准备工作
创建roles目录
# mkdir -pv /data/apps/ansible/roles/mysql-5.7/{files,tasks,handlers,templates,vars}
hosts
[ubuntu]
172.16.18.31 ansible_ssh_port=22 ansible_ssh_user=ubuntu hostname=app-01
测试连通性
# ansible ubuntu -m ping
172.16.18.247 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3"
},
"changed": false,
"ping": "pong"
}
创建角色相关文件
tasks/main.yml
- include: user.yml
- include: install_deps.yml
- include: config.yml
- include: unarchive.yml
- include: init.yml
- include: service.yml
- include: secure.yml
tasks/user.yml
- name: create mysql group
group:
name: mysql
state: present
gid: 227
- name: create mysql user
user:
name: mysql
group: mysql
shell: /bin/false
system: yes
comment: Mysql Server
uid: 227
home: /data/apps/mysql
tasks/install_deps.yml
- name: upgrade os software
apt: upgrade=yes update_cache=yes cache_valid_time=3600
- name: install packages for ubuntu22.04
apt:
name: libncurses-dev,libncurses5,expect
tasks/config.yml
- name: mkdir conf
file:
path: /data/apps/mysql/{{ item }}
state: directory
owner: mysql
group: mysql
with_items:
- data
- logs
- tmp
- name: my.cnf
template:
src: my.cnf.j2
dest: /data/apps/mysql/my.cnf
owner: mysql
group: mysql
tasks/unarchive.yml
- name: copy tar to remote host and file mode
unarchive:
src: mysql-5.7.40-linux-glibc2.12-x86_64.tar.gz
dest: /usr/local/
owner: mysql
group: mysql
- name: mkdir /usr/local/mysql
file:
src: mysql-5.7.40-linux-glibc2.12-x86_64
dest: /usr/local/mysql
state: link
tasks/init.yml
- name: init mysql
shell: /usr/local/mysql/bin/mysqld --defaults-file=/data/apps/mysql/my.cnf --user=mysql --datadir=/data/apps/mysql/data --initialize
tasks/service.yml
- name: service script
copy:
src: mysqld.service
dest: /lib/systemd/system/mysqld.service
- name: start service
service:
name: mysqld
state: started
enabled: yes
tasks/secure.yml
- name: link mysql.socke
file: src=/data/apps/mysql/mysql.sock dest=/tmp/mysql.sock state=link
- name: secure script
script: secure_mysql.sh
files/secure_mysql.sh
#!/bin/bash
init_passwd=`grep "temporary password is generated for root@localhost" /data/apps/mysql/logs/error.log | awk '{print $NF}'`
SQL_SECURE () {
/usr/bin/expect<<EOF
set time 5
spawn /usr/local/mysql/bin/mysql_secure_installation -S /data/apps/mysql/mysql.sock
expect {
"Enter password for user root: " { send "${init_passwd}\r"; exp_continue }
"New password:" { send "12345678\r"; exp_continue }
"Re-enter new password" { send "12345678\r"; exp_continue }
"Press y|Y for Yes, any other key for No" { send "y\r"; exp_continue }
"Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG" { send "2\r"; exp_continue }
"Press y|Y for Yes, any other key for No)" { send "n\r"; exp_continue }
"Remove anonymous users" { send "y\r"; exp_continue }
"Disallow root login remotely" { send "y\r"; exp_continue }
"Remove test database and access to it" { send "y\r"; exp_continue }
"Reload privilege tables now" { send "y\r"; exp_continue }
}
EOF
}
SQL_SECURE
templates/my.cnf.j2
server-id={{ server_id }}
查看相关文件
# tree /data/apps/ansible/roles/mysql-5.7/
/data/apps/ansible/roles/mysql-5.7/
├── files
│ ├── mysql-5.7.40-linux-glibc2.12-x86_64.tar.gz
│ ├── mysqld.service
│ └── secure_mysql.sh
├── handlers
├── tasks
│ ├── config.yml
│ ├── init.yml
│ ├── install_deps.yml
│ ├── main.yml
│ ├── secure.yml
│ ├── service.yml
│ ├── unarchive.yml
│ └── user.yml
├── templates
│ └── my.cnf.j2
└── vars
5 directories, 12 files
playbook调用角色
mysql_roles.yml
- hosts: ubuntu
remote_user: ubuntu
become: yes
roles:
- role: mysql-5.7
server_id: 100
运行playbook
# ansible-playbook mysql_roles.yml
