一.ansible roles
(一)ansible 角色简介
Ansible roles 是为了层次化,结构化的组织Playbook
roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中,并可以便捷地include它们
roles一般用于基于主机构建服务的场景中,在企业复杂业务场景中应用的频率很高
以特定的层级目录结构进行组织的tasks、variables、handlers、templates、files等;相当于函数的调用把各个功能切割成片段来执行。
(二)roles目录结构
目录 | 含义 |
---|---|
files | 存放copy或script等模块调用的函数 |
tasks | 定义各种task,要有main.yml,其他文件include包含调用 |
handlers | 定义各种handlers,要有main.yml,其他文件include包含调用 |
vars | 定义variables,要有main.yml,其他文件include包含调用 |
templates | 存储由template模块调用的模板文本 |
meta | 定义当前角色的特殊设定及其依赖关系,要有main.yml的文件 |
defaults | 要有main.yml的文件,用于设定默认变量 |
tests | 用于测试角色 |
(三)role存放的路径在配置文件ansible.cfg中定义
roles_path = ~/ansible/roles (默认目录:/etc/ansible/roles)
mkdir roles
二.创建目录结构及使用
(一)roles目录结构
mkdir roles
cd ~/ansible/roles
ansible-galaxy init vsftpd
cd ..
ansible-galaxy list
用roles部署vsftpd的虚拟用户访问:
步骤:
1.
vim tasks/main.yml
---
- name: install vsftpd
dnf:
name: vsftpd
state: present
notify: firewalld ##触发器,调用handlers
- name: create vsftpd.conf
template: ##j2模板调用
src: "{{item.src}}"
dest: "{{item.dest}}"
loop: ##vars变量调用
"{{files}}"
notify:
- "restart vsftpd" ##触发器,调用handlers
- "ftpauth users"
- name: create directory
file:
path: "/var/ftp/virtual/{{item}}/pub"
state: directory
owner: root
group: ftp
setype: "public_content_rw_t"
loop:
"{{username}}"
- name: set ftp sebool
seboolean:
name: "ftpd_anon_write"
state: yes
persistent: yes
2.
vim handlers/main.yml
---
# handlers file for vsftpd
- name: restart vsftpd
service:
name: vsftpd
state: restarted
enabled: yes
- name: firewalld
firewalld:
service: ftp
permanent: yes
state: enabled
immediate: yes
- name: ftpauth users ##生成虚拟用户认证文件
shell: "db_load -T -t hash -f /etc/vsftpd/ftp_auth_file /etc/vsftpd/ftp_auth_file.db"
3.
vim vars/main.yml
---
username:
- user1
- user2
- user3
files:
- src: ftp_auth_file.j2
dest: /etc/vsftpd/ftp_auth_file
- src: etc.pam.d.ftpauth.j2
dest: /etc/pam.d/ftpauth
- src: vsftpd.conf.j2
dest: /etc/vsftpd/vsftpd.conf
4.
vim etc.pam.d.ftpauth.j2
account required pam_userdb.so db=/etc/vsftpd/ftp_auth_file
auth required pam_userdb.so db=/etc/vsftpd/ftp_auth_file
vim ftp_auth_file.j2
user1
123
user2
456
user3
789
vim vsftpd.conf.j2
126 pam_service_name=ftpauth
127 userlist_enable=YES
128 guest_enable=YES
129 guest_username=ftp
130 local_root=/var/ftp/virtual/$USER
131 user_sub_token=$USER
5.
vim /root/ansible/vsftpd.yml
---
- name: virtual vsftpd
hosts: list1
roles: ##roles的使用
- role: vsftpd
(二)playbook中使用roles
1.playbook中使用roles
---
- hosts: server2
roles:
- role: role1
- role: role2
var1: value1 ##此处变量会覆盖roles中的定义变量
2.控制任务执行顺序
---
- hosts: server2
roles:
- role: role1 ##角色任务
pre_tasks: ##角色执行前执行的play
- tasks1
tasks: ##普通任务
- tasks2
post_tasks: ##在角色和普通任务执行完毕后执行的play
- tasks3
handlers:
练习
配置ddns服务
1.
vim tasks/main.yml
---
- name: install dhcp and bind
dnf:
name: "{{item}}"
state: present
loop:
"{{SOFTWARE}}"
notify: set firewalld
- name: create file for dhcp and bind
template:
src: "{{item.src}}"
dest: "{{item.dest}}"
group: "{{item.group}}"
loop:
"{{FILES}}"
notify: restart service
2.
vim handlers/main.yml
---
- name: set firewalld
firewalld:
service: "{{item}}"
permanent: yes
state: enabled
immediate: yes
loop:
- dns
- dhcp
- name: restart service
service:
name: "{{item}}"
state: restarted
enabled: yes
loop:
- named
- dhcpd
3.
vim vars/main.yml
---
SOFTWARE:
- bind
- dhcp-server
FILES:
- src: named.conf.j2
dest: /etc/named.conf
group: named
- src: etc.ddns.key.j2
dest: /etc/ddns.key
group: named
- src: westos.org.zone.j2
dest: /var/named/westos.org.zone
group: named
- src: named.rfc1912.zones.j2
dest: /etc/named.rfc1912.zones
group: named
- src: etc.dncpd.dhcpd.conf.j2
dest: /etc/dhcp/dhcpd.conf
group: root
4.
vim etc.ddns.key.j2 ##dns更新的钥匙
key "westos" {
algorithm hmac-sha256;
secret "HisOcg4lsdbH1JuvK7p7Mw==";
};
vim named.conf.j2 ##dns基于key更新
include "/etc/ddns.key";
vim westos.org.zone.j2 ##域名A记录文件
$TTL 1D
@ IN SOA dnf.westos.org. lee.westos.org. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.org.
dns A {{ansible_facts['enp1s0']['ipv4']['address']}}
vim named.rfc1912.zones.j2 ##维护域名
zone "westos.org" IN {
type master;
file "westos.org.zone";
allow-update { key westos; };
};
vim etc.dncpd.dhcpd.conf.j2
5.
vim ddns.yml
---
- name: ddns
hosts: list1
roles:
- name: run ddns role
role: ddns
测试结果
三.ansible—galaxy命令工具
Ansible Galaxy 是一个免费共享和下载 Ansible 角色的网站,可以帮助我们更好的定义和学习roles。
ansible-galaxy命令默认与https://galaxy.ansible.com网站API通信,可以查找、下载各种社区开发的 Ansible 角色
ansible-galaxy在 Ansible 1.4.2 就已经被包含了
在galaxy.ansible.com网站查询roles
安装选择的角色
1.网络源
/root/ansible
vim install_vsftpd_roles.yml
---
- src: http://172.25.254.100/vsftpd.tar.gz
name: vsftpdhttp3
2.install local roles
vim install_vsftpd_roles.yml
---
- src: file:///root/ansible/roles/vsftpd.tar.gz
name: vsftpd1
ansible-galaxy install -r install_vsftpd_roles.yml
3. 在galaxy.ansible.com网站直接安装或下载roles包