1 roles角色
角色是ansible自1.2版本引入的新特征,用于层次性、结构化地组织playbook。roles能够根据层次性结构自动装载变量文件、tasks以及handlers等。要使用roles只需要在playbook中使用include指令即可。简单来讲,roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中,并可以便捷地include它们的一种机制。角色一般用于基于主机构建服务的场景中,但也可以是用于构建守护进程等场景中
运维复杂的场景:建议使用roles,代码复用度高
roles:多个角色的集合,可以将多个的role,分别放至roles目录下的独立子目录中
roles/
—mysql/
—httpd/
—nginx/
—redis
1.1 Ansible Roles目录编排
roles目录结构如下所示
每个角色:以特定的层级目录结构进行组织
roles目录结构:
playbook.yml
roles/
—project/
—tasks/
—files/
—vars/
—templates/
—handlers/
—default/
—meta/
Roles各目录作用
/roles/project/: 项目名称,有以下子目录
· files/: 存放由copy或script模块等调用的文件
· temolates/: template模块查找所需要模块文件的目录
· tasks/: 定义task,role的基本元素,至少应该包含一个名为main.yml的文件;其他的文件需要在此文件中通过include进行包含
· handlers/: 至少应该包含一个名为main.yml文件,其他的文件需要在此文件中通过include进行包含
· vars/: 定义变量,至少应该包含一个名为main.yml的文件,其他的文件需要在此文件中通过include进行包含
· meta/: 定义当前角色的特殊设定及其依赖关系,至少应该包含一个名为main.yml的文件,其他文件需在此文件中通过include进行包含
· default/: 设定默认变量时使用此目录中的main.yml文件,比vars的优先级低
1.2 创建role
创建role的步骤
(1)创建以roles命名的目录
(2)在roles目录中分别创建以各角色名称命名的目录,如webserver等
(3)在每个角色命名的目录中分别创建files、handlers、meta、tasks、templates和vars目录;用不到的目录可以创建为空目录,也可以不创建
(4)在playbook文件中,调用各角色
针对大型项目使用Roles进行编排
范例:roles的目录结构
nginx-role.yml
roles/
└── nginx
├── files
│ └── main.yml
├── tasks
│ ├── groupadd.yml
│ ├── install.yml
│ ├── main.yml
│ ├── restart.yml
│ ├── useradd.yml
└── vars
└── main.yml
1.3 playbook调用角色
调用角色方法:
---
- hosts: websrvs
remote_user: root
roles:
- mysql
- memcached
- nginx
调用角色方法2:
键role用于指定角色名称,后续的k/v用于传递变量给角色
---
- hosts: all
remote_user: root
roles:
- mysql
- { role: nginx, username: nginx }
调用角色方法3:
还可基于条件测试实现角色调用
---
- hosts: all
remote_user: root
roles:
- { role: nginx, username: nginx, when: ansible_distribution_major_version == '7' }
1.4 roles中tags使用
#nginx-role.tml
---
- hosts: websrvs
remote_user: root
roles:
- { role:nginx, tags: [ 'nginx', 'web' ], when: ansible_distribution_major_version == '6' }
- { role: httpd, tags: [ 'httpd', 'web' ] }
- { role: mysql, tags: [ 'mysql', 'db' ] }
- { role: mariadb, tags:[ 'mariadb', 'db' ] }
[root@ansible ~]# ansible-playbook --tags="nginx,httpd,mysql" nginx-role.yml
1.5 实战案例
1.5.1 案例1:实现httpd角色
[root@ansible ~]# mkdir -pv /data/ansible/roles/httpd/{tasks,handlers,files}
#创建角色相关的文件
[root@ansible ~]# cd /data/ansible/roles/httpd/
[root@ansible httpd]# vim tasks/main.yml
- include: install.yml
- include: config.yml
- include: index.yml
- include: service.yml
#创建软件安装文件
[root@ansible httpd]# vim tasks/install.yml
- name: install httpd package
yum: name=httpd
#创建软件配置文件
[root@ansible httpd]# vim tasks/config.yml
- name: config file
copy: src=httpd.conf dest=/etc/httpd/conf/ backup=yes
notify: restart
#创建网页主页文件
[root@ansible httpd]# vim tasks/index.yml
- name: index.html
copy: src=index.html dest=/var/www/html/
#创建软件启动文件
[root@ansible httpd]# vim tasks/service.yml
- name: start service
service: name=httpd state=started enabled=yes
#创建软件触发重启文件
[root@ansible httpd]# vim handlers/main.yml
- name: restart
service: name=httpd state=restarted
#在files目录下准备两个文件
[root@ansible httpd]# ls /data/ansible/roles/httpd/files/
httpd.conf index.html
[root@ansible httpd]# tree /data/ansible/roles/httpd/
/data/ansible/roles/httpd/
├── files
│ ├── httpd.conf
│ └── index.html
├── handlers
└── tasks
├── config.yml
├── index.yml
├── install.yml
└── service.yml
3 directories, 6 files
#在playbook中调用角色
[root@ansible httpd]# vim /data/ansible/role_httpd.yml
---
# httpd role
- hosts: websrvs
remote_user: root
roles:
- role: httpd
#运行playbook
[root@ansible httpd]# ansible-playbook /data/ansible/role_httpd.yml
1.5.2 案例2:实现nginx角色
[root@ansible ~]# mkdir -pv /data/ansible/roles/nginx/{tasks,handlers,templates,vars}
#创建task文件
[root@ansible ~]# cd /data/ansible/roles/nginx/
[root@ansible nginx]# vim tasks/main.yml
- include: install.yml
- include: config.yml
- include: file.yml
