Ansible roles

roles不管是Ansible还是saltstack,我在写一键部署的时候,都不可能把所有的步骤全部写入到一个'剧本'文件当中,我们肯定需要把不同的工作模块,拆分开来,解耦,那么说到解耦,我们就需要用到roles官方推荐,因为roles的目录结构层次更加清晰。

例如:我们之前推荐大家写一个base.yml里面写所有基础优化的项目,其实把所有东西摞进去也是很鸡肋的,不如我们把这些功能全部拆分开,谁需要使用,就调用即可。

建议:每个roles最好只使用一个tasks这样方便我们去调用,能够很好的做到解耦。(SOA)

Ansible roles目录结构

官方推荐最佳实战目录结构定义方式

production                # inventory file for production servers

staging                   # inventory file for staging environment

group_vars/

   group1.yml             # here we assign variables to particular groups

   group2.yml

host_vars/

   hostname1.yml          # here we assign variables to particular systems

   hostname2.yml

library/                  # if any custom modules, put them here (optional)

module_utils/             # if any custom module_utils to support modules, put them here (optional)

filter_plugins/           # if any custom filter plugins, put them here (optional)

site.yml                  # master playbook

webservers.yml            # playbook for webserver tier

dbservers.yml             # playbook for dbserver tier

roles/

    common/               # this hierarchy represents a "role"

        tasks/            #

            main.yml      #  <-- tasks file can include smaller files if warranted

        handlers/         #

            main.yml      #  <-- handlers file

        templates/        #  <-- files for use with the template resource

            ntp.conf.j2   #  <------- templates end in .j2

        files/            #

            bar.txt       #  <-- files for use with the copy resource

            foo.sh        #  <-- script files for use with the script resource

        vars/             #

            main.yml      #  <-- variables associated with this role

        defaults/         #

            main.yml      #  <-- default lower priority variables for this role

        meta/             #

            main.yml      #  <-- role dependencies

        library/          # roles can also include custom modules

        module_utils/     # roles can also include custom module_utils

        lookup_plugins/   # or other types of plugins, like lookup in this case

    webtier/              # same kind of structure as "common" was above, done for the webtier role

    monitoring/           # ""

    fooapp/               # ""

roles目录结构使用galaxy创建

[root@m01 ~]# cd /etc/ansible/roles/

[root@m01 roles]# tree wordpress/

nfs/                #项目名称

├── defaults        #低优先级变量

├── files           #存放文件

├── handlers        #触发器文件

├── meta            #依赖关系文件

├── tasks           #工作任务文件

├── templates       #jinja2模板文件

├── tests           #测试文件

└── vars            #变量文件

Ansible roles依赖关系

roles允许你在使用roles时自动引入其他的roles。role依赖关系存储在role目录中meta/main.yml文件中。

例如:推送wordpress并解压,前提条件,必须要安装nginx和php,把服务跑起来,才能运行wordpress的页面,此时我们就可以在wordpress的roles中定义依赖nginx和php的roles

[root@m01 roles]# vim /etc/ansible/roles/wordpress/meta/main.yml

dependencies:

  - { role: nginx }

  - { role: php }


[root@m01 meta]# vim main.yml

dependencies:

  - { role: rsync_server }

如果编写了meta目录下的main.yml文件,那么Ansible会自动先执行meta目录中main.yml文件中的dependencies文件,如上所示,就会先执行nginx和php的安装。

Ansible Roles最佳实战

roles小技巧

1.创建roles目录结构,手动使用ansible-galaxy init test role

2.编写roles功能

3.在playbook中引用

使用roles重构rsync

1)规划目录结构

[root@m01 rsync]# cd /etc/ansible/roles/

[root@m01 roles]# ll

总用量 0

[root@m01 roles]# ansible-galaxy init rsync roles

- rsync was created successfully

[root@m01 roles]# tree

.

