自动化运维工具-Ansible之7-roles

自动化运维工具-Ansible之7-roles

Ansible Roles基本概述

不管是Ansible还是saltstack,在写一键部署的时候,都不可能把所有的步骤全部写入到一个'剧本'文件当中,我们肯定需要把不同的工作模块,拆分开来,解耦。说到解耦,我们就需要用到官方推荐的roles,因为roles的目录结构层次更加清晰。

建议:每个roles最好只使用一个tasks,这样方便我们去调用,能够很好的做到解耦。(SOA)

Ansible Roles目录结构

官方推荐目录结构

production                # 生产服务器的清单文件
staging                   # 登台环境的清单文件

group_vars/
   group1.yml             # 这里我们将变量分配给特定的主机组
   group2.yml
host_vars/
   hostname1.yml          # 这里我们将变量分配给特定的主机
   hostname2.yml

library/                  # 如果有自定义模块,请将它们放在此处(可选)
module_utils/             # 如果有任何自定义模块支持模块,请将它们放在此处(可选)
filter_plugins/           # 如果有定制的过滤器插件,把它们放在这里(可选)

site.yml                  # master playbook
webservers.yml            # playbook for webserver tier
dbservers.yml             # playbook for dbserver tier

roles/
    common/               # 这个层次结构代表一个“角色”
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- 此角色的相关变量
        defaults/         #
            main.yml      #  <-- 此角色的默认低优先级变量
        meta/             #
            main.yml      #  <-- role dependencies
        library/          # roles can also include custom modules
        module_utils/     # roles can also include custom module_utils
        lookup_plugins/   # 或者其他类型的插件,比如本例中的lookup

    webtier/              # webtier角色的结构与“common”相同
    ... ...

使用galaxy创建roles目录结构

[root@m01 ~]# tree /etc/ansible/roles/wordpress/
nfs/                  # 项目名称
├── defaults        # 低优先级变量
├── files           # 资源文件
├── handlers        # 触发器文件
├── meta            # 依赖关系文件
├── tasks           # 工作任务文件
├── templates       # jinja2模板文件
├── tests           # 测试文件
└── vars            # 变量文件

Ansible Roles依赖关系

roles允许你在使用roles时自动引入其他的roles

role依赖关系存储在roles目录中meta/main.yml文件中。


例如:

推送wordpress并解压,前提条件,必须要安装nginx和php,把服务跑起来,才能运行wordpress的页面,此时我们就可以在wordpress的roles中定义依赖nginx和php的roles。

在meta目录下的main.yml文件中添加依赖关系,Ansible会自动先执行meta目录中main.yml文件中的dependencies文件。

[root@m01 ~]# vim /etc/ansible/roles/wordpress/meta/main.yml
dependencies:
  - { role: nginx }
  - { role: php }

那么,如上所示,就会先执行nginx和php的安装。

Ansible Roles实践

roles小技巧

  1. 创建roles目录结构,手动使用ansible-galaxy init rolename
  2. 编写roles功能
  3. playbook中引用

配置主机清单

[root@m01 roles]# cat > /etc/ansible/hosts <<EOF
[lb_group]
lb01 ansible_ssh_host=10.0.0.5
lb02 ansible_ssh_host=10.0.0.6

[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8

[nfs_group]
nfs ansible_ssh_host=10.0.0.31

[backup_group]
backup ansible_ssh_host=10.0.0.41

[db_group]
db01 ansible_ssh_host=10.0.0.51

[nfs_C_S:children]
web_group
nfs_group

[backup_C_S:children]
web_group
backup_group

[nginx_server:children]
web_group
lb_group
EOF

rsync

  1. 规划rsync目录结构
[root@m01 ~]# cd /etc/ansible/roles/
[root@m01 roles]# ansible-galaxy init rsync
- Role rsync was created successfully
    [root@m01 roles]# tree
    .
    └── rsync
        ├── defaults
        │   └── main.yml
        ├── files
        ├── handlers
        │   └── main.yml
        ├── meta
        │   └── main.yml
        ├── README.md
        ├── tasks
        │   └── main.yml
        ├── templates
        ├── tests
        │   ├── inventory
        │   └── test.yml
        └── vars
            └── main.yml
  1. 创建rsync角色tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/rsync/tasks/main.yml << EOF
- name: Install Rsyncd Server
  yum:
    name: rsync
    state: present

