在使用Ansible写一键部署的时候,我们不可能把所有的操作都写入一个playbook中,这样不利于后面的排错,我们希望把文件根据不同的工作模块拆分开来,解耦,所以我们需要学习官方推荐的roles,因为roles的目录结构层次非常清晰,可以清晰我们的编写思路,优化我们的工作效率。
1.Ansible Roles目录结构
[root@Ansible ~]# mkdir /ansible/roles #roles目录默认在/etc/ansible/roles,也可以自定义,我把ansible放在了根下,所以roles也跟着放在根目录下的ansible
[root@Ansible ~]# cd /ansible/roles
[root@Ansible roles]# ansible-galaxy init test
- Role test was created successfully
[root@Ansible roles]# tree
.
└── test
├── defaults #默认文件存放位置
│ └── main.yml
├── files #配置文件存放位置
├── handlers #handler存放位置
│ └── main.yml
├── meta #存放角色依赖的位置,比如要安装wordpress,我们需要先安装nginx和php,我们把playbook引用在这里,会优先执行这里的内容
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml #建议每个roles只使用一个tasks,方便我们去调用
├── templates #带变量文件存放位置
├── tests
│ ├── inventory
│ └── test.yml
└── vars #变量存放位置
└── main.yml
9 directories, 8 files
[root@Ansible roles]#
2.Ansible Roles依赖关系
role允许在使用roles时自动引入其他的roles,role依赖关系存储在roles目录中meta/main.yml文件中。
以部署wordpress项目为例,前提是安装nginx和php,把服务跑起来,才能运行wordpress页面,此时,我们可以在wordpress的roles中定义依赖nginx和php的roles。
[root@Ansible roles]# ansible-galaxy init wordpress
[root@Ansible roles]# cat /ansible/roles/wordpress/meta/main.yml
dependencies:
- { role: nginx }
- { role: php }
如果编写了meta目录下的main.yml文件,那么Ansible会自动先执行meta目录的main.yml文件中的dependencies。
3.Ansible Roles实战
(1)roles技巧
创建roles目录结构,进入roles目录后,使用ansible-galaxy init test自动创建。
(2)roles重构rsync
创建目录结构
[root@Ansible ~]# cd /ansible/roles/
[root@Ansible roles]# ll
total 0
[root@Ansible roles]# ansible-galaxy init rsync
- Role rsync was created successfully
[root@Ansible roles]# tss
-bash: tss: command not found
[root@Ansible roles]# tree
.
└── rsync
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
9 directories, 8 files
定义主机列表,定义在roles目录下面,方便打包的时候可以-i hosts直接调用
[root@Ansible roles]# cat hosts
[backup]
172.16.1.41
指定backup主机组,执行哪个roles
[root@Ansible roles]# cat site.yml
- hosts: backup
remote_user: root
roles:
- rsync
编写rsync角色的tasks任务
[root@Ansible ~]# cat /ansible/roles/rsync/tasks/main.yml
- name: install rsync server
yum:
name: rsync
state: present
- name: configure rsync server
template:
src: "{{ item.src }}"
dest: /etc/{{ item.dest }}
mode: "{{ item.mode }}"
loop:
- { src: "rsyncd.conf.j2" ,dest: "rsynd.conf" ,mode: "0644"}
- { src: "rsync.passwd.j2" ,dest: "rsync.passwd" ,mode: "0600"}
notify: restart rsync server
- name: start rsync server
systemd:
name: rsyncd
state: started
enabled: yes
- name: create group "{{ rsync_dir }}"
file:
path: /{{ rsync_dir }}
state: directory
owner: "{{ rs_user }}"
group: "{{ rsg_user }}"
收集rsync角色的配置文件到files目录
[root@Ansible roles]# ll /ansible/roles/rsync/templates/
total 8
-rw-r--r-- 1 root root 318 Apr 20 17:49 rsyncd.conf.j2
-rw-r--r-- 1 root root 24 Apr 20 17:50 rsyncd.passwd.j2
[root@Ansible roles]# cat /ansible/roles/rsync/templates/rsyncd.conf.j2
uid = {{ rs_user }}
gid = {{ rsg_user }}
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
path = /backup
[root@Ansible roles]# cat /ansible/roles/rsync/templates/rsyncd.passwd.j2
rsync_backup:{{ pass }}
编写变量配置文件所需的变量
[root@Ansible roles]# cat rsync/vars/main.yml
rs_user : www
rsg_user : www
pass : 123456
rsync_dir: /backup
执行roles,测试rsync角色执行效果
[root@Ansible roles]# ansible-playbook -i hosts site.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [172.16.1.31]
ok: [172.16.1.41]
TASK [install rsync server] ****************************************************
skipping: [172.16.1.31]
ok: [172.16.1.41]
TASK [configure rsync server] **************************************************
skipping: [172.16.1.31] => (item={u'dest': u'rsynd.conf', u'src': u'rsyncd.conf.j2', u'mode': u'0644'})
