Ansible Roles
一、基本概述
1.1、Ansible Roles介绍
roles不管是Ansible还是saltstack,我们在写一键部署的时候,都不可能把所有的步骤全部写入到一个'剧本'文件中,肯定需要把不同的工作模块,拆分开来,'解耦' 我们需要用到reles官方推荐,因为roles的目录结构层次更加清晰
例如:基础优化项目文档,如果把所有的东西放进去也是很鸡肋的,不如我们把这些功能全部拆分开,哪里需要就调用。
# 建议:
每个roles最好只使用一个tasks这样方便我们去调用,能够很好的做到'解耦(SOA)'
# 拓展内容:
- hosts: all
roles:
- role: stop_linux
- role: nginx
when: ansible_fqdn is match "web*"
一个roles下面调用多个role,h
production # inventory file for production servers
staging # inventory file for staging environment
group_vars/
group1.yml # here we assign variables to particular groups
group2.yml
host_vars/
hostname1.yml # here we assign variables to particular systems
hostname2.yml
library/ # if any custom modules, put them here (optional)
module_utils/ # if any custom module_utils to support modules, put them here (optional)
filter_plugins/ # if any custom filter plugins, put them here (optional)
site.yml # master playbook
webservers.yml # playbook for webserver tier
dbservers.yml # playbook for dbserver tier
roles/
common/ # this hierarchy represents a "role"
tasks/ #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- variables associated with this role
defaults/ #
main.yml # <-- default lower priority variables for this role
meta/ #
main.yml # <-- role dependencies
library/ # roles can also include custom modules
module_utils/ # roles can also include custom module_utils
lookup_plugins/ # or other types of plugins, like lookup in this case
webtier/ # same kind of structure as "common" was above, done for the webtier role
monitoring/ # ""
fooapp/ # ""
1.2、创建roles目录
1)使用命令创建
[root@m01 roles]# ansible-galaxy init nginx
- Role nginx was created successfully
[root@m01 roles]# tree nginx
nginx #项目目录名称
├── defaults #默认的变量(优先级很低)
│ └── main.yml
├── files #存放文件,使用copy模块时自动获取
├── handlers #存放触发器的配置
│ └── main.yml
├── meta #依赖的服务,执行该项目时先执行其他的项目
│ └── main.yml
├── README.md
├── tasks #默认执行的playbook
│ └── main.yml
├── templates #存放jinja2模板,使用template模块时自动获取
├── tests
│ ├── inventory
│ └── test.yml
└── vars #存放变量
└── main.yml
2)手动创建
[root@m01 roles]# mkdir nginx/{tasks,files,templates,vars,handlers,meta} -p
[root@m01 roles]# tree nginx/
nginx/
├── files
├── handlers
├── meta
├── tasks
├── templates
└── vars
1.3、Ansible Roles依赖关系
roles 允许你在使用roles时自动引入其他的roles,role依赖关系存储在roles目录中meta/main.yml文件中。
例如:推送wordpress并解压,前提条件,必须安装nginx和php,把服务跑起来才能运行wordpress页面,此时我们就可以在wordpress的roles中定义依赖nginx和php的roles。
# vim /etc/ansible/roles/wordpress/meta/main.yml
dependencies:
- { role: nginx }
- { reole: php }
# 如果编写了meta目录下的main.yml文件,那么Ansible会自动先执行meta目录中的maiin.yml文件中的dependencies文件,如上所示,就会先执行nginx和php的安装
二、重构playbook
重构playbook思路
1.配置主机清单
vim /etc/ansible/hosts #将所有主机名或IP写入文件
2.配置hosts
vim /etc/hosts #将所有主机名+ip填入
3.优化部分
# 统一设置关闭防火墙,创建统一用户
4.配置nginx
1)准备配置文件
2)下载nginx--检测是否安装
3)推送配置文件---触发器:重启nginx
4)启动nginx
5.配置php
1)准备配置文件
2)下载php--检测是否安装
3)推送配置文件---触发器:重启php
4)启动php
6.配置数据库
1)下载mariadb
2)MySQL-PYTHON
3)启动mariadb
4)新建项目数据库表
5)授权
6)上传数据库文件
7.项目部分
1)准备文件(网站配置文件、代码包...)
