Ansible角色
Ansible角色
第一章 Ansible rolers介绍
官方地址:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html
第二章 角色目录规划
01.目录说明:
官方的目录结构,必须这样定义!
目录必须建在/etc/ansible/roles下!!!
[root@m01 /etc/ansible/roles/nfs]# mkdir {vars,tasks,templates,handlers,files} -p
[root@m01 ~]# cd /etc/ansible/roles/
[root@m01 /etc/ansible/roles]# tree
.
├── nfs #角色名称
│ ├── files #存放需要copy的文件
│ ├── handlers #触发任务剧本
│ ├── tasks #具体任务剧本
│ ├── templates #模版文件
│ └── vars #存放变量文件
02.创建项目目录
因为每台服务器都需要创建用户组,用户,安装服务等,所以我们可以将这些相同的任务单独创建一个init初始化角色。
角色规划:
1.init #初始化任务
2.rsync #rsync服务
3.nfs #nfs服务
4.lsyncd #lsyncd服务
创建角色目录:
[root@m01 ~]# cd /etc/ansible/roles/
[root@m01 /etc/ansible/roles]# mkdir {init,nfs,rsync,lsyncd}/{vars,tasks,templates,handlers,files} -p
[root@m01 /etc/ansible/roles]# tree
/etc/ansible/roles/
.
├── init
│ ├── files
│ ├── handlers
│ ├── tasks
│ ├── templates
│ └── vars
├── lsyncd
│ ├── files
│ ├── handlers
│ ├── tasks
│ ├── templates
│ └── vars
├── nfs
│ ├── files
│ ├── handlers
│ ├── tasks
│ ├── templates
│ └── vars
├── rsync
│ ├── files
│ ├── handlers
│ ├── tasks
│ ├── templates
│ └── vars
└── site.yml
初级来一个
`编写task文件
[root@m01 /etc/ansible/roles]# cat nfs/tasks/main.yaml (nfs的)
- name: 01-create group
group: name=www gid=666
- name: 02-create user
user: name=www create_home=no shell=/sbin/nologin group=www uid=666
- name: 03-yum install nfs
yum: name=nfs-utils state=installed
- name: 04-copy nfs conf
copy: src=exports dest=/etc/
notify:
- restart nfs
- name: 05-create dir
file: dest=/data state=directory owner=www group=www
- name: 06-start rpcbind
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- rpcbind
- nfs
`编写需要copy的配置文件
[root@m01 /etc/ansible/roles]# cat nfs/files/exports (nfs的)
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/backup 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
`编写handlers
[root@m01 /etc/ansible/roles]# cat nfs/handlers/main.yml (nfs的)
- name: restart nfs
service:
name: nfs
state: restarted
`编写执行文件
[root@m01 /etc/ansible/roles]# cat site.yml
- hosts: nfs
roles:
- nfs
`测试角色剧本
[root@m01 /etc/ansible/roles]# ansible-playbook -C site.yml
中级来一个
`编写init的task文件
这四个是nfs 和rsync都要装的
[root@m01 /etc/ansible/roles]# cat init/tasks/main.yaml (init的)
- name: 01-create group
group: name=www gid=666
- name: 02-create user
user: name=www create_home=no shell=/sbin/nologin group=www uid=666
- name: 03-yum install nfs
yum:
name: "{{ item }}"
state: installed
loop:
- nfs-utils
- rsync
- name: 04-create dir
file:
dest: "{{ item }}"
state: directory
owner: www
group: www
loop:
- /data/
- /backup/
`其他的服务精简掉不需要操作
[root@m01 /etc/ansible/roles]# cat nfs/tasks/main.yaml
- name: 01-copy nfs conf
copy: src=exports dest=/etc/
notify:
- restart nfs
- name: 02-start rpcbind
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- rpcbind
- nfs
`编写rsync的task文件
[root@m01 /etc/ansible/roles]# cat rsync/tasks/main.yaml (rsync的)
- name: 01-copy rsyncd conf
copy:
src: "{{ item.src }}"
dest: /etc/
mode: "{{ item.mode }}"
loop:
- { src: 'rsyncd.conf', mode: '644' } #注意这两个文件
- { src: 'rsync.passwd', mode: '600' } #注意这两个文件
notify:
- restart rsyncd
- name: 02-start rsyncd
service:
name: rsyncd
state: started
enabled: yes
`编写执行文件
[root@m01 /etc/ansible/roles]# cat site.yml
- hosts: backup
roles:
- init
- rsync
'有可能会报错 看一下配置文件里的目录还有文件在哪个位置
'上面两个文件需要cp到rsync下的file里
[root@m01 ~]# cp /etc/rsync.passwd /etc/rsyncd.conf /etc/ansible/roles/rsync/files/
[root@m01 /etc/ansible/roles/rsync/files]# ls
rsyncd.conf rsync.passwd
`测试角色剧本
[root@m01 /etc/ansible/roles]# ansible-playbook -C site.yml
高级一点
`/etc/下的ssh文件cp过来
[root@m01 /etc/ansible/roles/init/templates]#
cp /etc/ssh/sshd_config .
