在使用Ansible写一键部署的时候,我们不可能把所有的操作都写入一个playbook中,这样不利于后面的排错,我们希望把文件根据不同的工作模块拆分开来,解耦,所以我们需要学习官方推荐的roles,因为roles的目录结构层次非常清晰,可以清晰我们的编写思路,优化我们的工作效率。
Ansible Roles目录结构
1. [root@Ansible ~]# mkdir /ansible/roles #roles目录默认在/etc/ansible/roles,也可以自定义,我把ansible放在了根下,所以roles也跟着放在根目录下的ansible 2. [root@Ansible ~]# cd /ansible/roles 3. [root@Ansible roles]# ansible-galaxy init test 4. - Role test was created successfully 5. [root@Ansible roles]# tree 6. . 7. └── test 8. ├── defaults #默认文件存放位置 9. │ └── main.yml 10. ├── files #配置文件存放位置 11. ├── handlers #handler存放位置 12. │ └── main.yml 13. ├── meta #存放角色依赖的位置,比如要安装wordpress,我们需要先安装nginx和php,我们把playbook引用在这里,会优先执行这里的内容 14. │ └── main.yml 15. ├── README.md 16. ├── tasks 17. │ └── main.yml #建议每个roles只使用一个tasks,方便我们去调用 18. ├── templates #带变量文件存放位置 19. ├── tests 20. │ ├── inventory 21. │ └── test.yml 22. └── vars #变量存放位置 23. └── main.yml 24. 25. 9 directories, 8 files 26. [root@Ansible roles]#
Ansible Roles依赖关系
role允许在使用roles时自动引入其他的roles,role依赖关系存储在roles目录中meta/main.yml文件中。
以部署wordpress项目为例,前提是安装nginx和php,把服务跑起来,才能运行wordpress页面,此时,我们可以在wordpress的roles中定义依赖nginx和php的roles
1. [root@Ansible roles]# ansible-galaxy init wordpress 2. [root@Ansible roles]# cat /ansible/roles/wordpress/meta/main.yml 3. dependencies: 4. - { role: nginx } 5. - { role: php }
如果编写了meta目录下的main.yml文件,那么Ansible会自动先执行meta目录的main.yml文件中的dependencies
Ansible Roles实践
1、roles小技巧
创建roles目录结构,进入roles目录后,使用ansible-galaxy init test自动创建
2、roles重构rsync
1、创建目录结构
1. [root@Ansible ~]# cd /ansible/roles/ 2. [root@Ansible roles]# ll 3. total 0 4. [root@Ansible roles]# ansible-galaxy init rsync 5. - Role rsync was created successfully 6. [root@Ansible roles]# tss 7. -bash: tss: command not found 8. [root@Ansible roles]# tree 9. . 10. └── rsync 11. ├── defaults 12. │ └── main.yml 13. ├── files 14. ├── handlers 15. │ └── main.yml 16. ├── meta 17. │ └── main.yml 18. ├── README.md 19. ├── tasks 20. │ └── main.yml 21. ├── templates 22. ├── tests 23. │ ├── inventory 24. │ └── test.yml 25. └── vars 26. └── main.yml 27. 28. 9 directories, 8 files
2、定义主机列表,定义在roles目录下面,方便打包的时候可以-i hosts直接调用
1. [root@Ansible roles]# cat hosts 2. [backup] 3. 172.16.1.41
3、指定backup主机组,执行哪个roles
1. [root@Ansible roles]# cat site.yml 2. - hosts: backup 3. remote_user: root 4. roles: 5. - rsync
4、编写rsync角色的tasks任务
1. [root@Ansible ~]# cat /ansible/roles/rsync/tasks/main.yml 2. - name: install rsync server 3. yum: 4. name: rsync 5. state: present 6. - name: configure rsync server 7. template: 8. src: "{{ item.src }}" 9. dest: /etc/{{ item.dest }} 10. mode: "{{ item.mode }}" 11. loop: 12. - { src: "rsyncd.conf.j2" ,dest: "rsynd.conf" ,mode: "0644"} 13. - { src: "rsync.passwd.j2" ,dest: "rsync.passwd" ,mode: "0600"} 14. notify: restart rsync server 15. - name: start rsync server 16. systemd: 17. name: rsyncd 18. state: started 19. enabled: yes 20. - name: create group "{{ rsync_dir }}" 21. file: 22. path: /{{ rsync_dir }} 23. state: directory 24. owner: "{{ rs_user }}" 25. group: "{{ rsg_user }}"