2)创建站点目录
3)推送解压代码包
4)推送配置文件
5)站点目录授权
6)推送网站配置文件--触发器:重启nginx
8.负载均衡
1)准备文件(upstream配置文件)
2)下载nginx
3)推送配置文件--触发器:重启nginx
4)开启nginx
9.keepalived
1)准备keepalived配置文件
2)下载keepalived
3)推送配置文件--触发器:重启keepalived
4)开启keepalived
10.nfs
1)下载rpcbind和nfs-server
2)脚本运行检测挂载点
2)添加挂载点--触发器:重启nfs-server
11.整合剧本
2.1、配置主机清单
#!/bin/bash
cat >> /etc/ansible/hosts << EOF
nfs ansible_ssh_pass='1'
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'
web03 ansible_ssh_pass='1'
[lb_group]
lb01 ansible_ssh_pass='1'
lb02 ansible_ssh_pass='1'
[db01]
db01 ansible_ssh_pass='1'
EOF
1)准备文件
/mnt/roles/ansible_hostlist.sh
### 2)编写剧本
- hosts: all
tasks:
- name: Add Host List
script: /mnt/roles/host_list.sh
2.2、配置本机hosts
#!/bin/bash
cat >> /etc/hosts <<EOF
192.168.207.7 web01
192.168.207.8 wb02
192.168.207.9 web03
192.168.207.31 nfs
192.168.207.51 db01
192.168.207.5 lb01
192.168.207.6 lb02
192.168.207.61 master
EOF
1)准备文件
/mnt/roles/add_localhost.sh
### 2)编写脚本
- name: Add Localhost
script: /mnt/roles/add_localhost.sh
2...Send Code File
1)准备文件
1. /mnt/roles/code/files/wordpress.tar.gz
2)编写剧本
# vim /mnt/roles/code/tasks/main.yml
- name: Send Code Box
unarchive:
src: /mnt/roles/code/files/wordpress.tar.gz
dest: /mnt/
when: ansible_fqdn == "nfs"
2.3、优化部分(first)
1)准备文件
1./mnt/roles/first/files/init.sh
2)编写剧本
# vim /mnt/roles/first/tasks/main.yml
- name: Stop Firewalld
service:
name: firewalld
state: stopped
enabled: no
- name: Stop Selinux Now
shell: setenforce 0
ignore_errors: yes
- name: Stop Selinux
selinux:
state: disabled
- name: Create Group
group:
name: www
gid: 666
state: present
- name: Create User
user:
name: www
uid: 666
group: www
create_home: false
shell: /sbin/nologin
- name: Running Init.sh
script: /mnt/roles/first/files/init.sh
2.4、nginx部分
1)准备文件
1./mnt/roles/nginx/files/nginx.conf
2./mnt/roles/nginx/files/proxy_params
2)安装nginx
# vim /mnt/roles/nginx/tasks/main.yml
- name: Check Nginx
shell: rpm -ql nginx
ignore_errors: yes
register: check_nginx
- name: Install Nginx
yum:
name: nginx
state: present
when: check_nginx.rc != 0
- name: Send Conf File
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "nginx.conf", dest: "/etc/nginx" }
- { src: "proxy_params", dest: "/etc/nginx/" }
notify: restart_nginx
- name: Senf Include File
copy:
src: proxy_params
dest: /etc/nginx/
- name: Start Nginx
service:
name: nginx
state: started
enabled: yes
3)配置触发器
# vim /mnt/roles/nginx/handlers/main.yml
- name: restart_nginx
service:
name: nginx
state: restarted
4)变量文件
# vim /mnt/roles/nginx/vars/main.yml
server_name: www.papacnb.com
server_path: /mnt/wordpress/
server_port: 80
server_path_jt: /mnt/wordpress/wp-content/uploads/
net_ip: 192.168.207
https_port: 443
server_conf: www.papacnb.com.conf
nfs_ip: 192.168.207.31
2.5、php部分
1)准备文件
1./mnt/roles/php/files/www.conf
2./mnt/roles/php/files/php.ini
2)编写剧本
# vim /mnt/roles/php/tasks/main.yml
- name: Remove Old Php
shell: yum -y remove php-mysql-5.4 php php-fpm php-common
- name: Check php
shell: rpm -qa | grep php
ignore_errors: yes
register: check_php
- name: Download Php7.2-1
shell: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
when: check_php.rc != 0
- name: Download Php7.2-2
shell: rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
- name: Install Php7.2
shell: yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71w-xml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71w-pecl-redis php71w-pecl-mongodb
