什么是role
主要作用是重用playbook。
例如我们无论安装什么软件都会安装时间同步服务,那么每个playbook都要编写ntp task。我们可以将ntp task写好,等到用的时候再调用就行了。ansible中将其组织成role,他有着固定的组织格式。以便playbook调用
role的目录结构
- tasks目录:角色需要执行的主任务文件放置在此目录中,默认的主任务文件名为main.yml,当调用角色时,默认会执行main.yml文件中的任务,你也可以将其他需要执行的任务文件通过include的方式包含在tasks/main.yml文件中。
- handlers目录:当角色需要调用handlers时,默认会在此目录中的main.yml文件中查找对应的handler
- defaults目录:角色会使用到的变量可以写入到此目录中的main.yml文件中,通常,defaults/main.yml文件中的变量都用于设置默认值,以便在你没有设置对应变量值时,变量有默认的值可以使用,定义在defaults/main.yml文件中的变量的优先级是最低的。
- vars目录:角色会使用到的变量可以写入到此目录中的main.yml文件中,看到这里你肯定会有疑问,vars/main.yml文件和defaults/main.yml文件的区别在哪里呢?区别就是,defaults/main.yml文件中的变量的优先级是最低的,而vars/main.yml文件中的变量的优先级非常高,如果你只是想提供一个默认的配置,那么你可以把对应的变量定义在defaults/main.yml中,如果你想要确保别人在调用角色时,使用的值就是你指定的值,则可以将变量定义在vars/main.yml中,因为定义在vars/main.yml文件中的变量的优先级非常高,所以其值比较难以覆盖。
- meta目录:如果你想要赋予这个角色一些元数据,则可以将元数据写入到meta/main.yml文件中,这些元数据用于描述角色的相关属性,比如
作者信息、角色主要作用等等,你也可以在meta/main.yml文件中定义这个角色依赖于哪些其他角色,或者改变角色的默认调用设定,在之后会有一些实际的示例,此处不用纠结。 - templates目录:角色相关的模板文件可以放置在此目录中,当使用角色相关的模板时,如果没有指定路径,会默认从此目录中查找对应名称的模板文件。
- files目录:角色可能会用到的一些其他文件可以放置在此目录中,比如,当你定义nginx角色时,需要配置https,那么相关的证书文件即可放置在此目录中
示例:
[student@workstation roles]$ tree rhel-system-roles.timesync/
rhel-system-roles.timesync/
├── COPYING
├── defaults
│?? └── main.yml
├── handlers
│?? └── main.yml
├── library
│?? └── timesync_provider.sh
├── meta
│?? └── main.yml
├── README.html
├── README.md
├── semaphore
├── tasks
│?? └── main.yml
├── templates
│?? ├── chrony.conf.j2
│?? ├── chronyd.sysconfig.j2
│?? ├── ntp.conf.j2
│?? ├── ntpd.sysconfig.j2
│?? ├── phc2sys.sysconfig.j2
│?? ├── ptp4l.conf.j2
│?? ├── ptp4l.sysconfig.j2
│?? └── timemaster.conf.j2
├── tests
│?? ├── roles
│?? │?? └── timesync -> ../..
│?? ├── tests_default.yml
│?? ├── tests_ntp_provider1.yml
│?? ├── tests_ntp_provider2.yml
│?? ├── tests_ntp_provider3.yml
│?? ├── tests_ntp_provider4.yml
│?? ├── tests_ntp_provider5.yml
│?? ├── tests_ntp_ptp.yml
│?? ├── tests_ntp.yml
│?? ├── tests_ptp_multi.yml
│?? └── tests_ptp_single.yml
└── vars
└── main.yml
role存放的路径
在ansible的配置文件中:ansible.cfg
roles_path=./roles:/usr/share/ansible/roles:/etc/ansible/roles
查看有哪些role
ansible-galaxy list会查看三个地方的role文件:
- ./roles
- /usr/share/ansible/role
- /etc/ansible/roles
其实也就是ansible.cfg定义的路径
[student@workstation role-system]$ ansible-galaxy list
# /home/student/role-system/roles
# /usr/share/ansible/roles
- linux-system-roles.kdump, (unknown version)
- linux-system-roles.network, (unknown version)
- linux-system-roles.postfix, (unknown version)
- linux-system-roles.selinux, (unknown version)
- linux-system-roles.timesync, (unknown version)
- rhel-system-roles.kdump, (unknown version)
- rhel-system-roles.network, (unknown version)
- rhel-system-roles.postfix, (unknown version)
- rhel-system-roles.selinux, (unknown version)
- rhel-system-roles.timesync, (unknown version)
# /etc/ansible/roles
如何在playbook中调用role
第一种:
- hosts: HOSTS
remote_user: root
roles:
- ROLE_NAME1
- ROLE_NAME2
第二种:除了字典第一个元素指明调用的role,后面是传递给role的变量
- hosts: HOSTS
remote_user: root
roles:
- { role: ROLE_NAME1, VARIABLE1: VALUE1, ...}
第三种:when指明role调用的条件
- hosts: HOSTS
remote_user: root
roles:
- { role: ROLE_NAME1, when: CONDITIONS}
role初级实验
要实现的目标:自己写一个简单的testroles,创建tasks、handlers、vars目录,进行测试。
1、创建目录结构
[student@workstation roles]$ pwd
/home/student/wangxc/roles
[student@workstation roles]$ ll
total 12
-rw-r--r--. 1 student student 201 Mar 31 19:04 ansible.cfg
-rw-r--r--. 1 student student 71 Mar 31 18:29 inventory
drwxrwxr-x. 5 student student 47 Mar 31 18:59 testroles
-rw-rw-r--. 1 student student 68 Mar 31 19:01 test.yml
2、定义ansible.cfg中的role路径,指定为当前目录的上级目录。因为testrolesde 目录结构是在这个文件夹下创建的。
