1. Ansible Roles基本概述
1.前面已经学过tasks和handler,那怎样组织playbook才是最好的方式呢?简单的回答就是:使用Roles
2.Roles基于一个“已知的文件结构”,去自动的加载某些vars,tasks以及handler。以便于playbook更好的调用。roles相比playbook的结构更加的清晰有层次。但roles显然要比playbook准备文件更加的复杂
3.例如:我们无论安装什么软件都会安装时间同步服务,那么每个playbook都要编写时间同步服务的task。那我们的roles可以将时间同步服务task任务编写好,等到需要使用的时候调用就行了。
4. Ansible注意事项: 在编写roles的时候,最好能够将一个tasks拆分为一个文件,方便后续复用(彻底的打散)
2. Ansible Roles目录结构
roles官方目录结构,必须按照如下的定义。在每个目录中必须有main.yml文件,这些属于强制要求
[root@ansible ~]# cd /etc/ansible/roles
[root@ansible ~]# mkdir -p {nfs,rsync,web}/{vars,tasjs,templates,files,meta}
[root@ansible ~]# tree
.
|——nfs 角色名称
| |——files 存放文件
| |——handlers 触发任务
| |——tasks 具体任务
| |——templates 模板文件
| |——vars 定义变量
| |——meta 依赖关系
3.Ansible Roles依赖关系
roles 允许在使用时自动引入其他role。role依赖关系存储在meta/main.yml文件中。
例如: 安装wordpree需要先确保nginx与php都能正常允许,此时可以在wordpress的role中定义,依赖nginx与php-fpm
wordpress依赖nginx与php-fpm的role
[root@ansible ~]# cat /root/roles/wordpress/meta/main.yml
---
dependencies:
- { role: nginx}
- { role: php-fpm}
4.Ansible Roles案例实战
4.1 NFS
①创建目录结构
我们创建目录结构有两种方式,一种是使用ansible命令创建出默认的目录结构,一种是我们自身根据需求创建出我们需要的目录结构
1>galaxy
[root@ansible ~]# ansible-galaxy init nfs
- Role nfs was created successfully
[root@ansible ~]# tree nfs
nfs
|-- defaults
| `-- main.yml
|-- files
|-- handlers
| `-- main.yml
|-- meta
| `-- main.yml
|-- README.md
|-- tasks
| `-- main.yml
|-- templates
|-- tests
| |-- inventory
| `-- test.yml
`-- vars
`-- main.yml
8 directories, 8 files
2>自定义(这个文档我们使用这种方式)
[root@ansible ~]# mkdir roles;cd roles
[root@ansible roles]# mkdir -p nfs-server/{tasks,handler,templates,files}
自己定义的名字/ 固定的名字
②准备hosts与ansible.cfg文件
[root@ansible roles]# ls
ansible.cfg hosts nfs-server
③ 在roles目录下编辑一个top.yml文件 调用角色()
[root@ansible roles]# cat top.yml
- hosts: nfsservers
roles:
- role: nfs-server
开始拆分原先playbook书写的方式
拆分成三部分
1.tasks(具体的任务)
2.handlers
3.template(配置文件)
[root@ansible roles]# cd nfs-server/
[root@ansible nfs-server]# ls
handlers tasks templates
④编写具体任务 (/nfs-server/tasks/main.yml)
- name: install nfs server
yum:
name: nfs-utils
state: present
- name: configure nfs file
template:
src: exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
notify: systemctl restarted nfs
- name: create www group
group:
name: www
gid: 666
- name: create www user
user:
name: www
uid: 666
group: 666
shell: /sbin/nologin
create_home: no
- name: create directory data
file:
path: /data
state: directory
mode: 0755
owner: www
group: www
- name: systemctl start nfs server
systemd:
name: nfs
state: started
enabled: yes
⑤编写handlers
handlers的name要与tasks/main.yml中notify名称一致
[root@ansible nfs-server]# cat handlers/main.yml
- name: systemctl restarted nfs
systemd:
name: nfs
state: restarted
⑥编写template(存放配置文件)
[root@ansible nfs-server]# cat templates/exports.j2
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
⑦执行 (调用nfs-server这个角色)
[root@ansible roles]# ansible-playbook top.yml
⑧ 执行结果
4.2 Rsync
①创建目录结构
[root@ansible ~]# mkdir roles;cd roles
[root@ansible roles]# mkdir -p rsync-server/{tasks,handler,templates,files}
自己定义的名字/ 固定的名字
② 在roles目录下修改top.yml文件 调用角色(rsync-server)
#- hosts: nfsservers
# roles:
# - role: nfs-server
- hosts: backupservers
roles:
- role: rsync-server
③编写具体任务 (/rsync-server/tasks/main.yml)
- name: install rsync server
yum:
name: rsync
state: present
- name: copy rsync configure file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: rsyncd.j2 , dest: /etc/rsyncd.conf ,mode: '0644' }
