ansible roles 详解与实战案例
说明:
1、 运维人员使用的登录账号;
2、 所有的业务都放在 /app/ 下「yun用户的家目录」,避免业务数据乱放;
3、 该用户也被 ansible 使用,因为几乎所有的生产环境都是禁止 root 远程登录的(因此该 yun 用户也进行了 sudo 提权)。
1 # 使用一个专门的用户,避免直接使用root用户2 # 添加用户、指定家目录并指定用户密码3 # sudo提权4 # 让其它普通用户可以进入该目录查看信息5 uradd -u 1050 -d /app yun && echo '123456' | /usr/bin/passwd --stdin yun6 echo "yun all=(all) nopasswd: all" >> /etc/sudoers7 chmod 755 /app/
之后文章都是如下主机配置清单
1 [yun@ansi-manager ansible_info]$ pwd 2 /app/ansible_info 3 [yun@ansi-manager ansible_info]$ cat hosts_key 4 # 方式1、主机 + 端口 + 密钥 5 [managervers] 6 172.16.1.180:22 7 8 [proxyrvers] 9 172.16.1.18[1:2]:2210 11 # 方式2:别名 + 主机 + 端口 + 密码12 [webrvers]13 web01 ansible_ssh_host=172.16.1.183 ansible_ssh_port=2214 web02 ansible_ssh_host=172.16.1.184 ansible_ssh_port=2215 web03 ansible_ssh_host=172.16.1.185 ansible_ssh_port=22
前面已经学习了 变量、tasks 和 handlers,那怎样组织 playbook 才是最好的方式呢?
简单的回答就是:使用 roles。roles 基于一个已知的文件结构,去自动的加载某些 vars_files,tasks 以及 handlers。以便 playbook 更好的调用。相比 playbook,roles 的结构更加的清晰有层次。
假如:无论我们安装什么软件都会安装时间同步服务,那么每个 playbook 都要编写时间同步服务的 task。此时我们可以将时间同步温汤客舍服务 task 写好,等到用的时候再调用即可。
注意事项:在编写 roles 的时候,最好能够将一个 task 拆分为一个文件,方便后续复用「彻底打散」。
在 roles 目录下,可以使用如下命令创建目录
ansible-galaxy init nfs roles # 其中 nfs 为目录名称
这样创建的目录是全目录,但是我们可能只需要部分目录,因此实际应用中大多数都由我们自己创建目录,而不是用命令创建目录。
示例目录构造如下:
1 [yun@ansi-manager tmp]$ tree ./ 2 ./ 3 ├── sit.yml 4 ├── webrvers.yml 5 └── roles 6 └── nfs # 角色名称 7 ├── defaults # 角色默认变量(最低优先级) 8 │ └── main.yml 9 ├── files # 文件存放10 ├── handlers # 触发任务11 │ └── main.yml12 ├── meta # 依赖关系13 │ └── main.yml14 ├── readme.md # 使用说明15 ├── tasks # 具体任务16 │ └── main.yml17 ├── templates # 模板文件18 └── vars # 角色其他变量19 └── main.yml20 21 10 directories, 10 files
目录说明:
1、首先要有 roles 目录,然后在 roles 目录下创建相应的目录。
2、roles 下的目录名最好见文知意,如 common 目录表示基础目录,是必要的;nfs 目录表示安装 nfs 服务;memcached 目录表示安装 memcached 服务;等等。
3、可以根据自身需要创建 roles 下的二级目录,不需要的目录可以不创建,没需要全目录创建。
4、roles 目录下的二级目录中,有些目录必须包含一个 main.yml 文件,以便 ansible 使用。
roles 允许在使用 role 时自动引入其他 role。role简介个人简历s 的依赖关系存储在 role 目录中的 meta/main.yml 文件中。
例如:安装 wordpress 是需要先确保 nginx 和 php 都能正常运行,此时都可以在 wordpress 的 role 中定义依赖 nginx 和 php-fpm 的 role。
1 [yun@ansi-manager playbook]$ cat /app/roles/wordpress/meta/main.yml2 ---3 dependencies:4 - { role: nginx }5 - { role: php-fpm }
此时 wordpress 的 role 会先执行 nginx 的 role,然后执行 php-fpm 的 role,最后再执行 wordpress 本身的 role。
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ ll 4 total 4 5 drwxrwxr-x 2 yun yun 17 p 15 19:41 group_vars 6 -rw-rw-r-- 1 yun yun 108 p 15 19:37 nfs_rver.yml 7 drwxrwxr-x 4 yun yun 35 p 15 18:00 roles 8 [yun@ansi-manager ansible_roles]$ tree # 目录结构 9 .10 ├── group_vars11 │ └── all12 ├── nfs_rver.yml13 └── roles14 ├── nfs # 服务端15 │ ├── handlers16 │ │ └── main.yml17 离地球最近的星球 │ ├── tasks18 │ │ ├── config.yml19 │ │ ├── install.yml20 │ │ ├── main.yml21 │ │ ├── mkdir.yml22 │ │ ├── start_nfs.yml23 │ │ └── start_rpcbind.yml24 │ └── templates25 │ └── exports.j226 └── nfs_client # 客户端27 └── tasks28 └── main.yml29 30 9 directories, 11 files
目录结构
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ tree roles/nfs 4 roles/nfs 5 ├── handlers 6 │ └── main.yml 7 ├── tasks 8 │ ├── config.yml 9 │ ├── install.yml10 │ ├── main.yml11 │ ├── mkdir.yml12 │ ├── start_nfs.yml13 │ └── start_rpcbind.yml14 └── templates15 └── exports.j216 17 4 directories, 8 files
