I. Preface
About roles
Roles can be automatically installed in variable files, tasks, handlers, etc. according to the hierarchical structure. To use roles, you only need to use the include instruction in the playbook. In short, roles is a mechanism that can easily include variables, files, tasks, templates and processors by placing them in separate directories. Roles are generally used in scenarios of building services based on hosts, but they can also be used in scenarios such as building daemons.
roles are recommended in some complex scenarios, with high code reuse:
Change the specified host or host group
The last blog is about the use and practice of playbooks. I believe I can realize that in playbooks, it's very messy to put all the operation modules in one file. Now there are roles.
In fact, the role of roles is to split the playbook into separate files, which is more structured
roles directory structure and its function
each role, organized in a specific hierarchical directory structure
roles/project/ # Project name, with the following subdirectories
tasks/ # To define the basic elements of task and role, at least one file named main.yml should be included; other files need to be included in this file through include
files/ # Store files called by copy or script modules, etc
vars/ # To define variables, at least one file named main.yml should be included; other files need to be included in this file
templates/ # The template module finds the directory of the required template file
handlers/ # At least one file named main.yml should be included; other files need to be included in this file
default/ # Use the main.yml file in this directory when setting default variables
meta/ # To define the special settings and dependencies of the current role, at least one file named main.yml should be included. Other files should be included in this file through includemain.yml Master file,yesProgram entrypiece
Voice over ~~~
vim batch processing text information: CTRL + V > capital I > content to be added in batch > ESC
2, The process of creating roles -- Taking httpd as an example
Broken thoughts ~
. j2 presentation template
src does not need to write path, because it is stored in template by default
That special static file is stored in files
Template store template
notify: restart httpd trigger
Character priority is higher than playbook
1. Prepare for ansible's first blog
2. Create role directory
[devops@server1 ansible]$ cat hosts [server] 172.25.28.1 [seb] 172.25.28.2 [db] 172.25.28.3 [devops@server1 ansible]$ mkdir roles #Create role directory [devops@server1 ansible]$ vim ansible.cfg #Put the directory under the default read path [defaults] inventory = ./hosts roles_path =./roles #Add this directory [privilege_escalation] become=True become_method=sudo become_user=root become_ask_pass=False
You can show the roles listed:
[devops@server1 ansible]$ pwd /home/devops/ansible [devops@server1 ansible]$ ansible-galaxy list #List roles # /home/devops/ansible/roles
Automatically initialize and generate roles and files (you can also create your own)
[devops@server1 ansible]$ ls ansible.cfg hosts roles [devops@server1 ansible]$ cd roles/ [devops@server1 roles]$ ansible-galaxy init apache #Automatically initialize build roles and files - Role apache was created successfully
You can see the character you just created
[devops@server1 roles]$ cd .. [devops@server1 ansible]$ ansible-galaxy list #Viewing roles # /home/devops/ansible/roles - apache, (unknown version) [devops@server1 apache]$ ls defaults files handlers meta README.md tasks templates vars
The function of sudo: when the root user operates, he does not want to switch back. At this time, using sudo + command, he can execute after using the root user, and do not switch back
View tree structure
[devops@server1 apache]$ sudo yum install tree -y
Next, edit the created role file:
1. Edit task first
[devops@server1 tasks]$ pwd /home/devops/ansible/roles/apache/tasks [devops@server1 tasks]$ ls main.yml [devops@server1 tasks]$ vim main.yml
