Detailed explanation of role test of Ansible, an automatic operation and maintenance tool

Keywords: Linux ansible rsync Nginx PHP

;

Detailed explanation of Ansible Roles and practical cases

 

Host planning

 

Add user account

explain:

1. Login account used by operation and maintenance personnel;

2. All businesses are placed in the "home directory of yun users" under / app / to avoid misplacement of business data;

3. This user is also used by ansible, because almost all production environments prohibit root remote login (so the yun user also performs sudo authorization).

1 # Use a dedicated user and avoid using root directly
2 # Add user, specify home directory and specify user password
3 # sudo right
4 # Allow other ordinary users to enter the directory to view information
5 useradd -u 1050 -d /app yun && echo '123456' | /usr/bin/passwd --stdin yun
6 echo "yun  ALL=(ALL)       NOPASSWD: ALL" >>  /etc/sudoers
7 chmod 755 /app/

 

Ansible configuration list Inventory

After that, the article is the following host configuration list

 1 [yun@ansi-manager ansible_info]$ pwd
 2 /app/ansible_info
 3 [yun@ansi-manager ansible_info]$ cat hosts_key 
 4 # Mode 1. Host + port + secret key
 5 [manageservers]
 6 172.16.1.180:22
 7 
 8 [proxyservers]
 9 172.16.1.18[1:2]:22
10 
11 # Mode 2: alias + Host + port + Password
12 [webservers]
13 web01 ansible_ssh_host=172.16.1.183 ansible_ssh_port=22
14 web02 ansible_ssh_host=172.16.1.184 ansible_ssh_port=22
15 web03 ansible_ssh_host=172.16.1.185 ansible_ssh_port=22

 

Basic overview of Ansible Roles

I've learned variables, tasks and handlers before, so how to organize playbook s is the best way?

The simple answer is: use roles. Roles is based on a known file structure to automatically load some vars, files, tasks and handlers. So that playbook can be called better. Compared with playbook, the structure of roles is more clear and hierarchical.

If: no matter what software we install, we will install the time synchronization service. Then every playbook needs to write the task of the time synchronization service. At this time, we can write the time synchronization service task and call it when we use it.

Note: when writing roles, it is better to split a task into a file, so as to facilitate subsequent reuse and "thorough break-up".

Roles directory structure

In the roles directory, you can use the following command to create a directory

ansible-galaxy init nfs roles   # Where nfs is the directory name

 

The directory created in this way is a full directory, but we may only need some directories, so in practice, most of them are created by ourselves rather than by commands.

The sample directory is constructed as follows:

 1 [yun@ansi-manager tmp]$ tree ./
 2 ./
 3 ├── sit.yml
 4 ├── webservers.yml
 5 └── roles
 6     └── nfs                  # Role name
 7         ├── defaults         # Role default variable (lowest priority)
 8         │   └── main.yml
 9         ├── files            # Document storage
10         ├── handlers         # Trigger task
11         │   └── main.yml
12         ├── meta             # Dependency
13         │   └── main.yml
14         ├── README.md        # instructions
15         ├── tasks            # concrete tasks
16         │   └── main.yml
17         ├── templates        # template file
18         └── vars             # Role other variables
19             └── main.yml
20 
21 10 directories, 10 files

 

Catalog Description:

1. First, you need to have the roles directory, and then create the corresponding directory under the roles directory.

2. For the directory name under roles, it is better to see the literal meaning. For example, the common directory indicates the basic directory, which is necessary; the nfs directory indicates the installation of nfs service; the memcached directory indicates the installation of memcached service, etc.

3. You can create secondary directories under roles according to your own needs. You can create unnecessary directories without creating a full directory.

4. In the secondary directory under the roles directory, some directories must contain a main.yml file for ansible to use.

Roles dependency

Roles allows the automatic introduction of other roles when using roles. The dependencies of roles are stored in the meta/main.yml file in the role directory.

