1,roles 简介
- ansible 自1.2 版本引入的新特性,用于层次性、结构化地组织
playbook。roles 能够根据层次型结构自动化转载变量文件、tasks 以及 handlers 等。要使用 roles 只需要在 playbook 中使用 include 指令即可。简单来讲,roles 就是通过分别将变量、文件、任务、模板机处理器放置于单独的目录中,并可以便捷地 include 它们的一种机制。角色一般用于基于主机构建服务的场景中,但也可以是用于构建守护进程等场景中。
2,场景
- 复杂场景:建议使用
roles,代码复用度高
- 变更指定主机或主机组
- 如命名不规范维护和传承成本大
- 某些功能需多个
playbook,通过 ````includes````` 即可实现
3,角色(roles):目录编排
4,角色(roles):
4.1 创建role 的步骤
- 1 创建以 roles 命名的目录
- 2 在roles 目录中分别创建以各角色名称命名的目录,如 nginx 等
- 3 在每个角色命名的目录中分别创建 files、handlers、meta、tasks、templates、vars 目录;用不到的目录可以创建为空目录,也可以不创建
- 4 在 playbook 文件中,调用各角色
4.2 目录结构
- 每个角色,以特定的层级目录结构进行组织
- roles 目录结构
playbook.yml
roles/
└── project
├── default
├── files
├── handlers
├── meta
├── tasks
├── templates
└── vars
4.3 roles 各目录作用
/roles/project/:项目名称,有以下子目录
file/:存放由 copy 或 script 模块等调用的文件templates/:template 模块查找所需要模块文件的目录tasks/:定义 tasks,role 的基本元素,至少应该包含一个名为 main.yml 的文件;其它的文件需要在此文件中通过 include 进行包含handlers/:至少应该包含一个名为 main.yml 的文件;其它的文件需要在此文件中通过 include 进行包含vars/:定义比那里,至少应该包含一个名为 main.yml 的文件;其它的文件需要在此文件中通过 include 进行包含meta/:定义当前角色的特殊设定及其依赖关系,至少应该包含一个名为 main.yml 的文件;其它的文件需要在此文件中通过 include 进行包含default/:设定默认变量时使用此目录中的 main.yml 文件
4.4 调用角色
- hosts: websrvs
remote_user: root
roles:
- mysql
- nginx
- memcached
- 方法2
- 传递变量给角色
- 键role用于指定角色名称
- 后续的 k/v 用于传递变量给角色
- hosts: websrvs
remote_user: root
roles:
- mysql
- { role: nginx, username: nginx}
- hosts: websrvs
remote_user: root
roles:
- { role: nginx, tags: ['web', 'nginx'], when: ansible_distribution_major_version == "7" }
ansible-playbook --tags="nginx,httpd,mysql" nginx-role.yml
---
- hosts: websrvs
remote_user: root
roles:
- { role: nginx, tags: ['web', 'nginx'], when: ansible_distribution_major_version == "7" }
- { role: httpd, tags: ['web', 'httpd'] }
- { role: mysql, tags: ['db', 'mysql'] }
- { role: marridb, tags: ['db', 'mysql'] }
- { role: php }
5,实例
5.1 nginx
nginx_role.yml
roles/
└── nginx
├── tasks
│ ├── group.yml
│ ├── main.yml
│ ├── restart.yml
│ ├── start.yml
│ ├── templ.yml
│ ├── user.yml
│ └── yum.yml
└── templates
└── nginx.conf.j2
- roles/nginx/tasks/main.yml
- include: group.yml
- include: user.yml
- include: yum.yml
- include: templ.yml
- include: start.yml
- roles/nginx/tasks/group.yml
- name: create group
group: name=nginx gid=80
- roles/nginx/tasks/user.yml
- name: create user
user: name=nginx uid=80 group=nginx system=yes shell=/sbin/nologin
- roles/nginx/tasks/yum.yml
- name: install package
yum: name=nginx
- roles/nginx/tasks/templ.yml
- name: copy conf
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- roles/nginx/tasks/start.yml
- name: start service
service: name=nginx state=started enabled=true
- roles/nginx/templates/nginx.conf.j2
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes {{ ansible_processor_vcpus+2 }};
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
# ansible websrvs -m shell -a 'getent passwd nginx'
192.168.2.132 | CHANGED | rc=0 >>
nginx:x:80:80::/home/nginx:/sbin/nologin
192.168.2.131 | CHANGED | rc=0 >>
nginx:x:80:80::/home/nginx:/sbin/nologin
# ansible websrvs -m shell -a 'getent group nginx'
192.168.2.132 | CHANGED | rc=0 >>
nginx:x:80:
192.168.2.131 | CHANGED | rc=0 >>
nginx:x:80:
# ansible websrvs -m shell -a 'id nginx'
192.168.2.132 | CHANGED | rc=0 >>
uid=80(nginx) gid=80(nginx) groups=80(nginx)
192.168.2.131 | CHANGED | rc=0 >>
uid=80(nginx) gid=80(nginx) groups=80(nginx)
# ansible websrvs -m shell -a 'rpm -q nginx'
192.168.2.132 | CHANGED | rc=0 >>
nginx-1.12.2-2.el7.x86_64
192.168.2.131 | CHANGED | rc=0 >>
nginx-1.12.2-2.el7.x86_64
# ansible websrvs -m setup -a 'filter=ansible_processor_vcpus'
192.168.2.132 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 8
},
"changed": false
}
192.168.2.131 | SUCCESS => {
"ansible_facts": {
"ansible_processor_vcpus": 8
},
"changed": false
}
# ansible websrvs -m shell -a 'ps aux | grep nginx'
192.168.2.132 | CHANGED | rc=0 >>
root 24733 0.0 0.0 125052 2248 ? Ss 14:29 0:00 nginx: master process /usr/sbin/nginx
nginx 24734 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24735 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24736 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24737 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24738 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24739 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24740 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24741 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24742 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24743 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
root 25619 0.0 0.0 113128 1200 pts/1 S+ 14:45 0:00 /bin/sh -c ps aux | grep nginx
root 25621 0.0 0.0 112664 948 pts/1 S+ 14:45 0:00 grep nginx
192.168.2.131 | CHANGED | rc=0 >>
root 24864 0.0 0.0 125052 2248 ? Ss 14:29 0:00 nginx: master process /usr/sbin/nginx
nginx 24865 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24866 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24867 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24868 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24869 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24870 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24871 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24872 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24873 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
nginx 24874 0.0 0.0 125440 3148 ? S 14:29 0:00 nginx: worker process
root 25751 0.0 0.0 113128 1200 pts/1 S+ 14:45 0:00 /bin/sh -c ps aux | grep nginx
root 25753 0.0 0.0 112664 952 pts/1 S+ 14:45 0:00 grep nginx