2020年09月27日(第三十四课)
一、Ansible Roles简介
1.概述
roles不管是Ansible还是saltstack,我在写一键部署的时候,都不可能把所有的步骤全部写入到一个'剧本'文件当中,我们肯定需要把不同的工作模块,拆分开来,解耦,那么说到解耦,我们就需要用到roles官方推荐,因为roles的目录结构层次更加清晰。
例如:我们之前推荐大家写一个base.yml里面写所有基础优化的项目,其实把所有东西摞进去也是很鸡肋的,不如我们把这些功能全部拆分开,谁需要使用,就调用即可。
建议:每个roles最好只使用一个tasks这样方便我们去调用,能够很好的做到解耦。(SOA)
2.目录结构
![1601167802682]()
production # inventory file for production servers
staging # inventory file for staging environment
group_vars/
group1.yml # here we assign variables to particular groups
group2.yml
host_vars/
hostname1.yml # here we assign variables to particular systems
hostname2.yml
library/ # if any custom modules, put them here (optional)
module_utils/ # if any custom module_utils to support modules, put them here (optional)
filter_plugins/ # if any custom filter plugins, put them here (optional)
site.yml # master playbook
webservers.yml # playbook for webserver tier
dbservers.yml # playbook for dbserver tier
roles/
common/ # this hierarchy represents a "role"
tasks/ #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #
main.yml # <-- handlers file
templates/ # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #
main.yml # <-- variables associated with this role
defaults/ #
main.yml # <-- default lower priority variables for this role
meta/ #
main.yml # <-- role dependencies
library/ # roles can also include custom modules
module_utils/ # roles can also include custom module_utils
lookup_plugins/ # or other types of plugins, like lookup in this case
webtier/ # same kind of structure as "common" was above, done for the webtier role
monitoring/ # ""
fooapp/ # ""
3.创建roles目录
1)手动创建
[root@m01 ~]# mkdir /project
[root@m01 ~]# cd /project/
[root@m01 /project]# touch site.yml
[root@m01 /project]# mkdir roles
[root@m01 /project]# cd roles/
[root@m01 /project/roles]# mkdir {nginx,php,myriadb,nfs-server,nfs-client}
2)使用命令创建
[root@m01 /project/roles]# ansible-galaxy init nginx
- Role nginx was created successfully
[root@m01 /project/roles]# tree ./
./
├── mariadb
├── nfs-client
├── nfs-server
├── nginx
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
└── php
13 directories, 8 files
[root@m01 /project/roles]#
4.Ansible Roles 依赖
roles允许你再使用roles时自动引入其他的roles。role依赖关系存储在roles目录中meta/main.yml文件中。
例如:推送wordpress并解压,前提条件,必须要安装nginx和php,把服务跑起来,才能运行wordpress的页面,此时我们就可以在wordpress的roles中定义依赖nginx和php的roles
[root@m01 roles]# vim /etc/ansible/roles/wordpress/meta/main.yml
dependencies:
- { role: nginx }
- { role: php }
如果编写了meta目录下的main.yml文件,那么Ansible会自动先执行meta目录中main.yml文件中的dependencies文件,如上所示,就会先执行nginx和php的安装。
二、playbook重构
1.配置主机清单和hosts
1)主机清单
[root@m01 ~]# cat /etc/ansible/hosts
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'
[slb]
lb01 ansible_ssh_pass='1'
lb02 ansible_ssh_pass='1'
[db_group]
db01 ansible_ssh_pass='1'
[nfs_server]
nfs ansible_ssh_pass='1'
[backup_server]
backup ansible_ssh_pass='1'
[nginx_group:children]
web_group
slb
[nfs_group:children]
nfs_server
web_group
[nginx_group:vars]
web=host_vars
2)hosts文件
[root@m01 ~]# vim /etc/hosts
172.16.1.4 lb01
172.16.1.5 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.31 nfs
172.16.1.41 backup
172.16.1.51 db01
2.配置优化部分
1)创建优化部分的roles结构
[root@m01 ~]# mkdir /project
[root@m01 ~]# cd /project/
[root@m01 /project]# touch site.yml
[root@m01 /project]# mkdir roles
[root@m01 /project]# cd roles/
[root@m01 /project/roles]# ansible-galaxy init base
- Role base was created successfully
2)准备优化的文件
[root@m01 /project/roles]# cd base/files/
[root@m01 /project/roles/base/files]# cp /etc/yum.repos.d/* ./
[root@m01 /project/roles/base/files]# cp /etc/sysctl.conf ./
3)编写playbook
[root@m01 /project/roles/base/files]# cd ..
