zoukankan      html  css  js  c++  java
  • 自动化运维工具Ansible之Roles角色详解

    Ansible Roles 详解与实战案例

    主机规划

    添加用户账号

    说明:

    1、 运维人员使用的登录账号;

    2、 所有的业务都放在 /app/ 下「yun用户的家目录」,避免业务数据乱放;

    3、 该用户也被 ansible 使用,因为几乎所有的生产环境都是禁止 root 远程登录的(因此该 yun 用户也进行了 sudo 提权)。

    复制代码
    1 # 使用一个专门的用户,避免直接使用root用户
    2 # 添加用户、指定家目录并指定用户密码
    3 # sudo提权
    4 # 让其它普通用户可以进入该目录查看信息
    5 useradd -u 1050 -d /app yun && echo '123456' | /usr/bin/passwd --stdin yun
    6 echo "yun  ALL=(ALL)       NOPASSWD: ALL" >>  /etc/sudoers
    7 chmod 755 /app/
    复制代码

    Ansible 配置清单Inventory

    之后文章都是如下主机配置清单

    复制代码
     1 [yun@ansi-manager ansible_info]$ pwd
     2 /app/ansible_info
     3 [yun@ansi-manager ansible_info]$ cat hosts_key 
     4 # 方式1、主机 + 端口 + 密钥
     5 [manageservers]
     6 172.16.1.180:22
     7 
     8 [proxyservers]
     9 172.16.1.18[1:2]:22
    10 
    11 # 方式2:别名 + 主机 + 端口 + 密码
    12 [webservers]
    13 web01 ansible_ssh_host=172.16.1.183 ansible_ssh_port=22
    14 web02 ansible_ssh_host=172.16.1.184 ansible_ssh_port=22
    15 web03 ansible_ssh_host=172.16.1.185 ansible_ssh_port=22
    复制代码

    Ansible Roles 基本概述

    前面已经学习了 变量、tasks 和 handlers,那怎样组织 playbook 才是最好的方式呢?

    简单的回答就是:使用 roles。roles 基于一个已知的文件结构,去自动的加载某些 vars_files,tasks 以及 handlers。以便 playbook 更好的调用。相比 playbook,roles 的结构更加的清晰有层次。

    假如:无论我们安装什么软件都会安装时间同步服务,那么每个 playbook 都要编写时间同步服务的 task。此时我们可以将时间同步服务 task 写好,等到用的时候再调用即可。

    注意事项:在编写 roles 的时候,最好能够将一个 task 拆分为一个文件,方便后续复用「彻底打散」。

    Roles 目录结构

    在 roles 目录下,可以使用如下命令创建目录

    ansible-galaxy init nfs roles   # 其中 nfs 为目录名称

    这样创建的目录是全目录,但是我们可能只需要部分目录,因此实际应用中大多数都由我们自己创建目录,而不是用命令创建目录。

    示例目录构造如下:

    复制代码
     1 [yun@ansi-manager tmp]$ tree ./
     2 ./
     3 ├── sit.yml
     4 ├── webservers.yml
     5 └── roles
     6     └── nfs                  # 角色名称
     7         ├── defaults         # 角色默认变量(最低优先级)
     8         │   └── main.yml
     9         ├── files            # 文件存放
    10         ├── handlers         # 触发任务
    11         │   └── main.yml
    12         ├── meta             # 依赖关系
    13         │   └── main.yml
    14         ├── README.md        # 使用说明
    15         ├── tasks            # 具体任务
    16         │   └── main.yml
    17         ├── templates        # 模板文件
    18         └── vars             # 角色其他变量
    19             └── main.yml
    20 
    21 10 directories, 10 files
    复制代码

    目录说明:

    1、首先要有 roles 目录,然后在 roles 目录下创建相应的目录。

    2、roles 下的目录名最好见文知意,如 common 目录表示基础目录,是必要的;nfs 目录表示安装 nfs 服务;memcached 目录表示安装 memcached 服务;等等。

    3、可以根据自身需要创建 roles 下的二级目录,不需要的目录可以不创建,没需要全目录创建。

    4、roles 目录下的二级目录中,有些目录必须包含一个 main.yml 文件,以便 ansible 使用。

    Roles 依赖关系

    roles 允许在使用 role 时自动引入其他 role。roles 的依赖关系存储在 role 目录中的 meta/main.yml 文件中。

    例如:安装 WordPress 是需要先确保 Nginx 和 PHP 都能正常运行,此时都可以在 WordPress 的 role 中定义依赖 Nginx 和 php-fpm 的 role。