5、编写rsync角色的handlers
1. [root@Ansible roles]# cat rsync/handlers/main.yml 2. - name: restart rsync server 3. service: 4. name: rsyncd 5. state: restarted
6、收集rsync角色的配置文件至files目录
1. [root@Ansible roles]# ll /ansible/roles/rsync/templates/ 2. total 8 3. -rw-r--r-- 1 root root 318 Apr 20 17:49 rsyncd.conf.j2 4. -rw-r--r-- 1 root root 24 Apr 20 17:50 rsyncd.passwd.j2 5. 6. [root@Ansible roles]# cat /ansible/roles/rsync/templates/rsyncd.conf.j2 7. uid = {{ rs_user }} 8. gid = {{ rsg_user }} 9. port = 873 10. fake super = yes 11. use chroot = no 12. max connections = 200 13. timeout = 600 14. ignore errors 15. read only = false 16. list = false 17. auth users = rsync_backup 18. secrets file = /etc/rsync.passwd 19. log file = /var/log/rsyncd.log 20. ##################################### 21. [backup] 22. path = /backup 23. 24. [root@Ansible roles]# cat /ansible/roles/rsync/templates/rsyncd.passwd.j2 25. rsync_backup:{{ pass }}
7、编写变量配置文件所需的变量
1. [root@Ansible roles]# cat rsync/vars/main.yml 2. rs_user : www 3. rsg_user : www 4. pass : 123456 5. rsync_dir: /backup
8、执行roles,测试rsync角色执行效果
1. [root@Ansible roles]# ansible-playbook -i hosts site.yml 2. 3. PLAY [all] ********************************************************************* 4. 5. TASK [Gathering Facts] ********************************************************* 6. ok: [172.16.1.31] 7. ok: [172.16.1.41] 8. 9. TASK [install rsync server] **************************************************** 10. skipping: [172.16.1.31] 11. ok: [172.16.1.41] 12. 13. TASK [configure rsync server] ************************************************** 14. skipping: [172.16.1.31] => (item={u'dest': u'rsynd.conf', u'src': u'rsyncd.conf.j2', u'mode': u'0644'}) 15. skipping: [172.16.1.31] => (item={u'dest': u'rsync.passwd', u'src': u'rsync.passwd.j2', u'mode': u'0600'}) 16. ok: [172.16.1.41] => (item={u'dest': u'rsynd.conf', u'src': u'rsyncd.conf.j2', u'mode': u'0644'}) 17. changed: [172.16.1.41] => (item={u'dest': u'rsync.passwd', u'src': u'rsync.passwd.j2', u'mode': u'0600'}) 18. 19. TASK [start rsync server] ****************************************************** 20. skipping: [172.16.1.31] 21. ok: [172.16.1.41] 22. 23. TASK [rsync : create group "/backup"] ****************************************** 24. skipping: [172.16.1.31] 25. ok: [172.16.1.41] 26. 27. RUNNING HANDLER [restart rsync server] ***************************************** 28. changed: [172.16.1.41] 29. 30. PLAY RECAP ********************************************************************* 31. 172.16.1.31 : ok=1 changed=0 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0 32. 172.16.1.41 : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3、roles重构nfs
1、构建nfs的用户目录
1. [root@Ansible ~]# cd /ansible/roles/ 2. [root@Ansible roles]# ansible-galaxy init nfs 3. - Role nfs was created successfully 4. [root@Ansible roles]# tree nfs 5. nfs 6. ├── defaults 7. │ └── main.yml 8. ├── files 9. ├── handlers 10. │ └── main.yml 11. ├── meta 12. │ └── main.yml 13. ├── README.md 14. ├── tasks 15. │ └── main.yml 16. ├── templates 17. ├── tests 18. │ ├── inventory 19. │ └── test.yml 20. └── vars 21. └── main.yml 22. 23. 8 directories, 8 files
