Ansible Roles 詳解與實戰案例 主機規劃 添加用戶賬號 說明: 1、 運維人員使用的登錄賬號; 2、 所有的業務都放在 /app/ 下「yun用戶的家目錄」,避免業務數據亂放; 3、 該用戶也被 ansible 使用,因為幾乎所有的生產環境都是禁止 root 遠程登錄的(因此該 yun ...
Ansible Roles 詳解與實戰案例
主機規劃
添加用戶賬號
說明:
1、 運維人員使用的登錄賬號;
2、 所有的業務都放在 /app/ 下「yun用戶的家目錄」,避免業務數據亂放;
3、 該用戶也被 ansible 使用,因為幾乎所有的生產環境都是禁止 root 遠程登錄的(因此該 yun 用戶也進行了 sudo 提權)。
1 # 使用一個專門的用戶,避免直接使用root用戶 2 # 添加用戶、指定家目錄並指定用戶密碼 3 # sudo提權 4 # 讓其它普通用戶可以進入該目錄查看信息 5 useradd -u 1050 -d /app yun && echo '123456' | /usr/bin/passwd --stdin yun 6 echo "yun ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers 7 chmod 755 /app/
Ansible 配置清單Inventory
之後文章都是如下主機配置清單
1 [yun@ansi-manager ansible_info]$ pwd 2 /app/ansible_info 3 [yun@ansi-manager ansible_info]$ cat hosts_key 4 # 方式1、主機 + 埠 + 密鑰 5 [manageservers] 6 172.16.1.180:22 7 8 [proxyservers] 9 172.16.1.18[1:2]:22 10 11 # 方式2:別名 + 主機 + 埠 + 密碼 12 [webservers] 13 web01 ansible_ssh_host=172.16.1.183 ansible_ssh_port=22 14 web02 ansible_ssh_host=172.16.1.184 ansible_ssh_port=22 15 web03 ansible_ssh_host=172.16.1.185 ansible_ssh_port=22
Ansible Roles 基本概述
前面已經學習了 變數、tasks 和 handlers,那怎樣組織 playbook 才是最好的方式呢?
簡單的回答就是:使用 roles。roles 基於一個已知的文件結構,去自動的載入某些 vars_files,tasks 以及 handlers。以便 playbook 更好的調用。相比 playbook,roles 的結構更加的清晰有層次。
假如:無論我們安裝什麼軟體都會安裝時間同步服務,那麼每個 playbook 都要編寫時間同步服務的 task。此時我們可以將時間同步服務 task 寫好,等到用的時候再調用即可。
註意事項:在編寫 roles 的時候,最好能夠將一個 task 拆分為一個文件,方便後續復用「徹底打散」。
Roles 目錄結構
在 roles 目錄下,可以使用如下命令創建目錄
ansible-galaxy init nfs roles # 其中 nfs 為目錄名稱
這樣創建的目錄是全目錄,但是我們可能只需要部分目錄,因此實際應用中大多數都由我們自己創建目錄,而不是用命令創建目錄。
示例目錄構造如下:
1 [yun@ansi-manager tmp]$ tree ./ 2 ./ 3 ├── sit.yml 4 ├── webservers.yml 5 └── roles 6 └── nfs # 角色名稱 7 ├── defaults # 角色預設變數(最低優先順序) 8 │ └── main.yml 9 ├── files # 文件存放 10 ├── handlers # 觸發任務 11 │ └── main.yml 12 ├── meta # 依賴關係 13 │ └── main.yml 14 ├── README.md # 使用說明 15 ├── tasks # 具體任務 16 │ └── main.yml 17 ├── templates # 模板文件 18 └── vars # 角色其他變數 19 └── main.yml 20 21 10 directories, 10 files
目錄說明:
1、首先要有 roles 目錄,然後在 roles 目錄下創建相應的目錄。
2、roles 下的目錄名最好見文知意,如 common 目錄表示基礎目錄,是必要的;nfs 目錄表示安裝 nfs 服務;memcached 目錄表示安裝 memcached 服務;等等。
3、可以根據自身需要創建 roles 下的二級目錄,不需要的目錄可以不創建,沒需要全目錄創建。
4、roles 目錄下的二級目錄中,有些目錄必須包含一個 main.yml 文件,以便 ansible 使用。
Roles 依賴關係
roles 允許在使用 role 時自動引入其他 role。roles 的依賴關係存儲在 role 目錄中的 meta/main.yml 文件中。
例如:安裝 WordPress 是需要先確保 Nginx 和 PHP 都能正常運行,此時都可以在 WordPress 的 role 中定義依賴 Nginx 和 php-fpm 的 role。
1 [yun@ansi-manager playbook]$ cat /app/roles/wordpress/meta/main.yml 2 --- 3 dependencies: 4 - { role: nginx } 5 - { role: php-fpm }
此時 WordPress 的 role 會先執行 Nginx 的 role,然後執行 php-fpm 的 role,最後再執行 WordPress 本身的 role。
Ansible Roles 案例實戰-部署 NFS 服務
整體目錄結構
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ ll 4 total 4 5 drwxrwxr-x 2 yun yun 17 Sep 15 19:41 group_vars 6 -rw-rw-r-- 1 yun yun 108 Sep 15 19:37 nfs_server.yml 7 drwxrwxr-x 4 yun yun 35 Sep 15 18:00 roles 8 [yun@ansi-manager ansible_roles]$ tree # 目錄結構 9 . 10 ├── group_vars 11 │ └── all 12 ├── nfs_server.yml 13 └── roles 14 ├── nfs # 服務端 15 │ ├── handlers 16 │ │ └── main.yml 17 │ ├── tasks 18 │ │ ├── config.yml 19 │ │ ├── install.yml 20 │ │ ├── main.yml 21 │ │ ├── mkdir.yml 22 │ │ ├── start_NFS.yml 23 │ │ └── start_rpcbind.yml 24 │ └── templates 25 │ └── exports.j2 26 └── nfs_client # 客戶端 27 └── tasks 28 └── main.yml 29 30 9 directories, 11 files
服務端信息
目錄結構