    1 [yun@ansi-manager playbook]$ cat /app/roles/wordpress/meta/main.yml
    2 ---
    3 dependencies:
    4   - { role: nginx }
    5   - { role: php-fpm }

    此时 WordPress 的 role 会先执行 Nginx 的 role,然后执行 php-fpm 的 role,最后再执行 WordPress 本身的 role。

    Ansible Roles 案例实战-部署 NFS 服务

    整体目录结构

    复制代码
     1 [yun@ansi-manager ansible_roles]$ pwd
     2 /app/ansible_info/ansible_roles
     3 [yun@ansi-manager ansible_roles]$ ll
     4 total 4
     5 drwxrwxr-x 2 yun yun  17 Sep 15 19:41 group_vars
     6 -rw-rw-r-- 1 yun yun 108 Sep 15 19:37 nfs_server.yml
     7 drwxrwxr-x 4 yun yun  35 Sep 15 18:00 roles
     8 [yun@ansi-manager ansible_roles]$ tree  # 目录结构
     9 .
    10 ├── group_vars
    11 │   └── all
    12 ├── nfs_server.yml
    13 └── roles
    14     ├── nfs  # 服务端
    15     │   ├── handlers
    16     │   │   └── main.yml
    17     │   ├── tasks
    18     │   │   ├── config.yml
    19     │   │   ├── install.yml
    20     │   │   ├── main.yml
    21     │   │   ├── mkdir.yml
    22     │   │   ├── start_NFS.yml
    23     │   │   └── start_rpcbind.yml
    24     │   └── templates
    25     │       └── exports.j2
    26     └── nfs_client  # 客户端
    27         └── tasks
    28             └── main.yml
    29 
    30 9 directories, 11 files
    复制代码

    服务端信息

    目录结构

    复制代码
     1 [yun@ansi-manager ansible_roles]$ pwd
     2 /app/ansible_info/ansible_roles
     3 [yun@ansi-manager ansible_roles]$ tree roles/nfs
     4 roles/nfs
     5 ├── handlers
     6 │   └── main.yml
     7 ├── tasks
     8 │   ├── config.yml
     9 │   ├── install.yml
    10 │   ├── main.yml
    11 │   ├── mkdir.yml
    12 │   ├── start_NFS.yml
    13 │   └── start_rpcbind.yml
    14 └── templates
    15     └── exports.j2
    16 
    17 4 directories, 8 files
    复制代码

    tasks任务目录信息

    复制代码
     1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/main.yml 
     2 - include_tasks: install.yml
     3 - include_tasks: config.yml
     4 - include_tasks: mkdir.yml
     5 - include_tasks: start_rpcbind.yml
     6 - include_tasks: start_NFS.yml
     7 
     8 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/install.yml 
     9 - name: "install package NFS "
    10   yum:
    11     name:
    12       - nfs-utils
    13       - rpcbind
    14     state: present
    15 
    16 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/config.yml 
    17 - name: "NFS server config and edit restart"
    18   template:
    19     src: exports.j2
    20     dest: /etc/exports
    21     owner: root
    22     group: root
    23     mode: '644'
    24   notify: "reload NFS server"
    25 
    26 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/mkdir.yml 
    27 - name: "create NFS dir"
    28   file:
    29     path: /data
    30     owner: yun
    31     group: yun
    32     state: directory
    33     recurse: yes
    34 
    35 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_rpcbind.yml 
    36 - name: "rpcbind server start"
    37   systemd:
    38     name: rpcbind
    39     state: started
    40     daemon_reload: yes
    41     enabled: yes
    42 
    43 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_NFS.yml 
    44 - name: "NFS server start"
    45   systemd:
    46     name: nfs
    47     state: started
    48     daemon_reload: yes
    49     enabled: yes
    复制代码

    handlers任务目录信息

    1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/handlers/main.yml 
    2 - name: "reload NFS server"
    3   systemd:
    4     name: nfs
    5     state: reloaded

    模板目录信息

    1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/templates/exports.j2 
    2 {{ nfs_dir }}   172.16.1.0/24(rw,sync,root_squash,all_squash,anonuid=1050,anongid=1050)

