role 角色 介绍
角色(roles)是ansible自1.2版本开始引入的新特性,用于层次性,结构化地组织playbook。roles能够根据层次型结构自动装载变量文件、tasks以及handlers等。要使用roles只需要在playbook中使用include指令即可。简单的说,roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中、并可以便捷地include他们的一种机制。角色一般用于基于主机构建服务的场景中、但也可以是用于构建守护进程等场景中。
创建roles
ansible-galaxy init xxx
创建后的目录:
roles/apache/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
│ └── httpd.conf.j2
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
- tasks : 用于存放role的主要任务,也可以添加其他task文件,供main.yaml调用,从而实现更加复杂的部署功能。
- handlers : 用于存放触发执行( hanlders )的任务。
- defaults : 用于存放默认变量,优先度最低。
- vars : 用于存放变量文件,role中任务和模版里用到的变量可以在这里定义。
- files :用于存放需要拷贝到目的主机的文件,例如,作为copy模块src参数的默认根目录。
- template : 用于存放模版文件,格式为.j2,文件内容要符合Jinja2语法规则,通常使用template模块部署服务的配置文件。
- meta : 用于存放role依赖列表,这个知识点后面会详细阐述。
- tests : 用于存放测试role本身功能的playbook和主机定义文件,在开发测试阶段比较常用
使用roles部署httpd负载均衡
[devops@server1 ansible]$ tree roles/
roles/
├── apache
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ └── httpd.conf.j2
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
├── haproxy
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ └── haproxy.cfg.j2
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
└── keepalived
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
│ └── keepalived.conf.j2
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
[devops@server1 roles]$ cat apache/tasks/main.yml
---
# tasks file for apache
- name: install apache
yum:
name: httpd
state: present
- name: write config file
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
notify:
- restart apache
- name: write index html
copy:
content: "{{ ansible_facts['hostname'] }}\n"
dest: /var/www/html/index.html
- name: start apache
service:
name: httpd
state: started
- name: start firewalld
service:
name: firewalld
state: started
enabled: yes
- name: open httpd port
firewalld:
port: "{{ http_port }}/tcp"
permanent: yes
state: enabled
immediate: yes
[devops@server1 roles]$ cat apache/handlers/main.yml
---
- name: restart firewalld
service:
name: firewalld
state: restarted
在template下书写模板
其他依次类推
[devops@server1 ansible]$ cat http_SLB.yml
---
- hosts: all
roles:
- { role: apache, when: "ansible_hostname in groups['webservers']" }
- { role: haproxy, when: "ansible_hostname in groups['haproxy']" }
- role: keepalived
vars:
STATE: MASTER
VRI: 51
PRI: 100
when: ansible_hostname == "server4"
- role: keepalived
vars:
STATE: BACKUP
VRI: 51
PRI: 50
when: ansible_hostname == "server5"
使用roles部署zabbix
- hosts文件:
[devops@server1 ansible]$ cat hosts
[webservers]
server2
server3
[haproxy]
server4
server5
[keepalived]
server4
server5
[zbx_server]
server2
[zbx_mysql]
server3
[zbx_web]
server4
[zbx_agent]
server5 - 主剧本:
[devops@server1 ansible]$ cat zabbix.yml
---
- name: deploy zabbix
hosts: all
vars_files: vars/zabbix_vars.yml
roles:
- { role: zabbix_mysql, when: "ansible_hostname in groups['zbx_mysql']" }
- { role: zabbix_web, when: "ansible_hostname in groups['zbx_web']" }
- { role: zabbix_agent, when: "ansible_hostname in groups['zbx_agent']" }
- { role: zabbix_server, when: "ansible_hostname in groups['zbx_server']" }
- 1 建立4个角色
[devops@server1 roles]$ tree zabbix_server/
zabbix_server/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
│ └── zabbix_server.conf.j2
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
8 directories, 9 files
[devops@server1 roles]$ tree zabbix_mysql/
zabbix_mysql/
├── defaults
│ └── main.yml
├── files
│ └── create.sql.gz
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
8 directories, 9 files
[devops@server1 roles]$ tree zabbix_web/
zabbix_web/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
