Ansible

1，roles 简介

• ansible 自1.2 版本引入的新特性，用于层次性、结构化地组织 playbook。roles 能够根据层次型结构自动化转载变量文件、tasks 以及 handlers 等。要使用 roles 只需要在 playbook 中使用 include 指令即可。简单来讲，roles 就是通过分别将变量、文件、任务、模板机处理器放置于单独的目录中，并可以便捷地 include 它们的一种机制。角色一般用于基于主机构建服务的场景中，但也可以是用于构建守护进程等场景中。

2，场景

• 复杂场景：建议使用 roles，代码复用度高
  • 变更指定主机或主机组
  • 如命名不规范维护和传承成本大
  • 某些功能需多个 playbook，通过 ````includes````` 即可实现

3，角色（roles）：目录编排

4，角色（roles）：

4.1 创建role 的步骤

• 1 创建以 roles 命名的目录
• 2 在roles 目录中分别创建以各角色名称命名的目录，如 nginx 等
• 3 在每个角色命名的目录中分别创建 files、handlers、meta、tasks、templates、vars 目录；用不到的目录可以创建为空目录，也可以不创建
• 4 在 playbook 文件中，调用各角色

4.2 目录结构

• 每个角色，以特定的层级目录结构进行组织
• roles 目录结构

playbook.yml
roles/
└── project
    ├── default
    ├── files
    ├── handlers
    ├── meta
    ├── tasks
    ├── templates
    └── vars

4.3 roles 各目录作用

• /roles/project/：项目名称，有以下子目录
  • file/：存放由 copy 或 script 模块等调用的文件
  • templates/：template 模块查找所需要模块文件的目录
  • tasks/：定义 tasks，role 的基本元素，至少应该包含一个名为 main.yml 的文件；其它的文件需要在此文件中通过 include 进行包含
  • handlers/：至少应该包含一个名为 main.yml 的文件；其它的文件需要在此文件中通过 include 进行包含
  • vars/：定义比那里，至少应该包含一个名为 main.yml 的文件；其它的文件需要在此文件中通过 include 进行包含
  • meta/：定义当前角色的特殊设定及其依赖关系，至少应该包含一个名为 main.yml 的文件；其它的文件需要在此文件中通过 include 进行包含
  • default/：设定默认变量时使用此目录中的 main.yml 文件

4.4 调用角色

• 方法1

- hosts: websrvs
  remote_user: root
  roles:
    - mysql
    - nginx
    - memcached

• 方法2
  • 传递变量给角色
  • 键role用于指定角色名称
  • 后续的 k/v 用于传递变量给角色

- hosts: websrvs
  remote_user: root
  roles:
    - mysql
    - { role: nginx, username: nginx}

• 方法3
  • 基于条件测试实现角色调用

- hosts: websrvs
  remote_user: root
  roles:
    - { role: nginx, tags: ['web', 'nginx'], when: ansible_distribution_major_version == "7" }

4.5 roles playbook tags 使用

ansible-playbook --tags="nginx,httpd,mysql" nginx-role.yml

• nginx-role.yml

---
- hosts: websrvs
  remote_user: root
  roles:
    - { role: nginx, tags: ['web', 'nginx'], when: ansible_distribution_major_version == "7" }
    - { role: httpd, tags: ['web', 'httpd'] }
    - { role: mysql, tags: ['db', 'mysql'] }
    - { role: marridb, tags: ['db', 'mysql'] }
    - { role: php }

5，实例

5.1 nginx

• 目录结构

nginx_role.yml 
roles/
└── nginx
    ├── tasks
    │   ├── group.yml
    │   ├── main.yml
    │   ├── restart.yml
    │   ├── start.yml
    │   ├── templ.yml
    │   ├── user.yml
    │   └── yum.yml
    └── templates
        └── nginx.conf.j2

• roles/nginx/tasks/main.yml

- include: group.yml
- include: user.yml
- include: yum.yml
- include: templ.yml
- include: start.yml

• roles/nginx/tasks/group.yml

- name: create group
  group: name=nginx gid=80

• roles/nginx/tasks/user.yml

- name: create user
  user: name=nginx uid=80 group=nginx system=yes shell=/sbin/nologin

• roles/nginx/tasks/yum.yml

- name: install package
  yum: name=nginx

• roles/nginx/tasks/templ.yml

- name: copy conf
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf

• roles/nginx/tasks/start.yml

- name: start service
  service: name=nginx state=started enabled=true

• roles/nginx/templates/nginx.conf.j2

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes {{ ansible_processor_vcpus+2 }};
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

• 执行结果

# ansible websrvs -m shell -a 'getent passwd nginx'
192.168.2.132 | CHANGED | rc=0 >>
nginx:x:80:80::/home/nginx:/sbin/nologin

192.168.2.131 | CHANGED | rc=0 >>
nginx:x:80:80::/home/nginx:/sbin/nologin

# ansible websrvs -m shell -a 'getent group nginx'
192.168.2.132 | CHANGED | rc=0 >>
nginx:x:80:

192.168.2.131 | CHANGED | rc=0 >>
nginx:x:80:

# ansible websrvs -m shell -a 'id nginx'
192.168.2.132 | CHANGED | rc=0 >>
uid=80(nginx) gid=80(nginx) groups=80(nginx)

192.168.2.131 | CHANGED | rc=0 >>
uid=80(nginx) gid=80(nginx) groups=80(nginx)

#  ansible websrvs -m shell -a 'rpm -q nginx'
192.168.2.132 | CHANGED | rc=0 >>
nginx-1.12.2-2.el7.x86_64

192.168.2.131 | CHANGED | rc=0 >>
nginx-1.12.2-2.el7.x86_64

# ansible websrvs -m setup -a 'filter=ansible_processor_vcpus'

192.168.2.132 | SUCCESS => {
    "ansible_facts": {
        "ansible_processor_vcpus": 8
    },
    "changed": false
}
192.168.2.131 | SUCCESS => {
    "ansible_facts": {
        "ansible_processor_vcpus": 8
    },
    "changed": false
}

# ansible websrvs -m shell -a 'ps aux | grep nginx'
192.168.2.132 | CHANGED | rc=0 >>
root     24733  0.0  0.0 125052  2248 ?        Ss   14:29   0:00 nginx: master process /usr/sbin/nginx
nginx    24734  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24735  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24736  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24737  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24738  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24739  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24740  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24741  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24742  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24743  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
root     25619  0.0  0.0 113128  1200 pts/1    S+   14:45   0:00 /bin/sh -c ps aux | grep nginx
root     25621  0.0  0.0 112664   948 pts/1    S+   14:45   0:00 grep nginx

192.168.2.131 | CHANGED | rc=0 >>
root     24864  0.0  0.0 125052  2248 ?        Ss   14:29   0:00 nginx: master process /usr/sbin/nginx
nginx    24865  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24866  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24867  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24868  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24869  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24870  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24871  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24872  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24873  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
nginx    24874  0.0  0.0 125440  3148 ?        S    14:29   0:00 nginx: worker process
root     25751  0.0  0.0 113128  1200 pts/1    S+   14:45   0:00 /bin/sh -c ps aux | grep nginx
root     25753  0.0  0.0 112664   952 pts/1    S+   14:45   0:00 grep nginx