- name: Send php File
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "www.conf", dest: "/etc/pfp-fpm.d/" }
- { src: "php.ini", dest: "/etc/" }
- name: Start Php
service:
name: php-fpm
state: started
enabled: yes
3)编辑触发器
# vim /mnt/roles/php/handlers/main.yml
- name: restart_php
service:
name: php-fpm
state: restarted
2.6、数据库部分
1)准备文件
/mnt/roles/file.sql
2)编写剧本
# vim /mnt/roles/mariadb/tasks/main.yml
- name: Check Mariadb
shell: rpm -qa | grep mariadb-server
ignore_errors: yes
register: check_mariadb
- name: Check Mysql-python
shell: rpm -ql MySQL-python
ignore_errors: yes
register: check_mysql
- name: Install Mariadb
yum:
name: mariadb-server
state: present
when: check_mariadb.rc != 0
- name: Install Mysql-python
yum:
name: MySQL-python
state: present
when: check_mysql.rc != 0
- name: Start Mariadb
service:
name: mariadb
state: started
enabled: yes
- name: Create Edusoho Database User
mysql_user:
name: "root"
host: "{{ net_ip }}.%"
password: "123"
priv: "*.*:ALL"
state: present
- name: Send File.sql
copy:
src: edusoho.sql
dest: /root/
- name: Create New Database
mysql_db:
name: edusoho
state: present
login_user: root
login_password: 123
- name: Import File.sql
mysql_db:
name: edusoho
state: import
target: /root/edusoho.sql
login_user: root
login_password: 123
3)触发器
- name: restart_mariadb
service:
name: mariadb-server
state: restarted
4)变量文件
server_name: www.papacnb.com
server_path: /mnt/wordpress/
server_port: 80
server_path_jt: /mnt/wordpress/wp-content/uploads/
net_ip: 192.168.207
https_port: 443
server_conf: www.papacnb.com.conf
nfs_ip: 192.168.207.31
2.7、项目代码部分
1)准备文件
1./mnt/roles/wordpress/templates/www.papacnb.com.conf
2)编写剧本
# vim /mnt/roles/wordpress/tasks/main.yml
- name: Create Dir
file:
path: "{{ server_path }}"
state: directory
- name: Mount Dir
shell: mount -t nfs {{ nfs_ip }}:{{ server_path }} {{ server_path }}
- name: Chown Dir
shell: chown -R www.www {{ server_path }}
- name: Send Conf File
template:
src: "{{ server_path }}"
dest: /etc/nginx/conf.d/
notify: restart_nginx
3)配置触发器
- name: restart_nginx
service:
name: naginx
state: restarted
4)变量文件
# vim /mnt/roles/wordpress/vars/main.yml
server_name: www.papacnb.com
server_path: /mnt/wordpress/
server_port: 80
server_path_jt: /mnt/wordpress/wp-content/uploads/
net_ip: 192.168.207
https_port: 443
server_conf: www.papacnb.com.conf
nfs_ip: 192.168.207.31
2.8、负载均衡部分
1)准备文件
/mnt/roles/upstream/templates/upstream.conf
/mnt/roles/upstream/files/proxy_params
2)编写剧本
# vim /mnt/roles/upstream/tashs/main.yml
- name: Check Nginx
shell: rpm -ql nginx
ignore_errors: yes
register: check_nginx
- name: Install Nginx
yum:
name: nginx
state: present
when: check_nginx.rc != 0
- name: Send Conf File
template:
src: upstream.conf
dest: /etc/nginx/conf.d/
notify: restart_nginx
- name: Send Proxy_params
copy:
src: proxy_params
dest: /etc/nginx/
- name: Start Nginx
service:
name: nginx
state: started
3)编写触发器
- name: restart_nginx
service:
name: nginx
state: restarted
4)变量文件
# vim /mnt/roles/upstream/vars/main.yml
server_name: www.papacnb.com
server_path: /mnt/wordpress/
server_port: 80
server_path_jt: /mnt/wordpress/wp-content/uploads/
net_ip: 192.168.207
https_port: 443
server_conf: www.papacnb.com.conf
nfs_ip: 192.168.207.31
2.9、配置keepalived
1)准备文件
1./mnt/roles/keepalived/template/keepalived.conf
2./mnt/roles/keepalived/files/check.sh
2)编写剧本
# vim /mnt/roles/keepalived/tasks/main.yml
- name: Check Keepalived
