ansible中的角色(roles)

ansible中的角色(roles)

一、自定义角色

1、将自定义的角色安装到对应的文件中(/home/student/ansible/roles/apache)
powershell 复制代码
[student@master ansible]$ ls
ansible.cfg  collections  inventory  roles
[student@master ansible]$ cd roles/
[student@master roles]$ ls
[student@master roles]$ ansible-galaxy init apache
- Role apache was created successfully
[student@master roles]$ ls
apache
[student@master roles]$ cd apache/
[student@master apache]$ pwd
/home/student/ansible/roles/apache
[student@master apache]$ ls
defaults  files  handlers  meta  README.md  tasks  templates  tests  vars
2、检查ansible角色结构

defaults :此目录中的main.yml 文件包含角色变量的默认值,使用角色时可以覆盖这些默认值。这些变量的优先 级较低,应该在play中更改和自定义(存放变量)

files:此目录包含由角色任务引用的静态文件(本地文件,不能调用变量)

handlers :此目录中的main.yml文件包含角色的处理程序 定义,也就是触发器的内容。

meta :此目录中的main.yml文件包含与角色相关的信息,如作者、许可证、平台和可选的角色的依赖项

README.md:帮助文档

tasks : 此目录中的mian.yml文件包含角色的任务定义(只写任务,不用指定主机)

template: 此目录包含由角色任务引用的jinja2模板(j2模板,并且可以调用变量)

tests :此目录可以包含清单和test.yml剧本,可用于测试角色

vars : 此目录的main.yml 文件定义角色的变量值,这些变量通常用于角色内部用途,这些变量的优先级较高,在playbook中使用时不应更改(存放变量)

3、案例

根据下列要求,在/home/student/ansible/roles 中创建名为 apache 的角色

(1)安装 httpd 软件,并能够开机自动运行

(2)开启防火墙,并允许 httpd 通过

(3)使用模板 index.html.j2,用来创建/var/www/html/index.html 网页,

内容如下(HOSTNAME 是受管理节点的完全合格域名,IPADDRESS 是 IP 地址)

Welcome to HOSTNAME on IPADDRESS

然后创建剧本 /home/student/ansible/myrole.yml,为 webtest 主机组启用 httpd 角色

(1)先对主机清单进行分组
powershell 复制代码
[student@master ansible]$ ls
ansible.cfg  collections  inventory  roles
[student@master ansible]$ vim inventory 
[student@master ansible]$ cat inventory 
node1
node2
node3
node4
node5

[test01]
node1

[test02]
node2

[web]
node3
node4

[webtest:children]
web
(2)编写index.html.j2模版文件
powershell 复制代码
[student@master ansible]$ cd roles/
[student@master roles]$ ls
apache
[student@master roles]$ cd apache/
[student@master apache]$ ls
defaults  files  handlers  meta  README.md  tasks  templates  tests  vars
[student@master apache]$ cd templates/
[student@master templates]$ ls
[student@master templates]$ vim index.html.j2
[student@master templates]$ cat index.html.j2 
Welcome to {{ ansible_fqdn }} on {{ ansible_default_ipv4.address }}
(3)编写任务(已经对所有主机配置完yum仓库)
powershell 复制代码
[student@master apache]$ ls
defaults  files  handlers  meta  README.md  tasks  templates  tests  vars
[student@master apache]$ cd tasks/
[student@master tasks]$ ls
main.yml
[student@master tasks]$ vim main.yml 
powershell 复制代码
---
# tasks file for apache
- name: install httpd
  yum:
    name:
      - httpd
      - firewalld
    state: present

- name: cp html
  template:
    src: index.html.j2
    dest: /var/www/html/index.html

- name: restarted httpd firewalld
  service:
    name: "{{ item }}"
    state: restarted
    enabled: yes
  loop:
    - httpd
    - firewalld

- name: set firewalld for http
  firewalld:
    service: http
    permanent: yes
    state: enabled
    immediate: yes
(4)编写剧本/home/student/ansible/myrole.yml
powershell 复制代码
[student@master ansible]$ ls
ansible.cfg  collections  inventory  myrole.yml  repo.yml  roles
[student@master ansible]$ vim myrole.yml
powershell 复制代码
---
- name: use apache role
  hosts: webtest
  roles:
    - apache
(5)运行myrole.yml,并测试
powershell 复制代码
[student@master ansible]$ ansible-playbook myrole.yml 