    客户端信息

    客户端就比较简单了,就一个挂载任务

    复制代码
    1 [yun@ansi-manager ansible_roles]$ cat roles/nfs_client/tasks/main.yml 
    2 - name: "mount NFS server"
    3   mount:
    4     src: 172.16.1.180:{{ nfs_dir }}
    5     path: /mnt
    6     fstype: nfs
    7     opts: defaults
    8     state: mounted
    复制代码

    变量信息

    1 [yun@ansi-manager ansible_roles]$ pwd
    2 /app/ansible_info/ansible_roles
    3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 
    4 # NFS 服务端目录
    5 nfs_dir: /data

    playbook 信息

    复制代码
     1 [yun@ansi-manager ansible_roles]$ cat nfs_server.yml 
     2 ---
     3 # NFS server
     4 - hosts: manageservers
     5   roles:
     6     - nfs
     7 
     8 - hosts: proxyservers
     9   roles:
    10     - nfs_client
    复制代码

    任务执行

    1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check nfs_server.yml  # 语法检测
    2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C nfs_server.yml  # 预执行,测试执行
    3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key nfs_server.yml  # 执行

    Ansible Roles 案例实战-部署 memcached 服务

    整体目录结构

    复制代码
     1 [yun@ansi-manager ansible_roles]$ pwd
     2 /app/ansible_info/ansible_roles
     3 [yun@ansi-manager ansible_roles]$ ll
     4 total 8
     5 -rw-rw-r-- 1 yun yun  71 Sep 16 09:05 memcached_server.yml
     6 drwxrwxr-x 5 yun yun  52 Sep 16 08:38 roles
     7 [yun@ansi-manager ansible_roles]$ tree roles/
     8 roles/
     9 └── memcached
    10     ├── handlers
    11     │   └── main.yml
    12     ├── tasks
    13     │   ├── config.yml
    14     │   ├── install.yml
    15     │   ├── main.yml
    16     │   └── start.yml
    17     └── templates
    18         └── memcached.j2
    19 
    20 11 directories, 15 files
    复制代码

    服务信息

    目录结构

    复制代码
     1 [yun@ansi-manager memcached]$ pwd
     2 /app/ansible_info/ansible_roles/roles/memcached
     3 [yun@ansi-manager memcached]$ ll
     4 total 0
     5 drwxrwxr-x 2 yun yun 22 Sep 16 08:56 handlers
     6 drwxrwxr-x 2 yun yun 76 Sep 16 08:53 tasks
     7 drwxrwxr-x 2 yun yun 26 Sep 16 08:55 templates
     8 [yun@ansi-manager memcached]$ tree
     9 .
    10 ├── handlers
    11 │   └── main.yml
    12 ├── tasks
    13 │   ├── config.yml
    14 │   ├── install.yml
    15 │   ├── main.yml
    16 │   └── start.yml
    17 └── templates
    18     └── memcached.j2
    19 
    20 3 directories, 6 files
    复制代码

    tasks任务目录信息

    复制代码
     1 [yun@ansi-manager memcached]$ cat tasks/main.yml 
     2 - include_tasks: install.yml
     3 - include_tasks: config.yml
     4 - include_tasks: start.yml
     5 
     6 [yun@ansi-manager memcached]$ cat tasks/install.yml 
     7 - name: " install package memcached"
     8   yum:
     9     name: memcached
    10     state: present
    11 
    12 [yun@ansi-manager memcached]$ cat tasks/config.yml 
    13 - name: "memcached server config and edit restart"
    14   template:
    15     src: memcached.j2
    16     dest: /etc/sysconfig/memcached
    17     owner: root
    18     group: root
    19     mode: '644'
    20   notify: "restart memcached server"
    21 
    22 [yun@ansi-manager memcached]$ cat tasks/start.yml 
    23 - name: "memcached server start"
    24   systemd:
    25     name: memcached
    26     state: started
    27     daemon_reload: yes
    28     enabled: yes
    复制代码

    handlers任务目录信息

    1 [yun@ansi-manager memcached]$ cat handlers/main.yml 
    2 - name: "restart memcached server"
    3   systemd:
    4     name: memcached
    5     state: restarted

    模板目录信息

    复制代码
    1 [yun@ansi-manager memcached]$ cat templates/memcached.j2 
    2 PORT="11211"
    3 USER="memcached"
    4 MAXCONN="1024"
    5 CACHESIZE="{{ ansible_memtotal_mb // 2 }}"
    6 OPTIONS=""
    复制代码

    playbook 信息

    复制代码
    1 [yun@ansi-manager ansible_roles]$ cat memcached_server.yml 
    2 ---
    3 # memcached server
    4 - hosts: manageservers
    5   roles:
    6     - memcached
    复制代码