For example: to install WordPress, you need to make sure that Nginx and PHP are running normally. At this time, you can define roles that depend on Nginx and PHP FPM in the role of WordPress.

1 [yun@ansi-manager playbook]$ cat /app/roles/wordpress/meta/main.yml
2 ---
3 dependencies:
4   - { role: nginx }
5   - { role: php-fpm }

 

At this time, the role of WordPress will first execute the role of Nginx, then the role of PHP FPM, and finally the role of WordPress itself.

Ansible Roles case practice - deploying NFS services

Overall directory structure

 1 [yun@ansi-manager ansible_roles]$ pwd
 2 /app/ansible_info/ansible_roles
 3 [yun@ansi-manager ansible_roles]$ ll
 4 total 4
 5 drwxrwxr-x 2 yun yun  17 Sep 15 19:41 group_vars
 6 -rw-rw-r-- 1 yun yun 108 Sep 15 19:37 nfs_server.yml
 7 drwxrwxr-x 4 yun yun  35 Sep 15 18:00 roles
 8 [yun@ansi-manager ansible_roles]$ tree  # directory structure
 9 .
10 ├── group_vars
11 │   └── all
12 ├── nfs_server.yml
13 └── roles
14     ├── nfs  # Server
15     │   ├── handlers
16     │   │   └── main.yml
17     │   ├── tasks
18     │   │   ├── config.yml
19     │   │   ├── install.yml
20     │   │   ├── main.yml
21     │   │   ├── mkdir.yml
22     │   │   ├── start_NFS.yml
23     │   │   └── start_rpcbind.yml
24     │   └── templates
25     │       └── exports.j2
26     └── nfs_client  # client
27         └── tasks
28             └── main.yml
29 
30 9 directories, 11 files

 

Server information

directory structure

 1 [yun@ansi-manager ansible_roles]$ pwd
 2 /app/ansible_info/ansible_roles
 3 [yun@ansi-manager ansible_roles]$ tree roles/nfs
 4 roles/nfs
 5 ├── handlers
 6 │   └── main.yml
 7 ├── tasks
 8 │   ├── config.yml
 9 │   ├── install.yml
10 │   ├── main.yml
11 │   ├── mkdir.yml
12 │   ├── start_NFS.yml
13 │   └── start_rpcbind.yml
14 └── templates
15     └── exports.j2
16 
17 4 directories, 8 files

 

tasks task directory information

 1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/main.yml 
 2 - include_tasks: install.yml
 3 - include_tasks: config.yml
 4 - include_tasks: mkdir.yml
 5 - include_tasks: start_rpcbind.yml
 6 - include_tasks: start_NFS.yml
 7 
 8 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/install.yml 
 9 - name: "install package NFS "
10   yum:
11     name:
12       - nfs-utils
13       - rpcbind
14     state: present
15 
16 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/config.yml 
17 - name: "NFS server config and edit restart"
18   template:
19     src: exports.j2
20     dest: /etc/exports
21     owner: root
22     group: root
23     mode: '644'
24   notify: "reload NFS server"
25 
26 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/mkdir.yml 
27 - name: "create NFS dir"
28   file:
29     path: /data
30     owner: yun
31     group: yun
32     state: directory
33     recurse: yes
34 
35 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_rpcbind.yml 
36 - name: "rpcbind server start"
37   systemd:
38     name: rpcbind
39     state: started
40     daemon_reload: yes
41     enabled: yes
42 
43 [yun@ansi-manager ansible_roles]$ cat roles/nfs/tasks/start_NFS.yml 
44 - name: "NFS server start"
45   systemd:
46     name: nfs
47     state: started
48     daemon_reload: yes
49     enabled: yes

 

handlers task directory information

1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/handlers/main.yml 
2 - name: "reload NFS server"
3   systemd:
4     name: nfs
5     state: reloaded

 

Template directory information

1 [yun@ansi-manager ansible_roles]$ cat roles/nfs/templates/exports.j2 
2 {{ nfs_dir }}   172.16.1.0/24(rw,sync,root_squash,all_squash,anonuid=1050,anongid=1050)