[devops@server1 roles]$ cat apache/tasks/main.yml
---
- name: install apache
yum:
name: httpd
state: present
- name: config apache
template:
src: httpd.conf
dest: /etc/httpd/conf/httpd.conf
notify: restart httpd
- name: start apache
service:
name: httpd
state: started
- name: copy index.html
copy:
src: index.html
dest: /var/www/html/index.htmlBecause the tasks file contains the default publishing directory, write index.html in the files
[devops@server1 files]$ pwd /home/devops/ansible/roles/apache/files [devops@server1 files]$ cat index.html Hello world~~~~
2. Write trigger: (about trigger: in fact, it is equivalent to a function. Call the trigger content through the notify interface in task)
[devops@server1 apache]$ cd handlers/
[devops@server1 handlers]$ ls
main.yml
[devops@server1 apache]$ cd handlers/
[devops@server1 handlers]$ ls
main.yml
[devops@server1 handlers]$ cat main.yml
---
# handlers file for apache
- name: restart httpd
service:
name: httpd
state: restarted
[devops@server1 handl3. Edit template file:
[devops@server1 ~]$ cd ansible/ [devops@server1 ansible]$ ls ansible.cfg hosts roles [devops@server1 ansible]$ cd roles/apache/templates/ #First copy an httpd configuration file from the host with the httpd service [devops@server1 templates]$ scp 172.25.28.2:/etc/httpd/conf/httpd.conf . httpd.conf 100% 11KB 5.9MB/s 00:00 [devops@server1 templates]$ ls httpd.conf #Generate template file [devops@server1 templates]$ cp httpd.conf httpd.conf.j2 [devops@server1 templates]$ ls httpd.conf httpd.conf.j2
4. Write a file to store variables:
[devops@server1 apache]$ cd vars/
[devops@server1 vars]$ ls
main.yml
[devops@server1 apache]$ cat vars/main.yml
---
# vars file for apache
http_host: "{{ ansible_hostname }}"
#Note: variables are enclosed in double quotation marks. Here, the host references variables and port numbers, which are defined in playbooks
To view the created roles:
[devops@server1 roles]$ ansible-galaxy list # /usr/share/ansible/roles # /etc/ansible/roles [WARNING]: - the configured path /home/devops/.ansible/roles does not exist.
Failure ~
You have to look at the same level of the roles directory, and see the success of the bottom ~~~~
[devops@server1 roles]$ cd .. [devops@server1 ansible]$ ansible-galaxy list #You have to look at it in the same level as roles # /home/devops/ansible/roles - apache, (unknown version)
After the role is created, write the playbook file for different needs in the future
[devops@server1 ansible]$ vim apache.yml
[devops@server1 ansible]$ cat apache.yml
---
- hosts: web
vars:
- http_port: 8080
roles:
- apacheNote: here, the port number is defined by itself
Execute playbook:
[devops@server1 ansible]$ ansible-playbook apache.yml [WARNING]: Could not match supplied host pattern, ignoring: web PLAY [web] ********************************************************************* skipping: no hosts matched PLAY RECAP ********************************************************************* [devops@server1 ansible]$ ls ansible.cfg apache.yml hosts roles [devops@server1 ansible]$ vim hosts [devops@server1 ansible]$ ansible-playbook apache.yml PLAY [web] ********************************************************************* TASK [Gathering Facts] ********************************************************* ok: [172.25.28.2] TASK [apache : install apache] ************************************************* ok: [172.25.28.2] TASK [apache : config apache] ************************************************** ok: [172.25.28.2] TASK [apache : start apache] *************************************************** ok: [172.25.28.2] TASK [apache : copy index.html] ************************************************ changed: [172.25.28.2] PLAY RECAP ********************************************************************* 172.25.28.2 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Check, release directory by default, success ~~~
3, Deploy zabbix
Deploy zabbix, which is composed of three parts, so it is created by roles.
