自动化运维工具Ansible之Roles测验详解
Ansible Roles 详解与实战案例
主机规划
添加用户账号
说明:
1、 运维人员使用的登录账号;
2、 所有的业务都放在 /app/ 下「yun用户的家目录」,避免业务数据乱放;
3、 该用户也被 ansible 使用,因为几乎所有的生产环境都是禁止 root 远程登录的(因此该 yun 用户也进行了 sudo 提权)。
1# 使用一个专门的用户,避免直接使用root用户2# 添加用户、指定家目录并指定用户密码3# sudo提权4# 让其它普通用户可以进入该目录查看信息5 useradd -u 1050 -d /app yun && echo"123456" | /usr/bin/passwd --stdin yun6echo"yun ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers7chmod755 /app/
Ansible 配置清单Inventory
之后文章都是如下主机配置清单
1 [yun@ansi-manager ansible_info]$ pwd2 /app/ansible_info
3 [yun@ansi-manager ansible_info]$ cat hosts_key
4 # 方式1、主机 + 端口 + 密钥
5[manageservers]
6172.16.1.180:22
7
8[proxyservers]
9172.16.1.18[1:2]:22
10
11 # 方式2:别名 + 主机 + 端口 + 密码
12[webservers]
13 web01 ansible_ssh_host=172.16.1.183 ansible_ssh_port=22
14 web02 ansible_ssh_host=172.16.1.184 ansible_ssh_port=22
15 web03 ansible_ssh_host=172.16.1.185 ansible_ssh_port=22
Ansible Roles 基本概述
前面已经学习了 变量、tasks 和 handlers,那怎样组织 playbook 才是最好的方式呢?
简单的回答就是:使用 roles。roles 基于一个已知的文件结构,去自动的加载某些 vars_files,tasks 以及 handlers。以便 playbook 更好的调用。相比 playbook,roles 的结构更加的清晰有层次。
假如:无论我们安装什么软件都会安装时间同步服务,那么每个 playbook 都要编写时间同步服务的 task。此时我们可以将时间同步服务 task 写好,等到用的时候再调用即可。
注意事项:在编写 roles 的时候,最好能够将一个 task 拆分为一个文件,方便后续复用「彻底打散」。
Roles 目录结构
在 roles 目录下,可以使用如下命令创建目录
ansible-galaxy init nfs roles # 其中 nfs 为目录名称
这样创建的目录是全目录,但是我们可能只需要部分目录,因此实际应用中大多数都由我们自己创建目录,而不是用命令创建目录。
示例目录构造如下:
1 [yun@ansi-manager tmp]$ tree ./2 ./
3├── sit.yml
4├── webservers.yml
5└── roles
6 └── nfs # 角色名称
7 ├── defaults # 角色默认变量(最低优先级)
8 │ └── main.yml
9 ├── files # 文件存放
10 ├── handlers # 触发任务
11 │ └── main.yml
12 ├── meta # 依赖关系
13 │ └── main.yml
14 ├── README.md # 使用说明
15 ├── tasks # 具体任务
16 │ └── main.yml
17 ├── templates # 模板文件
18 └── vars # 角色其他变量
19 └── main.yml
20
2110 directories, 10 files
目录说明:
1、首先要有 roles 目录,然后在 roles 目录下创建相应的目录。
2、roles 下的目录名最好见文知意,如 common 目录表示基础目录,是必要的;nfs 目录表示安装 nfs 服务;memcached 目录表示安装 memcached 服务;等等。
3、可以根据自身需要创建 roles 下的二级目录,不需要的目录可以不创建,没需要全目录创建。
4、roles 目录下的二级目录中,有些目录必须包含一个 main.yml 文件,以便 ansible 使用。
Roles 依赖关系
roles 允许在使用 role 时自动引入其他 role。roles 的依赖关系存储在 role 目录中的 meta/main.yml 文件中。
例如:安装 WordPress 是需要先确保 Nginx 和 PHP 都能正常运行,此时都可以在 WordPress 的 role 中定义依赖 Nginx 和 php-fpm 的 role。
1 [yun@ansi-manager playbook]$ cat /app/roles/wordpress/meta/main.yml2 ---3dependencies:
4 - { role: nginx }
5 - { role: php-fpm }
此时 WordPress 的 role 会先执行 Nginx 的 role,然后执行 php-fpm 的 role,最后再执行 WordPress 本身的 role。
Ansible Roles 案例实战-部署 NFS 服务
整体目录结构
1 [yun@ansi-manager ansible_roles]$ pwd2 /app/ansible_info/ansible_roles
3 [yun@ansi-manager ansible_roles]$ ll
4 total 4
5 drwxrwxr-x 2 yun yun 17 Sep 1519:41 group_vars
6 -rw-rw-r-- 1 yun yun 108 Sep 1519:37 nfs_server.yml
7 drwxrwxr-x 4 yun yun 35 Sep 1518:00 roles
8 [yun@ansi-manager ansible_roles]$ tree # 目录结构
9.