 

Client information

The client is relatively simple, just a mount task

1 [yun@ansi-manager ansible_roles]$ cat roles/nfs_client/tasks/main.yml 
2 - name: "mount NFS server"
3   mount:
4     src: 172.16.1.180:{{ nfs_dir }}
5     path: /mnt
6     fstype: nfs
7     opts: defaults
8     state: mounted

 

Variable information

1 [yun@ansi-manager ansible_roles]$ pwd
2 /app/ansible_info/ansible_roles
3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 
4 # NFS server directory
5 nfs_dir: /data

 

playbook information

 1 [yun@ansi-manager ansible_roles]$ cat nfs_server.yml 
 2 ---
 3 # NFS server
 4 - hosts: manageservers
 5   roles:
 6     - nfs
 7 
 8 - hosts: proxyservers
 9   roles:
10     - nfs_client

 

Task execution

1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check nfs_server.yml  # Grammar detection
2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C nfs_server.yml  # Pre execution, test execution
3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key nfs_server.yml  # implement

 

Ansible Roles case practice - deploy memcached service

Overall directory structure

 1 [yun@ansi-manager ansible_roles]$ pwd
 2 /app/ansible_info/ansible_roles
 3 [yun@ansi-manager ansible_roles]$ ll
 4 total 8
 5 -rw-rw-r-- 1 yun yun  71 Sep 16 09:05 memcached_server.yml
 6 drwxrwxr-x 5 yun yun  52 Sep 16 08:38 roles
 7 [yun@ansi-manager ansible_roles]$ tree roles/
 8 roles/
 9 └── memcached
10     ├── handlers
11     │   └── main.yml
12     ├── tasks
13     │   ├── config.yml
14     │   ├── install.yml
15     │   ├── main.yml
16     │   └── start.yml
17     └── templates
18         └── memcached.j2
19 
20 11 directories, 15 files

 

Service information

directory structure

 1 [yun@ansi-manager memcached]$ pwd
 2 /app/ansible_info/ansible_roles/roles/memcached
 3 [yun@ansi-manager memcached]$ ll
 4 total 0
 5 drwxrwxr-x 2 yun yun 22 Sep 16 08:56 handlers
 6 drwxrwxr-x 2 yun yun 76 Sep 16 08:53 tasks
 7 drwxrwxr-x 2 yun yun 26 Sep 16 08:55 templates
 8 [yun@ansi-manager memcached]$ tree
 9 .
10 ├── handlers
11 │   └── main.yml
12 ├── tasks
13 │   ├── config.yml
14 │   ├── install.yml
15 │   ├── main.yml
16 │   └── start.yml
17 └── templates
18     └── memcached.j2
19 
20 3 directories, 6 files

 

tasks task directory information

 1 [yun@ansi-manager memcached]$ cat tasks/main.yml 
 2 - include_tasks: install.yml
 3 - include_tasks: config.yml
 4 - include_tasks: start.yml
 5 
 6 [yun@ansi-manager memcached]$ cat tasks/install.yml 
 7 - name: " install package memcached"
 8   yum:
 9     name: memcached
10     state: present
11 
12 [yun@ansi-manager memcached]$ cat tasks/config.yml 
13 - name: "memcached server config and edit restart"
14   template:
15     src: memcached.j2
16     dest: /etc/sysconfig/memcached
17     owner: root
18     group: root
19     mode: '644'
20   notify: "restart memcached server"
21 
22 [yun@ansi-manager memcached]$ cat tasks/start.yml 
23 - name: "memcached server start"
24   systemd:
25     name: memcached
26     state: started
27     daemon_reload: yes
28     enabled: yes

 

handlers task directory information

1 [yun@ansi-manager memcached]$ cat handlers/main.yml 
2 - name: "restart memcached server"
3   systemd:
4     name: memcached
5     state: restarted

 

