Table of contents
The basic structure of the role
- Roles are used to organize playbooks hierarchically and structurally
- Roles loads variable files, tasks (module tasks), handlers (handlers), jinja2 templates and other resources through a standardized directory structure, and then invokes the role in play to execute
- Defining roles can make it easier to reuse ansible code; just by copying the relevant directory, you can copy the role from one project to another, and then call the role in the play to execute
- In ansible, you need to specify a path for storing roles separately, which is specified in the roles_path field in ansible.cfg
The basic structure of the role
README.md file
Declare how to call the template of the role, copy and paste the content into the yml file as needed to call
Defaults
The main.yml file in this directory is stored in the variables that the role will use; and the values corresponding to these variables are default values (these variables have a lower priority, and when using the role, you can reassign the variable in the play, override variable's default value)
Files
Static conditions for storing role task references (such as the file to be called by the copy module)
Handlers
The main.yml file in this directory contains the ansible handler
When a role needs to call a handler, the handler will be called by default in the main.yml file in this directory
Meta
The main.yml file in this directory is used to describe the relevant attributes of the role (such as author, license, etc.)
Tasks
The main.yml of this directory describes the tasks that this role needs to perform
When the role is invoked, the main.yml file in this directory will be executed
Template
Stores the jinja2 template files required by the role
When no absolute template path is specified, the template file with the corresponding name in this directory will be called by default
Linux Ansible - Jinjia2 Templates
This directory contains manifest and test playbook files for testing roles
Vars
The main.yml file in this directory stores the variables used by users; the difference from defaults is that the variables in this file have a higher priority and will not be easily overwritten; it ensures that the variables used when calling roles are in this directory file The variable value in Linux Ansible manages variables, manages facts, and manages secrets
Role source and application
galaxy character
Ansible galaxy is a common repository of ansible content, including thousands of ansible roles
ansible-galaxy command-line tool
ansible-galaxy search 在galaxy上搜索角色 ansible-galaxy install 从galaxu上下载角色 -r 从文件中安装多个角色 -p 指定安装路径 ansible-galaxy init 创建自定义角色
Download the galaxy character from the file, the writing format of the file
src 角色来源(必须写) version 角色的版本 name 将角色下载后的名称(默认为存储库的名称) 创建文件存放角色的下载路径 vim galaxyroles.yml --- - src: http://materials/ phpinfo.tar name: phpinfo 从文件中下载角色到指定路径 ansible-galaxy install -r galaxyroles.yml -p /home/greg/ansible/roles/
use the galaxy character
vim roles.yml --- - hosts: web roles: - phpinfo
system role
The rhel-system-roles package contains some system roles (directly download this package, you can use the roles contained in this package); the downloaded roles are stored in the /usr/share/ansible/roles directory
Download system roles
yum install rhel-system-roles
ansible-galaxy list to view all roles
The role of the system role
rhel-system-roles-kdump 配置kdump崩溃恢复服务 rhel-system-roles-network 配置网络接口 rhel-system-roles-postfix 使用postifix服务将主机配置为邮件传输代理 rhel-system-roles-selinux 配置和管理selinux rhel-system-roles-timesync 配置时间同步(NTP)
Use system roles
将需要的系统角色复制到ansible.cfg中roles_path字段对应的目录下 cp -r /usr/share/ansible/roles/rhel-system-roles.selinux/ /home/greg/ansible/roles/ 查看文件中的README.md文件,编写yml文件调用角色实现所需功能 vim /home/greg/ansible/selinux.roles --- - name: selinux hosts: web vars: selinux_policy: targeted selinux_state: enforcing role: - rhel-system-roles-selinux
custom role
You can create a custom role (ansible-galaxy init role name)
ansible-galaxy init apache
Create a jinja2 template in the templates directory
vim apache/templates/index.j2 Welcome to { { ansible_facts['hostname'] }
Configure the main.yml file in the tasks directory
vim apache/tasks/main.yml --- # tasks file for apache - name: install httpd yum: name: httpd state: present notify: - start apache - name: index.html.j2 template: src: index.html.j2 dest: /var/www/html/index.html setype: httpd_sys_content_t
Write maini.yml under handlers (execute this yml task after the trigger notify is triggered)
vim apache/handlers/main.yml --- - name: start apache service: name: httpd state: started enabled: yes
Then create a yml file to call the role
vim roles.yml --- - host: web roles: - apache
run-yml
ansible-playbook roles.ym 只要此roles.yml不报错,就证明apache角色当中所有的yml语法都ok
Verify whether the httpd service is enabled
ansible web -m shell -a "systemctl status httpd"
When letting others reuse the roles.yml file, you can compress the apache role and send it to the peer or upload it to galaxy