ansible-roles-06
1. Ansible Roles基本概述
1.前面已經學過tasks和handler,那怎樣組織playbook才是最好的方式呢?簡單的回答就是:使用Roles
2.Roles基於一個“已知的檔案結構”,去自動的載入某些vars,tasks以及handler。以便於playbook更好的呼叫。roles相比playbook的結構更加的清晰有層次。但roles顯然要比playbook準備檔案更加的複雜
3.例如:我們無論安裝什麼軟體都會安裝時間同步服務,那麼每個playbook都要編寫時間同步服務的task。那我們的roles可以將時間同步服務task任務編寫好,等到需要使用的時候呼叫就行了。
4. Ansible注意事項: 在編寫roles的時候,最好能夠將一個tasks拆分為一個檔案,方便後續複用(徹底的打散)
2. Ansible Roles目錄結構
roles官方目錄結構,必須按照如下的定義。在每個目錄中必須有main.yml檔案,這些屬於強制要求
[root@ansible ~]# cd /etc/ansible/roles
[root@ansible ~]# mkdir -p {nfs,rsync,web}/{vars,tasjs,templates,files,meta}
[root@ansible ~]# tree
.
|——nfs 角色名稱
| |——files 存放檔案
| |——handlers 觸發任務
| |——tasks 具體任務
| |——templates 模板檔案
| |——vars 定義變數
| |——meta 依賴關係
3.Ansible Roles依賴關係
roles 允許在使用時自動引入其他role。role依賴關係儲存在meta/main.yml檔案中。
例如: 安裝wordpree需要先確保nginx與php都能正常允許,此時可以在wordpress的role中定義,依賴nginx與php-fpm
wordpress依賴nginx與php-fpm的role
[root@ansible ~]# cat /root/roles/wordpress/meta/main.yml
---
dependencies:
- { role: nginx}
- { role: php-fpm}
4.Ansible Roles案例實戰
4.1 NFS
①建立目錄結構
我們建立目錄結構有兩種方式,一種是使用ansible命令建立出預設的目錄結構,一種是我們自身根據需求建立出我們需要的目錄結構
1>galaxy
[root@ansible ~]# ansible-galaxy init nfs
- Role nfs was created successfully
[root@ansible ~]# tree nfs
nfs
|-- defaults
| `-- main.yml
|-- files
|-- handlers
| `-- main.yml
|-- meta
| `-- main.yml
|-- README.md
|-- tasks
| `-- main.yml
|-- templates
|-- tests
| |-- inventory
| `-- test.yml
`-- vars
`-- main.yml
8 directories, 8 files
2>自定義(這個文件我們使用這種方式)
[root@ansible ~]# mkdir roles;cd roles
[root@ansible roles]# mkdir -p nfs-server/{tasks,handler,templates,files}
自己定義的名字/ 固定的名字
②準備hosts與ansible.cfg檔案
[root@ansible roles]# ls
ansible.cfg hosts nfs-server
③ 在roles目錄下編輯一個top.yml檔案 呼叫角色()
[root@ansible roles]# cat top.yml
- hosts: nfsservers
roles:
- role: nfs-server
開始拆分原先playbook書寫的方式
拆分成三部分
1.tasks(具體的任務)
2.handlers
3.template(配置檔案)
[root@ansible roles]# cd nfs-server/
[root@ansible nfs-server]# ls
handlers tasks templates
④編寫具體任務 (/nfs-server/tasks/main.yml)
- name: install nfs server
yum:
name: nfs-utils
state: present
- name: configure nfs file
template:
src: exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
notify: systemctl restarted nfs
- name: create www group
group:
name: www
gid: 666
- name: create www user
user:
name: www
uid: 666
group: 666
shell: /sbin/nologin
create_home: no
- name: create directory data
file:
path: /data
state: directory
mode: 0755
owner: www
group: www
- name: systemctl start nfs server
systemd:
name: nfs
state: started
enabled: yes
⑤編寫handlers
handlers的name要與tasks/main.yml中notify名稱一致
[root@ansible nfs-server]# cat handlers/main.yml
- name: systemctl restarted nfs
systemd:
name: nfs
state: restarted
⑥編寫template(存放配置檔案)
[root@ansible nfs-server]# cat templates/exports.j2
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
⑦執行 (呼叫nfs-server這個角色)
[root@ansible roles]# ansible-playbook top.yml
⑧ 執行結果
4.2 Rsync
①建立目錄結構
[root@ansible ~]# mkdir roles;cd roles
[root@ansible roles]# mkdir -p rsync-server/{tasks,handler,templates,files}
自己定義的名字/ 固定的名字
② 在roles目錄下修改top.yml檔案 呼叫角色(rsync-server)
#- hosts: nfsservers
# roles:
# - role: nfs-server
- hosts: backupservers
roles:
- role: rsync-server
③編寫具體任務 (/rsync-server/tasks/main.yml)
- name: install rsync server
yum:
name: rsync
state: present
