ansible学习笔记三:roles
继续接上一章,上一章记录了ansible-playbook的一些使用方法,这里继续写联合使用的,这里就用到的roles。
环境:
因为自己笔记本性能问题,这里只用两台虚拟机做测试:
服务器名 | IP |
---|---|
ansible-server | 192.168.31.53 |
ansible-client | 192.168.31.167 |
测试roles
因为之前已经写了基本的了,这里主要是测试为主。
测试1,基本使用:
通过检测要执行主机的CPU核数,设置nginx启动的worker进程数(CPU核数+2),创建用户组及用户nginx指定uid和gid为80,通过yum安装nginx服务,拷贝配置文件nginx.conf.j2到/etc/nginx/nginx.conf,启动服务,并设为开机自启。
1.1 结构
[root@ansible ansible_test2]# tree roles/nginx/
roles/nginx/
├── tasks
│ ├── group.yml
│ ├── main.yml
│ ├── restart.yml
│ ├── start.yml
│ ├── templ.yml
│ ├── user.yml
│ └── yum.yml
└── templates
└── nginx.conf.j2
1.2 role内各文件内容
[root@ansible ansible_test2]# cat roles/nginx/tasks/main.yml
- include: group.yml
- include: user.yml
- include: yum.yml
- include: templ.yml
- include: start.yml
[root@ansible ansible_test2]# cat roles/nginx/tasks/group.yml
- name: create group
group: name=nginx gid=80
[root@ansible ansible_test2]# cat roles/nginx/tasks/user.yml
- name: create user
user: name=nginx uid=80
[root@ansible ansible_test2]# cat roles/nginx/tasks/yum.yml
- name: install package
yum: name=nginx
[root@ansible ansible_test2]# cat roles/nginx/tasks/templ.yml
- name: copy conf
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
[root@ansible ansible_test2]# cat roles/nginx/tasks/start.yml
- name: start service
service: name=nginx state=started enabled=yes
[root@ansible ansible_test2]# cat nginx_role.yml
---
- hosts: web
remote_user: root
roles:
- role: nginx
1.3 模板文件改动
这里使用的是nginx的配置文件
[root@ansible ~]# egrep ‘{{’ /root/ansible_test2/roles/nginx/templates/nginx.conf.j2
worker_processes {{ ansible_processor_vcpus+2 }};
1.4 执行剧本
[root@ansible ansible_test2]# ansible-playbook nginx_role.yml
PLAY [web] *****************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [192.168.31.167]
TASK [nginx : create group] *************************************************************************************************************************************************************************************
changed: [192.168.31.167]
TASK [nginx : create user] **************************************************************************************************************************************************************************************
changed: [192.168.31.167]
TASK [nginx : install package] **********************************************************************************************************************************************************************************
changed: [192.168.31.167]
TASK [nginx : copy conf] ****************************************************************************************************************************************************************************************
changed: [192.168.31.167]
TASK [nginx : start service] ************************************************************************************************************************************************************************************
changed: [192.168.31.167]
PLAY RECAP ******************************************************************************************************************************************************************************************************
192.168.31.167 : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.5 检查
[root@ansible ~]# ansible web -m shell -a ‘rpm -q nginx ; ls -l /etc/nginx/nginx.conf ; ss -tnl| grep 80;ps aux | grep nginx | grep worker’
192.168.31.167 | CHANGED | rc=0 >>
nginx-1.16.1-1.el7.x86_64
-rw-r–r-- 1 root root 2468 Feb 10 20:02 /etc/nginx/nginx.conf
LISTEN 0 128 :80 :
LISTEN 0 128 :::80 :::
nginx 2086 0.0 0.0 121236 3512 ? S 13:53 0:00 nginx: worker process
nginx 2087 0.0 0.0 121236 3512 ? S 13:53 0:00 nginx: worker process
nginx 2088 0.0 0.0 121236 3512 ? S 13:53 0:00 nginx: worker process
nginx 2089 0.0 0.0 121236 3512 ? S 13:53 0:00 nginx: worker process
nginx 2090 0.0 0.0 121236 3512 ? S 13:53 0:00 nginx: worker process
nginx 2091 0.0 0.0 121236 3512 ? S 13:53 0:00 nginx: worker process
测试2:
2.1 结构
[root@ansible httpd]# tree
.
├── files
│ └── httpd.conf
├── tasks
│ ├── copy.yml
│ ├── main.yml
│ └── user.yml
└── templates
2.2 各文件内容
[root@ansible ansible_test2]# cat roles/httpd/tasks/main.yml
- include: user.yml
- include: copy.yml
[root@ansible ansible_test2]# cat roles/httpd/tasks/user.yml
- name: create user
user: name=apache system=yes shell=/sbin/nologin
[root@ansible ansible_test2]# cat roles/httpd/tasks/copy.yml
- name: copy files
copy: src=/root/ansible_test2/roles/httpd/files/httpd.conf dest=/root/ owner=apache
[root@ansible ansible_test2]# cat httpd_role.yml
- hosts: web
remote_user: root
roles:
- httpd
2.3 执行
[root@ansible ansible_test2]# ansible-playbook httpd_role.yml
PLAY [web] ****************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************
ok: [192.168.31.167]
TASK [httpd : create user] ************************************************************************************************************
changed: [192.168.31.167]
TASK [httpd : copy files] *************************************************************************************************************
changed: [192.168.31.167]
PLAY RECAP ****************************************************************************************************************************
192.168.31.167 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2.4 检查
[root@ansible ansible_test2]# ansible web -m shell -a ‘getent passwd apache; ls /root/httpd.conf’
192.168.31.167 | CHANGED | rc=0 >>
apache❌985:979::/home/apache:/sbin/nologin
/root/httpd.conf
3. 多个角色一起使用的话:
[root@ansible ansible_test2]# cat some_role.yml
---
- hosts: all
remote_user: root
roles:
- { role: httpd, tags: [ 'web','httpd' ]}
- { role: nginx, tags: [ 'web','nginx' ], when ansible_distribution_major_version == "7" }
- { role: app, tags: "app" }
指定只运行web的:
[root@ansible ansible_test2]# ansible-playbook -t web some_role.yml
PLAY [web] ******************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [192.168.31.167]
TASK [httpd : create user] **************************************************************************************************************************************************************************************
ok: [192.168.31.167]
TASK [httpd : copy files] ***************************************************************************************************************************************************************************************
ok: [192.168.31.167]
TASK [nginx : create group] *************************************************************************************************************************************************************************************
ok: [192.168.31.167]
TASK [nginx : create user] **************************************************************************************************************************************************************************************
ok: [192.168.31.167]
TASK [nginx : install package] **********************************************************************************************************************************************************************************
ok: [192.168.31.167]
TASK [nginx : copy conf] ****************************************************************************************************************************************************************************************
ok: [192.168.31.167]
TASK [nginx : start service] ************************************************************************************************************************************************************************************
ok: [192.168.31.167]
PLAY RECAP ******************************************************************************************************************************************************************************************************
192.168.31.167 : ok=8 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
当前目录结构
[root@ansible ansible_test2]# tree
.
├── httpd_role.yml
├── nginx_role.yml
├── roles
│ ├── httpd
│ │ ├── files
│ │ │ └── httpd.conf
│ │ ├── tasks
│ │ │ ├── copy.yml
│ │ │ ├── main.yml
│ │ │ └── user.yml
│ │ └── templates
│ ├── memcache
│ ├── mysql
│ └── nginx
│ ├── tasks
│ │ ├── group.yml
│ │ ├── main.yml
│ │ ├── restart.yml
│ │ ├── start.yml
│ │ ├── templ.yml
│ │ ├── user.yml
│ │ └── yum.yml
│ └── templates
│ └── nginx.conf.j2
└── some_role.yml
对于跨项目去引用别的项目的tasks内动作的情况:
比如nginx项目内引用httpd内的copy.yml 可以在main.yml内include后加 roles/httpd/tasks/copy.yml 直接引用
4.测试个比较完整的项目
4.1 结构
[root@ansible roles]# tree
.
├── app
│ ├── files
│ │ └── vhosts.conf
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ ├── copyfile.yml
│ │ ├── group.yml
│ │ ├── main.yml
│ │ ├── start.yml
│ │ ├── templ.yml
│ │ ├── user.yml
│ │ └── yum.yml
│ ├── templates
│ │ └── httpd.conf.j2
│ └── vars
│ └── main.yml
4.2 各文件内容
[root@ansible app]# cat tasks/main.yml
- include: group.yml
- include: user.yml
- include: yum.yml
- include: templ.yml
- include: copyfile.yml
- include: start.yml
[root@ansible app]# cat tasks/group.yml
- name: create group
group: name=app system=yes gid=123
[root@ansible app]# cat tasks/user.yml
- name: create user
user: name=app group=app system=yes shell=/sbin/nologin uid=123
[root@ansible app]# cat tasks/yum.yml
- name: install package
yum: name=httpd
[root@ansible app]# cat tasks/templ.yml
- name: copy conf
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.con
notify: restart service
[root@ansible app]# cat tasks/copyfile.yml
- name: copy conf
copy: src=vhosts.conf dest=/etc/httpd/conf.d/ owner=app
[root@ansible app]# cat tasks/start.yml
- name: start service