[student@workstation roles]$ cat ansible.cfg
[defaults]
inventory=inventory
remote_user=devops
roles_path=./:/usr/share/ansible/roles:/etc/ansible/roles
3、查看系统中的role
发现并没有查到。我认为,这个list命令智能列出通过galaxy安装或初始化的role,不能列出自定义role。搞了半天,应该是这个原因。 关于galaxy命令,明天再研究吧!
[student@workstation roles]$ ansible-galaxy list
# /home/student/wangxc/roles
# /usr/share/ansible/roles
- linux-system-roles.kdump, (unknown version)
- linux-system-roles.network, (unknown version)
- linux-system-roles.postfix, (unknown version)
- linux-system-roles.selinux, (unknown version)
- linux-system-roles.timesync, (unknown version)
- rhel-system-roles.kdump, (unknown version)
- rhel-system-roles.network, (unknown version)
- rhel-system-roles.postfix, (unknown version)
- rhel-system-roles.selinux, (unknown version)
- rhel-system-roles.timesync, (unknown version)
# /etc/ansible/roles
4、分别编辑tasks handlers vars 文件
[student@workstation testroles]$ cat handlers/main.yml
---
- name: test handlers
debug:
msg: this is handlers test
[student@workstation testroles]$ cat tasks/main.yml
---
- debug:
msg: " hello {{ username }}"
- debug:
var: username
- command: ls
notify: test handlers
[student@workstation testroles]$ cat vars/main.yml
username: wangxc
5、编写测试文件
[student@workstation roles]$ cat test.yml
---
- name: test role
hosts:
- web
roles:
- testroles
6、执行测试
[student@workstation roles]$ ansible-playbook test.yml
PLAY [test role] *********************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************
ok: [servera.lab.example.com]
ok: [serverb.lab.example.com]
TASK [testroles : debug] *************************************************************************************************************
ok: [servera.lab.example.com] => {
"msg": " hello wangxc"
}
ok: [serverb.lab.example.com] => {
"msg": " hello wangxc"
}
TASK [testroles : debug] *************************************************************************************************************
ok: [servera.lab.example.com] => {
"username": "wangxc"
}
ok: [serverb.lab.example.com] => {
"username": "wangxc"
}
TASK [testroles : command] ***********************************************************************************************************
changed: [servera.lab.example.com]
changed: [serverb.lab.example.com]
RUNNING HANDLER [testroles : test handlers] ******************************************************************************************
ok: [servera.lab.example.com] => {
"msg": "this is handlers test"
}
ok: [serverb.lab.example.com] => {
"msg": "this is handlers test"
}
PLAY RECAP ***************************************************************************************************************************
servera.lab.example.com : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
serverb.lab.example.com : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
实验演示——配置服务器时间
1、使用命令查看当前配置的所有role
[student@workstation role-system]$ ansible-galaxy list
# /home/student/role-system/roles
# /usr/share/ansible/roles
- linux-system-roles.kdump, (unknown version)
- linux-system-roles.network, (unknown version)
- linux-system-roles.postfix, (unknown version)
- linux-system-roles.selinux, (unknown version)
- linux-system-roles.timesync, (unknown version)
- rhel-system-roles.kdump, (unknown version)
- rhel-system-roles.network, (unknown version)
- rhel-system-roles.postfix, (unknown version)
- rhel-system-roles.selinux, (unknown version)
- rhel-system-roles.timesync, (unknown version)
# /etc/ansible/roles
2、查看timesync的用法
[student@workstation rhel-system-roles.timesync]$ tree
.