Template directory information

1 [yun@ansi-manager memcached]$ cat templates/memcached.j2 
2 PORT="11211"
3 USER="memcached"
4 MAXCONN="1024"
5 CACHESIZE="{{ ansible_memtotal_mb // 2 }}"
6 OPTIONS=""

 

playbook information

1 [yun@ansi-manager ansible_roles]$ cat memcached_server.yml 
2 ---
3 # memcached server
4 - hosts: manageservers
5   roles:
6     - memcached

 

Task execution

1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check memcached_server.yml  # Grammar detection
2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C memcached_server.yml  # Pre execution, test execution
3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key memcached_server.yml  # implement

 

Ansible Roles case practice - deploy Rsync service

Overall directory structure

 1 [yun@ansi-manager ansible_roles]$ pwd
 2 /app/ansible_info/ansible_roles
 3 [yun@ansi-manager ansible_roles]$ ll
 4 total 12
 5 drwxrwxr-x 2 yun yun  17 Sep 29 09:33 group_vars
 6 drwxrwxr-x 7 yun yun  86 Sep 29 08:49 roles
 7 -rw-rw-r-- 1 yun yun 116 Sep 29 09:50 rsyncd_server.yml
 8 [yun@ansi-manager ansible_roles]$ tree roles/
 9 roles/
10 ├── rsync_client
11 │   ├── tasks
12 │   │   └── main.yml
13 │   └── templates
14 │       └── rsync.password.j2
15 └── rsyncd
16     ├── handlers
17     │   └── main.yml
18     ├── tasks
19     │   ├── config.yml
20     │   ├── install.yml
21     │   ├── main.yml
22     │   ├── mkdir.yml
23     │   └── start_rsyncd.yml
24     └── templates
25         ├── rsyncd.conf.j2
26         └── rsync.password.j2
27 
28 18 directories, 25 files

 

Server information

directory structure

 1 [yun@ansi-manager rsyncd]$ pwd
 2 /app/ansible_info/ansible_roles/roles/rsyncd
 3 [yun@ansi-manager rsyncd]$ tree 
 4 .
 5 ├── handlers
 6 │   └── main.yml
 7 ├── tasks
 8 │   ├── config.yml
 9 │   ├── install.yml
10 │   ├── main.yml
11 │   ├── mkdir.yml
12 │   └── start_rsyncd.yml
13 └── templates
14     ├── rsyncd.conf.j2
15     └── rsync.password.j2
16 
17 3 directories, 8 files

 

tasks task directory information

 1 [yun@ansi-manager rsyncd]$ pwd
 2 /app/ansible_info/ansible_roles/roles/rsyncd
 3 [yun@ansi-manager rsyncd]$ cat tasks/main.yml 
 4 - include_tasks: install.yml
 5 - include_tasks: config.yml
 6 - include_tasks: mkdir.yml
 7 - include_tasks: start_rsyncd.yml
 8 
 9 [yun@ansi-manager rsyncd]$ cat tasks/install.yml 
10 - name: "Install package rsync"
11   yum:
12     name: rsync
13     state: present
14 
15 [yun@ansi-manager rsyncd]$ cat tasks/config.yml 
16 - name: "rsyncd server config and edit restart"
17   template:
18     src: rsyncd.conf.j2
19     dest: /etc/rsyncd.conf
20     owner: root
21     group: root
22     mode: '644'
23   notify: "restart rsyncd server"
24 
25 - name: "rsyncd server password file"
26   template:
27     src: rsync.password.j2
28     dest: /etc/rsync.password
29     owner: root
30     group: root
31     mode: '400'
32 
33 [yun@ansi-manager rsyncd]$ cat tasks/mkdir.yml 
34 - name: "create rsync business backup dir"
35   file:
36     path: /backup/busi_data
37     owner: root
38     group: root
39     state: directory
40     recurse: yes
41 
42 - name: "create rsync database backup dir"
43   file:
44     path: /backup/database
45     owner: root
46     group: root
47     state: directory
48     recurse: yes
49 
50 [yun@ansi-manager rsyncd]$ cat tasks/start_rsyncd.yml
51 - name: "rsyncd server start"
52   systemd:
53     name: rsyncd
54     state: started
55     daemon_reload: yes
56     enabled: yes