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ tree roles/nfs 4 roles/nfs 5 ├── handlers 6 │ └── main.yml 7 ├── tasks 8 │ ├── config.yml 9 │ ├── install.yml 10 │ ├── main.yml 11 │ ├── mkdir.yml 12 │ ├── start_NFS.yml 13 │ └── start_rpcbind.yml 14 └── templates 15 └── exports.j2 16 17 4 directories, 8 files
tasks任務目錄信息
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/main.yml 2 - include_tasks: install.yml 3 - include_tasks: config.yml 4 - include_tasks: mkdir.yml 5 - include_tasks: start_rpcbind.yml 6 - include_tasks: start_NFS.yml 7 8 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/install.yml 9 - name: "install package NFS " 10 yum: 11 name: 12 - nfs-utils 13 - rpcbind 14 state: present 15 16 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/config.yml 17 - name: "NFS server config and edit restart" 18 template: 19 src: exports.j2 20 dest: /etc/exports 21 owner: root 22 group: root 23 mode: '644' 24 notify: "reload NFS server" 25 26 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/mkdir.yml 27 - name: "create NFS dir" 28 file: 29 path: /data 30 owner: yun 31 group: yun 32 state: directory 33 recurse: yes 34 35 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_rpcbind.yml 36 - name: "rpcbind server start" 37 systemd: 38 name: rpcbind 39 state: started 40 daemon_reload: yes 41 enabled: yes 42 43 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_NFS.yml 44 - name: "NFS server start" 45 systemd: 46 name: nfs 47 state: started 48 daemon_reload: yes 49 enabled: yes
handlers任務目錄信息
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/handlers/main.yml 2 - name: "reload NFS server" 3 systemd: 4 name: nfs 5 state: reloaded
模板目錄信息
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/templates/exports.j2 2 {{ nfs_dir }} 172.16.1.0/24(rw,sync,root_squash,all_squash,anonuid=1050,anongid=1050)
客戶端信息
客戶端就比較簡單了,就一個掛載任務
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs_client/tasks/main.yml 2 - name: "mount NFS server" 3 mount: 4 src: 172.16.1.180:{{ nfs_dir }} 5 path: /mnt 6 fstype: nfs 7 opts: defaults 8 state: mounted
變數信息
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 4 # NFS 服務端目錄 5 nfs_dir: /data
playbook 信息
1 [yun@ansi-manager ansible_roles]$ cat nfs_server.yml 2 --- 3 # NFS server 4 - hosts: manageservers 5 roles: 6 - nfs 7 8 - hosts: proxyservers 9 roles: 10 - nfs_client
任務執行
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check nfs_server.yml # 語法檢測 2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C nfs_server.yml # 預執行,測試執行 3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key nfs_server.yml # 執行
Ansible Roles 案例實戰-部署 memcached 服務
整體目錄結構
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ ll 4 total 8 5 -rw-rw-r-- 1 yun yun 71 Sep 16 09:05 memcached_server.yml 6 drwxrwxr-x 5 yun yun 52 Sep 16 08:38 roles 7 [yun@ansi-manager ansible_roles]$ tree roles/ 8 roles/ 9 └── memcached 10 ├── handlers 11 │ └── main.yml 12 ├── tasks 13 │ ├── config.yml 14 │ ├── install.yml 15 │ ├── main.yml 16 │ └── start.yml 17 └── templates 18 └── memcached.j2 19 20 11 directories, 15 files
服務信息
目錄結構