tasks任务目录信息
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/main.yml 2 - include_tasks: install.yml 3 - include_tasks: config.yml 4 - include_tasks: mkdir.yml 5 - include_tasks: start_rpcbind.yml 6 - include_tasks: start_nfs.yml 7 8 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/install.yml 9 - name: "install package nfs "10 yum:11 name:12 - nfs-utils13 - rpcbind14 state: prent15 16 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/config.yml 17 - name: "nfs rver config and edit restart"18 template:19 src: exports.j220 dest: /etc/exports21 owner: root22 group: root23 mode: '644'24 notify: "reload nfs rver"25 26 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/mkdir.yml 27 - name: "create nfs dir"28 file:29 path: /data30 owner: yun31 group: yun32 state: directory33 recur: yes34 35 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_rpcbind.yml 36 - name: "rpcbind rver start"37 systemd:38 name: rpcbind39 state: started40 daemon_reload: yes41 enabled: yes42 43 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_nfs.yml 44 - name: "nfs rver start"45 systemd:46 name: nfs47 state: started48 daemon_reload: yes49 enabled: yes
handlers任务目录信息
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/handlers/main.yml 2 - name: "reload nfs rver"3 systemd:4 name: nfs5 state: reloaded
模板目录信息
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/templates/exports.j2 2 {{ nfs_dir }} 172.16.1.0/24(rw,sync,root_squash,all_squash,anonuid=1050,anongid=1050)
客户端就比较简单了,就一个挂载任务
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs_client/tasks/main.yml 2 - name: "mount nfs rver"3 mount:4 src: 172.16.1.180:{{ nfs_dir }}5 path: /mnt6 fstype: nfs7 opts: defaults8 state: mounted
1 [yun@ansi-manager ansible_roles]$ pwd2 /app/ansible_info/ansible_roles3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 4 # nfs 服务端目录5 nfs_dir: /data
1 [yun@ansi-manager ansible_roles]$ cat nfs_rver.yml 2 --- 3 # nfs rver 4 - hosts: managervers 5 roles: 6 - nfs 7 8 - hosts: proxyrvers 9 roles:10 - nfs_client
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check nfs_rver.yml # 语法检测2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -c nfs_rver.yml # 预执行,测试执行3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key nfs_rver.yml # 执行
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ ll 4 total 8 5 -rw-rw-r-- 1 yun yun 71 p 16 09:05 memcached_rver.yml 6 drwxrwxr-x 5 yun yun 52 p 16 08:38 roles 7 [yun@ansi-manager ansible_roles]$ tree roles/ 8 roles/ 9 └── memcached10 ├── handlers11 │ └── main.yml12 ├── tasks13 │ ├── config.yml14 │ ├── install.yml15 │ ├── main.yml16 │ └── start.yml17 └── templates18 └── memcached.j219 20 11 directories, 15 files
目录结构
1 [yun@ansi-manager memcached]$ pwd 2 /app/ansible_info/ansible_roles/roles/memcached 3 [yun@ansi-manager memcached]$ ll 4 total 0 5 drwxrwxr-x 2 yun yun 22 p 16 08:56 handlers 6 drwxrwxr-x 2 yun yun 76 p 16 08:53 tasks 7 drwxrwxr-x 2 yun yun 26 p 16 08:55 templates 8 [yun@ansi-manager memcached]$ tree 9 .10 ├── handlers11 │ └── main.yml12 ├── tasks13 │ ├── config.yml14 │ ├── install.yml15 │ ├── main.yml16 │ └── start.yml17 └── templates18 └── memcached.j219 20 3 directories, 6 files