└── rsync

    ├── defaults

    │   └── main.yml

    ├── files

    ├── handlers

    │   └── main.yml

    ├── meta

    │   └── main.yml

    ├── README.md

    ├── tasks

    │   └── main.yml

    ├── templates

    ├── tests

    │   ├── inventory

    │   └── test.yml

    └── vars

        └── main.yml

2)定义roles主机清单

[root@m01 roles]# cat /etc/ansible/roles/hosts

[backup]

172.16.1.41

3)指定backup主机组,执行那个roles

[root@m01 roles]# cat /etc/ansible/roles/site.yml

- hosts: backup

  remote_user: root

  roles:

    - rsync

4)查看rsync角色的tasks任务

[root@m01 roles]# cat /etc/ansible/roles/rsync/tasks/main.yml

- name: Install Rsync Server

  yum: name=rsync state=present

- name: Configure Rsync Server

  copy:

    src: "{{ item.src }}"

    dest: /etc/"{{ item.dest }}"

    mode: "{{ item.mode }}"

  with_items:

    - {src: "rsyncd.conf", dest: "rsyncd.conf", mode: "0644"}

    - {src: "rsync.passwd", dest: "rsync.passwd", mode: "0600"}

  notify: Restart Rsync Server

- name: Start Rsync Server

  systemd:

    name: rsyncd

    state: started

    enabled: yes

5)查看rsync角色的handlers

[root@m01 roles]# cat /etc/ansible/roles/rsync/handlers/main.yml

- name: Restart Rsync Server

  service:

    name: rsyncd

    state: restarted

6)查看rsync角色的files目录

[root@m01 roles]#  ll /etc/ansible/roles/rsync/files/

total 8

-rw-r--r-- 1 root root 322 Nov 16 18:49 rsyncd.conf

-rw------- 1 root root  20 Nov 16 18:30 rsync.passwd

7)执行roles,使用-t指定执行测试rsync角色

[root@m01 roles]# ansible-playbook -i hosts  -t rsync site.yml

PLAY [backup] ********************************************************************************************

TASK [Gathering Facts] ********************************************************************************

ok: [172.16.1.41]

TASK [backup : Install Rsync Server] ***********************************************************************

ok: [172.16.1.41]

TASK [backup : Configure Rsync Server] *********************************************************************

ok: [172.16.1.41]

TASK [backup : Start Rsync Server] *************************************************************************

ok: [172.16.1.41]

PLAY RECAP ********************************************************************************************

172.16.1.41                : ok=5    changed=0    unreachable=0    failed=0

使用roles重构nfs

1)使用roles创建nfs服务,目录结构如下

[root@m01 roles]# tree /etc/ansible/roles

├── group_vars

│   └── all

├── hosts

├── nfs

│   ├── files

│   ├── handlers

│   │   └── main.yml

│   ├── tasks

│   │   └── main.yml

│   ├── templates

│   │   └── exports

│   └── vars

├── site.yml

2)定义roles主机清单

[root@m01 roles]# cat /etc/ansible/roles/hosts

[nfs]

172.16.1.31

3)指定nfs主机组,执行那个roles

[root@m01 roles]# cat /etc/ansible/roles/site.yml

- hosts: nfs

  remote_user: root

  roles:

    - nfs

  tags: nfs

4)查看nfs角色的tasks任务

[root@m01 roles]# cat /etc/ansible/roles/nfs/tasks/main.yml

- name: Install Nfs-Server

  yum:

    name:nfs-utils

    state: present

- name: Configure Nfs-Server

  template:

    src: exports

    dest: /etc/exports

  notify: Restart Nfs-Server

- name: Create Directory Data

  file:

    path: "{{ share_dir }}"

    state: directory

    owner: www

    group: www

    mode: 0755

- name: Start Nfs-Server

  systemd:

    name: nfs

    state: started

    enabled: yes

5)查看nfs角色的handlers

[root@m01 roles]# cat /etc/ansible/roles/nfs/handlers/main.yml

- name: Restart Nfs-Server

  systemd:

    name: nfs

    state: restarted

6)查看rsync 角色的files目录

[root@m01 roles]# cat /etc/ansible/roles/nfs/templates/exports

{{ share_dir }} {{ share_ip }}(rw,sync,all_squash,anonuid=666,anongid=666)

