一、ansible roles 简介
- ansible roles是为了层次化,结构化的组织Playbook
- roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中,并可以便捷的include它们。
- roles一般用于基于主机构建服务的场景中,在企业复杂业务中应用的频率很高
- 以特定的层级目录结构进行组织的tasks、variables、handlers、templates、files等;相当于函数的调用把各个功能切割成片段来执行
二、roles实例
2.1 安装appache
[ansible@node1 ~]$ mkdir roles
[ansible@node1 ~]$ cd roles/
[ansible@node1 roles]$ ansible-galaxy init apache #创建角色
- Role apache was created successfully
[ansible@node1 roles]$ ls
apache
[ansible@node1 roles]$ ansible-galaxy list #查看一下有几个角色
# /home/ansible/roles
- apache, (unknown version)
[ansible@node1 roles]$ cd apache/
[ansible@node1 apache]$ ls
defaults files handlers meta README.md tasks templates tests vars
下面对role里的apache进行编辑:
(1)编写tasks/main.yml
[ansible@node1 apache]$ cd tasks/ #进入task
[ansible@node1 tasks]$ /vi main.yml
---
- name: install apache
yum:
name: '{{ web }}'
state: present
- name: configure
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
mode: 644
notify: restart apache
- name: start apache
service:
name: httpd
state: started
- name: create index.html
copy:
content: "{{ ansible_facts['hostname'] }}"
dest: /var/www/html/index.html
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
- name: custom firewalld
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
(2)编写handlers/main.yml
- name: restart apache
service:
name: httpd
state: restarted
(3)编写vars/main.yml
web: httpd
http_port: 80
(4)编写templates
[ansible@node1 templates]$ ls
[ansible@node1 templates]$ cp ~/httpd.conf.j2 .
[ansible@node1 templates]$ ls
httpd.conf.j2
[ansible@node1 apache]$ cat templates/httpd.conf.j2
(5)编写playbook文件apache.yml
---
- hosts: webserver
roles:
- role: apache
运行:
因为在~/host_vars/里node2和node4有加密文件vault,所以执行的时候命令后面得加–ask-vault-pass ,根据提示输入密码,或者将这2个加密文件删除。
[ansible@node1 ~]$ rm -rf host_vars/node2/vault
[ansible@node1 ~]$ rm -rf host_vars/node4/vault
再次执行:
2.2 haproxy
创建角色:[ansible@node1 roles]$ ansible-galaxy init haproxy
[ansible@node1 roles]$ cd haproxy/
[ansible@node1 haproxy]$ ls
defaults files handlers meta README.md tasks templates tests vars
[ansible@node1 haproxy]$ \vi tasks/main.yml
[ansible@node1 haproxy]$ cd templates/
[ansible@node1 templates]$ ls
[ansible@node1 templates]$ cp ~/haproxy.cfg.j2 .
[ansible@node1 templates]$ ls
haproxy.cfg.j2
[ansible@node1 templates]$ \vi ../handlers/main.yml
(1)tasks/main.yml
---
- name: install haproxy
yum:
name: haproxy
state: present
- name: config haproxy
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
notify: restart haproxy
- name: start haproxy
service:
name: haproxy
state: started
enabled: yes
(2)template
[ansible@node1 templates]$ vim /etc/haproxy/haproxy.cfg #部分配置文件
(3)handlers/main.yml
---
- name: restart haproxy
service:
name: haproxy
state: restarted
(4)查看一下hosts文件
(5)编写apache.yml文件
---
- hosts: all
roles:
- role: apache
when: ansible_hostname in groups['webserver']
- role: haproxy
when: ansible_hostname == 'node1'
执行:
三、ansible部署zabbix
1.初始化roles
[ansible@node1 roles]$ ansible-galaxy init zabbix-server
2.zabbix.yml
---
- hosts: node2
roles:
- role: zabbix-server #第二个执行的任务
pre_tasks: #首先执行,第一个执行的任务
- name: install mariadb-server #1.1安装数据库
yum:
name: mariadb-server
state: present
- name: config mysql-server #1.2配置数据库
lineinfile:
path: /etc/my.cnf.d/server.cnf
insertafter: '^\[mysqld\]'
line: character-set-server=utf8
notify: restart mysql-server
- name: start mysql-server #1.3启动数据库
service:
name: mariadb
state: started
post_tasks: #第三个执行的任务
- name: install zabbix front #3.1安装前端
yum:
name:
- zabbix-web-mysql
- httpd
state: present
- name: config zabbix front #3.2配置前端
lineinfile:
path: /etc/httpd/conf.d/zabbix.conf
insertafter: '# php_value'
line: 'php_value date.timezone Asia/Shanghai'
notify: restart httpd
- name: start httpd #3.3启动前端
service:
name: httpd
state: started
handlers: #触发器
- name: restart httpd
service:
name: httpd
state: restarted
- name: restart mysql-server
service:
name: mariadb
state: restarted
3.roles编写:
自制yum源的包:解决安装zabbix-web和zabbix-server的一些依赖性
3.1 task
---
- name: zabbix yum repo #yum源的指定
yum_repository:
name: 4.4
description: 4.4
baseurl: http://172.25.7.130/4.4
gpgcheck: no
- name: install zabbix-server zabbix-agent #安装zabbix-server zabbix-agent
yum:
name:
- zabbix-server
- zabbix-agent
- name: create zabbix database #创建数据库
mysql_db:
name: zabbix
state: present
notify: init zabbix db
- name: create zabbix user #创建用户
mysql_user:
name: zabbix
host: localhost
password: "{{ dbpasswd }}" #密码使用变量
priv: 'zabbix.*:ALL'
state: present
- name: config zabbix-server #配置zabbix-server
template:
src: zabbix_server.conf.j2
dest: /etc/zabbix/zabbix_server.conf
notify: restart zabbix-server
- name: start zabbix-server zabbix-agent #开启zabbix-server zabbix-agent服务
service:
name: '{{ item }}'
state: started
loop:
- zabbix-server
- zabbix-agent
3.2 template
[ansible@node1 zabbix-server]$ cd templates/
[ansible@node1 templates]$ ls
zabbix_server.conf.j2
模版从node2主机(可以先执行安装zabbix-server,)从node2上将zabbix_server.conf复制到node1的roles/template里
3.3 vars/main.yml变量
---
dbpasswd: westos
3.4 触发器handlers/main.yml
- name: init zabbix db
mysql_db:
name: zabbix
state: import
target: /usr/share/doc/zabbix-server-mysql-4.0.18/create.sql.gz
- name: restart zabbix-server
service:
name: zabbix-server
state: restarted
执行:
[ansible@node1 ~]$ ansible-playbook zabbix.yml
浏览器中输入:172.25.7.132/zabbix