ansible roles规则

一、Ansible Roles简介

1.概述

roles不管是Ansible还是saltstack,我在写一键部署的时候,都不可能把所有的步骤全部写入到一个'剧本'文件当中,
我们肯定需要把不同的工作模块,拆分开来,解耦,那么说到解耦,我们就需要用到roles官方推荐,因为roles的目录结构层次更加清晰。

例如:我们之前推荐大家写一个base.yml里面写所有基础优化的项目,其实把所有东西摞进去也是很鸡肋的,
不如我们把这些功能全部拆分开,谁需要使用,就调用即可。

建议:每个roles最好只使用一个tasks这样方便我们去调用,能够很好的做到解耦。(SOA)

2.目录结构

production                # inventory file for production servers
staging                   # inventory file for staging environment

group_vars/
   group1.yml             # here we assign variables to particular groups
   group2.yml
host_vars/
   hostname1.yml          # here we assign variables to particular systems
   hostname2.yml

library/                  # if any custom modules, put them here (optional)
module_utils/             # if any custom module_utils to support modules, put them here (optional)
filter_plugins/           # if any custom filter plugins, put them here (optional)

site.yml                  # master playbook
webservers.yml            # playbook for webserver tier
dbservers.yml             # playbook for dbserver tier

roles/
    common/               # this hierarchy represents a "role"
        tasks/            #
            main.yml      #  <-- tasks file can include smaller files if warranted
        handlers/         #
            main.yml      #  <-- handlers file
        templates/        #  <-- files for use with the template resource
            ntp.conf.j2   #  <------- templates end in .j2
        files/            #
            bar.txt       #  <-- files for use with the copy resource
            foo.sh        #  <-- script files for use with the script resource
        vars/             #
            main.yml      #  <-- variables associated with this role
        defaults/         #
            main.yml      #  <-- default lower priority variables for this role
        meta/             #
            main.yml      #  <-- role dependencies
        library/          # roles can also include custom modules
        module_utils/     # roles can also include custom module_utils
        lookup_plugins/   # or other types of plugins, like lookup in this case

    webtier/              # same kind of structure as "common" was above, done for the webtier role
    monitoring/           # ""
    fooapp/               # ""

3.创建roles目录

1)手动创建

[root@m01 ~]# mkdir /project
[root@m01 ~]# cd /project/
[root@m01 /project]# touch site.yml
[root@m01 /project]# mkdir roles
[root@m01 /project]# cd roles/
[root@m01 /project/roles]# mkdir {nginx,php,myriadb,nfs-server,nfs-client}

2)使用命令创建

[root@m01 /project/roles]# ansible-galaxy init nginx
- Role nginx was created successfully
[root@m01 /project/roles]# tree ./
./
├── mariadb
├── nfs-client
├── nfs-server
├── nginx
│   ├── defaults
│   │   └── main.yml
│   ├── files
│   ├── handlers
│   │   └── main.yml
│   ├── meta
│   │   └── main.yml
│   ├── README.md
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   ├── tests
│   │   ├── inventory
│   │   └── test.yml
│   └── vars
│       └── main.yml
└── php

13 directories, 8 files
[root@m01 /project/roles]#

4.Ansible Roles 依赖

roles允许你再使用roles时自动引入其他的roles。role依赖关系存储在roles目录中meta/main.yml文件中。

   例如:推送wordpress并解压,前提条件,必须要安装nginx和php,把服务跑起来,
   才能运行wordpress的页面,此时我们就可以在wordpress的roles中定义依赖nginx和php的roles

[root@m01 roles]# vim /etc/ansible/roles/wordpress/meta/main.yml
dependencies:
  - { role: nginx }
  - { role: php }
  
如果编写了meta目录下的main.yml文件,那么Ansible会自动先执行meta目录中main.yml文件中的dependencies文件,
如上所示,就会先执行nginx和php的安装。

二、playbook重构

1.配置主机清单和hosts

1)主机清单

[root@m01 ~]# cat /etc/ansible/hosts 
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'

[slb]
lb01 ansible_ssh_pass='1'
lb02 ansible_ssh_pass='1'

[db_group]
db01 ansible_ssh_pass='1'

