Detailed explanation of Ansible Roles and practical cases
Host planning
Add user account
explain:
1. Login account used by operation and maintenance personnel;
2. All businesses are placed in the "home directory of yun users" under / app / to avoid misplacement of business data;
3. This user is also used by ansible, because almost all production environments prohibit root remote login (so the yun user also performs sudo authorization).
1 # Use a dedicated user and avoid using root directly 2 # Add user, specify home directory and specify user password 3 # sudo right 4 # Allow other ordinary users to enter the directory to view information 5 useradd -u 1050 -d /app yun && echo '123456' | /usr/bin/passwd --stdin yun 6 echo "yun ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers 7 chmod 755 /app/
Ansible configuration list Inventory
After that, the article is the following host configuration list
1 [yun@ansi-manager ansible_info]$ pwd 2 /app/ansible_info 3 [yun@ansi-manager ansible_info]$ cat hosts_key 4 # Mode 1. Host + port + secret key 5 [manageservers] 6 172.16.1.180:22 7 8 [proxyservers] 9 172.16.1.18[1:2]:22 10 11 # Mode 2: alias + Host + port + Password 12 [webservers] 13 web01 ansible_ssh_host=172.16.1.183 ansible_ssh_port=22 14 web02 ansible_ssh_host=172.16.1.184 ansible_ssh_port=22 15 web03 ansible_ssh_host=172.16.1.185 ansible_ssh_port=22
Basic overview of Ansible Roles
I've learned variables, tasks and handlers before, so how to organize playbook s is the best way?
The simple answer is: use roles. Roles is based on a known file structure to automatically load some vars, files, tasks and handlers. So that playbook can be called better. Compared with playbook, the structure of roles is more clear and hierarchical.
If: no matter what software we install, we will install the time synchronization service. Then every playbook needs to write the task of the time synchronization service. At this time, we can write the time synchronization service task and call it when we use it.
Note: when writing roles, it is better to split a task into a file, so as to facilitate subsequent reuse and "thorough break-up".
Roles directory structure
In the roles directory, you can use the following command to create a directory
ansible-galaxy init nfs roles # Where nfs is the directory name
The directory created in this way is a full directory, but we may only need some directories, so in practice, most of them are created by ourselves rather than by commands.
The sample directory is constructed as follows:
1 [yun@ansi-manager tmp]$ tree ./ 2 ./ 3 ├── sit.yml 4 ├── webservers.yml 5 └── roles 6 └── nfs # Role name 7 ├── defaults # Role default variable (lowest priority) 8 │ └── main.yml 9 ├── files # Document storage 10 ├── handlers # Trigger task 11 │ └── main.yml 12 ├── meta # Dependency 13 │ └── main.yml 14 ├── README.md # instructions 15 ├── tasks # concrete tasks 16 │ └── main.yml 17 ├── templates # template file 18 └── vars # Role other variables 19 └── main.yml 20 21 10 directories, 10 files
Catalog Description:
1. First, you need to have the roles directory, and then create the corresponding directory under the roles directory.
2. For the directory name under roles, it is better to see the literal meaning. For example, the common directory indicates the basic directory, which is necessary; the nfs directory indicates the installation of nfs service; the memcached directory indicates the installation of memcached service, etc.
3. You can create secondary directories under roles according to your own needs. You can create unnecessary directories without creating a full directory.
4. In the secondary directory under the roles directory, some directories must contain a main.yml file for ansible to use.
Roles dependency
Roles allows the automatic introduction of other roles when using roles. The dependencies of roles are stored in the meta/main.yml file in the role directory.
For example: to install WordPress, you need to make sure that Nginx and PHP are running normally. At this time, you can define roles that depend on Nginx and PHP FPM in the role of WordPress.
1 [yun@ansi-manager playbook]$ cat /app/roles/wordpress/meta/main.yml 2 --- 3 dependencies: 4 - { role: nginx } 5 - { role: php-fpm }
At this time, the role of WordPress will first execute the role of Nginx, then the role of PHP FPM, and finally the role of WordPress itself.