- name: copy rsync configure file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: rsyncd.j2 , dest: /etc/rsyncd.conf ,mode: '0644' }
- { src: rsync.passwd.j2 , dest: /etc/rsync.passwd , mode: '0600' }
notify: systemctl restart rsyncd
- name: create www group
group:
name: www
gid: '666'
- name: create www user
user:
name: www
uid: '666'
group: '666'
- name: create backup directory
file:
path: /backup
state: directory
owner: www
group: www
- name: systemctl start rsyncd
systemd:
name: rsyncd
state: started
④編寫handlers
- name: systemctl start rsyncd
systemd:
name: rsyncd
state: started
⑤編寫template(存放配置檔案)
rsyncd.j2
[root@ansible templates]# cat rsyncd.j2
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
rsync.passwd.j2
[root@ansible templates]# cat rsync.passwd.j2
rsync_backup:1
⑥執行劇本
[root@ansible roles]# ansible-playbook top.yml
⑦劇本結構
加入變數
4.3 NFS加入變數
①我們首先定義變數
[root@ansible roles]# mkdir group_vars
[root@ansible roles]# cd group_vars/
[root@ansible group_vars]# vim all
#使用者統一化
#www使用者
user: www
#www使用者組
group: www
#uid和gid
id: '666'
#NFS變數
#nfs共享目錄
nfs_data: /data1
# 共享的網段
share_ip: 172.16.1.0/24
②在配置檔案中新增變數
[root@ansible ~]# cat /root/roles/nfs-server/templates/exports.j2
{{ nfs_data }} {{ share_ip }}(rw,sync,all_squash,anonuid={{ id }},anongid={{ id }})
③在nfs劇本新增變數
- name: install nfs server
yum:
name: nfs-utils
state: present
- name: configure nfs file
template:
src: exports.j2
dest: /etc/exports
owner: root
group: root
mode: 0644
notify: systemctl restarted nfs
- name: create www group
group:
name: "{{ group }}"
gid: "{{ id }}"
- name: create www user
user:
name: "{{ user }}"
uid: "{{ id }}"
group: "{{ id }}"
shell: /sbin/nologin
create_home: no
- name: create directory data
file:
path: "{{ nfs_data }}"
state: directory
mode: 0755
owner: "{{ user }}"
group: "{{ group }}"
- name: systemctl start nfs server
systemd:
name: nfs
state: started
enabled: yes
④執行劇本結果
4.4 Rsync加入變數
①我們首先定義變數
##使用者統一化
#www使用者
user: www
#www使用者組
group: www
#uid和gid
id: '666'
##NFS變數
#nfs共享目錄
nfs_data: /data1
# 共享的網段
share_ip: '172.16.1.0/24'
##Rsync變數
#rsync連線認證使用者
vuser: rsync_backup
#rsync連線認證使用者密碼檔案
vpasswd_path: /etc/rsync.passwd
#rsync連線使用者密碼
vpasswd: 1
#rysnc接受資料目錄和模組名稱
vdata: /backup
②在配置檔案中新增變數
rsyncd.j2
[root@ansible ~]# cat /root/roles/rsync-server/templates/rsyncd.j2
uid = {{ user }}
gid = {{ group }}
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = {{ vuser }}
secrets file = {{ vpasswd_path }}
log file = /var/log/rsyncd.log
#####################################
[{{ vdata }}]
comment = welcome to oldboyedu backup!
path = {{ vdata }}
rsync.passwd.j2
[root@ansible ~]# cat /root/roles/rsync-server/templates/rsync.passwd.j2
{{ vuser }}:{{ vpasswd }}
③在nfs劇本新增變數
- name: install rsync server
yum:
name: rsync
state: present
- name: copy rsync configure file
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: rsyncd.j2 , dest: /etc/rsyncd.conf ,mode: '0644' }
- { src: rsync.passwd.j2 , dest: /etc/rsync.passwd , mode: '0600' }
notify: systemctl restart rsyncd
- name: create www group
group:
name: "{{ group }}"
gid: "{{ id }}"
- name: create www user
user:
name: "{{ user }}"
uid: "{{ id }}"
group: "{{ id }}"
- name: create backup directory
file:
path: "{{ vdata }}"
state: directory
owner: "{{ user }}"
group: "{{ group }}"
mode: '0755'
- name: systemctl start rsyncd
systemd:
name: rsyncd
state: started
④執行劇本結果