service: name=httpd state=started enabled=yes
[root@ansible app]# cat handlers/main.yml
- name: restart service
service: name=httpd state=restarted
[root@ansible app]# cat vars/main.yml
username : app
groupname: app
4.3 模板文件内的变量
[root@ansible app]# egrep ‘{{’ templates/httpd.conf.j2
Listen {{ ansible_processor_vcpus*10 }}
User {{ username }}
Group {{ groupname }}
4.4 handlers内的条件
[root@ansible app]# cat handlers/main.yml
- name: restart service
service: name=httpd state=restarted
4.5 剧本内容及执行后的检查
[root@ansible ansible_test2]# cat app_role.yml
- hosts: web
remote_user: root
roles:
- app
[root@ansible ansible_test2]# ansible-playbook app_role.yml
PLAY [web] ****************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************
ok: [192.168.31.167]
TASK [app : create group] *************************************************************************************************************
changed: [192.168.31.167]
TASK [app : create user] **************************************************************************************************************
changed: [192.168.31.167]
TASK [app : install package] **********************************************************************************************************
changed: [192.168.31.167]
TASK [app : copy conf] ****************************************************************************************************************
changed: [192.168.31.167]
TASK [app : copy conf] ****************************************************************************************************************
changed: [192.168.31.167]
TASK [app : start service] ************************************************************************************************************
changed: [192.168.31.167]
RUNNING HANDLER [app : restart service] ***********************************************************************************************
changed: [192.168.31.167]
PLAY RECAP ****************************************************************************************************************************
192.168.31.167 : ok=8 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@ansible ansible_test2]# ansible web -m shell -a ‘getent passwd app ;getent group app; rpm -q httpd; ss -ntlp| grep httpd; ps -ef | grep httpd’
192.168.31.167 | CHANGED | rc=0 >>
app❌123:123::/home/app:/sbin/nologin
app❌123:
httpd-2.4.6-90.el7.centos.x86_64
LISTEN 0 128 :::80 ::😗 users:((“httpd”,pid=9265,fd=4),(“httpd”,pid=9264,fd=4),(“httpd”,pid=9263,fd=4),(“httpd”,pid=9262,fd=4),(“httpd”,pid=9261,fd=4),(“httpd”,pid=9260,fd=4))
root 9260 1 0 15:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 9261 9260 0 15:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 9262 9260 0 15:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 9263 9260 0 15:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 9264 9260 0 15:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 9265 9260 0 15:00 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
root 9575 9570 0 15:02 pts/1 00:00:00 /bin/sh -c getent passwd app ;getent group app; rpm -q httpd; ss -ntlp| grep httpd; ps -ef | grep httpd
root 9582 9575 0 15:02 pts/1 00:00:00 grep httpd
5. 小测试
安装memcached服务,实现自动设置cachesize的大小
5.1 结构
[root@ansible ansible_test2]# cd roles/memcached/
[root@ansible memcached]# tree
.
├── tasks
│ ├── main.yml
│ ├── start.yml
│ ├── templ.yml
│ └── yum.yml
└── templates
└── memcached.j2
5.2 各文件内容
[root@ansible memcached]# cat tasks/main.yml
- include: yum.yml
- include: templ.yml
- include: start.yml
[root@ansible memcached]# cat tasks/templ.yml
- name: copy conf
template: src=memcached.j2 dest=/etc/sysconfig/memcached
[root@ansible memcached]# cat tasks/start.yml
- name: start service
service: name=memcached state=started enabled=yes
[root@ansible memcached]# cat templates/memcached.j2
PORT=“11211”
USER=“memcached”
MAXCONN=“1024”
CACHESIZE="{{ ansible_memtotal_mb//4 }} "
OPTIONS=""
[root@ansible ansible_test2]# cat memcached_role.yml
- hosts: web
remote_user: root
roles:
- memcached
5.3 运行及检查
[root@ansible ansible_test2]# ansible-playbook memcached_role.yml
PLAY [web] ******************************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [192.168.31.167]
TASK [memcached : install package] ******************************************************************************************************************************************************************************
changed: [192.168.31.167]
TASK [memcached : copy conf] ************************************************************************************************************************************************************************************
changed: [192.168.31.167]
TASK [memcached : start service] ********************************************************************************************************************************************************************************
changed: [192.168.31.167]
PLAY RECAP ******************************************************************************************************************************************************************************************************
192.168.31.167 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@ansible ansible_test2]# ansible web -m shell -a ‘rpm -q memcached ; ss -ntlp | grep 11211 ; cat /etc/sysconfig/memcached’
192.168.31.167 | CHANGED | rc=0 >>
memcached-1.4.15-10.el7_3.1.x86_64
LISTEN 0 128 :11211 : users:((“memcached”,pid=11660,fd=26))
LISTEN 0 128 :::11211 ::: users:((“memcached”,pid=11660,fd=27))
PORT=“11211”
USER=“memcached”
MAXCONN=“1024”
CACHESIZE=“943 "
OPTIONS=”"