`templates下的文件必须以j2结尾,所以改名
[root@m01 /etc/ansible/roles/init/templates]# mv sshd_config sshd_config.j2
`修改一个端口试试
`修改三个配置
[root@m01 /etc/ansible/roles/init/templates]# vim sshd_config.j2
Port {{ ss_port }}
(找到这个端口,给他个变量)
[root@m01 /etc/ansible/roles/init]# vim tasks/main.yaml
- name: 01-create group
group: name=www gid=666
- name: 02-create user
- name: 03-yum install nfs
yum:
name: "{{ item }}"
state: installed
loop:
- nfs-utils
- rsync
- name: 04-create dir
file:
dest: "{{ item }}"
state: directory
owner: www
group: www
loop:
- /data/
- /backup/
- name: 05-copy ssh_conf
template:
src: sshd_config.j2
dest: /etc/
(给他加上最后这个模块 template相当于copy,底下这个src文件是在template里的)
[root@m01 /etc/ansible/roles/init/vars]# vim main.yml
ssh_port: 9999
(vars中给他一个定义)
[root@m01 /etc/ansible/roles]# ansible-playbook -C site.yml
[root@m01 /etc/ansible/roles]# ansible-playbook --start-at-task='copy ssh_conf' site.yml 直接执行这一条
[root@backup ~]# cat /tmp/sshd_config
Port 9999
`试一下显示本机ip
[root@m01 /etc/ansible/roles]# vim init/templates/sshd_config.j2
Port {{ ansible_facts.eth1.ipv4.address }}
(修改变量参数为IP地址)
[root@m01 /etc/ansible/roles]# vim site.yml
- hosts: web (你自己的命名模块) /etc/ansible/hosts
roles:
- init
(改执行文件)
'ip地址不需要在vars里定义 因为他是内置变量
[root@nfs ~]# cat /tmp/sshd_config
Port 172.16.1.31
[root@backup ~]# cat /tmp/sshd_config
Port 172.16.1.41
`又要主机名,又要端口不一样
[root@m01 /etc/ansible/roles/init/templates]# vim sshd_config.j2
Port {{ ssh_port }}
ListenAddress {{ ansible_facts.eth1.ipv4.address }}
[root@m01 ~]# vim /etc/ansible/hosts
[web]
172.16.1.31 ssh_port=9999
172.16.1.41 ssh_port=8888
(在你配置的文件里加上这端口不一样就行)
[root@m01 /etc/ansible/roles/init/vars]# mv main.yml /tmp/
测试
[root@m01 /etc/ansible/roles]# ansible-playbook --start-at-task='copy ssh_conf' site.yml
[root@nfs ~]# cat /tmp/sshd_config
Port 9999
ListenAddress 172.16.1.31
[root@backup ~]# cat /tmp/sshd_config
Port 8888
ListenAddress 172.16.1.41
总结一下就是这样
`配置文件里写入变量
[root@m01 /etc/ansible/roles]# cat init/templates/sshd_config |grep "{{"
Port {{ ssh_port }}
ListenAddress {{ ansible_facts.eth1.ipv4.address }} (这个改了之后断开连接,内网ip10.0.0.31就连接不上了,要用本机172网段,记得改回来)
PubkeyAuthentication {{ pub_key }}
`角色引用变量
[root@m01 /etc/ansible/roles]# cat init/tasks/main.yaml
- name: copy ssh_conf
template:
src: sshd_config
dest: /tmp/sshd_config
`编写变量文件
[root@m01 /etc/ansible/roles]# cat init/vars/main.yml
pub_key: nonononoo (随便写)
'vars是定义变量的目录 内置变量不需要定义 其他的都需要定义在这里
要是用templates才能使用内置配置
files目录可以放一些压缩包大文件什么的
第三章 编写init角色剧本
01.创建对应目录
mkdir /etc/ansible/roles/init/{vars,tasks,templates,handlers,files} -p
02.编写任务剧本
[root@m01 /etc/ansible/roles/init/tasks]# cat main.yaml
#01.配置base源
- name: 01_configure_yum_repos
yum_repository:
name: base
description: base yum repo
baseurl:
- http://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/
gpgcheck: no
#02.配置epel源
- name: 02_configure_yum_Repos
yum_repository:
name: epel
description: epel yum repo
baseurl:
- https://mirrors.tuna.tsinghua.edu.cn/epel/7/$basearch
gpgcheck: no