- include: service.yml
[root@ansible nginx]# vim tasks/install.yml
- name: install
yum: name=nginx
[root@ansible nginx]# vim tasks/config.yml
- name: config file for centos7
templates: src=ngxin7.conf.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_major_version == "7"
notify: restart
- name: config file for centos8
templates: src=nginx8.conf.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_major_version == "8"
notify: restart
[root@ansible nginx]# vim tasks/index.yml
- name: index.html
copy: src=roles/httpd/files/index.html dest=/usr/share/nginx/html/
[root@ansible nginx]# vim tasks/service.yml
- name: start service
service: name=nginx state=started enabled=yes
#创建handler文件
[root@ansible nginx]# vim handlers/main.yml
- name: restart
service: name=nginx state=restarted
#创建两个template文件
[root@ansible nginx]# vim templates/nginx7.conf.j2
... 省略 ...
user: {{ user }};
worker_processes {{ ansible_processor_vcpus+3 }};
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
... 省略 ...
[root@ansible nginx]# vim templates/nginx8.conf.j2
... 省略 ...
user: nginx;
worker_processes {{ ansible_processor_vcpus+2 }};
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
... 省略 ...
#创建变量文件
[root@ansible nginx]# vim vars/main.yml
user: daemon
#目录结构如下
[root@ansible nginx]# tess /data/ansible/roles/nginx/
/data/ansible/roles/nginx/
├── handlers
│ └── main.yml
├── tasks
│ ├── config.yml
│ ├── index.yml
│ ├── install.yml
│ ├── main.yml
│ └── service.yml
├── templates
│ ├── nginx7.conf.j2
│ └── nginx8.conf.j2
└── vars
└── main.yml
4 directories, 9 files
#在playbook中调用角色
[root@ansible nginx]# vim /data/ansible/role_nginx.yml
---
#nginx role
- hosts: websrvs
remote_user: root
roles:
- role: nginx
#运行playbook
[root ansible@ ansible]# ansible-playbook /data/ansible/role_nginx.yml
1.5.3 案例3:实现memcached角色
[root@ansible ~]# mkdir -pv /data/ansible/roles/memcached/{tasks,templates}
[root@ansible ~]# cd /data/ansible/roles/memcached
[root@ansible memcached]# vim tasks/main.yml
- include: install.yml
- include: config.yml
- include: service.yml
[root@ansible memcached]# vim tasks/install.yml
- name: install
yum: name=memcached
[root@ansible memcached]# vim tasks/config.yml
- name: config file
template: src=memcached.j2 dest=/etc/sysconfig/memcached
[root@ansible memcached]# vim tasks/service.yml
- name: service
service: name=memcached state=started enabled=yes
[root@ansible memcached]# vim templates/memcached.j2
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="{{ansible_memtotal_mb//4}}"
[root@ansible memcached]# tree /data/ansible/roles/memcached/
/data/ansible/roles/memcached/
├── tasks
│ ├── config.yml
│ ├── install.yml
│ ├── main.yml
│ └── service.yml
└── templates
└── memcached.j2
2 directories, 5 files
[root@ansible ansible]# vim /data/ansible/role_memcached.yml
---
- hosts: websrvs
remote_user: root
roles:
- role: memcached
[root@ansible ansible]# ansible-playbook /data/ansible/role_memcached.yml
PLAY [192.168.139.100] ******************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************************
ok: [192.168.139.100]
TASK [memcached : install] **************************************************************************************************************************************************************************************
changed: [192.168.139.100]
TASK [memcached : config file] **********************************************************************************************************************************************************************************
changed: [192.168.139.100]
TASK [memcached : service] **************************************************************************************************************************************************************************************
changed: [192.168.139.100]