[nfs_server]
nfs ansible_ssh_pass='1'

[backup_server]
backup ansible_ssh_pass='1'

[nginx_group:children]
web_group
slb

[nfs_group:children]
nfs_server
web_group

[nginx_group:vars]
web=host_vars

2)hosts文件

[root@m01 ~]# vim /etc/hosts
172.16.1.4 lb01
172.16.1.5 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.31 nfs
172.16.1.41 backup
172.16.1.51 db01

2.配置优化部分

1)创建优化部分的roles结构

[root@m01 ~]# mkdir /project
[root@m01 ~]# cd /project/
[root@m01 /project]# touch site.yml
[root@m01 /project]# mkdir roles
[root@m01 /project]# cd roles/
[root@m01 /project/roles]# ansible-galaxy init base
- Role base was created successfully

2)准备优化的文件

[root@m01 /project/roles]# cd base/files/
[root@m01 /project/roles/base/files]# cp /etc/yum.repos.d/* ./
[root@m01 /project/roles/base/files]# cp /etc/sysctl.conf ./

3)编写playbook

[root@m01 /project/roles/base/files]# cd ..
[root@m01 /project/roles/base]# vim tasks/main.yml 
- name: Stop Selinux
  selinux:
    state: disabled

- name: Stop Firewalld
  systemd:
    name: firewalld
    state: stopped

- name: Create www Group
  group:
    name: www
    gid: 666

- name: Create www User
  user:
    name: www
    group: www
    uid: 666
    shell: /sbin/nologin
    create_home: no

- name: Install Unzip Server
  yum:
    name: unzip
    state: present

3.安装nginx部分

1)创建Roles结构

[root@m01 /project/roles]# ansible-galaxy init nginx
- Role nginx was created successfully

2)准备文件

[root@m01 /project/roles/nginx]# cp /root/conf/nginx.conf ./files/
[root@m01 /project/roles/nginx]# cp /etc/yum.repos.d/nginx.repo ./files/

3)编写palybook

[root@m01 /project/roles/nginx]# cat tasks/main.yml 
- name: Copy nginx Repo
  copy:
    src: nginx.repo
    dest: /etc/yum.repos.d/

- name: Install Nginx Server
  yum:
    name: nginx
    state: present

- name: Config Nginx Server
  copy:
    src: nginx.conf
    dest: /etc/nginx/
  notify: restart_nginx

- name: Start Nginx Server
  systemd:
    name: nginx
    state: started

4)编写触发器

[root@m01 /project/roles/nginx]# vim handlers/main.yml 
- name: restart_nginx
  systemd:
    name: nginx
    state: restarted

4.安装php

1)创建roles结构

[root@m01 /project/roles]# ansible-galaxy init php
- Role php was created successfully

2)准备php的文件

[root@m01 /project/roles]# cp /root/package/php.tar.gz php/files/
[root@m01 /project/roles]# cp /root/conf/php.ini php/files/
[root@m01 /project/roles]# cp /root/conf/www.conf php/files/

3)编写playbook

[root@m01 /project/roles]# cat php/tasks/main.yml 
- name: Tar php.tar.gz
  unarchive:
    src: php.tar.gz
    dest: /tmp/

- name: Install PHP Server
  shell: "yum localinstall -y /tmp/*.rpm"

- name: Config PHP Server
  copy:
    src: php.ini
    dest: /etc/
  notify: restart_php

- name: Config PHP Server
  copy:
    src: www.conf
    dest: /etc/php-fpm.d/
  notify: restart_php

- name: Start PHP Server
  systemd:
    name: php-fpm
    state: started

4)编写触发器

[root@m01 /project/roles]# vim php/handlers/main.yml 
- name: restart_php
  systemd:
    name: php-fpm
    state: restarted

5.安装mariadb

1)创建目录结构

[root@m01 /project/roles]# ansible-galaxy init mariadb
- Role mariadb was created successfully

2)配置playbook

[root@m01 /project/roles]# vim mariadb/tasks/main.yml 
- name: Install Mariadb Server
  yum:
    name: "{{ item.name }}"
    state: present
  with_items:
    - { name: mariadb-server }
    - { name: MySQL-python }

- name: Start Mariadb Server
  systemd:
    name: mariadb
    state: started
    enabled: yes

6.搭建博客

1)创建结构

[root@m01 /project/roles]# ansible-galaxy init wordpress
- Role wordpress was created successfully

2)准备文件

[root@m01 /project/roles]# cp /root/conf/linux.wp.com.conf ./wordpress/files/
[root@m01 /project/roles]# cd wordpress/files/
[root@m01 /project/roles/wordpress/files]# rz wordpress.tar.gz
[root@m01 /project/roles/wordpress/files]# cp /root/conf/wp-config.php ./

3)编写playbook

#安装wordpress部分
[root@m01 /project/roles/wordpress]# cat tasks/main.yml 
- name: Mkdir code
  file:
    path: /code
    state: directory
    owner: www
    group: www

- name: Tar wordpress.tar.gz
  unarchive:
    src: wordpress.tar.gz
    dest: /code/
    owner: www
    group: www
    recurse: yes

- name: Config wordpress conf
  copy:
    src: linux.wp.com.conf
    dest: /etc/nginx/conf.d/
  notify: restart_wp_nginx

4)编写触发器

[root@m01 /project/roles/wordpress]# vim handlers/main.yml 
- name: restart_wp_nginx
  systemd:
    name: nginx
    state: restarted

5)编写建库palybook

#建库的目录结构
[root@m01 /project/roles]# ansible-galaxy init database
- Role database was created successfully
#编写playbook
[root@m01 /project/roles]# vim database/tasks/main.yml 
- name: Create worpdress Database
  mysql_db:
    name: wordpress
    state: present

- name: Create wp Database User
  mysql_user:
    name: "wp"
    host: "172.16.1.%"
    password: '123456'
    priv: "wordpress.*:ALL"
    state: present

7.负载均衡

1)创建结构

[root@m01 /project/roles]# ansible-galaxy init slb
- Role slb was created successfully

2)准备文件

[root@m01 /project/roles]# cp /root/conf/proxy.j2 ./slb/templates/
[root@m01 /project/roles]# cp /root/conf/proxy_params ./slb/files/

3)编写playbook

[root@m01 /project]# vim roles/slb/tasks/main.yml 
- name: Config slb Server
  template:
    src: proxy.j2
    dest: /etc/nginx/conf.d/proxy.conf
  notify: restart_slb

- name: Copy proxy_params
  copy:
    src: proxy_params
    dest: /etc/nginx/

- name: Start Web Nginx Server
  systemd:
    name: nginx
    state: started
    enabled: yes

4)编写触发器

[root@m01 /project/roles]# vim slb/handlers/main.yml 
- name: restart_slb
  systemd:
    name: nginx
    state: restarted

5)配置依赖

[root@m01 /project/roles]# vim slb/meta/main.yml 
dependencies:
  - { role: nginx }

8.配置高可用

1)创建结构目录

[root@m01 /project/roles]# ansible-galaxy init keepalived
- Role keepalived was created successfully

2)准备文件

[root@m01 /project/roles]# cp /root/conf/keepalived.j2 ./keepalived/templates/

3)编写palybook

[root@m01 /project/roles]# vim keepalived/tasks/main.yml 
- name: Install keepalived
  yum:
    name: keepalived
    state: present

- name: Config keepalive
  template:
    src: keepalived.j2
    dest: /etc/keepalived/keepalived.conf

- name: Start keepalived
  systemd:
    name: keepalived
    state: restarted

9.配置总调用

[root@m01 /project]# vim site.yml 
- hosts: all
  roles:
    - role: base
    - role: nginx
      when: ansible_fqdn is match "web*"
    - role: php
      when: ansible_fqdn is match "web*"
    - role: mariadb
      when: ansible_fqdn == "db01"
    - role: database
      when: ansible_fqdn == "db01"
    - role: wordpress
      when: ansible_fqdn is match "web*"      
    - role: slb
      when: ansible_fqdn is match "lb*"
    - role: keepalived
posted @ 2020-09-27 14:55  nick_xm  阅读(300)  评论(0编辑  收藏  举报