- name: Configure Rsync Server
  copy:
    src: {{ item.src }}
    dest: /etc/{{ item.dest }}
    mode: {{ item.mode }}
  with_items:
    - {src: "rsyncd.conf", dest: "rsyncd.conf", mode: "0644"}
    - {src: "rsync.passwd", dest: "rsync.passwd", mode: "0600"}
  notify: Restart Rsync Server

- name: Start Rsync Server
  systemd:
    name: rsyncd
    state: started
    enabled: yes

# 安装rsync
- name: Install Rsyncd Server
  yum:
    name: rsync
    state: present

# 创建www组
- name: Create www Group
  group:
    name: www
    gid: 666

# 创建www用户
- name: Create www User
  user:
    name: www
    group: www
    uid: 666
    create_home: false
    shell: /sbin/nologin



# 推送rsync配置文件
- name: Scp Rsync Config
  copy:
    src: ./rsyncd.j2
    dest: /etc/rsyncd.conf
    owner: root
    group: root
    mode: 0644
    
# 创建用户密码文件并授权
- name: Create Passwd File
  copy:
    content: 'rsync_backup:123456'
    dest: /etc/rsync.passwd
    owner: root
    group: root
    mode: 0600

# 创建/backup目录
- name: Create backup Directory
  file:
    path: /backup
    state: directory
    mode: 0755
    owner: www
    group: www
    recurse: yes

# 启动rsync服务并加入开机启动
- name: Start Rsyncd Server
  systemd:
    name: rsyncd
    state: started
    enabled: yes



# 创建脚本存放目录
- name: Create scripts Directory
  file:
    path: /server/scripts
    state: directory
    mode: 0755
    owner: root
    group: root
    recurse: yes

# 推送客户端脚本
- name: Scp Rsync scripts
  copy:
    src: ./client_rsync_backup.j2
    dest: /server/scripts/client_rsync_backup.sh
    owner: root
    group: root
    mode: 0644

# 加入crontab
- name: Crontab Rsync Backup
  cron:
    name: "Rsync Backup"
    minute: "00"
    hour: "01"
    job: "/bin/bash /server/scripts/client_rsync_backup.sh &>/dev/null"
EOF
  1. 创建rsync角色的handlers任务
[root@m01 roles]# cat /etc/ansible/roles/rsync/handlers/main.yml 
- name: Restart Rsync Server
  service:
    name: rsyncd
    state: restarted
  1. 创建rsync角色的files资源
# 准备rsync配置文件
[root@m01 roles]# cat > /etc/ansible/roles/rsync/files/rsyncd.conf <<EOF
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
EOF

[root@m01 roles]# cat > /etc/ansible/roles/rsync/files/rsync.passwd <<EOF
rsync_backup:123456
EOF

# 准备客户端脚本
[root@m01 roles]# vi /etc/ansible/roles/rsync/files/client_rsync_backup.j2
#!/usr/bin/bash

# 1.定义变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
Host=$(hostname)
Addr=$(ifconfig eth1|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup

# 2.创建备份目录
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest

# 3.备份对应的文件
cd / && \
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && \

# 4.携带md5验证信息
[ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_$Date

# 5.推送本地数据至备份服务器
export RSYNC_PASSWORD=123456
rsync -avz $Path/ rsync_backup@172.16.1.41::backup

# 6.本地保留最近7天的数据
find $Path/ -type d -mtime +7 | xargs rm -rf
执行roles,使用-t指定执行测试rsync角色
[root@m01 roles]# ansible-playbook -i hosts  -t rsync site.yml 

nfs

  1. 规划nfs目录结构
[root@m01 roles]# ansible-galaxy init nfs
- Role nfs was created successfully
[root@m01 roles]# tree /etc/ansible/roles
tree nfs
nfs
├── defaults
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── README.md
├── tasks
│   └── main.yml
├── templates
├── tests
│   ├── inventory
│   └── test.yml
└── vars
    └── main.yml

2.指定nfs主机组,执行那个roles

[root@m01 roles]# cat /etc/ansible/roles/site.yml 
- hosts: nfs
  remote_user: root
  roles:
    - nfs
  tags: nfs

4.查看nfs角色的tasks任务

[root@m01 roles]# cat /etc/ansible/roles/nfs/tasks/main.yml 
- name: Install Nfs-Server
  yum:
    name:nfs-utils
    state: present

- name: Configure Nfs-Server
  template:
    src: exports
    dest: /etc/exports
  notify: Restart Nfs-Server

- name: Create Directory Data
  file:
    path: {{ share_dir }}
    state: directory
    owner: www
    group: www
    mode: 0755

- name: Start Nfs-Server
  systemd:
    name: nfs
    state: started
    enabled: yes

5.查看nfs角色的handlers

[root@m01 roles]# cat /etc/ansible/roles/nfs/handlers/main.yml 
- name: Restart Nfs Server
  systemd:
    name: nfs
    state: restarted

6.查看nfs角色的files目录

[root@m01 roles]# cat /etc/ansible/roles/nfs/templates/exports 
{{ share_dir }} {{ share_ip }}(rw,sync,all_squash,anonuid=666,anongid=666)

7.nfs对应的变量定义

[root@m01 roles]# cat /etc/ansible/roles/group_vars/all 
#nfs
share_dir: /data
share_ip: 172.16.1.31

8.执行roles,使用-t指定执行nfs标签

[root@m01 roles]# ansible-playbook -i hosts  -t nfs site.yml 

php

1)规划php目录结构

[root@m01 /project/roles]# ansible-galaxy init php
- Role php was created successfully

2)准备php的文件

[root@m01 /project/roles]# cp /root/package/php.tar.gz php/files/
[root@m01 /project/roles]# cp /root/conf/php.ini php/files/
[root@m01 /project/roles]# cp /root/conf/www.conf php/files/

3)编写playbook

[root@m01 /project/roles]# cat php/tasks/main.yml 
- name: Tar php.tar.gz
  unarchive:
    src: php.tar.gz
    dest: /tmp/

- name: Install PHP Server
  shell: "yum localinstall -y /tmp/*.rpm"

- name: Config PHP Server
  copy:
    src: php.ini
    dest: /etc/
  notify: restart_php

- name: Config PHP Server
  copy:
    src: www.conf
    dest: /etc/php-fpm.d/
  notify: restart_php

- name: Start PHP Server
  systemd:
    name: php-fpm
    state: started

4)编写触发器

[root@m01 /project/roles]# vim php/handlers/main.yml 
- name: restart_php
  systemd:
    name: php-fpm
    state: restarted

mariadb

1)规划mariadb目录结构

[root@m01 /project/roles]# ansible-galaxy init mariadb
- Role mariadb was created successfully

2)配置playbook

[root@m01 /project/roles]# vim mariadb/tasks/main.yml 
- name: Install Mariadb Server
  yum:
    name: "{{ item.name }}"
    state: present
  with_items:
    - { name: mariadb-server }
    - { name: MySQL-python }

- name: Start Mariadb Server
  systemd:
    name: mariadb
    state: started
    enabled: yes

wordpress

1)规划wordpress目录结构

[root@m01 /project/roles]# ansible-galaxy init wordpress
- Role wordpress was created successfully