tasks任务目录信息
1 [yun@ansi-manager memcached]$ cat tasks/main.yml 2 - include_tasks: install.yml 3 - include_tasks: config.yml 4 - include_tasks: start.yml 5 6 [yun@ansi-manager memcached]$ cat tasks/install.yml 7 - name: " install package memcached" 8 yum: 9 name: memcached10 state: prent11 12 [yun@ansi-manager memcached]$ cat tasks/config.yml 13 - name: "memcached rver config and edit restart"14 template:15 src: memcached.j216 dest: /etc/sysconfig/memcached17 owner: root18 group: root19 mode: '644'20 notify: "restart memcached rver"21 22 [yun@ansi-manager memcached]$ cat tasks/start.yml 23 - name: "memcached rver start"24 systemd:25 name: memcached26 state: started27 daemon_reload: yes28 enabled: yes
handlers任务目录信息
1 [yun@ansi-manager memcached]$ cat handlers/main.yml 2 - name: "restart memcached rver"3 systemd:4 name: memcached5 state: restarted
模板目录信息
1 [yun@ansi-manager memcached]$ cat templates/memcached.j2 2 port="11211"3 ur="memcached"4 maxconn="1024"5 cachesize="{{ ansible_memtotal_mb // 2 }}"6 options=""
1 [yun@ansi-manager ansible_roles]$ cat memcached_rver.yml 2 ---3 # memcached rver4 - hosts: managervers5 roles:6 - memcached
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check memcached_rver.yml # 语法检测2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -c memcached_rver.yml # 预执行,测试执行3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key memcached_rver.yml # 执行
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ ll 4 total 12 5 drwxrwxr-x 2 yun yun 17 p 29 09:33 group_vars 6 drwxrwxr-x 7 yun yun 86 p 29 08:49 roles 7 -rw-rw-r-- 1 yun yun 116 p 29 09:50 rsyncd_rver.yml 8 [yun@ansi-manager ansible_roles]$ tree roles/ 9 roles/10 ├── rsync_client11 │ ├── tasks12 │ │ └── main.yml13 │ └── templates14 │ └── rsync.password.j215 └── rsyncd16 ├── handlers17 │ └── main.yml18 ├── tasks19 │ ├── config.yml20 │ ├── install.yml2抽血化验能查出什么1 │ ├── main.yml22 │ ├── mkdir.yml23 │ └── start_rsyncd.yml24 └── templates25 ├── rsyncd.conf.j226 └── rsync.password.j227 28 18 directories, 25 files
目录结构
1 [yun@ansi-manager rsyncd]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsyncd 3 [yun@ansi-manager rsyncd]$ tree 4 . 5 ├── handlers 6 │ └── main.yml 7 ├── tasks 8 │ ├── config.yml 9 │ ├── install.yml10 │ ├── main.yml11 │ ├── mkdir.yml12 │ └── start_rsyncd.yml13 └── templates14 ├── rsyncd.conf.j215 └── rsync.password.j216 17 3 directories, 8 files
tasks任务目录信息
1 [yun@ansi-manager rsyncd]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsyncd 3 [yun@ansi-manager rsyncd]$ cat tasks/main.yml 4 - inc英雄作文lude_tasks: install.yml 5 - include_tasks: config.yml 6 - include_tasks: mkdir.yml 7 - include_tasks: start_rsyncd.yml 8 9 [yun@ansi-manager rsyncd]$ cat tasks/install.yml 10 - name: "install package rsync"11 yum:12 name: rsync13 state: prent14 15 [yun@ansi-manager rsyncd]$ cat tasks/config.yml 16 - name: "rsyncd rver config and edit restart"17 template:18 src: rsyncd.conf.j219 dest: /etc/rsyncd.conf20 owner: root21 group: root22 mode: '644'23 notify: "restart rsyncd rver"24 25 - name: "rsyncd rver password file"26 template:27 src: rsync.password.j228 dest: /etc/rsync.password29 owner: root30 group: root31 