day17.1

Ansible Roles

roles目录结构

production                # inventory file for production servers
staging                   # inventory file for staging environment
 
group_vars/
   group1.yml             # here we assign variables to particular groups
   group2.yml
host_vars/
   hostname1.yml          # here we assign variables to particular systems
   hostname2.yml
 
library/                  # if any custom modules, put them here (optional)
module_utils/             # if any custom module_utils to support modules, put them here (optional)
filter_plugins/           # if any custom filter plugins, put them here (optional)
 
site.yml                  # master playbook
webservers.yml            # playbook for webserver tier
dbservers.yml             # playbook for dbserver tier
 
roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files if warranted
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- variables associated with this role
        defaults/         #
            main.yml      #  <-- default lower priority variables for this role
        meta/             #
            main.yml      #  <-- role dependencies
        library/          # roles can also include custom modules
        module_utils/     # roles can also include custom module_utils
        lookup_plugins/   # or other types of plugins, like lookup in this case
 
    webtier/              # same kind of structure as "common" was above, done for the webtier role
    monitoring/           # ""
    fooapp/               # ""

[root@m01 ~]# cd /etc/ansible/roles/
 
[root@m01 roles]# tree wordpress/
nfs/                #项目名称
├── defaults        #低优先级变量
├── files           #存放文件
├── handlers        #触发器文件
├── meta            #依赖关系文件
├── tasks           #工作任务文件
├── templates       #jinja2模板文件
├── tests           #测试文件
└── vars            #变量文件

ansible galaxy

ansible查找role

[root@m01 ~]# ansible-galaxy search openvpn
[root@m01 ~]# ansible-galaxy search nginx

查找详细信息

[root@m01 ~]# ansible-galaxy info kostyrevaa.openvpn
[root@m01 ~]# ansible-galaxy info acandid.nginx

安装项目

[root@m01 ~]# ansible-galaxy install acandid.nginx

ansible vault

给playbook加密

# 加密
[root@m01 ~]# vim 1.yml
[root@m01 ~]# ansible-vault encrypt 1.yml 
New Vault password: 
Confirm New Vault password: 
Encryption successful

# 查看加密后的playbook
[root@m01 ~]# ansible-vault view 1.yml 

# 编辑加密后的playbook
[root@m01 ~]# ansible-vault edit 1.yml 

# 重置密码
[root@m01 ~]# ansible-vault rekey 1.yml

# 执行带密码的ansible playbook
[root@m01 ~]# echo 111 > /tmp/ansible.pass
[root@m01 ~]# ansible-playbook -i /root/ansible/manager/hosts test.yml --vaultpassword-file=/tmp/ansible.pass

# 取消密码
[root@m01 ~]# ansible-vault decrypt 1.yml