    任务执行

    1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check memcached_server.yml  # 语法检测
    2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C memcached_server.yml  # 预执行,测试执行
    3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key memcached_server.yml  # 执行

    Ansible Roles 案例实战-部署 Rsync 服务

    整体目录结构

    复制代码
     1 [yun@ansi-manager ansible_roles]$ pwd
     2 /app/ansible_info/ansible_roles
     3 [yun@ansi-manager ansible_roles]$ ll
     4 total 12
     5 drwxrwxr-x 2 yun yun  17 Sep 29 09:33 group_vars
     6 drwxrwxr-x 7 yun yun  86 Sep 29 08:49 roles
     7 -rw-rw-r-- 1 yun yun 116 Sep 29 09:50 rsyncd_server.yml
     8 [yun@ansi-manager ansible_roles]$ tree roles/
     9 roles/
    10 ├── rsync_client
    11 │   ├── tasks
    12 │   │   └── main.yml
    13 │   └── templates
    14 │       └── rsync.password.j2
    15 └── rsyncd
    16     ├── handlers
    17     │   └── main.yml
    18     ├── tasks
    19     │   ├── config.yml
    20     │   ├── install.yml
    21     │   ├── main.yml
    22     │   ├── mkdir.yml
    23     │   └── start_rsyncd.yml
    24     └── templates
    25         ├── rsyncd.conf.j2
    26         └── rsync.password.j2
    27 
    28 18 directories, 25 files
    复制代码

    服务端信息

    目录结构

    复制代码
     1 [yun@ansi-manager rsyncd]$ pwd
     2 /app/ansible_info/ansible_roles/roles/rsyncd
     3 [yun@ansi-manager rsyncd]$ tree 
     4 .
     5 ├── handlers
     6 │   └── main.yml
     7 ├── tasks
     8 │   ├── config.yml
     9 │   ├── install.yml
    10 │   ├── main.yml
    11 │   ├── mkdir.yml
    12 │   └── start_rsyncd.yml
    13 └── templates
    14     ├── rsyncd.conf.j2
    15     └── rsync.password.j2
    16 
    17 3 directories, 8 files
    复制代码

    tasks任务目录信息

    复制代码
     1 [yun@ansi-manager rsyncd]$ pwd
     2 /app/ansible_info/ansible_roles/roles/rsyncd
     3 [yun@ansi-manager rsyncd]$ cat tasks/main.yml 
     4 - include_tasks: install.yml
     5 - include_tasks: config.yml
     6 - include_tasks: mkdir.yml
     7 - include_tasks: start_rsyncd.yml
     8 
     9 [yun@ansi-manager rsyncd]$ cat tasks/install.yml 
    10 - name: "Install package rsync"
    11   yum:
    12     name: rsync
    13     state: present
    14 
    15 [yun@ansi-manager rsyncd]$ cat tasks/config.yml 
    16 - name: "rsyncd server config and edit restart"
    17   template:
    18     src: rsyncd.conf.j2
    19     dest: /etc/rsyncd.conf
    20     owner: root
    21     group: root
    22     mode: '644'
    23   notify: "restart rsyncd server"
    24 
    25 - name: "rsyncd server password file"
    26   template:
    27     src: rsync.password.j2
    28     dest: /etc/rsync.password
    29     owner: root
    30     group: root
    31     mode: '400'
    32 
    33 [yun@ansi-manager rsyncd]$ cat tasks/mkdir.yml 
    34 - name: "create rsync business backup dir"
    35   file:
    36     path: /backup/busi_data
    37     owner: root
    38     group: root
    39     state: directory
    40     recurse: yes
    41 
    42 - name: "create rsync database backup dir"
    43   file:
    44     path: /backup/database
    45     owner: root
    46     group: root
    47     state: directory
    48     recurse: yes
    49 
    50 [yun@ansi-manager rsyncd]$ cat tasks/start_rsyncd.yml
    51 - name: "rsyncd server start"
    52   systemd:
    53     name: rsyncd
    54     state: started
    55     daemon_reload: yes
    56     enabled: yes
    复制代码

    handlers任务目录信息

    1 [yun@ansi-manager rsyncd]$ cat handlers/main.yml 
    2 - name: "restart rsyncd server"
    3   systemd:
    4     name: rsyncd
    5     state: restarted