7)nfs对应的变量定义

[root@m01 roles]# cat /etc/ansible/roles/group_vars/all

#nfs

share_dir: /data

share_ip: 172.16.1.31

8)执行roles,使用-t指定执行nfs标签

[root@m01 roles]# ansible-playbook -i hosts  -t nfs site.yml

PLAY [nfs] ********************************************************************************************

TASK [Gathering Facts] ********************************************************************************

ok: [172.16.1.31]

TASK [nfs : Install Nfs-Server] ***********************************************************************

ok: [172.16.1.31]

TASK [nfs : Configure Nfs-Server] *********************************************************************

ok: [172.16.1.31]

TASK [nfs : Create Directory Data] ********************************************************************

ok: [172.16.1.31]

TASK [nfs : Start Nfs-Server] *************************************************************************

ok: [172.16.1.31]

PLAY RECAP ********************************************************************************************

172.16.1.31                : ok=5    changed=0    unreachable=0    failed=0

Ansible Galaxy

Galaxy是一个免费网站,类似于github网站,网站上基本都是共享roles,从Galaxy下载roles是最快启动项目方式之一。

Galaxy官方网站:https://galaxy.ansible.com/

ansible提供了一个命令ansible-galaxy,可以用来对roles项目进行初始化,查找,安装,移除等操作

[root@m01 roles]# ansible-galaxy --help

Usage: ansible-galaxy [delete|import|info|init|install|list|login|remove|search|setup] [--help] [options] ...

Perform various Role related operations.

Options:

  -h, --help            show this help message and exit

  -c, --ignore-certs    Ignore SSL certificate validation errors.

  -s API_SERVER, --server=API_SERVER

                        The API server destination

  -v, --verbose         verbose mode (-vvv for more, -vvvv to enable

                        connection debugging)

  --version             show program's version number, config file location,

                        configured module search path, module location,

                        executable location and exit

 See 'ansible-galaxy <command> --help' for more information on a specific

command.

使用galaxy搜索项目

[root@m01 roles]# ansible-galaxy search openvpn

Found 103 roles matching your search:

 Name                                      Description

 ----                                      -----------

 AdrienKuhn.fail2ban                       Configure fail2ban jails

 AdrienKuhn.ufw                            Configure firewall with UFW

 alexiscangelosi.openvpn                   Ansible role openvpn

 andrelohmann.easy_rsa                     ansible galaxy role to deploy easy-rsa

 andrelohmann.openvpn                      ansible galaxy role to deploy an openvpn server

 antoniobarbaro.openvpn-client             Install openvpn client, configure and start service

 arillso.openvpn                           Configurate your OpenVPN Client

 asm0dey.ansible_role_openvpn              OpenVPN playbook for CentOS/Fedora/RHEL/RHEL clones & Ubuntu/Debian

 barbudone.pritunl_server                  Pritunl for EL Linux.

 blaet.openvpn                             OpenVPN playbook for CentOS/Fedora/RHEL/RHEL clones & Ubuntu/Debian

 bmcclure.pia                              Manages Private Internet Access VPN utilizing the AUR and openvpn on Archlinux

 borkenpipe.ansible_openvpn                OpenVPN with PKI for Ubuntu/Debian

 borkenpipe.openvpn                        Install OpenVPN for us with AWS bastions.

 borkenpipe.stouts_openvpn                 Manage OpenVPN server

 cinject.openvpn                           Openvpn role

 clvx.easy-rsa                             Role to generate an openvpn pki.

 clvx.openvpn                              Role to deploy server and openvpn clients.

 cornfeedhobo.openvpn                      Install and manage OpenVPN

 d3atiq.openvpn_client                     A role for automatic managed connection to OpenVPN VPN.

 danrabinowitz.openvpn_for_access          This role provisions an OpenVPN server. This server is NOT designed for routing all traffic from the client. It is for granting access to the server, so that ssh (for example) can be allowed ONLY

 dresden-weekly.openvpn                    collection of Ansible roles to run OpenVPN.