hosts file
[devops@server1 ansible]$ cat hosts [server] 172.25.28.2 [web] 172.25.28.3 [db] 172.25.28.1 [zabbix:children] db server web
1. Writing the role of maridb
[devops@server1 roles]$ ansible-galaxy init mariadb - Role mariadb was created successfully [devops@server1 roles]$ cd mariadb/ [devops@server1 mariadb]$ rm -rf tests/ [devops@server1 mariadb]$ ls defaults files handlers meta README.md tasks templates vars [devops@server1 mariadb]$ vim tasks/main.yml
tasks:
[devops@server1 mariadb]$ cat tasks/main.yml
---
- name: install mariadb
yum:
name: mariadb-server,MySQL-python
state: present
- name: config mariadb #Configuration database file
copy:
src: my.cnf
dest: /etc/my.cnf
notify: restart mariadb
- name: start mariadb server #Open database
service:
name: mariadb
state: started
- name: create database #Create database
mysql_db:
name: zabbix
state: present
notify: import database
- name: create zabbix user #Create database user
mysql_user:
name: zabbix
hosts: '%'
password: zabbix
privL 'zabbix.*:ALL'
state: present
Trigger file
[devops@server1 mariadb]$ cat handlers/main.yml
---
# handlers file for mariadb #Trigger, function: restart database
- name: restart mariadb
service:
name: mariadb
state: restarted
- name: import database #Import database file
mysql_db:
name: zabbix
state: import
target: /tmp/create.sql.gz
Configure the local yum source on the host, and transfer the configuration file of ZABBIX server Mysql to the server
[root@server2 yum.repos.d]# cat zabbix.repo [zabbix] name:zabbix 4.0 baseurl=http://172.25.28.250/4.0 gpgcheck=0 [root@server2 yum.repos.d]# cat yum.repo [rhel7.5] baseurl=http://172.25.28.250/iso gpgcheck=0 name=rhel7.5 [root@server2 yum.repos.d]# yum install -y zabbix-server-mysql [root@foundation28 4.0]# pwd /var/www/html/4.0 [root@foundation28 4.0]# ls fping-3.10-1.el7.x86_64.rpm iksemel-1.4-2.el7.centos.x86_64.rpm php-5.4.16-46.el7.x86_64.rpm php-bcmath-5.4.16-42.el7.x86_64.rpm php-bcmath-5.4.16-46.el7.x86_64.rpm php-cli-5.4.16-46.el7.x86_64.rpm php-common-5.4.16-46.el7.x86_64.rpm php-gd-5.4.16-46.el7.x86_64.rpm php-ldap-5.4.16-46.el7.x86_64.rpm php-mbstring-5.4.16-42.el7.x86_64.rpm php-mbstring-5.4.16-46.el7.x86_64.rpm php-mysql-5.4.16-46.el7.x86_64.rpm php-pdo-5.4.16-46.el7.x86_64.rpm php-xml-5.4.16-46.el7.x86_64.rpm repodata zabbix-agent-4.0.5-1.el7.x86_64.rpm zabbix-get-4.0.5-1.el7.x86_64.rpm zabbix-java-gateway-4.0.5-1.el7.x86_64.rpm zabbix-proxy-mysql-4.0.5-1.el7.x86_64.rpm zabbix-sender-4.0.5-1.el7.x86_64.rpm zabbix-server-mysql-4.0.5-1.el7.x86_64.rpm zabbix-web-4.0.5-1.el7.noarch.rpm zabbix-web-mysql-4.0.5-1.el7.noarch.rpm [root@foundation28 4.0]# createrepo . Spawning worker 0 with 6 pkgs Spawning worker 1 with 6 pkgs Spawning worker 2 with 5 pkgs Spawning worker 3 with 5 pkgs Workers Finished Saving Primary metadata Saving file lists metadata Saving other metadata Generating sqlite DBs Sqlite DBs complete
Copy a copy of zabbix's configuration file to server1 for configuration~~
[root@server2 yum.repos.d]# cd /usr/share/doc/ [root@server2 doc]# cd zabbix-server-mysql-4.0.5/ [root@server2 zabbix-server-mysql-4.0.5]# ls AUTHORS ChangeLog COPYING create.sql.gz NEWS README [root@server2 zabbix-server-mysql-4.0.5]# ll create.sql.gz -rw-r--r-- 1 root root 1310611 Feb 25 2019 create.sql.gz [root@server2 zabbix-server-mysql-4.0.5]# scp create.sql.gz 172.25.28./home/devops/ansible/roles/mariadb/files root@172.25.28.1's password: create.sql.gz 100% 1280KB 3.3MB/s 00:00
Configuration database character set:
[devops@server1 mariadb]$ cp /etc/my.cnf files/ [devops@server1 mariadb]$ cd files/ [devops@server1 files]$ ls create.sql.gz my.cnf [devops@server1 files]$ vim my.cnf [devops@server1 files]$ cat my.cnf [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mariadb according to the # instructions in http://fedoraproject.org/wiki/Systemd character_set_server=utf8 [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid # # include all files from the config directory # !includedir /etc/my.cnf.d
After mariadb is written, you can test the zabbix.yml file first:
[devops@server1 ansible]$ cat zabbix.yml
---
- hosts: zabbix
roles:
- role: mariadb
when: ansible_hostname == "server1"