1 [yun@ansi-manager memcached]$ pwd 2 /app/ansible_info/ansible_roles/roles/memcached 3 [yun@ansi-manager memcached]$ ll 4 total 0 5 drwxrwxr-x 2 yun yun 22 Sep 16 08:56 handlers 6 drwxrwxr-x 2 yun yun 76 Sep 16 08:53 tasks 7 drwxrwxr-x 2 yun yun 26 Sep 16 08:55 templates 8 [yun@ansi-manager memcached]$ tree 9 . 10 ├── handlers 11 │ └── main.yml 12 ├── tasks 13 │ ├── config.yml 14 │ ├── install.yml 15 │ ├── main.yml 16 │ └── start.yml 17 └── templates 18 └── memcached.j2 19 20 3 directories, 6 files
tasks任務目錄信息
1 [yun@ansi-manager memcached]$ cat tasks/main.yml 2 - include_tasks: install.yml 3 - include_tasks: config.yml 4 - include_tasks: start.yml 5 6 [yun@ansi-manager memcached]$ cat tasks/install.yml 7 - name: " install package memcached" 8 yum: 9 name: memcached 10 state: present 11 12 [yun@ansi-manager memcached]$ cat tasks/config.yml 13 - name: "memcached server config and edit restart" 14 template: 15 src: memcached.j2 16 dest: /etc/sysconfig/memcached 17 owner: root 18 group: root 19 mode: '644' 20 notify: "restart memcached server" 21 22 [yun@ansi-manager memcached]$ cat tasks/start.yml 23 - name: "memcached server start" 24 systemd: 25 name: memcached 26 state: started 27 daemon_reload: yes 28 enabled: yes
handlers任務目錄信息
1 [yun@ansi-manager memcached]$ cat handlers/main.yml 2 - name: "restart memcached server" 3 systemd: 4 name: memcached 5 state: restarted
模板目錄信息
1 [yun@ansi-manager memcached]$ cat templates/memcached.j2 2 PORT="11211" 3 USER="memcached" 4 MAXCONN="1024" 5 CACHESIZE="{{ ansible_memtotal_mb // 2 }}" 6 OPTIONS=""
playbook 信息
1 [yun@ansi-manager ansible_roles]$ cat memcached_server.yml 2 --- 3 # memcached server 4 - hosts: manageservers 5 roles: 6 - memcached
任務執行
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check memcached_server.yml # 語法檢測 2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C memcached_server.yml # 預執行,測試執行 3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key memcached_server.yml # 執行
Ansible Roles 案例實戰-部署 Rsync 服務
整體目錄結構
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ ll 4 total 12 5 drwxrwxr-x 2 yun yun 17 Sep 29 09:33 group_vars 6 drwxrwxr-x 7 yun yun 86 Sep 29 08:49 roles 7 -rw-rw-r-- 1 yun yun 116 Sep 29 09:50 rsyncd_server.yml 8 [yun@ansi-manager ansible_roles]$ tree roles/ 9 roles/ 10 ├── rsync_client 11 │ ├── tasks 12 │ │ └── main.yml 13 │ └── templates 14 │ └── rsync.password.j2 15 └── rsyncd 16 ├── handlers 17 │ └── main.yml 18 ├── tasks 19 │ ├── config.yml 20 │ ├── install.yml 21 │ ├── main.yml 22 │ ├── mkdir.yml 23 │ └── start_rsyncd.yml 24 └── templates 25 ├── rsyncd.conf.j2 26 └── rsync.password.j2 27 28 18 directories, 25 files
服務端信息
目錄結構
1 [yun@ansi-manager rsyncd]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsyncd 3 [yun@ansi-manager rsyncd]$ tree 4 . 5 ├── handlers 6 │ └── main.yml 7 ├── tasks 8 │ ├── config.yml 9 │ ├── install.yml 10 │ ├── main.yml 11 │ ├── mkdir.yml 12 │ └── start_rsyncd.yml 13 └── templates 14 ├── rsyncd.conf.j2 15 └── rsync.password.j2 16 17 3 directories, 8 files
tasks任務目錄信息
