Ansible角色
Ansible角色介绍
官方地址:
https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html
角色目录规划
目录说明:
官方的目录结构,必须这样定义!
[root@m01 ~]# cd /etc/ansible/roles/
[root@m01 /etc/ansible/roles]# tree
.
├── rsync #角色名称
│ ├── files #存放需要copy的文件
│ ├── handlers #触发任务剧本
│ ├── tasks #具体任务剧本
│ ├── templates #模版文件
│ └── vars #存放变量文件
创建项目目录
因为每台服务器都需要创建用户组,用户,安装服务等,所以我们可以将这些相同的任务单独创建一个初始化初始化角色。
角色规划:
1.init #初始化任务
2.rsync #rsync服务
创建角色目录:
[root@m01 ~]# cd /etc/ansible/roles/
[root@m01 /etc/ansible/roles]# mkdir {init,rsync}/{vars,tasks,templates,handlers,files} -p
[root@m01 /etc/ansible/roles]# tree
/etc/ansible/roles/
.
├── init
│ ├── files
│ ├── handlers
│ ├── tasks
│ ├── templates
│ └── vars
├── rsync
│ ├── files
│ ├── handlers
│ ├── tasks
│ ├── templates
│ └── vars
└── site.yml
编写init角色剧本
编写任务剧本
[root@m01 ~]# cat /etc/ansible/roles/init/tasks/main.yml
#01.配置base源
- name: 01_configure_yum_repos
yum_repository:
name: base
description: base yum repo
baseurl:
- http://mirrors.tuna.tsinghua.edu.cn/centos/$releasever/os/$basearch/
gpgcheck: no
#02.配置epel源
- name: 02_configure_yum_Repos
yum_repository:
name: epel
description: epel yum repo
baseurl:
- https://mirrors.tuna.tsinghua.edu.cn/epel/7/$basearch
gpgcheck: no
#03.安装常用软件
- name: 03_install_server
yum:
name: "{{ packages }}"
vars:
packages:
- ntpdate
- lsof
- tree
- iftop
- iotop
#04.创建用户组
- name: 04_create_group
group:
name: www
gid: 666
#05.创建用户
- name: 05_create_user
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
#06.创建数据目录和脚本目录
- name: 06_create_dir
file:
path: "{{ item }}"
state: directory
mode: '0755'
loop:
- /data
- /server/scripts
#07.创建同步时间定时任务
- name: 07_cron_ntpdate
cron:
name: Time_Update
minute: "*/5"
job: '/sbin/ntpdate time1.aliyun.com'
#08.拷贝优化后的ssh配置文件
- name: 08_copy_ssh
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
mode: '0600'
backup: yes
notify: restart sshd
编写模版文件
[root@m01 ~]# tree /etc/ansible/roles/init/templates/
/etc/ansible/roles/init/templates/
└── sshd_config.j2
编写处理程序文件
[root@m01 ~]# cat /etc/ansible/roles/init/handlers/main.yml
- name: restart sshd
service:
name: sshd
state: restarted
编写rsync角色剧本
编写任务剧本
[root@m01 ~]# cat /etc/ansible/roles/rsync/tasks/main.yml
#01.安装rsync服务
- name: 01_install_rsync
yum:
name: rsync
state: installed
#02.拷贝配置文件模版
- name: 02_copy_conf
template:
src: "{{ item.src}}"
dest: "/etc/{{ item.dest }}"
mode: "{{ item.mode }}"
backup: yes
loop:
- { src: 'rsyncd.conf.j2', dest: 'rsyncd.conf', mode: '0644' }
- { src: 'rsync.passwd.j2', dest: 'rsync.passwd', mode: '0600' }
notify:
- restart rsyncd
#03.创建备份目录
- name: 03_create_backup_dir
file:
dest: "{{ item }}"
state: directory
owner: www
group: www
loop:
- /backup
- /data
#04.启动服务
- name: 04_start_rsynd
service:
name: rsyncd
state: started
enabled: yes
编写模版文件
[root@m01 ~]# tree /etc/ansible/roles/rsync/templates/
/etc/ansible/roles/rsync/templates/
├── rsyncd.conf.j2
└── rsync.passwd.j2
[root@m01 ~]# cat /etc/ansible/roles/rsync/templates/rsync.passwd.j2
{{ user_rsyncd }}:{{ passwd_rsyncd }}
[root@m01 ~]# cat /etc/ansible/roles/rsync/templates/rsyncd.conf.j2
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = {{ user_rsyncd }}
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
[backup]
path = /backup
[data]
path = /data
编写变量文件
[root@m01 ~]# cat /etc/ansible/roles/rsync/vars/main.yml
user_rsyncd: rsync_backup
passwd_rsyncd: oldzhang
编写处理程序文件
[root@m01 ~]# cat /etc/ansible/roles/rsync/handlers/main.yml
- name: restart rsyncd
service:
name: rsyncd
state: restarted
编写主任务文件
[root@m01 ~]# cat /etc/ansible/roles/site.yml
- hosts: rsync
roles:
- init
- rsync
最终目录
[root@m01 roles]# tree
.
├── init
│ ├── files
│ ├── handlers
│ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ └── sshd_config.j2
│ └── vars
├── rsync
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ ├── rsyncd.conf.j2
│ │ ├── rsync.password.j2
│ └── vars
│ └── main.yml
└── site.yml