- { src: rsync.passwd.j2 , dest: /etc/rsync.passwd , mode: '0600' }
notify: systemctl restart rsyncd
- name: create www group
group:
name: www
gid: '666'
- name: create www user
user:
name: www
uid: '666'
group: '666'
- name: create backup directory
file:
path: /backup
state: directory
owner: www
group: www
- name: systemctl start rsyncd
systemd:
name: rsyncd
state: started
④编写handlers
- name: systemctl start rsyncd
systemd:
name: rsyncd
state: started
⑤编写template(存放配置文件)
rsyncd.j2
[root@ansible templates]# cat rsyncd.j2
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
rsync.passwd.j2
[root@ansible templates]# cat rsync.passwd.j2
rsync_backup:1
⑥执行剧本
[root@ansible roles]# ansible-playbook top.yml
⑦剧本结构
加入变量
4.3 NFS加入变量
①我们首先定义变量
[root@ansible roles]# mkdir group_vars
[root@ansible roles]# cd group_vars/
[root@ansible group_vars]# vim all
#用户统一化
#www用户
user: www
#www用户组
group: www
#uid和gid
id: '666'
#NFS变量
#nfs共享目录
nfs_data: /data1
# 共享的网段
share_ip: 172.16.1.0/24
②在配置文件中添加变量
[root@ansible ~]# cat /root/roles/nfs-server/templates/exports.j2
{{ nfs_data }} {{ share_ip }}(rw,sync,all_squash,anonuid={{ id }},anongid={{ id }})
③在nfs剧本添加变量
- name: install nfs server
yum:
name: nfs-utils
state: present
- name: configure nfs file
template:
src: exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
notify: systemctl restarted nfs
- name: create www group
group:
name: "{{ group }}"
gid: "{{ id }}"
- name: create www user
user:
name: "{{ user }}"
uid: "{{ id }}"
group: "{{ id }}"
shell: /sbin/nologin
create_home: no
- name: create directory data
file:
path: "{{ nfs_data }}"
state: directory
mode: 0755
owner: "{{ user }}"
group: "{{ group }}"
- name: systemctl start nfs server
systemd:
name: nfs
state: started
enabled: yes
④执行剧本结果
4.4 Rsync加入变量
①我们首先定义变量
##用户统一化
#www用户
user: www
#www用户组
group: www
#uid和gid
id: '666'
##NFS变量
#nfs共享目录
nfs_data: /data1
# 共享的网段
share_ip: '172.16.1.0/24'
##Rsync变量
#rsync连接认证用户
vuser: rsync_backup
#rsync连接认证用户密码文件
vpasswd_path: /etc/rsync.passwd
#rsync连接用户密码
vpasswd: 1
#rysnc接受数据目录和模块名称
vdata: /backup
②在配置文件中添加变量
rsyncd.j2
[root@ansible ~]# cat /root/roles/rsync-server/templates/rsyncd.j2
uid = {{ user }}
gid = {{ group }}
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = {{ vuser }}
secrets file = {{ vpasswd_path }}
log file = /var/log/rsyncd.log
#####################################
[{{ vdata }}]
comment = welcome to oldboyedu backup!
path = {{ vdata }}
rsync.passwd.j2
[root@ansible ~]# cat /root/roles/rsync-server/templates/rsync.passwd.j2
{{ vuser }}:{{ vpasswd }}
③在nfs剧本添加变量
- name: install rsync server
yum:
name: rsync
state: present
- name: copy rsync configure file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: rsyncd.j2 , dest: /etc/rsyncd.conf ,mode: '0644' }
- { src: rsync.passwd.j2 , dest: /etc/rsync.passwd , mode: '0600' }
notify: systemctl restart rsyncd
- name: create www group
group:
name: "{{ group }}"
gid: "{{ id }}"
- name: create www user
user:
name: "{{ user }}"
uid: "{{ id }}"
group: "{{ id }}"
- name: create backup directory
file:
path: "{{ vdata }}"
state: directory
owner: "{{ user }}"
group: "{{ group }}"
mode: '0755'
- name: systemctl start rsyncd
systemd:
name: rsyncd
state: started
④执行剧本结果
3271
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
