5 roles角色
角色是ansible自1.2版本引入的新特性,用于层次性、结构化地组织playbook。roles能够根据层次型结构自动装载变量文件、tasks以及handlers等。要使用roles只需要在playbook中使用incluede指令即可。简单来讲,roles就是通过分别将变量、文件、任务、模板及处理器放置于单独的目录中,并可以便捷地include它们的一种机制。角色一般用于基于主机构建服务的场景中,但也可以是用于构建守护进程等场景中
运维复杂的场景:建议使用roles,代码复用度高
roles:多个角色集合,可以将多个的role,分别放至roles目录下的独立子目录中
roles/
mysql/
httpd/
nginx/
redis/
5.1 Ansible Roles目录编排
roles目录结构如下所示
roles目录结构:
playbook.yml
roles/
project
tasks/
files/
vars/
templates/
handlers/
default/
meta/
Roles各目录作用
/roles/project/ :项目名称,有以下子目录
- files/ :存放由copy或script模块等调用的文件
- templates/ : template模块查找所需要模板文件的目录
- tasks/ :定义task,role的基本元素,至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含
- handlers/ :至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含
- vars/ :定义变量,至少应该包含一个名为main.yml的文件;其它的文件需要在此文件中通过include进行包含
- meta/ :定义当前角色的特殊设定及其依赖关系,至少应该包含一个名为main.yml的文件,其它文件需在此文件中通过include进行包含
- default/ :设定默认变量时使用此目录中的main.yml文件,比vars的优先级低
5.2 创建role
创建role的步骤
(1)创建以roles命名的目录
(2)在roles目录中分别创建以各角色名称命名的目录,如webservers等
(3)在每个角色命名的目录中分别创建files、handlers、meta、tasks、templates和vars目录;用不到的目录可以创建为空目录,也可以不创建
(4)在playbook中调用各角色
针对大型项目使用Roles进行编排
范例: roles的目录结构
nginx-role.yml
roles/
└── nginx
├── files
│ └── main.yml
├── tasks
│ ├── groupadd.yml
│ ├── install.yml
│ ├── main.yml
│ ├── restart.yml
│ └── useradd.yml
└── vars
└── main.yml
5.3 playbook调用角色
调用角色方法1:
---
- hosts: websrvs
remote_user: root
roles:
- mysql
- memcached
- nginx
调用角色方法2:
---
- hosts: all
remote_user: root
roles:
- mysql
- { role: nginx, username: nginx }
调用角色方法3:
还可基于条件测试实现角色调用
---
- hosts: all
remote_user: root
roles:
- { role: nginx, username: nginx, when: ansible_distribution_major_version == "7" }
5.4 roles中tags使用
# nginx-role.yml
---
- hosts: websrvs
remote_user: root
roles:
- { role: nginx,tags: ['nginx','web'],when:ansible_distribution_major_version == "7" }
- { role: httpd,tags: ['httpd','web'] }
- { role: mysql,tags: ['mysql','db'] }
- { role: mariadb,tags: ['mariadb','db'] }
ansible-playbook --tags="nginx,httpd,mysql" nginx-role.yml
5.5 实战案例
5.5.1 案例1:实现httpd角色
# 创建角色相关的目录
mkdir -pv /data/ansible/roles/httpd/{tasks,handlers,files}
# 创建角色相关的文件
cd /data/ansible/roles/httpd
vim tasks/main.yml
- include: install.yml
- include: config.yml
- include: index.yml
- include: service.yml
vi tasks/install.yml
- name: install httpd package
yum: name=httpd
vim tasks/config.yml
- name: config file
copy: src=httpd.conf dest=/etc/httpd/conf/ backup=yes
notify: restart
vim tasks/index.yml
- name: index.html
copy: src=index.html dest=/var/www/html/
vim tasks/service.yml
- name: start service
service: name=httpd state=started enabled=yes
vim handlers/main.yml
- name: restart
service: name=httpd state=restarted
# 在files目录下准备两个文件
ls files/
httpd.conf index.html
[root@master ~]# tree /data/ansible/roles/httpd/
/data/ansible/roles/httpd/
├── files
│ ├── httpd.conf
│ └── index.html
├── handlers
│ └── main.yml
└── tasks
├── config.yml
├── index.yml
├── install.yml
├── main.yml
└── service.yml
3 directories, 8 files
# 在playbook中调用角色
vim /data/ansible/role_httpd.yml
---
- hosts: websrvs
remote_user: root
roles:
- httpd
# 运行playbook
ansible-playbook /data/ansible/role_httpd.yml
5.5.2 案例2:实现nginx角色
mkdir -pv /data/ansible/roles/nginx/{tasks,handler,templates,vars}
# 创建task文件
cd /data/ansible/roles/nginx
vim tasks/main.yml
- include: install.yml
- include: config.yml
- include: file.yml
- include: service.yml
vim tasks/install.yml
- name: install
yum: name=nginx
vim tasks/config.yml
- name: config file for centos7
template: src=nginx7.conf.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_major_version=='7'
notify: restart
- name:config file for centos8
template: src=nginx8.conf.j2 dest=/etc/nginx/nginx.conf
when: ansible distribution major version=="8"
vim tasks/file.yml
- name: index.html
copy: src=roles/httpd/files/index.html dest=/usr/share/nginx/html/
vim tasks/service.yml
- name: start service
service: name=nginx state=started enabled=yes
# 创建handler文件
cat handlers/main.yml
- name: restart
service: name=nginx state=restarted
# 创建两个template文件
cat templates/nginx7.conf.j2
...省略...
user {{user}};
worker_processes {{ansible_processor_vcpus**2}}; # 修改此行
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
...省略...
cat templates/nginx8.conf.j2
...省略...
user nginx;
worker_processes {{ansible_processor_vcpus+2}} #修改此行
error_log /var/log/nginx/error.log;
pid /run/nginx.pid
...省略...