10├── group_vars
11│ └── all
12├── nfs_server.yml
13└── roles
14 ├── nfs # 服务端
15 │ ├── handlers
16 │ │ └── main.yml
17 │ ├── tasks
18 │ │ ├── config.yml
19 │ │ ├── install.yml
20 │ │ ├── main.yml
21 │ │ ├── mkdir.yml
22 │ │ ├── start_NFS.yml
23 │ │ └── start_rpcbind.yml
24 │ └── templates
25 │ └── exports.j2
26 └── nfs_client # 客户端
27 └── tasks
28 └── main.yml
29
309 directories, 11 files
服务端信息
目录结构
1 [yun@ansi-manager ansible_roles]$ pwd2 /app/ansible_info/ansible_roles
3 [yun@ansi-manager ansible_roles]$ tree roles/nfs
4 roles/nfs
5├── handlers
6│ └── main.yml
7├── tasks
8│ ├── config.yml
9 │ ├── install.yml
10│ ├── main.yml
11 │ ├── mkdir.yml
12│ ├── start_NFS.yml
13│ └── start_rpcbind.yml
14└── templates
15 └── exports.j2
16
174 directories, 8 files
tasks任务目录信息
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/main.yml 2 - include_tasks: install.yml 3 - include_tasks: config.yml 4 - include_tasks: mkdir.yml 5 - include_tasks: start_rpcbind.yml 6 - include_tasks: start_NFS.yml 78 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/install.yml
9 - name: "install package NFS "
10yum:
11 name:
12 - nfs-utils
13 - rpcbind
14 state: present
15
16 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/config.yml
17 - name: "NFS server config and edit restart"
18 template:
19 src: exports.j2
20 dest: /etc/exports
21 owner: root
22 group: root
23 mode: "644"
24 notify: "reload NFS server"
25
26 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/mkdir.yml
27 - name: "create NFS dir"
28file:
29 path: /data
30 owner: yun
31 group: yun
32 state: directory
33 recurse: yes
34
35 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_rpcbind.yml
36 - name: "rpcbind server start"
37 systemd:
38 name: rpcbind
39 state: started
40 daemon_reload: yes
41 enabled: yes
42
43 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_NFS.yml
44 - name: "NFS server start"
45 systemd:
46 name: nfs
47 state: started
48 daemon_reload: yes
49 enabled: yes
handlers任务目录信息
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/handlers/main.yml 2 - name: "reload NFS server"3 systemd:
4 name: nfs
5 state: reloaded
模板目录信息
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/templates/exports.j2 2 {{ nfs_dir }} 172.16.1.0/24(rw,sync,root_squash,all_squash,anonuid=1050,anongid=1050)
客户端信息
客户端就比较简单了,就一个挂载任务
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs_client/tasks/main.yml 2 - name: "mount NFS server"3mount:
4 src: 172.16.1.180:{{ nfs_dir }}
5 path: /mnt
6 fstype: nfs
7 opts: defaults
8 state: mounted
变量信息
1 [yun@ansi-manager ansible_roles]$ pwd2 /app/ansible_info/ansible_roles
3 [yun@ansi-manager ansible_roles]$ cat group_vars/all
4# NFS 服务端目录
5 nfs_dir: /data
playbook 信息
1 [yun@ansi-manager ansible_roles]$ cat nfs_server.yml 2 ---3# NFS server
4 - hosts: manageservers
5 roles:
6 - nfs
7
8 - hosts: proxyservers
9 roles:
10 - nfs_client
任务执行
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check nfs_server.yml # 语法检测2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C nfs_server.yml # 预执行,测试执行3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key nfs_server.yml # 执行
Ansible Roles 案例实战-部署 memcached 服务
整体目录结构
1 [yun@ansi-manager ansible_roles]$ pwd2 /app/ansible_info/ansible_roles
3 [yun@ansi-manager ansible_roles]$ ll
4 total 8
5 -rw-rw-r-- 1 yun yun 71 Sep 1609:05 memcached_server.yml
6 drwxrwxr-x 5 yun yun 52 Sep 1608:38 roles
7 [yun@ansi-manager ansible_roles]$ tree roles/
8 roles/
9└── memcached
10 ├── handlers
11 │ └── main.yml
12 ├── tasks
13 │ ├── config.yml
14 │ ├── install.yml
15 │ ├── main.yml
16 │ └── start.yml
17 └── templates
18 └── memcached.j2
19
2011 directories, 15 files
服务信息
目录结构
1 [yun@ansi-manager memcached]$ pwd2 /app/ansible_info/ansible_roles/roles/memcached
3 [yun@ansi-manager memcached]$ ll
4 total 0
5 drwxrwxr-x 2 yun yun 22 Sep 1608:56 handlers
6 drwxrwxr-x 2 yun yun 76 Sep 1608:53 tasks
7 drwxrwxr-x 2 yun yun 26 Sep 1608:55 templates
8 [yun@ansi-manager memcached]$ tree
9.
