Ansible-roles

Ansible-roles

一、roles作用

把playbook剧本里的各个play看作为角色，将各个角色的tasks任务、vars变量、templates模板、files文件等内容放置到角色的目录中统一管理，需要的时候可在playbook中直接使用roles调用，所以roles可以实现playbook代码的复用。

二、利用roles安装lnmp

ansible主机地址：192.168.111.10

vim /etc/ansible/hosts
[nginx]
192.168.111.20
[mysql]
192.168.111.30
[php]
192.168.111.40

1.在roles创建角色目录

mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta} -p

mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta} -p

mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta} -p

2.创建角色的的配置文件

touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml

touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml

touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml

3.配置nginx角色

在file目录中添加配置文件

default.conf nginx.repo index.php

在tasks目录中创建main.yaml，ini.yaml文件

vim main.yaml
- include: "init.yml"

- name: copy nginx.repo
  copy: src=nginx.repo dest=/etc/yum.repos.d/

- name: install nginx
  yum: name=nginx 
- name: copy
  copy: src=default.conf dest=/etc/nginx/conf.d/default.conf
- name: index.php
  copy: src=index.php dest=/usr/share/nginx/html
- name: start nginx
  service: name=nginx state=started

vim init.yaml
- name: stop firewalld
  service: name=firewalld state=stopped 
- name: stop setenforce
  command: '/usr/sbin/setenforce 0'
  ignore_errors: True

4.配置mysql角色

在file目录中添加配置文件

vim mysql.sh
passd=$(grep "password" /var/log/mysqld.log | awk '{print $NF}'| head -1)
mysql -uroot -p"$passd" --connect-expired-password -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Admin@123';"
mysql -uroot -pAdmin@123 -e "grant all privileges on *.* to root@'%' identified by 'Admin@123' with grant option;"

mysql-community.repo   mysql-community-source.repo

在tasks目录中配置main.yaml文件

vim main.yaml

- include: "init.yml"

- name: copy mysql.repo
  copy: src=mysql-community.repo dest=/etc/yum.repos.d/
- name: copy
  copy: src=mysql-community-source.repo dest=/etc/yum.repos.d/
- name: install mysql-server
  yum: name=mysql-server
- name: start mysql
  service: name=mysqld.service state=started
- name: chushihua 
  script: mysql.sh
  ignore_errors: True

5.配置php角色

在file目录中添加配置文件

vim index.php
<?php
phpinfo();
?>

在tasks目录中配置main.yaml文件

vim init.yaml

- name: stop firewalld
  service: name=firewalld state=stopped 
- name: stop setenforce
  command: '/usr/sbin/setenforce 0'
  ignore_errors: True

- include: "init.yml"

- name: install php.repo
  shell: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
  ignore_errors: True
- name: install php
  shell: yum -y install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache
  ignore_errors: True


- name: user
  user: name=php
- name: web 
  file: name=/usr/share/nginx/html state=directory

#- name: index.php

#  copy: src=index.php dest=/usr/share/nginx/html/

- name: modify php configuration file
  replace: path=/etc/php.ini  regexp=";date.timezone ="  replace="date.timezone = Asia/Shanghai"
- name: modify username and groupname in www.conf
  replace: path=/etc/php-fpm.d/www.conf  regexp="apache"  replace="php"
- name: modify listen addr in www.conf
  replace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1:9000"  replace="192.168.111.40:9000"
- name: modify allowed client in www.conf
  replace: path=/etc/php-fpm.d/www.conf  regexp="127.0.0.1"  replace="192.168.111.20"

- name: start php-fpm 
  service: name=php-fpm state=started

6.配置主文件lnmp.yaml

vim lnmp.yaml
- name: nginx play
  hosts: nginx
  remote_user: root
  roles:
  - nginx

- name: mysql play
  hosts: mysql
  remote_user: root
  roles:
  - mysql

- name: php play
  hosts: php
  remote_user: root
  roles:
  - php