├── COPYING
├── defaults
│ └── main.yml
├── handlers
│ └── main.yml
├── library
│ └── timesync_provider.sh
├── meta
│ └── main.yml
├── README.html
├── README.md
├── semaphore
├── tasks
│ └── main.yml
├── templates
│ ├── chrony.conf.j2
│ ├── chronyd.sysconfig.j2
│ ├── ntp.conf.j2
│ ├── ntpd.sysconfig.j2
│ ├── phc2sys.sysconfig.j2
│ ├── ptp4l.conf.j2
│ ├── ptp4l.sysconfig.j2
│ └── timemaster.conf.j2
├── tests
│ ├── roles
│ │ └── timesync -> ../..
│ ├── tests_default.yml
│ ├── tests_ntp_provider1.yml
│ ├── tests_ntp_provider2.yml
│ ├── tests_ntp_provider3.yml
│ ├── tests_ntp_provider4.yml
│ ├── tests_ntp_provider5.yml
│ ├── tests_ntp_ptp.yml
│ ├── tests_ntp.yml
│ ├── tests_ptp_multi.yml
│ └── tests_ptp_single.yml
└── vars
└── main.yml
#查看使用说明
# List of NTP servers
timesync_ntp_servers:
- hostname: foo.example.com # Hostname or address of the server
minpoll: 4 # Minimum polling interval (default 6)
maxpoll: 8 # Maximum polling interval (default 10)
iburst: yes # Flag enabling fast initial synchronization
# (default no)
pool: no # Flag indicating that each resolved address
# of the hostname is a separate NTP server
# (default no)
# Name of the package which should be installed and configured for NTP.
# Possible values are "chrony" and "ntp". If not defined, the currently active
# or enabled service will be configured. If no service is active or enabled, a
# package specific to the system and its version will be selected.
timesync_ntp_provider: chrony
3、编写yml文件,配置role
[student@workstation role-system]$ cat config_time.yml
---
- name: time sync
hosts: database_servers
roles:
- rhel-system-roles.timesync
4、编写yml文件,配置timesync的组变量
[student@workstation role-system]$ cat group_vars/all/timesync.yml
---
timesync_ntp_providee: chrony
timesync_ntp_servers:
- hostname: workstation.example.com
iburst: yes
5、在完成时间同步服务器配置之后,需要设置时区。继续在主playbook中添加对时区设置的tasks,并重启crond服务
[student@workstation role-system]$ cat config_time.yml
---
- name: time sync
hosts: database_servers
roles:
- rhel-system-roles.timesync
post_tasks:
- name: Set timezone to Asia/Tokyo
timezone:
name: "{{ hosts_timezone }}"
notify: restart crond
handlers:
- name: restart crond
service:
name: crond
state: restarted
6、配置变量文件,为每个主机组设置不同的时区变量
[student@workstation role-system]$ cat group_vars/europe_datacenter/tim.yml
hosts_timezone: Asia/Shanghai
[student@workstation role-system]$ cat group_vars/na_datacenter/timezone.yml
hosts_timezone: America/Chicago
7、执行主playbook
[DEPRECATION WARNING]: Using tests as filters is deprecated. Instead of using `result|version_compare` use `result is
version_compare`. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
[DEPRECATION WARNING]: Using tests as filters is deprecated. Instead of using `result|version_compare` use `result is
version_compare`. This feature will be removed in version 2.9. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
changed: [serverb.lab.example.com]
changed: [servera.lab.example.com]
TASK [rhel-system-roles.timesync : Generate chronyd sysconfig file] ******************************************************************
changed: [servera.lab.example.com]
changed: [serverb.lab.example.com]
…………………………
TASK [rhel-system-roles.timesync : Update network sysconfig file] ********************************************************************
changed: [serverb.lab.example.com]
changed: [servera.lab.example.com]
…………………………
RUNNING HANDLER [rhel-system-roles.timesync : restart chronyd] ***********************************************************************
changed: [serverb.lab.example.com]
changed: [servera.lab.example.com]
TASK [Set timezone to Asia/Tokyo] ****************************************************************************************************
changed: [serverb.lab.example.com]
changed: [servera.lab.example.com]
RUNNING HANDLER [restart crond] ******************************************************************************************************
changed: [serverb.lab.example.com]
changed: [servera.lab.example.com]
PLAY RECAP ***************************************************************************************************************************
servera.lab.example.com : ok=19 changed=6 unreachable=0 failed=0 skipped=18 rescued=0 ignored=6
serverb.lab.example.com : ok=19 changed=6 unreachable=0 failed=0 skipped=18 rescued=0 ignored=6
8、到被管理主机中查看服务器时间
[student@workstation role-system]$ ansible database_servers -a 'date'
serverb.lab.example.com | CHANGED | rc=0 >>
Thu Apr 1 13:24:24 CST 2021
servera.lab.example.com | CHANGED | rc=0 >>
Thu Apr 1 00:24:24 CDT 2021