rolesの使い方
7090 ワード
回顧するキャラクター(roles)は、ansibleが1.2バージョンから導入した新しい特性であり、階層的に、構造的にplaybookを組織する。 を使用することができます。
rolesディレクトリ構造はansible-galaxyで作成されます。 ansible 1.3以降のバージョンは をサポートしています。 例えば、wordpressを押して解凍して、前提条件は、nginxとphpをインストールして、サービスを実行してwordpressのページを実行する必要があります。この時、私達はwordpressのrolesで、nginxとphpに依存するrolesを定義することができます。
redirect
ad-hoc:
playbook: yml ad-hoc
roles:
site , ,
client
server
yum:
1. ( )
2. ( )
3.url( )
cat /var/lib/nfs/etab nfs ( )
, web ( showmount -e),
zabbix:
https://www.zabbix.com/documentation/4.0/manual/installation/install_from_packages/rhel_centos
jumpserver
https://docs.jumpserver.org/
roles:Ansibleであれ、saltstackであれ、roles rolesディレクトリ構造はansible-galaxyで作成されます。
[root@m01 ~]# cd /etc/ansible/roles/
[root@m01 roles]# ansible-galaxy init nfs #nfs
[root@m01 roles]# tree nfs
nfs/ #
├── defaults #
│ └── main.yml
├── files # , copy script·
├── handlers #
│ └── main.yml
├── meta #
│ └── main.yml
├── README.md #
├── tasks # , include
│ └── main.yml
├── templates #jinja2 (Python )
├── tests # ( -C )
│ ├── inventory #
│ └── test.yml
└── vars #
└── main.yml
[root@m01 roles]# vim site.yml
1. , meta , , ,
2. tasks main.yml , copy
3. files src (# )
4. tasks template , template src (# )
5. , vars main.yml
defaults main.yml
6. , tasks , handlers main.yml
rolesは、他のrolesを自動的に導入することを許可します。role依存関係はrolesディレクトリのmeta/main.ymlファイルに格納されています。[root@m01 roles]# vim /etc/ansible/roles/wordpress/meta/main.yml
dependencies:
- { role: nginx }
- { role: php }
#nginx·php, , ,
1. ansible-galaxy ' '
[root@m01 rsync]# cd /etc/ansible/roles/
[root@m01 roles]# ansible-galaxy init rsync
- rsync was created successfully
[root@m01 roles]# tree
.
└── rsync
├── defaults ---------------------------- 5.
│ └── main.yml
├── files -------------------- 3.src ( j2 )
├── handlers ------------------------------------ 6.
│ └── main.yml
├── meta --------- 1.
│ └── main.yml -- ,
├── README.md
├── tasks ---------------- 2. (include include_tasks)
│ └── main.yml
├── templates ------------------------ 4.python ,j2
├── tests
│ ├── inventory
│ └── test.yml
└── vars --------------------------------- 5.
└── main.yml
#
mkdir /etc/ansible/roles/group_vars
2. ' '( )
[root@m01 roles]# vim /etc/ansible/roles/hosts
...
3. site.yml, roles( ),'site.yml '( )。 site,site tasks
[root@m01 roles]# vim /etc/ansible/roles/site.yml
1>
- hosts: all
vars:
- user_group: www
- uid_gid: 666
roles:
- rsync # galaxy ,
2>
- hosts: all
roles:
- role: rsync
when: ansible_fqdn is match 'backup*'
3>
- hosts: all
roles:
- { role: rsync , when: ansible_fqdn == 'backup' }
4> +
roles:
- { role: nginx, http_port: 8080, web_root: /data/ }
5> roles
- hosts: all
roles:
- { role: some_role, when: "ansible_os_family == 'RedHat'" }
6> roles
- hosts: all
roles:
- { role: nfs, tags: ["bar", "baz"],when: ansible_fqdn is match 'web*' }
- { role: nfs, tags: ["bar", "baz"],when: ansible_fqdn is match 'nfs*' }
4. rsync tasks' ' ( , )
# include_tasks
# · ·
[root@m01 roles]# vim /etc/ansible/roles/rsync/tasks/install_rsync.yml
- name: install rsync
yum:
name: rsync
state: present
[root@m01 roles]# vim /etc/ansible/roles/rsync/tasks/config_rsync.yml
- name: config rsync
template:
src: rsyncd.j2
dest: /etc/rsyncd.conf
notify: restart rsyncd
[root@m01 roles]# vim /etc/ansible/roles/rsync/tasks/start_rsync.yml
- name: start rsyncd
service: rsyncd
state: started
[root@m01 roles]# vim /etc/ansible/roles/rsync/tasks/main.yml
- include: install_rsync.yml
- include: config_rsync.yml
- include: start_rsync.yml
5. rsync 'handlers'
[root@m01 roles]# vim /etc/ansible/roles/rsync/handlers/main.yml
- name: restart rsyncd
service:
name: rsyncd
state: restarted
6. rsync 'files '
[root@m01 roles]# vim /etc/ansible/roles/rsync/files/
7. rsync 'template '
[root@m01 roles]# vim /etc/ansible/roles/rsync/template/rsyncd.j2
8. handlers
- name: restart rsyncd
service:
name: rcyncd
state: restarted
9. ' '(vars defaults)
[root@m01 roles]# vim /etc/ansible/roles/rsync/defaults
use_dir_mk: backup
10.' roles'
[root@m01 roles]# ansible-playbook rsync site.yml
yml
[root@ansible roles]# ansible-playbook -C site.yml
ansible-galaxy [init|info|install|list|remove] [--help] [options] ...
init: roles
info: roles
install: Galaxy roles
list: roles
remove: roles
#
ansible-galaxy init -–help
[root@m01 ~]# rpm -ql ansible |egrep -v 'share|lib'
/etc/ansible/ansible.cfg #
/etc/ansible/hosts #
/etc/ansible/roles #
/usr/bin/ansible ad-hoc
/usr/bin/ansible-2
/usr/bin/ansible-2.7
/usr/bin/ansible-config
/usr/bin/ansible-connection
/usr/bin/ansible-console
/usr/bin/ansible-console-2
/usr/bin/ansible-console-2.7
/usr/bin/ansible-doc #
/usr/bin/ansible-doc-2
/usr/bin/ansible-doc-2.7
/usr/bin/ansible-galaxy #roles
/usr/bin/ansible-galaxy-2
/usr/bin/ansible-galaxy-2.7
/usr/bin/ansible-inventory
/usr/bin/ansible-playbook #yml
/usr/bin/ansible-playbook-2
/usr/bin/ansible-playbook-2.7
/usr/bin/ansible-pull
/usr/bin/ansible-pull-2
/usr/bin/ansible-pull-2.7
/usr/bin/ansible-test
/usr/bin/ansible-vault #
/usr/bin/ansible-vault-2
/usr/bin/ansible-vault-2.7
[root@m01 tasks]# ansible-vault --help
usage: ansible-vault [-h] [--version] [-v]
{create,decrypt,edit,view,encrypt,encrypt_string,rekey}
1. 'ansible-vault'
[root@m01 tasks]# ansible-vault encrypt main.yml
2. 'view'
[root@m01 tasks]# ansible-vault view main.yml
Vault password:
---
# tasks file for rsync
- include: install.yml
- include: config_rsync.yml
3. 'edit'
[root@m01 tasks]# ansible-vault edit main.yml
4. 'rekey'
[root@m01 tasks]# ansible-vault rekey main.yml
5. playbook
ansible-playbook include.yml --vault-password-file=ansible.pass
6.
ansible-vault create hello.yml