自动化运维工具-Ansible之7-roles
目录
Ansible Roles基本概述
不管是Ansible还是saltstack,在写一键部署的时候,都不可能把所有的步骤全部写入到一个'剧本'文件当中,我们肯定需要把不同的工作模块,拆分开来,解耦。说到解耦,我们就需要用到官方推荐的roles,因为roles的目录结构层次更加清晰。
建议:每个roles最好只使用一个tasks,这样方便我们去调用,能够很好的做到解耦。(SOA)
Ansible Roles目录结构
官方推荐目录结构
production # 生产服务器的清单文件
staging # 登台环境的清单文件
group_vars/
group1.yml # 这里我们将变量分配给特定的主机组
group2.yml
host_vars/
hostname1.yml # 这里我们将变量分配给特定的主机
hostname2.yml
library/ # 如果有自定义模块,请将它们放在此处(可选)
module_utils/ # 如果有任何自定义模块支持模块,请将它们放在此处(可选)
filter_plugins/ # 如果有定制的过滤器插件,把它们放在这里(可选)
site.yml # master playbook
webservers.yml # playbook for webserver tier
dbservers.yml # playbook for dbserver tier
roles/
common/ # 这个层次结构代表一个“角色”
tasks/ #
main.yml # <-- tasks file can include smaller files
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- 此角色的相关变量
defaults/ #
main.yml # <-- 此角色的默认低优先级变量
meta/ #
main.yml # <-- role dependencies
library/ # roles can also include custom modules
module_utils/ # roles can also include custom module_utils
lookup_plugins/ # 或者其他类型的插件,比如本例中的lookup
webtier/ # webtier角色的结构与“common”相同
... ...
使用galaxy创建roles目录结构
[root@m01 ~]# tree /etc/ansible/roles/wordpress/
nfs/ # 项目名称
├── defaults # 低优先级变量
├── files # 资源文件
├── handlers # 触发器文件
├── meta # 依赖关系文件
├── tasks # 工作任务文件
├── templates # jinja2模板文件
├── tests # 测试文件
└── vars # 变量文件
Ansible Roles依赖关系
roles允许你在使用roles时自动引入其他的roles。
role依赖关系存储在roles目录中meta/main.yml文件中。
例如:
推送wordpress并解压,前提条件,必须要安装nginx和php,把服务跑起来,才能运行wordpress的页面,此时我们就可以在wordpress的roles中定义依赖nginx和php的roles。
在meta目录下的main.yml文件中添加依赖关系,Ansible会自动先执行meta目录中main.yml文件中的dependencies文件。
[root@m01 ~]# vim /etc/ansible/roles/wordpress/meta/main.yml
dependencies:
- { role: nginx }
- { role: php }
那么,如上所示,就会先执行nginx和php的安装。
Ansible Roles实践
roles小技巧
- 创建
roles目录结构,手动使用ansible-galaxy init rolename - 编写
roles功能 - 在
playbook中引用
配置主机清单
[root@m01 roles]# cat > /etc/ansible/hosts <<EOF
[lb_group]
lb01 ansible_ssh_host=10.0.0.5
lb02 ansible_ssh_host=10.0.0.6
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
[nfs_group]
nfs ansible_ssh_host=10.0.0.31
[backup_group]
backup ansible_ssh_host=10.0.0.41
[db_group]
db01 ansible_ssh_host=10.0.0.51
[nfs_C_S:children]
web_group
nfs_group
[backup_C_S:children]
web_group
backup_group
[nginx_server:children]
web_group
lb_group
EOF
rsync
- 规划rsync目录结构
[root@m01 ~]# cd /etc/ansible/roles/
[root@m01 roles]# ansible-galaxy init rsync
- Role rsync was created successfully
[root@m01 roles]# tree
.
