ansible-playbook实战案例
1、实现httpd角色
#创建角色相关的目录
[root@ansible ~]#mkdir -p /data/ansible/roles/httpd/{tasks,handlers,files}
#创建角色相关的文件
[root@ansible ~]#cd /data/ansible/roles/httpd/
#main.yml 是task的入口文件
[root@ansible ~]#vim tasks/main.yml
- include: group.yml
- include: user.yml
- include: install.yml
- include: config.yml
- include: index.yml
- include: service.yml
[root@ansible ~]#vim tasks/group.yml
- name: create apache group
group: name=apache system=yes gid=80
[root@ansible ~]#vim tasks/user.yml
- name: create apache user
user: name=apache system=yes shell=/sbin/nologin home=/var/www/ uid=80
group=apache
[root@ansible ~]#vim tasks/install.yml
- name: install httpd package
yum: name=httpd
[root@ansible ~]#vim tasks/config.yml
- name: config file
copy: src=httpd.conf dest=/etc/httpd/conf/ backup=yes
notify: restart
[root@ansible ~]#vim tasks/index.yml
- name: index.html
copy: src=index.html dest=/var/www/html/
[root@ansible ~]#vim tasks/service.yml
- name: start service
service: name=httpd state=started enabled=yes
[root@ansible ~]#vim handlers/main.yml
- name: restart
service: name=httpd state=restarted
#在files目录下准备两个文件
[root@ansible ~]#ls files/
httpd.conf index.html
[root@ansible ~]#tree /data/ansible/roles/httpd/
/data/ansible/roles/httpd/
├── files
│ ├── httpd.conf
│ └── index.html
├── handlers
│ └── main.yml
└── tasks
├── config.yml
├── group.yml
├── index.yml
├── install.yml
├── main.yml
├── service.yml
└── user.yml
3 directories, 10 files
#在playbook中调用角色
[root@ansible ~]#vim /data/ansible/role_httpd.yml
---
# httpd role
- hosts: websrvs
remote_user: root
roles:
- httpd
#运行playbook
[root@ansible ~]#ansible-playbook /data/ansible/role_httpd.yml
2、实现 nginx 角色
[root@ansible ~]#mkdir -p /data/ansible/roles/nginx/{tasks,handlers,templates,vars}
#创建task文件
[root@ansible ~]#cd /data/ansible/roles/nginx/
[root@ansible nginx]#vim tasks/main.yml
- include: install.yml
- include: config.yml
- include: index.yml
- include: service.yml
[root@ansible nginx]#vim tasks/install.yml
- name: install
yum: name=nginx
[root@ansible nginx]#vim tasks/config.yml
- name: config file for centos7
template: src=nginx7.conf.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_major_version=="7"
notify: restart
- name: config file for centos8
template: src=nginx8.conf.j2 dest=/etc/nginx/nginx.conf
when: ansible_distribution_major_version=="8"
notify: restart
#跨角色调用文件
[root@ansible nginx]#vim tasks/index.yml
- name: index.html
copy: src=roles/httpd/files/index.html dest=/usr/share/nginx/html/
[root@ansible nginx]#vim tasks/service.yml
- name: start service
service: name=nginx state=started enabled=yes
#创建handler文件
[root@ansible nginx]#cat handlers/main.yml
- name: restart
service: name=nginx state=restarted
#创建两个template文件
[root@ansible nginx]#cat templates/nginx7.conf.j2
...省略...
user {{user}};
worker_processes {{ansible_processor_vcpus+3}}; #修改此行
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
...省略...
[root@ansible nginx]#cat templates/nginx8.conf.j2
...省略...
user {{user}};
worker_processes {{ansible_processor_vcpus**3}}; #修改此行
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
...省略...