mode: '400'32 33 [yun@ansi-manager rsyncd]$ cat tasks/mkdir.yml 34 - name: "create rsync business backup dir"35 file:36 path: /backup/busi_data37 owner: root38 group: root39 state: directory40 recur: yes41 42 - name: "create rsync databa backup dir"43 file:44 path: /backup/databa45 owner: root46 group: root47 state: directory48 recur: yes49 50 [yun@ansi-manager rsyncd]$ cat tasks/start_rsyncd.yml51 - name: "rsyncd rver start"52 systemd:53 name: rsyncd54 state: started55 daemon_reload: yes56 enabled: yes
handlers任务目录信息
1 [yun@ansi-manager rsyncd]$ cat handlers/main.yml 2 - name: "restart rsyncd rver"3 systemd:4 name: rsyncd5 state: restarted
模板目录信息
1 [yun@ansi-manager rsyncd]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsyncd 3 [yun@ansi-manager rsyncd]$ cat templates/rsyncd.conf.j2 # 文件1 4 # 备注:更多参数与更多详解,参见 man rsyncd.conf 5 #rsync_config---------------start 6 uid = root 7 gid = root 8 u chroot = fal 9 max connections = 20010 timeout = 10011 pid file = /var/run/rsyncd.pid12 lock file = /var/run/rsync.lock13 log file = /var/log/rsyncd.log14 dont compress = *.gz *.tgz *.zip *.z *.z *.rpm *.deb *.bz215 ignore errors = true16 read only = fal17 list = fal18 19 ## 注意为了避免困惑 hosts allow 和 hosts deny 请二选其一20 hosts allow = 172.16.1.0/24,10.9.0.0/16,120.27.48.17921 # hosts deny = 10.0.0.0/1622 # 支持多个认证账号23 auth urs = {{ auth_ur }}24 crets file = /etc/rsync.password25 26 27 # 数据备份 注意 path 目录的权限信息28 [back_data_module]29 path = /backup/busi_data/30 31 # 数据库备份 注意 path 目录的权限信息32 [back_db_module]33 path = /backup/databa/34 35 #rsync_config---------------end36 37 [yun@ansi-manager rsyncd]$ cat templates/rsync.password.j2 # 文件238 {{ auth_ur }}:{{ auth_pawd }}
1 [yun@ansi-manager rsync_client]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsync_client 3 [yun@ansi-manager rsync_client]$ tree # 目录结构 4 . 5 ├── tasks 6 │ └── main.yml 7 └── templates 8 └── rsync.password.j2 9 10 2 directories, 2 files11 [yun@ansi-manager rsync_client]$ cat tasks/main.yml # tasks 信息12 - name: "rsync passwrod file config"13 template:14 src: rsync.password.j215 dest: /etc/rsync.password16 owner: root17 group: root18 mode: '400'19 20 [yun@ansi-manager rsync_client]$ cat templates/rsync.password.j2 # 模板信息21 {{ auth_pawd }}
1 [yun@ansi-manager ansible_roles]$ pwd2 /app/ansible_info/ansible_roles3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 4 # nfs 服务端目录5 nfs_dir: /data6 # rsync daemon 使用7 auth_ur: rsync_backup8 auth_pawd: rsync_backup_pwd
1 [yun@ansi-manager ansible_roles]$ cat rsyncd_rver.yml 2 --- 3 # rsyncd rver 4 - hosts: managervers 5 roles: 6 - rsyncd 7 8 - hosts: proxyrvers 9 roles:10 - rsync_client
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check rsyncd_rver.yml # 语法检测2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -c rsyncd_rver.yml # 预执行,测试执行3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key rsyncd_rver.yml # 执行
https://galaxy.ansible.com
原文地址:/d/file/titlepic/12853045.html
本文发布于:2023-04-03 23:04:33,感谢您对本站的认可!
本文链接:https://www.wtabcd.cn/fanwen/zuowen/30432c52aca1cfc3ae75cb6aec2b216d.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文word下载地址:自动化运维工具Ansible之Roles测验详解.doc
本文 PDF 下载地址:自动化运维工具Ansible之Roles测验详解.pdf
| 留言与评论(共有 0 条评论) |