PLAY [use apache role] *****************************************************************

TASK [Gathering Facts] *****************************************************************
ok: [node4]
ok: [node3]

TASK [apache : install httpd] **********************************************************
changed: [node3]
changed: [node4]

TASK [apache : cp html] ****************************************************************
changed: [node3]
changed: [node4]

TASK [apache : restarted httpd firewalld] **********************************************
changed: [node4] => (item=httpd)
changed: [node3] => (item=httpd)
changed: [node4] => (item=firewalld)
changed: [node3] => (item=firewalld)

TASK [apache : set firewalld for http] *************************************************
changed: [node3]
changed: [node4]

PLAY RECAP *****************************************************************************
node3                      : ok=5    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
node4                      : ok=5    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
[student@master ansible]$ curl http://node3
Welcome to node3.example.com on 192.168.122.30
[student@master ansible]$ curl http://node4
Welcome to node4.example.com on 192.168.122.40
注意:任务中定义的变量大于角色中vars和defaults的优先级
4、剧本中调用roles和普通任务(tasks)的执行顺序
(1)pre_tasks:角色之前执行
(2)roles
(3)post_tasks:角色之后执行
(4)tasks
(5)handlers :最后执行

二、系统角色

1、安装软件包 rhel-system-roles
powershell 复制代码
[student@master ansible]$ sudo yum -y install rhel-system-roles
2、查看系统角色(cd /usr/share/ansible/roles/)
powershell 复制代码
[student@master ansible]$ cd /usr/share/ansible/roles/
[student@master roles]$ ls
linux-system-roles.certificate      rhel-system-roles.certificate
linux-system-roles.cockpit          rhel-system-roles.cockpit
linux-system-roles.crypto_policies  rhel-system-roles.crypto_policies
linux-system-roles.firewall         rhel-system-roles.firewall
linux-system-roles.ha_cluster       rhel-system-roles.ha_cluster
linux-system-roles.kdump            rhel-system-roles.kdump
linux-system-roles.kernel_settings  rhel-system-roles.kernel_settings
linux-system-roles.logging          rhel-system-roles.logging
linux-system-roles.metrics          rhel-system-roles.metrics
linux-system-roles.nbde_client      rhel-system-roles.nbde_client
linux-system-roles.nbde_server      rhel-system-roles.nbde_server
linux-system-roles.network          rhel-system-roles.network
linux-system-roles.postfix          rhel-system-roles.postfix
linux-system-roles.selinux          rhel-system-roles.selinux
linux-system-roles.ssh              rhel-system-roles.ssh
linux-system-roles.sshd             rhel-system-roles.sshd
linux-system-roles.storage          rhel-system-roles.storage
linux-system-roles.timesync         rhel-system-roles.timesync
linux-system-roles.tlog             rhel-system-roles.tlog
linux-system-roles.vpn              rhel-system-roles.vpn
案例1:时钟同步ansible的主机
(1)将时钟同步的角色复制到roles下面
powershell 复制代码
[student@master roles]$ cp -r rhel-system-roles.timesync/ /home/student/ansible/roles/timesync
[student@master roles]$ cd /home/student/ansible/
[student@master ansible]$ ls
ansible.cfg  collections  inventory  myrole.yml  repo.yml  roles
[student@master ansible]$ cd roles/
[student@master roles]$ ls
apache  timesync
[student@master roles]$ cd timesync/
[student@master timesync]$ ls
ansible_pytest_extra_requirements.txt  meta                             tasks
CHANGELOG.md                           molecule_extra_requirements.txt  templates
COPYING                                pylint_extra_requirements.txt    tests
custom_requirements.txt                pylintrc                         tox.ini
defaults                               pytest_extra_requirements.txt    vars
handlers                               README.html
library                                README.md
(2)将ansible主机的时钟同步服务器开启
powershell 复制代码
[root@ansible ~]# vim /etc/chrony.conf 
[root@ansible ~]# systemctl restart chronyd
[root@ansible ~]# systemctl enable chronyd
Created symlink /etc/systemd/system/multi-user.target.wants/chronyd.service → /usr/lib/systemd/system/chronyd.service.
[root@ansible ~]# hwclock -w
[root@ansible ~]# firewall-cmd --list-all
FirewallD is not running
(3)编写timesync.yml剧本,运行并测试
powershell 复制代码
[student@master ansible]$ vim timesync.yml
[student@master ansible]$ ansible-playbook timesync.yml 
[student@master ansible]$ ansible node1 -m shell -a 'chronyc sources'
node1 | CHANGED | rc=0 >>
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* ansible.example.com           3   6    17     2   -556us[ -761us] +/-   34ms
powershell 复制代码
---
- name: time chronyd
  hosts: all
  vars:
    timesync_ntp_servers:
      - hostname: ansible
        iburst: yes
  roles:
    - timesync
案例二:selinux
(1)将selinux的角色复制到roles下面
powershell 复制代码
[student@master ansible]$ cp -r /usr/share/ansible/roles/rhel-system-roles.selinux/ roles/selinux
[student@master ansible]$ cd roles/
[student@master roles]$ ls
apache  selinux  timesync
(2)编写selinux.yml剧本并运行
powershell 复制代码
[student@master ansible]$ vim selinux.yml
[student@master ansible]$ ansible-playbook selinux.yml 
powershell 复制代码
---
- name: set selinux
  hosts: all
  vars:
    selinux_policy: targeted
    selinux_state: enforcing
  roles:
    - role: selinux
      become: true