Ansible Roles case practice - deploying NFS services
Overall directory structure
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ ll 4 total 4 5 drwxrwxr-x 2 yun yun 17 Sep 15 19:41 group_vars 6 -rw-rw-r-- 1 yun yun 108 Sep 15 19:37 nfs_server.yml 7 drwxrwxr-x 4 yun yun 35 Sep 15 18:00 roles 8 [yun@ansi-manager ansible_roles]$ tree # directory structure 9 . 10 ├── group_vars 11 │ └── all 12 ├── nfs_server.yml 13 └── roles 14 ├── nfs # Server 15 │ ├── handlers 16 │ │ └── main.yml 17 │ ├── tasks 18 │ │ ├── config.yml 19 │ │ ├── install.yml 20 │ │ ├── main.yml 21 │ │ ├── mkdir.yml 22 │ │ ├── start_NFS.yml 23 │ │ └── start_rpcbind.yml 24 │ └── templates 25 │ └── exports.j2 26 └── nfs_client # client 27 └── tasks 28 └── main.yml 29 30 9 directories, 11 files
Server information
directory structure
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ tree roles/nfs 4 roles/nfs 5 ├── handlers 6 │ └── main.yml 7 ├── tasks 8 │ ├── config.yml 9 │ ├── install.yml 10 │ ├── main.yml 11 │ ├── mkdir.yml 12 │ ├── start_NFS.yml 13 │ └── start_rpcbind.yml 14 └── templates 15 └── exports.j2 16 17 4 directories, 8 files
tasks task directory information
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/main.yml 2 - include_tasks: install.yml 3 - include_tasks: config.yml 4 - include_tasks: mkdir.yml 5 - include_tasks: start_rpcbind.yml 6 - include_tasks: start_NFS.yml 7 8 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/install.yml 9 - name: "install package NFS " 10 yum: 11 name: 12 - nfs-utils 13 - rpcbind 14 state: present 15 16 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/config.yml 17 - name: "NFS server config and edit restart" 18 template: 19 src: exports.j2 20 dest: /etc/exports 21 owner: root 22 group: root 23 mode: '644' 24 notify: "reload NFS server" 25 26 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/mkdir.yml 27 - name: "create NFS dir" 28 file: 29 path: /data 30 owner: yun 31 group: yun 32 state: directory 33 recurse: yes 34 35 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_rpcbind.yml 36 - name: "rpcbind server start" 37 systemd: 38 name: rpcbind 39 state: started 40 daemon_reload: yes 41 enabled: yes 42 43 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_NFS.yml 44 - name: "NFS server start" 45 systemd: 46 name: nfs 47 state: started 48 daemon_reload: yes 49 enabled: yes
handlers task directory information
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/handlers/main.yml 2 - name: "reload NFS server" 3 systemd: 4 name: nfs 5 state: reloaded
Template directory information
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/templates/exports.j2 2 {{ nfs_dir }} 172.16.1.0/24(rw,sync,root_squash,all_squash,anonuid=1050,anongid=1050)
Client information
The client is relatively simple, just a mount task
1 [yun@ansi-manager ansible_roles]$ cat roles/nfs_client/tasks/main.yml 2 - name: "mount NFS server" 3 mount: 4 src: 172.16.1.180:{{ nfs_dir }} 5 path: /mnt 6 fstype: nfs 7 opts: defaults 8 state: mounted
Variable information
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 4 # NFS server directory 5 nfs_dir: /data
playbook information
1 [yun@ansi-manager ansible_roles]$ cat nfs_server.yml 2 --- 3 # NFS server 4 - hosts: manageservers 5 roles: 6 - nfs 7 8 - hosts: proxyservers 9 roles: 10 - nfs_client
Task execution
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check nfs_server.yml # Grammar detection 2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C nfs_server.yml # Pre execution, test execution 3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key nfs_server.yml # implement
Ansible Roles case practice - deploy memcached service
Overall directory structure