10├── handlers
11│ └── main.yml
12├── tasks
13│ ├── config.yml
14 │ ├── install.yml
15│ ├── main.yml
16│ └── start.yml
17└── templates
18 └── memcached.j2
19
203 directories, 6 files
tasks任务目录信息
1 [yun@ansi-manager memcached]$ cat tasks/main.yml 2 - include_tasks: install.yml 3 - include_tasks: config.yml 4 - include_tasks: start.yml 56 [yun@ansi-manager memcached]$ cat tasks/install.yml
7 - name: " install package memcached"
8yum:
9 name: memcached
10 state: present
11
12 [yun@ansi-manager memcached]$ cat tasks/config.yml
13 - name: "memcached server config and edit restart"
14 template:
15 src: memcached.j2
16 dest: /etc/sysconfig/memcached
17 owner: root
18 group: root
19 mode: "644"
20 notify: "restart memcached server"
21
22 [yun@ansi-manager memcached]$ cat tasks/start.yml
23 - name: "memcached server start"
24 systemd:
25 name: memcached
26 state: started
27 daemon_reload: yes
28 enabled: yes
handlers任务目录信息
1 [yun@ansi-manager memcached]$ cat handlers/main.yml 2 - name: "restart memcached server"3 systemd:
4 name: memcached
5 state: restarted
模板目录信息
1 [yun@ansi-manager memcached]$ cat templates/memcached.j2 2 PORT="11211"3 USER="memcached"
4 MAXCONN="1024"
5 CACHESIZE="{{ ansible_memtotal_mb // 2 }}"
6 OPTIONS=""
playbook 信息
1 [yun@ansi-manager ansible_roles]$ cat memcached_server.yml 2 ---3# memcached server
4 - hosts: manageservers
5 roles:
6 - memcached
任务执行
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check memcached_server.yml # 语法检测2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C memcached_server.yml # 预执行,测试执行3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key memcached_server.yml # 执行
Ansible Roles 案例实战-部署 Rsync 服务
整体目录结构
1 [yun@ansi-manager ansible_roles]$ pwd2 /app/ansible_info/ansible_roles
3 [yun@ansi-manager ansible_roles]$ ll
4 total 12
5 drwxrwxr-x 2 yun yun 17 Sep 2909:33 group_vars
6 drwxrwxr-x 7 yun yun 86 Sep 2908:49 roles
7 -rw-rw-r-- 1 yun yun 116 Sep 2909:50 rsyncd_server.yml
8 [yun@ansi-manager ansible_roles]$ tree roles/
9 roles/
10├── rsync_client
11│ ├── tasks
12│ │ └── main.yml
13│ └── templates
14│ └── rsync.password.j2
15└── rsyncd
16 ├── handlers
17 │ └── main.yml
18 ├── tasks
19 │ ├── config.yml
20 │ ├── install.yml
21 │ ├── main.yml
22 │ ├── mkdir.yml
23 │ └── start_rsyncd.yml
24 └── templates
25 ├── rsyncd.conf.j2
26 └── rsync.password.j2
27
2818 directories, 25 files
服务端信息
目录结构
1 [yun@ansi-manager rsyncd]$ pwd2 /app/ansible_info/ansible_roles/roles/rsyncd
3 [yun@ansi-manager rsyncd]$ tree
4.
