Ansible Roles
Ansible Roles基本概述
roles不管是Ansible还是saltstack,我在写一键部署的时候,都不可能把所有的步骤全部写入到一个'剧本'文件当中,我们肯定需要把不同的工作模块,拆分开来,解耦,那么说到解耦,我们就需要用到roles官方推荐,因为roles的目录结构层次更加清晰。
Ansible Roles目录结构
production # inventory file for production servers
staging # inventory file for staging environment
group_vars/
group1.yml # here we assign variables to particular groups
group2.yml
host_vars/
hostname1.yml # here we assign variables to particular systems
hostname2.yml
library/ # if any custom modules, put them here (optional)
module_utils/ # if any custom module_utils to support modules, put them here (optional)
filter_plugins/ # if any custom filter plugins, put them here (optional)
site.yml # master playbook
webservers.yml # playbook for webserver tier
dbservers.yml # playbook for dbserver tier
roles/
common/ # this hierarchy represents a "role"
tasks/ #任务 #
main.yml # <-- tasks file can include smaller files if warranted
handlers/ #触发器 #
main.yml # <-- handlers file
templates/ #带jinja变量的配置文件 # <-- files for use with the template resource
ntp.conf.j2 # <------- templates end in .j2
files/ #不带变量的配置文件和安装包等 #
bar.txt # <-- files for use with the copy resource
foo.sh # <-- script files for use with the script resource
vars/ #变量 #
main.yml # <-- variables associated with this role
defaults/ #优先级比较低的变量 #
main.yml # <-- default lower priority variables for this role
meta/ #依赖 #
main.yml # <-- role dependencies
library/ # roles can also include custom modules
module_utils/ # roles can also include custom module_utils
lookup_plugins/ # or other types of plugins, like lookup in this case
webtier/ # same kind of structure as "common" was above, done for the webtier role
monitoring/ # ""
fooapp/ # ""
开发环境
测试环境
- 性能测试
- 功能测试
预上线环境(Beta)
生产环境
使用ansible-galaxy创建roles
## 创建roles目录
ansible-galaxy init base
[root@m01 roles]# ll
total 0
drwxr-xr-x 10 root root 154 May 29 10:19 base
drwxr-xr-x 2 root root 6 May 29 10:21 group_vars
drwxr-xr-x 2 root root 6 May 29 10:21 host_vars
drwxr-xr-x 10 root root 154 May 29 10:18 keepalived
drwxr-xr-x 10 root root 154 May 29 10:18 lb
drwxr-xr-x 10 root root 154 May 29 10:16 mysql
drwxr-xr-x 10 root root 154 May 29 10:17 nfs-client
drwxr-xr-x 10 root root 154 May 29 10:17 nfs-server
drwxr-xr-x 10 root root 154 May 29 10:16 nginx
drwxr-xr-x 10 root root 154 May 29 10:17 rsync-cilent
drwxr-xr-x 10 root root 154 May 29 10:17 rsync-server
drwxr-xr-x 10 root root 154 May 29 10:18 wordpress-code
drwxr-xr-x 10 root root 154 May 29 10:18 wordpress-data
drwxr-xr-x 10 root root 154 May 29 10:18 wordpress-db
ansible roles实战
## 配置文件放入files目录
[root@m01 files]# vim lb.conf
upstream web {
server 172.16.1.7;
server 172.16.1.8;
}
server {
listen 80;
server_name _;
location / {
proxy_pass http://web;
proxy_set_header Host $http_host;
proxy_set_headex X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_bufer_size 32k;
proxy_buffers 4 128k;
}
}
# nginx
## 任务
[root@m01 roles]# vim nginx/tasks/main.yml
---
# tasks file for nginx
- name: 安装nginx
yum:
name: nginx
state: present
- name: 推送主配置文件
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart Nginx
- name: 启动nginx
service:
name: nginx
state: started
enabled: true
## 定义变量
[root@m01 tasks]# vim /tmp/ansible/roles/nginx/vars/main.yml