三、第三方来源下载安装角色

案例:

创建剧本/home/student/ansible/roles/down.yml,用来从以下 URL 下载角色

并安装到/home/student/ansible/roles 目录下:

http://ansible.example.com/roles/haproxy.tar 此角色名为 haproxy

http://ansible.example.com/roles/myphp.tar 此角色名为 myphp

powershell 复制代码
[student@master ansible]$ cd roles/
[student@master roles]$ vim down.yml
[student@master roles]$ cd ..
[student@master ansible]$ ansible-galaxy install -r roles/down.yml -p roles/
Starting galaxy role install process
- downloading role from http://ansible.example.com/roles/haproxy.tar
- extracting haproxy to /home/student/ansible/roles/haproxy
- haproxy was installed successfully
- downloading role from http://ansible.example.com/roles/myphp.tar
- extracting myphp to /home/student/ansible/roles/myphp
- myphp was installed successfully
[student@master ansible]$ ls roles/
apache  down.yml  haproxy  myphp  selinux  timesync
down.yml:
powershell 复制代码
---
- name: haproxy
  src: http://ansible.example.com/roles/haproxy.tar

- name: myphp
  src: http://ansible.example.com/roles/myphp.tar

四、删除角色(ansible-galaxy remove 角色名称)

powershell 复制代码
[student@master roles]$ ls
apache  down.yml  haproxy  myphp  selinux  timesync
[student@master ansible]$ ls
ansible.cfg  inventory   repo.yml  selinux.yml
collections  myrole.yml  roles     timesync.yml
[student@master ansible]$ ansible-galaxy remove myphp
- successfully removed myphp
[student@master ansible]$ ls roles/
apache  down.yml  haproxy  selinux  timesync

五、列出角色(ansible-galaxy list)

powershell 复制代码
[student@master ansible]$ ansible-galaxy list
# /home/student/ansible/roles
- apache, (unknown version)
- timesync, (unknown version)
- selinux, (unknown version)
- haproxy, (unknown version)
相关推荐
Insist7535 小时前
jenkins调用ansible部署lnmp平台-Discuz论坛
运维·服务器
误入运维泥潭5 小时前
Ansible Playbook自动化运维全攻略
ansible·yaml·playbook·facts
KellenKellenHao5 小时前
Jenkins调用ansible部署lnmp
servlet·ansible·jenkins
布列瑟农的星空5 小时前
html中获取容器部署的环境变量
运维·前端·后端
一匹电信狗5 小时前
【Linux我做主】细说进程等待
linux·运维·服务器·c++·ubuntu·小程序·开源
THMAIL6 小时前
机器学习从入门到精通 - 卷积神经网络(CNN)实战:图像识别模型搭建指南
linux·人工智能·python·算法·机器学习·cnn·逻辑回归
无法无天霸王龙6 小时前
云计算培训为什么这么贵?
linux·运维·学习·云计算
AIGC小火龙果6 小时前
AI代码管家:告别烂代码的自动化魔法
人工智能·经验分享·搜索引擎·自动化·aigc·ai编程
CYRUS STUDIO6 小时前
FART 自动化脱壳框架优化实战:Bug 修复与代码改进记录
android·自动化·逆向·fart