shell: rpm -ql keepalived
ignore_errors: yes
register: check_keepalived
- name: Install Keepalived
yum:
name: keepalived
state: installed
when: check_keepalived.rc != 0
- name: Send Check.sh
copy:
src: check.sh
dest: /etc/keepalived/
- name: Send Conf File
template:
src: keepalived.conf
dest: /etc/keepalived/
notify: restart_keepalived
- name: Start Keepalived
service:
name: keepalived
state: started
3)配置触发器
- name: restart_keepalived
service:
name: keepalived
state: restarted
2.10、配置NFS
1)准备文件
1./mnt/roles/nfs/templates/check_mount.sh
2)编写剧本
# vim /mnt/roles/nfs/tasks/main.yml
- name: Check Nfs
shell: rpm -ql nfs-utils
ignore_errors: yes
register: check_nfs
- name: Install Nfs-server
yum:
name: nfs-utils
state: present
when: check_nfs.rc != 0
- name: Install Rpcbind
yum:
name: rpcbind
state: present
- name: Start Nfs
service:
name: nfs-server
state: started
enabled: yes
- name: Start Rpcbind
service:
name: rpcbind
state: tarted
enabled: yes
- name: Mount Dir
template:
src: check_mount.sh
dest: /root/
- name: Chown Mount Jt Dir
shell: chown -R www.www {{ server_path_jt }}
- name: Chown Mount Dir
shell: chown -R www.www {{ server_path }}
- name: Check Mount
shell: chmod +x check_mount.sh
- name: Run Mount
shell: ./check_mount.sh
- name: restart_nfs
service:
name: nfs-server
state: restarted
3)变量文件
server_name: www.papacnb.com
server_path: /mnt/wordpress/
server_port: 80
server_path_jt: /mnt/wordpress/wp-content/uploads/
net_ip: 192.168.207
https_port: 443
server_conf: www.papacnb.com.conf
nfs_ip: 192.168.207.31
2.11、全站https配置
1)准备文件
/mnt/roles/https/files/server.cert
/mnt/roles/https/files/server.key
2)剧本编写
# vim /mnt/roles/https/tasks/main.yml
- name: Make Dir
file:
path: /etc/nginx/ssl_key
state: directory
- name: Send Key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "server.cert", dest: "/etc/nginx/ssl_key/" }
- { src: "server.cert.key", dest: "/etc/nginx/ssl_key/" }
2.12、web_nfs部分
1)编写剧本
# vim /mnt/roles/web_nfs/tasks/main.yml
- name: Install Nfs
yum:
name: nfs-utils
state: installed
- name: Install Rpcbind
yum:
name: rpcbind
state: present
- name: Start Nfs
service:
name: nfs-server
state: started
enabled: yes
- name: Start Rpcbind
service:
name: rpcbind
state: started
enabled: yes
2.13、lb_nfs部分
1)编写剧本
# vim /mnt/roles/lb_nfs/tasks/main.yml
- name: Install Nfs
yum:
name: nfs-utils
- name: Install Rpcbind
yum:
name: rpcbind
- name: Start Nfs
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- nfs-server
- rpcbind
- name: Make Jt Dir
file:
path: "{{ server_path_jt }}"
state: directory
- name: Mount Jt Dir
mount:
src: "{{ nfs_ip }}":"{{server_path_jt}}"
path: "{{ server_path_jt }}"
fstype: nfs
opts: default
state: mounted
2)变量文件
# vim /mnt/roles/lb_nfs/vars/main.yml
server_name: www.papacnb.com
server_path: /mnt/wordpress/
server_port: 80
server_path_jt: /mnt/wordpress/wp-content/uploads/
net_ip: 192.168.207
https_port: 443
server_conf: www.papacnb.com.conf
nfs_ip: 192.168.207.31
2.14、Prometheus部分
1)准备文件
1./mnt/roles/prometheus/files/prometheus.tar.gz
2./mnt/roles/prometheus/files/prometheus.service
3./mnt/roles/prometheus/template/prometheus.yml
4./mnt/roles/prometheus/files/profile
5./mnt/roles/mysql_prometheus/template/my.cnf
6./mnt/roles/mysql_prometheus/files/grafana.rpm
7./mnt/roles/mysql_prometheus/files/mysqld_exporter.tar.gz
8./mnt/roles/mysql_prometheus/files/mysqld-exporter.