2、 定义roles主机清单
1. [root@Ansible roles]# cat hosts 2. [nfs] 3. 172.16.1.31 4. 5. [backup] 6. 172.16.1.41
3、指定nfs主机组,执行哪个roles
1. [root@Ansible roles]# cat site.yml 2. - hosts: all 3. roles: 4. - role: nfs #此处是用的相对路径找的nfs 5. when: ansible_hostname is match "NFS" 6. - role: rsync 7. when: ansible_hostname is match "rsync"
4、编写nfs的tasks
1. [root@Ansible nfs]# cat tasks/main.yml 2. - name: install nfs server 3. yum: 4. name: nfs-utils 5. state: present 6. - name: configure nfs server 7. template: 8. src: exports 9. dest: /etc/exports 10. notify: restart nfs server 11. - name: create directory data 12. file: 13. path: "{{ share_dir }}" 14. state: directory 15. owner: www 16. group: www 17. mode: 0755 18. - name: start nfs server 19. systemd: 20. name: nfs 21. state: started 22. enabled: yes
5、编写nfs角色的handlers
1. [root@Ansible roles]# cat nfs/handlers/main.yml 2. - name: restart nfs server 3. systemd: 4. name: nfs 5. state: restarted
6、 准备nfs所需配置文件
1. [root@Ansible roles]# cat nfs/templates/exports 2. {{ share_dir }} {{ share_ip }}(rw,sync,all_squash,anonuid=666,anongid=666)
7、 定义nfs所需的变量
1. [root@Ansible roles]# cat nfs/vars/main.yml 2. share_dir: /data 3. share_ip : 172.16.1.0/24
8、执行roles,测试nfs角色执行效果
1. [root@Ansible roles]# ansible-playbook -i hosts site.yml 2. 3. PLAY [all] ********************************************************************* 4. 5. TASK [Gathering Facts] ********************************************************* 6. ok: [172.16.1.41] 7. ok: [172.16.1.31] 8. 9. TASK [install nfs server] ****************************************************** 10. skipping: [172.16.1.41] 11. ok: [172.16.1.31] 12. 13. TASK [configure nfs server] **************************************************** 14. skipping: [172.16.1.41] 15. changed: [172.16.1.31] 16. 17. TASK [nfs : create directory data] ********************************************* 18. skipping: [172.16.1.41] 19. ok: [172.16.1.31] 20. 21. TASK [start nfs server] ******************************************************** 22. skipping: [172.16.1.41] 23. ok: [172.16.1.31] 24. 25. RUNNING HANDLER [restart nfs server] ******************************************* 26. changed: [172.16.1.31] 27. 28. PLAY RECAP ********************************************************************* 29. 172.16.1.31 : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 30. 172.16.1.41 : ok=1 changed=0 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
Ansible Galaxy
Galaxy是一个免费网站,类似于github,网站上基本都是共享roles,从Galaxy下载roles是最快启动项目方式之一
ansible提供了一个命令ansible-galaxy,可以用来对roles项目进行初始化,查找,安装,移除等操作。
[root@Ansible ~]# ansible-galaxy --help #查看帮助
1、使用galaxy搜索项目
[root@Ansible ~]# ansible-galaxy search openvpn
2、查看详细信息
[root@Ansible ~]# ansible-galaxy info kostyrevaa.openvpn
3、安装项目
[root@Ansible ~]# ansible-galaxy install kyl191.openvpn
我是koten,10年运维经验,持续分享运维干货,感谢大家的阅读和关注!