[root@m01 /project/roles/base]# vim tasks/main.yml
- name: Stop Selinux
selinux:
state: disabled
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
- name: Create www Group
group:
name: www
gid: 666
- name: Create www User
user:
name: www
group: www
uid: 666
shell: /sbin/nologin
create_home: no
- name: Install Unzip Server
yum:
name: unzip
state: present
3.安装nginx部分
1)创建Roles结构
[root@m01 /project/roles]# ansible-galaxy init nginx
- Role nginx was created successfully
2)准备文件
[root@m01 /project/roles/nginx]# cp /root/conf/nginx.conf ./files/
[root@m01 /project/roles/nginx]# cp /etc/yum.repos.d/nginx.repo ./files/
3)编写palybook
[root@m01 /project/roles/nginx]# cat tasks/main.yml
- name: Copy nginx Repo
copy:
src: nginx.repo
dest: /etc/yum.repos.d/
- name: Install Nginx Server
yum:
name: nginx
state: present
- name: Config Nginx Server
copy:
src: nginx.conf
dest: /etc/nginx/
notify: restart_nginx
- name: Start Nginx Server
systemd:
name: nginx
state: started
4)编写触发器
[root@m01 /project/roles/nginx]# vim handlers/main.yml
- name: restart_nginx
systemd:
name: nginx
state: restarted
4.安装php
1)创建roles结构
[root@m01 /project/roles]# ansible-galaxy init php
- Role php was created successfully
2)准备php的文件
[root@m01 /project/roles]# cp /root/package/php.tar.gz php/files/
[root@m01 /project/roles]# cp /root/conf/php.ini php/files/
[root@m01 /project/roles]# cp /root/conf/www.conf php/files/
3)编写playbook
[root@m01 /project/roles]# cat php/tasks/main.yml
- name: Tar php.tar.gz
unarchive:
src: php.tar.gz
dest: /tmp/
- name: Install PHP Server
shell: "yum localinstall -y /tmp/*.rpm"
- name: Config PHP Server
copy:
src: php.ini
dest: /etc/
notify: restart_php
- name: Config PHP Server
copy:
src: www.conf
dest: /etc/php-fpm.d/
notify: restart_php
- name: Start PHP Server
systemd:
name: php-fpm
state: started
4)编写触发器
[root@m01 /project/roles]# vim php/handlers/main.yml
- name: restart_php
systemd:
name: php-fpm
state: restarted
5.安装mariadb
1)创建目录结构
[root@m01 /project/roles]# ansible-galaxy init mariadb
- Role mariadb was created successfully
2)配置playbook
[root@m01 /project/roles]# vim mariadb/tasks/main.yml
- name: Install Mariadb Server
yum:
name: "{{ item.name }}"
state: present
with_items:
- { name: mariadb-server }
- { name: MySQL-python }
- name: Start Mariadb Server
systemd:
name: mariadb
state: started
enabled: yes
6.搭建博客
1)创建结构
[root@m01 /project/roles]# ansible-galaxy init wordpress
- Role wordpress was created successfully
2)准备文件
[root@m01 /project/roles]# cp /root/conf/linux.wp.com.conf ./wordpress/files/
[root@m01 /project/roles]# cd wordpress/files/
[root@m01 /project/roles/wordpress/files]# rz wordpress.tar.gz
[root@m01 /project/roles/wordpress/files]# cp /root/conf/wp-config.php ./
3)编写playbook
#安装wordpress部分
[root@m01 /project/roles/wordpress]# cat tasks/main.yml
- name: Mkdir code
file:
path: /code
state: directory
owner: www
group: www
- name: Tar wordpress.tar.gz
unarchive:
src: wordpress.tar.gz
dest: /code/
owner: www
group: www
recurse: yes
- name: Config wordpress conf
copy:
src: linux.wp.com.conf
dest: /etc/nginx/conf.d/
notify: restart_wp_nginx
4)编写触发器
[root@m01 /project/roles/wordpress]# vim handlers/main.yml
- name: restart_wp_nginx
systemd:
name: nginx
state: restarted
5)编写建库palybook
#建库的目录结构
[root@m01 /project/roles]# ansible-galaxy init database
- Role database was created successfully
#编写playbook
[root@m01 /project/roles]# vim database/tasks/main.yml
- name: Create worpdress Database
mysql_db:
name: wordpress
state: present
- name: Create wp Database User
mysql_user:
name: "wp"
host: "172.16.1.%"
password: '123456'
priv: "wordpress.*:ALL"
state: present
7.负载均衡
1)创建结构
[root@m01 /project/roles]# ansible-galaxy init slb
- Role slb was created successfully
2)准备文件
[root@m01 /project/roles]# cp /root/conf/proxy.j2 ./slb/templates/
[root@m01 /project/roles]# cp /root/conf/proxy_params ./slb/files/
3)编写playbook
[root@m01 /project]# vim roles/slb/tasks/main.yml
- name: Config slb Server
template:
src: proxy.j2
dest: /etc/nginx/conf.d/proxy.conf
notify: restart_slb
- name: Copy proxy_params
copy:
src: proxy_params
dest: /etc/nginx/
- name: Start Web Nginx Server
systemd:
name: nginx
state: started
enabled: yes
4)编写触发器
[root@m01 /project/roles]# vim slb/handlers/main.yml
- name: restart_slb
systemd:
name: nginx
state: restarted
5)配置依赖
[root@m01 /project/roles]# vim slb/meta/main.yml
dependencies:
- { role: nginx }
8.配置高可用
1)创建结构目录
[root@m01 /project/roles]# ansible-galaxy init keepalived
- Role keepalived was created successfully
2)准备文件
[root@m01 /project/roles]# cp /root/conf/keepalived.j2 ./keepalived/templates/
3)编写palybook
[root@m01 /project/roles]# vim keepalived/tasks/main.yml
- name: Install keepalived
yum:
name: keepalived
state: present
- name: Config keepalive
template:
src: keepalived.j2
dest: /etc/keepalived/keepalived.conf
- name: Start keepalived
systemd:
name: keepalived
state: restarted
9.配置总调用
[root@m01 /project]# vim site.yml
- hosts: all
roles:
- role: base
- role: nginx
when: ansible_fqdn is match "web*"
- role: php
when: ansible_fqdn is match "web*"
- role: mariadb
when: ansible_fqdn == "db01"
- role: database
when: ansible_fqdn == "db01"
- role: wordpress
when: ansible_fqdn is match "web*"
- role: slb
when: ansible_fqdn is match "lb*"
- role: keepalived