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ ll 4 total 8 5 -rw-rw-r-- 1 yun yun 71 Sep 16 09:05 memcached_server.yml 6 drwxrwxr-x 5 yun yun 52 Sep 16 08:38 roles 7 [yun@ansi-manager ansible_roles]$ tree roles/ 8 roles/ 9 └── memcached 10 ├── handlers 11 │ └── main.yml 12 ├── tasks 13 │ ├── config.yml 14 │ ├── install.yml 15 │ ├── main.yml 16 │ └── start.yml 17 └── templates 18 └── memcached.j2 19 20 11 directories, 15 files
Service information
directory structure
1 [yun@ansi-manager memcached]$ pwd 2 /app/ansible_info/ansible_roles/roles/memcached 3 [yun@ansi-manager memcached]$ ll 4 total 0 5 drwxrwxr-x 2 yun yun 22 Sep 16 08:56 handlers 6 drwxrwxr-x 2 yun yun 76 Sep 16 08:53 tasks 7 drwxrwxr-x 2 yun yun 26 Sep 16 08:55 templates 8 [yun@ansi-manager memcached]$ tree 9 . 10 ├── handlers 11 │ └── main.yml 12 ├── tasks 13 │ ├── config.yml 14 │ ├── install.yml 15 │ ├── main.yml 16 │ └── start.yml 17 └── templates 18 └── memcached.j2 19 20 3 directories, 6 files
tasks task directory information
1 [yun@ansi-manager memcached]$ cat tasks/main.yml 2 - include_tasks: install.yml 3 - include_tasks: config.yml 4 - include_tasks: start.yml 5 6 [yun@ansi-manager memcached]$ cat tasks/install.yml 7 - name: " install package memcached" 8 yum: 9 name: memcached 10 state: present 11 12 [yun@ansi-manager memcached]$ cat tasks/config.yml 13 - name: "memcached server config and edit restart" 14 template: 15 src: memcached.j2 16 dest: /etc/sysconfig/memcached 17 owner: root 18 group: root 19 mode: '644' 20 notify: "restart memcached server" 21 22 [yun@ansi-manager memcached]$ cat tasks/start.yml 23 - name: "memcached server start" 24 systemd: 25 name: memcached 26 state: started 27 daemon_reload: yes 28 enabled: yes
handlers task directory information
1 [yun@ansi-manager memcached]$ cat handlers/main.yml 2 - name: "restart memcached server" 3 systemd: 4 name: memcached 5 state: restarted
Template directory information
1 [yun@ansi-manager memcached]$ cat templates/memcached.j2 2 PORT="11211" 3 USER="memcached" 4 MAXCONN="1024" 5 CACHESIZE="{{ ansible_memtotal_mb // 2 }}" 6 OPTIONS=""
playbook information
1 [yun@ansi-manager ansible_roles]$ cat memcached_server.yml 2 --- 3 # memcached server 4 - hosts: manageservers 5 roles: 6 - memcached
Task execution
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check memcached_server.yml # Grammar detection 2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C memcached_server.yml # Pre execution, test execution 3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key memcached_server.yml # implement
Ansible Roles case practice - deploy Rsync service
Overall directory structure
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ ll 4 total 12 5 drwxrwxr-x 2 yun yun 17 Sep 29 09:33 group_vars 6 drwxrwxr-x 7 yun yun 86 Sep 29 08:49 roles 7 -rw-rw-r-- 1 yun yun 116 Sep 29 09:50 rsyncd_server.yml 8 [yun@ansi-manager ansible_roles]$ tree roles/ 9 roles/ 10 ├── rsync_client 11 │ ├── tasks 12 │ │ └── main.yml 13 │ └── templates 14 │ └── rsync.password.j2 15 └── rsyncd 16 ├── handlers 17 │ └── main.yml 18 ├── tasks 19 │ ├── config.yml 20 │ ├── install.yml 21 │ ├── main.yml 22 │ ├── mkdir.yml 23 │ └── start_rsyncd.yml 24 └── templates 25 ├── rsyncd.conf.j2 26 └── rsync.password.j2 27 28 18 directories, 25 files
Server information
directory structure
1 [yun@ansi-manager rsyncd]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsyncd 3 [yun@ansi-manager rsyncd]$ tree 4 . 5 ├── handlers 6 │ └── main.yml 7 ├── tasks 8 │ ├── config.yml 9 │ ├── install.yml 10 │ ├── main.yml 11 │ ├── mkdir.yml 12 │ └── start_rsyncd.yml 13 └── templates 14 ├── rsyncd.conf.j2 15 └── rsync.password.j2 16 17 3 directories, 8 files
tasks task directory information
