I. Overview
1.roles role introduction
Roles are used to organize playbooks hierarchically and structurally. Roles can automatically load variable files, tasks, handlers, etc. according to the hierarchical structure. To use roles, you only need to use the include directive in the playbook to introduce them.
Simply put, roles are a mechanism that places variables, files, tasks, templates, and processors in separate directories and can easily include them. Roles are generally used in scenarios where services are built based on hosts, but they can also be used in scenarios such as building daemons. Mainly used in scenarios where code reuse is high.
2.roles The role of roles
Treat each play in the playbook as a role, and combine the tasks, vars variables, templates, and files of each role
3. Explanation of the meaning of each directory within roles
- files: used to store files called by the copy module or script module.
- templates: used to store jinjia2 templates. The template module will automatically search for jinjia2 template files in this directory.
- tasks: This directory should contain a main.yml file to define the task list of this role. This file can use include to include other task files located in this directory.
- handlers: This directory should contain a main.yml file that defines the actions to be performed when a condition is triggered in this role.
- vars: This directory should contain a main.yml file that defines the variables used by this role.
- defaults: This directory should contain a main.yml file to set default variables for the current role. These variables have the lowest priority of all available variables and can be easily overridden by any other variable. Therefore, we generally do not define variables here in production.
- meta: This directory should contain a main.yml file that defines the metadata information of this role and its dependencies.
2. Create lnmp using roles in playbook
1. Preparation
1.1Create a directory named after roles
mkdir /etc/ansible/roles/ -p #yum装完默认就有1.2 Create directories named after each role in the roles directory.
mkdir /etc/ansible/roles/nginx
mkdir /etc/ansible/roles/mysql
mkdir /etc/ansible/roles/php1.3 Create files, handlers, tasks, templates, meta, defaults and vars directories in the directory named by each role. Unused directories can be created as empty directories or not created at all.
mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta}
mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta}
mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta}1.4 Create the main.yml file in the handlers, tasks, meta, defaults, and vars directories of each role. Do not customize the file name.
touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml2. Use roles to create nginx
2.1 Edit nginx tasks
cd /etc/ansible/roles/nginx/tasks
vim main.yml
#引用该目录下的init.yml
- include: init.yml
- name: nginx.repo
copy: src=nginx.repo dest=/etc/yum.repos.d/
- name: install nginx
yum: name={
{pkg}} state=latest
- name: nginx congrustion file
template: src=default.conf.j2 dest=/etc/nginx/conf.d/default.conf
notify: "reload nginx" #以上操作后为changed的状态时,会通过notify指定的名称触发对应名称的handlers操作
- name: index.php
copy: src=index.php dest={
{root_dir}}
- name: start nginx
service: name={
{svc}} state=started enabled=yes
#编写关闭防火墙任务
vim init.yml
- name: disable firewalld
service: name=firewalld state=started enabled=no
- name: stop selinux
shell: "/usr/sbin/setenforce 0"
ignore_errors: true
2.2 Define actions to be performed when triggering conditions
#handlers目录用于定义此角色中触发条件时执行的动作。
cd /etc/ansible/roles/nginx/handlers
vim main.yml
- name: reload nginx
service: name={
{svc}} state=reloaded
2.3 Edit nginx template file
准备default.conf文件
cp default.conf /etc/ansible/roles/nginx/templates/default.conf.j2
cd /etc/ansible/roles/nginx/templates
vim default.conf.j2
--2行--
listen {
{nginxip_port}};
--8行--
root {
{root_dir}};
--29行--
location ~ \.php$ {
root {
{root_dir}};
fastcgi_pass {
{passip_port}};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME {
{root_dir}}$fastcgi_script_name;
include fastcgi_params;
}
2.4 Define variables
#变量放在vars目录下
cd /etc/ansible/roles/nginx/vars
vim main.yml
pkg: nginx
svc: nginx
nginxip_port: 192.168.88.20:80
nginx_servername: www.web.com
root_dir: /usr/share/nginx/html
passip_port: 192.168.88.30:9000
2.5 Prepare to copy files
#files目录存放由 copy 模块或 script 模块调用的文件
cd /etc/ansible/roles/nginx/files
vim index.php
<?php
phpinfo();
?>
vim nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
3. Use roles to create php
3.1 Edit php tasks
cd /etc/ansible/roles/php/tasks
vim main.yml
- name: rpm -Uvh php
shell: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
- name: install php
yum: name={
{pkg}} state=latest
- name: create user
user: name=php shell=/sbin/nologin create_home=no
- name: create directory
file: name=/usr/share/nginx/html state=directory
- name: copy index.php
copy: src=index.php dest=/usr/share/nginx/html
- name: php.ini
replace: path=/etc/php.ini regexp=";date.timezone =" replace="date.timezone = Asia/Shanghai"
notify: "reload php"
- name: user group
replace: path=/etc/php-fpm.d/www.conf regexp="apache" replace="php"
notify: "reload php"
- name: listen
replace: path=/etc/php-fpm.d/www.conf regexp="listen = 127.0.0.1:9000" replace="listen = 192.168.88.30:9000"
notify: "reload php"
- name: allow_clients
replace: path=/etc/php-fpm.d/www.conf regexp="listen.allowed_clients = 127.0.0.1" replace="listen.allowed_clients = 192.168.88.20"
notify: "reload php"
- name: start php-fpm
service: name=php-fpm state=started enabled=yes
3.2 Define actions to be performed when triggering conditions
vim /etc/ansible/roles/php/handlers/main.yml
- name: reload php
service: name=php-fpm state=reloaded4. Use roles to create mysql
4.1 Edit mysql script
vim /etc/ansible/roles/mysql/tasks/main.yml
- name: remove mariadb*
yum: name=mariadb* state=absent
- name: rpm -ivh mysql
shell: rpm -ivh https://repo.mysql.com/mysql57-community-release-el7-11.noarch.rpm
ignore_errors: true
- name: mysql.repo
shell: sed -i 's/gpgcheck=1/gpgcheck=0/' /etc/yum.repos.d/mysql-community.repo
- name: install mysql
yum: name=mysql-server
- name: start mysql
service: name=mysqld.service state=started enabled=yes
- name: password.sh
script: password.sh
- name: remove mysql57
yum: name=mysql57-community-release-el7-10.noarch state=absent
4.2 Edit script
vim /etc/ansible/roles/mysql/files/password.sh
passd=$(grep "password" /var/log/mysqld.log | awk '{print $NF}')
mysql -uroot -p"$passd" --connect-expired-password -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Admin@123';"
mysql -uroot -pAdmin@123 -e "grant all privileges on *.* to root@'%' identified by 'Admin@123' with grant option;"
chmod +x roles/mysql/files/password.sh5. Modify hosts file
vim /etc/ansible/hosts
[webservers]
192.168.88.20
[dbservers]
192.168.88.30
[mysql]
192.168.88.406. Edit the lnmp playbook and execute it
cd /etc/ansible
vim lnmp2.yml
- name: nginx
hosts: webservers
roles:
- nginx
- name: php
hosts: dbservers
roles:
- php
- name: mysql
hosts: mysql
roles:
- mysql
ansible-playbook lnmp2.yml