2)编写剧本
# vim /mnt/roles/prometheus/tasks/main.yml
- name: Send Prometheus-exporter Bar
unarchive:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/mnt/roles/prometheus/files/prometheus.tar.gz", dest: "/usr/local/"}
- { src: "/mnt/roles/prometheus/files/mysqld_exporter.tar.gz", dest: "/usr/local" }
- name: Create Pro_soft_links
shell: ln -s /usr/local/prometheus-2.25.0.linux-amd64 /usr/local/prometheus
- name: Create Mysqld_sof_link
shell: ln -s /usr/local/mysqld_exporter-0.13.0.linux-amd64 /usr/local/mysqld_exporter
- name: Add Path
copy:
src: profile
dest: /etc/
- name: Source Path
shell: source /etc/profile
- name: Send Systemd File
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "prometheus.service", dest: "/usr/lib/systemd/system/"}
- { src: "mysqld-exporter.service", dest: "/usr/lib/systemd/system/"}
- name: Reload Systemd
shell: systemctl daemon-reload
- name: Send Prometheus.yml
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "prometheus.yml", dest: "/usr/local/prometheus/" }
- { src: "my.cnf", dest: "/usr/local/prometheus/" }
- name: Start Pro/mysqld
systemd:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- prometheus
- mysqld-exporter
- name: Send Grafana Bar
copy:
name: grafana.rpm
dest: /usr/local/
- name: Install Grafana
shell: yum install -y /usr/local/grafana.rpm
- name: Start Grafana
service:
name: grafana-server
state: started
enabled: yes
3)触发器
- name: restart_prometheus
service:
name: prometheus
state: restarted
4)变量文件
# vim /mnt/roles/prometheus/vars/main.yml
server_name: www.papacnb.com
server_path: /mnt/wordpress/
server_port: 80
server_path_jt: /mnt/wordpress/wp-content/uploads/
net_ip: 192.168.207
https_port: 443
server_conf: www.papacnb.com.conf
nfs_ip: 192.168.207.31
2.15、mysqld_exporter部分
1)准备文件
2)编写剧本
# vim /mnt/roles/mysql_prometheus/tasks/main.yml
- name: Add Mysql User
mysql_user:
name: "mysql-exporter"
host: "{{ net_ip }}.%"
password: "123"
priv: "*.*:ALL"
state: present
login_user: root
login_password: 123
2.16、node_exporter部署
1)文件准备
1./mnt/roles/prometheus/files/node_exporter.tar.gz
2./mnt/roles/prometheus/files/node-exporter.service
2)编写剧本
# vim /mnt/roles/prometheus/files/profile
- name: Send Node_exporter Bar
unarchive:
src: node_exporter.tar.gz
dest: /usr/local/
- name: Create Soft Links
shell: ln -s /usr/local/node_exporter-1.1.2.linux-amd64 /usr/local/node_exporter
- name: Send Profile Path
shell: echo "{{ item }}" >> /etc/profile
with_items:
- export NODE_EXPORT_HOME=/usr/local/node_exporter
- export PATH=$PATH:$NODE_EXPORT_HOME
- name: Source Path
shell: source /etc/profile
- name: Send Systemd File
copy:
src: node-exporter.service
dest: /usr/lib/systemd/system/
- name: Start Node-exporter
service:
name: node-exporter
state: started
enabled: yes
2.14、剧本整合
- hosts: all
roles:
- role: first
- role: code
- role: nfs
when: ansible_fqdn == "nfs"
- role: nginx
when: ansible_fqdn is match "web*"
- role: php
when: ansible_fqdn is match "web*"
- role: web_nfs
when: ansible_fqdn is match "web*"
- role: wordpress
when: ansible_fqdn is match "web*"
- role: mariadb
when: ansible_fqdn == "db01"
- role: lb_nfs
when: ansible_fqdn is match "lb*"
- role: https
when: ansible_fqdn is match "lb*"
- role: upstream
when: ansible_fqdn is match "lb*"
- role: keepalived
when: ansible_fqdn is match "lb*"
- role: mysqld_prometheus
when: ansible_fqdn == "db01"
- role: node_exporter
when: ansible_fqdn in ['web01', 'web02', 'web03', 'nfs', 'lb01', 'lb02']
- role: prometheus
when: ansible_fqdn == "prometheus"
