Ansible automatic operation and maintenance tool 9 (installation and use of ansible role)

Keywords: Operation & Maintenance

1, Introduction to ansible role

(1) Ansible roles is a hierarchical and structured organization Playbook.
(2) roles is to place variables, files, tasks, modules and processors in separate directories and easily include them;
(3) roles are generally used in the scenario of building services based on hosts, and are frequently used in complex business scenarios of enterprises;
(4) tasks, variables, handlers, templates, files, etc. organized in a specific hierarchical directory structure; It is equivalent to the function call cutting each function into fragments for execution.

1.roles directory structure

files stores functions called by modules such as copy or script
tasksDefine various task s with main.yml and other files including calls
handlersDefine various handlers with main.yml and other files including calls
varsDefine variables with main.yml and other files including calls
templatesStores the template text called by the template module
metaTo define the special settings and dependencies of the current role, there should be a main.yml file
defaultsThere should be a file of main.yml to set the default variables
testsFor testing roles

2. Creating an ansible role

Ansible Galaxy command tool: ansible galaxy is a website for free sharing and downloading ansible roles, which can help us better define and learn roles;
The ansible Galaxy command defaults to Website API communication, you can find and download all kinds of community development
Ansible role
Ansible galaxy has been included in Ansible 1.4.2. You can query roles on

List all installed galaxy;

The path of role storage is defined in the configuration file ansible.cfg;
roles_path = ~/ansible/roles (default directory: / etc/ansible/roles)

Create directory structure

Create vsftps (should be vsftpd, wrong number here) role

View roles in the ansible Galaxy list;
You can see that the vsftpd role was created successfully

2, Use of ansible roles

1. Write the main task of task

Example: Download and install vsftpd, and change the configuration file according to variables;
Edit the ~ / ansible/roles/vsftps/tasks/main.yml file

# tasks file for vsftpd
- name: install vsftpd                     Installation module
    name: vsftpd
    state: latest
  notify:                                  trigger
    - restart vsftpd
    - firewalld set

- name: set vsftpd                        Modify configuration module
    path: /etc/vsftpd/vsftpd.conf
    regexp: "anonymous_enable"
    line: "anonymous_enable={{ STATE }}"
  notify:                                 trigger
    - restart vsftpd

2. Trigger module

View firewall setting rules

Examples are as follows

- name: restart vsftpd             vsftpd modular
    name: vsftpd
    state: restarted
    enabled: yes

- name: firewalld set              Firewall module
    name: ftp
    state: enabeld
    permanent: yes
    immediate: yes

3. Variable module

Enable module ~ / ansible/vsftpd.yml

Execute playbook to install vsftpd for the node host

Next, test to delete the installed vsftpd and edit the task main task module

Execute playbook

Edit the task main task module again to test and install vsftpd

Execute playbook

3, Exercise test

Download httpd for node host. The requirements are as follows:
Enter the domain name ------ visit the test page;
Enter the domain name ------ access the test page;
Enter another default domain name ----- get access to the test page

1. Create apache role

2. Set variables

# vars file for apache
  - docroot: /var/www/html
  - docroot: /var/www/vhosts/
  - docroot: /var/www/vhosts/

3. Set j2 template

{% for vhost in WEBS %}
{% if vhost['name'] is not defined %}
  <VirtualHost _default_:80>
{% if vhost['name'] is defined %}
  <VirtualHost *:80>
  ServerName {{vhost['name']}}
  DocumentRoot   {{vhost['docroot']}}
{% endfor %}

4. Set task

# tasks file for apache
- name: install apache
    name: httpd
    state: latest
    - restart apache
    - firewalld
- name: create documentroot
    path: "{{ item.docroot }}"
    state: directory
- name: create index.html
    dest: "{{ item.docroot }}/index.html"
    content: "{{ item.index }}"
- name: set vhost
    src: vhosts.conf.j2
    dest: /mnt/vhost.conf
    - restart apache

5. Set trigger

# handlers file for apache
- name: restart apache
    name: httpd
    state: restarted
    enabled: yes

- name: firewalld
    service: http
    state: enabled
    permanent: yes
    immediate: yes

6. Set execution tasks

Execute playbook

You can view the information of the virtual host on the node host

4, Control the execution sequence of tasks

playbook Used in roles#
playbook Used in roles: 
- hosts: server2
 - role: role1
 - role: role2
 var1: value1  Variables here will be overwritten roles Defined variables in


- hosts: server2
 - role: role1  Role task
 pre_tasks:  Executed before role execution play
 - tasks1
 tasks:  General tasks
 - tasks2
 post_tasks: Executed after roles and common tasks are executed play
 - tasks3

On the basis of the previous experiment, add the task execution sequence and continue to edit the task execution module ~ / ansible/vsftpd.yml

Execute playbook;
You can see that there is a task execution before the role task

Task execution after role task

5, Use of multiple roles

First, the real machine opens the fire wall and opens the address camouflage, so that the virtual machine can surf the Internet

ansible - galaxy command tool:
Download role:
Access role download address: install roles

Search nginx

Copy link below

Download role succeeded

You can see the installed roles

Package the apache role directory and delete the original directory for experimental testing

List the roles. At this time, there are only vsftps and nginx just installed

Set execution task

Install role

Next, we install the Red Hat role, which allows the administrator to effectively manage the specified properties of the host

Installed in / usr/share/ansible directory

Copy a copy to the accessible directory of the devops user

List installed roles

Edit the execution task and complete the node host synchronization time

Execute playbook

Edit the default configuration file / etc/chrony.conf for the node host

Time of successful synchronization to the ansible host

Posted by defx on Sat, 30 Oct 2021 22:35:25 -0700