |
roles示例
通过roles安装配置apache服务
#进入到roles目录
cd /etc/ansible/roles
#生成apache目录
ansible-galaxy init apache
准备变量文件
vim /etc/ansible/roles/apache/vars/main.yml
#写入
port: 80
username: www
groupname: www
准备http配置文件模板
#将本地httpd配置文件移动到/etc/ansible/roles/apache/templates/httpd.conf
#修改文件
vim /etc/ansible/roles/apache/templates/httpd.conf
....
42 Listen {{ port }}
....
66 User {{ username }}
67 Group {{ groupname }}
....
任务剧本编写,创建用户、组、安装软件、配置、启动等
#创建用户的task
vim /etc/ansible/roles/apache/tasks/user.yaml
- name: 创建用户
user: name=www uid=60 system=yes shell=/sbin/nologin
#创建组的task
vim /etc/ansible/roles/apache/tasks/group.yaml
- name: 创建组
group: name=www gid=60 system=yes
#安装Apache的task
vim /etc/ansible/roles/apache/tasks/install.yaml
- name: 安装httpd
yum: name=httpd state=installed
#配置配置http配置文件的task
vim /etc/ansible/roles/apache/tasks/config.yaml
- name: 复制httpd模板及配置触发器
template: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
notify:
- restart httpd
#启动httpd的task
vim /etc/ansible/roles/apache/tasks/start.yaml
- name: 开启httpd
service: name=httpd state=started enabled=yes
#编写main.yml,将上面写的任务全部引入到main.yml文件中
vim /etc/ansible/roles/apache/tasks/main.yml
- include: group.yaml
- include: user.yaml
- include: install.yaml
- include: config.yaml
- include: start.yaml
编写重启httpd动作
vim /etc/ansible/roles/apache/handlers/main.yml
- name: restart httpd
service: name=httpd state=restarted
编写主的httpd的角色文件,调用httpd角色
vim /etc/ansible/roles/httpd_roles.yml
---
- hosts: web #主机组,还可以是IP
remote_user: root #远程执行用户
roles:
- role: apache #要和ansible-galaxy创建的目录名一致
#通过playbook测试语法是否正确
ansible-playbook -C httpd_roles.yml
#执行
ansible-playbook httpd_roles.yml
#浏览器访问
roles安装lnmp
nginx
编辑变量文件
vim /etc/ansible/roles/nginx/vars/main.yml
---
port: 8888 #端口随意
编写nginx配置文件模板
vim /etc/ansible/roles/nginx/templates/nginx.conf
....
36 listen {{ port }};
....
#或者直接复制下面的
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen {{ port }};
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
编写tasks
vim /etc/ansible/roles/nginx/tasks/user.yaml
- name: 创建用户
user: name=nginx system=yes shell=/sbin/nologin
vim /etc/ansible/roles/nginx/tasks/group.yaml
- name: 创建组
group: name=nginx system=yes
vim /etc/ansible/roles/nginx/tasks/yilai.yaml
- name: 安装依赖
yum: name=pcre-devel,zlib-devel state=installed
vim /etc/ansible/roles/nginx/tasks/jiebao.yaml
- name: 解包
unarchive: src=nginx-1.23.3.tar.gz dest=/usr/src/
vim /etc/ansible/roles/nginx/tasks/install.yaml
- name: 配置
command: ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx
args:
chdir: /usr/src/nginx-1.23.3
- name: 编译安装
shell: make && make install
args:
chdir: /usr/src/nginx-1.23.3
vim /etc/ansible/roles/nginx/tasks/start.yaml
- name: 启动nginx
shell: /usr/local/nginx/sbin/nginx
vim /etc/ansible/roles/nginx/tasks/quanxian.yaml
- name: 修改权限
file: path=/usr/local/nginx owner=nginx group=nginx
vim /etc/ansible/roles/nginx/tasks/file.yaml
- name: 复制nginx模板及配置触发器
template: src=nginx.conf dest=/usr/local/nginx/conf/nginx.conf backup=yes
notify:
- restart nginx
配置触发器动作
vim /etc/ansible/roles/nginx/handlers/main.yml
---
- name: restart nginx
shell: killall -9 nginx
shell: /usr/local/nginx/sbin/nginx
vim /etc/ansible/roles/nginx_roles.yml
---
- hosts: web
remote_user: root
roles:
- role: nginx
将nginx包放到/etc/ansible/roles/nginx/files目录下
#执行
ansible-playbook nginx_roles.yml