 

handlers task directory information

1 [yun@ansi-manager rsyncd]$ cat handlers/main.yml 
2 - name: "restart rsyncd server"
3   systemd:
4     name: rsyncd
5     state: restarted

 

Template directory information

 1 [yun@ansi-manager rsyncd]$ pwd
 2 /app/ansible_info/ansible_roles/roles/rsyncd
 3 [yun@ansi-manager rsyncd]$ cat templates/rsyncd.conf.j2  # Document 1
 4 # Note: for more parameters and more details, see  man rsyncd.conf
 5 #rsync_config---------------start
 6 uid = root
 7 gid = root
 8 use chroot = false
 9 max connections = 200
10 timeout = 100
11 pid file = /var/run/rsyncd.pid
12 lock file = /var/run/rsync.lock
13 log file = /var/log/rsyncd.log
14 dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
15 ignore errors = true
16 read only = false
17 list = false
18 
19 ## Note to avoid confusion between hosts allow and hosts deny, please choose one of them
20 hosts allow = 172.16.1.0/24,10.9.0.0/16,120.27.48.179
21 # hosts deny = 10.0.0.0/16
22 # Support multiple authentication accounts
23 auth users = {{ auth_user }}
24 secrets file = /etc/rsync.password
25 
26 
27 # Notice the permission information of path directory in data backup
28 [back_data_module]
29 path = /backup/busi_data/
30 
31 # Pay attention to the permission information of path directory in database backup
32 [back_db_module]
33 path = /backup/database/
34 
35 #rsync_config---------------end
36 
37 [yun@ansi-manager rsyncd]$ cat templates/rsync.password.j2  # Document 2
38 {{ auth_user }}:{{ auth_pawd }}

 

Client information

 1 [yun@ansi-manager rsync_client]$ pwd
 2 /app/ansible_info/ansible_roles/roles/rsync_client
 3 [yun@ansi-manager rsync_client]$ tree  # directory structure
 4 .
 5 ├── tasks
 6 │   └── main.yml
 7 └── templates
 8     └── rsync.password.j2
 9 
10 2 directories, 2 files
11 [yun@ansi-manager rsync_client]$ cat tasks/main.yml  # tasks information
12 - name: "rsync passwrod file config"
13   template:
14     src: rsync.password.j2
15     dest: /etc/rsync.password
16     owner: root
17     group: root
18     mode: '400'
19 
20 [yun@ansi-manager rsync_client]$ cat templates/rsync.password.j2  # Template information
21 {{ auth_pawd }}

 

Variable information

1 [yun@ansi-manager ansible_roles]$ pwd
2 /app/ansible_info/ansible_roles
3 [yun@ansi-manager ansible_roles]$ cat group_vars/all 
4 # NFS server directory
5 nfs_dir: /data
6 # rsync daemon use
7 auth_user: rsync_backup
8 auth_pawd: rsync_backup_pwd

 

playbook information

 1 [yun@ansi-manager ansible_roles]$ cat rsyncd_server.yml 
 2 ---
 3 # rsyncd server
 4 - hosts: manageservers
 5   roles:
 6     - rsyncd
 7 
 8 - hosts: proxyservers
 9   roles:
10     - rsync_client

 

Task execution

1 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key --syntax-check rsyncd_server.yml  # Grammar detection
2 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key -C rsyncd_server.yml  # Pre execution, test execution
3 [yun@ansi-manager ansible_roles]$ ansible-playbook -b -i ../hosts_key rsyncd_server.yml  # implement

 

Ansible Galaxy

https://galaxy.ansible.com

 

 

 

-—END-—
If you think it's good, pay attention to it!

Posted by chard on Fri, 08 May 2020 06:53:59 -0700