└── rsync
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
- 创建rsync角色tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/rsync/tasks/main.yml << EOF
- name: Install Rsyncd Server
yum:
name: rsync
state: present
- name: Configure Rsync Server
copy:
src: {{ item.src }}
dest: /etc/{{ item.dest }}
mode: {{ item.mode }}
with_items:
- {src: "rsyncd.conf", dest: "rsyncd.conf", mode: "0644"}
- {src: "rsync.passwd", dest: "rsync.passwd", mode: "0600"}
notify: Restart Rsync Server
- name: Start Rsync Server
systemd:
name: rsyncd
state: started
enabled: yes
# 安装rsync
- name: Install Rsyncd Server
yum:
name: rsync
state: present
# 创建www组
- name: Create www Group
group:
name: www
gid: 666
# 创建www用户
- name: Create www User
user:
name: www
group: www
uid: 666
create_home: false
shell: /sbin/nologin
# 推送rsync配置文件
- name: Scp Rsync Config
copy:
src: ./rsyncd.j2
dest: /etc/rsyncd.conf
owner: root
group: root
mode: 0644
# 创建用户密码文件并授权
- name: Create Passwd File
copy:
content: 'rsync_backup:123456'
dest: /etc/rsync.passwd
owner: root
group: root
mode: 0600
# 创建/backup目录
- name: Create backup Directory
file:
path: /backup
state: directory
mode: 0755
owner: www
group: www
recurse: yes
# 启动rsync服务并加入开机启动
- name: Start Rsyncd Server
systemd:
name: rsyncd
state: started
enabled: yes
# 创建脚本存放目录
- name: Create scripts Directory
file:
path: /server/scripts
state: directory
mode: 0755
owner: root
group: root
recurse: yes
# 推送客户端脚本
- name: Scp Rsync scripts
copy:
src: ./client_rsync_backup.j2
dest: /server/scripts/client_rsync_backup.sh
owner: root
group: root
mode: 0644
# 加入crontab
- name: Crontab Rsync Backup
cron:
name: "Rsync Backup"
minute: "00"
hour: "01"
job: "/bin/bash /server/scripts/client_rsync_backup.sh &>/dev/null"
EOF
- 创建rsync角色的handlers任务
[root@m01 roles]# cat /etc/ansible/roles/rsync/handlers/main.yml
- name: Restart Rsync Server
service:
name: rsyncd
state: restarted
- 创建rsync角色的files资源
# 准备rsync配置文件
[root@m01 roles]# cat > /etc/ansible/roles/rsync/files/rsyncd.conf <<EOF
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
EOF
[root@m01 roles]# cat > /etc/ansible/roles/rsync/files/rsync.passwd <<EOF
rsync_backup:123456
EOF
# 准备客户端脚本
[root@m01 roles]# vi /etc/ansible/roles/rsync/files/client_rsync_backup.j2
#!/usr/bin/bash
# 1.定义变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
Host=$(hostname)
Addr=$(ifconfig eth1|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
# 2.创建备份目录
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
# 3.备份对应的文件
cd / &&
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf &&
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure &&
# 4.携带md5验证信息
[ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_$Date
# 5.推送本地数据至备份服务器
export RSYNC_PASSWORD=123456
rsync -avz $Path/ rsync_backup@172.16.1.41::backup
# 6.本地保留最近7天的数据
find $Path/ -type d -mtime +7 | xargs rm -rf
执行roles,使用-t指定执行测试rsync角色
[root@m01 roles]# ansible-playbook -i hosts -t rsync site.yml
nfs
- 规划nfs目录结构
[root@m01 roles]# ansible-galaxy init nfs
- Role nfs was created successfully
[root@m01 roles]# tree /etc/ansible/roles
tree nfs
nfs
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
2.指定nfs主机组,执行那个roles
[root@m01 roles]# cat /etc/ansible/roles/site.yml
- hosts: nfs
remote_user: root
roles:
- nfs
tags: nfs
4.查看nfs角色的tasks任务
[root@m01 roles]# cat /etc/ansible/roles/nfs/tasks/main.yml
- name: Install Nfs-Server
yum:
name:nfs-utils
state: present
- name: Configure Nfs-Server
template:
src: exports
dest: /etc/exports
notify: Restart Nfs-Server
- name: Create Directory Data
file:
path: {{ share_dir }}
state: directory
owner: www
group: www
mode: 0755
- name: Start Nfs-Server
systemd:
name: nfs
state: started
enabled: yes
5.查看nfs角色的handlers
[root@m01 roles]# cat /etc/ansible/roles/nfs/handlers/main.yml
- name: Restart Nfs Server
systemd:
name: nfs
state: restarted
6.查看nfs角色的files目录
[root@m01 roles]# cat /etc/ansible/roles/nfs/templates/exports
{{ share_dir }} {{ share_ip }}(rw,sync,all_squash,anonuid=666,anongid=666)
7.nfs对应的变量定义
[root@m01 roles]# cat /etc/ansible/roles/group_vars/all
#nfs
share_dir: /data
share_ip: 172.16.1.31
8.执行roles,使用-t指定执行nfs标签
[root@m01 roles]# ansible-playbook -i hosts -t nfs site.yml
php
1)规划php目录结构