 edeckers.openvpn-ldap                     Installs an OpenLDAP backed OpenVPN-server

 egeneralov.openvpn                        Provision openvpn servers

 ehime.openvpn                             OpenVPN playbook for CentOS/Fedora/RHEL/RHEL clones & Ubuntu/Debian

 escapace.ansible_openvpn                  openvpn role

 gavika.easy_rsa                           Install and configure EasyRSA

 gavika.openvpn                            Role to install and configure OpenVPN server and generate client configurations

 gregorydulin.ansible_role_openvpn         OpenVPN playbook for CentOS/Fedora/RHEL/RHEL clones & Ubuntu/Debian

 grycap.openvpn                            Install OpenVPN to create hybrid clusters with EC3

 iamsudipt.openvpn                         OpenVpn ansible role for creating a secure tunnel to your private infra.

 icasimpan.ansible_role_openvpn            OpenVPN playbook for CentOS/Fedora/RHEL/RHEL clones & Ubuntu/Debian

 ieguiguren.nordvpn                        downloads NordVPN servers' list and set it up

 indigo-dc.openvpn                         Install OpenVPN to create hybrid clusters with EC3

 indix.openvpn-ops                         This repo can be used to create a openvpn server.

 iroquoisorg.openvpn                       manage openvpn server

 iroquoisorg.openvpn_client                install openvpn client

 jtyr.openvpn                              Role which helps to install and configure OpenVPN server.

 juju4.openvpnclient                       setup openvpn as client

 kbrebanov.openvpn                         Installs and configures OpenVPN

 kbrebanov.openvpn_as                      Installs and configures OpenVPN Access Server

 kharkevich.pritunl                        Deploy pritunl: Enterprise Distributed OpenVPN and IPsec Server.

 kostyrevaa.openvpn                        Installs and configures openvpn client

 kyl191.openvpn                            OpenVPN playbook for CentOS/Fedora/RHEL/RHEL clones & Ubuntu/Debian

 leafnode.openvpn_client                   install openvpn client

 linuxhq.iproute                           RHEL/CentOS - Advanced IP routing and network device configuration tools

 linuxhq.openvpn_client                    RHEL/CentOS - The Open Source VPN (client)

查看详细信息

[root@m01 roles]# ansible-galaxy info kostyrevaa.openvpn

Role: kostyrevaa.openvpn

        description: Installs and configures openvpn client

        active: True

        commit:

        commit_message:

        commit_url:

        company:

        created: 2015-08-17T18:13:15.551754Z

        download_count: 20

        forks_count: 0

        github_branch: master

        github_repo: ansible-openvpn

        github_user: kostyrev

        id: 4798

        imported: None

        is_valid: True

        issue_tracker_url: https://github.com/kostyrevaa/ansible-openvpn/issues

        license: license (GPLv3)

        min_ansible_version: 1.2

        modified: 2018-04-13T06:31:20.195475Z

        open_issues_count: 0

        path: (u'/root/.ansible/roles', u'/usr/share/ansible/roles', u'/etc/ansible/roles')

        role_type: ANS

        stargazers_count: 0

        travis_status_url:

安装项目

[root@m01 roles]# ansible-galaxy install kyl191.openvpn

- downloading role 'openvpn', owned by kyl191

Ansible--06 ansible roles的更多相关文章

  1. 4、Ansible(tags、roles)

    Tags https://docs.ansible.com/ansible/latest/user_guide/playbooks_tags.html http://www.zsythink.net/ ...

  2. ansible基础-ansible角色的使用

    ansible基础-ansible角色的使用 作者:尹正杰  版权声明:原创作品,谢绝转载!否则将追究法律责任. 我们建议把多个节点都会用到的功能将其定义模块,然后谁要用到该模块就直接调用即可!而在a ...

  3. ansible配置文件 ansible.cfg的一点说明

    ansible配置文件 ansible.cfg的一点说明 > ansible --version ansible 2.1.1.0 config file = /etc/ansible/ansib ...

  4. 什么是 Ansible - 使用 Ansible 进行配置管理

    [注]本文译自:https://www.edureka.co/blog/what-is-ansible/   Ansible 是一个开源的 IT 配置管理.部署和编排工具.它旨在为各种自动化挑战提供巨 ...