#03.关闭selinux
- name: stop selinux
selinux:
state: disabled
#04.关闭防火墙
- name: stop firewalld
firewalld:
state: disabled
ignore_errors: yes (跳过这一步 当之前防火墙关闭之后)
#05.安装常用软件
- name: 03_install_server
yum:
name: "{{ packages }}"
vars:
packages:
- ntpdate
- lsof
- tree
- iftop
- iotop
#06.创建用户组
- name: 04_create_group
group:
name: www
gid: 666
#07.创建用户
- name: 05_create_user
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
#08.创建数据目录和脚本目录
- name: 06_create_dir
file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- /data
- /server/scripts
#09.创建同步时间定时任务
- name: 07_cron_ntpdate
cron:
name: Time_Update
minute: "*/5"
job: '/sbin/ntpdate time1.aliyun.com'
#10.拷贝优化后的ssh配置文件
- name: 08_copy_ssh
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
mode: '0600'
backup: yes
notify: restart sshd
可以根据之前的配置选择自己要的
比如端口 本机IP地址
第8条 在这里面配置
[root@m01 /etc/ansible/roles/init/templates]# vim sshd_config.j2
03.编写jinja模版文件
[root@m01 ~]# tree /etc/ansible/roles/init/templates/
/etc/ansible/roles/init/templates/
└── sshd_config.j2
04.编写handlers文件
[root@m01 ~]# cat /etc/ansible/roles/init/handlers/main.yml
- name: restart sshd
service:
name: sshd
state: restarted
第四章 编写rsync角色剧本
01.创建对应目录
mkdir /etc/ansible/roles/rsync/{vars,tasks,templates,handlers,files} -p
02.编写任务剧本
[root@m01 ~]# cat /etc/ansible/roles/rsync/tasks/main.yml
#01.安装rsync服务
- name: 01_install_rsync
yum:
name: rsync
state: installed
#02.拷贝配置文件模版
- name: 02_copy_conf
template:
src: "{{ item.src}}"
dest: "/etc/{{ item.dest }}"
mode: "{{ item.mode }}"
backup: yes
loop:
- { src: 'rsyncd.conf.j2', dest: 'rsyncd.conf', mode: '0644' }
- { src: 'rsync.passwd.j2', dest: 'rsync.passwd', mode: '0600' }
notify:
- restart rsyncd
#03.创建备份目录
- name: 03_create_backup_dir
file:
dest: "{{ item }}"
state: directory
owner: www
group: www
loop:
- /backup
- /data
#04.启动服务
- name: 04_start_rsynd
service:
name: rsyncd
state: started
enabled: yes
03.编写jinja模版文件
[root@m01 ~]# tree /etc/ansible/roles/rsync/templates/
/etc/ansible/roles/rsync/templates/
├── rsyncd.conf.j2
└── rsync.passwd.j2
[root@m01 ~]# cat /etc/ansible/roles/rsync/templates/rsync.passwd.j2
{{ user_rsyncd }}:{{ passwd_rsyncd }}
[root@m01 ~]# cat /etc/ansible/roles/rsync/templates/rsyncd.conf.j2
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = {{ user_rsyncd }}
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
[backup]
path = /backup
[data]
path = /data
04.编写变量文件
[root@m01 ~]# cat /etc/ansible/roles/rsync/vars/main.yml
user_rsyncd: rsync_backup
passwd_rsyncd: oldzhang
05.编写handlers文件
[root@m01 ~]# cat /etc/ansible/roles/rsync/handlers/main.yml
- name: restart rsyncd
service:
name: rsyncd
state: restarted
06.编写主任务文件
[root@m01 ~]# cat /etc/ansible/roles/site.yml
- hosts: rsync
roles:
- init
- rsync
07.最终目录
[root@m01 ~]# tree /etc/ansible/roles/rsync/
/etc/ansible/roles/rsync/
├── files
├── handlers
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
│ ├── rsyncd.conf.j2
│ └── rsync.passwd.j2
└── vars
└── main.yml