│ └── zabbix.conf
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
8 directories, 9 files
[devops@server1 roles]$ tree zabbix_agent/
zabbix_agent/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
│ └── zabbix_agentd.conf.j2
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
8 directories, 9 files
- 2 编写zabbix_mysql角色
tasks剧本:
[devops@server1 zabbix_mysql]$ cat tasks/main.yml
---
- name: install mariadb
yum:
name:
- mariadb-server
- MySQL-python
- name: start mariadb
service:
name: mariadb
state: started
enabled: yes
- name: create database zabbix
mysql_db:
login_user: root
login_password: "{{ LOGIN_PASSWD }}"
name: "{{ DBNAME }}"
state: present
encoding: utf8
collation: utf8_bin
notify: import zabbix data
- name: create zabbix user
mysql_user:
login_user: root
login_password: "{{ LOGIN_PASSWD }}"
name: "{{ DBNAME }}"
host: "%"
password: "{{ DBPASSWD }}"
priv: "{{ DBNAME }}.*:ALL"
state: present
- name: copy zabbix data
copy:
src: files/create.sql.gz
dest: /tmp/create.sql.gz
vars剧本:
可以选择加密
[devops@server1 zabbix_mysql]$ cat vars/main.yml
---
# vars file for zabbix_mysqlvars/zabbix_vars.yml
DBNAME: zabbix
DBUSER: zabbix
DBPASSWD: westos
LOGIN_PASSWD: westos
handlers剧本:
[devops@server1 zabbix_mysql]$ cat handlers/main.yml
---
# handlers file for zabbix_mysql
- name: import zabbix data
mysql_db:
login_user: "{{ DBUSER }}"
login_password: "{{ DBPASSWD }}"
name: "{{ DBNAME }}"
state: import
target: /tmp/create.sql.gz
在files下:
[devops@server1 zabbix_mysql]$ ls files/
create.sql.gz
- 3 编写zabbix-server 角色
tasks剧本:
[devops@server1 zabbix_server]$ cat tasks/main.yml
---
- name: Add zabbix repo
yum_repository:
name: zabbix
description: zabbix repo
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: install zabbix-server
yum:
name: zabbix-server
state: present
- name: config zabbix-server
template:
src: templates/zabbix_server.conf.j2
dest: /etc/zabbix/zabbix_server.conf
notify: restart zabbix_server
vars剧本:
[devops@server1 zabbix_server]$ cat defaults/main.yml
---
DBNAME: zabbix
DBUSER: zabbix
DBPASSWD: westos
DBSERVER: serveer3
handlers剧本:
[devops@server1 zabbix_server]$ cat handlers/main.yml
---
- name: restart zabbix_server
service:
name: zabbix-server
state: restarted
templates jinja2文件:
- 4 编写zabbix-web 角色
tasks 剧本:
[devops@server1 zabbix_web]$ cat tasks/main.yml
---
- name: Add zabbix repo
yum_repository:
name: zabbix
description: zabbix repo
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
#- name: update php repo
# yum_repository:
# name: webtatic
# description: webtatic
# baseurl: https://repo.webtatic.com/yum/el7/$basearch/
# gpgcheck: no
- name: install zabbix-web and httpd
yum:
name:
- zabbix-web
- zabbix-web-mysql
- httpd
state: present
- name: config httpd
template:
src: zabbix.conf
dest: /etc/httpd/conf.d/zabbix.conf
notify: restart httpd
- name: start httpd
service:
name: httpd
state: started
vars 剧本:
[devops@server1 zabbix_web]$ cat defaults/main.yml
---
TIME_ZONE: Asia/Shanghai
templates jinja2 文件:
handlers 剧本:
[devops@server1 zabbix_web]$ cat handlers/main.yml
---
- name: restart httpd
service:
name: httpd
state: restarted
- 5 编写zabbix-agent 角色
tasks 剧本:
[devops@server1 zabbix_agent]$ cat tasks/main.yml
---
- name: Add zabbix repo
yum_repository:
name: zabbix
description: zabbix repo
baseurl: https://mirrors.aliyun.com/zabbix/zabbix/4.0/rhel/7/x86_64/
gpgcheck: no
- name: install zabbix agent
yum:
name: zabbix-agent
state: present
- name: config zabbix-agent
template:
src: zabbix_agentd.conf.j2
dest: /etc/zabbix/zabbix_agentd.conf
notify: restart zabbix-agent
templates jinja2 文件: