avatar
文章
63
标签
44
分类
10
首页
时间轴
标签
分类
娱乐
友情链接
留言板
关于
WF's Blog
首页
时间轴
标签
分类
娱乐
友情链接
留言板
关于
8.Ansible roles 角色
|LNMP
字数总计:1.9k|阅读时长: 10 分钟
|阅读量:|评论数:

第9课 Ansible roles 角色(7/25)

第1章 ansible roles 介绍

官方地址:

https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html

第2章 角色目录结构

2.1 目录说明

官方的目录结构定义:

1
2
3
4
5
6
7
8
9
[root@ssh-61 ~]#  cd /etc/ansible/roles/
[root@ssh-61 /etc/ansible/roles]# tree
.
├── nfs                   #角色名称
│   ├── files             #存放需要copy的文件
│   ├── handlers          #触发任务剧本
│   ├── tasks             #具体任务剧本
│   ├── templates         #模版文件
│   └── vars              #存放变量文件

2.2 创建项目目录

因为每台服务器都需要创建用户组,用户,安装服务等,所以我们可以将这些相同的任务单独创建一个init初始化角色。

角色规划:

1
2
3
4
1.init      #初始化任务
2.rsync     #rsync服务
3.nfs       #nfs服务
4.lsyncd    #lsyncd服务

创建角色目录:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[root@ssh-61 ~]# cd /etc/ansible/roles/
[root@ssh-61 /etc/ansible/roles]# mkdir {init,nfs,rsync,lsyncd}/{vars,tasks,templates,handlers,files} -p 
[root@ssh-61 /etc/ansible/roles]# tree
.
├── init
│   ├── files
│   ├── handlers
│   ├── tasks
│   ├── templates
│   └── vars
├── lsyncd
│   ├── files
│   ├── handlers
│   ├── tasks
│   ├── templates
│   └── vars
├── nfs
│   ├── files
│   ├── handlers
│   ├── tasks
│   ├── templates
│   └── vars
└── rsync
    ├── files
    ├── handlers
    ├── tasks
    ├── templates
    └── vars

24 directories, 0 files

第3章 编写init角色剧本

3.1 创建项目目录

1
2
3
4
5
6
7
8
9
[root@ssh-61 ~]# cd /etc/ansible/roles/
[root@ssh-61 /etc/ansible/roles]# tree
.
├── init
│   ├── files
│   ├── handlers
│   ├── tasks
│   ├── templates
│   └── vars

3.2 编写tasks任务剧本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
[root@ssh-61 /etc/ansible/roles/init/tasks]# cat main.yml 
#01.关闭SElinux
- name: 01_disabled_selinux
  selinux:
    state: disabled
  tags: 01_disabled_selinux

#02.关闭防火墙
- name: 02_disabled_firewalld
  service: 
    name: firewalld
    enabled: no
  tags: 02_disabled_firewalld

#03.优化yum源
- name: 03_configure_yum
  get_url:  
    url: "{{ item.url }}"
    dest: "{{ item.dest }}"
  loop:
    - { url: 'http://mirrors.aliyun.com/repo/Centos-7.repo', dest: '/etc/yum.repos.d/CentOS-Base.repo' }
    - { url: 'http://mirrors.aliyun.com/repo/epel-7.repo', dest: '/etc/yum.repos.d/epel.repo' }

  tags: 03_configure_yum
  
#04.安装常用软件
- name: 04_install_service
  yum: 
    name: "{{ packages }}"
  vars:
    packages:
    - wget
    - tree
    - ntpdate
    - vim
    - bash-completion
    - bash-completion-extras
    - lrzsz
    - net-tools
    - sysstat
    - iotop
    - iftop
    - htop
    - unzip
    - telnet
  tags: 04_install_service

#05.创建用户组
- name: 05_create_group
  group: 
    name: www
    gid: 666
  tags: 05_create_group

#06.创建用户
- name: 06_create_user
  user: 
    name: www
    uid: 666
    group: www
    shell: /sbin/nologin
    create_home: no
  tags: 06_create_user

#07.创建目录
- name: 07_create_dir
  file:
    path: "{{ item.path }}"
    state: directory
    mode: 0755
    owner: www
    group: www
  loop:
    - { path: '/data' }
    - { path: '/backup' }
  tags: 07_create_dir

#08.创建时间同步任务
- name: 08_cron_ntpdate
  cron: 
    name: Time_Update
    minute: "*/5"
    job: '/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1'
  tags: 08_cron_ntpdate    

#09.优化ssh
- name: 09_copy_ssh
  template: 
    src: sshd_config.j2
    dest: /etc/ssh/sshd_config 
    backup: yes
  notify: restart sshd
  tags: 09_copy_ssh

3.3 编写jinja模版文件

1
2
3
[root@ssh-61 /etc/ansible/roles/init/templates]# tree
.
└── sshd_config.j2

3.4 编写handlers文件

1
2
3
4
5
[root@ssh-61 /etc/ansible/roles/init/handlers]# cat main.yml 
- name: restart sshd 
  service: 
    name: sshd 
    state: restarted

3.5 写主任务文件

1
2
3
4
[root@ssh-61 /etc/ansible/roles/site]# cat init.yml 
- hosts: webserver 
  roles:
    - init

3.6 最终目录

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@ssh-61 /etc/ansible/roles]# tree init
init
├── files
├── handlers
│   └── main.yml
├── tasks
│   └── main.yml
├── templates
│   └── sshd_config.j2
└── vars
[root@ssh-61 /etc/ansible/roles/site]# ll
total 4
-rw-r--r-- 1 root root 43 Jul 25 22:06 init.yml

第4章 编写rsync角色剧本

4.1 创建对应目录

1
mkdir /etc/ansible/roles/rsync_server/{vars,tasks,templates,handlers,files} -p

服务器端

4.2 编写任务剧本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[root@ssh-61 /etc/ansible/roles/rsync_server/tasks]# cat main.yml 
#01.拷贝rsync配置文件和密码文件
- name: 01_backup & copy
  template:
    src: "{{ item.src }}"
    dest: "/etc/{{ item.dest }}"
    mode: "{{ item.mode }}"
    backup: yes
  loop:
    - { src: 'rsyncd.conf.j2',  dest: 'rsyncd.conf',  mode: '0644' }
    - { src: 'rsync.passwd.j2', dest: 'rsync.passwd', mode: '0600' }
  notify: 
    - restart rsyncd
  tags: 01_copy_rsync.conf

#02.启动rsyncd服务
- name: 02_start_rsyncd
  service:
    name: rsyncd
    state: started
    enabled: yes
  tags: 02_start_rsyncd

4.3 编写jinja模版文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@ssh-61 /etc/ansible/roles/rsync_server/templates]# tree
.
├── rsyncd.conf.j2
└── rsync.passwd.j2
[root@ssh-61 /etc/ansible/roles/rsync_server/templates]# cat rsyncd.conf.j2 
uid = www 
gid = www 
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup

[data]
path = /data
[root@ssh-61 /etc/ansible/roles/rsync_server/templates]# cat rsync.passwd.j2 
{{ rsync_user }}:{{ rsync_passwd }}

4.4 编写变量文件

1
2
3
[root@ssh-61 /etc/ansible/roles/rsync_server/vars]# cat main.yml 
rsync_user: rsync_backup
rsync_passwd: oldboy

4.5 编写handlers文件

1
2
3
4
5
[root@ssh-61 /etc/ansible/roles/rsync_server/handlers]# cat main.yml
- name: restart rsyncd
  service: 
    name: rsyncd
    state: restarted

4.6 编写主任务文件

1
2
3
4
5
[root@ssh-61 /etc/ansible/roles/site]# cat rsync_server.yml
- hosts: rsync_server
  roles:
    - init
    - rsync_server

4.7 最终目录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@ssh-61 /etc/ansible/roles]# tree -L 3 rsync_server
rsync_server
├── files
├── handlers
│   └── main.yml
├── tasks
│   └── main.yml
├── templates
│   ├── rsyncd.conf.j2
│   └── rsync.passwd.j2
└── vars
    └── main.yml
[root@ssh-61 /etc/ansible/roles/site]# ll
-rw-r--r-- 1 root root 61 Jul 25 23:08 rsync_server.yml

第5章 编写nfs角色剧本

创建对应目录

1
mkdir /etc/ansible/roles/{nfs_server,nfs_client}/{vars,tasks,templates,handlers,files} -p

5.1 nfs服务器端

5.1.1 编写任务剧本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@ssh-61 /etc/ansible/roles/nfs_server/tasks]# cat main.yml 
#01.安装nfs服务
- name: 01_install_nfs_utils
  yum: 
    name: nfs-utils
    state: installed
  tags: 01_install_nfs_utils

#02. copy conf
- name: 02_copy_conf
  template:
    src: exports.j2
    dest: /etc/exports
    mode: 0600
  notify:
    - reloaded nfs
  tags: 02_copy_conf

#03.启动rpc nfs服务
- name: 03_start_rpc_nfs
  service:
    name: "{{ item }}"
    state: started
    enabled: yes
  loop:
    - rpcbind
    - nfs-server
  tags: 03_start_rpc_nfs

5.1.2 编写jinja模版文件

1
2
3
[root@ssh-61 /etc/ansible/roles/nfs_server/templates]# cat exports.j2 
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/backup 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

5.1.3 编写handlers文件

1
2
3
4
5
6
7
8
[root@ssh-61 /etc/ansible/roles/nfs_server/handlers]# cat main.yml 
- name: reloaded nfs
  service:
    name: "{{ item.name }}"
    state: "{{ item.state }}"
  loop:
    - { name: 'rpcbind', state: 'restarted' }
    - { name: 'nfs-server', state: 'reloaded' }

5.1.4 编写主任务文件

1
2
3
4
5
[root@ssh-61 /etc/ansible/roles/site]# cat nfs_server.yml
- hosts: nfs_server 
  roles:
    - init
    - nfs_server

5.1.5 最终目录

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@ssh-61 /etc/ansible/roles]# tree -F 3 nfs_server/
3 [error opening dir]
nfs_server/
├── files/
├── handlers/
│   └── main.yml
├── tasks/
│   └── main.yml
├── templates/
│   └── exports.j2
└── vars/
[root@ssh-61 /etc/ansible/roles/site]# ll
-rw-r--r-- 1 root root 59 Jul 25 23:53 nfs_server.yml

5.2 nfs客户端

5.2.1 编写任务剧本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@ssh-61 /etc/ansible/roles/nfs_client/tasks]# cat main.yml 
#01.安装nfs
- name: 01_install_nfs-utils
  yum:
    name: nfs-utils
    state: installed
  tags: 01_install_nfs-utils

#02.启动rpc服务
- name: 02_start_rpc
  service: 
    name: rpcbind
    state: started
    enabled: yes
  tags: 02_start_rpc

#挂载
- name: 03_mount_dir
  mount:
    path: "{{ item.path }}"
    src: "{{ item.src }}"
    fstype: nfs
    opts: defaults
    state: mounted
  loop:
    - { path: '/data',   src: '172.16.1.31:/data' }
    - { path: '/backup', src: '172.16.1.31:/backup' }
  tags: 03_mount_dir

5.2.2 编写主任务文件

1
2
3
4
5
[root@ssh-61 /etc/ansible/roles/site]# cat nfs_client.yml
- hosts: nfs_client
  roles:
   # - init
    - nfs_client

5.2.3 最终目录

1
2
3
4
5
6
7
8
9
10
11
[root@ssh-61 /etc/ansible/roles]# tree -F 3 nfs_client/
3 [error opening dir]
nfs_client/
├── files/
├── handlers/
├── tasks/
│   └── main.yml
├── templates/
└── vars/
[root@ssh-61 /etc/ansible/roles/site]# ll
-rw-r--r-- 1 root root 58 Jul 26 00:33 nfs_client.yml

第6章 编写lsyncd角色剧本

创建对应目录

1
mkdir /etc/ansible/roles/lsyncd/{vars,tasks,templates,handlers,files} -p

6.1 编写任务剧本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@ssh-61 /etc/ansible/roles/lsyncd/tasks]# cat main.yml 
#01.安装lsyncd服务
- name: 01_install_lsyncd
  yum:
    name: lsyncd
    state: installed
  tags: 01_install_lsyncd

#02.copy lsyncd的配置文件
- name: 02_copy_conf
  template:
    src: lsyncd.conf.j2
    dest: /etc/lsyncd.conf
    backup: yes
  notify: restart lsyncd
  tags: 02_copy_conf

#03.启动lsyncd服务
- name: 03_start_lsyncd
  service: 
    name: lsyncd
    state: started
  tags: 03_start_lsyncd

6.2 编写jinja模版文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
[root@ssh-61 /etc/ansible/roles/lsyncd]# tree templates/
templates/
└── lsyncd.conf.j2

[root@ssh-61 /etc/ansible/roles/lsyncd/templates]# cat lsyncd.conf.j2 
settings {
  logfile = "/var/log/lsyncd/lsyncd.log",
  statusFile = "/var/log/lsyncd/lsyncd.status",
  inotifyMode = "CloseWrite",
  maxProcesses = 8,
}
sync {
  default.rsync,
  source = "/data",
  target = "rsync_backup@172.16.1.41::data",
  delete= true,
  exclude = { ".*" },
  delay = 1,
  rsync = {
    binary = "/usr/bin/rsync",
    archive = true,
    compress = true,
    verbose = true,
    password_file = "/etc/rsync.passwd",
    _extra = {"--bwlimit=200"}
  }
}
sync {
  default.rsync,
  source = "/backup",
  target = "rsync_backup@172.16.1.41::backup",
  delete= true,
  exclude = { ".*" },
  delay = 1,
  rsync = {
    binary = "/usr/bin/rsync",
    archive = true,
    compress = true,
    verbose = true,
    password_file = "/etc/rsync.passwd",
    _extra = {"--bwlimit=200"}
  }
}

6.3 编写handlers文件

1
2
3
4
5
[root@ssh-61 /etc/ansible/roles/lsyncd/handlers]# cat main.yml 
- name: restart lsyncd
  service: 
    name: lsyncd
    state: restarted

6.4 编写主任务文件

1
2
3
4
5
[root@ssh-61 /etc/ansible/roles/site]# cat lsyncd.yml 
- hosts: lsyncd_server
  roles:
    #- init
    - lsyncd

6.5 最终目录

1
2
3
4
5
6
7
8
9
10
11
12
[root@ssh-61 /etc/ansible/roles]# tree -L 3 lsyncd
lsyncd
├── files
├── handlers
│   └── main.yml
├── tasks
│   └── main.yml
├── templates
│   └── lsyncd.conf.j2
└── vars
[root@ssh-61 /etc/ansible/roles/site]# ll
-rw-r--r-- 1 root root 56 Jul 26 01:20 lsyncd.yml
文章作者: Wu Fei
文章链接: http://linuxwf.com/2020/04/13/8-Ansible-roles-%E8%A7%92%E8%89%B2/
版权声明: 本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 WF's Blog
ansibleansible roles
打赏
  • 微信
    微信
  • 支付宝
    支付宝
相关推荐
2020-04-13
6.ansible服务
2020-04-13
7.Ansible playbook 剧本
评论