# 创建变量文件
vim vars/main.yml
user: daemon
# 目录结构如下
tree /data/ansible/roles/nginx/
[root@master ~]# tree /data/ansible/roles/nginx/
/data/ansible/roles/nginx/
├── handlers
│ └── main.yml
├── tasks
│ ├── config.yml
│ ├── file.yml
│ ├── install.yml
│ ├── main.yml
│ └── service.yml
├── templates
│ ├── nginx7.conf.j2
│ └── nginx8.conf.j2
└── vars
└── main.yml
4 directories, 9 files
# 在playbook中调用角色
vim /data/ansible/role_nginx.yml
---
# nginx role
- hosts: appsrvs
roles:
- role: nginx
# 运行playbook
ansible-playbook /data/ansible/role_nginx.yml
5.5.3 案例3:实现memcached角色
mkdir /data/ansible/roles/memcached
vim tasks/main.yml
- include: install.yml
- include: config.yml
- include: service.yml
vim tasks/install.yml
- name: install
yum: name=memcached
vim tasks/service.yml
- name: service
service: name=memcached state=started enabled=yes
vim templates/memcached.j2
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="{{ ansible_memtotal_mb//4 }}"
OPTIONS=""
[root@master ~]# tree /data/ansible/roles/memcached/
/data/ansible/roles/memcached/
├── tasks
│ ├── config.yml
│ ├── install.yml
│ ├── main.yml
│ └── service.yml
└── templates
└── memcached.j2
2 directories, 5 files
vim /data/ansible/role_memcached.yml
---
- hosts: appsrvs
roles:
- role: memcached
ansible-play /data/ansible/role_memcached.yml
5.5.4 案例4:实现 mysql 的角色
[root@ansible ~]# cat /data/ansible/roles/mysql/files/my.cnf
[mysqld]
socket=/tmp/mysql.sock
user=mysql
symbolic-links=0
datadir=/data/mysql
innodb_file_per_table=1
log-bin
pid-file=/data/mysql/mysqld.pid
[client]
port=3306
socket=/tmp/mysql.sock
[mysqld_safe]
log-error=/var/log/mysqld.log
[root@ansible ~]# cat /data/ansible/roles/mysql/files/secure_mysql.sh
#!/bin/bash
/usr/local/mysql/bin/mysql_secure_installation <<EOF
y
magedu
magedu
y
y
y
y
EOF
[root@ansible ~]# ls /data/ansible/roles/mysql/files/
my.cnf mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz secure_mysql.sh
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/main.yml
- include: install.yml
- include: group.yml
- include: user.yml
- include: unarchive.yml
- include: link.yml
- include: data.yml
- include: config.yml
- include: service.yml
- include: path.yml
- include: secure.yml
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/install.yml
- name: install packages
yum: name=libio.perl-Data-Dumper,perl-Getopt-Long
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/group.yml
- name: create mysql group
group: name=mysql gid=306
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/user.yml
- name: create mysql user
user: name=mysql uid=306 group=mysql shell=/sbin/nologin system=yes create_home=no home=/data/mysql
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/unarchive.yml
- name: copy tar to remote host and file mode
unarchive: src=mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz dest=/usr/local/ owner=root group=root
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/link.yml
- name: mkdir /usr/local/mysql
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/data.yml
- name: data dir
shell: chdir=/usr/local/mysql/ ./scripts/mysql_install_db --datadir=/data/mysql --user=mysql
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/config.yml
- name: config my.cnf
copy: src=my.cnf dest=/etc/my.cnf
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/service.yml
- name: service script
shell: /bin/cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld;/etc/init.d/mysqld start;chkconfig --add mysqld;chkconfig mysqld on
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/path.yml
- name: PATH variable
copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh
[root@ansible ~]# cat /data/ansible/roles/mysql/tasks/secure.yml
- name: secure script
script: secure_mysql.sh
[root@master ~]# tree /data/ansible/roles/mysql/
/data/ansible/roles/mysql/
├── files
│ ├── my.cnf
│ ├── mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz
│ └── secure_mysql.sh
└── tasks
├── config.yml
├── data.yml
├── group.yml
├── install.yml
├── link.yml
├── path.yml
├── secure.yml
├── service.yml
├── unarchive.yml
└── user.yml
2 directories, 13 files
[root@ansible ~]# cat /data/ansible/mysql_roles.yml
- hosts: dbsrvs
remote_user: root
roles:
- { role:mysql, tags: ["mysql","db"]}
- { role:nginx, tags: ["nginx","web"]}
[root@ansible ~]# ansible-playbook -t mysql /data/ansible/mysql_roles.yml
5.5.5 案例5:实现多角色的选择
vim /data/ansible/role_httpd_nginx.yml
---
- hosts: appsrvs
roles:
- {role: httpd,tags: [httpd,web], when: ansible_distibution_major_version=='7'}
- {role: httpd,tags: [httpd,web], when: ansible_distibution_major_version=='8'}
6 ansible推荐学习资料
http://galaxy.ansible.com
https://galaxy.ansible.com/explore#/
http://github.com
http://ansible.com.cn/
https://github.com/ansible/ansible
https://github.com/ansible/ansible-examples