[ansible] playbook角色

 一、roles

• Roles又称为角色，playbook被称为剧本。Roles角色是自1.2版本之后引入的新特性，用于层次性、结构化的组织剧本
   
• roles能够根据层次型结构自动装载变量文件、任务集、以及触发的动作等，要使用roles只需要在剧本中使用include命令引入即可
• 简单的来说，roles就是分别将变量、文件、任务、模板以及处理器放置于不同的单独的目录，并且可以便捷的通过include引入
• 角色一般用于基于主机构建的服务的场景中，但是也可以是用于构建守护进程等场景中，主要是使用在代码复用度较高的场景下

●files
用来存放由 copy 模块或 script 模块调用的文件。

●templates
用来存放 jinjia2 模板，template 模块会自动在此目录中寻找 jinjia2 模板文件。

●tasks
此目录应当包含一个 main.yml 文件，用于定义此角色的任务列表，此文件可以使用 include 包含其它的位于此目录的 task 文件。

●handlers
此目录应当包含一个 main.yml 文件，用于定义此角色中触发条件时执行的动作。

●vars
此目录应当包含一个 main.yml 文件，用于定义此角色用到的变量。

●defaults
此目录应当包含一个 main.yml 文件，用于为当前角色设定默认变量。

●meta
此目录应当包含一个 main.yml 文件，用于定义此角色的特殊设定及其依赖关系。

二、roles实战演练

2.1 利用角色搭建lnmp

创建所需文件夹和目录

  441  cd /etc/ansible/roles/
  442  ls
  443  mkdir nginx mysql php
  444  ls
  445  mkdir nginx/{files,vars,templates,handlers,tasks,meta,defaults}
  446  ls -R nginx/
  447  mkdir mysql/{files,vars,templates,handlers,tasks,meta,defaults}
  448  mkdir php/{files,vars,templates,handlers,tasks,meta,defaults}
  449  touch nginx/{vars,handlers,tasks,meta,defaults}/main.yml
  450  touch mysql/{vars,handlers,tasks,meta,defaults}/main.yml
  451  touch php/{vars,handlers,tasks,meta,defaults}/main.yml

设置hosts

2.2 设置nginx角色 

事先要准备好nginx的template模板文件

cp /usr/local/nginx/conf.d/nginx.conf /etc/ansible/roles/nginx/templates/nginx.conf.j2

files设置

cp /etc/yum.repos.d/nginx.repo /etc/ansible/roles/nginx/files/

 vars设置

vim roles/nginx/vars/main.yml

nginx_addr: 192.168.136.195
nginx_port: 80
server_name: www.cxk.com
root_dir: /var/www/html
php_addr: 192.168.136.198
php_port: 9000
pkg: nginx
svc: nginx

tasks设置

vim roles/nginx/tasks/main.yml

  - name: disable firewalld
    service: name=firewalld state=stopped enabled=no
  - name: disable selinux
    command: '/usr/sbin/setenforce 0'
    ignore_errors: true
  - name: copy nginx repo
    copy: src=nginx.repo dest=/etc/yum.repos.d/
  - name: install nginx
    yum: name={
  {pkg}} state=present
  - name: create root dir
    file: path={
  {root_dir}} state=directory
  - name: prepare nginx config file
    template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
    notify: "reload nginx"
  - name: start nginx
    service: name={
  {svc}} state=started enabled=yes

handlers设置 

vim roles/nginx/handlers/main.yml

  - name: reload nginx
    service: name={
  {svc}} state=reloaded

2.3 设置mysql角色

vars设置

vim roles/mysql/vars/main.yml

pkg: mysql-server
svc: mysqld

tasks设置

vim roles/mysql/tasks/main.yml

- name: disable firewalld
    service: name=firewalld state=stopped enabled=no
  - name: disable selinux
    command: '/usr/sbin/setenforce 0'
    ignore_errors: true
  - name: remove mariadb
    yum: name=mariadb* state=absent
  - name: copy mysql repo
    copy: src=mysql-community.repo dest=/etc/yum.repos.d/
  - name: modify mysql repo
    replace: path=/etc/yum.repos.d/mysql-community.repo regexp="gpgcheck=1" replace="gpgcheck=0"
  - name: install mysql
    yum: name={
  {pkg}} state=present
  - name: start mysql
    service: name={
  {svc}} state=started enabled=yes
  - name: init mysql
    shell: passd=$(grep "password" /var/log/mysqld.log | awk '{print $NF}') && mysql -uroot -p"$passd" --connect-expired-password -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Admin@123';" && mysql -uroot -pAdmin@123 -e "grant all privileges on *.* to root@'%' identified by 'Admin@123' with grant option;"
    ignore_errors: true

2.4 设置php角色

vars设置

vim php/vars/main.yml

user_name: php
php_addr: 192.168.136.198:9000
nginx_addr: 192.168.136.195
svc: php-fpm

 tasks设置

vim php/tasks/main.yml

  - name: disable firewalld
    service: name=firewalld state=stopped enabled=no
  - name: disable selinux
    command: '/usr/sbin/setenforce 0'
    ignore_errors: true
  - name: install php repo
    shell: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
    ignore_errors: true
  - name: install php
    yum: name=php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache state=present
  - name: create php user
    user: name={
  {user_name}} shell=/sbin/nologin create_home=no
  - name: modify php config file
    replace: path=/etc/php.ini regexp=";date.timezone =" replace="date.timezone = Asia/Shanghai"
    notify: "reload php-fpm"
  - name: modify user and group in www.conf
    replace: path=/etc/php-fpm.d/www.conf regexp="apache" replace="{
  {user_name}}"
    notify: "reload php-fpm"
  - name: modify listen addr in www.conf
    replace: path=/etc/php-fpm.d/www.conf regexp="127.0.0.1:9000" replace="{
  {php_addr}}"
    notify: "reload php-fpm"
  - name: modify allowed_clients in www.conf
    replace: path=/etc/php-fpm.d/www.conf regexp="127.0.0.1" replace="{
  {nginx_addr}}"
    notify: "reload php-fpm"
  - name: start php-fpm
    service: name={
  {svc}} state=started enabled=yes

handlers设置 

vim php/handlers/main.yml

- name: reload php-fpm
  service: name={
  {svc}} state=reloaded

三、测试 

cd /etc/ansible/
vim lnmp.yaml

- name: install nginx
  hosts: webservers
  remote_user: root
  roles:
  - nginx
- name: install mysql
  hosts: dbservers
  remote_user: root
  roles:
  - mysql
- name: install php
  hosts: phpservers
  remote_user: root
  roles:
  - php


ansible-playbook lnmp.yaml