    模板目录信息

    复制代码
     1 [yun@ansi-manager rsyncd]$ pwd
     2 /app/ansible_info/ansible_roles/roles/rsyncd
     3 [yun@ansi-manager rsyncd]$ cat templates/rsyncd.conf.j2  # 文件1
     4 # 备注:更多参数与更多详解,参见  man rsyncd.conf
     5 #rsync_config---------------start
     6 uid = root
     7 gid = root
     8 use chroot = false
     9 max connections = 200
    10 timeout = 100
    11 pid file = /var/run/rsyncd.pid
    12 lock file = /var/run/rsync.lock
    13 log file = /var/log/rsyncd.log
    14 dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
    15 ignore errors = true
    16 read only = false
    17 list = false
    18 
    19 ## 注意为了避免困惑 hosts allow 和 hosts deny 请二选其一
    20 hosts allow = 172.16.1.0/24,10.9.0.0/16,120.27.48.179
    21 # hosts deny = 10.0.0.0/16
    22 # 支持多个认证账号
    23 auth users = {{ auth_user }}
    24 secrets file = /etc/rsync.password
    25 
    26 
    27 # 数据备份 注意 path 目录的权限信息
    28 [back_data_module]
    29 path = /backup/busi_data/
    30 
    31 # 数据库备份 注意 path 目录的权限信息
    32 [back_db_module]
    33 path = /backup/database/
    34 
    35 #rsync_config---------------end
    36 
    37 [yun@ansi-manager rsyncd]$ cat templates/rsync.password.j2  # 文件2
    38 {{ auth_user }}:{{ auth_pawd }}
    复制代码

    客户端信息

    复制代码
     1 [yun@ansi-manager rsync_client]$ pwd
     2 /app/ansible_info/ansible_roles/roles/rsync_client
     3 [yun@ansi-manager rsync_client]$ tree  # 目录结构
     4 .
     5 ├── tasks
     6 │   └── main.yml
     7 └── templates
     8     └── rsync.password.j2
     9 
    10 2 directories, 2 files
    11 [yun@ansi-manager rsync_client]$ cat tasks/main.yml  # tasks 信息
    12 - name: "rsync passwrod file config"
    13   template:
    14     src: rsync.password.j2
    15     dest: /etc/rsync.password
    16     owner: root
    17     group: root
    18     mode: '400'
    19 
    20 [yun@ansi-manager rsync_client]$ cat templates/rsync.password.j2  # 模板信息
    21 {{ auth_pawd }}
    复制代码

    变量信息

    复制代码
    1 [yun@ansi-manager ansible_roles]$ pwd
    2 /app/ansible_info/ansible_roles
    3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 
    4 # NFS 服务端目录
    5 nfs_dir: /data
    6 # rsync daemon 使用
    7 auth_user: rsync_backup
    8 auth_pawd: rsync_backup_pwd
    复制代码

    playbook 信息

    复制代码
     1 [yun@ansi-manager ansible_roles]$ cat rsyncd_server.yml 
     2 ---
     3 # rsyncd server
     4 - hosts: manageservers
     5   roles:
     6     - rsyncd
     7 
     8 - hosts: proxyservers
     9   roles:
    10     - rsync_client
    复制代码

    任务执行

    1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check rsyncd_server.yml  # 语法检测
    2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C rsyncd_server.yml  # 预执行,测试执行
    3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key rsyncd_server.yml  # 执行

    Ansible Galaxy

    https://galaxy.ansible.com
  • 相关阅读:
    安全编码1
    VPP tips
    VPP概述汇总
    C语言安全编码摘录
    TCP-proxy
    Scipy Lecture Notes学习笔记(一)Getting started with Python for science 1.4. Matplotlib: plotting
    Scipy Lecture Notes学习笔记(一)Getting started with Python for science 1.3. NumPy: creating and manipulating numerical data
    Scipy Lecture Notes学习笔记(一)Getting started with Python for science 1.2. The Python language
    Scipy Lecture Notes学习笔记(一)Getting started with Python for science 1.1. Python scientific computing ecosystem
    25马5跑道,求最快的五匹马的需要比赛的次数
  • 原文地址:https://www.cnblogs.com/shetao/p/14338756.html
Copyright © 2011-2022 走看看