[root@m01 /project/roles]# ansible-galaxy init php
- Role php was created successfully
2)准备php的文件
[root@m01 /project/roles]# cp /root/package/php.tar.gz php/files/
[root@m01 /project/roles]# cp /root/conf/php.ini php/files/
[root@m01 /project/roles]# cp /root/conf/www.conf php/files/
3)编写playbook
[root@m01 /project/roles]# cat php/tasks/main.yml
- name: Tar php.tar.gz
unarchive:
src: php.tar.gz
dest: /tmp/
- name: Install PHP Server
shell: "yum localinstall -y /tmp/*.rpm"
- name: Config PHP Server
copy:
src: php.ini
dest: /etc/
notify: restart_php
- name: Config PHP Server
copy:
src: www.conf
dest: /etc/php-fpm.d/
notify: restart_php
- name: Start PHP Server
systemd:
name: php-fpm
state: started
4)编写触发器
[root@m01 /project/roles]# vim php/handlers/main.yml
- name: restart_php
systemd:
name: php-fpm
state: restarted
mariadb
1)规划mariadb目录结构
[root@m01 /project/roles]# ansible-galaxy init mariadb
- Role mariadb was created successfully
2)配置playbook
[root@m01 /project/roles]# vim mariadb/tasks/main.yml
- name: Install Mariadb Server
yum:
name: "{{ item.name }}"
state: present
with_items:
- { name: mariadb-server }
- { name: MySQL-python }
- name: Start Mariadb Server
systemd:
name: mariadb
state: started
enabled: yes
wordpress
1)规划wordpress目录结构
[root@m01 /project/roles]# ansible-galaxy init wordpress
- Role wordpress was created successfully
2)准备文件
[root@m01 /project/roles]# cp /root/conf/linux.wp.com.conf ./wordpress/files/
[root@m01 /project/roles]# cd wordpress/files/
[root@m01 /project/roles/wordpress/files]# rz wordpress.tar.gz
[root@m01 /project/roles/wordpress/files]# cp /root/conf/wp-config.php ./
3)编写playbook
#安装wordpress部分
[root@m01 /project/roles/wordpress]# cat tasks/main.yml
- name: Mkdir code
file:
path: /code
state: directory
owner: www
group: www
- name: Tar wordpress.tar.gz
unarchive:
src: wordpress.tar.gz
dest: /code/
owner: www
group: www
recurse: yes
- name: Config wordpress conf
copy:
src: linux.wp.com.conf
dest: /etc/nginx/conf.d/
notify: restart_wp_nginx
4)编写触发器
[root@m01 /project/roles/wordpress]# vim handlers/main.yml
- name: restart_wp_nginx
systemd:
name: nginx
state: restarted
5)编写建库palybook
#建库的目录结构
[root@m01 /project/roles]# ansible-galaxy init database
- Role database was created successfully
#编写playbook
[root@m01 /project/roles]# vim database/tasks/main.yml
- name: Create worpdress Database
mysql_db:
name: wordpress
state: present
- name: Create wp Database User
mysql_user:
name: "wp"
host: "172.16.1.%"
password: '123456'
priv: "wordpress.*:ALL"
state: present
slb
1)规划slb目录结构
[root@m01 /project/roles]# ansible-galaxy init slb
- Role slb was created successfully
2)准备文件
[root@m01 /project/roles]# cp /root/conf/proxy.j2 ./slb/templates/
[root@m01 /project/roles]# cp /root/conf/proxy_params ./slb/files/
3)编写playbook
[root@m01 /project]# vim roles/slb/tasks/main.yml
- name: Config slb Server
template:
src: proxy.j2
dest: /etc/nginx/conf.d/proxy.conf
notify: restart_slb
- name: Copy proxy_params
copy:
src: proxy_params
dest: /etc/nginx/
- name: Start Web Nginx Server
systemd:
name: nginx
state: started
enabled: yes
4)编写触发器
[root@m01 /project/roles]# vim slb/handlers/main.yml
- name: restart_slb
systemd:
name: nginx
state: restarted
5)配置依赖
[root@m01 /project/roles]# vim slb/meta/main.yml
dependencies:
- { role: nginx }
keepalived
1)规划slb目录结构
[root@m01 /project/roles]# ansible-galaxy init keepalived
- Role keepalived was created successfully
2)准备文件
[root@m01 /project/roles]# cp /root/conf/keepalived.j2 ./keepalived/templates/
3)编写palybook
[root@m01 /project/roles]# vim keepalived/tasks/main.yml
- name: Install keepalived
yum:
name: keepalived
state: present
- name: Config keepalive
template:
src: keepalived.j2
dest: /etc/keepalived/keepalived.conf
- name: Start keepalived
systemd:
name: keepalived
state: restarted
创建主playbook
[root@m01 roles]# cat > /etc/ansible/roles/site.yml <<EOF
- hosts: all
remote_user: root
roles:
- role: rsync
- role: nginx
when: ansible_fqdn is match "web*"
- role: php
when: ansible_fqdn is match "web*"
- role: mariadb
when: ansible_fqdn == "db01"
- role: database
when: ansible_fqdn == "db01"
- role: wordpress
when: ansible_fqdn is match "web*"
- role: slb
when: ansible_fqdn is match "lb*"
- role: keepalived
EOF