1 [yun@ansi-manager rsyncd]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsyncd 3 [yun@ansi-manager rsyncd]$ cat tasks/main.yml 4 - include_tasks: install.yml 5 - include_tasks: config.yml 6 - include_tasks: mkdir.yml 7 - include_tasks: start_rsyncd.yml 8 9 [yun@ansi-manager rsyncd]$ cat tasks/install.yml 10 - name: "Install package rsync" 11 yum: 12 name: rsync 13 state: present 14 15 [yun@ansi-manager rsyncd]$ cat tasks/config.yml 16 - name: "rsyncd server config and edit restart" 17 template: 18 src: rsyncd.conf.j2 19 dest: /etc/rsyncd.conf 20 owner: root 21 group: root 22 mode: '644' 23 notify: "restart rsyncd server" 24 25 - name: "rsyncd server password file" 26 template: 27 src: rsync.password.j2 28 dest: /etc/rsync.password 29 owner: root 30 group: root 31 mode: '400' 32 33 [yun@ansi-manager rsyncd]$ cat tasks/mkdir.yml 34 - name: "create rsync business backup dir" 35 file: 36 path: /backup/busi_data 37 owner: root 38 group: root 39 state: directory 40 recurse: yes 41 42 - name: "create rsync database backup dir" 43 file: 44 path: /backup/database 45 owner: root 46 group: root 47 state: directory 48 recurse: yes 49 50 [yun@ansi-manager rsyncd]$ cat tasks/start_rsyncd.yml 51 - name: "rsyncd server start" 52 systemd: 53 name: rsyncd 54 state: started 55 daemon_reload: yes 56 enabled: yes
handlers任務目錄信息
1 [yun@ansi-manager rsyncd]$ cat handlers/main.yml 2 - name: "restart rsyncd server" 3 systemd: 4 name: rsyncd 5 state: restarted
模板目錄信息
1 [yun@ansi-manager rsyncd]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsyncd 3 [yun@ansi-manager rsyncd]$ cat templates/rsyncd.conf.j2 # 文件1 4 # 備註:更多參數與更多詳解,參見 man rsyncd.conf 5 #rsync_config---------------start 6 uid = root 7 gid = root 8 use chroot = false 9 max connections = 200 10 timeout = 100 11 pid file = /var/run/rsyncd.pid 12 lock file = /var/run/rsync.lock 13 log file = /var/log/rsyncd.log 14 dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 15 ignore errors = true 16 read only = false 17 list = false 18 19 ## 註意為了避免困惑 hosts allow 和 hosts deny 請二選其一 20 hosts allow = 172.16.1.0/24,10.9.0.0/16,120.27.48.179 21 # hosts deny = 10.0.0.0/16 22 # 支持多個認證賬號 23 auth users = {{ auth_user }} 24 secrets file = /etc/rsync.password 25 26 27 # 數據備份 註意 path 目錄的許可權信息 28 [back_data_module] 29 path = /backup/busi_data/ 30 31 # 資料庫備份 註意 path 目錄的許可權信息 32 [back_db_module] 33 path = /backup/database/ 34 35 #rsync_config---------------end 36 37 [yun@ansi-manager rsyncd]$ cat templates/rsync.password.j2 # 文件2 38 {{ auth_user }}:{{ auth_pawd }}
客戶端信息
1 [yun@ansi-manager rsync_client]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsync_client 3 [yun@ansi-manager rsync_client]$ tree # 目錄結構 4 . 5 ├── tasks 6 │ └── main.yml 7 └── templates 8 └── rsync.password.j2 9 10 2 directories, 2 files 11 [yun@ansi-manager rsync_client]$ cat tasks/main.yml # tasks 信息 12 - name: "rsync passwrod file config" 13 template: 14 src: rsync.password.j2 15 dest: /etc/rsync.password 16 owner: root 17 group: root 18 mode: '400' 19 20 [yun@ansi-manager rsync_client]$ cat templates/rsync.password.j2 # 模板信息 21 {{ auth_pawd }}
變數信息
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 4 # NFS 服務端目錄 5 nfs_dir: /data 6 # rsync daemon 使用 7 auth_user: rsync_backup 8 auth_pawd: rsync_backup_pwd
playbook 信息
1 [yun@ansi-manager ansible_roles]$ cat rsyncd_server.yml 2 --- 3 # rsyncd server 4 - hosts: manageservers 5 roles: 6 - rsyncd 7 8 - hosts: proxyservers 9 roles: 10 - rsync_client
任務執行
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check rsyncd_server.yml # 語法檢測 2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C rsyncd_server.yml # 預執行,測試執行 3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key rsyncd_server.yml # 執行
Ansible Galaxy
https://galaxy.ansible.com
———END———
如果覺得不錯就關註下唄 (-^O^-) !