  5. Ansible系列之roles使用说明

    roles(角色)介绍 ansible自1.2版本开始引入的新特性,用于层次性,结构化地组织playbook.roles能够根据层次型结构自动装载变量文件.tasks以及handlers等.要使用ro ...

  6. devops工具-Ansible进阶playbook&roles

    一.playbook介绍     playbook 是 Ansible 管理配置.部署应用的核心所在,一个playbook由有多“play组成”,而一个play实际就是一个task,每个task是由多 ...

  7. 自动化运维工具——ansible模板与roles(四)

    一. 模板Templates 文本文件,嵌套有脚本(使用模板编程语言编写) Jinja2语言,使用字面量,有下面形式 字符串:使用单引号或双引号 数字:整数,浮点数 列表:[item1, item2, ...

  8. linux中级之ansible配置(roles)

    一.roles介绍 什么情况下用到roles? 假如我们现在有3个被管理主机,第一个要配置成httpd,第二个要配置成php服务器,第三个要配置成MySQL服务器.我们如何来定义playbook? 第 ...

  9. Ansible之ansible-playbook roles

    刚开始学习运用 playbook 时,可能会把 playbook 写成一个很大的文件,到后来可能你会希望这些文件是可以方便去重用的,所以需要重新去组织这些文件. 基本上,使用 include 语句引用 ...

  10. ansible使用4-Playbook Roles and Include Statements

    task include --- # possibly saved as tasks/foo.yml - name: placeholder foo command: /bin/foo - name: ...

随机推荐

  1. CS184.1X 计算机图形学导论(第五讲)

    一.观察:正交投影 1.特性:保持平行线在投影后仍然是平行的 2.一个长方体,对处在只有深度不同的位置上的同一物体来说,它的大小不会改变. 3.透视投影:平行线在远处会相交(例如铁轨) 4.glOrt ...

  2. Zen Coding – 超快地写网页代码(注:已更名为Emmet)

    这篇博客能帮助快速上手这款插件,极大地提高开发效率废话不多说直接上例子 zen codeing的缩写规则 E 元素名 (div, p); 实例:(输入完<按快捷键ctrl+E>就会显示) ...

  3. MongoDB 存储引擎选择

    MongoDB存储引擎选择 MongoDB存储引擎构架 插件式存储引擎, MongoDB 3.0引入了插件式存储引擎API,为第三方的存储引擎厂商加入MongoDB提供了方便,这一变化无疑参考了MyS ...

  4. 如何解决拖拽或者缩放、移动中的组件canvas有残留情况

    当我们在做某些需求,如要拖动echarts图表,或者放大缩小 这个时候,有时连续操作,或者在ie或者内存只有8G的电脑上就会出现canvs残留的情况 我们移动的时候,使用的是transform去做的移 ...

  5. CentOS7.5 开启Samba服务

    安装 yum install samba 其依赖关系包samba-client samba-common会自动安装上去 查看状态 service smb status 重启服务systemctl re ...

  6. springboot支持webSocket和stomp实现消息订阅通知示例

    先导入支持websocket的jar包,这里用Gradle构建的项目: dependencies { compile('org.springframework.boot:spring-boot-sta ...

  7. 终极解决方案: Invalid character found in the request target.

    终极解决方案:(导出可能出现) 我的tomcat版本是8.5.32,导出时遇到以下报错. 报错日志: Invalid character found in the request target. Th ...

  8. 趣头条基于 Flink 的实时平台建设实践

    本文由趣头条实时平台负责人席建刚分享趣头条实时平台的建设,整理者叶里君.文章将从平台的架构.Flink 现状,Flink 应用以及未来计划四部分分享. 一.平台架构 1.Flink 应用时间线 首先是 ...

  9. spring-cloud:熔断监控Hystrix Dashboard和Turbine的示例

    1.运行环境 开发工具:intellij idea JDK版本:1.8 项目管理工具:Maven 4.0.0 2.GITHUB地址 https://github.com/nbfujx/springCl ...

  10. linux 基础命令总结

    1.mkdir 创建目录 -p 创建多级目录 mkdir -p /data/test -m, --mode=模式 设置权限模式(类似chmod),而不是rwxrwxrwx 减umask -p, --p ...