1 [yun@ansi-manager rsyncd]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsyncd 3 [yun@ansi-manager rsyncd]$ cat tasks/main.yml 4 - include_tasks: install.yml 5 - include_tasks: config.yml 6 - include_tasks: mkdir.yml 7 - include_tasks: start_rsyncd.yml 8 9 [yun@ansi-manager rsyncd]$ cat tasks/install.yml 10 - name: "Install package rsync" 11 yum: 12 name: rsync 13 state: present 14 15 [yun@ansi-manager rsyncd]$ cat tasks/config.yml 16 - name: "rsyncd server config and edit restart" 17 template: 18 src: rsyncd.conf.j2 19 dest: /etc/rsyncd.conf 20 owner: root 21 group: root 22 mode: '644' 23 notify: "restart rsyncd server" 24 25 - name: "rsyncd server password file" 26 template: 27 src: rsync.password.j2 28 dest: /etc/rsync.password 29 owner: root 30 group: root 31 mode: '400' 32 33 [yun@ansi-manager rsyncd]$ cat tasks/mkdir.yml 34 - name: "create rsync business backup dir" 35 file: 36 path: /backup/busi_data 37 owner: root 38 group: root 39 state: directory 40 recurse: yes 41 42 - name: "create rsync database backup dir" 43 file: 44 path: /backup/database 45 owner: root 46 group: root 47 state: directory 48 recurse: yes 49 50 [yun@ansi-manager rsyncd]$ cat tasks/start_rsyncd.yml 51 - name: "rsyncd server start" 52 systemd: 53 name: rsyncd 54 state: started 55 daemon_reload: yes 56 enabled: yes
handlers task directory information
1 [yun@ansi-manager rsyncd]$ cat handlers/main.yml 2 - name: "restart rsyncd server" 3 systemd: 4 name: rsyncd 5 state: restarted
Template directory information
1 [yun@ansi-manager rsyncd]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsyncd 3 [yun@ansi-manager rsyncd]$ cat templates/rsyncd.conf.j2 # Document 1 4 # Note: for more parameters and more details, see man rsyncd.conf 5 #rsync_config---------------start 6 uid = root 7 gid = root 8 use chroot = false 9 max connections = 200 10 timeout = 100 11 pid file = /var/run/rsyncd.pid 12 lock file = /var/run/rsync.lock 13 log file = /var/log/rsyncd.log 14 dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 15 ignore errors = true 16 read only = false 17 list = false 18 19 ## Note to avoid confusion between hosts allow and hosts deny, please choose one of them 20 hosts allow = 172.16.1.0/24,10.9.0.0/16,120.27.48.179 21 # hosts deny = 10.0.0.0/16 22 # Support multiple authentication accounts 23 auth users = {{ auth_user }} 24 secrets file = /etc/rsync.password 25 26 27 # Notice the permission information of path directory in data backup 28 [back_data_module] 29 path = /backup/busi_data/ 30 31 # Pay attention to the permission information of path directory in database backup 32 [back_db_module] 33 path = /backup/database/ 34 35 #rsync_config---------------end 36 37 [yun@ansi-manager rsyncd]$ cat templates/rsync.password.j2 # Document 2 38 {{ auth_user }}:{{ auth_pawd }}
Client information
1 [yun@ansi-manager rsync_client]$ pwd 2 /app/ansible_info/ansible_roles/roles/rsync_client 3 [yun@ansi-manager rsync_client]$ tree # directory structure 4 . 5 ├── tasks 6 │ └── main.yml 7 └── templates 8 └── rsync.password.j2 9 10 2 directories, 2 files 11 [yun@ansi-manager rsync_client]$ cat tasks/main.yml # tasks information 12 - name: "rsync passwrod file config" 13 template: 14 src: rsync.password.j2 15 dest: /etc/rsync.password 16 owner: root 17 group: root 18 mode: '400' 19 20 [yun@ansi-manager rsync_client]$ cat templates/rsync.password.j2 # Template information 21 {{ auth_pawd }}
Variable information
1 [yun@ansi-manager ansible_roles]$ pwd 2 /app/ansible_info/ansible_roles 3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 4 # NFS server directory 5 nfs_dir: /data 6 # rsync daemon use 7 auth_user: rsync_backup 8 auth_pawd: rsync_backup_pwd
playbook information
1 [yun@ansi-manager ansible_roles]$ cat rsyncd_server.yml 2 --- 3 # rsyncd server 4 - hosts: manageservers 5 roles: 6 - rsyncd 7 8 - hosts: proxyservers 9 roles: 10 - rsync_client
Task execution
1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check rsyncd_server.yml # Grammar detection 2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C rsyncd_server.yml # Pre execution, test execution 3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key rsyncd_server.yml # implement
Ansible Galaxy
https://galaxy.ansible.com
-—END-—
If you think it's good, pay attention to it!