5├── handlers
6│ └── main.yml
7├── tasks
8│ ├── config.yml
9 │ ├── install.yml
10│ ├── main.yml
11 │ ├── mkdir.yml
12│ └── start_rsyncd.yml
13└── templates
14 ├── rsyncd.conf.j2
15 └── rsync.password.j2
16
173 directories, 8 files
tasks任务目录信息
1 [yun@ansi-manager rsyncd]$ pwd2 /app/ansible_info/ansible_roles/roles/rsyncd
3 [yun@ansi-manager rsyncd]$ cat tasks/main.yml
4 - include_tasks: install.yml
5 - include_tasks: config.yml
6 - include_tasks: mkdir.yml
7 - include_tasks: start_rsyncd.yml
8
9 [yun@ansi-manager rsyncd]$ cat tasks/install.yml
10 - name: "Install package rsync"
11yum:
12 name: rsync
13 state: present
14
15 [yun@ansi-manager rsyncd]$ cat tasks/config.yml
16 - name: "rsyncd server config and edit restart"
17 template:
18 src: rsyncd.conf.j2
19 dest: /etc/rsyncd.conf
20 owner: root
21 group: root
22 mode: "644"
23 notify: "restart rsyncd server"
24
25 - name: "rsyncd server password file"
26 template:
27 src: rsync.password.j2
28 dest: /etc/rsync.password
29 owner: root
30 group: root
31 mode: "400"
32
33 [yun@ansi-manager rsyncd]$ cat tasks/mkdir.yml
34 - name: "create rsync business backup dir"
35file:
36 path: /backup/busi_data
37 owner: root
38 group: root
39 state: directory
40 recurse: yes
41
42 - name: "create rsync database backup dir"
43file:
44 path: /backup/database
45 owner: root
46 group: root
47 state: directory
48 recurse: yes
49
50 [yun@ansi-manager rsyncd]$ cat tasks/start_rsyncd.yml
51 - name: "rsyncd server start"
52 systemd:
53 name: rsyncd
54 state: started
55 daemon_reload: yes
56 enabled: yes
handlers任务目录信息
1 [yun@ansi-manager rsyncd]$ cat handlers/main.yml 2 - name: "restart rsyncd server"3 systemd:
4 name: rsyncd
5 state: restarted
模板目录信息
1 [yun@ansi-manager rsyncd]$ pwd2 /app/ansible_info/ansible_roles/roles/rsyncd
3 [yun@ansi-manager rsyncd]$ cat templates/rsyncd.conf.j2 # 文件1
4 # 备注:更多参数与更多详解,参见 man rsyncd.conf
5 #rsync_config---------------start
6 uid = root
7 gid = root
8 use chroot = false
9 max connections = 200
10 timeout = 100
11 pid file = /var/run/rsyncd.pid
12 lock file = /var/run/rsync.lock
13 log file = /var/log/rsyncd.log
14 dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
15 ignore errors = true
16 read only = false
17 list = false
18
19## 注意为了避免困惑 hosts allow 和 hosts deny 请二选其一
20 hosts allow = 172.16.1.0/24,10.9.0.0/16,120.27.48.179
21 # hosts deny = 10.0.0.0/16
22# 支持多个认证账号
23 auth users = {{ auth_user }}
24 secrets file = /etc/rsync.password
25
26
27# 数据备份 注意 path 目录的权限信息
28[back_data_module]
29 path = /backup/busi_data/
30
31# 数据库备份 注意 path 目录的权限信息
32[back_db_module]
33 path = /backup/database/
34
35 #rsync_config---------------end
36
37 [yun@ansi-manager rsyncd]$ cat templates/rsync.password.j2 # 文件2
38 {{ auth_user }}:{{ auth_pawd }}
客户端信息
1 [yun@ansi-manager rsync_client]$ pwd2 /app/ansible_info/ansible_roles/roles/rsync_client
3 [yun@ansi-manager rsync_client]$ tree # 目录结构
4.
5├── tasks
6│ └── main.yml
7└── templates
8 └── rsync.password.j2
9
102 directories, 2 files
11 [yun@ansi-manager rsync_client]$ cat tasks/main.yml # tasks 信息
12 - name: "rsync passwrod file config"
13 template:
14 src: rsync.password.j2
15 dest: /etc/rsync.password
16 owner: root
17 group: root
18 mode: "400"
19
20 [yun@ansi-manager rsync_client]$ cat templates/rsync.password.j2 # 模板信息
21 {{ auth_pawd }}
变量信息
1 [yun@ansi-manager ansible_roles]$ pwd2 /app/ansible_info/ansible_roles
3 [yun@ansi-manager ansible_roles]$ cat group_vars/all
4# NFS 服务端目录
5 nfs_dir: /data
6# rsync daemon 使用
7auth_user: rsync_backup
8 auth_pawd: rsync_backup_pwd
playbook 信息
1 [yun@ansi-manager ansible_roles]$ cat rsyncd_server.yml 2 ---3# rsyncd server
4 - hosts: manageservers
5 roles:
6 - rsyncd
7
8 - hosts: proxyservers
9 roles:
10 - rsync_client
任务执行
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check rsyncd_server.yml # 语法检测2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C rsyncd_server.yml # 预执行,测试执行3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key rsyncd_server.yml # 执行
Ansible Galaxy
https://galaxy.ansible.com
———END———
如果觉得不错就关注下呗 (-^O^-) !
以上是 自动化运维工具Ansible之Roles测验详解 的全部内容, 来源链接: utcz.com/z/516295.html