#创建变量文件
[root@ansible nginx]#vim vars/main.yml
user: daemon
#目录结构如下
[root@ansible ~]#tree /data/ansible/roles/nginx/
/data/ansible/roles/nginx/
├── handlers
│ └── main.yml
├── tasks
│ ├── config.yml
│ ├── file.yml
│ ├── install.yml
│ ├── main.yml
│ └── service.yml
├── templates
│ ├── nginx7.conf.j2
│ └── nginx8.conf.j2
└── vars
└── main.yml
4 directories, 9 files
#在playbook中调用角色
[root@ansible ~]#vim /data/ansible/role_nginx.yml
---
#nginx role
- hosts: websrvs
roles:
- role: nginx
#运行playbook
[root@ansible ~]#ansible-playbook /data/ansible/role_nginx.yml
3、实现 memcached 角色
[root@ansible ~]#mkdir -p /data/ansible/roles/memcached/{tasks,templates}
[root@ansible ~]#cd /data/ansible/roles/memcached
[root@ansible memcached]#vim tasks/main.yml
- include: install.yml
- include: config.yml
- include: service.yml
[root@ansible memcached]#vim tasks/install.yml
- name: install
yum: name=memcached
[root@ansible memcached]#vim tasks/config.yml
- name: config file
template: src=memcached.j2 dest=/etc/sysconfig/memcached
[root@ansible memcached]#vim tasks/service.yml
- name: service
service: name=memcached state=started enabled=yes
[root@ansible memcached]#vim templates/memcached.j2
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="{{ansible_memtotal_mb//4}}"
OPTIONS=""
[root@ansible memcached]#tree /data/ansible/roles/memcached/
/data/ansible/roles/memcached/
├── tasks
│ ├── config.yml
│ ├── install.yml
│ ├── main.yml
│ └── service.yml
└── templates
└── memcached.j2
2 directories, 5 files
[root@ansible ~]#vim /data/ansible/role_memcached.yml
---
- hosts: appsrvs
roles:
- role: memcached
[root@ansible ~]#ansible-play /data/ansible/role_memcached.yml
4、实现MySQL5.7 或8.0 的角色
[root@ansible mysql]#pwd
/data/ansible/roles/mysql
[root@ansible mysql]#tree /data/ansible/roles/mysql/
.
├── files
│ ├── my.cnf
│ └── mysql-8.0.23-linux-glibc2.12-x86_64.tar.xz
├── tasks
│ ├── config.yml
│ ├── data.yml
│ ├── group.yml
│ ├── install.yml
│ ├── linkfile.yml
│ ├── main.yml
│ ├── path.yml
│ ├── script.yml
│ ├── secure.yml
│ ├── service.yml
│ ├── unarchive.yml
│ └── user.yml
└── vars
└── main.yml
3 directories, 15 files
[root@ansible mysql]#cat /data/ansible/roles/mysql/files/my.cnf
[mysqld]
server-id=1
log-bin
datadir=/data/mysql
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
[client]
socket=/data/mysql/mysql.sock
[root@ansible mysql]#cat /data/ansible/roles/mysql/vars/main.yml
mysql_version: 8.0.23
mysql_file: mysql-{{mysql_version}}-linux-glibc2.12-x86_64.tar.xz
mysql_root_password: 123456
[root@ansible mysql]#cat /data/ansible/roles/mysql/tasks/main.yml
- include: install.yml
- include: group.yml
- include: user.yml
- include: unarchive.yml
- include: linkfile.yml
- include: data.yml
- include: config.yml
- include: script.yml
- include: path.yml
- include: service.yml
- include: secure.yml
[root@ansible mysql]#cat /data/ansible/roles/mysql/tasks/install.yml
- name: install packages
yum:
name:
- libaio
- numactl-libs
[root@ansible mysql]#cat tasks/group.yml
- name: create mysql group
group: name=mysql gid=306
[root@ansible mysql]#cat tasks/user.yml
- name: create mysql user
user: name=mysql uid=306 group=mysql shell=/sbin/nologin system=yes
create_home=no home=/data/mysql
[root@ansible mysql]#cat tasks/unarchive.yml
- name: copy tar to remote host and file mode
unarchive: src={{mysql_file}} dest=/usr/local/ owner=root group=root
[root@ansible mysql]#cat tasks/linkfile.yml
- name: create linkfile /usr/local/mysql
file: src=/usr/local/mysql-{{ mysql_version }}-linux-glibc2.12-x86_64 dest=/usr/local/mysql state=link
[root@ansible mysql]#cat tasks/data.yml
- name: data dir
shell: /usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/data/mysql
tags: data
[root@ansible mysql]#cat tasks/config.yml
- name: config my.cnf
copy: src=/data/ansible/files/my.cnf dest=/etc/my.cnf
[root@ansible mysql]#cat tasks/script.yml
- name: service script
shell: /bin/cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@ansible mysql]#cat tasks/path.yml
- name: PATH variable
copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh
[root@ansible mysql]#cat tasks/service.yml
- name: enable service
shell: chkconfig --add mysqld;/etc/init.d/mysqld start
tags: service
[root@ansible mysql]#cat tasks/secure.yml
- name: change password
shell: /usr/local/mysql/bin/mysqladmin -uroot password {{mysql_root_password}}
[root@ansible ansible]#cat /data/ansible/role_mysql.yml