skipping: [172.16.1.31] => (item={u'dest': u'rsync.passwd', u'src': u'rsync.passwd.j2', u'mode': u'0600'})
ok: [172.16.1.41] => (item={u'dest': u'rsynd.conf', u'src': u'rsyncd.conf.j2', u'mode': u'0644'})
changed: [172.16.1.41] => (item={u'dest': u'rsync.passwd', u'src': u'rsync.passwd.j2', u'mode': u'0600'})
TASK [start rsync server] ******************************************************
skipping: [172.16.1.31]
ok: [172.16.1.41]
TASK [rsync : create group "/backup"] ******************************************
skipping: [172.16.1.31]
ok: [172.16.1.41]
RUNNING HANDLER [restart rsync server] *****************************************
changed: [172.16.1.41]
PLAY RECAP *********************************************************************
172.16.1.31 : ok=1 changed=0 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
172.16.1.41 : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
(3)roles重构nfs
结构nfs的用户目录
[root@Ansible ~]# cd /ansible/roles/
[root@Ansible roles]# ansible-galaxy init nfs
- Role nfs was created successfully
[root@Ansible roles]# tree nfs
nfs
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
8 directories, 8 files
定义roles主机清单
[root@Ansible roles]# cat hosts
[nfs]
172.16.1.31
[backup]
172.16.1.41
指定nfs主机组,执行哪个roles
[root@Ansible roles]# cat site.yml
- hosts: all
roles:
- role: nfs #此处是用的相对路径找的nfs
when: ansible_hostname is match "NFS"
- role: rsync
when: ansible_hostname is match "rsync"
编写nfs的tasks
[root@Ansible nfs]# cat tasks/main.yml
- name: install nfs server
yum:
name: nfs-utils
state: present
- name: configure nfs server
template:
src: exports
dest: /etc/exports
notify: restart nfs server
- name: create directory data
file:
path: "{{ share_dir }}"
state: directory
owner: www
group: www
mode: 0755
- name: start nfs server
systemd:
name: nfs
state: started
enabled: yes
编写nfs角色的handlers
[root@Ansible roles]# cat nfs/handlers/main.yml
- name: restart nfs server
systemd:
name: nfs
state: restarted
准备nfs所需要的配置文件
[root@Ansible roles]# cat nfs/templates/exports
{{ share_dir }} {{ share_ip }}(rw,sync,all_squash,anonuid=666,anongid=666)
定义nfs所需的变量
[root@Ansible roles]# cat nfs/vars/main.yml
share_dir: /data
share_ip : 172.16.1.0/24
执行roles,测试nfs角色执行效果
[root@Ansible roles]# ansible-playbook -i hosts site.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
ok: [172.16.1.41]
ok: [172.16.1.31]
TASK [install nfs server] ******************************************************
skipping: [172.16.1.41]
ok: [172.16.1.31]
TASK [configure nfs server] ****************************************************
skipping: [172.16.1.41]
changed: [172.16.1.31]
TASK [nfs : create directory data] *********************************************
skipping: [172.16.1.41]
ok: [172.16.1.31]
TASK [start nfs server] ********************************************************
skipping: [172.16.1.41]
ok: [172.16.1.31]
RUNNING HANDLER [restart nfs server] *******************************************
changed: [172.16.1.31]
PLAY RECAP *********************************************************************
172.16.1.31 : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.1.41 : ok=1 changed=0 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
4.Ansible Galaxy
Galaxy是一个免费网站,类似于github,网站上基本都是共享roles,从Galaxy下载roles是最快启动项目方式之一
ansible提供了一个命令ansible-galaxy,可以用来对roles项目进行初始化,查找,安装,移除等操作。
[root@Ansible ~]# ansible-galaxy --help #查看帮助
(1)使用galaxy搜索项目
[root@Ansible ~]# ansible-galaxy search openvpn
(2)查看详细信息
[root@Ansible ~]# ansible-galaxy info kostyrevaa.openvpn
(3)安装项目
[root@Ansible ~]# ansible-galaxy install kyl191.openvpn