---
# vars file for nginx
user_group: 'www'
## 准备nginx主配置文件(修改为变量)
[root@m01 templates]# vim /tmp/ansible/roles/nginx/templates/nginx.conf.j2
## 触发器
[root@m01 handlers]# vim /tmp/ansible/roles/nginx/handlers/main.yml
---
# handlers file for nginx
- name: Restart Nginx
service:
name: nginx
state: restarted
# lb
## 依赖
[root@m01 meta]# vim /tmp/ansible/roles/lb/meta/main.yml
description:
- {role: nginx}
## 任务
[root@m01 meta]# vim /tmp/ansible/roles/lb/tasks/main.yml
---
# tasks file for lb
- name: 推送负载均衡配置文件
copy:
src: lb.conf
dest: /etc/nginx/conf.d/
notify: Restart Nginx
## 触发器
[root@m01 meta]# vim /tmp/ansible/roles/lb/handlers/main.yml
---
# handlers file for lb
- name: Restart Nginx
service:
name: nginx
state: restarted
## 配置lb.conf文件
[root@m01 meta]# vim /tmp/ansible/roles/lb/files/lb.conf
upstream web {
server 172.16.1.7;
server 172.16.1.8;
}
server {
listen 80;
server_name _;
location / {
proxy_pass http://web;
proxy_set_header Host $http_host;
proxy_set_headex X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_bufer_size 32k;
proxy_buffers 4 128k;
}
}
## 入口文件
[root@m01 roles]# vim /tmp/ansible/roles/site.yml
- hosts: all
roles:
- {role: lb,when: ansible_hostname is match 'web*'}
## 执行入口文件
[root@m01 ansible]# ansible-playbook roles/site.yml
ansible galaxy使用
# 查询ansible代码仓库
[root@m01 ~]# ansible-galaxy search nginx
# 下载代码仓库中的代码
[root@m01 ~]# ansible-galaxy collection install aaronpederson.nginx
ansible vault
# 加密
[root@m01 ansible]# ansible-vault encrypt site.yml
# 查看
[root@m01 ansible]# ansible-vault view site.yml
# 编辑
[root@m01 ansible]# ansible-vault edit site.yml
# 取消密码
[root@m01 ansible]# ansible-vault decrypt site.yml
# 修改密码
[root@m01 ansible]# ansible-vault rekey site.yml
gitee使用
# 1.安装git命令
[root@m01 ansible]# yum install -y git
#简易的命令行入门教程:
## Git 全局设置:
git config --global user.name "刘建源"
git config --global user.email "12996948+ljy1026@user.noreply.gitee.com"
## 创建 git 仓库:
mkdir ansible_roles # 创建目录
cd ansible_roles # 进入目录(进入写roles目录)
git init # 将目录初始化成git仓库
[root@m01 ansible]# ll -a ##执行完成后,会在目录下生成一个.git目录
total 0
drwxr-xr-x 6 root root 83 May 29 11:58 .
drwxrwxrwt. 8 root root 108 May 29 11:55 ..
drwxr-xr-x 7 root root 119 May 29 11:58 .git
drwxr-xr-x 2 root root 6 May 29 10:09 group_vars
drwxr-xr-x 2 root root 6 May 29 10:09 host_vars
drwxr-xr-x 16 root root 247 May 29 10:21 roles
-rw-r--r-- 1 root root 0 May 29 10:09 site.yaml
# 将该目录下的所有文件加入到git中
[root@m01 ansible]# git add .
## 查看git 状态
[root@m01 ansible]# git status
# 将代码提交到git仓库中
[root@m01 ansible]# git commit -m '第一次提交代码'
# 将码云仓库加入到本地
git remote add origin git@gitee.com:ljy1026/ansible_roles.git
# 将本地代码,推送到码云
git push -u origin "master"
[root@m01 ansible]# git push -u origin "master"
Counting objects: 44, done.
Compressing objects: 100% (17/17), done.
Writing objects: 100% (27/27), 4.55 KiB | 0 bytes/s, done.
Total 27 (delta 3), reused 0 (delta 0)
remote: Powered by GITEE.COM [GNK-6.4]
To git@gitee.com:ljy1026/ansible_roles.git
f728101..7ddb945 master -> master
Branch master set up to track remote branch master from origin.
### 每次更改完代码,建议
git add .
git commit -m '备注内容'
git push
## 拉代码
git clone git@gitee.com:ljy1026/ansible_roles.git
## 查看SSH公钥
cat ~/.ssh/id_rsa.pub