---
- hosts: dbsrvs
remote_user: root
gather_facts: no
roles:
- mysql
[root@ansible ansible]#ansible-playbook role_mysql.yml
5、实现MySQL 5.6 的角色
[root@ansible ~]#cat /data/ansible/roles/mysql/files/my.cnf
[mysqld]
socket=/tmp/mysql.sock
user=mysql
symbolic-links=0
datadir=/data/mysql
innodb_file_per_table=1
log-bin
pid-file=/data/mysql/mysqld.pid
[client]
port=3306
socket=/tmp/mysql.sock
[mysqld_safe]
log-error=/var/log/mysqld.log
[root@ansible ~]#cat /data/ansible/roles/mysql/files/secure_mysql.sh
#!/bin/bash
/usr/local/mysql/bin/mysql_secure_installation <<EOF
y
chengzi
chengzi
yyyy
EOF
[root@ansible ~]#chmod +x /data/ansible/roles/mysql/files/secure_mysql.sh
[root@ansible ~]#ls /data/ansible/roles/mysql/files/
my.cnf mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz secure_mysql.sh
[root@ansible ~]#cat /data/ansible/roles/mysql/vars/main.yml
mysql_version: 5.6.46-linux-glibc2.12-x86_64
mysql_file: mysql-{{mysql_version}}.tar.gz
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/main.yml
- include: install.yml
- include: group.yml
- include: user.yml
- include: unarchive.yml
- include: link.yml
- include: data.yml
- include: config.yml
- include: service.yml
- include: path.yml
- include: secure.yml
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/install.yml
- name: install packages
yum: name=libaio,perl-Data-Dumper,perl-Getopt-Long
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/group.yml
- name: create mysql group
group: name=mysql gid=306
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/user.yml
- name: create mysql user
user: name=mysql uid=306 group=mysql shell=/sbin/nologin system=yes create_home=no home=/data/mysql
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/unarchive.yml
- name: copy tar to remote host and file mode
unarchive: src={{mysql_file}} dest=/usr/local/ owner=root group=root
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/link.yml
- name: mkdir /usr/local/mysql
file: src=/usr/local/{{mysql_version}} dest=/usr/local/mysql state=link
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/data.yml
- name: data dir
shell: chdir=/usr/local/mysql/ ./scripts/mysql_install_db --datadir=/data/mysql --user=mysql
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/config.yml
- name: config my.cnf
copy: src=my.cnf dest=/etc/my.cnf
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/service.yml
- name: service script
shell: /bin/cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld;chkconfig --add mysqld;chkconfig mysqld on;/etc/init.d/mysqld start
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/path.yml
- name: PATH variable
copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh
[root@ansible ~]#cat /data/ansible/roles/mysql/tasks/secure.yml
- name: secure script
script: secure_mysql.sh
[root@ansible ~]#tree /data/ansible/roles/mysql/
/data/ansible/roles/mysql/
├── files
│ ├── my.cnf
│ ├── mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz
│ └── secure_mysql.sh
└── tasks
├── config.yml
├── data.yml
├── group.yml
├── install.yml
├── link.yml
├── main.yml
├── path.yml
├── secure.yml
├── service.yml
├── unarchive.yml
└── user.yml
2 directories, 14 files
[root@ansible ~]#cat /data/ansible/mysql_roles.yml
- hosts: dbsrvs
remote_user: root
roles:
- {role: mysql,tags: ["mysql","db"]}
- {role: nginx,tage: ["nginx","web"]}
[root@ansible ~]#ansible-playbook -t mysql /data/ansible/mysql_roles.yml
6、案例:调用变量
[root@ansible ~]#vim /data/ansible/roles/test_role/tasks/main.yml
- name: Include OS-specific variables
include_vars: {{ ansible_os_family}}.yml
....
[root@ansible ~]#ls /data/ansible/roles/test_role/vars/
Archlinux.yml Debian.yml FreeBSD.yml OpenBSD.ymL RedHat.yml
7、实现多角色的选择
[root@ansible ~]#vim /data/ansible/role_httpd_nginx.yml
---
- hosts: websrvs
roles:
- {role: httpd,tags: [httpd,web], when:
ansible_distribution_major_version=="7" }
- {role: nginx,tags: [nginx,web], when:
ansible_distribution_major_version=="8" }
[root@ansible ~]#ansible-playbook -t nginx /data/ansible/role_httpd_nginx.yml
8、依赖其他角色
[root@ansible roles]#vim wordpress/meta/main.yml
dependenices:
- role: nginx
- role: php-fpm
- role: mysql
ansible tower 介绍
ansible推荐学习资料:
http://galaxy.ansible.com
https://galaxy.ansible.com/explore#/
http://github.com/
http://ansible.com.cn/
https://github.com/ansible/ansible
https://github.com/ansible/ansible-examples
浙公网安备 33010602011771号