2)准备文件

[root@m01 /project/roles]# cp /root/conf/linux.wp.com.conf ./wordpress/files/
[root@m01 /project/roles]# cd wordpress/files/
[root@m01 /project/roles/wordpress/files]# rz wordpress.tar.gz
[root@m01 /project/roles/wordpress/files]# cp /root/conf/wp-config.php ./

3)编写playbook

#安装wordpress部分
[root@m01 /project/roles/wordpress]# cat tasks/main.yml 
- name: Mkdir code
  file:
    path: /code
    state: directory
    owner: www
    group: www

- name: Tar wordpress.tar.gz
  unarchive:
    src: wordpress.tar.gz
    dest: /code/
    owner: www
    group: www
    recurse: yes

- name: Config wordpress conf
  copy:
    src: linux.wp.com.conf
    dest: /etc/nginx/conf.d/
  notify: restart_wp_nginx

4)编写触发器

[root@m01 /project/roles/wordpress]# vim handlers/main.yml 
- name: restart_wp_nginx
  systemd:
    name: nginx
    state: restarted

5)编写建库palybook

#建库的目录结构
[root@m01 /project/roles]# ansible-galaxy init database
- Role database was created successfully
#编写playbook
[root@m01 /project/roles]# vim database/tasks/main.yml 
- name: Create worpdress Database
  mysql_db:
    name: wordpress
    state: present

- name: Create wp Database User
  mysql_user:
    name: "wp"
    host: "172.16.1.%"
    password: '123456'
    priv: "wordpress.*:ALL"
    state: present

slb

1)规划slb目录结构

[root@m01 /project/roles]# ansible-galaxy init slb
- Role slb was created successfully

2)准备文件

[root@m01 /project/roles]# cp /root/conf/proxy.j2 ./slb/templates/
[root@m01 /project/roles]# cp /root/conf/proxy_params ./slb/files/

3)编写playbook

[root@m01 /project]# vim roles/slb/tasks/main.yml 
- name: Config slb Server
  template:
    src: proxy.j2
    dest: /etc/nginx/conf.d/proxy.conf
  notify: restart_slb

- name: Copy proxy_params
  copy:
    src: proxy_params
    dest: /etc/nginx/

- name: Start Web Nginx Server
  systemd:
    name: nginx
    state: started
    enabled: yes

4)编写触发器

[root@m01 /project/roles]# vim slb/handlers/main.yml 
- name: restart_slb
  systemd:
    name: nginx
    state: restarted

5)配置依赖

[root@m01 /project/roles]# vim slb/meta/main.yml 
dependencies:
  - { role: nginx }

keepalived

1)规划slb目录结构

[root@m01 /project/roles]# ansible-galaxy init keepalived
- Role keepalived was created successfully

2)准备文件

[root@m01 /project/roles]# cp /root/conf/keepalived.j2 ./keepalived/templates/

3)编写palybook

[root@m01 /project/roles]# vim keepalived/tasks/main.yml 
- name: Install keepalived
  yum:
    name: keepalived
    state: present

- name: Config keepalive
  template:
    src: keepalived.j2
    dest: /etc/keepalived/keepalived.conf

- name: Start keepalived
  systemd:
    name: keepalived
    state: restarted

创建主playbook

[root@m01 roles]# cat > /etc/ansible/roles/site.yml <<EOF
- hosts: all
  remote_user: root
  roles:
    - role: rsync

    - role: nginx
      when: ansible_fqdn is match "web*"

    - role: php
      when: ansible_fqdn is match "web*"

    - role: mariadb
      when: ansible_fqdn == "db01"

    - role: database
      when: ansible_fqdn == "db01"

    - role: wordpress
      when: ansible_fqdn is match "web*"

    - role: slb
      when: ansible_fqdn is match "lb*"

    - role: keepalived
EOF
posted @ 2021-01-02 18:26  原因与结果  阅读(130)  评论(0编辑  收藏  举报