PLAY RECAP ******************************************************************************************************************************************************************************************************
192.168.139.100 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.5.4 案例4:实现mysql角色
[root@ansible ~]# vim /data/ansible/roles/mysql/files/my.cnf
[mysqld]
socket=/tmp/mysql.sock
user=mysql
symbolic-links=0
datadir=/data/mysql
innodb_file-per_table=1
log-bin
pid-file=/data/mysql/mysqld.pid
[client]
port=3306
socket=/tmp/mysql.sock
[mysqld_safe]
log-error=/var/log/mysqld.log
[root@ansible ~]# vim /data/ansible/roles/mysql/files/secure_mysql.sh
#!/bin/bash
/usr/local/mysql/bin/mysql_secure_installation <<EOF
y
zyixin
zyixin
y
y
y
y
EOF
[root@ansible ~]# ls /data/ansible/roles/mysql/files/
my.cnf mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz secure_mysql.sh
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/main.yml
- include: install.yml
- include: group.yml
- include: user.yml
- include: unarchive.yml
- include: link.yml
- include: data.yml
- include: config.yml
- include: service.yml
- include: path.yml
- include: secure.yml
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/install.yml
- name: install packages
yum: name=libaio,perl-Data-Dumper,perl-Getopt-Long
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/group.yml
- name: create mysql group
group: name=mysql pid=306
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/user.yml
- name: create mysql user
user: name=mysql uid=306 group=mysql shell=/sbin/nologin system=yes create_home=no home=/data/mysql
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/unarchive.yml
- name: copy tar to remote host and file mode
unarchive: src=mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz dest=/usr/local/ owner=root group=root
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/link.yml
- name: mkdir /usr/local/mysql
file: src=/usr/local/mysql-5.6.46-linux-glibc2.12-x86_64 dest=/usr/local/mysql state=link
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/data.yml
- name: data dir
shell: chdir=/usr/local/mysql/ ./scripts/mysql_install_db --datadir=/data/mysql --user=mysql
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/config.yml
- name: config my.cnf
copy: src=my.cnf dest=/etc/my.cnf
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/service.yml
- name: service script
shell: /bin/cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqd;/etc/init.d/mysqld start;chkconfig --add mysqld;chkconfig mysqld on
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/path.yml
- name: PATH variable
copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh
[root@ansible ~]# vim /data/ansible/roles/mysql/tasks/secure.yml
- name: secure script
script: secure_mysql.sh
[root@ansible ~]# tree /data/ansible/roles/mysql/
/data/ansible/roles/mysql/
├── files
│ ├── my.cnf
│ ├── mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz
│ ├── secure_mysql.sh
└── tasks
├── config.yml
├── data.yml
├── group.yml
├── link.yml
├── install.yml
├── main.yml
├── path.yml
├── secure.yml
├── service.yml
├── unarchive.yml
└── user.yml
2 directories, 14 files
[root@ansible ~]# vim /data/ansible/mysql_roles.yml
- hosts: websrvs
remote_user: root
roles:
- {role: mysql,tags: ["mysql","db"]}
- {role: nginx,tags: ["nginx","web"]}
[root@ansible ~]# ansible-playbook -t mysql /data/ansible/mysql_roles.yml
1.5.5 案例5:实现多角色的选择
[root@ansible ~]# vim /data/ansible/role_nginx.yml
---
- hosts: websrvs
remote_user: root
roles:
- {role: httpd,tags: [httpd,web], when:ansible_distribution_major_version=="7"}
- {role: nginx,tags: [nginx,web], when:ansible_distribution_major_version=="8"}
[root@ansible ~]# ansible-playbook -t nginx /data/ansible/role_httpd_nginx.yml
评论区